Remove GetDescription(); formatting fixes
This commit is contained in:
parent
9de9ee9f17
commit
ecf8690e96
@ -9,7 +9,6 @@ import (
|
|||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"encoding/binary"
|
"encoding/binary"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"encoding/json"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"net"
|
"net"
|
||||||
"strings"
|
"strings"
|
||||||
@ -137,16 +136,13 @@ type Connection struct {
|
|||||||
|
|
||||||
// Enum to track connection status
|
// Enum to track connection status
|
||||||
State ConnectionState
|
State ConnectionState
|
||||||
// TCP or TLS-wrapped Connection pointer (IsSecure will tell which)
|
// TCP or TLS-wrapped Connection pointer (IsSecure() will tell which)
|
||||||
Connection *net.Conn
|
Connection *net.Conn
|
||||||
// The sequence number used with the server to number packets
|
// The sequence number used with the server to number packets
|
||||||
SequenceNumber uint8
|
SequenceNumber uint8
|
||||||
// The "Handshake" packet sent by the server, holding flags used in future calls
|
// The "Handshake" packet sent by the server, holding flags used in future calls
|
||||||
Handshake *HandshakePacket
|
Handshake *HandshakePacket
|
||||||
|
|
||||||
// If this is true, the Connection is a TLS connection object and there should be a TLSHandshake log.
|
|
||||||
IsSecure bool
|
|
||||||
|
|
||||||
// List of MySQL packets received/sent
|
// List of MySQL packets received/sent
|
||||||
PacketLog []*PacketLogEntry
|
PacketLog []*PacketLogEntry
|
||||||
// The zgrab TLS handshake logs
|
// The zgrab TLS handshake logs
|
||||||
@ -166,7 +162,6 @@ func NewConnection(config *Config) *Connection {
|
|||||||
// Top-level interface for all packets
|
// Top-level interface for all packets
|
||||||
type PacketInfo interface {
|
type PacketInfo interface {
|
||||||
GetType() PacketType
|
GetType() PacketType
|
||||||
GetDescription() string
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Most packets are read from the server; for packets that need to be sent, they need an encoding function
|
// Most packets are read from the server; for packets that need to be sent, they need an encoding function
|
||||||
@ -185,7 +180,8 @@ type PacketLogEntry struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// HandshakePacket defined at https://web.archive.org/web/20160316105725/https://dev.mysql.com/doc/internals/en/connection-phase-packets.html
|
// HandshakePacket defined at https://web.archive.org/web/20160316105725/https://dev.mysql.com/doc/internals/en/connection-phase-packets.html
|
||||||
// @TODO @FIXME: This is protocol version 10; handle previous / future versions
|
// @TODO @FIXME: This is protocol version 10 handle previous / future versions
|
||||||
|
// Protocol version 9 was 3.22 and prior (1998?).
|
||||||
type HandshakePacket struct {
|
type HandshakePacket struct {
|
||||||
// protocol_version: int<1>
|
// protocol_version: int<1>
|
||||||
ProtocolVersion byte `json:"protocol_version"`
|
ProtocolVersion byte `json:"protocol_version"`
|
||||||
@ -218,18 +214,10 @@ type HandshakePacket struct {
|
|||||||
// auth_plugin_name: string<NUL>, but old versions lacked null terminator, so returning string<EOF>
|
// auth_plugin_name: string<NUL>, but old versions lacked null terminator, so returning string<EOF>
|
||||||
AuthPluginName string `json:"auth_plugin_name,omitempty"`
|
AuthPluginName string `json:"auth_plugin_name,omitempty"`
|
||||||
// }
|
// }
|
||||||
// Synthetic field buily from capability_flags_1 || capability_flags_2 << 16
|
// Synthetic field built from capability_flags_1 || capability_flags_2 << 16
|
||||||
CapabilityFlags uint32 `json:"capability_flags"`
|
CapabilityFlags uint32 `json:"capability_flags"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *HandshakePacket) GetDescription() string {
|
|
||||||
jsonStr, err := json.Marshal(p)
|
|
||||||
if err != nil {
|
|
||||||
return string(jsonStr)
|
|
||||||
}
|
|
||||||
return fmt.Sprintf("Error getting description: %s", err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
func (p *HandshakePacket) GetType() PacketType {
|
func (p *HandshakePacket) GetType() PacketType {
|
||||||
return PACKET_TYPE_HANDSHAKE
|
return PACKET_TYPE_HANDSHAKE
|
||||||
}
|
}
|
||||||
@ -294,14 +282,6 @@ type OKPacket struct {
|
|||||||
// }
|
// }
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *OKPacket) GetDescription() string {
|
|
||||||
jsonStr, err := json.Marshal(p)
|
|
||||||
if err != nil {
|
|
||||||
return string(jsonStr)
|
|
||||||
}
|
|
||||||
return fmt.Sprintf("Error getting description: %s", err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
func (p *OKPacket) GetType() PacketType {
|
func (p *OKPacket) GetType() PacketType {
|
||||||
return PACKET_TYPE_OK
|
return PACKET_TYPE_OK
|
||||||
}
|
}
|
||||||
@ -370,10 +350,6 @@ type ERRPacket struct {
|
|||||||
ErrorMessage string `json:"error_message"`
|
ErrorMessage string `json:"error_message"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *ERRPacket) GetDescription() string {
|
|
||||||
return fmt.Sprintf("ERRPacket: error_code = 0x%x, error_message = %s", p.ErrorCode, p.ErrorMessage)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (p *ERRPacket) GetType() PacketType {
|
func (p *ERRPacket) GetType() PacketType {
|
||||||
return PACKET_TYPE_ERROR
|
return PACKET_TYPE_ERROR
|
||||||
}
|
}
|
||||||
@ -420,14 +396,6 @@ func (p *SSLRequestPacket) EncodeBody() []byte {
|
|||||||
return ret[:]
|
return ret[:]
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *SSLRequestPacket) GetDescription() string {
|
|
||||||
jsonStr, err := json.Marshal(p)
|
|
||||||
if err != nil {
|
|
||||||
return string(jsonStr)
|
|
||||||
}
|
|
||||||
return fmt.Sprintf("Error getting description: %s", err.Error())
|
|
||||||
}
|
|
||||||
|
|
||||||
func (p *SSLRequestPacket) GetType() PacketType {
|
func (p *SSLRequestPacket) GetType() PacketType {
|
||||||
return PACKET_TYPE_SSL_REQUEST
|
return PACKET_TYPE_SSL_REQUEST
|
||||||
}
|
}
|
||||||
@ -455,7 +423,8 @@ func (c *Connection) sendPacket(packet WritablePacket) error {
|
|||||||
Length: uint32(len(body)),
|
Length: uint32(len(body)),
|
||||||
SequenceNumber: seq,
|
SequenceNumber: seq,
|
||||||
Raw: base64.StdEncoding.EncodeToString(body),
|
Raw: base64.StdEncoding.EncodeToString(body),
|
||||||
Parsed: packet}
|
Parsed: packet,
|
||||||
|
}
|
||||||
|
|
||||||
c.pushToPacketLog(&logPacket)
|
c.pushToPacketLog(&logPacket)
|
||||||
// @TODO: Buffered send?
|
// @TODO: Buffered send?
|
||||||
@ -507,7 +476,8 @@ func (c *Connection) readPacket() (PacketInfo, error) {
|
|||||||
len := binary.LittleEndian.Uint32(header[:])
|
len := binary.LittleEndian.Uint32(header[:])
|
||||||
packet := PacketLogEntry{
|
packet := PacketLogEntry{
|
||||||
Length: len,
|
Length: len,
|
||||||
SequenceNumber: seq}
|
SequenceNumber: seq,
|
||||||
|
}
|
||||||
|
|
||||||
// If we fail, we will still have the Length / Sequence Number logged
|
// If we fail, we will still have the Length / Sequence Number logged
|
||||||
c.pushToPacketLog(&packet)
|
c.pushToPacketLog(&packet)
|
||||||
@ -544,6 +514,11 @@ func (c *Connection) StartTLS() error {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check if the connection has been upgraded to TLS
|
||||||
|
func (c *Connection) IsSecure() bool {
|
||||||
|
return c.TLSHandshake != nil
|
||||||
|
}
|
||||||
|
|
||||||
// Connect to the configured server and perform the initial handshake
|
// Connect to the configured server and perform the initial handshake
|
||||||
func (c *Connection) Connect() error {
|
func (c *Connection) Connect() error {
|
||||||
// @TODO @FIXME -- Break this into Connect/Scan/Disconnect?
|
// @TODO @FIXME -- Break this into Connect/Scan/Disconnect?
|
||||||
@ -555,6 +530,7 @@ func (c *Connection) Connect() error {
|
|||||||
}
|
}
|
||||||
c.Connection = &conn
|
c.Connection = &conn
|
||||||
c.State = STATE_CONNECTED
|
c.State = STATE_CONNECTED
|
||||||
|
c.TLSHandshake = nil
|
||||||
|
|
||||||
packet, err := c.readPacket()
|
packet, err := c.readPacket()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
@ -565,9 +541,10 @@ func (c *Connection) Connect() error {
|
|||||||
case PACKET_TYPE_HANDSHAKE:
|
case PACKET_TYPE_HANDSHAKE:
|
||||||
// OK
|
// OK
|
||||||
case PACKET_TYPE_ERROR:
|
case PACKET_TYPE_ERROR:
|
||||||
return fmt.Errorf("Server returned error after connecting: %s", packet.GetDescription())
|
errPacket := packet.(*ERRPacket)
|
||||||
|
return fmt.Errorf("Server returned error after connecting: error_code = 0x%x; error_message = %s", errPacket.ErrorCode, errPacket.ErrorMessage)
|
||||||
default:
|
default:
|
||||||
return fmt.Errorf("Server returned unexpected packet type %s after connecting: %s", packet.GetType(), packet.GetDescription())
|
return fmt.Errorf("Server returned unexpected packet type %s after connecting: %s", packet.GetType())
|
||||||
}
|
}
|
||||||
handshakePacket := packet.(*HandshakePacket)
|
handshakePacket := packet.(*HandshakePacket)
|
||||||
c.Handshake = handshakePacket
|
c.Handshake = handshakePacket
|
||||||
@ -575,14 +552,14 @@ func (c *Connection) Connect() error {
|
|||||||
// How to handle mismatched reserved? It will be available in the output, but should it trigger a 'failure'?
|
// How to handle mismatched reserved? It will be available in the output, but should it trigger a 'failure'?
|
||||||
// if hex.EncodeToString(parsed.reserved) != "00000000000000000000" { ... }
|
// if hex.EncodeToString(parsed.reserved) != "00000000000000000000" { ... }
|
||||||
|
|
||||||
c.IsSecure = false
|
|
||||||
if (handshakePacket.CapabilityFlags & c.Config.ClientCapabilities & CLIENT_SSL) != 0 {
|
if (handshakePacket.CapabilityFlags & c.Config.ClientCapabilities & CLIENT_SSL) != 0 {
|
||||||
c.State = STATE_SSL_REQUEST
|
c.State = STATE_SSL_REQUEST
|
||||||
sslRequest := SSLRequestPacket{
|
sslRequest := SSLRequestPacket{
|
||||||
CapabilityFlags: c.Config.ClientCapabilities,
|
CapabilityFlags: c.Config.ClientCapabilities,
|
||||||
MaxPacketSize: c.Config.MaxPacketSize,
|
MaxPacketSize: c.Config.MaxPacketSize,
|
||||||
CharacterSet: c.Config.CharSet,
|
CharacterSet: c.Config.CharSet,
|
||||||
Reserved: c.Config.ReservedData}
|
Reserved: c.Config.ReservedData,
|
||||||
|
}
|
||||||
if c.sendPacket(&sslRequest) != nil {
|
if c.sendPacket(&sslRequest) != nil {
|
||||||
return fmt.Errorf("Error sending SSLRequest packet: %s", err)
|
return fmt.Errorf("Error sending SSLRequest packet: %s", err)
|
||||||
}
|
}
|
||||||
@ -592,7 +569,6 @@ func (c *Connection) Connect() error {
|
|||||||
return fmt.Errorf("Error performing TLS handshake: %s", err)
|
return fmt.Errorf("Error performing TLS handshake: %s", err)
|
||||||
}
|
}
|
||||||
c.TLSHandshake = (*c.Connection).(*tls.Conn).GetHandshakeLog()
|
c.TLSHandshake = (*c.Connection).(*tls.Conn).GetHandshakeLog()
|
||||||
c.IsSecure = true
|
|
||||||
}
|
}
|
||||||
c.State = STATE_FINISHED
|
c.State = STATE_FINISHED
|
||||||
return nil
|
return nil
|
||||||
|
@ -73,14 +73,15 @@ func (s *MySQLScanner) GetPort() uint {
|
|||||||
func (s *MySQLScanner) Scan(t zgrab2.ScanTarget) (interface{}, error) {
|
func (s *MySQLScanner) Scan(t zgrab2.ScanTarget) (interface{}, error) {
|
||||||
sql := mysql.NewConnection(&mysql.Config{
|
sql := mysql.NewConnection(&mysql.Config{
|
||||||
Host: t.IP.String(),
|
Host: t.IP.String(),
|
||||||
Port: uint16(s.config.Port)})
|
Port: uint16(s.config.Port),
|
||||||
|
})
|
||||||
err := sql.Connect()
|
err := sql.Connect()
|
||||||
defer sql.Disconnect()
|
defer sql.Disconnect()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
ret := MySQLScanResults{PacketLog: sql.PacketLog}
|
ret := MySQLScanResults{PacketLog: sql.PacketLog}
|
||||||
if sql.IsSecure {
|
if sql.IsSecure() {
|
||||||
ret.TLSHandshake = sql.TLSHandshake
|
ret.TLSHandshake = sql.TLSHandshake
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user