72 lines
2.3 KiB
Python
72 lines
2.3 KiB
Python
# zschema sub-schema for zgrab2's postgres module
|
|
# Registers zgrab2-postgres globally, and postgres with the main zgrab2 schema.
|
|
from zschema.leaves import *
|
|
from zschema.compounds import *
|
|
import zschema.registry
|
|
|
|
import zcrypto_schemas.zcrypto as zcrypto
|
|
import zgrab2
|
|
|
|
# modules/postgres/scanner.go - decodeError() (TODO: Currently an unconstrained
|
|
# map[string]string; it is possible to get "unknown (0x%x)" fields, but it
|
|
# would probably be proper to reject those at this point)
|
|
|
|
# These are defined in detail at
|
|
# https://www.postgresql.org/docs/10/static/protocol-error-fields.html
|
|
postgres_error = SubRecord({
|
|
"severity": String(required=True),
|
|
"severity_v": String(),
|
|
"code": String(required=True),
|
|
"message": String(),
|
|
"detail": String(),
|
|
"hint": String(),
|
|
"position": String(),
|
|
"internal_position": String(),
|
|
"internal_query": String(),
|
|
"where": String(),
|
|
"schema": String(),
|
|
"table": String(),
|
|
"data": String(),
|
|
"file": String(),
|
|
"line": String(),
|
|
"routine": String(),
|
|
})
|
|
|
|
# modules/postgres/scanner.go - decodeAuthMode()
|
|
AUTH_MODES = [
|
|
"kerberos_v5", "password_cleartext", "password_md5", "scm_credentials",
|
|
"gss", "sspi", "sasl", "ok", "gss-continue", "sasl-continue", "sasl-final"
|
|
]
|
|
|
|
# modules/postgres/scanner.go: AuthenticationMode
|
|
postgres_auth_mode = SubRecord({
|
|
"mode": Enum(values=AUTH_MODES, required=True),
|
|
"Payload": Binary(),
|
|
})
|
|
|
|
# modules/postgres/scanner.go: BackendKeyData
|
|
postgres_key_data = SubRecord({
|
|
"process_id": Unsigned32BitInteger(),
|
|
"secret_key": Unsigned32BitInteger(),
|
|
})
|
|
|
|
# modules/postgres/scanner.go: PostgresResults
|
|
postgres_scan_response = SubRecord({
|
|
"result": SubRecord({
|
|
"tls": zgrab2.tls_log,
|
|
"supported_versions": String(),
|
|
"protocol_error": postgres_error,
|
|
"startup_error": postgres_error,
|
|
"is_ssl": Boolean(required=True),
|
|
"authentication_mode": postgres_auth_mode,
|
|
# TODO FIXME: This is currendly an unconstrained map[string]string
|
|
"server_parameters": String(),
|
|
"backend_key_data": postgres_key_data,
|
|
"transaction_status": String(),
|
|
})
|
|
}, extends=zgrab2.base_scan_response)
|
|
|
|
zschema.registry.register_schema("zgrab2-postgres", postgres_scan_response)
|
|
|
|
zgrab2.register_scan_response_type("postgres", postgres_scan_response)
|