forked from OISF/suricata-verify
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pgsql: add tests for no-failing on parsing error
Related to Task #5524
- Loading branch information
1 parent
a8e3c9e
commit 3f9a1e4
Showing
4 changed files
with
76 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| # Test Description | ||
|
|
||
| Check that pgsql app-proto parser is able to keep parsing even if it encounters | ||
| unknown bodies, to consume known further PDUs. | ||
|
|
||
| ## PCAP | ||
|
|
||
| PCAP extracted from a larger sample capture found on | ||
| https://wiki.wireshark.org/PostgresProtocol: pgsql-jdbc. | ||
|
|
||
| ## Related issues | ||
|
|
||
| https://redmine.openinfosecfoundation.org/issues/5524 |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| %YAML 1.1 | ||
| --- | ||
|
|
||
| outputs: | ||
| - eve-log: | ||
| enabled: yes | ||
| filetype: regular #regular|syslog|unix_dgram|unix_stream|redis | ||
| filename: eve.json | ||
| types: | ||
| - pgsql: | ||
| enabled: yes | ||
| - flow | ||
|
|
||
| app-layer: | ||
| protocols: | ||
| pgsql: | ||
| enabled: yes | ||
| # Stream reassembly size for PostgreSQL. By default, track it completely. | ||
| stream-depth: 0 | ||
| # Maximum number of live PostgreSQL transactions per flow | ||
| # max-tx: 1024 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| requires: | ||
| min-version: 8 | ||
| args: | ||
| - -k none | ||
| - --set stream.midstream=true | ||
|
|
||
| checks: | ||
| - filter: | ||
| count: 1 | ||
| match: | ||
| dest_ip: 127.0.0.1 | ||
| dest_port: 5432 | ||
| event_type: pgsql | ||
| pgsql.request.protocol_version: '3.0' | ||
| pgsql.request.startup_parameters.optional_parameters[0].database: test | ||
| pgsql.request.startup_parameters.optional_parameters[1].client_encoding: UNICODE | ||
| pgsql.request.startup_parameters.optional_parameters[2].date_style: ISO | ||
| pgsql.request.startup_parameters.optional_parameters[3].time_zone: US/Pacific | ||
| pgsql.request.startup_parameters.user: test | ||
| pgsql.response.message: authentication_ok | ||
| pgsql.response.parameter_status[0].client_encoding: UNICODE | ||
| pgsql.response.parameter_status[1].date_style: ISO, MDY | ||
| pgsql.response.parameter_status[2].is_superuser: 'on' | ||
| pgsql.response.parameter_status[3].server_version: 7.4.5 | ||
| pgsql.response.parameter_status[4].session_authorization: test | ||
| pgsql.response.process_id: 30259 | ||
| pgsql.response.secret_key: 2074654521 | ||
| pgsql.tx_id: 1 | ||
| proto: TCP | ||
| src_ip: 127.0.0.1 | ||
| src_port: 57829 | ||
| - filter: | ||
| count: 1 | ||
| match: | ||
| dest_ip: 127.0.0.1 | ||
| dest_port: 5432 | ||
| event_type: pgsql | ||
| pgsql.request.message: termination_message | ||
| pgsql.tx_id: 2 | ||
| proto: TCP | ||
| src_ip: 127.0.0.1 | ||
| src_port: 57829 |