Skip to content

Commit

Permalink
pgsql: remove probe_ts function
Browse files Browse the repository at this point in the history
With the changes in the probing_ts function, this other one could become
obsolete. Remove it, and directly call `parser::parse_request` when
checking for gaps, instead.
  • Loading branch information
jufajardini authored and victorjulien committed Dec 5, 2023
1 parent 53d29f6 commit 9aeeac5
Showing 1 changed file with 1 addition and 40 deletions.
41 changes: 1 addition & 40 deletions rust/src/pgsql/pgsql.rs
Original file line number Diff line number Diff line change
Expand Up @@ -318,7 +318,7 @@ impl PgsqlState {

// If there was gap, check we can sync up again.
if self.request_gap {
if !probe_ts(input) {
if parser::parse_request(input).is_ok() {
// The parser now needs to decide what to do as we are not in sync.
// For now, we'll just try again next time.
SCLogDebug!("Suricata interprets there's a gap in the request");
Expand Down Expand Up @@ -532,14 +532,6 @@ impl PgsqlState {
}
}

/// Probe for a valid PostgreSQL request
///
/// PGSQL messages don't have a header per se, so we parse the slice for an ok()
fn probe_ts(input: &[u8]) -> bool {
SCLogDebug!("We are in probe_ts");
parser::parse_request(input).is_ok()
}

/// Probe for a valid PostgreSQL response
///
/// Currently, for parser usage only. We have a bit more logic in the function
Expand Down Expand Up @@ -801,37 +793,6 @@ pub unsafe extern "C" fn rs_pgsql_register_parser() {
mod test {
use super::*;

#[test]
fn test_request_probe() {
// An SSL Request
let buf: &[u8] = &[0x00, 0x00, 0x00, 0x08, 0x04, 0xd2, 0x16, 0x2f];
assert!(probe_ts(buf));

// incomplete messages, probe must return false
assert!(!probe_ts(&buf[0..6]));
assert!(!probe_ts(&buf[0..3]));

// length is wrong (7), probe must return false
let buf: &[u8] = &[0x00, 0x00, 0x00, 0x07, 0x04, 0xd2, 0x16, 0x2f];
assert!(!probe_ts(buf));

// A valid startup message/request
let buf: &[u8] = &[
0x00, 0x00, 0x00, 0x26, 0x00, 0x03, 0x00, 0x00, 0x75, 0x73, 0x65, 0x72, 0x00, 0x6f,
0x72, 0x79, 0x78, 0x00, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x00, 0x6d,
0x61, 0x69, 0x6c, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x00, 0x00,
];
assert!(probe_ts(buf));

// A non valid startup message/request (length is shorter by one. Would `exact!` help?)
let buf: &[u8] = &[
0x00, 0x00, 0x00, 0x25, 0x00, 0x03, 0x00, 0x00, 0x75, 0x73, 0x65, 0x72, 0x00, 0x6f,
0x72, 0x79, 0x78, 0x00, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x00, 0x6d,
0x61, 0x69, 0x6c, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x00, 0x00,
];
assert!(!probe_ts(buf));
}

#[test]
fn test_response_probe() {
/* Authentication Request MD5 password salt value f211a3ed */
Expand Down

0 comments on commit 9aeeac5

Please sign in to comment.