From: Juliana Fajardini Date: Thu, 25 Apr 2024 01:13:35 +0000 (-0300) Subject: pgsql/logger: open json object from logger function X-Git-Tag: suricata-8.0.0-beta1~1196 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=69e26de197c48e7f3e351229ee34b96388673b72;p=thirdparty%2Fsuricata.git pgsql/logger: open json object from logger function Before, the JsonBuilder object for the pgsql event was being created from the C-side function that actually called the Rust logger. This resulted that if another module - such as the Json Alert called the PGSQL logger, we wouldn't have the `pgsql` key present in the log output - only its inner fields. Bug #6983 --- diff --git a/rust/src/pgsql/logger.rs b/rust/src/pgsql/logger.rs index 934b549a16..bcfcb5a8e9 100644 --- a/rust/src/pgsql/logger.rs +++ b/rust/src/pgsql/logger.rs @@ -27,6 +27,7 @@ use std; pub const PGSQL_LOG_PASSWORDS: u32 = BIT_U32!(0); fn log_pgsql(tx: &PgsqlTransaction, flags: u32, js: &mut JsonBuilder) -> Result<(), JsonError> { + js.open_object("pgsql")?; js.set_uint("tx_id", tx.tx_id)?; if let Some(request) = &tx.request { js.set_object("request", &log_request(request, flags)?)?; @@ -35,12 +36,14 @@ fn log_pgsql(tx: &PgsqlTransaction, flags: u32, js: &mut JsonBuilder) -> Result< // TODO Log anomaly event instead? js.set_bool("request", false)?; js.set_bool("response", false)?; + js.close()?; return Ok(()); } if !tx.responses.is_empty() { js.set_object("response", &log_response_object(tx)?)?; } + js.close()?; Ok(()) } diff --git a/src/output-json-pgsql.c b/src/output-json-pgsql.c index 623077e8ad..d82602e351 100644 --- a/src/output-json-pgsql.c +++ b/src/output-json-pgsql.c @@ -76,11 +76,9 @@ static int JsonPgsqlLogger(ThreadVars *tv, void *thread_data, const Packet *p, F return TM_ECODE_FAILED; } - jb_open_object(jb, "pgsql"); if (!rs_pgsql_logger(txptr, thread->pgsqllog_ctx->flags, jb)) { goto error; } - jb_close(jb); OutputJsonBuilderBuffer(jb, thread->ctx); jb_free(jb);