ssrfs-up 0.0.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/lib/openapi_client/lib/openapi_client.rb +47 -0
- data/lib/openapi_client/lib/openapi_client/api/default_api.rb +85 -0
- data/lib/openapi_client/lib/openapi_client/api_client.rb +389 -0
- data/lib/openapi_client/lib/openapi_client/api_error.rb +57 -0
- data/lib/openapi_client/lib/openapi_client/configuration.rb +270 -0
- data/lib/openapi_client/lib/openapi_client/models/content_type.rb +40 -0
- data/lib/openapi_client/lib/openapi_client/models/method.rb +40 -0
- data/lib/openapi_client/lib/openapi_client/models/redirect.rb +242 -0
- data/lib/openapi_client/lib/openapi_client/models/request.rb +380 -0
- data/lib/openapi_client/lib/openapi_client/models/response.rb +293 -0
- data/lib/openapi_client/lib/openapi_client/models/response_error.rb +224 -0
- data/lib/openapi_client/lib/openapi_client/models/response_success.rb +270 -0
- data/lib/openapi_client/lib/openapi_client/version.rb +15 -0
- data/lib/ssrfs-up.rb +136 -0
- metadata +117 -0
@@ -0,0 +1,15 @@
|
|
1
|
+
=begin
|
2
|
+
#SSRF Forwarder
|
3
|
+
|
4
|
+
#This is an API that forwards request on behalf of other services.
|
5
|
+
|
6
|
+
The version of the OpenAPI document: 1.0.0-oas3-oas3-oas3
|
7
|
+
Contact: jheath@chanzuckerberg.com
|
8
|
+
Generated by: https://openapi-generator.tech
|
9
|
+
OpenAPI Generator version: 5.0.1
|
10
|
+
|
11
|
+
=end
|
12
|
+
|
13
|
+
module OpenapiClient
|
14
|
+
VERSION = '1.0.0'
|
15
|
+
end
|
data/lib/ssrfs-up.rb
ADDED
@@ -0,0 +1,136 @@
|
|
1
|
+
require 'aws-sdk-lambda'
|
2
|
+
require 'uri'
|
3
|
+
|
4
|
+
# Common files
|
5
|
+
require 'openapi_client/lib/openapi_client/api_client'
|
6
|
+
require 'openapi_client/lib/openapi_client/api_error'
|
7
|
+
require 'openapi_client/lib/openapi_client/version'
|
8
|
+
require 'openapi_client/lib/openapi_client/configuration'
|
9
|
+
|
10
|
+
# Models
|
11
|
+
require 'openapi_client/lib/openapi_client/models/content_type'
|
12
|
+
require 'openapi_client/lib/openapi_client/models/method'
|
13
|
+
require 'openapi_client/lib/openapi_client/models/redirect'
|
14
|
+
require 'openapi_client/lib/openapi_client/models/request'
|
15
|
+
require 'openapi_client/lib/openapi_client/models/response'
|
16
|
+
require 'openapi_client/lib/openapi_client/models/response_error'
|
17
|
+
require 'openapi_client/lib/openapi_client/models/response_success'
|
18
|
+
|
19
|
+
# APIs
|
20
|
+
require 'openapi_client/lib/openapi_client/api/default_api'
|
21
|
+
|
22
|
+
module SSRFsUp
|
23
|
+
class << self
|
24
|
+
attr_accessor :config, :client
|
25
|
+
|
26
|
+
def configuration
|
27
|
+
@config ||= Configuration.new
|
28
|
+
end
|
29
|
+
|
30
|
+
def client
|
31
|
+
@client ||= Aws::Lambda::Client.new(region: configuration.region)
|
32
|
+
end
|
33
|
+
|
34
|
+
def configure
|
35
|
+
yield(configuration)
|
36
|
+
@client = Aws::Lambda::Client.new(region: configuration.region)
|
37
|
+
end
|
38
|
+
|
39
|
+
# These methods take a string like "www.google.com" or "https://google.com" and parse
|
40
|
+
# the respective parameters from the string to make the request. If only a hostname
|
41
|
+
# is provided, the default options are applied. A hash of options can also be
|
42
|
+
# supplied to configure the request.
|
43
|
+
|
44
|
+
# get makes a get request through the proxy.
|
45
|
+
def get(host, opts = {})
|
46
|
+
opts['method'] = 'GET'
|
47
|
+
invoke(host, opts)
|
48
|
+
end
|
49
|
+
|
50
|
+
# put makes a put request through the proxy.
|
51
|
+
def put(host, opts = {})
|
52
|
+
opts['method'] = 'PUT'
|
53
|
+
invoke(host, opts)
|
54
|
+
end
|
55
|
+
|
56
|
+
# post makes a post request through the proxy.
|
57
|
+
def post(host, opts = {})
|
58
|
+
opts['method'] = 'POST'
|
59
|
+
invoke(host, opts)
|
60
|
+
end
|
61
|
+
|
62
|
+
# patch makes a patch request through the proxy.
|
63
|
+
def patch(host, opts = {})
|
64
|
+
opts['method'] = 'PATCH'
|
65
|
+
invoke(host, opts)
|
66
|
+
end
|
67
|
+
|
68
|
+
# delete makes a delete request through the proxy.
|
69
|
+
def delete(host, opts = {})
|
70
|
+
opts['method'] = 'DELETE'
|
71
|
+
invoke(host, opts)
|
72
|
+
end
|
73
|
+
|
74
|
+
private
|
75
|
+
|
76
|
+
# parseAsUri takes an ambiguous string and sets the appropriate options based
|
77
|
+
# on if it can be parsed as URI object. If it can't, then the string is assumed
|
78
|
+
# to be a hostname only.
|
79
|
+
def parseAsUri(uri = '')
|
80
|
+
opts = { 'host' => uri }
|
81
|
+
u = URI(uri)
|
82
|
+
# if the scheme was present, we can parse most of the options from the URI.
|
83
|
+
# otherwise, we can assume the URI was an actual hostname
|
84
|
+
unless u.scheme.nil?
|
85
|
+
opts['secure'] = !(u.scheme == 'http')
|
86
|
+
opts['host'] = u.host
|
87
|
+
opts['path'] = u.path unless u.path == ''
|
88
|
+
opts['_query_params'] = CGI.parse(u.query) unless u.query.nil?
|
89
|
+
end
|
90
|
+
opts
|
91
|
+
end
|
92
|
+
|
93
|
+
# TODO: log errors to CloudWatch
|
94
|
+
def logError(e = nil)
|
95
|
+
puts e
|
96
|
+
end
|
97
|
+
|
98
|
+
# invoke invokes the lambda with the provided arguments. It handles all lambda
|
99
|
+
# related errors so developers should assume the data they receive back is straight
|
100
|
+
# from the server they are speaking to.
|
101
|
+
def invoke(host = nil, opts = {})
|
102
|
+
opts = opts.merge(parseAsUri(host))
|
103
|
+
resp = client.invoke({
|
104
|
+
function_name: configuration.func_name,
|
105
|
+
invocation_type: configuration.invoke_type,
|
106
|
+
log_type: configuration.log_type,
|
107
|
+
payload: payload(opts)
|
108
|
+
})
|
109
|
+
if resp['status_code'] == 200
|
110
|
+
JSON.parse(resp&.payload&.string)
|
111
|
+
else
|
112
|
+
{ body: '', status_code: resp[status_code], status_text: '500 Error with proxy' }
|
113
|
+
end
|
114
|
+
rescue StandardError => e
|
115
|
+
logError(e)
|
116
|
+
{ body: '', status_code: 500, status_text: e.to_s }
|
117
|
+
end
|
118
|
+
|
119
|
+
# payload builds an API client Request object with the proper defaults and
|
120
|
+
# returns its JSON serialization.
|
121
|
+
def payload(opts = {})
|
122
|
+
OpenapiClient::Request.new(opts).to_hash.to_json
|
123
|
+
end
|
124
|
+
|
125
|
+
class Configuration
|
126
|
+
attr_accessor :func_name, :invoke_type, :log_type, :region
|
127
|
+
|
128
|
+
def initialize
|
129
|
+
@func_name = 'testproxy'
|
130
|
+
@invoke_type = 'RequestResponse'
|
131
|
+
@log_type = 'None'
|
132
|
+
@region = 'us-west-2'
|
133
|
+
end
|
134
|
+
end
|
135
|
+
end
|
136
|
+
end
|
metadata
ADDED
@@ -0,0 +1,117 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: ssrfs-up
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.9
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Jake Heath
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2021-03-10 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: aws-sdk-lambda
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1'
|
20
|
+
- - ">="
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: '1'
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - "~>"
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '1'
|
30
|
+
- - ">="
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: '1'
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
name: typhoeus
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - "~>"
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '1.0'
|
40
|
+
- - ">="
|
41
|
+
- !ruby/object:Gem::Version
|
42
|
+
version: 1.0.1
|
43
|
+
type: :runtime
|
44
|
+
prerelease: false
|
45
|
+
version_requirements: !ruby/object:Gem::Requirement
|
46
|
+
requirements:
|
47
|
+
- - "~>"
|
48
|
+
- !ruby/object:Gem::Version
|
49
|
+
version: '1.0'
|
50
|
+
- - ">="
|
51
|
+
- !ruby/object:Gem::Version
|
52
|
+
version: 1.0.1
|
53
|
+
- !ruby/object:Gem::Dependency
|
54
|
+
name: rspec
|
55
|
+
requirement: !ruby/object:Gem::Requirement
|
56
|
+
requirements:
|
57
|
+
- - "~>"
|
58
|
+
- !ruby/object:Gem::Version
|
59
|
+
version: '3.6'
|
60
|
+
- - ">="
|
61
|
+
- !ruby/object:Gem::Version
|
62
|
+
version: 3.6.0
|
63
|
+
type: :development
|
64
|
+
prerelease: false
|
65
|
+
version_requirements: !ruby/object:Gem::Requirement
|
66
|
+
requirements:
|
67
|
+
- - "~>"
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '3.6'
|
70
|
+
- - ">="
|
71
|
+
- !ruby/object:Gem::Version
|
72
|
+
version: 3.6.0
|
73
|
+
description: A gem that simplifies connecting to out AWS Lambda used to proxy requests.
|
74
|
+
Make your third-party requests secure by default. For additional docs, see https://github.com/chanzuckerberg/ssrf-proxy
|
75
|
+
email: jheath@chanzuckerberg.com
|
76
|
+
executables: []
|
77
|
+
extensions: []
|
78
|
+
extra_rdoc_files: []
|
79
|
+
files:
|
80
|
+
- lib/openapi_client/lib/openapi_client.rb
|
81
|
+
- lib/openapi_client/lib/openapi_client/api/default_api.rb
|
82
|
+
- lib/openapi_client/lib/openapi_client/api_client.rb
|
83
|
+
- lib/openapi_client/lib/openapi_client/api_error.rb
|
84
|
+
- lib/openapi_client/lib/openapi_client/configuration.rb
|
85
|
+
- lib/openapi_client/lib/openapi_client/models/content_type.rb
|
86
|
+
- lib/openapi_client/lib/openapi_client/models/method.rb
|
87
|
+
- lib/openapi_client/lib/openapi_client/models/redirect.rb
|
88
|
+
- lib/openapi_client/lib/openapi_client/models/request.rb
|
89
|
+
- lib/openapi_client/lib/openapi_client/models/response.rb
|
90
|
+
- lib/openapi_client/lib/openapi_client/models/response_error.rb
|
91
|
+
- lib/openapi_client/lib/openapi_client/models/response_success.rb
|
92
|
+
- lib/openapi_client/lib/openapi_client/version.rb
|
93
|
+
- lib/ssrfs-up.rb
|
94
|
+
homepage: https://github.com/chanzuckerberg/SSRFs-Up/
|
95
|
+
licenses:
|
96
|
+
- MIT
|
97
|
+
metadata: {}
|
98
|
+
post_install_message:
|
99
|
+
rdoc_options: []
|
100
|
+
require_paths:
|
101
|
+
- lib
|
102
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
103
|
+
requirements:
|
104
|
+
- - ">="
|
105
|
+
- !ruby/object:Gem::Version
|
106
|
+
version: '0'
|
107
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
108
|
+
requirements:
|
109
|
+
- - ">="
|
110
|
+
- !ruby/object:Gem::Version
|
111
|
+
version: '0'
|
112
|
+
requirements: []
|
113
|
+
rubygems_version: 3.1.4
|
114
|
+
signing_key:
|
115
|
+
specification_version: 4
|
116
|
+
summary: Proxy all requests to avoid SSRF.
|
117
|
+
test_files: []
|