syslog source: chunking metadata error

[nabokihms]

Please review the Community Note before submitting

TruffleHog Version

v3.88.2

Trace Output

trufflehog/pkg/sources/syslog/syslog.go

Lines 251 to 285 in b6b00bb

	func (s *Source) monitorConnection(ctx context.Context, conn net.Conn, chunksChan chan *sources.Chunk) {
	defer common.RecoverWithExit(ctx)
	for {
	if common.IsDone(ctx) {
	return
	}
	err := conn.SetDeadline(time.Now().Add(time.Second))
	if err != nil {
	ctx.Logger().V(2).Info("could not set connection deadline", "error", err)
	}
	input := make([]byte, 8096)
	remote := conn.RemoteAddr()
	_, err = conn.Read(input)
	if err != nil {
	if errors.Is(err, io.EOF) {
	return
	}
	continue
	}
	ctx.Logger().V(5).Info(string(input))
	metadata, err := s.parseSyslogMetadata(input, remote.String())
	if err != nil {
	ctx.Logger().V(2).Info("failed to generate metadata", "error", err)
	}
	chunksChan <- &sources.Chunk{
	SourceName: s.syslog.sourceName,
	SourceID: s.syslog.sourceID,
	SourceType: s.syslog.sourceType,
	JobID: s.JobID(),
	SourceMetadata: metadata,
	Data: input,
	Verify: s.verify,
	}
	}
	}

Expected Behavior

Syslog works without error

Actual Behavior

Panic while sending long messages via syslog

Steps to Reproduce

The main issue is if the syslog message field is longer than the buffer (8096 bytes), it will be chunked.

Then there will be attempt to extract metadata from each chunk, which will end with the error for chunks with numbers 1+.

For all the following chunks of the long message the source metadata field will be nil, which will result in a panic.

Environment

• OS: [e.g. iOS]
• Version [e.g. 22]

Additional Context

It seems like we need to read the full message from the connection before parsing its metadata. The current approach with the limited buffer is to fragile.

References

• #0000

[nabokihms]

@trufflesecurity hello, folks. Do you need a fix for the problem? I'm currently living with a patched version.