rddr_diff_builtins package

Submodules

rddr_diff_builtins.byte_diff module

class rddr_diff_builtins.byte_diff.RddrByteDiff(mp_manager, shared_state, do_filter=False, logger=None, params=None)

Bases: rddr.diff_interface.AbstractRddrDiff

Parameters

  • do_filter (bool) –

  • logger (Optional[Logger]) –

  • params (Optional[dict]) –

diff_traffic(traffic)

Validates that messages match byte for byte.

See interface definition rddr.AbstractRddrDiff.diff_traffic() for more.

Parameters

traffic (List[bytes]) – List of traffic from app instances. Key = instance address “host:port” Value = Bytes response

Return type

List[Tuple[int, bool]]

rddr_diff_builtins.http_diff module

class rddr_diff_builtins.http_diff.RddrHttpDiff(mp_manager, shared_state, do_filter=False, logger=None, params=None)

Bases: rddr.diff_interface.AbstractRddrDiff

Diff tool for HTTP that ships with RDDR. Capable of handling CSRF tokens. N instances may generate form tokens or other per-instance tokens. Plugin will save these tokens and send one along to the client. Upon seeing the client’s token later, will substitute the token appropriate for each server.

diff_traffic(traffic)

Diffs HTML delimited by line breaks.

Upon encountering noise within a line (i.e. the filter pair differ), will extract the largest contiguous set of characters within the line that differ and save the value reported by each server. These tokens can be reinserted in a user’s subsequent requests on sight. The reinsertion is implemented by modify_traffic. This is necessary when an application being N-versioned uses anti-CSRF tokens in its user input forms. The proxy must send the appropriate token back to each instance of the application for it to service the user’s request.

See interface definition rddr.AbstractRddrDiff.diff_traffic() for more.

Parameters

traffic (List[bytes]) – List of traffic from app instances.

Return type

List[Tuple[int, bool]]

modify_traffic(traffic, n_instances)

Return a list of bytestrings, one to send to each application instance.

This method will re-insert any saved tokens it finds in the user’s traffic with the token originally sent by each instance. See diff_traffic for further explanation of the utility of this feature.

Parameters

  • traffic (bytes) – Request to modify per recipient in addrlist.

  • n_instances (int) – Number of app instances in this deployment

Return type

List[bytes]

render_denial()

Returns an HTTP response string containing a 500 error and an “access denied” message, with the RDDR logo. See static/denied.html for the content.

Return type

bytes

validate_params()

Validates the diff-params config field for this particular class.

rddr_diff_builtins.json_diff module

class rddr_diff_builtins.json_diff.RddrJsonDiff(mp_manager, shared_state, do_filter=False, logger=None, params=None)

Bases: rddr.diff_interface.AbstractRddrDiff

Diff tool for JSON documents that ships with RDDR. JSON is expected to be embedded in an HTTP response. Differences key by key. Does not modify incoming traffic.

Parameters

  • do_filter (bool) –

  • logger (Optional[Logger]) –

  • params (Optional[dict]) –

diff_traffic(traffic)

Parses JSON documents embedded in HTTP responses. May request more bytes of a given stream if a partial JSON document has been received and cannot yet be parsed. Differences key by key.

See interface definition rddr.AbstractRddrDiff.diff_traffic() for more.

Parameters

traffic (List[bytes]) – List of traffic from app instances.

Return type

List[Tuple[int, bool]]

render_denial()

Returns an HTTP response string containing a 500 error and an “access denied” message, with the RDDR logo. See static/denied.html for the content.

Return type

bytes

rddr_diff_builtins.pgsql_diff module

class rddr_diff_builtins.pgsql_diff.RddrPostgresDiff(mp_manager, shared_state, do_filter=False, logger=None, params=None)

Bases: rddr.diff_interface.AbstractRddrDiff

This class enables support for diffing Postgres traffic across N application instances. This diff plugin supports diff-params. diff-params should be a dictionary with one key: tokens. tokens is a list of lists of bytestrings, one bytestring per application instance. This allows you to preconfigure tokens you expect to be different among the Postgres instances. An example is the string reported for the server version – different variants will provide different strings. By specifying that here, you can avoid flagging that as divergent behavior.

Parameters

  • do_filter (bool) –

  • logger (Optional[Logger]) –

  • params (Optional[dict]) –

diff_traffic(traffic)

Validates that Postgres messages match. Ignores certain packet types. See member _backend_pkt_types_to_ignore for the full list of ignored packet types. Prior to diffing, will substitute tokens preconfigured in the config file under the diff-params key for the associated proxy.

See interface definition rddr.AbstractRddrDiff.diff_traffic() for more.

Parameters

traffic (List[bytes]) – List of traffic from app instances.

Return type

List[Tuple[int, bool]]

render_denial()

The diff interface can implement a custom error message appropriate for the application layer protocol being handled. An error message, for example. Default implementation returns empty byte string.

Return type

bytes

Returns

Bytestring to be sent back to the client if divergent behavior is seen.

validate_params()

Validates the diff-params config field for this particular class.

Module contents