From 9aeeac532eadc57c399b17d364d7337c5c69bd8e Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Mon, 27 Nov 2023 17:01:33 -0300 Subject: [PATCH] pgsql: remove probe_ts function With the changes in the probing_ts function, this other one could become obsolete. Remove it, and directly call `parser::parse_request` when checking for gaps, instead. --- rust/src/pgsql/pgsql.rs | 41 +---------------------------------------- 1 file changed, 1 insertion(+), 40 deletions(-) diff --git a/rust/src/pgsql/pgsql.rs b/rust/src/pgsql/pgsql.rs index 94e26d84815c..8b9b12c4d694 100644 --- a/rust/src/pgsql/pgsql.rs +++ b/rust/src/pgsql/pgsql.rs @@ -318,7 +318,7 @@ impl PgsqlState { // If there was gap, check we can sync up again. if self.request_gap { - if !probe_ts(input) { + if parser::parse_request(input).is_ok() { // The parser now needs to decide what to do as we are not in sync. // For now, we'll just try again next time. SCLogDebug!("Suricata interprets there's a gap in the request"); @@ -532,14 +532,6 @@ impl PgsqlState { } } -/// Probe for a valid PostgreSQL request -/// -/// PGSQL messages don't have a header per se, so we parse the slice for an ok() -fn probe_ts(input: &[u8]) -> bool { - SCLogDebug!("We are in probe_ts"); - parser::parse_request(input).is_ok() -} - /// Probe for a valid PostgreSQL response /// /// Currently, for parser usage only. We have a bit more logic in the function @@ -801,37 +793,6 @@ pub unsafe extern "C" fn rs_pgsql_register_parser() { mod test { use super::*; - #[test] - fn test_request_probe() { - // An SSL Request - let buf: &[u8] = &[0x00, 0x00, 0x00, 0x08, 0x04, 0xd2, 0x16, 0x2f]; - assert!(probe_ts(buf)); - - // incomplete messages, probe must return false - assert!(!probe_ts(&buf[0..6])); - assert!(!probe_ts(&buf[0..3])); - - // length is wrong (7), probe must return false - let buf: &[u8] = &[0x00, 0x00, 0x00, 0x07, 0x04, 0xd2, 0x16, 0x2f]; - assert!(!probe_ts(buf)); - - // A valid startup message/request - let buf: &[u8] = &[ - 0x00, 0x00, 0x00, 0x26, 0x00, 0x03, 0x00, 0x00, 0x75, 0x73, 0x65, 0x72, 0x00, 0x6f, - 0x72, 0x79, 0x78, 0x00, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x00, 0x6d, - 0x61, 0x69, 0x6c, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x00, 0x00, - ]; - assert!(probe_ts(buf)); - - // A non valid startup message/request (length is shorter by one. Would `exact!` help?) - let buf: &[u8] = &[ - 0x00, 0x00, 0x00, 0x25, 0x00, 0x03, 0x00, 0x00, 0x75, 0x73, 0x65, 0x72, 0x00, 0x6f, - 0x72, 0x79, 0x78, 0x00, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x00, 0x6d, - 0x61, 0x69, 0x6c, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x00, 0x00, - ]; - assert!(!probe_ts(buf)); - } - #[test] fn test_response_probe() { /* Authentication Request MD5 password salt value f211a3ed */