Abort parsing if server data comes first

Redis seems to only want client data first to request server data. The DPD signature seems to pick up on some cases where server data comes first, but is otherwise "valid" RESP. See if this helps lower FP rates.
evantypanski · Jan 29, 2025 · 0fdcd68 · 0fdcd68
1 parent 57b5a1b
commit 0fdcd68
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 3 deletions.
diff --git a/analyzer/resp.spicy b/analyzer/resp.spicy
@@ -10,15 +10,27 @@ const MAX_SIZE = 1024 * 1024;
 const MAX_RECURSION_DEPTH = 20;
 
 public type ClientMessages = unit {
+    %context = bool;
+    on %init {
+        *self.context() = True;
+    }
     : ClientData[];
 };
 
 public type ServerMessages = unit {
+    %context = bool;
+    on %init {
+        if (!*self.context()) {
+            throw "Server responses must come after a client request is parsed";
+        }
+    }
     : (ServerData &synchronize)[];
 };
 
 public type ClientData = unit {
-    on %init() { self.start = self.input(); }
+    on %init() {
+        self.start = self.input();
+    }
 
     # Clients can only be an array or inline
     ty: uint8 &convert=DataType($$) {
@@ -49,7 +61,7 @@ type BulkStringArray = unit {
 
 type BulkStringWithTy = unit {
     # Need to consume the type here
-    : uint8 &requires=$$=='$';
+    : uint8 &requires=$$ == '$';
 
     length: RedisBytes &convert=$$.to_int(10) &requires=self.length <= int64(MAX_SIZE);
     # NullBulkString is a BulkString with content unset
@@ -59,7 +71,6 @@ type BulkStringWithTy = unit {
     : skip RedisBytes;
 };
 
-
 public type ServerData = unit {
     %synchronize-after = b"\x0d\x0a";
     var depth: uint8& = new uint8;

diff --git a/testing/Baseline/tests.start-with-server/output b/testing/Baseline/tests.start-with-server/output
@@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
diff --git a/testing/Traces/start-with-server.pcap b/testing/Traces/start-with-server.pcap
diff --git a/testing/tests/start-with-server.zeek b/testing/tests/start-with-server.zeek
@@ -0,0 +1,14 @@
+# @TEST-DOC: Test that Redis does not parse if it starts with the server data
+#
+# @TEST-EXEC: zeek -Cr ${TRACES}/start-with-server.pcap ${PACKAGE} %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+event Redis::command(c: connection, is_orig: bool, command: Redis::Command)
+	{
+	print "BAD", command;
+	}
+
+event Redis::server_data(c: connection, is_orig: bool, dat: Redis::ServerData)
+	{
+	print "BAD", dat;
+	}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.