postgres

package

v0.0.0-...-e4757b4 Latest Latest Go to latest Published: Jan 25, 2021 License: Apache-2.0, Apache-2.0, ISC Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/stanford-esrg/tls-webserver-configuration-scanner

Links

Open Source Insights

Documentation ¶

Overview ¶

Package postgres contains the postgres zgrab2 Module implementation. The Scan does three (or four -- see below) consecutive connections to the server, using different StartupMessages each time, and adds the server's response to each to the output. If any of database/user/application-name are specified on the command line, the fourth StartupMessage is sent with the provided data. This may allow additional data, such as detailed server parameters, to be collected. Absent these, version information must be inferred from the values in the results (e.g. line numbers in error strings).

Index ¶

Constants
func RegisterModule()
type AuthenticationMode
type BackendKeyData
type Connection
type Flags
- func (f *Flags) Help() string
- func (f *Flags) Validate(args []string) error
type Module
- func (m *Module) NewFlags() interface{}
- func (m *Module) NewScanner() zgrab2.Scanner
type PostgresError
type Results
type Scanner
type ServerPacket
type ServerParameters
- func (s *ServerParameters) MarshalJSON() ([]byte, error)

Constants ¶

View Source

const (
	// KeyUnknownErrorTag is the key into the error table denoting an
	// unrecognized error type.
	KeyUnknownErrorTag = "_unknown_error_tag"
	// KeyBadParameters is the key into the ServerParameters table
	// denoting an invalid parameter.
	KeyBadParameters = "_bad_parameters"
)

Variables ¶

This section is empty.

Functions ¶

func RegisterModule ¶

func RegisterModule()

RegisterModule is called by modules/postgres.go's init(), to register the postgres module with the zgrab2 framework.

Types ¶

type AuthenticationMode ¶

type AuthenticationMode struct {
	Mode    string `json:"mode"`
	Payload []byte `json:"payload,omitempty"`
}

AuthenticationMode abstracts the various 'R'-type packets.

type BackendKeyData ¶

type BackendKeyData struct {
	ProcessID uint32 `json:"process_id"`
	SecretKey uint32 `json:"secret_key"`
}

BackendKeyData is the data returned by the 'K'-type packet.

type Connection ¶

type Connection struct {
	// Target is the requested scan target.
	Target *zgrab2.ScanTarget

	// Connection is the underlying TCP (or TLS) stream.
	Connection net.Conn

	// Config contains the flags from the command line.
	Config *Flags

	// IsSSL is true if Connection is a TLS connection.
	IsSSL bool
}

Connection wraps the state of a given connection to a server.

func (*Connection) Close ¶

func (c *Connection) Close() error

Close out the underlying TCP connection to the server.

func (*Connection) GetTLSLog ¶

func (c *Connection) GetTLSLog() *zgrab2.TLSLog

GetTLSLog gets the connection's TLSLog, or nil if the connection has not yet been set up as TLS.

func (*Connection) ReadAll ¶

func (c *Connection) ReadAll() ([]*ServerPacket, *zgrab2.ScanError)

ReadAll reads packets from the given connection until it hits a timeout, EOF, or a 'Z' packet.

func (*Connection) ReadPacket ¶

func (c *Connection) ReadPacket() (*ServerPacket, *zgrab2.ScanError)

ReadPacket reads a ServerPacket from the server.

func (*Connection) RequestSSL ¶

func (c *Connection) RequestSSL() (bool, *zgrab2.ScanError)

RequestSSL sends an SSLRequest packet to the server, and returns true if and only if the server reports that it is SSL-capable. Otherwise it returns false and possibly an error.

func (*Connection) Send ¶

func (c *Connection) Send(body []byte) error

Send a client packet: a big-endian uint32 length followed by a body.

func (*Connection) SendStartupMessage ¶

func (c *Connection) SendStartupMessage(version string, kvps map[string]string) error

SendStartupMessage creates and sends a StartupMessage. The format is uint16 Major + uint16 Minor + (key/value pairs).

func (*Connection) SendU32 ¶

func (c *Connection) SendU32(val uint32) error

SendU32 sends an uint32 packet to the server.

type Flags ¶

type Flags struct {
	zgrab2.BaseFlags
	zgrab2.TLSFlags
	SkipSSL         bool   `long:"skip-ssl" description:"If set, do not attempt to negotiate an SSL connection"`
	Verbose         bool   `long:"verbose" description:"More verbose logging, include debug fields in the scan results"`
	ProtocolVersion string `long:"protocol-version" description:"The protocol to use in the StartupPacket" default:"3.0"`
	User            string `long:"user" description:"Username to pass to StartupMessage. If omitted, no user will be sent." default:""`
	Database        string `long:"database" description:"Database to pass to StartupMessage. If omitted, none will be sent." default:""`
	ApplicationName string `` /* 129-byte string literal not displayed */
}

Flags sets the module-specific flags that can be passed in from the command line.

func (*Flags) Help ¶

func (f *Flags) Help() string

Help returns the module's help string.

func (*Flags) Validate ¶

func (f *Flags) Validate(args []string) error

Validate checks the arguments; on success, returns nil.

type Module ¶

type Module struct {
}

Module is the zgrab2 module for the postgres protocol

func (*Module) NewFlags ¶

func (m *Module) NewFlags() interface{}

NewFlags returns a default Flags instance.

func (*Module) NewScanner ¶

func (m *Module) NewScanner() zgrab2.Scanner

NewScanner returns the module's zgrab2.Scanner implementation.

type PostgresError ¶

type PostgresError map[string]string

PostgresError is parsed the payload of an 'E'-type packet, mapping the friendly names of the various fields to the values returned by the server.

type Results ¶

type Results struct {
	// TLSLog is the standard TLS log for the first connection.
	TLSLog *zgrab2.TLSLog `json:"tls,omitempty"`

	// SupportedVersions is the string returned by the server in response
	// to a StartupMessage with ProtocolVersion = 0.0.
	SupportedVersions string `json:"supported_versions,omitempty"`

	// ProtocolError is the string returned by the server in response to
	// a StartupMessage with ProtocolVersion = 255.255.
	ProtocolError *PostgresError `json:"protocol_error,omitempty"`

	// StartupError is the error returned by the server in response to the
	// StartupMessage with no user provided.
	StartupError *PostgresError `json:"startup_error,omitempty"`

	// UserStartupError is the error returned by the server in response to
	// the final StartupMessage when the user/database/application-name is
	// set.
	UserStartupError *PostgresError `json:"user_startup_error,omitempty"`

	// IsSSL is true if the client was able to set up an SSL connection
	// with the server.
	IsSSL bool `json:"is_ssl"`

	// AuthenticationMode is the value of the R-type packet returned after
	// the final StartupMessage.
	AuthenticationMode *AuthenticationMode `json:"authentication_mode,omitempty"`

	// ServerParameters is a map of the key/value pairs returned after the
	// final StartupMessage.
	ServerParameters *ServerParameters `json:"server_parameters,omitempty"`

	// BackendKeyData is the value of the 'K'-type packet returned by the
	// server after the final StartupMessage.
	BackendKeyData *BackendKeyData `json:"backend_key_data,omitempty" zgrab:"debug"`

	// TransactionStatus is the value of the 'Z'-type packet returned by
	// the server after the final StartupMessage.
	TransactionStatus string `json:"transaction_status,omitempty"`
}

Results is the information returned by the scanner to the caller. https://raw.githubusercontent.com/nmap/nmap/master/nmap-service-probes uses the line number of the error response (e.g. StartupError["line"]) to infer the version number

type Scanner ¶

type Scanner struct {
	Config *Flags
}

Scanner is the zgrab2 scanner type for the postgres protocol

func (*Scanner) DoSSL ¶

func (s *Scanner) DoSSL(sql *Connection) error

DoSSL attempts to upgrade the connection to SSL, returning an error on failure.

func (*Scanner) GetName ¶

func (s *Scanner) GetName() string

GetName returns the name from the parameters.

func (*Scanner) GetPort ¶

func (s *Scanner) GetPort() uint

GetPort returns the port being scanned.

func (*Scanner) GetTrigger ¶

func (s *Scanner) GetTrigger() string

GetTrigger returns the Trigger defined in the Flags.

func (*Scanner) Init ¶

func (s *Scanner) Init(flags zgrab2.ScanFlags) error

Init initializes the scanner with the given flags.

func (*Scanner) InitPerSender ¶

func (s *Scanner) InitPerSender(senderID int) error

InitPerSender does nothing in this module.

func (*Scanner) Protocol ¶

func (s *Scanner) Protocol() string

Protocol returns the protocol identifer for the scanner.

func (*Scanner) Scan ¶

func (s *Scanner) Scan(t zgrab2.ScanTarget) (status zgrab2.ScanStatus, result interface{}, thrown error)

Scan does the actual scanning. It opens up to four connections:

Sends a bogus protocol version in hopes of getting a list of supported protcols back. Results here are supported_versions and and tls (* if applicable).
Send a too-high protocol version (255.255) to get full error message, including line numbers, which could be useful for probing server version. This is where it gets the protcol_error result.
Send a StartupMessage with a valid protocol version (by default 3.0, but this can be overridden on the command line), but omit the user field. This is where it gets the startup_error result.
Only sent if at least one of user/database/application-name command line flags are provided. Does the same as #3, but includes any/all of user/database/application-name. This is where it gets backend_key_data, server_parameters, authentication_mode, transaction_status and user_startup_error.

NOTE: TLS is only used for the first connection, and then only if both client and server support it.

type ServerPacket ¶

type ServerPacket struct {
	Type   byte
	Length uint32
	Body   []byte
}

ServerPacket is a direct representation of the response packet returned by the server. See e.g. https://www.postgresql.org/docs/9.6/static/protocol-message-formats.html The first byte is a message type, an alphanumeric character. The following four bytes are the length of the message body. The following <length> bytes are the message itself. In certain special cases, the Length can be 0; for instance, a response to an SSLRequest is only a S/N Type with no length / body, while pre-startup errors can be a E Type followed by a \n\0- terminated string.

func (*ServerPacket) OutputValue ¶

func (p *ServerPacket) OutputValue() string

OutputValue is the value that is stored for unexpected / unrecognized data.

func (*ServerPacket) ToError ¶

func (p *ServerPacket) ToError() *PostgresError

ToError gets a PostgresError version of OutputValue.

func (*ServerPacket) ToString ¶

func (p *ServerPacket) ToString() string

ToString is used in logging, to get a human-readable representation of the packet.

type ServerParameters ¶

type ServerParameters map[string]string

ServerParameters is a map of key/value pairs sent by the server after authentication. These are 'S'-type packets. We keep track of them all -- but the golang postgres library only stores the server_version and TimeZone.

func (*ServerParameters) MarshalJSON ¶

func (s *ServerParameters) MarshalJSON() ([]byte, error)

MarshalJSON returns the ServerParameters as a list of name/value pairs (work around schema issue)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL