Merge pull request #212 from coroot/error_handling_in_ch_protocol_parsing

improve error handling in ClickHouse protocol parser

Author: def

ebpftracer/l7/clickhouse.go

@@ -21,6 +21,9 @@ func ParseClickhouse(payload []byte) string {
 		return ""
 	}
 	if info.ProtocolVersion > 0 {
+		if info.ProtocolVersion > version {
+			return ""
+		}
 		version = info.ProtocolVersion
 	}
 	var s proto.Setting
@@ -36,10 +39,14 @@ func ParseClickhouse(payload []byte) string {
 	if _, err = r.Str(); err != nil { // inter-server secret
 		return ""
 	}
-	if _, err = r.UVarInt(); err != nil { // stage
+	if stage, err := r.UVarInt(); err != nil { // stage
+		return ""
+	} else if stage > 2 { // invalid stage
 		return ""
 	}
-	if _, err = r.UVarInt(); err != nil { // compression
+	if c, err := r.UVarInt(); err != nil { // compression
+		return ""
+	} else if c > 1 { // invalid compression
 		return ""
 	}
 	l, err := r.StrLen()

ebpftracer/l7/l7_test.go

@@ -185,6 +185,42 @@ func TestParseClickHouse(t *testing.T) {
 		`SELECT Timestamp, TraceId, SpanId, ParentSpanId, SpanName, ServiceName, Duration, StatusCode, StatusMessage, ResourceAttributes, SpanAttributes, Events.Timestamp, Events.Name, Events.Attributes FROM otel_traces_distributed WHERE ServiceName IN (['/k8s/coroot/coroot-coroot', '/system.slice/k3s-agent.service', '/system.slice/k3s.service']) AND (SpanAttributes['net.peer.name'] IN (['10.42.3.84', '10.42.1.73', '10.42.0.173', '10.42.5.69']) OR (SpanAttributes['net.peer.name'], SpanAttributes['net.peer.port']) IN (('10.42.3.84', '9009'), ('10.42.3.84', '0'), ('10.42.3.84', '9000'), ('10.42.3.84', '8123'), ('10.42.1.73', '0'), ('10.42.1.73', '8123'), ('10.42.1.73', '9009'), ('10.42.1.73', '9000'), ('10.42.0.173', '0'), ('10.42.0.173', '9009'), ('10.42.0.173', '9000'), ('10.42.0.173', '8123'), ('10.42.5.69', '9000'), ('10.42.5.69', '8123'), ('10.42.5.69', '9009'), ('10.42.5.69', '0'))) AND Tim...<TRUNCATED>`,
 		ParseClickhouse(payload),
 	)
+
+	payload = []byte{ // ClientQuerySecondary, parsing doesn't work
+		0x01, 0x00, 0x02, 0x07, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x24, 0x32, 0x34, 0x65, 0x61, 0x36, 0x33, 0x61,
+		0x64, 0x2d, 0x32, 0x61, 0x34, 0x64, 0x2d, 0x34, 0x66, 0x32, 0x64, 0x2d, 0x38, 0x34, 0x65, 0x31, 0x2d, 0x34, 0x62,
+		0x65, 0x62, 0x36, 0x35, 0x36, 0x61, 0x36, 0x30, 0x32, 0x32, 0x11, 0x31, 0x30, 0x2e, 0x34, 0x32, 0x2e, 0x30, 0x2e,
+		0x32, 0x34, 0x33, 0x3a, 0x35, 0x38, 0x34, 0x37, 0x34, 0x78, 0xc3, 0x92, 0x37, 0xa3, 0x35, 0x06, 0x00, 0x01, 0x00,
+		0x00, 0x10, 0x63, 0x6c, 0x69, 0x63, 0x6b, 0x68, 0x6f, 0x75, 0x73, 0x65, 0x2f, 0x63, 0x68, 0x2d, 0x67, 0x6f, 0x00,
+		0x3e, 0xbc, 0xa9, 0x03, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0f, 0x73, 0x65, 0x6e, 0x64, 0x5f,
+		0x6c, 0x6f, 0x67, 0x73, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x00, 0x04, 0x6e, 0x6f, 0x6e, 0x65, 0x00, 0x01, 0x00,
+		0x00, 0x02, 0x01, 0xd0, 0x02, 0x49, 0x4e, 0x53, 0x45, 0x52, 0x54, 0x20, 0x49, 0x4e, 0x54, 0x4f, 0x20, 0x63, 0x6f,
+		0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x62, 0x31, 0x66, 0x35, 0x62, 0x77, 0x6b, 0x67, 0x2e, 0x6f, 0x74, 0x65, 0x6c, 0x5f,
+		0x74, 0x72, 0x61, 0x63, 0x65, 0x73, 0x20, 0x28, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2c, 0x20,
+		0x54, 0x72, 0x61, 0x63, 0x65, 0x49, 0x64, 0x2c, 0x20, 0x53, 0x70, 0x61, 0x6e, 0x49, 0x64, 0x2c, 0x20, 0x50, 0x61,
+		0x72, 0x65, 0x6e, 0x74, 0x53, 0x70, 0x61, 0x6e, 0x49, 0x64, 0x2c, 0x20, 0x54, 0x72, 0x61, 0x63, 0x65, 0x53, 0x74,
+		0x61, 0x74, 0x65, 0x2c, 0x20, 0x53, 0x70, 0x61, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x2c, 0x20, 0x53, 0x70, 0x61, 0x6e,
+		0x4b, 0x69, 0x6e, 0x64, 0x2c, 0x20, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x2c, 0x20,
+		0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2c,
+		0x20, 0x53, 0x70, 0x61, 0x6e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2c, 0x20, 0x44, 0x75,
+		0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2c, 0x20, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x2c,
+		0x20, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2c, 0x20, 0x60, 0x45, 0x76,
+		0x65, 0x6e, 0x74, 0x73, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x60, 0x2c, 0x20, 0x60, 0x45,
+		0x76, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x4e, 0x61, 0x6d, 0x65, 0x60, 0x2c, 0x20, 0x60, 0x45, 0x76, 0x65, 0x6e, 0x74,
+		0x73, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x60, 0x2c, 0x20, 0x60, 0x4c, 0x69, 0x6e,
+		0x6b, 0x73, 0x2e, 0x54, 0x72, 0x61, 0x63, 0x65, 0x49, 0x64, 0x60, 0x2c, 0x20, 0x60, 0x4c, 0x69, 0x6e, 0x6b, 0x73,
+		0x2e, 0x53, 0x70, 0x61, 0x6e, 0x49, 0x64, 0x60, 0x2c, 0x20, 0x60, 0x4c, 0x69, 0x6e, 0x6b, 0x73, 0x2e, 0x54, 0x72,
+		0x61, 0x63, 0x65, 0x53, 0x74, 0x61, 0x74, 0x65, 0x60, 0x2c, 0x20, 0x60, 0x4c, 0x69, 0x6e, 0x6b, 0x73, 0x2e, 0x41,
+		0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x60, 0x29, 0x20, 0x56, 0x41, 0x4c, 0x55, 0x45, 0x53, 0x00,
+		0x02, 0x00, 0xa7, 0x83, 0xac, 0x6c, 0xd5, 0x5c, 0x7a, 0x7c, 0xb5, 0xac, 0x46, 0xbd, 0xdb, 0x86, 0xe2, 0x14, 0x82,
+		0x14, 0x00, 0x00, 0x00, 0x0a, 0x00, 0x00, 0x00, 0xa0, 0x01, 0x00, 0x02, 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00,
+	}
+
+	assert.Equal(t,
+		``,
+		ParseClickhouse(payload),
+	)
+
 }
 
 func TestParseZookeeper(t *testing.T) {