gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
20de47c873c226ffa1717e5d6ad47ac4ce4c8d1b
tango-maat/test/maat_json.json

4610 lines
106 KiB
JSON
Raw Normal View History

add json/redis rule parser
2022-12-03 22:23:41 +08:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"rule_table": "RULE_DEFAULT",
"object2object_table": "OBJECT2OBJECT",
"objects": [
{
"object_name": "ASN1234",
"object_id": "1",
"items": [
{
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "^AS1234$",
"expr_type": "and"
}
}
]
},
{
"object_name": "ASN2345",
"object_id": "2",
"items": [
{
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "^AS2345$",
"expr_type": "and"
}
}
]
},
{
"object_name": "ASN6789",
"object_id": "3",
"items": [
{
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "^AS6789$",
"expr_type": "and"
}
}
]
},
{
"object_name": "ASN9001",
"object_id": "4",
"items": [
{
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "^AS9001$",
"expr_type": "and"
}
}
]
},
{
"object_name": "ASN9002",
"object_id": "5",
"items": [
{
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "^AS9002$",
"expr_type": "and"
}
}
]
},
{
"object_name": "ASN9003",
"object_id": "6",
"items": [
{
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "^AS9003$",
"expr_type": "and"
}
}
]
},
{
"object_name": "IPv4-composition-source-only",
"object_id": "7",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "192.168.50.24"
}
}
]
},
{
"object_name": "FQDN_OBJ1",
"object_id": "8",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "^sports.example.com$",
"expr_type": "and"
}
}
]
},
{
"object_name": "FQDN_CAT1",
"object_id": "9",
"items": [
{
"table_name": "INTERGER_PLUS",
"table_type": "interval_plus",
"table_content": {
"district": "fqdn_cat_id",
"interval": "1724"
}
}
]
},
{
"object_name": "IPv4-composition-NOT-client-ip",
"object_id": "10",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "192.168.58.19"
}
}
]
},
{
"object_name": "IPv4-composition-NOT-server-ip",
"object_id": "11",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "10.0.1.20-10.0.1.25"
}
}
]
},
{
"object_name": "financial-department-ip",
"object_id": "12",
"items": [
{
"table_name": "IP_CONFIG",
"table_type": "ip",
"table_content": {
"ip": "192.168.40.88/32"
}
}
]
},
{
"object_name": "security-department-ip",
"object_id": "13",
"items": [
{
"table_name": "IP_PLUS_CONFIG",
"table_type": "ip",
"table_content": {
"ip": "192.168.40.88/32"
}
}
]
},
{
"object_name": "develop-department-ip",
"object_id": "14",
"items": [
{
"table_name": "IP_PLUS_CONFIG",
"table_type": "ip",
"table_content": {
"ip": "192.168.40.88/32"
}
}
]
},
{
"object_name": "Country-Sparta-IP",
"object_id": "15",
"items": [
{
"table_name": "GeoLocation",
"table_type": "expr",
"table_content": {
"keywords": "^Greece.Sparta$",
"expr_type": "and"
}
}
]
},
{
"object_name": "123_IP_object",
"object_id": "100",
"items": [
{
"table_name": "IP_CONFIG",
"table_type": "ip",
"table_content": {
"ip": "10.0.6.201/32"
}
},
{
"table_name": "IP_CONFIG",
"table_type": "ip",
"table_content": {
"ip": "2001:da8:205:1::101/112"
}
}
]
},
{
"object_name": "126_interval_object",
"object_id": "106",
"items": [
{
"table_name": "CONTENT_SIZE",
"table_type": "interval",
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"interval": "2014-2016"
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
}
}
]
},
run first test case success
2024-09-14 11:29:12 +00:00
{
"object_name": "TakeMeHome",
"object_id": "111",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "Take me Home&Batman\\",
"expr_type": "and"
}
}
]
},
{
"object_name": "152_mail_addr",
"object_id": "141",
"items": [
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
{
"table_type": "expr",
run first test case success
2024-09-14 11:29:12 +00:00
"table_name": "MAIL_ADDR",
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"keywords": "^ceshi3@mailhost.cn",
modify expr table and fix corresponding test case
2024-08-19 11:04:17 +00:00
"expr_type": "and"
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
}
run first test case success
2024-09-14 11:29:12 +00:00
},
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
{
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
"table_type": "expr",
run first test case success
2024-09-14 11:29:12 +00:00
"table_name": "MAIL_ADDR",
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"keywords": "^ceshi6@mailhost.cn",
modify expr table and fix corresponding test case
2024-08-19 11:04:17 +00:00
"expr_type": "and"
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
}
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "153_expr_object",
"object_id": "143",
"items": [
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
{
"table_type": "expr",
run first test case success
2024-09-14 11:29:12 +00:00
"table_name": "MAIL_ADDR",
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"keywords": "^ceshi4@mailhost.cn",
modify expr table and fix corresponding test case
2024-08-19 11:04:17 +00:00
"expr_type": "and"
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
}
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "vt_grp_http_sig1",
"object_id": "152",
"items": [
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"district": "User-Agent",
"keywords": "Chrome/78.0.3904.108",
modify expr table and fix corresponding test case
2024-08-19 11:04:17 +00:00
"expr_type": "and"
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
}
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "vt_grp_http_sig2",
"object_id": "153",
"items": [
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "Cookie",
"keywords": "uid=12345678",
"expr_type": "and"
}
},
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"district": "Cookie",
"keywords": "sessionid=888888",
modify expr table and fix corresponding test case
2024-08-19 11:04:17 +00:00
"expr_type": "and"
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
}
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "167_url_object",
"object_id": "158",
"items": [
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_name": "HTTP_URL",
"table_type": "expr",
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"keywords": "2019/12/27",
"expr_type": "and"
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
}
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "ExcludeLogicObject199_1",
"object_id": 189,
"is_exclude": 0,
"items": [
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_name": "HTTP_URL",
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
"table_type": "expr",
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"keywords": "must-contained-string-of-rule-199",
modify expr table and fix corresponding test case
2024-08-19 11:04:17 +00:00
"expr_type": "and"
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
}
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "ExcludeLogicObject199_2",
"object_id": 190,
"is_exclude": 1,
"items": [
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_name": "HTTP_URL",
"table_type": "expr",
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"keywords": "must-not-contained-string-of-rule-199",
"expr_type": "and"
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
}
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "ExcludeLogicObject200_1",
"object_id": 192,
"is_exclude": 0,
"items": [
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_name": "HTTP_URL",
"table_type": "expr",
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"keywords": "must-contained-string-of-rule-200",
"expr_type": "and"
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
}
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "ExcludeLogicObject200_2",
"object_id": 193,
"is_exclude": 1,
"items": [
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_name": "HTTP_URL",
"table_type": "expr",
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"keywords": "must-not-contained-string-of-rule-200",
"expr_type": "and"
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
}
}
]
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "ExcludeLogicObject202_1",
"object_id": 195,
"is_exclude": 0,
"items": [
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"ip": "100.64.1.0-100.64.1.20"
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
}
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "ExcludeLogicObject202_2",
"object_id": 196,
"is_exclude": 1,
"items": [
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_type": "ip",
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
"table_name": "IP_PLUS_CONFIG",
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"ip": "100.64.1.6-100.64.1.10"
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
}
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "ExcludeLogicObject202_3",
"object_id": 197,
"is_exclude": 1,
"items": [
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_type": "ip",
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
"table_name": "IP_PLUS_CONFIG",
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"ip": "100.64.1.11-100.64.1.20"
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
}
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "ExcludeLogicObject203_3_1",
"object_id": 201,
"is_exclude": 0,
"items": [
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
{
"table_type": "expr",
run first test case success
2024-09-14 11:29:12 +00:00
"table_name": "KEYWORDS_TABLE",
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
"table_content": {
run first test case success
2024-09-14 11:29:12 +00:00
"keywords": "jianshu.com$",
modify expr table and fix corresponding test case
2024-08-19 11:04:17 +00:00
"expr_type": "and"
[FEATURE] one clause support multi literal{vtable_id, group_id_array}
2023-11-28 02:16:07 +00:00
}
}
]
add json/redis rule parser
2022-12-03 22:23:41 +08:00
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "ExcludeLogicObject203_3_2",
"object_id": 202,
"is_exclude": 1,
"items": [
add json/redis rule parser
2022-12-03 22:23:41 +08:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "^www.jianshu.com$",
"expr_type": "and"
}
add json/redis rule parser
2022-12-03 22:23:41 +08:00
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "ExcludeLogicObject204_3_1_1",
"object_id": 207,
"is_exclude": 0,
"items": [
add json/redis rule parser
2022-12-03 22:23:41 +08:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "baidu.com$",
"expr_type": "and"
}
add json/redis rule parser
2022-12-03 22:23:41 +08:00
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "ExcludeLogicObject204_3_1_2",
"object_id": 208,
"is_exclude": 1,
"items": [
add json/redis rule parser
2022-12-03 22:23:41 +08:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "^www.baidu.com$",
"expr_type": "and"
}
add json/redis rule parser
2022-12-03 22:23:41 +08:00
}
]
},
{
run first test case success
2024-09-14 11:29:12 +00:00
"object_name": "ExcludeLogicObject204_3_2",
"object_id": 209,
"is_exclude": 1,
"items": [
add json/redis rule parser
2022-12-03 22:23:41 +08:00
{
run first test case success
2024-09-14 11:29:12 +00:00
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "^mail.baidu.com$",
"expr_type": "and"
}
add json/redis rule parser
2022-12-03 22:23:41 +08:00
}
]
},
run first test case success
2024-09-14 11:29:12 +00:00
{
"object_name": "ExcludeLogicObject217_1_1",
"object_id": 223,
"is_exclude": 0,
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "string-of-rule-217.com$",
"expr_type": "and"
}
}
]
},
{
"object_name": "ExcludeLogicObject217_1_2",
"object_id": 224,
"is_exclude": 1,
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "www.string-of-rule-217.com",
"expr_type": "and"
}
}
]
}
],
"object_groups": [
{
"object_id": "500",
"include_object_ids": [
"106"
]
},
{
"object_id": "501",
"include_object_ids": [
"141"
]
},
{
"object_id": "502",
"include_object_ids": [
"100"
]
},
{
"object_id": "503",
"include_object_ids": [
"189"
],
"exclude_object_ids": [
"190"
]
},
{
"object_id": "504",
"include_object_ids": [
"192"
],
"exclude_object_ids": [
"193"
]
},
{
"object_id": "505",
"include_object_ids": [
"195"
],
"exclude_object_ids": [
"196",
"197"
]
},
{
"object_id": "506",
"include_object_ids": [
"201"
],
"exclude_object_ids": [
"202"
]
},
{
"object_id": "507",
"object_name": "ExcludeLogicObject204_3_1",
"include_object_ids": [
"207"
],
"exclude_object_ids": [
"208"
]
},
{
"object_id": "508",
"object_name": "ExcludeLogicObject204_3",
"include_object_ids": [
"507"
],
"exclude_object_ids": [
"209"
]
},
{
"object_id": "509",
"include_object_ids": [
"223"
],
"exclude_object_ids": [
"224"
]
}
],
"rules": [
{
"rule_id": "123",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "escaped\\bdata:have\\ba\\bspace\\band\\ba\\b\\&\\bsymbol.",
"is_valid": "yes",
"conditions": [
{
"attribute": "IP_CONFIG",
"object_ids": [
"100"
]
},
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "123_url_object",
"object_id": "101",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "abckkk&123",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "124",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"conditions": [
{
"attribute": "IP_CONFIG",
"object_ids": [
"100"
]
},
{
"attribute": "CONTENT_SIZE",
"objects": [
{
"object_name": "124_interval_object",
"object_id": "102",
"items": [
{
"table_name": "CONTENT_SIZE",
"table_type": "interval",
"table_content": {
"interval": "100-500"
}
}
]
}
]
}
]
},
{
"rule_id": "125",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "125_url_object",
"object_id": "103",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "action=search\\&query=(.*)",
"expr_type": "regex"
}
}
]
}
]
}
]
},
{
"rule_id": "126",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "126_url_object",
"object_id": "105",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "should_not_hit_any_rule",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "CONTENT_SIZE",
"object_ids": [
"106"
]
}
]
},
{
"rule_id": "128",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "StringScan.ExprPlus",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_SIGNATURE",
"objects": [
{
"object_name": "128_expr_plus_object",
"object_id": "107",
"items": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "HtTP UrL",
"keywords": "abckkk&123",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "129",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "utf8_中文",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "129_url_object",
"object_id": "108",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "C#中国",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "130",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "utf8_维语",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "130_keywords_object",
"object_id": "109",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "2010&يىلىدىكى",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "131",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "utf8_维语2",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "131_keywords_object",
"object_id": "110",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "سىياسىي",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "132",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "string\\bunescape",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"object_ids":[
"111"
]
}
]
},
{
"rule_id": "133",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "13018_table_conjunction_test_part1\bnow_its_very_very_long0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijkl
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_HOST",
"objects": [
{
"object_name": "133_host_object",
"object_id": "112",
"items": [
{
"table_name": "HTTP_HOST",
"table_type": "expr",
"table_content": {
"keywords": "www.3300av.com",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "134",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "table_conjunction_test_part2",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "134_url_object",
"object_id": "113",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "novel&27122.txt",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "136",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "offset_string",
"is_valid": "yes",
"conditions": [
{
"attribute": "IMAGE_FP",
"objects": [
{
"object_name": "136_expr_object",
"object_id": "114",
"items": [
{
"table_name": "IMAGE_FP",
"table_type": "expr",
"table_content": {
"keywords": "(offset=4362,depth=4458)|323031333A30333A30372032333A35363A313000323031333A30333A30372032333A35363A3130000000FFE20C584943435F50524F46494C4500010100000C484C696E6F021000006D6E74725247422058595A2007CE00020009000600310000|",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "137",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "offset_string",
"is_valid": "yes",
"conditions": [
{
"attribute": "IMAGE_FP",
"objects": [
{
"object_name": "137_expr_object",
"object_id": "115",
"items": [
{
"table_name": "IMAGE_FP",
"table_type": "expr",
"table_content": {
"keywords": "(offset=19339,depth=19467)|6CB2CB2F2028474C994991CCFC65CCA5E3B6FF001673985D157358610CACC674EE64CC27B5721CCDABD9CCA7C8E9F7BB1F54A930A6034D50F92711F5B2DACCB0715D2E6873CE5CE431DC701A194C260E9DB78CC89F2C84745869AB88349A3AE0412AB59D9ABA84EDEFFF0057FA4DA66D333698B5AD6F844DA2226D1CADAD5E44|",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "138",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"tags": "{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}",
"user_region": "Not\\baccepted\\btags",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "138_url_object",
"object_id": "116",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "should&hit&aaa",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "139",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"effective_range": 0,
"tags": "{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}",
"user_region": "Accepted\\btags",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "139_url_object",
"object_id": "117",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "should&hit&bbb",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "140",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "file_streams",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "140_keywords_object",
"object_id": "118",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "2018-10-05",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "141",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "Something:I\\bhave\\ba\\bname,7799",
"rule_table_name": "RULE_ALIAS",
"is_valid": "yes",
"conditions": [
{
"g2c_table_name": "OBJECT2RULE_ALIAS",
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "141_url_object",
"object_id": "119",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "i.ytimg.com",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "142",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "StringScan.UTF8EncodedURL",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "142_url_object",
"object_id": "120",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": ",IgpwcjA0LnN2bzAzKgkxMjcuMC4wLjE",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "143",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.OneRegion",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL_FILTER",
"negate_option": 0,
"objects": [
{
"object_name": "143_url_object1",
"object_id": "121",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-143",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_URL_FILTER",
"negate_option": 1,
"objects": [
{
"object_name": "143_url_object2",
"object_id": "122",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-143",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "144",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.ScanNotAtLast",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL_FILTER",
"negate_option": 0,
"objects": [
{
"object_name": "144_url_object",
"object_id": "123",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-144",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS",
"negate_option": 1,
"objects": [
{
"object_name": "144_keywords_object",
"object_id": "124",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-144",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "145",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.ScanNotIP",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"negate_option": 0,
"objects": [
{
"object_name": "145_url_object",
"object_id": "125",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-145",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "ATTRIBUTE_IP_CONFIG",
"negate_option": 1,
"object_ids": [
"100"
]
}
]
},
{
"rule_id": "146",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.NotExprConditionAndNotIPCondition",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL_FILTER",
"negate_option": 0,
"condition_index": 0,
"objects": [
{
"object_name": "146_url_object",
"object_id": "126",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-146",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS",
"negate_option": 1,
"condition_index": 1,
"objects": [
{
"object_name": "146_keywords_object",
"object_id": "127",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-not-string-of-rule-146",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "ATTRIBUTE_IP_CONFIG",
"negate_option": 1,
"condition_index": 2,
"object_ids": [
"100"
]
}
]
},
{
"rule_id": "147",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.8NotCondition",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_RESPONSE_KEYWORDS_1",
"negate_option": 1,
"condition_index": 0,
"objects": [
{
"object_name": "147_keywords_object1",
"object_id": "128",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition0-in-rule-147",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS_2",
"negate_option": 1,
"condition_index": 1,
"objects": [
{
"object_name": "147_keywords_object2",
"object_id": "129",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition1-in-rule-147",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS_3",
"negate_option": 1,
"condition_index": 2,
"objects": [
{
"object_name": "147_keywords_object3",
"object_id": "130",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition2-in-rule-147",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS_4",
"negate_option": 1,
"condition_index": 3,
"objects": [
{
"object_name": "147_keywords_object4",
"object_id": "131",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition3-in-rule-147",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS_5",
"negate_option": 1,
"condition_index": 4,
"objects": [
{
"object_name": "147_keywords_object5",
"object_id": "132",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition4-in-rule-147",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS_6",
"negate_option": 1,
"condition_index": 5,
"objects": [
{
"object_name": "147_keywords_object6",
"object_id": "133",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition5-in-rule-147",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS_7",
"negate_option": 1,
"condition_index": 6,
"objects": [
{
"object_name": "147_keywords_object7",
"object_id": "134",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition6-in-rule-147",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS_8",
"negate_option": 1,
"condition_index": 7,
"objects": [
{
"object_name": "147_keywords_object8",
"object_id": "135",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition7-in-rule-147",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "148",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "StringScan.Regex",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "148_url_object",
"object_id": "136",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "Cookie:\\s.*head",
"expr_type": "regex"
}
}
]
}
]
}
]
},
{
"rule_id": "149",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "StringScan.ExprPlusWithOffset",
"is_valid": "yes",
"conditions": [
{
"attribute": "APP_PAYLOAD",
"objects": [
{
"object_name": "149_app_object",
"object_id": "137",
"items": [
{
"table_name": "APP_PAYLOAD",
"table_type": "expr_plus",
"table_content": {
"district": "Payload",
"keywords": "(offset=1,depth=1)|03|&(offset=9,depth=10)|2d|&(offset=14,depth=16)|2d34|&(offset=19,depth=21)|2d|&(offset=24,depth=25)|2d|",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "150",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "StringScan.BugReport20190325",
"is_valid": "yes",
"conditions": [
{
"attribute": "TROJAN_PAYLOAD",
"objects": [
{
"object_name": "billgates_regist1",
"object_id": "138",
"items": [
{
"table_type": "expr",
"table_name": "TROJAN_PAYLOAD",
"table_content": {
"keywords": "(offset=0,depth=4)|01000000|",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "TROJAN_PAYLOAD",
"objects": [
{
"object_name": "billgates_regist2",
"object_id": "139",
"items": [
{
"table_type": "expr",
"table_name": "TROJAN_PAYLOAD",
"table_content": {
"keywords": "1:G2.40",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "151",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "StringScan.PrefixAndSuffix",
"is_valid": "yes",
"conditions": [
{
"attribute": "MAIL_ADDR",
"objects": [
{
"object_name": "151_expr_object",
"object_id": "140",
"items": [
{
"table_type": "expr",
"table_name": "MAIL_ADDR",
"table_content": {
"keywords": "ceshi3@mailhost.cn$",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "152",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "StringScan.PrefixAndSuffix",
"is_valid": "yes",
"conditions": [
{
"attribute": "MAIL_ADDR",
"object_ids": [
"141"
]
},
{
"attribute": "CONTENT_SIZE",
"object_ids": [
"500"
]
}
]
},
{
"rule_id": "153",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "Policy.SubObject",
"is_valid": "yes",
"conditions": [
{
"attribute": "MAIL_ADDR",
"negate_option": 0,
"object_ids": [
"143",
"501"
]
},
{
"attribute": "IP_CONFIG",
"object_ids": [
"502"
]
}
]
},
{
"rule_id": "154",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "ipv4_plus",
"is_valid": "yes",
"conditions": [
{
"attribute": "IP_PLUS_CONFIG",
"negate_option": 0,
"objects": [
{
"object_name": "154_IP_object",
"object_id": "145",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "10.0.7.100-10.0.7.101"
}
}
]
}
]
}
]
},
{
"rule_id": "155",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "ipv6_plus",
"is_valid": "yes",
"conditions": [
{
"attribute": "IP_PLUS_CONFIG",
"negate_option": 0,
"objects": [
{
"object_name": "155_IP_object",
"object_id": "146",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "1001:da8:205:1::101-1001:da8:205:1::102"
}
}
]
}
]
}
]
},
{
"rule_id": "156",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "ExprPlusWithHex",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_SIGNATURE",
"objects": [
{
"object_name": "156_expr_object",
"object_id": "147",
"items": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "Content-Type",
"keywords": "|2f68746d6c|",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "157",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "StringScan.StreamScanUTF8",
"is_valid": "yes",
"conditions": [
{
"attribute": "TROJAN_PAYLOAD",
"objects": [
{
"object_name": "157_expr_object",
"object_id": "148",
"items": [
{
"table_type": "expr",
"table_name": "TROJAN_PAYLOAD",
"table_content": {
"keywords": "我的订单",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "158",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "IPScan.IPv4_CIDR",
"is_valid": "yes",
"conditions": [
{
"attribute": "IP_PLUS_CONFIG",
"objects": [
{
"object_name": "158_IP_object",
"object_id": "149",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "192.168.0.1/32"
}
}
]
}
]
}
]
},
{
"rule_id": "159",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "IPScan.IPv6_CIDR",
"is_valid": "yes",
"conditions": [
{
"attribute": "IP_PLUS_CONFIG",
"objects": [
{
"object_name": "159_IP_object",
"object_id": "150",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "2001:db8::/120"
}
}
]
}
]
}
]
},
{
"rule_id": "160",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "AttributeWithOnePhysical",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_RESPONSE_KEYWORDS",
"negate_option": 0,
"object_ids":[
"111"
]
},
{
"attribute": "HTTP_URL",
"negate_option": 0,
"objects": [
{
"object_name": "160_url_object",
"object_id": "151",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "https://blog.csdn.net/littlefang/article/details/8213058",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "161",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "attribute_test_temp",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_SIGNATURE",
"negate_option": 0,
"object_ids": [
"152"
]
},
{
"attribute": "HTTP_SIGNATURE",
"negate_option": 0,
"object_ids": [
"153"
]
}
]
},
{
"rule_id": "162",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "AttributeWithAttribute",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_REQUEST_HEADER",
"negate_option": 0,
"object_ids": [
"152"
]
},
{
"attribute": "HTTP_RESPONSE_HEADER",
"negate_option": 0,
"object_ids": [
"153"
]
}
]
},
{
"rule_id": "163",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "OneObjectInTwoAttribute",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_REQUEST_HEADER",
"negate_option": 0,
"object_ids": [
"153"
]
},
{
"attribute": "HTTP_RESPONSE_HEADER",
"negate_option": 0,
"object_ids": [
"153"
]
}
]
},
{
"rule_id": "164",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "CharsetWindows1251",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "164_keywords_object",
"object_id": "154",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": ">ЗАО «Севергазвтоматика АйС»<",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "165",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "EvaluationOrder",
"is_valid": "yes",
"evaluation_order": "2.111",
"conditions": [
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "165_url_object",
"object_id": "155",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "cavemancircus.com/",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "IP_PLUS_CONFIG",
"negate_option": 0,
"objects": [
{
"object_name": "165_IP_object",
"object_id": "156",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "192.168.23.1/24"
}
}
]
}
]
}
]
},
{
"rule_id": "166",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "EvaluationOrder",
"is_valid": "yes",
"evaluation_order": "100.233",
"conditions": [
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "166_url_object",
"object_id": "157",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "2019/12/27/pretty-girls-6",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "167",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "EvaluationOrder",
"is_valid": "yes",
"evaluation_order": "300.999",
"conditions": [
{
"attribute": "HTTP_URL",
"condition_index": 1,
"object_ids": [
"158"
]
},
{
"attribute": "HTTP_URL",
"object_ids": [
"158"
],
"condition_index": 3
}
]
},
{
"rule_id": "168",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "EvaluationOrder",
"is_valid": "yes",
"evaluation_order": "0",
"conditions": [
{
"attribute": "HTTP_URL",
"object_ids": [
"158"
],
"condition_index": 2
},
{
"attribute": "HTTP_URL",
"object_ids": [
"158"
],
"condition_index": 6
}
]
},
{
"rule_id": "169",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "IPScan.IPv4_Any",
"is_valid": "yes",
"conditions": [
{
"attribute": "IP_PLUS_CONFIG",
"condition_index": 0,
"negate_option": 0,
"objects": [
{
"object_name": "169_IP_object",
"object_id": "160",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "100.64.3.1/32"
}
}
]
}
]
}
]
},
{
"rule_id": "170",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "IPScan.IPv4_attribute.source",
"is_valid": "no",
"conditions": [
{
"attribute": "IP_PLUS_CONFIG",
"negate_option": 0,
"objects": [
{
"object_name": "ipv4_attribute.source",
"object_id": "161",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "192.168.40.10/32"
}
}
]
}
]
}
]
},
{
"rule_id": "171",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "IPScan.IPv4_attribute.destination",
"is_valid": "no",
"conditions": [
{
"attribute": "IP_PLUS_CONFIG",
"negate_option": 0,
"objects": [
{
"object_name": "ipv4_attribute.destination",
"object_id": "162",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "192.168.231.46/32"
}
}
]
}
]
}
]
},
{
"rule_id": "177",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.MulticonditionsInOneNotCondition",
"is_valid": "yes",
"conditions": [
{
"attribute": "ASN_NOT_LOGIC",
rename terminology "not flag" to "negate option"
2024-08-22 08:28:33 +00:00
"negate_option": 1,
run first test case success
2024-09-14 11:29:12 +00:00
"object_ids": [
"1",
"3",
"4"
],
"condition_index": 0
},
{
"attribute": "DESTINATION_IP_ASN",
rename terminology "not flag" to "negate option"
2024-08-22 08:28:33 +00:00
"negate_option": 0,
run first test case success
2024-09-14 11:29:12 +00:00
"object_ids": [
"2"
],
"condition_index": 1
}
]
},
{
"rule_id": "178",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "Hierarchy.MultiObjectInOneCondition",
"is_valid": "yes",
"conditions": [
{
"attribute": "SOURCE_IP_ASN",
"object_ids": [
"1",
"3",
"4"
],
"negate_option": 0,
"condition_index": 0
},
{
"attribute": "DESTINATION_IP_ASN",
rename terminology "not flag" to "negate option"
2024-08-22 08:28:33 +00:00
"negate_option": 0,
run first test case success
2024-09-14 11:29:12 +00:00
"object_ids": [
"2"
],
"condition_index": 1
}
]
},
{
"rule_id": "179",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"conditions": [
{
"attribute": "INTERGER_PLUS",
"objects": [
{
"object_name": "179_interval_object",
"object_id": "166",
"items": [
{
"table_name": "INTERGER_PLUS",
"table_type": "interval_plus",
"table_content": {
"district": "interval.plus",
"interval": "2020"
}
}
]
}
]
}
]
},
{
"rule_id": "180",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "Hierarchy.MultiObjectInOneCondition",
"is_valid": "yes",
"conditions": [
{
"attribute": "SOURCE_IP_ASN",
rename terminology "not flag" to "negate option"
2024-08-22 08:28:33 +00:00
"negate_option": 0,
run first test case success
2024-09-14 11:29:12 +00:00
"object_ids": [
"1",
"3",
"4"
],
"condition_index": 0
},
{
"attribute": "SOURCE_IP_GEO",
"negate_option": 0,
"object_ids": [
"15"
],
"condition_index": 0
},
{
"attribute": "IP_CONFIG",
"negate_option": 0,
"object_ids": [
"12"
],
"condition_index": 1
}
]
},
{
"rule_id": "181",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.MultiLiteralsInOneNotCondition",
"is_valid": "yes",
"conditions": [
{
"attribute": "SOURCE_IP_ASN",
rename terminology "not flag" to "negate option"
2024-08-22 08:28:33 +00:00
"negate_option": 1,
run first test case success
2024-09-14 11:29:12 +00:00
"object_ids": [
"1",
"3",
"4"
],
"condition_index": 0
},
{
"attribute": "IP_PLUS_CONFIG",
rename terminology "not flag" to "negate option"
2024-08-22 08:28:33 +00:00
"negate_option": 1,
run first test case success
2024-09-14 11:29:12 +00:00
"object_ids": [
"14"
],
"condition_index": 0
},
{
"attribute": "SOURCE_IP_GEO",
"negate_option": 0,
"object_ids": [
"15"
],
"condition_index": 1
}
]
},
{
"rule_id": "182",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "8-expr",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "182_keywords_object",
"object_id": "167",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "string1&string2&string3&string4&string5&string6&string7&string8",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "184",
"user_region": "APP_ID=6006740;Liumengyan-Bugreport-20210515",
"description": "Hulu",
"is_valid": "yes",
"do_blacklist": 0,
"do_log": 0,
"action": 0,
"service": 0,
"conditions": [
{
"attribute": "IP_CONFIG",
"objects": [
{
"object_name": "184_IP_object",
"object_id": "169",
"items": [
{
"table_name": "IP_CONFIG",
"table_type": "ip",
"table_content": {
"ip": "::/128"
}
}
]
}
]
}
]
},
{
"rule_id": "185",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.SameAttributeInMultiCondition",
"is_valid": "yes",
"conditions": [
{
"attribute": "DESTINATION_IP_ASN",
rename terminology "not flag" to "negate option"
2024-08-22 08:28:33 +00:00
"negate_option": 1,
run first test case success
2024-09-14 11:29:12 +00:00
"object_ids": [
"1",
"3",
"4"
],
"condition_index": 0
},
{
"attribute": "SOURCE_IP_GEO",
rename terminology "not flag" to "negate option"
2024-08-22 08:28:33 +00:00
"negate_option": 1,
run first test case success
2024-09-14 11:29:12 +00:00
"object_ids": [
"15"
],
"condition_index": 0
},
{
"attribute": "DESTINATION_IP_ASN",
rename terminology "not flag" to "negate option"
2024-08-22 08:28:33 +00:00
"negate_option": 1,
run first test case success
2024-09-14 11:29:12 +00:00
"object_ids": [
"5"
add json/redis rule parser
2022-12-03 22:23:41 +08:00
],
run first test case success
2024-09-14 11:29:12 +00:00
"condition_index": 1
},
{
"attribute": "DESTINATION_IP_ASN",
rename terminology "not flag" to "negate option"
2024-08-22 08:28:33 +00:00
"negate_option": 0,
run first test case success
2024-09-14 11:29:12 +00:00
"object_ids": [
"6"
],
"condition_index": 2
},
{
"attribute": "IP_PLUS_CONFIG",
rename terminology "not flag" to "negate option"
2024-08-22 08:28:33 +00:00
"negate_option": 0,
run first test case success
2024-09-14 11:29:12 +00:00
"object_ids": [
"13"
],
"condition_index": 3
}
]
},
{
"rule_id": "186",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.ScanHitAtLast",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL_FILTER",
"negate_option": 1,
"objects": [
{
"object_name": "186_expr_object",
"object_id": "170",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-186",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "IP_PLUS_CONFIG",
"negate_option": 0,
"objects": [
{
"object_name": "186_IP_object",
"object_id": "171",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "10.0.8.186"
}
}
]
}
]
}
]
},
{
"rule_id": "187",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.ScanHitAtLast",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL_FILTER",
"negate_option": 1,
"objects": [
{
"object_name": "187_url_object",
"object_id": "172",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-187",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "IP_PLUS_CONFIG",
"negate_option": 0,
"objects": [
{
"object_name": "187_IP_object",
"object_id": "173",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "10.0.8.187"
}
}
]
}
]
}
]
},
{
"rule_id": "188",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.ScanHitAtLast",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL_FILTER",
"negate_option": 1,
"objects": [
{
"object_name": "188_url_object",
"object_id": "174",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-188",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "IP_PLUS_CONFIG",
"negate_option": 0,
"objects": [
{
"object_name": "188_IP_object",
"object_id": "175",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "10.0.8.188"
}
}
]
}
]
}
]
},
{
"rule_id": "189",
"is_valid": "yes",
"do_log": 0,
"action": 0,
"service": 0,
"do_blacklist": 0,
"user_region": "StringScan.ShouldNotHitExprPlus",
"conditions": [
{
"attribute": "APP_PAYLOAD",
"objects": [
{
"object_name": "189_app_object",
"object_id": "176",
"items": [
{
"table_name": "APP_PAYLOAD",
"table_type": "expr_plus",
"table_content": {
"district": "tcp.payload.c2s_first_data",
"keywords": "|ab00|",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "190",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "StringScan.ExprPlus",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_SIGNATURE",
"objects": [
{
"object_name": "190_expr_object",
"object_id": "177",
"items": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "我的DistrIct",
"keywords": "addis&sapphire",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "191",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "StringScan.HexBinCaseSensitive",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "191_keywords_object",
"object_id": "178",
"items": [
{
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "|54455354|",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "192",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "anything",
"is_valid": "yes",
"conditions": [
{
"attribute": "FLAG_CONFIG",
"objects": [
{
"object_name": "192_flag_object",
"object_id": "179",
"items": [
{
"table_type": "flag",
"table_name": "FLAG_CONFIG",
"table_content": {
"flag": 1,
"flag_mask": 3
}
}
]
}
]
}
]
},
{
"rule_id": "193",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "anything",
"is_valid": "yes",
"conditions": [
{
"attribute": "FLAG_CONFIG",
"objects": [
{
"object_name": "193_flag_object",
"object_id": "180",
"items": [
{
"table_type": "flag",
"table_name": "FLAG_CONFIG",
"table_content": {
"flag": 2,
"flag_mask": 3
}
}
]
}
]
},
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "193_url_object",
"object_id": "181",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "hello",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "194",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "anything",
"is_valid": "yes",
"conditions": [
{
"attribute": "FLAG_CONFIG",
"objects": [
{
"object_name": "194_flag_object",
"object_id": "182",
"items": [
{
"table_type": "flag",
"table_name": "FLAG_CONFIG",
"table_content": {
"flag": 21,
"flag_mask": 31
}
}
]
}
]
}
]
},
{
"rule_id": "195",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "anything",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_SIGNATURE",
"objects": [
{
"object_name": "195_signature_object",
"object_id": "183",
"items": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "I love China",
"keywords": "today&yesterday",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "195_url_object",
"object_id": "184",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "Monday",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "196",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "anything",
"is_valid": "yes",
"conditions": [
{
"attribute": "FLAG_PLUS_CONFIG",
"objects": [
{
"object_name": "196_flag_object",
"object_id": "185",
"items": [
{
"table_type": "flag_plus",
"table_name": "FLAG_PLUS_CONFIG",
"table_content": {
"district": "I love China",
"flag": 30,
"flag_mask": 14
}
}
]
}
]
}
]
},
{
"rule_id": "197",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "Something:I\\bhave\\ba\\bname,8866",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "197_url_object",
"object_id": "186",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "hqdefault.jpg",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "198",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "Something:I have a name,7799",
"rule_table_name": "RULE_FIREWALL_DEFAULT",
"is_valid": "yes",
"conditions": [
{
"g2c_table_name": "OBJECT2RULE_FIREWALL",
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "198_url_object",
"object_id": "187",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "firewall",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "199",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "ExcludeLogic.ScanNotAtLast",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"object_name": "ExcludeLogicObject199",
"object_ids": [
"503"
]
}
]
},
{
"rule_id": "200",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "ExcludeLogic.OneRegion",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"object_ids": [
"504"
]
}
]
},
{
"rule_id": "202",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "null",
"is_valid": "yes",
"conditions": [
{
"attribute": "ATTRIBUTE_IP_PLUS_TABLE",
"object_name": "ExcludeLogicObject202",
"object_ids": [
"505"
],
"condition_index": 0
}
]
},
{
"rule_id": "203",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "null",
"is_valid": "yes",
"conditions": [
{
"attribute": "ATTRIBUTE_IP_PLUS_SOURCE",
"condition_index": 0,
"objects": [
{
"object_name": "ExcludeLogicObject203_1",
"object_id": "198",
"items": [
{
"table_name": "IP_PLUS_CONFIG",
"table_type": "ip",
"table_content": {
"ip": "192.168.50.43-192.168.50.43"
}
}
]
}
]
},
{
"attribute": "ATTRIBUTE_IP_PLUS_DESTINATION",
"condition_index": 1,
"objects": [
{
"object_name": "ExcludeLogicObject203_2",
"object_id": "199",
"items": [
{
"table_name": "IP_PLUS_CONFIG",
"table_type": "ip",
"table_content": {
"ip": "47.92.108.93-47.92.108.93"
}
}
]
}
]
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS",
"object_name": "ExcludeLogicObject203_3",
"object_ids": [
"506"
],
"condition_index": 2
}
]
},
{
"rule_id": "204",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "null",
"is_valid": "yes",
"conditions": [
{
"attribute": "ATTRIBUTE_IP_PLUS_SOURCE",
"condition_index": 0,
"objects": [
{
"object_name": "ExcludeLogicObject204_1",
"object_id": "203",
"items": [
{
"table_name": "IP_PLUS_CONFIG",
"table_type": "ip",
"table_content": {
"ip": "100.64.2.0-100.64.2.5"
}
}
]
}
]
},
{
"attribute": "ATTRIBUTE_IP_PLUS_DESTINATION",
"condition_index": 1,
"objects": [
{
"object_name": "ExcludeLogicObject204_2",
"object_id": "204",
"items": [
{
"table_name": "IP_PLUS_CONFIG",
"table_type": "ip",
"table_content": {
"ip": "100.64.2.6-100.64.2.10"
}
}
]
}
]
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS",
"object_ids": [
"508"
],
"condition_index": 2
}
]
},
{
"rule_id": "205",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "StringScan.RegexExpressionIllegal",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "205_keywords_object",
"object_id": "210",
"items": [
{
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "123^456",
"expr_type": "regex"
}
}
]
}
]
}
]
},
{
"rule_id": "206",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "duplicateRuleFor191",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "206_keywords_object",
"object_id": "211",
"items": [
{
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "|54455354|",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "207",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "duplicateRuleFor192",
"is_valid": "yes",
"conditions": [
{
"attribute": "FLAG_CONFIG",
"objects": [
{
"object_name": "207_flag_object",
"object_id": "212",
"items": [
{
"table_type": "flag",
"table_name": "FLAG_CONFIG",
"table_content": {
"flag": 1,
"flag_mask": 3
}
}
]
}
]
}
]
},
{
"rule_id": "208",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "duplicateRuleFor154",
"is_valid": "yes",
"conditions": [
{
"attribute": "IP_PLUS_CONFIG",
"negate_option": 0,
"objects": [
{
"object_name": "208_IP_object",
"object_id": "213",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "10.0.7.100-10.0.7.106"
}
}
]
}
]
}
]
},
{
"rule_id": "209",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "duplicateRuleFor179",
"is_valid": "yes",
"conditions": [
{
"attribute": "INTERGER_PLUS",
"objects": [
{
"object_name": "209_interval_object",
"object_id": "214",
"items": [
{
"table_name": "INTERGER_PLUS",
"table_type": "interval_plus",
"table_content": {
"district": "interval.plus",
"interval": "2020"
}
}
]
}
]
}
]
},
{
"rule_id": "210",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "ipv6_::",
"is_valid": "yes",
"conditions": [
{
"attribute": "IP_PLUS_CONFIG",
"objects": [
{
"object_name": "210_IP_object",
"object_id": "215",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "::/0"
}
}
]
}
]
}
]
},
{
"rule_id": "211",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "ip_perf_test",
"is_valid": "yes",
"conditions": [
{
"attribute": "IP_PERF_CONFIG",
"negate_option": 0,
"objects": [
{
"object_name": "211_IP_object",
"object_id": "216",
"items": [
{
"table_type": "ip",
"table_name": "IP_PERF_CONFIG",
"table_content": {
"ip": "10.0.0.1-10.0.0.6"
}
}
]
}
]
}
]
},
{
"rule_id": "212",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "integer_perf_test",
"is_valid": "yes",
"conditions": [
{
"attribute": "INTEGER_PERF_CONFIG",
"objects": [
{
"object_name": "212_interval_object",
"object_id": "217",
"items": [
{
"table_name": "INTEGER_PERF_CONFIG",
"table_type": "interval",
"table_content": {
"interval": "3000"
}
}
]
}
]
}
]
},
{
"rule_id": "213",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "expr_perf_test",
"is_valid": "yes",
"conditions": [
{
"attribute": "EXPR_LITERAL_PERF_CONFIG",
"objects": [
{
"object_name": "213_expr_object",
"object_id": "218",
"items": [
{
"table_name": "EXPR_LITERAL_PERF_CONFIG",
"table_type": "expr",
"table_content": {
"keywords": "today&yesterday",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "214",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "flag_perf_test",
"is_valid": "yes",
"conditions": [
{
"attribute": "FLAG_PERF_CONFIG",
"objects": [
{
"object_name": "214_flag_object",
"object_id": "219",
"items": [
{
"table_type": "flag",
"table_name": "FLAG_PERF_CONFIG",
"table_content": {
"flag": 15,
"flag_mask": 15
}
}
]
}
]
}
]
},
{
"rule_id": "215",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "expr_perf_test",
"is_valid": "yes",
"conditions": [
{
"attribute": "EXPR_REGEX_PERF_CONFIG",
"objects": [
{
"object_name": "215_expr_object",
"object_id": "220",
"items": [
{
"table_name": "EXPR_REGEX_PERF_CONFIG",
"table_type": "expr",
"table_content": {
"keywords": "action=search\\&query=(.*)",
"expr_type": "regex"
}
}
]
}
]
}
]
},
{
"rule_id": "216",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "NOTCondition&ExcludeObject",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL_FILTER",
rename terminology "not flag" to "negate option"
2024-08-22 08:28:33 +00:00
"negate_option": 0,
run first test case success
2024-09-14 11:29:12 +00:00
"object_ids": [
"504"
],
"condition_index": 0
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS",
"negate_option": 1,
"condition_index": 1,
"objects": [
{
"object_name": "NOTConditionAndExcludeObject216",
"object_id": "221",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-for-rule-211",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "217",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "NOTCondition&ExcludeObject",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL_FILTER",
"negate_option": 1,
"object_ids": [
"509"
],
"condition_index": 0
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS",
"negate_option": 0,
"condition_index": 1,
"objects": [
{
"object_name": "NOTConditionAndExcludeObject217_2",
"object_id": "225",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-for-rule-217",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "218",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"conditions": [
{
"attribute": "CONTENT_SIZE",
"objects": [
{
"object_name": "218_interval_object",
"object_id": "226",
"items": [
{
"table_name": "CONTENT_SIZE",
"table_type": "interval",
"table_content": {
"interval": "3000"
}
}
]
}
]
}
]
},
{
"rule_id": "219",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_DUMMY",
"negate_option": 0,
"condition_index": 0,
"objects": [
{
"object_name": "NOTConditionAndExcludeObject219_1",
"object_id": "227",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-1",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_DUMMY",
"negate_option": 1,
"condition_index": 1,
"objects": [
{
"object_name": "NOTConditionAndExcludeObject219_2",
"object_id": "228",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-2",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_DUMMY",
"negate_option": 1,
"condition_index": 2,
"objects": [
{
"object_name": "NOTConditionAndExcludeObject219_3",
"object_id": "229",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-3",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_DUMMY",
"negate_option": 1,
"condition_index": 3,
"objects": [
{
"object_name": "NOTConditionAndExcludeObject219_4",
"object_id": "230",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-4",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_DUMMY",
"negate_option": 1,
"condition_index": 4,
"objects": [
{
"object_name": "NOTConditionAndExcludeObject219_5",
"object_id": "231",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-5",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_DUMMY",
"negate_option": 1,
"condition_index": 5,
"objects": [
{
"object_name": "NOTConditionAndExcludeObject219_6",
"object_id": "232",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-6",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_DUMMY",
"negate_option": 1,
"condition_index": 6,
"objects": [
{
"object_name": "NOTConditionAndExcludeObject219_7",
"object_id": "233",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-7",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_DUMMY",
"negate_option": 1,
"condition_index": 7,
"objects": [
{
"object_name": "NOTConditionAndExcludeObject219_8",
"object_id": "234",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-8",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "220",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "anything",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_DUMMY",
"negate_option": 0,
"condition_index": 0,
"objects": [
{
"object_name": "NOTConditionAndExcludeObject220_1",
"object_id": "235",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-220-1",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_DUMMY",
"negate_option": 1,
"condition_index": 1,
"objects": [
{
"object_name": "NOTConditionAndExcludeObject220_2",
"object_id": "236",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-220-2",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_DUMMY",
"negate_option": 1,
"condition_index": 2,
"objects": [
{
"object_name": "NOTConditionAndExcludeObject220_3",
"object_id": "237",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-220-3",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "221",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "NOTLogic.ScanWithDistrict",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_REQUEST_HEADER",
"negate_option": 1,
"objects": [
{
"object_name": "NOTLogicObject_221_1",
"object_id": "238",
"items": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "User-Agent",
"keywords": "Mozilla/5.0",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_URL",
"negate_option": 0,
"objects": [
{
"object_name": "NOTLogicObject_221_2",
"object_id": "239",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "scan_with_district_221",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "222",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "NOTLogic.SingleNotCondition",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_NOT_LOGIC_1",
"negate_option": 1,
"condition_index": 0,
"objects": [
{
"object_name": "NOTLogicObject_222",
"object_id": "240",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "not_logic_keywords_222",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "223",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "NOTLogic.MultiNotCondition",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_NOT_LOGIC",
"negate_option": 1,
"condition_index": 0,
"objects": [
{
"object_name": "NOTLogicObject_223_1",
"object_id": "241",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "not_logic_rule_223_1",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_NOT_LOGIC",
"negate_option": 1,
"condition_index": 1,
"objects": [
{
"object_name": "NOTLogicObject_223_2",
"object_id": "242",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "not_logic_rule_223_2",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_NOT_LOGIC",
"negate_option": 1,
"condition_index": 2,
"objects": [
{
"object_name": "NOTLogicObject_223_1",
"object_id": "243",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "not_logic_rule_223_3",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "224",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "NOTLogic.NotPhysicalTable",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"negate_option": 1,
"condition_index": 0,
"objects": [
{
"object_name": "NOTLogicObject_224_1",
"object_id": "244",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "not_logic_rule_224_1",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS",
"negate_option": 0,
"condition_index": 1,
"objects": [
{
"object_name": "NOTLogicObject_224_2",
"object_id": "245",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "not_logic_rule_224_2",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "225",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "Payload escape",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"negate_option": 0,
"condition_index": 0,
"objects": [
{
"object_name": "EscapeObject_225_1",
"object_id": "246",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "GET / HTTP/1.1\\r\\nHost: www.baidu.com\\r\\n\\r\\n",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "226",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "maat_scan_object",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"object_name": "226_url_object",
"object_ids": [
"247"
]
}
]
},
{
"rule_id": "227",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "maat_scan_object",
"rule_table_name": "RULE_FIREWALL_DEFAULT",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"object_name": "227_url_object",
"object_ids": [
"248"
]
}
]
},
{
"rule_id": "228",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NotConditionHitPath",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"negate_option": 0,
"condition_index": 1,
"objects": [
{
"object_name": "228_url_object",
"object_id": "249",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "youtube.com",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute": "ATTRIBUTE_IP_CONFIG",
"negate_option": 1,
"condition_index": 2,
"objects": [
{
"object_name": "228_IP_object",
"object_id": "250",
"items": [
{
"table_name": "IP_CONFIG",
"table_type": "ip",
"table_content": {
"ip": "192.168.101.102/32"
}
}
]
}
]
}
]
},
{
"rule_id": "229",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "StringScan.Regex",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_URL",
"objects": [
{
"object_name": "229_url_object",
"object_id": "251",
"items": [
{
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "É",
"expr_type": "regex"
}
}
]
}
]
}
]
},
{
"rule_id": "230",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "ipv6_::",
"is_valid": "yes",
"conditions": [
{
"attribute": "IP_PLUS_CONFIG",
"objects": [
{
"object_name": "230_IP_object",
"object_id": "256",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "2607:5d00:2:2::32:28/128",
"port": "80-443"
}
}
]
}
]
}
]
},
{
"rule_id": "231",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "should_not_hit",
"is_valid": "yes",
"conditions": [
{
"attribute": "IP_PLUS_CONFIG",
"objects": [
{
"object_name": "231_IP_object",
"object_id": "257",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "2607:5d00:2:2::32:28/128",
"port": "80"
}
}
]
}
]
}
]
},
{
"rule_id": "232",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "should_not_hit",
"is_valid": "yes",
"conditions": [
{
"attribute": "IP_PLUS_CONFIG",
"objects": [
{
"object_name": "232_IP_object",
"object_id": "258",
"items": [
{
"table_type": "ip",
"table_name": "IP_PLUS_CONFIG",
"table_content": {
"ip": "192.168.30.44/32",
"port": "80"
}
}
]
}
]
}
]
},
{
"rule_id": "233",
"service": 1,
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "maat_scan_object",
"is_valid": "yes",
"conditions": [
{
"attribute": "HTTP_RESPONSE_KEYWORDS",
"object_name": "233_url_object",
"object_id": [
"259"
]
}
]
},
{
"rule_id": "234",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "Payload escape",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"negate_option": 0,
"condition_index": 0,
"objects": [
{
"object_name": "EscapeObject_234_1",
"object_id": "260",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "html>\\\\r\\\\n",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "235",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "Payload escape",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"negate_option": 0,
"condition_index": 0,
"objects": [
{
"object_name": "EscapeObject_235_1",
"object_id": "261",
"items": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "\\(\\)abc\\^\\$def\\|",
"expr_type": "and"
}
}
]
}
]
}
]
},
{
"rule_id": "236",
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "StringScan.HexBinCombineString",
"is_valid": "yes",
"conditions": [
{
"attribute": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "236_keywords_object",
"object_id": "262",
"items": [
{
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "cd |6162|",
"expr_type": "and"
}
}
]
}
]
}
]
}
],
"plugin_table": [
{
"table_name": "QD_ENTRY_INFO",
"table_content": [
"1\t192.168.0.1\t101\t1",
"2\t192.168.0.2\t102\t1",
"3\t192.168.1.1\t103\t1"
]
},
{
"table_name": "TEST_PLUGIN_TABLE",
"table_content": [
"1\t3388\t99\t1",
"2\t3355\t66\t1",
"3\tcccc\t11\t1"
]
},
{
"table_name": "TEST_PLUGIN_EXDATA_TABLE",
"table_content": [
"1\tHeBei\tShijiazhuang\t1\t0",
"2\tHeNan\tZhengzhou\t1\t0",
"3\tShanDong\tJinan\t1\t0",
"4\tShanXi\tTaiyuan\t1\t0"
]
},
{
"table_name": "TEST_EFFECTIVE_RANGE_TABLE",
"table_content": [
"1\tSUCCESS\t99\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}\t1111",
"2\tSUCCESS\t66\t1\t0\t222",
"3\tFAILED\t11\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}\t333",
"4\tSUCCESS\t66\t1\t{}\t444",
"5\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京\"]}]]}\t444",
"6\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"weather\",\"value\":[\"hot\"]}]]}\t444"
]
},
{
"table_name": "IR_INTERCEPT_IP",
"table_content": [
"1000000130\t1000000130\t4\t192.168.10.99\t255.255.255.255\t0\t65535\t0.0.0.0\t255.255.255.255\t0\t65535\t0\t1\t1\t96\t1\tuser_region\t{}\t2019/1/24/18:0:34",
"161\t161\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t61.135.169.121\t255.255.255.255\t0\t65535\t0\t0\t1\t96\t832\t0\t0\t2019/1/24/18:48:42"
]
},
{
"table_name": "TEST_IP_PLUGIN_WITH_EXDATA",
"table_content": [
"101\t4\t192.168.30.99-192.168.30.101\tSomething-like-json\t1",
"102\t4\t192.168.30.90-192.168.30.128\tBigger-range-should-in-the-back\t1",
"103\t6\t2001:db8:1234::-2001:db8:1235::\tBigger-range-should-in-the-back\t1",
"104\t6\t2001:db8:1234::1-2001:db8:1234::5210\tSomething-like-json\t1",
"105\t6\t2620:100:3000::-2620:0100:30ff:ffff:ffff:ffff:ffff:ffff\tBugreport-liumengyan-20210517\t1"
]
},
{
"table_name": "TEST_IPPORT_PLUGIN_WITH_EXDATA",
"table_content": [
"101\t4\t192.168.100.1\t0\t255\t1",
"102\t4\t192.168.100.2\t100\t200\t1",
"103\t4\t192.168.100.1\t255\t300\t1",
"104\t6\t2001:db8:1234::5210\t255\t512\t1"
]
},
{
"table_name": "TEST_FQDN_PLUGIN_WITH_EXDATA",
"table_content": [
"201\twww.example1.com\tcatid=1\t1",
"202\t*.example1.com\tcatid=1\t1",
"203\tnews.example1.com\tcatid=2\t1",
"204\tr3---sn-i3belne6.example2.com\tcatid=3\t1",
"205\tr3---sn-i3belne6.example2.com\tcatid=3\t1"
]
},
{
"table_name": "TEST_BOOL_PLUGIN_WITH_EXDATA",
"table_content": [
"301\t1&2&1000\ttunnel1\t1",
"302\t101&102\ttunnel2\t1",
"303\t102\ttunnel3\t1",
"304\t101\ttunnel4\t1",
"305\t0&1&2&3&4&5&6&7\ttunnel5\t1",
"306\t101&101\tinvalid\t1"
]
},
{
"table_name": "TEST_PLUGIN_LONG_KEY_TYPE_TABLE",
"table_content": [
"1\t11111111\tShijiazhuang\t1\t0",
"2\t22222222\tZhengzhou\t1\t0",
"3\t33333333\tJinan\t1\t0",
"4\t44444444\tTaiyuan\t1\t0"
]
},
{
"table_name": "TEST_PLUGIN_INT_KEY_TYPE_TABLE",
"table_content": [
"1\t101\tChina\t1\t0",
"2\t102\tAmerica\t1\t0",
"3\t103\tRussia\t1\t0",
"4\t104\tJapan\t1\t0"
]
},
{
"table_name": "TEST_PLUGIN_IP_KEY_TYPE_TABLE",
"table_content": [
"4\t100.64.1.1\tXiZang\t1\t0",
"4\t100.64.1.2\tXinJiang\t1\t0",
"6\t2001:da8:205:1::101\tGuiZhou\t1\t0",
"6\t1001:da8:205:1::101\tSiChuan\t1\t0",
"7\t100.64.1.3\tQingHai\t1\t0",
"6\t100.64.1.4\tGanSu\t1\t0"
]
}
]
support ip+port+proto scan
2023-03-27 15:52:47 +08:00
}
Reference in New Issue Copy Permalink