zgrab2/integration_tests/postgres/container
justinbastress f49887290d
Implements postgres zgrab2 module (#30)
* remove unnecessary indirection on net.Conn

* Ignore *.pyc

* fix NPE on nil handshake

* refactoring -- move status to status.go; add Open() methods for ScanTarget

* cherry-pick .gitignore fix

* pull in TLS fix

* status.go comments

* trim over-generalizations

* use /usr/bin/env bash instead of absolute path

* remove debug tcpwrap

* add integration tests for postgres

* hack for cleanup.sh to work on mingw -- use //var/lib instead of /var/lib

* cleanup should actually stop the process though

* comments / rearrange

* Bump up timeout in postgres tests; only pass user if explicitly requested to do so

* add schema stubs to new.sh

* Integration test fixes -- use /usr/bin/env bash; log all validation failures

* add postgres schemas

* fill out zcrypto.client_hello schema

* handle early get of TLSLog

* postgres: return SCAN_SUCCESS on success

* cleanup

* fix new.sh

* fix typo

* postgres container cleanup

* build.sh docs

* standardize container/image names

* add not to check for success

* shift mysql's connection management to ScanTarget.Open(); wrap Read/Write methods returned by ScanTarget.Open() to enforce timeouts

* catch schematically-valid but non-successful scans

* postgres: clean up output format; more scanning

* cleanup; better error handling; get detailed protocol version error

* refactor modules

* clean up dangling connections

* split gigantic postgres.go

* remove unused

* ServerParams gets its own type

* refactor integration tests: run zgrab2 in its own container, which is linked to the service containers, so that we don't need to keep track of unique ports on the host any more

* rename entrypoint; remove duplicate postgres tests

* comments for postgres schema

* Use param expansion to check for env variable [minor]

This is a *very* minor change to `docker-runner/docker-run.sh` checks to
see if the environment variable required to run the script has been set
to a non-empty string. If not, the script exits with a non-zero status
code and displays a default message:

```
❯ docker-runner/docker-run.sh
docker-runner/docker-run.sh: line 7: CONTAINER_NAME: parameter null or not set
```

This was the behavior before, but just uses a one-liner declarative bash
idiom.

For further reading on parameter expansion, see
https://stackoverflow.com/a/307735.

@justinbastress can tell me if I did something wrong and broke the
intent of the script :-)

* Add integration_test targets to makefile; use makefile instead of directly calling go build everywhere; run postgres schema through PEP8 linter

* use make in docker-runner entrypoint

* add .integration_test_setup to .gitignore

* more .gitignore items

* Makefile updates: Windows support; add docker-runner target; better cleanup.

* docker-runner Dockerfile: start from zgrab2_runner_base image

* cleanup postgres setup

* make travis use make

* add .gitattributes, try to prevent it from overriding lfs with crlfs in shell scripts at least

* fix folder name in Makefile

* update go (one of our dependencies now works only with >= 1.9)

* From travis: `I don't have any idea what to do with '1.9.0'.`

* explicit clean make

* fix dep order

* fix build.sh location

* popd

* use make to ensure zgrab2_runner exists

* Make docker-runner an order-dependency for integration-test-cleanup; don't do a cleanup after each integration test

* use explicit tag name for zgrab2_runner

* Add container-clean target to Makefile, to remove cyclic dependency on docker; use .id files to track docker images; add servce-base image; use Make to build / track images

* use LF in Makefiles; update .gitignore; use zgrab_service_base image in ssh container; fix line endings (?)

* remove overzealous cleanup

* let setup continue even if some containers are already running

* zgrab depends on *.go

* docker-runner depends on zgrab2 binary

* clean output before running integration tests
2018-01-15 14:24:57 -05:00
..
build.sh Implements postgres zgrab2 module (#30) 2018-01-15 14:24:57 -05:00
Dockerfile.9.3 Implements postgres zgrab2 module (#30) 2018-01-15 14:24:57 -05:00
Dockerfile.template Implements postgres zgrab2 module (#30) 2018-01-15 14:24:57 -05:00
postgresql.conf.9.3.nossl.partial Implements postgres zgrab2 module (#30) 2018-01-15 14:24:57 -05:00
postgresql.conf.9.3.ssl.partial Implements postgres zgrab2 module (#30) 2018-01-15 14:24:57 -05:00
postgresql.conf.nossl.partial Implements postgres zgrab2 module (#30) 2018-01-15 14:24:57 -05:00
postgresql.conf.ssl.partial Implements postgres zgrab2 module (#30) 2018-01-15 14:24:57 -05:00
README.md Implements postgres zgrab2 module (#30) 2018-01-15 14:24:57 -05:00
setup_nossl.sh Implements postgres zgrab2 module (#30) 2018-01-15 14:24:57 -05:00
setup_ssl.sh Implements postgres zgrab2 module (#30) 2018-01-15 14:24:57 -05:00

About

The integration_tests/postgres/container folder contains the config files for building the custom postgres docker images. These are based on the standard postgres images (https://hub.docker.com/_/postgres/), but with two changes:

  1. Enable logging (in $PGDATA/pg_log/postgres.log)
  2. Enable SSL (at least, if type = ssl)

Adding a new postgres version

For most new versions, you can just add the new version tag to the versions list in setup.sh / test.sh and the new version will be pulled in. If on the other hand you need a custom Dockerfile / setup script (as we did for 9.3, which doesn't support all of the SSL config options available in later versions), you will need to add a custom Dockerfile.[version]. The Dockerfile will receive a build-arg named IMAGE_TYPE, which can be ssl or nossl, which it can use to make the appropriate setup decisions. See Dockerfile.9.3 for an example. The only difference there is it uses the 9.3 versions of the conf files.

Details

  1. ../setup.sh calls build.sh ssl [version] and build.sh nossl [version] for each supported postgres version.
  2. build.sh creates a docker image tagged zgrab_postgres:[version]-[type], where [type] is ssl or nossl
  3. The Dockerfile drops the setup_[type].sh and postgresql.conf.[nossl].partial into the image
  4. ../setup.sh starts the containers, binding them to ports 3543x (ssl) and 4543x (nonssl).
  5. During startup, the setup_[type].sh script is run on the image, setting up logging (and, on SSL images, generating self-signed SSL certificates)