-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pgsql: initial support #5700
pgsql: initial support #5700
Conversation
- pgsql/parser: add startup message structure, initial nom parser and corresponding unit test - pgsql/mod: list pgsql modules that must be compiled - lib: add pgsql to the module's list
Please have a look at the failing QA tests, they show how the code can be tidied up a bit. |
use super::*; | ||
|
||
#[test] | ||
fn test_parse_pgsql_startup_packet() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think a good next step would be to add a test for invalid input. For example one where the length field contains a value smaller than PGSQL_LENGTH_SIZE + PGSQL_PROTO_SIZE
>> proto_version: bits!(tuple!( | ||
take_bits!(16u16), | ||
take_bits!(16u16))) | ||
>> data: take!(len as usize - PGSQL_LENGTH_SIZE - PGSQL_PROTO_SIZE) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I always find this hard to read. Would len as usize - (PGSQL_LENGTH_SIZE + PGSQL_PROTO_SIZE)
be the same?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll try that and see if it works! Although this will likely not be necessary anymore, following Jason's reasoning.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe it does, I've changed it and code runs, test still working.
I think this is a great start @jufajardini 👍 |
I think a good next step would be to add tests for incomplete records. Handling these will be an important part of the parser (see https://github.com/OISF/suricata/blob/master/doc/devguide/extending/app-layer/parser.rst for what will be expected when you integrate the parser). While TCP data often gives you a full PDU, it doesn't have to be that way. So we need to handle all cases. |
Closed with: #5706 |
corresponding unit test
Make sure these boxes are signed before submitting your Pull Request -- thank you.
Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/4241
Describe changes:
corresponding unit test
#suricata-verify-pr:
#suricata-verify-repo:
#suricata-verify-branch:
#suricata-update-pr:
#suricata-update-repo:
#suricata-update-branch:
#libhtp-pr:
#libhtp-repo:
#libhtp-branch: