rddr_diff_builtins package

Submodules

rddr_diff_builtins.byte_diff module

class rddr_diff_builtins.byte_diff.RddrByteDiff(do_filter=False, logger=None, params=None)

Bases: rddr.diff_interface.AbstractRddrDiff

Parameters

  • do_filter (bool) –

  • logger (Optional[Logger]) –

  • params (Optional[dict]) –

diff_traffic(traffic)

Validates that messages match byte for byte.

Parameters

traffic (List[bytes]) – List of traffic from app instances. Key = instance address “host:port” Value = Bytes response

Return type

List[Tuple[int, bool]]

rddr_diff_builtins.http_diff module

class rddr_diff_builtins.http_diff.RddrHttpDiff(do_filter=False, logger=None, params=None)

Bases: rddr.diff_interface.AbstractRddrDiff

Parameters

do_filter (bool) –

diff_traffic(traffic)

Diffs HTML delimited by line breaks.

Upon encountering noise within a line (i.e. the filter pair differ), will extract the largest contiguous set of characters within the line that differ and save the value reported by each server. These tokens can be reinserted in a user’s subsequent requests on sight. The reinsertion is implemented by modify_traffic. This is necessary when an application being N-versioned uses anti-CSRF tokens in its user input forms. The proxy must send the appropriate token back to each instance of the application for it to service the user’s request.

Parameters

traffic (List[bytes]) – List of traffic from app instances.

Return type

List[Tuple[int, bool]]

modify_traffic(traffic, n_instances)

Return a list of bytestrings, one to send to each application instance.

This method will re-insert any saved tokens it finds in the user’s traffic with the token originally sent by each instance. See diff_traffic for further explanation of the utility of this feature.

Parameters

  • traffic (bytes) – Request to modify per recipient in addrlist.

  • n_instances (int) – Number of app instances in this deployment

Return type

List[bytes]

render_denial()

Returns an HTTP response string containing a 500 error and an “access denied” message, with the RDDR logo. See static/denied.html for the content.

Return type

bytes

rddr_diff_builtins.json_diff module

class rddr_diff_builtins.json_diff.RddrJsonDiff(do_filter=False, logger=None, params=None)

Bases: rddr.diff_interface.AbstractRddrDiff

Parameters

  • do_filter (bool) –

  • logger (Optional[Logger]) –

  • params (Optional[dict]) –

diff_traffic(traffic)

Return True iff the traffic are the same modulo deterministic behavior if present

Parameters

traffic (List[bytes]) – List of traffic from app instances.

Return type

List[Tuple[int, bool]]

render_denial()

Returns an HTTP response string containing a 500 error and an “access denied” message, with the RDDR logo. See static/denied.html for the content.

Return type

bytes

rddr_diff_builtins.pgsql_diff module

class rddr_diff_builtins.pgsql_diff.RddrPostgresDiff(do_filter=False, logger=None, params=None)

Bases: rddr.diff_interface.AbstractRddrDiff

This class enables support for diffing Postgres traffic across N application instances. This diff plugin supports diff-params. diff-params should be a dictionary with one key: tokens. tokens is a list of lists of bytestrings, one bytestring per application instance. This allows you to preconfigure tokens you expect to be different among the Postgres instances. An example is the string reported for the server version – different variants will provide different strings. By specifying that here, you can avoid flagging that as divergent behavior.

Parameters

  • do_filter (bool) –

  • logger (Optional[Logger]) –

  • params (Optional[dict]) –

diff_traffic(traffic)

Validates that Postgres messages match. Ignores certain packet types. See member _backend_pkt_types_to_ignore for the full list of ignored packet types. Prior to diffing, will substitute tokens preconfigured in the config file under the diff-params key for the associated proxy.

Parameters

traffic (List[bytes]) – List of traffic from app instances.

Return type

List[Tuple[int, bool]]

Module contents