From: Juliana Fajardini <jufajardini@gmail.com>
Date: Tue, 27 Aug 2024 18:07:16 +0000 (-0300)
Subject: output/json: add pgsql metadata logging to alerts
X-Git-Tag: suricata-7.0.7~44
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1c483c9d658ca306759530e354ef4592b766772c;p=thirdparty%2Fsuricata.git

output/json: add pgsql metadata logging to alerts

Bug #6092

Related to
Bug #6983
---

diff --git a/src/output-json-alert.c b/src/output-json-alert.c
index bb3e370c4d..575ee97649 100644
--- a/src/output-json-alert.c
+++ b/src/output-json-alert.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2013-2023 Open Information Security Foundation
+/* Copyright (C) 2013-2024 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -78,6 +78,7 @@
 #include "output-json-modbus.h"
 #include "output-json-frame.h"
 #include "output-json-quic.h"
+#include "output-json-pgsql.h"
 
 #include "util-byte.h"
 #include "util-privs.h"
@@ -593,6 +594,12 @@ static void AlertAddAppLayer(const Packet *p, JsonBuilder *jb, const uint64_t tx
         case ALPROTO_BITTORRENT_DHT:
             AlertJsonBitTorrentDHT(p->flow, tx_id, jb);
             break;
+        case ALPROTO_PGSQL:
+            jb_get_mark(jb, &mark);
+            if (!JsonPgsqlAddMetadata(p->flow, tx_id, jb)) {
+                jb_restore_mark(jb, &mark);
+            }
+            break;
         default:
             break;
     }
diff --git a/src/output-json-pgsql.c b/src/output-json-pgsql.c
index ebe80d163c..2e4e126d7e 100644
--- a/src/output-json-pgsql.c
+++ b/src/output-json-pgsql.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 2022 Open Information Security Foundation
+/* Copyright (C) 2022-2024 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -47,6 +47,7 @@
 #include "rust.h"
 
 #define PGSQL_LOG_PASSWORDS BIT_U32(0)
+#define PGSQL_DEFAULTS      (PGSQL_LOG_PASSWORDS)
 
 typedef struct OutputPgsqlCtx_ {
     uint32_t flags;
@@ -58,6 +59,18 @@ typedef struct LogPgsqlLogThread_ {
     OutputJsonThreadCtx *ctx;
 } LogPgsqlLogThread;
 
+bool JsonPgsqlAddMetadata(const Flow *f, uint64_t tx_id, JsonBuilder *jb)
+{
+    void *state = FlowGetAppState(f);
+    if (state) {
+        void *tx = AppLayerParserGetTx(f->proto, ALPROTO_PGSQL, state, tx_id);
+        if (tx) {
+            return rs_pgsql_logger(tx, PGSQL_DEFAULTS, jb);
+        }
+    }
+    return false;
+}
+
 static int JsonPgsqlLogger(ThreadVars *tv, void *thread_data, const Packet *p, Flow *f, void *state,
         void *txptr, uint64_t tx_id)
 {
diff --git a/src/output-json-pgsql.h b/src/output-json-pgsql.h
index 7d2e826135..ed1306ccce 100644
--- a/src/output-json-pgsql.h
+++ b/src/output-json-pgsql.h
@@ -1,4 +1,4 @@
-/* Copyright (C) 2022 Open Information Security Foundation
+/* Copyright (C) 2022-2024 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -25,5 +25,6 @@
 #define __OUTPUT_JSON_PGSQL_H__
 
 void JsonPgsqlLogRegister(void);
+bool JsonPgsqlAddMetadata(const Flow *f, uint64_t tx_id, JsonBuilder *jb);
 
 #endif /* __OUTPUT_JSON_PGSQL_H__ */