// If there was gap, check we can sync up again.
if self.request_gap {
- if !probe_ts(input) {
+ if parser::parse_request(input).is_ok() {
// The parser now needs to decide what to do as we are not in sync.
// For now, we'll just try again next time.
SCLogDebug!("Suricata interprets there's a gap in the request");
}
}
-/// Probe for a valid PostgreSQL request
-///
-/// PGSQL messages don't have a header per se, so we parse the slice for an ok()
-fn probe_ts(input: &[u8]) -> bool {
- SCLogDebug!("We are in probe_ts");
- parser::parse_request(input).is_ok()
-}
-
/// Probe for a valid PostgreSQL response
///
/// Currently, for parser usage only. We have a bit more logic in the function
mod test {
use super::*;
- #[test]
- fn test_request_probe() {
- // An SSL Request
- let buf: &[u8] = &[0x00, 0x00, 0x00, 0x08, 0x04, 0xd2, 0x16, 0x2f];
- assert!(probe_ts(buf));
-
- // incomplete messages, probe must return false
- assert!(!probe_ts(&buf[0..6]));
- assert!(!probe_ts(&buf[0..3]));
-
- // length is wrong (7), probe must return false
- let buf: &[u8] = &[0x00, 0x00, 0x00, 0x07, 0x04, 0xd2, 0x16, 0x2f];
- assert!(!probe_ts(buf));
-
- // A valid startup message/request
- let buf: &[u8] = &[
- 0x00, 0x00, 0x00, 0x26, 0x00, 0x03, 0x00, 0x00, 0x75, 0x73, 0x65, 0x72, 0x00, 0x6f,
- 0x72, 0x79, 0x78, 0x00, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x00, 0x6d,
- 0x61, 0x69, 0x6c, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x00, 0x00,
- ];
- assert!(probe_ts(buf));
-
- // A non valid startup message/request (length is shorter by one. Would `exact!` help?)
- let buf: &[u8] = &[
- 0x00, 0x00, 0x00, 0x25, 0x00, 0x03, 0x00, 0x00, 0x75, 0x73, 0x65, 0x72, 0x00, 0x6f,
- 0x72, 0x79, 0x78, 0x00, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x00, 0x6d,
- 0x61, 0x69, 0x6c, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x00, 0x00,
- ];
- assert!(!probe_ts(buf));
- }
-
#[test]
fn test_response_probe() {
/* Authentication Request MD5 password salt value f211a3ed */
projects / thirdparty / suricata.git / commitdiff
