Trim trailing dot from trusted IMDS hostnames

lib/aikido/zen/scanners/stored_ssrf_scanner.rb

@@ -36,7 +36,7 @@ def initialize(hostname, addresses, config: Aikido::Zen.config)
       def attack?
         return unless @config.stored_ssrf? # Feature flag
 
-        return if @config.imds_allowed_hosts.include?(@hostname)
+        return if @config.imds_allowed_hosts.include?(@hostname.chomp("."))
 
         @addresses.find do |address|
           DANGEROUS_ADDRESSES.any? do |dangerous_address|

test/aikido/zen/scanners/stored_ssrf_scanner_test.rb

@@ -32,6 +32,8 @@ def refute_attack(hostname, addresses, reason = "`#{hostname}` was blocked")
   test "allows known hosts that resolve to dangerous addresses" do
     refute_attack "metadata.google.internal", ["169.254.169.254"]
     refute_attack "metadata.goog", ["169.254.169.254"]
+    refute_attack "metadata.google.internal.", ["169.254.169.254"]
+    refute_attack "metadata.goog.", ["169.254.169.254"]
   end
 
   test "allows hostnames that are trying to access the IMDS service when the stored SSRF scanning is disabled" do