2022-11-25 16:32:29 +08:00
|
|
|
#include <gtest/gtest.h>
|
|
|
|
|
|
2023-02-15 11:53:46 +08:00
|
|
|
#include "maat.h"
|
2022-11-25 16:32:29 +08:00
|
|
|
#include "maat_rule.h"
|
2022-11-29 14:12:40 +08:00
|
|
|
#include "maat_utils.h"
|
2022-12-03 22:23:41 +08:00
|
|
|
#include "maat_command.h"
|
2022-12-09 17:12:18 +08:00
|
|
|
#include "IPMatcher.h"
|
2022-12-14 15:28:21 +08:00
|
|
|
#include "json2iris.h"
|
2023-02-15 11:53:46 +08:00
|
|
|
#include "log/log.h"
|
2022-12-14 15:28:21 +08:00
|
|
|
#include "maat_config_monitor.h"
|
2022-11-25 16:32:29 +08:00
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
#define MODULE_FRAMEWORK_GTEST module_name_str("maat.framework_gtest")
|
|
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
#define ARRAY_SIZE 10
|
|
|
|
|
#define HIT_PATH_SIZE 128
|
|
|
|
|
|
2022-11-29 14:12:40 +08:00
|
|
|
const char *table_info_path = "./table_info.conf";
|
2022-12-03 22:23:41 +08:00
|
|
|
const char *json_path="./maat_json.json";
|
2022-12-14 15:28:21 +08:00
|
|
|
const char *json_filename = "maat_json.json";
|
2023-02-03 17:28:14 +08:00
|
|
|
struct maat *g_maat_instance = NULL;
|
2022-11-29 14:12:40 +08:00
|
|
|
|
2023-02-15 11:53:46 +08:00
|
|
|
extern int system_cmd_rmdir(const char *dir);
|
|
|
|
|
|
2023-02-09 22:13:15 +08:00
|
|
|
class MaatFlagScan : public testing::Test
|
|
|
|
|
{
|
|
|
|
|
protected:
|
|
|
|
|
static void SetUpTestCase() {
|
2023-02-16 11:13:23 +08:00
|
|
|
|
2023-02-09 22:13:15 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void TearDownTestCase() {
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
TEST_F(MaatFlagScan, basic) {
|
2023-02-16 11:13:23 +08:00
|
|
|
int flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG");
|
2023-02-09 22:13:15 +08:00
|
|
|
|
|
|
|
|
//compile_id:192 flag: 0000 0001 mask: 0000 0011
|
|
|
|
|
//scan_data: 0000 1001 or 0000 1101 should hit
|
|
|
|
|
uint64_t scan_data = 9;
|
2023-02-16 11:13:23 +08:00
|
|
|
int results[ARRAY_SIZE] = {0};
|
2023-02-09 22:13:15 +08:00
|
|
|
size_t n_hit_result = 0;
|
|
|
|
|
struct maat_state *state = NULL;
|
|
|
|
|
int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results,
|
2023-02-16 11:13:23 +08:00
|
|
|
ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(n_hit_result, 1);
|
|
|
|
|
EXPECT_EQ(results[0], 192);
|
|
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
struct maat_hit_path hit_path[HIT_PATH_SIZE] = {0};
|
2023-02-09 22:13:15 +08:00
|
|
|
int n_read = 0;
|
2023-02-16 11:13:23 +08:00
|
|
|
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, HIT_PATH_SIZE);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_NE(n_read, 0);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
|
|
|
|
|
scan_data = 13;
|
|
|
|
|
memset(results, 0, sizeof(results));
|
|
|
|
|
n_hit_result = 0;
|
|
|
|
|
ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results,
|
2023-02-16 11:13:23 +08:00
|
|
|
ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(n_hit_result, 1);
|
|
|
|
|
EXPECT_EQ(results[0], 192);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
|
|
|
|
|
scan_data = 6;
|
|
|
|
|
memset(results, 0, sizeof(results));
|
|
|
|
|
n_hit_result = 0;
|
|
|
|
|
ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results,
|
2023-02-16 11:13:23 +08:00
|
|
|
ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
|
|
|
|
EXPECT_EQ(n_hit_result, 0);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(MaatFlagScan, withExprRegion) {
|
2023-02-16 11:13:23 +08:00
|
|
|
int flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG");
|
|
|
|
|
int expr_table_id = maat_table_get_id(g_maat_instance, "HTTP_URL_LITERAL");
|
2023-02-09 22:13:15 +08:00
|
|
|
|
|
|
|
|
//compile_id:193 flag: 0000 0010 mask: 0000 0011
|
|
|
|
|
//scan_data: 0000 0010 or 0000 0100 should hit
|
|
|
|
|
uint64_t flag_scan_data = 2;
|
2023-02-16 11:13:23 +08:00
|
|
|
int results[ARRAY_SIZE] = {0};
|
2023-02-09 22:13:15 +08:00
|
|
|
size_t n_hit_result = 0;
|
|
|
|
|
struct maat_state *state = NULL;
|
|
|
|
|
|
|
|
|
|
int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, flag_scan_data, results,
|
2023-02-16 11:13:23 +08:00
|
|
|
ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
|
|
|
|
EXPECT_EQ(n_hit_result, 0);
|
|
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
struct maat_hit_path hit_path[HIT_PATH_SIZE] = {0};
|
2023-02-09 22:13:15 +08:00
|
|
|
int n_read = 0;
|
2023-02-16 11:13:23 +08:00
|
|
|
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, HIT_PATH_SIZE);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_NE(n_read, 0);
|
|
|
|
|
|
|
|
|
|
const char *expr_scan_data = "hello world";
|
2023-02-16 11:28:44 +08:00
|
|
|
ret = maat_scan_string(g_maat_instance, expr_table_id, 0, expr_scan_data,
|
|
|
|
|
strlen(expr_scan_data), results, ARRAY_SIZE,
|
|
|
|
|
&n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(n_hit_result, 1);
|
|
|
|
|
EXPECT_EQ(results[0], 193);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(MaatFlagScan, hitMultiCompile) {
|
2023-02-16 11:13:23 +08:00
|
|
|
int flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG");
|
2023-02-09 22:13:15 +08:00
|
|
|
|
|
|
|
|
//compile_id:192 flag: 0000 0001 mask: 0000 0011
|
|
|
|
|
//compile_id:194 flag: 0001 0101 mask: 0001 1111
|
|
|
|
|
//scan_data: 0001 0101 should hit compile192 and compile194
|
|
|
|
|
uint64_t flag_scan_data = 21;
|
2023-02-16 11:13:23 +08:00
|
|
|
int results[ARRAY_SIZE] = {0};
|
2023-02-09 22:13:15 +08:00
|
|
|
size_t n_hit_result = 0;
|
|
|
|
|
struct maat_state *state = NULL;
|
|
|
|
|
|
|
|
|
|
int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, flag_scan_data, results,
|
2023-02-16 11:13:23 +08:00
|
|
|
ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(n_hit_result, 2);
|
|
|
|
|
EXPECT_EQ(results[0], 194);
|
|
|
|
|
EXPECT_EQ(results[1], 192);
|
|
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
struct maat_hit_path hit_path[HIT_PATH_SIZE] = {0};
|
2023-02-09 22:13:15 +08:00
|
|
|
int n_read = 0;
|
2023-02-16 11:13:23 +08:00
|
|
|
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, HIT_PATH_SIZE);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_NE(n_read, 0);
|
|
|
|
|
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
class MaatStringScan : public testing::Test
|
|
|
|
|
{
|
|
|
|
|
protected:
|
|
|
|
|
static void SetUpTestCase() {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void TearDownTestCase() {
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2023-02-09 22:13:15 +08:00
|
|
|
TEST_F(MaatStringScan, Expr8) {
|
2023-02-16 11:13:23 +08:00
|
|
|
int table_id = maat_table_get_id(g_maat_instance, "KEYWORDS_TABLE");
|
2023-02-09 22:13:15 +08:00
|
|
|
char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8";
|
2023-02-16 11:13:23 +08:00
|
|
|
int results[ARRAY_SIZE] = {0};
|
2023-01-30 21:59:35 +08:00
|
|
|
size_t n_hit_result = 0;
|
2022-12-14 15:28:21 +08:00
|
|
|
struct maat_state *state = NULL;
|
2023-02-09 22:13:15 +08:00
|
|
|
int ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data, strlen(scan_data),
|
2023-02-16 11:13:23 +08:00
|
|
|
results, ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-03 17:28:14 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
2023-01-30 21:59:35 +08:00
|
|
|
EXPECT_EQ(n_hit_result, 1);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(results[0], 182);
|
2023-01-30 21:59:35 +08:00
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
struct maat_hit_path hit_path[HIT_PATH_SIZE] = {0};
|
2023-01-30 21:59:35 +08:00
|
|
|
int n_read = 0;
|
2023-02-16 11:13:23 +08:00
|
|
|
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, HIT_PATH_SIZE);
|
2023-02-03 17:28:14 +08:00
|
|
|
EXPECT_NE(n_read, 0);
|
2023-01-30 21:59:35 +08:00
|
|
|
maat_state_free(&state);
|
2022-12-03 22:23:41 +08:00
|
|
|
}
|
|
|
|
|
|
2023-02-09 22:13:15 +08:00
|
|
|
TEST_F(MaatStringScan, Regex) {
|
|
|
|
|
int ret = 0;
|
2023-02-16 11:13:23 +08:00
|
|
|
int results[ARRAY_SIZE] = {0};
|
2023-02-09 22:13:15 +08:00
|
|
|
size_t n_hit_result = 0;
|
|
|
|
|
struct maat_state *state = NULL;
|
|
|
|
|
const char *cookie = "Cookie: Txa123aheadBCAxd";
|
2023-02-16 11:13:23 +08:00
|
|
|
int table_id = maat_table_get_id(g_maat_instance, "HTTP_URL_REGEX");
|
2023-02-09 22:13:15 +08:00
|
|
|
ASSERT_GT(table_id, 0);
|
|
|
|
|
|
|
|
|
|
ret = maat_scan_string(g_maat_instance, table_id, 0, cookie, strlen(cookie),
|
2023-02-16 11:13:23 +08:00
|
|
|
results, ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(results[0], 146);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
//TODO:
|
|
|
|
|
#if 0
|
|
|
|
|
size_t i = 0;
|
|
|
|
|
n_hit_result = 0;
|
|
|
|
|
memset(results, 0, sizeof(results));
|
|
|
|
|
const char *sni_should_not_hit[] = {"instagram.fbcdn.net", "a.instagram.fbcdn.net"};
|
|
|
|
|
const char *sni_should_hit[] = {"xx.fbcdn.net", "ainstagram.fbcdn.net"};
|
|
|
|
|
for (i = 0; i < sizeof(sni_should_not_hit)/sizeof(const char *); i++) {
|
|
|
|
|
ret = maat_scan_string(g_maat_instance, table_id, 0, sni_should_not_hit[i], strlen(sni_should_not_hit[i]),
|
|
|
|
|
results, 5, &n_hit_result, &state);
|
|
|
|
|
EXPECT_EQ(ret, 0);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (i = 0; i < sizeof(sni_should_hit)/sizeof(const char *); i++) {
|
|
|
|
|
ret = maat_scan_string(g_maat_instance, table_id, 0, sni_should_hit[i], strlen(sni_should_hit[i]),
|
|
|
|
|
results, 5, &n_hit_result, &state);
|
|
|
|
|
EXPECT_GE(ret, 1);
|
|
|
|
|
EXPECT_EQ(results[0], 149);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(MaatStringScan, ExprPlus) {
|
2023-02-16 11:13:23 +08:00
|
|
|
int results[ARRAY_SIZE] = {0};
|
2023-02-09 22:13:15 +08:00
|
|
|
size_t n_hit_result = 0;
|
|
|
|
|
struct maat_state *state = NULL;
|
|
|
|
|
const char *region_name1 ="HTTP URL";
|
|
|
|
|
const char *region_name2 ="我的diStricT";
|
|
|
|
|
const char *scan_data1 = "http://www.cyberessays.com/search_results.php?action=search&query=abckkk,1234567";
|
|
|
|
|
const char *scan_data2 = "Addis Sapphire Hotel";
|
|
|
|
|
|
|
|
|
|
int table_id = maat_table_get_id(g_maat_instance, "HTTP_SIGNATURE");
|
|
|
|
|
ASSERT_GT(table_id, 0);
|
|
|
|
|
|
|
|
|
|
int ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
|
2023-02-16 11:13:23 +08:00
|
|
|
results, ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_ERR);//Should return error for district not setting.
|
|
|
|
|
|
|
|
|
|
ret = maat_state_set_scan_district(g_maat_instance, &state, region_name1, strlen(region_name1));
|
|
|
|
|
ASSERT_EQ(ret, 0);
|
|
|
|
|
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
|
2023-02-16 11:13:23 +08:00
|
|
|
results, ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(results[0], 128);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
|
|
|
|
|
ret = maat_state_set_scan_district(g_maat_instance, &state, region_name2, strlen(region_name2));
|
|
|
|
|
ASSERT_EQ(ret, 0);
|
|
|
|
|
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data2, strlen(scan_data2),
|
2023-02-16 11:13:23 +08:00
|
|
|
results, ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(results[0], 190);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
}
|
2023-02-15 11:53:46 +08:00
|
|
|
|
2023-02-09 22:13:15 +08:00
|
|
|
//TODO:
|
2023-02-15 11:53:46 +08:00
|
|
|
#if 0
|
2023-02-09 22:13:15 +08:00
|
|
|
TEST_F(MaatStringScan, ShouldNotHitExprPlus) {
|
2023-02-16 11:13:23 +08:00
|
|
|
int results[ARRAY] = {0};
|
2023-02-09 22:13:15 +08:00
|
|
|
size_t n_hit_result = 0;
|
|
|
|
|
struct maat_state *state = NULL;
|
|
|
|
|
const char *region_name = "tcp.payload";
|
|
|
|
|
unsigned char udp_payload_not_hit[] = { /* Stun packet */
|
|
|
|
|
0x00, 0x03, 0x00, 0x4a, 0x21, 0x12, 0xa4, 0x42,
|
|
|
|
|
0x4f, 0xc2, 0xc2, 0x70, 0xb3, 0xa8, 0x4e, 0x22,
|
|
|
|
|
0xf5, 0x22, 0x87, 0x4c, 0x40, 0x00, 0x00, 0x46,
|
|
|
|
|
0x03, 0x02, 0xab, 0x39, 0xbb, 0x97, 0xe5, 0x01,
|
|
|
|
|
0x3a, 0x46, 0x1c, 0x28, 0x5b, 0xab, 0xfa, 0x9a,
|
|
|
|
|
0xab, 0x2e, 0x71, 0x39, 0x66, 0xa0, 0xd7, 0xb9,
|
|
|
|
|
0xd8, 0x41, 0xa7, 0xa0, 0x84, 0xa9, 0xf3, 0x1b,
|
|
|
|
|
0x03, 0x7f, 0xa8, 0x28, 0xa2, 0xd3, 0x64, 0xc2,
|
|
|
|
|
0x3d, 0x20, 0xe0, 0xb1, 0x41, 0x12, 0x6c, 0x2f,
|
|
|
|
|
0xc5, 0xbb, 0xc3, 0xba, 0x69, 0x73, 0x52, 0x64,
|
|
|
|
|
0xf6, 0x30, 0x81, 0xf4, 0x3f, 0xc2, 0x19, 0x6a,
|
|
|
|
|
0x68, 0x61, 0x93, 0x08, 0xc0, 0x0a, 0xab, 0x00 };
|
|
|
|
|
|
|
|
|
|
int table_id = maat_table_get_id(g_maat_instance, "APP_PAYLOAD");
|
|
|
|
|
ASSERT_GT(table_id, 0);
|
|
|
|
|
|
|
|
|
|
int ret = maat_state_set_scan_district(g_maat_instance, &state, region_name, strlen(region_name));
|
|
|
|
|
ASSERT_EQ(ret, 0);
|
2023-02-15 11:53:46 +08:00
|
|
|
|
2023-02-09 22:13:15 +08:00
|
|
|
ret = maat_scan_string(g_maat_instance, table_id, 0, (char *)udp_payload_not_hit, sizeof(udp_payload_not_hit),
|
2023-02-16 11:13:23 +08:00
|
|
|
results, ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(MaatStringScan, ExprPlusWithHex) {
|
2023-02-16 11:13:23 +08:00
|
|
|
int results[ARRAY_SIZE] = {0};
|
2023-02-09 22:13:15 +08:00
|
|
|
size_t n_hit_result = 0;
|
|
|
|
|
struct maat_state *state = NULL;
|
|
|
|
|
const char *scan_data1 = "text/html; charset=UTF-8";
|
|
|
|
|
const char *scan_data2 = "Batman\\:Take me Home.Superman/:Fine,stay with me.";
|
|
|
|
|
const char *region_name1 = "Content-Type";
|
|
|
|
|
const char *region_name2 = "User-Agent";
|
|
|
|
|
|
|
|
|
|
int table_id = maat_table_get_id(g_maat_instance, "HTTP_SIGNATURE");
|
|
|
|
|
ASSERT_GT(table_id, 0);
|
|
|
|
|
|
|
|
|
|
int ret = maat_state_set_scan_district(g_maat_instance, &state, region_name1, strlen(region_name1));
|
|
|
|
|
ASSERT_EQ(ret, 0);
|
|
|
|
|
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
|
2023-02-16 11:13:23 +08:00
|
|
|
results, ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(results[0], 156);
|
|
|
|
|
|
|
|
|
|
ret = maat_state_set_scan_district(g_maat_instance, &state, region_name2, strlen(region_name2));
|
|
|
|
|
ASSERT_EQ(ret, 0);
|
|
|
|
|
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
|
2023-02-16 11:13:23 +08:00
|
|
|
results, ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
|
|
|
|
|
|
|
|
|
table_id = maat_table_get_id(g_maat_instance, "KEYWORDS_TABLE");
|
|
|
|
|
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data2, strlen(scan_data2),
|
2023-02-16 11:13:23 +08:00
|
|
|
results, ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(results[0], 132);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
TEST_F(MaatStringScan, ExprPlusWithOffset)
|
|
|
|
|
{
|
2023-02-16 11:13:23 +08:00
|
|
|
int results[ARRAY_SIZE] = {0};
|
2023-02-09 22:13:15 +08:00
|
|
|
size_t n_hit_result = 0;
|
|
|
|
|
struct maat_state *state = NULL;
|
|
|
|
|
const char *region_name = "Payload";
|
|
|
|
|
unsigned char udp_payload_not_hit[] = { /* Stun packet */
|
|
|
|
|
0x00, 0x03, 0x00, 0x4a, 0x21, 0x12, 0xa4, 0x42,
|
|
|
|
|
0x4f, 0xc2, 0xc2, 0x70, 0xb3, 0xa8, 0x4e, 0x22,
|
|
|
|
|
0xf5, 0x22, 0x87, 0x4c, 0x40, 0x00, 0x00, 0x46,
|
|
|
|
|
0x03, 0x02, 0xab, 0x39, 0xbb, 0x97, 0xe5, 0x01,
|
|
|
|
|
0x3a, 0x46, 0x1c, 0x28, 0x5b, 0xab, 0xfa, 0x9a,
|
|
|
|
|
0xab, 0x2e, 0x71, 0x39, 0x66, 0xa0, 0xd7, 0xb9,
|
|
|
|
|
0xd8, 0x41, 0xa7, 0xa0, 0x84, 0xa9, 0xf3, 0x1b,
|
|
|
|
|
0x03, 0x7f, 0xa8, 0x28, 0xa2, 0xd3, 0x64, 0xc2,
|
|
|
|
|
0x3d, 0x20, 0xe0, 0xb1, 0x41, 0x12, 0x6c, 0x2f,
|
|
|
|
|
0xc5, 0xbb, 0xc3, 0xba, 0x69, 0x73, 0x52, 0x64,
|
|
|
|
|
0xf6, 0x30, 0x81, 0xf4, 0x3f, 0xc2, 0x19, 0x6a,
|
|
|
|
|
0x68, 0x61, 0x93, 0x08, 0xc0, 0x0a };
|
|
|
|
|
unsigned char udp_payload_hit[] = { /* Stun packet */ //rule:"1-1:03&9-10:2d&14-16:2d34&19-21:2d&24-25:2d"
|
|
|
|
|
0x00, 0x03, 0x00, 0x4a, 0x21, 0x12, 0xa4, 0x42, //1-1:03
|
|
|
|
|
0x4f, 0xc2, 0x2d, 0x70, 0xb3, 0xa8, 0x4e, 0x2d, //10-10:2d
|
|
|
|
|
0x34, 0x22, 0x87, 0x4c, 0x2d, 0x00, 0x00, 0x46, //15-16:2d34&20-20:2d
|
|
|
|
|
0x2d, 0x34, 0xab, 0x39, 0xbb, 0x97, 0xe5, 0x01, //24-24:2d
|
|
|
|
|
0x03, 0x46, 0x1c, 0x28, 0x5b, 0xab, 0xfa, 0x9a,
|
|
|
|
|
0xab, 0x2e, 0x71, 0x39, 0x66, 0xa0, 0xd7, 0xb9,
|
|
|
|
|
0xd8, 0x41, 0xa7, 0xa0, 0x84, 0xa9, 0xf3, 0x1b,
|
|
|
|
|
0x03, 0x7f, 0xa8, 0x28, 0xa2, 0xd3, 0x64, 0xc2,
|
|
|
|
|
0x3d, 0x20, 0xe0, 0xb1, 0x41, 0x12, 0x6c, 0x2f,
|
|
|
|
|
0xc5, 0xbb, 0xc3, 0xba, 0x69, 0x73, 0x52, 0x64,
|
|
|
|
|
0xf6, 0x30, 0x81, 0xf4, 0x3f, 0xc2, 0x19, 0x6a,
|
|
|
|
|
0x68, 0x61, 0x93, 0x08, 0xc0, 0x0a };
|
|
|
|
|
|
|
|
|
|
int table_id = maat_table_get_id(g_maat_instance, "APP_PAYLOAD");
|
|
|
|
|
ASSERT_GT(table_id, 0);
|
|
|
|
|
|
|
|
|
|
int ret = maat_state_set_scan_district(g_maat_instance, &state, region_name, strlen(region_name));
|
|
|
|
|
EXPECT_EQ(ret, 0);
|
|
|
|
|
|
|
|
|
|
ret = maat_scan_string(g_maat_instance, table_id, 0, (char*)udp_payload_not_hit, sizeof(udp_payload_not_hit),
|
2023-02-16 11:13:23 +08:00
|
|
|
results, ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
|
|
|
|
|
|
|
|
|
ret = maat_scan_string(g_maat_instance, table_id, 0, (char*)udp_payload_hit, sizeof(udp_payload_hit),
|
2023-02-16 11:13:23 +08:00
|
|
|
results, ARRAY_SIZE, &n_hit_result, &state);
|
2023-02-09 22:13:15 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(results[0], 148);
|
|
|
|
|
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
}
|
2023-02-15 11:53:46 +08:00
|
|
|
#endif
|
2023-02-16 11:13:23 +08:00
|
|
|
TEST_F(MaatStringScan, dynamic_config) {
|
|
|
|
|
int table_id = maat_table_get_id(g_maat_instance, "HTTP_URL_LITERAL");
|
|
|
|
|
|
|
|
|
|
char data[128] = "hello world";
|
|
|
|
|
int results[ARRAY_SIZE] = {0};
|
|
|
|
|
size_t n_hit_result = 0;
|
|
|
|
|
struct maat_state *state = NULL;
|
|
|
|
|
int ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results,
|
|
|
|
|
ARRAY_SIZE, &n_hit_result, &state);
|
|
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
|
|
|
|
EXPECT_EQ(n_hit_result, 0);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
|
|
|
|
|
/* add new line in GROUP2COMPILE table */
|
|
|
|
|
const char *g2c_table_name = "GROUP2COMPILE";
|
|
|
|
|
const char *g2c_table_line_add = "8888\t9999\t1\t0\tnull\t1";
|
|
|
|
|
struct maat_cmd_line line_rule;
|
|
|
|
|
line_rule.rule_id = 8888;
|
|
|
|
|
line_rule.table_line = g2c_table_line_add;
|
|
|
|
|
line_rule.table_name = g2c_table_name;
|
|
|
|
|
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
|
|
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
|
|
|
|
/* add new line in COMPILE table */
|
|
|
|
|
const char *compile_table_name = "COMPILE";
|
|
|
|
|
const char *compile_table_line_add = "9999\t0\t0\t0\t0\t0\tanything\t1\t1\t0.0";
|
|
|
|
|
memset(&line_rule, 0, sizeof(line_rule));
|
|
|
|
|
line_rule.rule_id = 9999;
|
|
|
|
|
line_rule.table_line = compile_table_line_add;
|
|
|
|
|
line_rule.table_name = compile_table_name;
|
|
|
|
|
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
|
|
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
|
|
|
|
/* add new line in HTTP_URL_LITERAL table */
|
|
|
|
|
const char *table_name = "HTTP_URL_LITERAL";
|
|
|
|
|
const char *table_line_add = "9999\t8888\thello world\t0\t0\t0\t1\t";
|
|
|
|
|
memset(&line_rule, 0, sizeof(line_rule));
|
|
|
|
|
line_rule.rule_id = 9999;
|
|
|
|
|
line_rule.table_line = table_line_add;
|
|
|
|
|
line_rule.table_name = table_name;
|
|
|
|
|
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
|
|
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
|
|
|
|
sleep(2);
|
|
|
|
|
state = NULL;
|
|
|
|
|
ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results,
|
|
|
|
|
ARRAY_SIZE, &n_hit_result, &state);
|
|
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(n_hit_result, 1);
|
|
|
|
|
EXPECT_EQ(results[0], 9999);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
|
|
|
|
|
/* del new line from HTTP_URL_LITERAL table */
|
|
|
|
|
const char *table_line_del = "9999\t8888\thello world\t0\t0\t0\t0\t";
|
|
|
|
|
memset(&line_rule, 0, sizeof(line_rule));
|
|
|
|
|
line_rule.rule_id = 9999;
|
|
|
|
|
line_rule.table_line = table_line_del;
|
|
|
|
|
line_rule.table_name = table_name;
|
|
|
|
|
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
|
|
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
|
|
|
|
/* del new line from COMPILE table */
|
|
|
|
|
const char *compile_table_line_del = "9999\t0\t0\t0\t0\t0\tanything\t0\t1\t0.0";
|
|
|
|
|
memset(&line_rule, 0, sizeof(line_rule));
|
|
|
|
|
line_rule.rule_id = 9999;
|
|
|
|
|
line_rule.table_line = compile_table_line_del;
|
|
|
|
|
line_rule.table_name = compile_table_name;
|
|
|
|
|
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
|
|
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
|
|
|
|
/* del new line from GROUP2COMPILE table */
|
|
|
|
|
const char *g2c_table_line_del = "8888\t9999\t0\t0\tnull\t1";
|
|
|
|
|
memset(&line_rule, 0, sizeof(line_rule));
|
|
|
|
|
line_rule.rule_id = 8888;
|
|
|
|
|
line_rule.table_line = g2c_table_line_del;
|
|
|
|
|
line_rule.table_name = g2c_table_name;
|
|
|
|
|
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
|
|
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
|
|
|
|
sleep(2);
|
|
|
|
|
state = NULL;
|
|
|
|
|
ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results,
|
|
|
|
|
ARRAY_SIZE, &n_hit_result, &state);
|
|
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
|
|
|
|
EXPECT_EQ(n_hit_result, 0);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
class MaatIPScan : public testing::Test
|
|
|
|
|
{
|
|
|
|
|
protected:
|
|
|
|
|
static void SetUpTestCase() {
|
2023-02-16 11:13:23 +08:00
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void TearDownTestCase() {
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
2023-02-15 11:53:46 +08:00
|
|
|
TEST_F(MaatIPScan, IPv4) {
|
2023-02-16 11:13:23 +08:00
|
|
|
int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG");
|
2023-02-15 11:53:46 +08:00
|
|
|
char ip_str[32] = "10.0.7.100";
|
2023-01-30 21:59:35 +08:00
|
|
|
uint32_t sip;
|
|
|
|
|
int ret = inet_pton(AF_INET, ip_str, &sip);
|
2022-12-12 00:10:30 +08:00
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
int results[ARRAY_SIZE] = {-1};
|
2023-01-30 21:59:35 +08:00
|
|
|
size_t n_hit_result = 0;
|
2022-12-14 15:28:21 +08:00
|
|
|
struct maat_state *state = NULL;
|
2023-02-16 11:13:23 +08:00
|
|
|
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
|
2023-02-09 22:13:15 +08:00
|
|
|
&n_hit_result, &state);
|
2023-02-03 17:28:14 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
2023-01-30 21:59:35 +08:00
|
|
|
EXPECT_EQ(n_hit_result, 2);
|
2023-02-15 11:53:46 +08:00
|
|
|
EXPECT_EQ(results[0], 169);
|
|
|
|
|
EXPECT_EQ(results[1], 154);
|
2023-01-30 21:59:35 +08:00
|
|
|
maat_state_free(&state);
|
2022-12-12 00:10:30 +08:00
|
|
|
}
|
|
|
|
|
|
2023-02-15 11:53:46 +08:00
|
|
|
TEST_F(MaatIPScan, IPv6) {
|
2023-02-16 11:13:23 +08:00
|
|
|
int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG");
|
2022-12-12 00:10:30 +08:00
|
|
|
char ip_str[32] = "1001:da8:205:1::101";
|
2023-02-15 11:53:46 +08:00
|
|
|
uint8_t sip[16];
|
|
|
|
|
int ret = inet_pton(AF_INET6, ip_str, &sip);
|
2022-12-12 00:10:30 +08:00
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
int results[ARRAY_SIZE] = {-1};
|
2023-01-30 21:59:35 +08:00
|
|
|
size_t n_hit_result = 0;
|
2022-12-14 15:28:21 +08:00
|
|
|
struct maat_state *state = NULL;
|
2023-02-16 11:13:23 +08:00
|
|
|
ret = maat_scan_ipv6(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
|
2023-02-15 11:53:46 +08:00
|
|
|
&n_hit_result, &state);
|
2023-02-03 17:28:14 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
2023-01-30 21:59:35 +08:00
|
|
|
EXPECT_EQ(n_hit_result, 1);
|
2023-02-15 11:53:46 +08:00
|
|
|
EXPECT_EQ(results[0], 155);
|
2022-12-12 00:10:30 +08:00
|
|
|
|
2023-01-30 21:59:35 +08:00
|
|
|
maat_state_free(&state);
|
2022-12-09 17:12:18 +08:00
|
|
|
}
|
|
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
TEST_F(MaatIPScan, dynamic_config) {
|
|
|
|
|
int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG");
|
2022-12-14 15:28:21 +08:00
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
char ip_str[32] = "100.100.100.100";
|
|
|
|
|
uint32_t sip;
|
|
|
|
|
int ret = inet_pton(AF_INET, ip_str, &sip);
|
|
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
|
|
|
|
int results[ARRAY_SIZE] = {-1};
|
2023-01-30 21:59:35 +08:00
|
|
|
size_t n_hit_result = 0;
|
2022-12-14 15:28:21 +08:00
|
|
|
struct maat_state *state = NULL;
|
2023-02-16 11:13:23 +08:00
|
|
|
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
|
|
|
|
|
&n_hit_result, &state);
|
|
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(n_hit_result, 1);
|
|
|
|
|
EXPECT_EQ(results[0], 169);
|
2023-01-30 21:59:35 +08:00
|
|
|
maat_state_free(&state);
|
2022-12-14 15:28:21 +08:00
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
/* add new line in GROUP2COMPILE table */
|
|
|
|
|
const char *g2c_table_name = "GROUP2COMPILE";
|
|
|
|
|
const char *g2c_table_line_add = "8887\t9998\t1\t0\tnull\t1";
|
2022-12-14 15:28:21 +08:00
|
|
|
struct maat_cmd_line line_rule;
|
2023-02-16 11:13:23 +08:00
|
|
|
line_rule.rule_id = 8887;
|
|
|
|
|
line_rule.table_line = g2c_table_line_add;
|
|
|
|
|
line_rule.table_name = g2c_table_name;
|
|
|
|
|
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
|
|
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
|
|
|
|
/* add new line in COMPILE table */
|
|
|
|
|
const char *compile_table_name = "COMPILE";
|
|
|
|
|
const char *compile_table_line_add = "9998\t0\t0\t0\t0\t0\tanything\t1\t1\t0.0";
|
|
|
|
|
memset(&line_rule, 0, sizeof(line_rule));
|
|
|
|
|
line_rule.rule_id = 9998;
|
|
|
|
|
line_rule.table_line = compile_table_line_add;
|
|
|
|
|
line_rule.table_name = compile_table_name;
|
|
|
|
|
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
|
|
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
|
|
|
|
/* add new line in IP_PLUS_CONFIG */
|
|
|
|
|
const char *table_name = "IP_PLUS_CONFIG";
|
|
|
|
|
const char *table_line_add = "9998\t8887\t4\trange\t100.100.100.100\t100.100.100.100\trange\t0\t65535\trange\t10.0.6.201\t255.255.0.0\trange\t0\t65535\t6\t0\t1";
|
|
|
|
|
memset(&line_rule, 0, sizeof(line_rule));
|
|
|
|
|
line_rule.rule_id = 9998;
|
|
|
|
|
line_rule.table_line = table_line_add;
|
2022-12-14 15:28:21 +08:00
|
|
|
line_rule.table_name = table_name;
|
|
|
|
|
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
|
|
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
|
|
|
|
sleep(2);
|
|
|
|
|
state = NULL;
|
2023-02-16 11:13:23 +08:00
|
|
|
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
|
|
|
|
|
&n_hit_result, &state);
|
2023-02-03 17:28:14 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
2023-02-16 11:13:23 +08:00
|
|
|
EXPECT_EQ(n_hit_result, 2);
|
|
|
|
|
EXPECT_EQ(results[0], 9998);
|
|
|
|
|
EXPECT_EQ(results[1], 169);
|
2023-01-30 21:59:35 +08:00
|
|
|
maat_state_free(&state);
|
2022-12-14 15:28:21 +08:00
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
/* del new line in IP_PLUS_CONFIG */
|
|
|
|
|
const char *table_line_del = "9998\t8887\t4\trange\t100.100.100.100\t100.100.100.100\trange\t0\t65535\trange\t10.0.6.201\t255.255.0.0\trange\t0\t65535\t6\t0\t0";
|
|
|
|
|
memset(&line_rule, 0, sizeof(line_rule));
|
|
|
|
|
line_rule.rule_id = 9998;
|
|
|
|
|
line_rule.table_line = table_line_del;
|
|
|
|
|
line_rule.table_name = table_name;
|
|
|
|
|
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
|
|
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
|
|
|
|
/* del new line in COMPILE table */
|
|
|
|
|
const char *compile_table_line_del = "9998\t0\t0\t0\t0\t0\tanything\t0\t1\t0.0";
|
|
|
|
|
memset(&line_rule, 0, sizeof(line_rule));
|
|
|
|
|
line_rule.rule_id = 9998;
|
|
|
|
|
line_rule.table_line = compile_table_line_del;
|
|
|
|
|
line_rule.table_name = compile_table_name;
|
|
|
|
|
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
|
|
|
|
|
EXPECT_EQ(ret, 1);
|
|
|
|
|
|
|
|
|
|
/* del new line in GROUP2COMPILE table */
|
|
|
|
|
const char *g2c_table_line_del = "8887\t9998\t0\t0\tnull\t1";
|
|
|
|
|
memset(&line_rule, 0, sizeof(line_rule));
|
|
|
|
|
line_rule.rule_id = 8887;
|
|
|
|
|
line_rule.table_line = g2c_table_line_del;
|
|
|
|
|
line_rule.table_name = g2c_table_name;
|
|
|
|
|
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
|
2022-12-14 15:28:21 +08:00
|
|
|
EXPECT_EQ(ret, 1);
|
2023-02-16 11:13:23 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class MaatIntervalScan : public testing::Test
|
|
|
|
|
{
|
|
|
|
|
protected:
|
|
|
|
|
static void SetUpTestCase() {
|
|
|
|
|
|
|
|
|
|
}
|
2022-12-14 15:28:21 +08:00
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
static void TearDownTestCase() {
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
};
|
2023-02-16 11:28:44 +08:00
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
TEST_F(MaatIntervalScan, Pure) {
|
|
|
|
|
int results[ARRAY_SIZE] = {0};
|
2023-01-30 21:59:35 +08:00
|
|
|
size_t n_hit_result = 0;
|
2022-12-14 15:28:21 +08:00
|
|
|
struct maat_state *state = NULL;
|
2023-02-16 11:13:23 +08:00
|
|
|
const char *table_name = "CONTENT_SIZE";
|
2022-12-14 15:28:21 +08:00
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
int table_id = maat_table_get_id(g_maat_instance, table_name);
|
|
|
|
|
ASSERT_GT(table_id, 0);
|
2022-12-14 15:28:21 +08:00
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
unsigned int scan_data1 = 2015;
|
|
|
|
|
int ret = maat_scan_integer(g_maat_instance, table_id, 0, scan_data1, results, ARRAY_SIZE,
|
|
|
|
|
&n_hit_result, &state);
|
|
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
|
|
|
|
|
unsigned int scan_data2 = 300;
|
2023-02-16 16:45:06 +08:00
|
|
|
ret = maat_scan_integer(g_maat_instance, table_id, 0, scan_data2, results, ARRAY_SIZE,
|
2023-02-16 11:13:23 +08:00
|
|
|
&n_hit_result, &state);
|
2023-02-16 16:45:06 +08:00
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
|
|
|
|
EXPECT_EQ(n_hit_result, 0);
|
2023-02-16 11:13:23 +08:00
|
|
|
maat_state_free(&state);
|
2022-12-14 15:28:21 +08:00
|
|
|
}
|
2023-02-03 17:28:14 +08:00
|
|
|
|
2023-02-16 11:13:23 +08:00
|
|
|
TEST_F(MaatIntervalScan, IntervalPlus) {
|
|
|
|
|
int results[ARRAY_SIZE] = {0};
|
|
|
|
|
size_t n_hit_result = 0;
|
|
|
|
|
struct maat_state *state = NULL;
|
|
|
|
|
const char *table_name = "INTERGER_PLUS";
|
|
|
|
|
|
|
|
|
|
int table_id = maat_table_get_id(g_maat_instance, table_name);
|
|
|
|
|
ASSERT_GT(table_id, 0);
|
|
|
|
|
|
|
|
|
|
const char *district_str = "interval.plus";
|
|
|
|
|
int ret = maat_state_set_scan_district(g_maat_instance, &state, district_str, strlen(district_str));
|
2023-02-16 16:45:06 +08:00
|
|
|
EXPECT_EQ(ret, 0);
|
2023-02-16 11:13:23 +08:00
|
|
|
|
|
|
|
|
unsigned int scan_data1 = 2020;
|
|
|
|
|
ret = maat_scan_integer(g_maat_instance, table_id, 0, scan_data1, results, ARRAY_SIZE,
|
|
|
|
|
&n_hit_result, &state);
|
|
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(n_hit_result, 1);
|
|
|
|
|
EXPECT_EQ(results[0], 179);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
}
|
2023-02-16 11:28:44 +08:00
|
|
|
|
2023-02-16 17:45:18 +08:00
|
|
|
class NOTLogic : public testing::Test
|
|
|
|
|
{
|
|
|
|
|
protected:
|
|
|
|
|
static void SetUpTestCase() {
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void TearDownTestCase() {
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
TEST_F(NOTLogic, ScanNotAtLast) {
|
|
|
|
|
const char *string_should_hit = "This string ONLY contains must-contained-string-of-rule-144.";
|
|
|
|
|
const char *string_should_not_hit = "This string contains both must-contained-string-of-rule-144 and must-not-contained-string-of-rule-144.";
|
|
|
|
|
|
|
|
|
|
int results[ARRAY_SIZE] = {0};
|
|
|
|
|
size_t n_hit_result = 0;
|
|
|
|
|
struct maat_state *state = NULL;
|
|
|
|
|
const char *hit_table_name = "HTTP_URL_LITERAL";
|
|
|
|
|
const char *not_hit_table_name = "KEYWORDS_TABLE";
|
|
|
|
|
|
|
|
|
|
int hit_table_id = maat_table_get_id(g_maat_instance, hit_table_name);
|
|
|
|
|
ASSERT_GT(hit_table_id, 0);
|
|
|
|
|
|
|
|
|
|
int ret = maat_scan_string(g_maat_instance, hit_table_id, 0, string_should_hit, strlen(string_should_hit),
|
|
|
|
|
results, ARRAY_SIZE, &n_hit_result, &state);
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
|
|
|
|
EXPECT_EQ(n_hit_result, 1);
|
|
|
|
|
EXPECT_EQ(results[0], 144);
|
|
|
|
|
|
|
|
|
|
int not_hit_table_id = maat_table_get_id(g_maat_instance, not_hit_table_name);
|
|
|
|
|
ASSERT_GT(not_hit_table_id, 0);
|
|
|
|
|
|
|
|
|
|
maat_state_set_last_scan(g_maat_instance, &state);
|
|
|
|
|
ret = maat_scan_string(g_maat_instance, not_hit_table_id, 0, string_should_not_hit, strlen(string_should_not_hit),
|
|
|
|
|
results, ARRAY_SIZE, &n_hit_result, &state);
|
|
|
|
|
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
|
|
|
|
maat_state_free(&state);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
class PluginTable : public testing::Test
|
|
|
|
|
{
|
|
|
|
|
protected:
|
|
|
|
|
static void SetUpTestCase() {
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void TearDownTestCase() {
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
TEST_F(PluginTable, Callback) {
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-14 15:28:21 +08:00
|
|
|
int count_line_num_cb(const char *table_name, const char *line, void *u_para)
|
|
|
|
|
{
|
|
|
|
|
(*((unsigned int *)u_para))++;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int line_idx = 0;
|
|
|
|
|
long long absolute_expire_time=0;
|
|
|
|
|
int make_serial_rule(const char *table_name, const char *line, void *u_para)
|
|
|
|
|
{
|
|
|
|
|
struct serial_rule *s_rule=(struct serial_rule *)u_para;
|
|
|
|
|
int rule_id = 0;
|
|
|
|
|
char *buff = ALLOC(char, strlen(line) + 1);
|
|
|
|
|
|
|
|
|
|
memcpy(buff, line, strlen(line) + 1);
|
|
|
|
|
|
|
|
|
|
while (buff[strlen(buff) - 1] == '\n' || buff[strlen(buff) - 1] == '\t') {
|
|
|
|
|
buff[strlen(buff) - 1] = '\0';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int j = 0;
|
|
|
|
|
char *str1 = NULL;
|
|
|
|
|
char *token = NULL;
|
|
|
|
|
char *saveptr1 = NULL;
|
|
|
|
|
|
|
|
|
|
for (j = 0,str1 = buff; ; j++, str1 = NULL) {
|
|
|
|
|
token = strtok_r(str1, "\t ", &saveptr1);
|
|
|
|
|
if (token == NULL)
|
|
|
|
|
break;
|
|
|
|
|
if (j == 0) {
|
|
|
|
|
sscanf(token,"%d", &rule_id);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memcpy(buff, line, strlen(line)+1);
|
|
|
|
|
while(buff[strlen(buff)-1]=='\n'||buff[strlen(buff)-1]=='\t') {
|
|
|
|
|
buff[strlen(buff)-1]='\0';
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
maat_cmd_set_serial_rule(s_rule + line_idx, MAAT_OP_ADD, rule_id, table_name, buff, absolute_expire_time);
|
|
|
|
|
line_idx++;
|
|
|
|
|
FREE(str1);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
int write_config_to_redis(char *redis_ip, int redis_port, int redis_db,
|
|
|
|
|
struct log_handle *logger)
|
2022-11-25 16:32:29 +08:00
|
|
|
{
|
2022-12-14 15:28:21 +08:00
|
|
|
char json_iris_path[128] = {0};
|
|
|
|
|
|
|
|
|
|
snprintf(json_iris_path, sizeof(json_iris_path), "./%s_iris_tmp", json_filename);
|
|
|
|
|
|
|
|
|
|
redisContext *c = maat_cmd_connect_redis(redis_ip, redis_port, redis_db, logger);
|
2023-02-16 11:13:23 +08:00
|
|
|
if (NULL == c) {
|
2023-02-03 17:28:14 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2022-11-25 16:32:29 +08:00
|
|
|
|
2022-12-14 15:28:21 +08:00
|
|
|
redisReply *reply = maat_cmd_wrap_redis_command(c, "flushdb");
|
2023-02-16 11:13:23 +08:00
|
|
|
if (NULL == reply) {
|
2023-02-03 17:28:14 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2022-12-14 15:28:21 +08:00
|
|
|
|
2023-02-09 22:13:15 +08:00
|
|
|
if (0 == access(json_iris_path, F_OK)) {
|
|
|
|
|
system_cmd_rmdir(json_iris_path);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (access(json_iris_path, F_OK) < 0) {
|
2022-12-14 15:28:21 +08:00
|
|
|
char tmp_iris_path[128] = {0};
|
|
|
|
|
char *json_buff = NULL;
|
|
|
|
|
size_t json_buff_sz = 0;
|
|
|
|
|
|
|
|
|
|
int ret = load_file_to_memory(json_filename, (unsigned char **)&json_buff, &json_buff_sz);
|
2023-02-03 17:28:14 +08:00
|
|
|
if (ret < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2022-12-14 15:28:21 +08:00
|
|
|
|
|
|
|
|
ret = json2iris(json_buff, json_filename, c, tmp_iris_path,
|
|
|
|
|
sizeof(tmp_iris_path), NULL, NULL, logger);
|
2023-02-03 17:28:14 +08:00
|
|
|
if (ret < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2022-12-14 15:28:21 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
size_t total_line_cnt = 0;
|
|
|
|
|
char tmp_iris_full_idx_path[128] = {0};
|
|
|
|
|
snprintf(tmp_iris_full_idx_path, sizeof(tmp_iris_full_idx_path), "%s/index", json_iris_path);
|
|
|
|
|
config_monitor_traverse(0, tmp_iris_full_idx_path, NULL, count_line_num_cb, NULL, &total_line_cnt, logger);
|
|
|
|
|
|
|
|
|
|
struct serial_rule *s_rule = ALLOC(struct serial_rule, total_line_cnt);
|
|
|
|
|
long long server_time = maat_cmd_redis_server_time_s(c);
|
2023-02-03 17:28:14 +08:00
|
|
|
if (server_time < 0) {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2022-12-14 15:28:21 +08:00
|
|
|
|
|
|
|
|
absolute_expire_time = server_time + 300;
|
|
|
|
|
config_monitor_traverse(0, tmp_iris_full_idx_path, NULL, make_serial_rule, NULL, s_rule, logger);
|
|
|
|
|
|
|
|
|
|
int success_cnt = 0;
|
|
|
|
|
do {
|
|
|
|
|
success_cnt = maat_cmd_write_rule(c, s_rule, total_line_cnt, server_time, logger);
|
|
|
|
|
} while (success_cnt < 0);
|
|
|
|
|
|
|
|
|
|
EXPECT_EQ(success_cnt, (int)total_line_cnt);
|
|
|
|
|
|
|
|
|
|
for (size_t i = 0; i < total_line_cnt; i++) {
|
|
|
|
|
maat_cmd_clear_rule_cache(s_rule + i);
|
|
|
|
|
}
|
|
|
|
|
FREE(s_rule);
|
|
|
|
|
redisFree(c);
|
|
|
|
|
|
2023-02-03 17:28:14 +08:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int main(int argc, char ** argv)
|
|
|
|
|
{
|
|
|
|
|
int ret=0;
|
|
|
|
|
::testing::InitGoogleTest(&argc, argv);
|
|
|
|
|
|
|
|
|
|
struct log_handle *logger = log_handle_create("./maat_framework_gtest.log", 0);
|
|
|
|
|
if (NULL == logger) {
|
|
|
|
|
printf("create log handle failed.\n");
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
char redis_ip[64] = "127.0.0.1";
|
|
|
|
|
int redis_port = 6379;
|
|
|
|
|
int redis_db = 0;
|
|
|
|
|
|
|
|
|
|
ret = write_config_to_redis(redis_ip, redis_port, redis_db, logger);
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
log_error(logger, MODULE_FRAMEWORK_GTEST, "write config to redis failed.");
|
|
|
|
|
log_handle_destroy(logger);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
2023-02-09 22:13:15 +08:00
|
|
|
|
2022-12-14 15:28:21 +08:00
|
|
|
struct maat_options *opts = maat_options_new();
|
2023-01-06 18:54:59 +08:00
|
|
|
maat_options_set_redis(opts, redis_ip, redis_port, redis_db);
|
2022-12-14 15:28:21 +08:00
|
|
|
maat_options_set_logger(opts, logger);
|
|
|
|
|
|
|
|
|
|
g_maat_instance = maat_new(opts, table_info_path);
|
2023-01-30 21:59:35 +08:00
|
|
|
maat_options_free(opts);
|
2023-02-03 17:28:14 +08:00
|
|
|
if (NULL == g_maat_instance) {
|
|
|
|
|
log_error(logger, MODULE_FRAMEWORK_GTEST, "create maat instance in MaatStringScan failed.");
|
|
|
|
|
log_handle_destroy(logger);
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ret=RUN_ALL_TESTS();
|
|
|
|
|
|
2022-11-25 16:32:29 +08:00
|
|
|
maat_free(g_maat_instance);
|
2023-02-03 17:28:14 +08:00
|
|
|
log_handle_destroy(logger);
|
2022-11-25 16:32:29 +08:00
|
|
|
|
|
|
|
|
return ret;
|
2023-02-03 17:28:14 +08:00
|
|
|
}
|
