Implements postgres zgrab2 module (zmap#30)

* remove unnecessary indirection on net.Conn

* Ignore *.pyc

* fix NPE on nil handshake

* refactoring -- move status to status.go; add Open() methods for ScanTarget

* cherry-pick .gitignore fix

* pull in TLS fix

* status.go comments

* trim over-generalizations

* use /usr/bin/env bash instead of absolute path

* remove debug tcpwrap

* add integration tests for postgres

* hack for cleanup.sh to work on mingw -- use //var/lib instead of /var/lib

* cleanup should actually stop the process though

* comments / rearrange

* Bump up timeout in postgres tests; only pass user if explicitly requested to do so

* add schema stubs to new.sh

* Integration test fixes -- use /usr/bin/env bash; log all validation failures

* add postgres schemas

* fill out zcrypto.client_hello schema

* handle early get of TLSLog

* postgres: return SCAN_SUCCESS on success

* cleanup

* fix new.sh

* fix typo

* postgres container cleanup

* build.sh docs

* standardize container/image names

* add not to check for success

* shift mysql's connection management to ScanTarget.Open(); wrap Read/Write methods returned by ScanTarget.Open() to enforce timeouts

* catch schematically-valid but non-successful scans

* postgres: clean up output format; more scanning

* cleanup; better error handling; get detailed protocol version error

* refactor modules

* clean up dangling connections

* split gigantic postgres.go

* remove unused

* ServerParams gets its own type

* refactor integration tests: run zgrab2 in its own container, which is linked to the service containers, so that we don't need to keep track of unique ports on the host any more

* rename entrypoint; remove duplicate postgres tests

* comments for postgres schema

* Use param expansion to check for env variable [minor]

This is a *very* minor change to `docker-runner/docker-run.sh` checks to
see if the environment variable required to run the script has been set
to a non-empty string. If not, the script exits with a non-zero status
code and displays a default message:

```
❯ docker-runner/docker-run.sh
docker-runner/docker-run.sh: line 7: CONTAINER_NAME: parameter null or not set
```

This was the behavior before, but just uses a one-liner declarative bash
idiom.

For further reading on parameter expansion, see
https://stackoverflow.com/a/307735.

@justinbastress can tell me if I did something wrong and broke the
intent of the script :-)

* Add integration_test targets to makefile; use makefile instead of directly calling go build everywhere; run postgres schema through PEP8 linter

* use make in docker-runner entrypoint

* add .integration_test_setup to .gitignore

* more .gitignore items

* Makefile updates: Windows support; add docker-runner target; better cleanup.

* docker-runner Dockerfile: start from zgrab2_runner_base image

* cleanup postgres setup

* make travis use make

* add .gitattributes, try to prevent it from overriding lfs with crlfs in shell scripts at least

* fix folder name in Makefile

* update go (one of our dependencies now works only with >= 1.9)

* From travis: `I don't have any idea what to do with '1.9.0'.`

* explicit clean make

* fix dep order

* fix build.sh location

* popd

* use make to ensure zgrab2_runner exists

* Make docker-runner an order-dependency for integration-test-cleanup; don't do a cleanup after each integration test

* use explicit tag name for zgrab2_runner

* Add container-clean target to Makefile, to remove cyclic dependency on docker; use .id files to track docker images; add servce-base image; use Make to build / track images

* use LF in Makefiles; update .gitignore; use zgrab_service_base image in ssh container; fix line endings (?)

* remove overzealous cleanup

* let setup continue even if some containers are already running

* zgrab depends on *.go

* docker-runner depends on zgrab2 binary

* clean output before running integration tests

Author: justinbastress

.gitattributes

@@ -0,0 +1,2 @@
+*.sh eol=LF
+Makefile eol=LF

.gitignore

@@ -2,8 +2,18 @@
 .DS_Store
 
 # zgrab
+zgrab2
 cmd/zgrab2/zgrab2
+cmd/zgrab2/zgrab2.exe
 zgrab-output/
 
 # CI dependencies
 jp
+jp.exe
+
+# Compiled python modules
+schemas/*.pyc
+
+# Marker files for make
+.integration-test-setup
+docker-runner/*.id

.travis.yml

@@ -1,6 +1,6 @@
 language: go
 go:
-- 1.7.4
+- 1.9
 services:
 - docker
 before_install:
@@ -9,13 +9,13 @@ before_install:
 # JMESPath is used to do context-specific validation of results
 - go get github.com/jmespath/jp && go build github.com/jmespath/jp
 - pip install --user zschema
-- ./integration_tests/setup.sh
 - docker ps -a
 install:
-- pushd cmd/zgrab2 && go build && popd
+- make clean zgrab2
 script:
-- ./integration_tests/test.sh
+- make integration-test
 after_script:
+# Cleanup even if the integration tests fail
 - ./integration_tests/cleanup.sh
 notifications:
   email:

Makefile

@@ -1,9 +1,44 @@
+ifeq ($(OS),Windows_NT)
+  EXECUTABLE_EXTENSION := .exe
+else
+  EXECUTABLE_EXTENSION :=
+endif
+
+GO_FILES = $(shell find . -type f -name '*.go')
+
 all: zgrab2
 
-.PHONY: clean zgrab2
+.PHONY: all clean integration-test integration-test-clean docker-runner container-clean
+
+zgrab2: $(GO_FILES)
+	cd cmd/zgrab2 && go build && cd ../..
+	rm -f zgrab2
+	ln -s cmd/zgrab2/zgrab2$(EXECUTABLE_EXTENSION) zgrab2
+
+docker-runner: zgrab2
+	make -C docker-runner
+
+.integration-test-setup: | docker-runner
+	./integration_tests/setup.sh
+	touch .integration-test-setup
+
+integration-test: docker-runner .integration-test-setup
+	rm -rf zgrab-output
+	./integration_tests/test.sh
+
+integration-test-clean:
+	rm -f .integration-test-setup
+	rm -rf zgrab-output
+	./integration_tests/cleanup.sh
+	make -C docker-runner clean
 
-zgrab2: 
-	cd cmd/zgrab2 && go build -o zgrab2  
+# This is the target for re-building from source in the container
+container-clean:
+	rm -f zgrab2
+	cd cmd/zgrab2 && go build && cd ../..
+	ln -s cmd/zgrab2/zgrab2$(EXECUTABLE_EXTENSION) zgrab2
 
 clean:
-	go clean
+	cd cmd/zgrab2 && go clean
+	rm -f .integration-test-setup
+	rm -f zgrab2

docker-runner/Dockerfile

@@ -0,0 +1,23 @@
+FROM zgrab2_runner_base:latest
+
+WORKDIR /go/src/github.com/zmap
+
+# Grab the currently-active version of the source
+ADD . zgrab2
+
+# This would instead grab it from the source repo
+# RUN go-wrapper download github.com/zmap/zgrab2
+
+WORKDIR /go/src/github.com/zmap/zgrab2
+
+RUN go get -v ./...
+RUN go get -v -t ./...
+
+# This should already be executable, but just in case...
+RUN chmod a+x ./docker-runner/entrypoint.sh
+
+# Build on the container
+RUN make container-clean
+
+CMD []
+ENTRYPOINT ["/go/src/github.com/zmap/zgrab2/docker-runner/entrypoint.sh"]

docker-runner/Makefile

@@ -0,0 +1,25 @@
+ifeq ($(OS),Windows_NT)
+  EXECUTABLE_EXTENSION := .exe
+else
+  EXECUTABLE_EXTENSION :=
+endif
+
+all: docker-runner.id
+
+.PHONY: clean clean-all
+
+service-base-image.id:
+	docker build -t zgrab2_service_base:latest -f service-base.Dockerfile -q . > service-base-image.id || rm -f service-base-image.id
+
+runner-base-image.id:
+	docker build -t zgrab2_runner_base:latest -f runner-base.Dockerfile -q . > runner-base-image.id || rm -f runner-base-image.id
+
+docker-runner.id: ../cmd/zgrab2/zgrab2$(EXECUTABLE_EXTENSION) runner-base-image.id service-base-image.id
+	docker build -t zgrab2_runner:latest -f Dockerfile -q .. > docker-runner.id || rm -f docker-runner.id
+
+clean:
+	if [ -f docker-runner.id ]; then docker rmi -f $$(cat docker-runner.id) && rm -f docker-runner.id; fi
+ 
+clean-all: clean
+	if [ -f service-base-image.id ]; then docker rmi -f $$(cat service-base-image.id) && rm -f service-base-image.id; fi
+	if [ -f runner-base-image.id ]; then docker rmi -f $$(cat runner-base-image.id) && rm -f runner-base-image.id; fi

docker-runner/docker-run.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+# Runs the zgrab2_runner docker image (built with docker-runner/build-runner.sh)
+# Links the runner image to the targetted container with the hostname alias "target",
+# then scans target using the arguments to the script.
+
+: "${CONTAINER_NAME:?}"
+
+set -e
+docker run --rm --link $CONTAINER_NAME:target -e ZGRAB_TARGET=target zgrab2_runner $@

docker-runner/entrypoint.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+# This is the entrypoint for the zgrab2_runner container.
+# Runs the zgrab2 binary, passing along any arguments, with stdin containing the single line: the ZGRAB_TARGET.
+
+set -e
+
+cd /go/src/github.com/zmap/zgrab2
+
+if ! [ -x $ZGRAB_REBUILD ]; then
+  if ! [ -x $ZGRAB_BRANCH ]; then
+    git checkout $ZGRAB_BRANCH
+  fi
+  git pull
+  make
+fi
+
+set -x
+echo $ZGRAB_TARGET | /go/src/github.com/zmap/zgrab2/cmd/zgrab2/zgrab2 $*

docker-runner/runner-base.Dockerfile

@@ -0,0 +1,11 @@
+FROM golang:1.9
+# Base image that already has the pre-requisites downloaded.
+
+WORKDIR /go/src/github.com/zmap
+
+RUN go-wrapper download github.com/zmap/zgrab2
+
+WORKDIR /go/src/github.com/zmap/zgrab2
+
+RUN go get -v ./...
+RUN go get -v -t ./...

docker-runner/service-base.Dockerfile

@@ -0,0 +1,6 @@
+FROM ubuntu:16.04
+
+# Base Ubuntu container with the apt cache already updated.
+# Many containers will be able to use this as their base.
+
+RUN apt-get update

integration_tests/cleanup.sh

@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # Keep cleaning up, even if something fails
 set +e

integration_tests/mysql/cleanup.sh

@@ -1,18 +1,15 @@
-#!/bin/bash
+#!/usr/bin/env bash
 
 # Keep cleaning up even if something fails
 set +e 
 
-# Stop all MySQL containers, but first grab the logs from them
+# Stop all MySQL containers.
 
 MYSQL_VERSIONS="5.5 5.6 5.7 8.0"
 
 for version in $MYSQL_VERSIONS; do
-    CONTAINER_NAME="testmysql-$version"
-    echo "BEGIN DOCKER LOGS FROM $CONTAINER_NAME [{("
-    docker logs --tail all $CONTAINER_NAME
-    echo ")}] END DOCKER LOGS FROM $CONTAINER_NAME"
-    echo "Stopping $CONTAINER_NAME..."
+    CONTAINER_NAME="zgrab_mysql-$version"
+    echo "mysql/cleanup: Stopping $CONTAINER_NAME..."
     docker stop $CONTAINER_NAME
-    echo "...stopped."
+    echo "mysql/cleanup: ...stopped."
 done

integration_tests/mysql/setup.sh

@@ -1,16 +1,35 @@
 #!/bin/bash -e
 
-# Start all of the MySQL docker containers, and wait for them start responding on port 3306
-
-echo "Launching docker containers..."
 # NOTE: the 5.5 and 5.6 versions do not have SSL enabled
-CONTAINER_NAME=testmysql-5.5 MYSQL_VERSION=5.5 MYSQL_PORT=13306 ./util/launch_mysql_container.sh
-CONTAINER_NAME=testmysql-5.6 MYSQL_VERSION=5.6 MYSQL_PORT=23306 ./util/launch_mysql_container.sh
-CONTAINER_NAME=testmysql-5.7 MYSQL_VERSION=5.7 MYSQL_PORT=33306 ./util/launch_mysql_container.sh
-CONTAINER_NAME=testmysql-8.0 MYSQL_VERSION=8.0 MYSQL_PORT=43306 ./util/launch_mysql_container.sh
+versions="5.5 5.6 5.7 8.0"
+
+function launch() {
+  VERSION=$1
+  CONTAINER_NAME="zgrab_mysql-$VERSION"
+  if docker ps --filter "name=$CONTAINER_NAME" | grep $CONTAINER_NAME; then
+    echo "mysql/setup: Container $CONTAINER_NAME already running -- stopping..."
+    docker stop $CONTAINER_NAME
+    echo "...stopped."
+  fi
+  docker run -itd --rm --name zgrab_mysql-$VERSION -e MYSQL_ALLOW_EMPTY_PASSWORD=true -e MYSQL_LOG_CONSOLE=true mysql:$VERSION
+}
+
+function waitFor() {
+  VERSION=$1
+  CONTAINER_NAME=zgrab_mysql-$VERSION
+  echo "mysql/setup: Waiting for mysqld process to come up on $CONTAINER_NAME..."
+  while ! (docker exec $CONTAINER_NAME ps -Af | grep mysqld > /dev/null); do
+      echo -n "*"
+      sleep 1
+  done
+  echo "...ok."
+}
+
+echo "mysql/setup: Launching docker containers..."
+for version in $versions; do
+  launch $version
+done
 
-echo "Waiting for MySQL to start up on all containers..."
-CONTAINER_NAME=testmysql-5.5 MYSQL_PORT=13306 ./util/wait_for_mysqld.sh
-CONTAINER_NAME=testmysql-5.6 MYSQL_PORT=23306 ./util/wait_for_mysqld.sh
-CONTAINER_NAME=testmysql-5.7 MYSQL_PORT=33306 ./util/wait_for_mysqld.sh
-CONTAINER_NAME=testmysql-8.0 MYSQL_PORT=43306 ./util/wait_for_mysqld.sh
+for version in $versions; do
+  waitFor $version
+done

integration_tests/mysql/single_run.sh

@@ -1,5 +1,41 @@
-#!/bin/sh -e
-MYSQL_VERSION=5.5 MYSQL_PORT=13306 ./single_run.sh
-MYSQL_VERSION=5.6 MYSQL_PORT=23306 ./single_run.sh
-MYSQL_VERSION=5.7 MYSQL_PORT=33306 ./single_run.sh
-MYSQL_VERSION=8.0 MYSQL_PORT=43306 ./single_run.sh
+#!/usr/bin/env bash
+set -e
+
+versions="5.5 5.6 5.7 8.0"
+
+# Run the MySQL-specific integration tests:
+# 1. Run zgrab2 on the container
+# 2. Check that data.mysql.result.handshake.parsed.server_version matches $MYSQL_VERSION
+
+MODULE_DIR=$(dirname $0)
+TEST_ROOT=$MODULE_DIR/..
+ZGRAB_ROOT=$MODULE_DIR/../..
+ZGRAB_OUTPUT=$ZGRAB_ROOT/zgrab-output
+
+status=0
+
+function doTest() {
+  MYSQL_VERSION=$1
+  CONTAINER_NAME="zgrab_mysql-$MYSQL_VERSION"
+  OUTPUT_FILE="$ZGRAB_OUTPUT/mysql/$MYSQL_VERSION.json"
+  echo "mysql/test: Testing MySQL Version $MYSQL_VERSION..."
+  CONTAINER_NAME=$CONTAINER_NAME $ZGRAB_ROOT/docker-runner/docker-run.sh mysql --timeout 10 > $OUTPUT_FILE
+  SERVER_VERSION=$($ZGRAB_ROOT/jp -u data.mysql.result.handshake.parsed.server_version < $OUTPUT_FILE)
+  if [[ "$SERVER_VERSION" == "$MYSQL_VERSION."* ]]; then
+    echo "Server version matches expected version: $SERVER_VERSION == $MYSQL_VERSION.*"
+  else
+    echo "Server version mismatch: Got $SERVER_VERSION, expected $MYSQL_VERSION.*"
+    status=1
+  fi
+  echo "mysql/test: BEGIN docker+mysql logs from $CONTAINER_NAME [{("
+  docker logs --tail all $CONTAINER_NAME
+  echo ")}] END docker+mysql logs from $CONTAINER_NAME"
+}
+
+mkdir -p $ZGRAB_OUTPUT/mysql
+
+for version in $versions; do
+  doTest $version
+done
+
+exit $status