output/json: add pgsql metadata logging to alerts

Bug #6092

Related to
Bug #6983

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index bb3e370c4df932a31e695d6c9ae5643603843f93..575ee97649edd1c25fd93d6e3432a2adb42ec76a 100644 (file)
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2013-2023 Open Information Security Foundation
+/* Copyright (C) 2013-2024 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -78,6 +78,7 @@
 #include "output-json-modbus.h"
 #include "output-json-frame.h"
 #include "output-json-quic.h"
+#include "output-json-pgsql.h"
 
 #include "util-byte.h"
 #include "util-privs.h"
@@ -593,6 +594,12 @@ static void AlertAddAppLayer(const Packet *p, JsonBuilder *jb, const uint64_t tx
         case ALPROTO_BITTORRENT_DHT:
             AlertJsonBitTorrentDHT(p->flow, tx_id, jb);
             break;
+        case ALPROTO_PGSQL:
+            jb_get_mark(jb, &mark);
+            if (!JsonPgsqlAddMetadata(p->flow, tx_id, jb)) {
+                jb_restore_mark(jb, &mark);
+            }
+            break;
         default:
             break;
     }

diff --git a/src/output-json-pgsql.c b/src/output-json-pgsql.c
index ebe80d163cce25ef38474e2a8693d93c5838b4a7..2e4e126d7ede7bcfc14eef74d13df4cc0c969c44 100644 (file)
--- a/src/output-json-pgsql.c
+++ b/src/output-json-pgsql.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2022 Open Information Security Foundation
+/* Copyright (C) 2022-2024 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -47,6 +47,7 @@
 #include "rust.h"
 
 #define PGSQL_LOG_PASSWORDS BIT_U32(0)
+#define PGSQL_DEFAULTS      (PGSQL_LOG_PASSWORDS)
 
 typedef struct OutputPgsqlCtx_ {
     uint32_t flags;
@@ -58,6 +59,18 @@ typedef struct LogPgsqlLogThread_ {
     OutputJsonThreadCtx *ctx;
 } LogPgsqlLogThread;
 
+bool JsonPgsqlAddMetadata(const Flow *f, uint64_t tx_id, JsonBuilder *jb)
+{
+    void *state = FlowGetAppState(f);
+    if (state) {
+        void *tx = AppLayerParserGetTx(f->proto, ALPROTO_PGSQL, state, tx_id);
+        if (tx) {
+            return rs_pgsql_logger(tx, PGSQL_DEFAULTS, jb);
+        }
+    }
+    return false;
+}
+
 static int JsonPgsqlLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state,
         void *txptr, uint64_t tx_id)
 {

diff --git a/src/output-json-pgsql.h b/src/output-json-pgsql.h
index 7d2e8261350d6728883d07cdd7ae4bf0949aaa67..ed1306ccce6fa853fcc1e050ee92588195121eea 100644 (file)
--- a/src/output-json-pgsql.h
+++ b/src/output-json-pgsql.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2022 Open Information Security Foundation
+/* Copyright (C) 2022-2024 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -25,5 +25,6 @@
 #define __OUTPUT_JSON_PGSQL_H__
 
 void JsonPgsqlLogRegister(void);
+bool JsonPgsqlAddMetadata(const Flow *f, uint64_t tx_id, JsonBuilder *jb);
 
 #endif /* __OUTPUT_JSON_PGSQL_H__ */