Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 01:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
zeek/scripts
History
Fupeng Zhao e4e56789db
Report PostgreSQL login success only after ReadyForQuery 
Previously, Zeek treated the receipt of `AuthenticationOk` as a
successful login. However, according to the PostgreSQL
Frontend/Backend Protocol, the startup phase is not complete until
the server sends `ReadyForQuery`. It is still possible for the server
to emit an `ErrorResponse` (e.g. ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION)
after `AuthenticationOk` but before `ReadyForQuery`.

This change updates the PostgreSQL analyzer to defer reporting login
success until `ReadyForQuery` is observed. This prevents false
positives in cases where authentication succeeds but session startup
fails.
2025-08-18 10:59:44 +08:00
..
base Report PostgreSQL login success only after ReadyForQuery 2025-08-18 10:59:44 +08:00
policy Expand the size of the log-size filters for x509 2025-08-12 17:31:28 -07:00
site site/local: Switch to detect-sql-injection 2025-05-20 16:24:28 +02:00
spicy Spicy: Add functions to check if Zeek provides an analyzer of a given name. 2025-07-15 14:22:27 +02:00
zeekygen Remove deprecations tagged for v8.1 2025-08-12 10:19:03 -07:00
CMakeLists.txt Use the same rules as cmake submodule to reformat Zeek 2023-05-09 08:31:43 -07:00
test-all-policy.zeek Remove deprecations tagged for v8.1 2025-08-12 10:19:03 -07:00