aikido-zen 1.1.0 → 1.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 00d07a2e96b782a13c2ab2ec94582f318660ce4e2a3b77ff896490c5382bea47
-  data.tar.gz: a9b4db0b7157206284d78f35e6530ccb5bdf2e851ea28152788a7d195406b7a3
+  metadata.gz: ff56705f799c52755fffdd6a584643ac02d8a4b275671fd488721fb14845a95a
+  data.tar.gz: d7be9020470fa9ea1bdbaf2ea5e4624a2f208aa6fba8ef325cad70e916c74cef
 SHA512:
-  metadata.gz: 3e7229c3918e282d565ef0d25841e641e9133af719769748ee3626d6c7ad70573d899c33f46e290f8a5fdd56118d569c282d62ba6dab006970426bbccc33febb
-  data.tar.gz: f1388b4b07679712ee999f245db8faf4c811f76c08ac7ca67e68df06ca8e5d74707cf53f35ca6e25fe195d31d41ba13ef51145804ae7f60a6e451f194672f670
+  metadata.gz: 9315eb15bb3c47f905566e857a7abad0ac8c575a1f11d6e0c357f1a0eccb0eda285000e45787cc6c3b48a3f126c291c08a16933e1a2d2b6ca47e05ad05241f0a
+  data.tar.gz: 470adc0df77eb9026a4aa7a830a5b5102405ddc346d3d7a50d33975e1a5805ad8fe840ec8d15638bf083936cf0ea14cee1bb30b112045249e34341184ef9e0da

data/lib/aikido/zen/config.rb

@@ -3,6 +3,7 @@
 require "uri"
 require "json"
 require "logger"
+require "digest"
 
 require_relative "context"
 
@@ -62,8 +63,8 @@ module Aikido::Zen
     attr_reader :logger
 
     # @return [String] Path of the socket where the detached agent will listen.
-    # By default, is stored under the root application path with file name
-    # `aikido-detached-agent.sock`
+    # By default, the socket file is created in the current working directory.
+    # Defaults to `aikido-detached-agent.sock`.
     attr_accessor :detached_agent_socket_path
 
     # @return [Boolean] is the agent in debugging mode?
@@ -263,12 +264,32 @@ module Aikido::Zen
       @api_timeouts.update(value)
     end
 
+    def api_token_hash
+      return unless api_token
+
+      @api_token_hash ||= Digest::SHA1.hexdigest(api_token)[0, 7]
+    end
+
     def detached_agent_socket_uri
       "drbunix:" + @detached_agent_socket_path
     end
 
+    def expanded_detached_agent_socket_path
+      @exanded_detached_agent_path ||= expand_socket_path(detached_agent_socket_path)
+    end
+
+    def expanded_detached_agent_socket_uri
+      @exanded_detached_agent_uri ||= expand_socket_path(detached_agent_socket_uri)
+    end
+
     private
 
+    def expand_socket_path(socket_path)
+      socket_path = socket_path.dup
+      socket_path.gsub!("%h", api_token_hash) if api_token_hash
+      socket_path
+    end
+
     def read_boolean_from_env(value)
       return value unless value.respond_to?(:to_str)
 
@@ -293,7 +314,7 @@ module Aikido::Zen
     DEFAULT_JSON_DECODER = JSON.method(:parse)
 
     # @!visibility private
-    DEFAULT_DETACHED_AGENT_SOCKET_PATH = "aikido-detached-agent.sock"
+    DEFAULT_DETACHED_AGENT_SOCKET_PATH = "aikido-detached-agent.%h.sock"
 
     # @!visibility private
     DEFAULT_BLOCKED_RESPONDER = ->(request, blocking_type) do

data/lib/aikido/zen/detached_agent/agent.rb

@@ -34,7 +34,7 @@ module Aikido::Zen::DetachedAgent
 
       @collector = collector
 
-      @front_object = DRbObject.new_with_uri(config.detached_agent_socket_uri)
+      @front_object = DRbObject.new_with_uri(config.expanded_detached_agent_socket_uri)
 
       @has_forked = false
       schedule_tasks

data/lib/aikido/zen/detached_agent/server.rb

@@ -16,8 +16,8 @@ module Aikido::Zen::DetachedAgent
 
       @config = config
 
-      @socket_path = config.detached_agent_socket_path
-      @socket_uri = config.detached_agent_socket_uri
+      @socket_path = config.expanded_detached_agent_socket_path
+      @socket_uri = config.expanded_detached_agent_socket_uri
     end
 
     def started?

data/lib/aikido/zen/payload.rb

@@ -27,7 +27,7 @@ module Aikido::Zen
       {
         payload: value.to_s,
         source: SOURCE_SERIALIZATIONS[source],
-        path: path.to_s
+        path: ".#{path}"
       }
     end
 

data/lib/aikido/zen/sinks/net_http.rb

@@ -27,12 +27,20 @@ module Aikido::Zen
 
           def self.wrap_request(req, session)
             uri = req.uri if req.uri.is_a?(URI)
-            uri ||= URI(format("%<scheme>s://%<hostname>s:%<port>s%<path>s", {
-              scheme: session.use_ssl? ? "https" : "http",
-              hostname: session.address,
-              port: session.port,
-              path: req.path
-            }))
+
+            if uri.nil?
+              request_uri = URI.parse(req.path)
+
+              uri = URI.parse(
+                URI::Generic.build(
+                  scheme: session.use_ssl? ? "https" : "http",
+                  host: session.address,
+                  port: session.port,
+                  path: request_uri.path,
+                  query: request_uri.query
+                ).to_s
+              )
+            end
 
             Scanners::SSRFScanner::Request.new(
               verb: req.method,

data/lib/aikido/zen/version.rb

@@ -2,7 +2,7 @@
 
 module Aikido
   module Zen
-    VERSION = "1.1.0"
+    VERSION = "1.1.1"
 
     # The version of libzen_internals that we build against.
     LIBZEN_VERSION = "0.1.48"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aikido-zen
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.1.1
 platform: ruby
 authors:
 - Aikido Security
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2026-01-13 00:00:00.000000000 Z
+date: 2026-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: concurrent-ruby