Main features
Source types
InterDiode is built on a plugin architecture and is easily extensible. Many data sources are already available, and more will soon be added. InterDiode is focused on developer tools and is not a tool to crawl any kind of websites.
Developer tools
All developers are now accustomed to working with numerous online tools. Here they are, now available on your internal network!
pastebins: just paste some text on the black side and copy it on the red side,
Ansible role registries, that can be some selected roles from a public registries (merely the official Galaxy), or a private registry,
mirror of some selected images from existing Docker registries,
clone of git repositories using ssh or https,
clone of Github repositories, with the related issues and wiki when available (using SSH or HTTPS),
mirror of any selected Grafana plugins,
mirrored of your Jetbrain IDEs (IntelliJ, PyCharm, …) along any plugin you like,
mirrored Dash / Zeal / ReadTheDoc documentations,
selected Vagrant boxes mirrored from a repository such as app.vagrant.
System and programming language packages
The primary use of InterDiode is copying and making available libraries or packages for numerous programming languages or operating systems.
complete clones of APT (Debian/Ubuntu) repositories or private ones,
full copies of APK (Alpine) repositories,
updates of a package selection from Maven (Java) repositories or private repositories,
updates of a package selection from NPM (JavaScript) repositories or private repositories,
updates of a package selection from Packagist (PHP) repositories or private repositories,
updates of a package selection from Rubygems (Ruby) repositories or private repositories,
updates of a package selection from Pypi (Python) repositories or private repositories,
updates of a package selection from Rust repositories or private repositories,
complete clones of Yum/DNF (Fedora/CentOS/RedHat) repositories or private ones.
Misc internet tools
In addition to these copying functions, you also have a number of very useful utilities.
file uploads: upload a file on the black server and download it from the red server
ZIP archives of HTML documentations,
e-mail accounts: directly receive your e-mails on your red network!
RSS feeds, with attached links downloaded as PDF files,
Twitter feeds, with linked pages downloaded as PDF files,
ZIM archives, like Wikipedia or StackOverflow dumps,
downloads Videos from Youtube, Dailymotion or Vimeo,
HKP servers for GPG public keys,
regularly fetching specified URLs.
Black/red user mapping
Since both sides are disconnected, you cannot synchronize user accounts: you can only import black usernames to the red network. Of course, to avoid any leak of red data to your black network and thus to the internet, you cannot map red usernames to black ones on the black network. However, in the red network, administrators can link black usernames to their red counterparts. A red user can then automatically access to the data he imported from the internet. Otherwise, only administrators can access these data.
Access control
Each source can be assigned specific access control rules. Rights are granted to anonymous users, any authenticated user, or specific users or user groups. The available access levels depend on the type of source and are described in the “Access Control” tab. For most sources, you can deny all rights, grant read-only access, provide write access (to create documents or modify existing ones), or grant administration access.
Integrated air gapped transfer protocols
InterDiode can export/import data as plain files, enabling you to transfer data from the black side to the red one.
Additionally, InterDiode integrates a basic protocol for transferring data through a physical data diode using UDP connections. Because of the one-way connection, the black side cannot determine if a transfer has been successful.
InterDiode can also utilize more reliable raw TCP connections to transfer data. Since no data is sent back from the application level, you can use a firewall that only permits TCP acknowledgments from the red side to the black side, or a TCP data-diode.
Transferred files analysis (I)
File analysis can be performed during the export process. The analysis is then carried out using any Python function defined in the settings, on the black side.
[transfer]
exported_file_analyzer = package.module.my_function
The required signature of the function is the following:
def my_function(
original_filename: str, # original filename
path: str, # actual absolute filepath of the file
mime_type: Optional[str],
sha256: str,
sha1: str,
size: int,
) -> Optional[str]:
return "" or None
If the result is None, then the file can be transferred as-is. If the result is a string (even empty), then the original file is removed and a new file (with the same name suffixed by ‘.removed’) is created, that contains this string.
Transferred files analysis (II)
An analysis can also be performed on files during the import process. This analysis is carried out on the red server by any Python function.
[transfer]
imported_file_analyzer = package.module.my_function
The required signature of the function is the following:
def my_function(
path: str,
mime_type: Optional[str],
sha256: str,
sha1: str,
size: int,
) -> bool:
return True
If the result is evaluated as false, then the file integrity is not checked, and your function can safely delete this file. If the result is evaluated as true, then the file must be left unmodified.
Headless operation
You may only need a headless, isolated importation point. Files to be transferred are copied to a USB key, and each time this key is plugged into the black InterDiode server, files are automatically transferred to the red network and removed from the key.
This process works more efficiently when used with a simple USB switch to share the USB key between the desktop and the InterDiode server, preventing USB keys from being moved around.