aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

pgsql: remove probe_ts function

Browse Source 
With the changes in the probing_ts function, this other one could become
obsolete. Remove it, and directly call `parser::parse_request` when
checking for gaps, instead.
pull/9978/head
Juliana Fajardini 2 years ago committed by Victor Julien
parent 53d29f652a
commit 9aeeac532e
1 changed files with 1 additions and 40 deletions
Show Stats Download Patch File Download Diff File

41
rust/src/pgsql/pgsql.rs
Unescape Escape View File

@ -318,7 +318,7 @@ impl PgsqlState {
// If there was gap, check we can sync up again.
if self.request_gap {
if !probe_ts(input) {
if parser::parse_request(input).is_ok() {
// The parser now needs to decide what to do as we are not in sync.
// For now, we'll just try again next time.
SCLogDebug!("Suricata interprets there's a gap in the request");
@ -532,14 +532,6 @@ impl PgsqlState {
}
}
/// Probe for a valid PostgreSQL request
///
/// PGSQL messages don't have a header per se, so we parse the slice for an ok()
fn probe_ts(input: &[u8]) -> bool {
SCLogDebug!("We are in probe_ts");
parser::parse_request(input).is_ok()
}
/// Probe for a valid PostgreSQL response
///
/// Currently, for parser usage only. We have a bit more logic in the function
@ -801,37 +793,6 @@ pub unsafe extern "C" fn rs_pgsql_register_parser() {
mod test {
use super::*;
#[test]
fn test_request_probe() {
// An SSL Request
let buf: &[u8] = &[0x00, 0x00, 0x00, 0x08, 0x04, 0xd2, 0x16, 0x2f];
assert!(probe_ts(buf));
// incomplete messages, probe must return false
assert!(!probe_ts(&buf[0..6]));
assert!(!probe_ts(&buf[0..3]));
// length is wrong (7), probe must return false
let buf: &[u8] = &[0x00, 0x00, 0x00, 0x07, 0x04, 0xd2, 0x16, 0x2f];
assert!(!probe_ts(buf));
// A valid startup message/request
let buf: &[u8] = &[
0x00, 0x00, 0x00, 0x26, 0x00, 0x03, 0x00, 0x00, 0x75, 0x73, 0x65, 0x72, 0x00, 0x6f,
0x72, 0x79, 0x78, 0x00, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x00, 0x6d,
0x61, 0x69, 0x6c, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x00, 0x00,
];
assert!(probe_ts(buf));
// A non valid startup message/request (length is shorter by one. Would `exact!` help?)
let buf: &[u8] = &[
0x00, 0x00, 0x00, 0x25, 0x00, 0x03, 0x00, 0x00, 0x75, 0x73, 0x65, 0x72, 0x00, 0x6f,
0x72, 0x79, 0x78, 0x00, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x00, 0x6d,
0x61, 0x69, 0x6c, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x00, 0x00,
];
assert!(!probe_ts(buf));
}
#[test]
fn test_response_probe() {
/* Authentication Request MD5 password salt value f211a3ed */

Write Preview
Loading…
Cancel
Save