Coverage Report

Created: 2025-07-23 07:29

/src/suricata/rust/src/ssh/logger.rs
Line
Count
Source (jump to first uncovered line)
1
/* Copyright (C) 2020 Open Information Security Foundation
2
 *
3
 * You can copy, redistribute or modify this Program under the terms of
4
 * the GNU General Public License version 2 as published by the Free
5
 * Software Foundation.
6
 *
7
 * This program is distributed in the hope that it will be useful,
8
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
10
 * GNU General Public License for more details.
11
 *
12
 * You should have received a copy of the GNU General Public License
13
 * version 2 along with this program; if not, write to the Free Software
14
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15
 * 02110-1301, USA.
16
 */
17
18
use super::ssh::{SSHTransaction, SSH_MAX_BANNER_LEN};
19
use crate::jsonbuilder::{JsonBuilder, JsonError};
20
21
369
fn log_ssh(tx: &SSHTransaction, js: &mut JsonBuilder) -> Result<bool, JsonError> {
22
369
    js.open_object("ssh")?;
23
369
    if tx.cli_hdr.protover.is_empty() && tx.srv_hdr.protover.is_empty() {
24
15
        return Ok(false);
25
354
    }
26
354
    if !tx.cli_hdr.protover.is_empty() {
27
310
        js.open_object("client")?;
28
310
        js.set_string_from_bytes_limited(
29
310
            "proto_version",
30
310
            &tx.cli_hdr.protover,
31
310
            SSH_MAX_BANNER_LEN,
32
310
        )?;
33
310
        if !tx.cli_hdr.swver.is_empty() {
34
310
            js.set_string_from_bytes_limited(
35
310
                "software_version",
36
310
                &tx.cli_hdr.swver,
37
310
                SSH_MAX_BANNER_LEN,
38
310
            )?;
39
0
        }
40
310
        if !tx.cli_hdr.hassh.is_empty() || !tx.cli_hdr.hassh_string.is_empty() {
41
144
            js.open_object("hassh")?;
42
144
            if !tx.cli_hdr.hassh.is_empty() {
43
144
                js.set_string_from_bytes("hash", &tx.cli_hdr.hassh)?;
44
0
            }
45
144
            if !tx.cli_hdr.hassh_string.is_empty() {
46
144
                js.set_string_from_bytes("string", &tx.cli_hdr.hassh_string)?;
47
0
            }
48
144
            js.close()?;
49
166
        }
50
310
        js.close()?;
51
44
    }
52
354
    if !tx.srv_hdr.protover.is_empty() {
53
291
        js.open_object("server")?;
54
291
        js.set_string_from_bytes_limited(
55
291
            "proto_version",
56
291
            &tx.srv_hdr.protover,
57
291
            SSH_MAX_BANNER_LEN,
58
291
        )?;
59
291
        if !tx.srv_hdr.swver.is_empty() {
60
291
            js.set_string_from_bytes_limited(
61
291
                "software_version",
62
291
                &tx.srv_hdr.swver,
63
291
                SSH_MAX_BANNER_LEN,
64
291
            )?;
65
0
        }
66
291
        if !tx.srv_hdr.hassh.is_empty() || !tx.srv_hdr.hassh_string.is_empty() {
67
138
            js.open_object("hassh")?;
68
138
            if !tx.srv_hdr.hassh.is_empty() {
69
138
                js.set_string_from_bytes("hash", &tx.srv_hdr.hassh)?;
70
0
            }
71
138
            if !tx.srv_hdr.hassh_string.is_empty() {
72
138
                js.set_string_from_bytes("string", &tx.srv_hdr.hassh_string)?;
73
0
            }
74
138
            js.close()?;
75
153
        }
76
291
        js.close()?;
77
63
    }
78
354
    js.close()?;
79
354
    return Ok(true);
80
369
}
81
82
#[no_mangle]
83
369
pub unsafe extern "C" fn SCSshLogJson(tx: *mut std::os::raw::c_void, js: &mut JsonBuilder) -> bool {
84
369
    let tx = cast_pointer!(tx, SSHTransaction);
85
369
    if let Ok(x) = log_ssh(tx, js) {
86
369
        return x;
87
0
    }
88
0
    return false;
89
369
}