23350122333

Committed 20 Mar 2026 03:33PM UTC coverage: 76.492% (-2.8%) from 79.315%

Build # 23350122333

Build Type

Pull #15053

github

Committed by

web-flow

Commit Message

Merge f5bf69f97 into 6587e363a

Pull Request Pull Request #15053: Flow queue/v3

Coverage Stats

113 of 129 new or added lines in 9 files covered. (87.6%)

9534 existing lines in 453 files now uncovered.

256601 of 335461 relevant lines covered (76.49%)

4680806.66 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.12

/rust/src/pgsql/detect.rs

/* Copyright (C) 2025 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

// written by Juliana Fajardini <jufajardini@oisf.net>

use super::pgsql::{PgsqlTransaction, ALPROTO_PGSQL};
use crate::pgsql::parser::PgsqlFEMessage;
use crate::core::{STREAM_TOSERVER};
use crate::detect::{helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer};
use suricata_sys::sys::{
    DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferMpmRegister, SCDetectSignatureSetAppProto,
    Signature,
};
use std::os::raw::{c_int, c_void};

static mut G_PGSQL_QUERY_BUFFER_ID: c_int = 0;

unsafe extern "C" fn pgsql_detect_query_setup(
    de: *mut DetectEngineCtx, s: *mut Signature, _raw: *const std::os::raw::c_char,) -> c_int
{
    if SCDetectSignatureSetAppProto(s, ALPROTO_PGSQL) != 0 {
        return - 1;
    }
    if SCDetectBufferSetActiveList(de, s, G_PGSQL_QUERY_BUFFER_ID) < 0 {
        return - 1;
    }
    0
}

unsafe extern "C" fn pgsql_detect_query_get_data(
    tx: *const c_void, _flags: u8, buffer: *mut *const u8, buffer_len: *mut u32,
) -> bool {
    let tx = cast_pointer!(tx, PgsqlTransaction);

    for request in &tx.requests {
        if let PgsqlFEMessage::SimpleQuery(ref query) = request {
            *buffer = query.payload.as_ptr();
            *buffer_len = query.payload.len() as u32;
            return true;
        }
    }

    *buffer = std::ptr::null();
    *buffer_len = 0;
    false
}

#[no_mangle]
pub unsafe extern "C" fn SCDetectPgsqlRegister() {
    let kw = SigTableElmtStickyBuffer {
        name: String::from("pgsql.query"),
        desc: String::from("match PGSQL  query request content"),
        url: String::from("/rules/pgsql-keywords.html#pgsql.query"),
        setup: pgsql_detect_query_setup,
    };
    let _g_pgsql_query_kw_id = helper_keyword_register_sticky_buffer(&kw);
    G_PGSQL_QUERY_BUFFER_ID = SCDetectHelperBufferMpmRegister(
        b"pgsql.query\0".as_ptr() as *const libc::c_char,
        b"pgsql query request content\0".as_ptr() as *const libc::c_char,
        ALPROTO_PGSQL,
        STREAM_TOSERVER,
        Some(pgsql_detect_query_get_data),
    );
}

1	/* Copyright (C) 2025 Open Information Security Foundation
2	*
3	* You can copy, redistribute or modify this Program under the terms of
4	* the GNU General Public License version 2 as published by the Free
5	* Software Foundation.
6	*
7	* This program is distributed in the hope that it will be useful,
8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10	* GNU General Public License for more details.
11	*
12	* You should have received a copy of the GNU General Public License
13	* version 2 along with this program; if not, write to the Free Software
14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15	* 02110-1301, USA.
16	*/
17
18	// written by Juliana Fajardini <jufajardini@oisf.net>
19
20	use super::pgsql::{PgsqlTransaction, ALPROTO_PGSQL};
21	use crate::pgsql::parser::PgsqlFEMessage;
22	use crate::core::{STREAM_TOSERVER};
23	use crate::detect::{helper_keyword_register_sticky_buffer, SigTableElmtStickyBuffer};
24	use suricata_sys::sys::{
25	DetectEngineCtx, SCDetectBufferSetActiveList, SCDetectHelperBufferMpmRegister, SCDetectSignatureSetAppProto,
26	Signature,
27	};
28	use std::os::raw::{c_int, c_void};
29
30	static mut G_PGSQL_QUERY_BUFFER_ID: c_int = 0;
31
32	unsafe extern "C" fn pgsql_detect_query_setup(	4✔
33	de: mut DetectEngineCtx, s: mut Signature, _raw: *const std::os::raw::c_char,) -> c_int	4✔
34	{	4✔
35	if SCDetectSignatureSetAppProto(s, ALPROTO_PGSQL) != 0 {	4✔
UNCOV 36	return - 1;	×
37	}	4✔
38	if SCDetectBufferSetActiveList(de, s, G_PGSQL_QUERY_BUFFER_ID) < 0 {	4✔
UNCOV 39	return - 1;	×
40	}	4✔
41	0	4✔
42	}	4✔
43
44	unsafe extern "C" fn pgsql_detect_query_get_data(	33✔
45	tx: const c_void, _flags: u8, buffer: mut const u8, buffer_len: mut u32,	33✔
46	) -> bool {	33✔
47	let tx = cast_pointer!(tx, PgsqlTransaction);	33✔
48
49	for request in &tx.requests {	42✔
50	if let PgsqlFEMessage::SimpleQuery(ref query) = request {	33✔
51	*buffer = query.payload.as_ptr();	24✔
52	*buffer_len = query.payload.len() as u32;	24✔
53	return true;	24✔
54	}	9✔
55	}
56
57	*buffer = std::ptr::null();	9✔
58	*buffer_len = 0;	9✔
59	false	9✔
60	}	33✔
61
62	#[no_mangle]
63	pub unsafe extern "C" fn SCDetectPgsqlRegister() {	2,222✔
64	let kw = SigTableElmtStickyBuffer {	2,222✔
65	name: String::from("pgsql.query"),	2,222✔
66	desc: String::from("match PGSQL query request content"),	2,222✔
67	url: String::from("/rules/pgsql-keywords.html#pgsql.query"),	2,222✔
68	setup: pgsql_detect_query_setup,	2,222✔
69	};	2,222✔
70	let _g_pgsql_query_kw_id = helper_keyword_register_sticky_buffer(&kw);	2,222✔
71	G_PGSQL_QUERY_BUFFER_ID = SCDetectHelperBufferMpmRegister(	2,222✔
72	b"pgsql.query\0".as_ptr() as *const libc::c_char,	2,222✔
73	b"pgsql query request content\0".as_ptr() as *const libc::c_char,	2,222✔
74	ALPROTO_PGSQL,	2,222✔
75	STREAM_TOSERVER,	2,222✔
76	Some(pgsql_detect_query_get_data),	2,222✔
77	);	2,222✔
78	}	2,222✔

OISF / suricata / 23350122333

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous