]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
tests/pgsql: add checks and test for bug 6092 1771/head
authorJuliana Fajardini <jufajardini@oisf.net>
Mon, 15 Apr 2024 23:19:54 +0000 (20:19 -0300)
committerVictor Julien <victor@inliniac.net>
Tue, 16 Apr 2024 06:00:40 +0000 (08:00 +0200)
Ensure that pgsql metadata flags (for now, just setting whether
passwords should be logged or not) are properly processed by Suri and
logging functions.

Related to
Bug #6092

tests/pgsql/pgsql-5000-query-results/suricata.yaml
tests/pgsql/pgsql-5000-query-results/test.yaml
tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-01/README.md [new file with mode: 0644]
tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-01/suricata.yaml [new file with mode: 0755]
tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-01/test.yaml [new file with mode: 0644]
tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-02/README.md [new file with mode: 0644]
tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-02/suricata.yaml [new file with mode: 0755]
tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-02/test.yaml [new file with mode: 0644]
tests/pgsql/pgsql-cancel-request/test.yaml
tests/pgsql/pgsql-pwd-output-disabled/test.yaml

index 8434a4ffabdb5aeea3f1514a41f81c144e2b73a2..bade98943fb1a0630734213abbaa8362d9867832 100644 (file)
@@ -7,7 +7,8 @@ outputs:
       filetype: regular
       filename: eve.json
       types:
-        - pgsql
+        - pgsql:
+            passwords: false
 
 app-layer:
   protocols:
index eac5cbc3b5bf65190a61570cbc1eba8b441a5528..4b8ecd7c0c5b6dd716d8f19ee2bf339da5a1b3f7 100644 (file)
@@ -64,6 +64,7 @@ checks:
       dest_port: 5432
       event_type: pgsql
       pcap_cnt: 29
+      not-has-key: pgsql.request.password
       pgsql.response.message: authentication_ok
       pgsql.response.parameter_status[0].application_name: psql
       pgsql.response.parameter_status[10].time_zone: Etc/UTC
diff --git a/tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-01/README.md b/tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-01/README.md
new file mode 100644 (file)
index 0000000..7b5412e
--- /dev/null
@@ -0,0 +1,12 @@
+# Description
+
+Tests that when PostgreSQL (pgsql) EVE log config is set to not log out password
+messages, it doesn't.
+
+## PCAP
+
+Pcap file reused from pgsql-ssl-rejected-md5-auth-simple-query
+
+## Redmine ticket
+
+https://redmine.openinfosecfoundation.org/issues/6092
diff --git a/tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-01/suricata.yaml b/tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-01/suricata.yaml
new file mode 100755 (executable)
index 0000000..7db5f70
--- /dev/null
@@ -0,0 +1,18 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - pgsql:
+            enabled: yes
+            #passwords: no   # enable output of passwords Default is false
+        - flow
+
+app-layer:
+  protocols:
+    pgsql:
+      enabled: yes
diff --git a/tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-01/test.yaml b/tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-01/test.yaml
new file mode 100644 (file)
index 0000000..1e10700
--- /dev/null
@@ -0,0 +1,39 @@
+requires:
+# Pgsql was released on version 7.0
+  min-version: 7.0
+
+pcap: ../pgsql-ssl-rejected-md5-auth-simple-query/input.pcap
+
+args:
+- -k none
+
+checks:
+# subtest 1
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.11
+      dest_port: 5432
+      event_type: pgsql
+      pcap_cnt: 25
+      proto: TCP
+      src_ip: 10.16.1.10
+      src_port: 40816
+      pgsql.tx_id: 2
+      pgsql.request.protocol_version: '3.0'
+      pgsql.request.startup_parameters.optional_parameters[0].database: indexer
+      pgsql.request.startup_parameters.user: indexer
+      pgsql.response.authentication_md5_password: "\\x9fi\x1A\\x8e"
+# subtest 2
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.11
+      dest_port: 5432
+      event_type: pgsql
+      pcap_cnt: 29
+      pgsql.tx_id: 3
+      not-has-key: pgsql.request.password
+      pgsql.response.message: authentication_ok
+      pgsql.response.process_id: 61
+      pgsql.response.secret_key: 3152142766
diff --git a/tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-02/README.md b/tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-02/README.md
new file mode 100644 (file)
index 0000000..d9e83f7
--- /dev/null
@@ -0,0 +1,12 @@
+# Description
+
+Tests that when PostgreSQL (pgsql) EVE log config is set to log password
+messages, it does.
+
+## PCAP
+
+Pcap file reused from pgsql-ssl-rejected-md5-auth-simple-query
+
+## Redmine ticket
+
+https://redmine.openinfosecfoundation.org/issues/6092
diff --git a/tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-02/suricata.yaml b/tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-02/suricata.yaml
new file mode 100755 (executable)
index 0000000..ea7b027
--- /dev/null
@@ -0,0 +1,18 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - pgsql:
+            enabled: yes
+            passwords: yes
+        - flow
+
+app-layer:
+  protocols:
+    pgsql:
+      enabled: yes
diff --git a/tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-02/test.yaml b/tests/pgsql/pgsql-bug-6092-log-flags-and-metadata-02/test.yaml
new file mode 100644 (file)
index 0000000..8786510
--- /dev/null
@@ -0,0 +1,19 @@
+requires:
+# Pgsql was released on version 7.0
+  min-version: 7.0
+
+pcap: ../pgsql-ssl-rejected-md5-auth-simple-query/input.pcap
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.11
+      dest_port: 5432
+      event_type: pgsql
+      pcap_cnt: 29
+      has-key: pgsql.request.password
+      pgsql.response.message: authentication_ok
index 040178b1d3bac6c4d7332cadda07605cf0200c63..9485dd3658140c6d54395d828c73ae685b151be6 100644 (file)
@@ -36,6 +36,7 @@ checks:
       dest_ip: 100.96.199.113
       dest_port: 5432
       event_type: pgsql
+      not-has-key: pgsql.request.password
       pgsql.response.message: authentication_ok
       pgsql.response.parameter_status[0].application_name: psql
       pgsql.response.process_id: 28954
index 3a4d57c7f5030f21ad0dda75bf497065f86a00fc..11f3442c67b63a5745a44698e3afc7e89faf28c3 100644 (file)
@@ -44,6 +44,7 @@ checks:
       event_type: pgsql
       pcap_cnt: 12
       pgsql.response.message: authentication_ok
+      not-has-key: pgsql.request.password
       pgsql.response.parameter_status[0].application_name: psql
       pgsql.response.parameter_status[10].time_zone: Europe/London
       pgsql.response.parameter_status[1].client_encoding: UTF8