From: Juliana Fajardini Date: Fri, 7 Feb 2025 22:43:37 +0000 (-0300) Subject: pgsql: add tests for no-failing on parsing error X-Git-Tag: suricata-7.0.9~37 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dd3fda27b6bfd2c702872dd8769157a80c10421f;p=thirdparty%2Fsuricata-verify.git pgsql: add tests for no-failing on parsing error Related to Task #5524 --- diff --git a/tests/pgsql/pgsql-5524/README.md b/tests/pgsql/pgsql-5524/README.md new file mode 100644 index 000000000..197504bc2 --- /dev/null +++ b/tests/pgsql/pgsql-5524/README.md @@ -0,0 +1,13 @@ +# Test Description + +Check that pgsql app-proto parser is able to keep parsing even if it encounters +unknown bodies, to consume known further PDUs. + +## PCAP + +PCAP extracted from a larger sample capture found on +https://wiki.wireshark.org/PostgresProtocol: pgsql-jdbc. + +## Related issues + +https://redmine.openinfosecfoundation.org/issues/5524 diff --git a/tests/pgsql/pgsql-5524/input.pcap b/tests/pgsql/pgsql-5524/input.pcap new file mode 100644 index 000000000..bf4f9bfc1 Binary files /dev/null and b/tests/pgsql/pgsql-5524/input.pcap differ diff --git a/tests/pgsql/pgsql-5524/suricata.yaml b/tests/pgsql/pgsql-5524/suricata.yaml new file mode 100644 index 000000000..a96c88cbf --- /dev/null +++ b/tests/pgsql/pgsql-5524/suricata.yaml @@ -0,0 +1,21 @@ +%YAML 1.1 +--- + +outputs: + - eve-log: + enabled: yes + filetype: regular #regular|syslog|unix_dgram|unix_stream|redis + filename: eve.json + types: + - pgsql: + enabled: yes + - flow + +app-layer: + protocols: + pgsql: + enabled: yes + # Stream reassembly size for PostgreSQL. By default, track it completely. + stream-depth: 0 + # Maximum number of live PostgreSQL transactions per flow + # max-tx: 1024 diff --git a/tests/pgsql/pgsql-5524/test.yaml b/tests/pgsql/pgsql-5524/test.yaml new file mode 100644 index 000000000..d6e0f7ea2 --- /dev/null +++ b/tests/pgsql/pgsql-5524/test.yaml @@ -0,0 +1,42 @@ +requires: + min-version: 8 +args: +- -k none +- --set stream.midstream=true + +checks: +- filter: + count: 1 + match: + dest_ip: 127.0.0.1 + dest_port: 5432 + event_type: pgsql + pgsql.request.protocol_version: '3.0' + pgsql.request.startup_parameters.optional_parameters[0].database: test + pgsql.request.startup_parameters.optional_parameters[1].client_encoding: UNICODE + pgsql.request.startup_parameters.optional_parameters[2].date_style: ISO + pgsql.request.startup_parameters.optional_parameters[3].time_zone: US/Pacific + pgsql.request.startup_parameters.user: test + pgsql.response.message: authentication_ok + pgsql.response.parameter_status[0].client_encoding: UNICODE + pgsql.response.parameter_status[1].date_style: ISO, MDY + pgsql.response.parameter_status[2].is_superuser: 'on' + pgsql.response.parameter_status[3].server_version: 7.4.5 + pgsql.response.parameter_status[4].session_authorization: test + pgsql.response.process_id: 30259 + pgsql.response.secret_key: 2074654521 + pgsql.tx_id: 1 + proto: TCP + src_ip: 127.0.0.1 + src_port: 57829 +- filter: + count: 1 + match: + dest_ip: 127.0.0.1 + dest_port: 5432 + event_type: pgsql + pgsql.request.message: termination_message + pgsql.tx_id: 2 + proto: TCP + src_ip: 127.0.0.1 + src_port: 57829