Skip to content

Instantly share code, notes, and snippets.

@cneill

cneill/syntribos-signals.md

Last active June 13, 2016 20:34
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cneill/9526cd2fcfbe88696b039c1509c4d55f to your computer and use it in GitHub Desktop.
Save cneill/9526cd2fcfbe88696b039c1509c4d55f to your computer and use it in GitHub Desktop.
Download ZIP
Raw
syntribos-signals.md

Syntribos Checks / Signals

Exception Checks

HTTP Request Failures

  • Inputs: Single requestslib exception object
  • Description: This signal is returned when requests throws an exception on a request
  • Check Location: syntribos.clients.http.checks
  • Slug: HTTP_FAIL_[EXCEPTION CLASS NAME]
  • Strength: Always 1
  • Tags:
    • CONNECTION_FAIL
      • requests.exceptions.ConnectionError
      • requests.exceptions.HTTPError
    • SERVER_FAIL
      • requests.exceptions.TooManyRedirects
    • CONNECTION_TIMEOUT
      • requests.exceptions.Timeout
    • EXCEPTION_RAISED (ALL)
  • Data:
    • response
    • request
    • exception
    • exception_name

Single-Response Checks

HTTP Status Codes

  • Inputs: Single response object
  • Description: Should return a signal if the response contains an HTTP status code that is considered an error (e.g. 401, 503)
  • Check Location: syntribos.clients.http.checks
  • Slug: HTTP_STATUS_CODE_[4XX|5XX]_[CODE]
  • Strength: Always 1
  • Tags:
    • SERVER_FAIL
      • 5XX status codes
    • CLIENT_FAIL
      • 4XX status codes
  • Data:
    • response
    • request
    • status_code
    • reason
    • details

HTTP Response Content Type

UNIMPLIMENTED

  • Inputs: Single response object
  • Description: Signifies the general content type of the response (e.g. application/xml & text/xml == XML)
  • Check Location: syntribos.clients.http.checks
  • Slug: CONTENT_TYPE_[XML|HTML|JSON|OTHER]
  • Strength: 1 if recognized, 0.5 if unrecognized but contains string that suggests a supported type (e.g. "xml")
  • Tags: TBD

String Presence

UNIMPLIMENTED

  • Inputs: Single response object, list of "bad" strings
  • Description: Signifies that one of a set of "bad" strings was found in the response body.
  • Check Location: ?
  • Slug: [GOOD|BAD]_STRING_PRESENT
  • Strength: TBD
  • Tags: TBD

Stack Trace Detection

UNIMPLIMENTED

  • Inputs: Single response object
  • Description: Signifies that a stacktrace was detected in the response
  • Check Location: ?
  • Slug: STACKTRACE_PRESENT
  • Strength: TBD
  • Tags:
    • APPLICATION_FAIL
    • SERVER_FAIL

May get tricky to tell if this is application or server fail. Raise both?

Max absolute time

  • Inputs: Single response object
  • Description: This checks to ensure that a response doesn't take longer than a configured time limit (max_time)
  • Check Location: syntribos.checks.time
  • Slug: OVER_MAX_TIME
  • Strength: 1 if over, 0 if not
  • Tags:
    • CONNECTION_TIMEOUT

Max body size

UNIMPLEMENTED

  • Inputs: Single response object
  • Description: This checks to ensure that a response's body isn't longer than a configured size limit (max_length)
  • Check Location: syntribos.checks.length
  • Slug: OVER_MAX_LENGTH
  • Strength: 1 if over, 0 if not
  • Tags: TBD

Server software detection

UNIMPLEMENTED

  • Inputs: Single response object
  • Description: This checks for a "Server:" header in the response and tries to determine the generic contents (e.g. "NGINX" or "APACHE"), and version number
  • Check Location: syntribos.clients.http.checks
  • Slug: SERVER_[APACHE|NGINX|etc]
  • Strength: 1 if direct string match, 0.5 if "is in" match?
  • Tags: TBD

Content validity (e.g. JSON/XML)

UNIMPLEMENTED

  • Inputs: Single response object
  • Description: This checks for valid JSON or XML in the response body
  • Check Location: syntribos.clients.http.checks
  • Slug: [VALID|INVALID]_[JSON|XML|HTML]
  • Strength: Always 1 (or we could have VALID = 0, INVALID = 1?)
  • Tags:
    • APPLICATION_FAIL

Checks Comparing 2 Responses

HTTP Response Time Differential

  • Inputs: Two response objects (initial and "attack" responses)
  • Description: Signifies that an "attack" response took longer than the initial response, by a configurable factor
  • Check Location: syntribos.checks.time
  • Slug: TIME_DIFF_[OVER|UNDER]
  • Strength: TBD
    • [0, 1) = Percentage of factor ([final resp. length] / ([initial resp. length] * factor))
      • Example: factor = 3x; initial resp. length = 500; final resp. length = 1000; strength = 1000/(500*3)
    • 1 = Meets configured factor (i.e. if factor is 200%, anything at or above 200%)
  • Tags: TBD
  • Data:
    • req1
    • req2
    • resp1
    • resp2
    • resp1_time
    • resp2_time
    • time_diff
    • percent_diff
    • dir

HTTP Response Body Length Differential

  • Inputs: Two response objects (initial and "attack" responses)
  • Description: Signifies that an "attack" response body was longer than the initial response body by a configurable factor
  • Check Location: syntribos.checks.length
  • Slug: LENGTH_DIFF_[OVER|UNDER]
  • Strength: TBD
  • Tags: TBD
  • Data:
    • req1
    • req2
    • resp1
    • resp2
    • req1_len
    • req2_len
    • resp1_len
    • resp2_len
    • req_diff
    • resp_diff
    • percent_diff
    • dir

All Tags

  • CONNECTION_FAIL
  • SERVER_FAIL
  • APPLICATION_FAIL
  • CLIENT_FAIL
  • CONNECTION_TIMEOUT
  • EXCEPTION_RAISED
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment