UNPKG

@aikidosec/firewall

Version:

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

aikido.dev/zen

AikidoSec/firewall-node

22 lines (21 loc) 1.04 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.isIMDSIPAddress = isIMDSIPAddress; exports.isTrustedHostname = isTrustedHostname; const IPMatcher_1 = require("../../helpers/ip-matcher/IPMatcher"); const IMDSAddresses = new IPMatcher_1.IPMatcher(); // This IP address is used by AWS EC2 instances to access the instance metadata service (IMDS) // We should block any requests to these IP addresses // This prevents STORED SSRF attacks that try to access the instance metadata service IMDSAddresses.add("169.254.169.254"); IMDSAddresses.add("fd00:ec2::254"); function isIMDSIPAddress(ip) { return IMDSAddresses.has(ip); } // Google cloud uses the same IP addresses for its metadata service // However, you need to set specific headers to access it // In order to not block legitimate requests, we should allow the IP addresses for Google Cloud const trustedHosts = ["metadata.google.internal", "metadata.goog"]; function isTrustedHostname(hostname) { return trustedHosts.includes(hostname); }