Add blocking to Fetch, http and Undici

Author: timokoessler

library/agent/Agent.ts

@@ -554,8 +554,8 @@ export class Agent {
     }
   }
 
-  onConnectHostname(hostname: string, port: number) {
-    this.hostnames.add(hostname, port);
+  onConnectHostname(hostname: string, port: number, blocked = false) {
+    this.hostnames.add(hostname, port, blocked);
   }
 
   onRouteExecute(context: Context) {

library/agent/Attack.ts

@@ -4,7 +4,8 @@ export type Kind =
   | "shell_injection"
   | "path_traversal"
   | "ssrf"
-  | "code_injection";
+  | "code_injection"
+  | "blocked_outgoing_request";
 
 export function attackKindHumanName(kind: Kind) {
   switch (kind) {
@@ -20,5 +21,7 @@ export function attackKindHumanName(kind: Kind) {
       return "a server-side request forgery";
     case "code_injection":
       return "a JavaScript injection";
+    case "blocked_outgoing_request":
+      return "an outgoing request";
   }
 }

library/agent/hooks/onInspectionInterceptorResult.ts

@@ -1,3 +1,4 @@
+/* eslint-disable max-lines-per-function */
 import { resolve } from "path";
 import { cleanupStackTrace } from "../../helpers/cleanupStackTrace";
 import { escapeHTML } from "../../helpers/escapeHTML";
@@ -39,6 +40,14 @@ export function onInspectionInterceptorResult(
     context.remoteAddress &&
     agent.getConfig().isBypassedIP(context.remoteAddress);
 
+  if (result && !isBypassedIP && result.kind === "blocked_outgoing_request") {
+    throw cleanError(
+      new Error(
+        `Zen has blocked ${attackKindHumanName(result.kind)}: ${result.operation}(...) to ${escapeHTML(result.payload as string)}`
+      )
+    );
+  }
+
   if (result && context && !isBypassedIP) {
     // Flag request as having an attack detected
     updateContext(context, "attackDetected", true);

library/sinks/Fetch.test.ts

@@ -427,5 +427,48 @@ t.test(
         }
       }
     );
+
+    agent.getHostnames().clear();
+    agent.getConfig().updateDomains([
+      { hostname: "aikido.dev", mode: "block" },
+      { hostname: "app.aikido.dev", mode: "allow" },
+    ]);
+
+    const blockedError1 = await t.rejects(() =>
+      fetch("https://aikido.dev/block")
+    );
+    t.ok(blockedError1 instanceof Error);
+    if (blockedError1 instanceof Error) {
+      t.same(
+        blockedError1.message,
+        "Zen has blocked an outgoing request: fetch(...) to https://aikido.dev/block"
+      );
+    }
+
+    await fetch("https://app.aikido.dev");
+
+    t.same(agent.getHostnames().asArray(), [
+      { hostname: "aikido.dev", port: 443, hits: 1, blockedHits: 1 },
+      { hostname: "app.aikido.dev", port: 443, hits: 1, blockedHits: 0 },
+    ]);
+
+    agent.getConfig().setBlockNewOutgoingRequests(true);
+
+    const blockedError2 = await t.rejects(() => fetch("https://example.com"));
+    t.ok(blockedError2 instanceof Error);
+    if (blockedError2 instanceof Error) {
+      t.same(
+        blockedError2.message,
+        "Zen has blocked an outgoing request: fetch(...) to https://example.com/"
+      );
+    }
+
+    await fetch("https://app.aikido.dev");
+
+    t.same(agent.getHostnames().asArray(), [
+      { hostname: "aikido.dev", port: 443, hits: 1, blockedHits: 1 },
+      { hostname: "app.aikido.dev", port: 443, hits: 2, blockedHits: 0 },
+      { hostname: "example.com", port: 443, hits: 1, blockedHits: 1 },
+    ]);
   }
 );

library/sinks/Fetch.ts

@@ -1,4 +1,3 @@
-/* eslint-disable max-lines-per-function */
 import { lookup } from "dns";
 import { Agent } from "../agent/Agent";
 import { getContext } from "../agent/Context";
@@ -16,13 +15,28 @@ export class Fetch implements Wrapper {
 
   private inspectHostname(
     agent: Agent,
-    hostname: string,
+    url: URL,
     port: number | undefined
   ): InterceptorResult {
+    if (agent.getConfig().shouldBlockOutgoingRequest(url.hostname)) {
+      if (typeof port === "number" && port > 0) {
+        agent.onConnectHostname(url.hostname, port, true);
+      }
+
+      return {
+        operation: "fetch",
+        kind: "blocked_outgoing_request",
+        source: "url",
+        pathsToPayload: [],
+        metadata: {},
+        payload: url.href,
+      };
+    }
+
     // Let the agent know that we are connecting to this hostname
     // This is to build a list of all hostnames that the application is connecting to
     if (typeof port === "number" && port > 0) {
-      agent.onConnectHostname(hostname, port);
+      agent.onConnectHostname(url.hostname, port);
     }
     const context = getContext();
 
@@ -31,7 +45,7 @@ export class Fetch implements Wrapper {
     }
 
     return checkContextForSSRF({
-      hostname: hostname,
+      hostname: url.hostname,
       operation: "fetch",
       context: context,
       port: port,
@@ -44,11 +58,7 @@ export class Fetch implements Wrapper {
       if (typeof args[0] === "string" && args[0].length > 0) {
         const url = tryParseURL(args[0]);
         if (url) {
-          const attack = this.inspectHostname(
-            agent,
-            url.hostname,
-            getPortFromURL(url)
-          );
+          const attack = this.inspectHostname(agent, url, getPortFromURL(url));
           if (attack) {
             return attack;
           }
@@ -62,11 +72,7 @@ export class Fetch implements Wrapper {
       if (Array.isArray(args[0])) {
         const url = tryParseURL(args[0].toString());
         if (url) {
-          const attack = this.inspectHostname(
-            agent,
-            url.hostname,
-            getPortFromURL(url)
-          );
+          const attack = this.inspectHostname(agent, url, getPortFromURL(url));
           if (attack) {
             return attack;
           }
@@ -77,7 +83,7 @@ export class Fetch implements Wrapper {
       if (args[0] instanceof URL && args[0].hostname.length > 0) {
         const attack = this.inspectHostname(
           agent,
-          args[0].hostname,
+          args[0],
           getPortFromURL(args[0])
         );
         if (attack) {
@@ -89,11 +95,7 @@ export class Fetch implements Wrapper {
       if (args[0] instanceof Request) {
         const url = tryParseURL(args[0].url);
         if (url) {
-          const attack = this.inspectHostname(
-            agent,
-            url.hostname,
-            getPortFromURL(url)
-          );
+          const attack = this.inspectHostname(agent, url, getPortFromURL(url));
           if (attack) {
             return attack;
           }

library/sinks/HTTPRequest.test.ts

@@ -301,6 +301,49 @@ t.test("it works", (t) => {
     }
   });
 
+  agent.getHostnames().clear();
+  agent.getConfig().updateDomains([
+    { hostname: "aikido.dev", mode: "block" },
+    { hostname: "app.aikido.dev", mode: "allow" },
+  ]);
+
+  const blockedError1 = t.throws(() =>
+    https.request("https://aikido.dev/block")
+  );
+  if (blockedError1 instanceof Error) {
+    t.same(
+      blockedError1.message,
+      "Zen has blocked an outgoing request: https.request(...) to https://aikido.dev/block"
+    );
+  }
+
+  const notBlocked1 = https.request("https://app.aikido.dev");
+  notBlocked1.end();
+
+  t.same(agent.getHostnames().asArray(), [
+    { hostname: "aikido.dev", port: 443, hits: 1, blockedHits: 1 },
+    { hostname: "app.aikido.dev", port: 443, hits: 1, blockedHits: 0 },
+  ]);
+
+  agent.getConfig().setBlockNewOutgoingRequests(true);
+
+  const blockedError2 = t.throws(() => https.request("https://example.com"));
+  if (blockedError2 instanceof Error) {
+    t.same(
+      blockedError2.message,
+      "Zen has blocked an outgoing request: https.request(...) to https://example.com/"
+    );
+  }
+
+  const notBlocked2 = https.request("https://app.aikido.dev");
+  notBlocked2.end();
+
+  t.same(agent.getHostnames().asArray(), [
+    { hostname: "aikido.dev", port: 443, hits: 1, blockedHits: 1 },
+    { hostname: "app.aikido.dev", port: 443, hits: 2, blockedHits: 0 },
+    { hostname: "example.com", port: 443, hits: 1, blockedHits: 1 },
+  ]);
+
   setTimeout(() => {
     t.end();
   }, 3000);

library/sinks/HTTPRequest.ts

@@ -21,6 +21,21 @@ export class HTTPRequest implements Wrapper {
     port: number | undefined,
     module: "http" | "https"
   ): InterceptorResult {
+    if (agent.getConfig().shouldBlockOutgoingRequest(url.hostname)) {
+      if (typeof port === "number" && port > 0) {
+        agent.onConnectHostname(url.hostname, port, true);
+      }
+
+      return {
+        operation: `${module}.request`,
+        kind: "blocked_outgoing_request",
+        source: "url",
+        pathsToPayload: [],
+        metadata: {},
+        payload: url.href,
+      };
+    }
+
     // Let the agent know that we are connecting to this hostname
     // This is to build a list of all hostnames that the application is connecting to
     if (typeof port === "number" && port > 0) {

library/sinks/Undici.tests.ts

@@ -418,6 +418,61 @@ export function createUndiciTests(undiciPkgName: string, port: number) {
       t.same(logger.getMessages(), [
         "undici.setGlobalDispatcher(..) was called, we can't guarantee protection!",
       ]);
+
+      agent.getHostnames().clear();
+      agent.getConfig().updateDomains([
+        { hostname: "aikido.dev", mode: "block" },
+        { hostname: "ssrf-redirects.testssandbox.com", mode: "allow" },
+      ]);
+
+      const blockedError1 = await t.rejects(() =>
+        request("https://aikido.dev/block")
+      );
+      t.ok(blockedError1 instanceof Error);
+      if (blockedError1 instanceof Error) {
+        t.same(
+          blockedError1.message,
+          "Zen has blocked an outgoing request: undici.request(...) to aikido.dev"
+        );
+      }
+
+      await request("https://ssrf-redirects.testssandbox.com");
+
+      t.same(agent.getHostnames().asArray(), [
+        { hostname: "aikido.dev", port: 443, hits: 1, blockedHits: 1 },
+        {
+          hostname: "ssrf-redirects.testssandbox.com",
+          port: 443,
+          hits: 1,
+          blockedHits: 0,
+        },
+      ]);
+
+      agent.getConfig().setBlockNewOutgoingRequests(true);
+
+      const blockedError2 = await t.rejects(() =>
+        request("https://example.com")
+      );
+      t.ok(blockedError2 instanceof Error);
+      if (blockedError2 instanceof Error) {
+        t.same(
+          blockedError2.message,
+          "Zen has blocked an outgoing request: undici.request(...) to example.com"
+        );
+      }
+
+      await request("https://ssrf-redirects.testssandbox.com");
+
+      t.same(agent.getHostnames().asArray(), [
+        { hostname: "aikido.dev", port: 443, hits: 1, blockedHits: 1 },
+        {
+          hostname: "ssrf-redirects.testssandbox.com",
+          port: 443,
+          hits: 2,
+          blockedHits: 0,
+        },
+        { hostname: "example.com", port: 443, hits: 1, blockedHits: 1 },
+      ]);
     }
   );
 

library/sinks/Undici.ts

@@ -29,6 +29,21 @@ export class Undici implements Wrapper {
     port: number | undefined,
     method: string
   ): InterceptorResult {
+    if (agent.getConfig().shouldBlockOutgoingRequest(hostname)) {
+      if (typeof port === "number" && port > 0) {
+        agent.onConnectHostname(hostname, port, true);
+      }
+
+      return {
+        operation: `undici.${method}`,
+        kind: "blocked_outgoing_request",
+        source: "url",
+        pathsToPayload: [],
+        metadata: {},
+        payload: hostname,
+      };
+    }
+
     // Let the agent know that we are connecting to this hostname
     // This is to build a list of all hostnames that the application is connecting to
     if (typeof port === "number" && port > 0) {