Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pgsql: initial support #5700

Closed
wants to merge 1 commit into from
Closed

pgsql: initial support #5700

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions rust/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,7 @@ pub mod ftp;
pub mod smb;
pub mod krb;
pub mod dcerpc;
pub mod pgsql;

pub mod ikev2;
pub mod snmp;
Expand Down
19 changes: 19 additions & 0 deletions rust/src/pgsql/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
/* Copyright (C) 2020 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/

mod parser;

105 changes: 105 additions & 0 deletions rust/src/pgsql/parser.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,105 @@
/* Copyright (C) 2020 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/

use nom::Err;
use nom::error::ErrorKind;
use nom::IResult;

pub const PGSQL_LENGTH_SIZE: usize = 4;
pub const PGSQL_PROTO_SIZE: usize = 4;

// PostgreSQL Startup message packet
#[derive(Debug, PartialEq)]
pub struct PGSQLStartupPacket<'a> {
pub length: u32,
pub proto_version_major: u16,
pub proto_version_minor: u16,
pub data: &'a[u8],
}

impl<'a> PGSQLStartupPacket<'a> {
pub fn is_valid(&self) -> bool {
let valid: bool = match self.proto_version_major {
1 | 2 | 3 => true,
_ => false,
};
valid
}
}

named!(pub parse_pgsql_startup_packet<PGSQLStartupPacket>,
do_parse!(
len: bits!(take_bits!(32u32))
>> proto_version: bits!(tuple!(
take_bits!(16u16),
take_bits!(16u16)))
>> data: take!(len as usize - PGSQL_LENGTH_SIZE - PGSQL_PROTO_SIZE)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I always find this hard to read. Would len as usize - (PGSQL_LENGTH_SIZE + PGSQL_PROTO_SIZE) be the same?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll try that and see if it works! Although this will likely not be necessary anymore, following Jason's reasoning.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe it does, I've changed it and code runs, test still working.

>> (PGSQLStartupPacket {
length: len,
proto_version_major: proto_version.0,
proto_version_minor: proto_version.1,
data: data,
})
));

#[cfg(test)]
mod tests {

use super::*;

#[test]
fn test_parse_pgsql_startup_packet() {
Copy link
Member

@victorjulien victorjulien Jan 5, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think a good next step would be to add a test for invalid input. For example one where the length field contains a value smaller than PGSQL_LENGTH_SIZE + PGSQL_PROTO_SIZE

// Startup message
let buff:&[u8] = &[
/* Length */ 0x00, 0x00, 0x00, 0x52,
/* Protocol Version */ 0x00, 0x03, 0x00, 0x00,
/* Data */ 0x75, 0x73, 0x65, 0x72, 0x00, 0x69, 0x6e, 0x64, 0x65, 0x78,
0x65, 0x72, 0x00, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73,
0x65, 0x00, 0x69, 0x6e, 0x64, 0x65, 0x78, 0x65, 0x72, 0x00,
0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f,
0x6e, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x00, 0x70, 0x73, 0x71,
0x6c, 0x00, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x65,
0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x00, 0x55, 0x54,
0x46, 0x38, 0x00, 0x00];

let result = parse_pgsql_startup_packet(&buff);

match result {
Ok((remainder, packet)) => {
assert_eq!(packet.length, 82);
// data.len() after taking length and protcol away
assert_eq!(packet.data.len(), 74);

// there should be nothing left
assert_eq!(remainder.len(), 0);

// this packet has protocol version 3.0, so it is valid
assert_eq!(packet.is_valid(), true);
}
Err(nom::Err::Error((remainder, err))) => {
panic!("Result should not be an error: {:?}.", err);
}
Err(nom::Err::Incomplete(_)) => {
panic!("Result should not have been incomplete.");
}
_ => {
panic!("Unexpected behavior!");
}
}
}

}