Anomaly checker¶
Anomaly checker is a service that guarantees scanning stability.
The anomaly checker configuration consists of a description of two mechanisms:
- request blocker — responsible for blocking certain types of requests;
- RPS controller — responsible for adjusting the RPS parameter during scanning.
Note
One of the mechanisms may be missing from the configuration. In this case, the missing mechanism will not be created in the anomaly checker.
Request blocker¶
- The mechanism creates a token storage for each “HTTP method + URL without query parameters” combination, which is initialized to zero.
- The configuration specifies the expected response results (timeout or status codes) and the corresponding number of tokens that will be added to the token storage.
- When the token storage is full, requests with the corresponding “HTTP method + URL without query parameters” combination will be blocked.
- Tokens are removed from the storage at a constant rate. If requests with the corresponding combination are blocked, they [can be unblocked] (#blocker-unblock-enabled) once the storage is completely emptied.
The fields describing the configuration of this mechanism are listed in the table below. If a default value for a parameter is not set, then its absence in the configuration will cause the mechanism to fail.
| Field | Type | Default | Description |
|---|---|---|---|
capacity |
Positive real number | Not specified | Token storage capacity |
flow_rate |
Non-negative real number | 0 |
Token removal rate from the token storage |
unblock_enabled |
Boolean | false |
Regulates whether requests for the corresponding “HTTP method + URL without query parameters” combination should be unblocked when the token storage is empty |
status_code_values.status_code |
Integer | Not specified | A status code, the appearance of which in a response leads to the addition of a certain number of tokens to the token storage |
status_code_values.value |
Real number | 0 |
The number of tokens that will be added to the token storage if the corresponding status code appears |
net_error_values.net_error |
Enumerable | {timeout} |
An error, the appearance of which in a response leads to the addition of a certain number of tokens to the token storage. Currently, only the {timeout} value is supported |
net_error_values.value |
Real number | 0 |
The number of tokens that will be added to the token storage if the corresponding error appears |
Configuration example¶
request_blocker:
capacity: 100
flow_rate: 1
unblock_enabled: true
status_code_values:
- status_code: 200
value: -1
- status_code: 500
value: 2
net_error_values:
- net_error: timeout
value: 3
RPS controller¶
- The mechanism creates one token storage for each scanning process of a single module and is initialized to a value equal to half of the token storage capacity.
- When filling the storage for the first time, if no RPS limit was specified when setting the target limitations, the value of this parameter will be equal to
max_rps. Otherwise, the RPS will not exceed the specified limit. - The RPS is increased or decreased by a given coefficient. If the storage is empty, the RPS value increases, but without exceeding
max_rps. If the storage is full, the RPS value decreases, but without falling belowmin_rps.
The fields describing the configuration of this mechanism are listed in the table below. If a default value for a parameter is not set, then its absence in the configuration will cause the mechanism to fail.
| Field | Type | Default | Description |
|---|---|---|---|
capacity |
Positive real number | Not specified | Token storage capacity |
flow_rate |
Non-negative real number | 0 |
Token removal rate from the token storage |
min_rps |
Positive real number | 0 |
Minimum RPS value |
max_rps |
Positive real number | 100 |
Maximum RPS value. It cannot be less than the minimum RPS value. It does not affect the performance of the mechanism if the an RPS limit was set for the target |
rps_ratio |
Real number | Not specified | A coefficient that regulates changes in the RPS value. The value is between 0 and 1, exclusive. The RPS parameter is increased or decreased by dividing or multiplying its current value by the coefficient, respectively |
status_code_values.status_code |
Integer | Not specified | A status code, the appearance of which in a response leads to the addition of a certain number of tokens to the token storage |
status_code_values.value |
Real number | 0 |
The number of tokens that will be added to the token storage if the corresponding status code appears |
Configuration example¶
rps_controller:
capacity: 100
flow_rate: 1
min_rps: 8
max_rps: 18
rps_ratio: 0.75
status_code_values:
- status_code: 200
value: -1
- status_code: 429
value: 4
Launch¶
Currently, the anomaly checker can only be launched using the fuchsiactl console client.