ssrfs-up 0.0.9

data/lib/openapi_client/lib/openapi_client/version.rb

@@ -0,0 +1,15 @@
+=begin
+#SSRF Forwarder
+
+#This is an API that forwards request on behalf of other services.
+
+The version of the OpenAPI document: 1.0.0-oas3-oas3-oas3
+Contact: jheath@chanzuckerberg.com
+Generated by: https://openapi-generator.tech
+OpenAPI Generator version: 5.0.1
+
+=end
+
+module OpenapiClient
+  VERSION = '1.0.0'
+end

data/lib/ssrfs-up.rb

@@ -0,0 +1,136 @@
+require 'aws-sdk-lambda'
+require 'uri'
+
+# Common files
+require 'openapi_client/lib/openapi_client/api_client'
+require 'openapi_client/lib/openapi_client/api_error'
+require 'openapi_client/lib/openapi_client/version'
+require 'openapi_client/lib/openapi_client/configuration'
+
+# Models
+require 'openapi_client/lib/openapi_client/models/content_type'
+require 'openapi_client/lib/openapi_client/models/method'
+require 'openapi_client/lib/openapi_client/models/redirect'
+require 'openapi_client/lib/openapi_client/models/request'
+require 'openapi_client/lib/openapi_client/models/response'
+require 'openapi_client/lib/openapi_client/models/response_error'
+require 'openapi_client/lib/openapi_client/models/response_success'
+
+# APIs
+require 'openapi_client/lib/openapi_client/api/default_api'
+
+module SSRFsUp
+  class << self
+    attr_accessor :config, :client
+
+    def configuration
+      @config ||= Configuration.new
+    end
+
+    def client
+      @client ||= Aws::Lambda::Client.new(region: configuration.region)
+    end
+
+    def configure
+      yield(configuration)
+      @client = Aws::Lambda::Client.new(region: configuration.region)
+    end
+
+    # These methods take a string like "www.google.com" or "https://google.com" and parse
+    # the respective parameters from the string to make the request. If only a hostname
+    # is provided, the default options are applied. A hash of options can also be
+    # supplied to configure the request.
+
+    # get makes a get request through the proxy.
+    def get(host, opts = {})
+      opts['method'] = 'GET'
+      invoke(host, opts)
+    end
+
+    # put makes a put request through the proxy.
+    def put(host, opts = {})
+      opts['method'] = 'PUT'
+      invoke(host, opts)
+    end
+
+    # post makes a post request through the proxy.
+    def post(host, opts = {})
+      opts['method'] = 'POST'
+      invoke(host, opts)
+    end
+
+    # patch makes a patch request through the proxy.
+    def patch(host, opts = {})
+      opts['method'] = 'PATCH'
+      invoke(host, opts)
+    end
+
+    # delete makes a delete request through the proxy.
+    def delete(host, opts = {})
+      opts['method'] = 'DELETE'
+      invoke(host, opts)
+    end
+
+  private
+
+    # parseAsUri takes an ambiguous string and sets the appropriate options based
+    # on if it can be parsed as URI object. If it can't, then the string is assumed
+    # to be a hostname only.
+    def parseAsUri(uri = '')
+      opts = { 'host' => uri }
+      u = URI(uri)
+      # if the scheme was present, we can parse most of the options from the URI.
+      # otherwise, we can assume the URI was an actual hostname
+      unless u.scheme.nil?
+        opts['secure'] = !(u.scheme == 'http')
+        opts['host'] = u.host
+        opts['path'] = u.path unless u.path == ''
+        opts['_query_params'] = CGI.parse(u.query) unless u.query.nil?
+      end
+      opts
+    end
+
+    # TODO: log errors to CloudWatch
+    def logError(e = nil)
+      puts e
+    end
+
+    # invoke invokes the lambda with the provided arguments. It handles all lambda
+    # related errors so developers should assume the data they receive back is straight
+    # from the server they are speaking to.
+    def invoke(host = nil, opts = {})
+      opts = opts.merge(parseAsUri(host))
+      resp = client.invoke({
+                             function_name: configuration.func_name,
+                             invocation_type: configuration.invoke_type,
+                             log_type: configuration.log_type,
+                             payload: payload(opts)
+                           })
+      if resp['status_code'] == 200
+        JSON.parse(resp&.payload&.string)
+      else
+        { body: '', status_code: resp[status_code], status_text: '500 Error with proxy' }
+      end
+    rescue StandardError => e
+      logError(e)
+      { body: '', status_code: 500, status_text: e.to_s }
+    end
+
+    # payload builds an API client Request object with the proper defaults and
+    # returns its JSON serialization.
+    def payload(opts = {})
+      OpenapiClient::Request.new(opts).to_hash.to_json
+    end
+
+    class Configuration
+      attr_accessor :func_name, :invoke_type, :log_type, :region
+
+      def initialize
+        @func_name = 'testproxy'
+        @invoke_type = 'RequestResponse'
+        @log_type = 'None'
+        @region = 'us-west-2'
+      end
+    end
+end
+end

metadata

@@ -0,0 +1,117 @@
+--- !ruby/object:Gem::Specification
+name: ssrfs-up
+version: !ruby/object:Gem::Version
+  version: 0.0.9
+platform: ruby
+authors:
+- Jake Heath
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2021-03-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-lambda
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1'
+- !ruby/object:Gem::Dependency
+  name: typhoeus
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.1
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.6.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.6.0
+description: A gem that simplifies connecting to out AWS Lambda used to proxy requests.
+  Make your third-party requests secure by default. For additional docs, see https://github.com/chanzuckerberg/ssrf-proxy
+email: jheath@chanzuckerberg.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/openapi_client/lib/openapi_client.rb
+- lib/openapi_client/lib/openapi_client/api/default_api.rb
+- lib/openapi_client/lib/openapi_client/api_client.rb
+- lib/openapi_client/lib/openapi_client/api_error.rb
+- lib/openapi_client/lib/openapi_client/configuration.rb
+- lib/openapi_client/lib/openapi_client/models/content_type.rb
+- lib/openapi_client/lib/openapi_client/models/method.rb
+- lib/openapi_client/lib/openapi_client/models/redirect.rb
+- lib/openapi_client/lib/openapi_client/models/request.rb
+- lib/openapi_client/lib/openapi_client/models/response.rb
+- lib/openapi_client/lib/openapi_client/models/response_error.rb
+- lib/openapi_client/lib/openapi_client/models/response_success.rb
+- lib/openapi_client/lib/openapi_client/version.rb
+- lib/ssrfs-up.rb
+homepage: https://github.com/chanzuckerberg/SSRFs-Up/
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.1.4
+signing_key: 
+specification_version: 4
+summary: Proxy all requests to avoid SSRF.
+test_files: []