Skip to content

fix(tcp): set a connection deadline in the tcp module executor#366

Open
TBX3D wants to merge 9 commits into
vmfunc:mainfrom
TBX3D:fix/tcp-module-deadline
Open

fix(tcp): set a connection deadline in the tcp module executor#366
TBX3D wants to merge 9 commits into
vmfunc:mainfrom
TBX3D:fix/tcp-module-deadline

Conversation

@TBX3D

@TBX3D TBX3D commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

the tcp module executor opened connections without a read/write deadline, so a target that accepted the connection but never responded could hang the scan on that module indefinitely.

TBX3D added 7 commits July 3, 2026 12:45
dial+probe+banner with word/regex/size matchers, ctx-honest watcher,
port required.
first shipped tcp module: sends INFO to redis (6379) and matches
redis_version in the reply, which an auth-required server never returns
(it answers -NOAUTH). extracts the leaked version.
flip the http-only note and add a tcp config section (port, data,
word/regex/size matchers and regex extractors against the banner),
pointing at the redis demo module.
tcp matchers were and-only; add the matchers-condition key (and default,
or) mirroring the http executor's checkMatchers, validated at load via the
shared validateMatchersCondition. documents the override in the combining
matchers section.
decode C-style escapes (\\ \a \b \f \n \r \t \v \xHH) in a tcp module's
data value before it goes on the wire, so a single-quoted or plain yaml
scalar reaches the service with the same control bytes a double-quoted
one already would. an unrecognized escape is kept verbatim so no bytes
are silently lost.
add five built-in tcp modules alongside the redis one so the executor
ships a real service set: memcached (unauth version probe), ssh and ftp
(passive banner version disclosure), mysql/mariadb (handshake exposure,
matched with matchers-condition: or across both auth plugin names), and
vnc (rfb handshake exposure). each fingerprint tracks the documented
on-wire protocol and pulls the version into an extractor.
add four more passive-banner tcp modules: smtp, pop3, and imap read the
greeting each mail service sends on connect (the smtp matcher requires
an esmtp/smtp marker so it does not fire on a bare 220 ftp greeting),
and rsync detects an exposed daemon by its @rsyncd handshake. each pulls
the banner or protocol version into an extractor.
@TBX3D
TBX3D requested a review from vmfunc as a code owner July 10, 2026 00:11
@github-actions github-actions Bot added size/xl 500+ lines changed modules changes to scan modules docs documentation changes tests test changes labels Jul 10, 2026
@github-actions

github-actions Bot commented Jul 10, 2026

Copy link
Copy Markdown

pr summary

17 files changed (+1416 -27)

category files
go source 6
tests 3

@codecov-commenter

codecov-commenter commented Jul 10, 2026

Copy link
Copy Markdown

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

❌ Patch coverage is 98.84393% with 2 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (main@7ea1cd2). Learn more about missing BASE report.

Files with missing lines Patch % Lines
internal/modules/tcp.go 98.82% 1 Missing and 1 partial ⚠️
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.
Additional details and impacted files
@@           Coverage Diff           @@
##             main     #366   +/-   ##
=======================================
  Coverage        ?   55.82%           
=======================================
  Files           ?       82           
  Lines           ?     7045           
  Branches        ?        0           
=======================================
  Hits            ?     3933           
  Misses          ?     2842           
  Partials        ?      270           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

TBX3D added 2 commits July 9, 2026 20:03
the cancel watchdog trips conn.SetDeadline(now) once. if that trip
lands while the probe write is still in flight, readTCP's later
SetReadDeadline(now+timeout) call silently overwrote it, so the read
blocked for the full timeout instead of returning promptly. thread
ctx into readTCP and check it before arming the deadline and on every
read iteration so a cancellation already in flight aborts immediately.
the old test cancelled ctx before calling ExecuteTCPModule, so the
pre-write ctx.Err() guard returned immediately and the test never
reached readTCP at all; reverting the fix and rerunning it still
passed in ~0ms. cancel from a goroutine mid-write instead, so the
watchdog trips the deadline while readTCP is the next call on the
path, and assert the call returns promptly rather than blocking for
the full timeout. also add a case proving a legitimately slow but
uncancelled connection still completes and matches normally.
@TBX3D
TBX3D force-pushed the fix/tcp-module-deadline branch from a663e79 to ed6f59a Compare July 10, 2026 04:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

docs documentation changes modules changes to scan modules size/xl 500+ lines changed tests test changes

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants