fix some test case
This commit is contained in:
root
@@ -2,7 +2,7 @@ variables:
|
|||||||
GIT_STRATEGY: "clone"
|
GIT_STRATEGY: "clone"
|
||||||
BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux"
|
BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux"
|
||||||
BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/
|
BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/
|
||||||
INSTALL_DEPENDENCY_LIBRARY: framework_env openssl-devel libasan libfieldstat4-devel
|
INSTALL_DEPENDENCY_LIBRARY: framework_env openssl-devel libasan libfieldstat4-devel libuuid
|
||||||
|
|
||||||
stages:
|
stages:
|
||||||
- build
|
- build
|
||||||
|
|||||||
@@ -19,6 +19,7 @@ extern "C"
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <stddef.h>
|
#include <stddef.h>
|
||||||
#include <arpa/inet.h>
|
#include <arpa/inet.h>
|
||||||
|
#include <uuid/uuid.h>
|
||||||
|
|
||||||
#include "uthash/utarray.h"
|
#include "uthash/utarray.h"
|
||||||
#include "cJSON/cJSON.h"
|
#include "cJSON/cJSON.h"
|
||||||
@@ -117,6 +118,7 @@ int system_cmd_gzip(const char *src_file, const char *dst_file);
|
|||||||
int system_cmd_encrypt(const char *src_file, const char *dst_file, const char *password);
|
int system_cmd_encrypt(const char *src_file, const char *dst_file, const char *password);
|
||||||
|
|
||||||
int ids_str2longlong_array(const char *ids_str, UT_array *ids_array);
|
int ids_str2longlong_array(const char *ids_str, UT_array *ids_array);
|
||||||
|
void print_uuid_str(uuid_t uuid);
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -261,7 +261,7 @@ bool_plugin_accept_tag_match(struct bool_plugin_schema *schema,
|
|||||||
cJSON *tmp_obj = NULL;
|
cJSON *tmp_obj = NULL;
|
||||||
|
|
||||||
tmp_obj = cJSON_GetObjectItem(json, "effective_range");
|
tmp_obj = cJSON_GetObjectItem(json, "effective_range");
|
||||||
if (tmp_obj && n_tag > 0) {
|
if ((tmp_obj && cJSON_GetArraySize(tmp_obj) > 0) && n_tag > 0) {
|
||||||
char *tag_str = cJSON_Print(tmp_obj);
|
char *tag_str = cJSON_Print(tmp_obj);
|
||||||
|
|
||||||
int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
|
int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
|
||||||
|
|||||||
@@ -15,6 +15,7 @@
|
|||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
#include <dirent.h>
|
#include <dirent.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
#include "uthash/uthash.h"
|
||||||
|
|
||||||
#include "maat_core.h"
|
#include "maat_core.h"
|
||||||
#include "maat_config_monitor.h"
|
#include "maat_config_monitor.h"
|
||||||
@@ -30,6 +31,12 @@ struct cm_table_info_t {
|
|||||||
char encrypt_algo[NAME_MAX];
|
char encrypt_algo[NAME_MAX];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
struct object_info {
|
||||||
|
char object_name[MAX_NAME_STR_LEN];
|
||||||
|
char object_uuid[UUID_STR_LEN];
|
||||||
|
UT_hash_handle hh;
|
||||||
|
};
|
||||||
|
|
||||||
//replacement of glibc scandir, to adapt dictator malloc wrap
|
//replacement of glibc scandir, to adapt dictator malloc wrap
|
||||||
#define ENLARGE_STEP 1024
|
#define ENLARGE_STEP 1024
|
||||||
int my_scandir(const char *dir, struct dirent ***namelist,
|
int my_scandir(const char *dir, struct dirent ***namelist,
|
||||||
@@ -179,13 +186,44 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void object_info_add(struct object_info *object_name_map, const char *object_name, const char *object_uuid)
|
||||||
|
{
|
||||||
|
struct object_info *object_info = NULL;
|
||||||
|
HASH_FIND_STR(object_name_map, object_name, object_info);
|
||||||
|
if (object_info == NULL) {
|
||||||
|
object_info = ALLOC(struct object_info, 1);
|
||||||
|
strncpy(object_info->object_name, object_name, sizeof(object_info->object_name));
|
||||||
|
strncpy(object_info->object_uuid, object_uuid, sizeof(object_info->object_uuid));
|
||||||
|
HASH_ADD_STR(object_name_map, object_name, object_info);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
static struct object_info *object_info_find(struct object_info *object_name_map, const char *object_name)
|
||||||
|
{
|
||||||
|
struct object_info *object_info = NULL;
|
||||||
|
HASH_FIND_STR(object_name_map, object_name, object_info);
|
||||||
|
return object_info;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void object_info_free(struct object_info *object_name_map)
|
||||||
|
{
|
||||||
|
struct object_info *object_info, *tmp;
|
||||||
|
HASH_ITER(hh, object_name_map, object_info, tmp) {
|
||||||
|
HASH_DEL(object_name_map, object_info);
|
||||||
|
FREE(object_info);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
|
void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
|
||||||
{
|
{
|
||||||
*json_root = cJSON_Parse((const char *)json_buff);
|
*json_root = cJSON_Parse((const char *)json_buff);
|
||||||
cJSON *top_items = cJSON_GetObjectItem(*json_root, "items");
|
cJSON *top_items = cJSON_GetObjectItem(*json_root, "items");
|
||||||
cJSON *top_objects = cJSON_GetObjectItem(*json_root, "objects");
|
cJSON *top_objects = cJSON_GetObjectItem(*json_root, "objects");
|
||||||
cJSON *rules = cJSON_GetObjectItem(*json_root, "rules");
|
cJSON *rules = cJSON_GetObjectItem(*json_root, "rules");
|
||||||
uuid_t tmp_uuid;
|
struct object_info *object_name_map = NULL;
|
||||||
|
|
||||||
|
int item_gen_id = 1000;
|
||||||
|
int object_gen_id = 1000;
|
||||||
|
|
||||||
if (top_items == NULL) {
|
if (top_items == NULL) {
|
||||||
top_items = cJSON_CreateArray();
|
top_items = cJSON_CreateArray();
|
||||||
@@ -223,8 +261,7 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
|
|||||||
|
|
||||||
if (object_id_obj == NULL) {
|
if (object_id_obj == NULL) {
|
||||||
char uuid_str[UUID_STR_LEN];
|
char uuid_str[UUID_STR_LEN];
|
||||||
uuid_generate(tmp_uuid);
|
snprintf(uuid_str, sizeof(uuid_str), "00000000-0000-0000-0000-00000000%d", object_gen_id++);
|
||||||
uuid_unparse(tmp_uuid, uuid_str);
|
|
||||||
cJSON_AddStringToObject(new_table_content, "object_uuid", uuid_str);
|
cJSON_AddStringToObject(new_table_content, "object_uuid", uuid_str);
|
||||||
} else {
|
} else {
|
||||||
cJSON_AddStringToObject(new_table_content, "object_uuid", object_id_obj->valuestring);
|
cJSON_AddStringToObject(new_table_content, "object_uuid", object_id_obj->valuestring);
|
||||||
@@ -232,8 +269,7 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
|
|||||||
|
|
||||||
if (cJSON_GetObjectItem(table_content, "uuid") == NULL) {
|
if (cJSON_GetObjectItem(table_content, "uuid") == NULL) {
|
||||||
char uuid_str[UUID_STR_LEN];
|
char uuid_str[UUID_STR_LEN];
|
||||||
uuid_generate(tmp_uuid);
|
snprintf(uuid_str, sizeof(uuid_str), "00000000-0000-0000-0000-00000000%d", item_gen_id++);
|
||||||
uuid_unparse(tmp_uuid, uuid_str);
|
|
||||||
cJSON_AddStringToObject(new_table_content, "uuid", uuid_str);
|
cJSON_AddStringToObject(new_table_content, "uuid", uuid_str);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -276,20 +312,32 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
|
|||||||
cJSON_ArrayForEach(tmp_condition, condition_array) {
|
cJSON_ArrayForEach(tmp_condition, condition_array) {
|
||||||
cJSON *tmp_object = NULL;
|
cJSON *tmp_object = NULL;
|
||||||
cJSON *object_uuid_array = cJSON_CreateArray();
|
cJSON *object_uuid_array = cJSON_CreateArray();
|
||||||
cJSON *object_array = cJSON_GetObjectItem(tmp_condition, "objects");
|
|
||||||
|
|
||||||
if (object_array == NULL) {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
cJSON *negate_option = cJSON_GetObjectItem(tmp_condition, "negate_option");
|
cJSON *negate_option = cJSON_GetObjectItem(tmp_condition, "negate_option");
|
||||||
if (negate_option == NULL) {
|
if (negate_option == NULL) {
|
||||||
cJSON_AddBoolToObject(tmp_condition, "negate_option", 0);
|
cJSON_AddBoolToObject(tmp_condition, "negate_option", 0);
|
||||||
}
|
}
|
||||||
|
|
||||||
cJSON_ArrayForEach(tmp_object, object_array) {
|
cJSON *object_name = cJSON_GetObjectItem(tmp_condition, "object_name");
|
||||||
|
cJSON *object_uuid = cJSON_GetObjectItem(tmp_condition, "object_uuid");
|
||||||
|
if (object_name && object_uuid) {
|
||||||
|
object_info_add(object_name_map, object_name->valuestring, object_uuid->valuestring);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (object_uuid) {
|
||||||
|
cJSON_AddItemToArray(object_uuid_array, cJSON_CreateString(object_uuid->valuestring));
|
||||||
|
} else if (object_name) {
|
||||||
|
struct object_info *object_info = object_info_find(object_name_map, object_name->valuestring);
|
||||||
|
if (object_info) {
|
||||||
|
cJSON_AddItemToArray(object_uuid_array, cJSON_CreateString(object_info->object_uuid));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
cJSON *object_array = cJSON_GetObjectItem(tmp_condition, "objects");
|
||||||
|
cJSON_ArrayForEach(tmp_object, object_array) {//convert objects in rule
|
||||||
//find items, generate item_id and object_id
|
//find items, generate item_id and object_id
|
||||||
cJSON *object_id_obj = cJSON_GetObjectItem(tmp_object, "uuid");
|
cJSON *object_id_obj = cJSON_GetObjectItem(tmp_object, "uuid");
|
||||||
|
cJSON *object_name_obj = cJSON_GetObjectItem(tmp_object, "object_name");
|
||||||
cJSON *items = cJSON_GetObjectItem(tmp_object, "items");
|
cJSON *items = cJSON_GetObjectItem(tmp_object, "items");
|
||||||
cJSON *item = NULL;
|
cJSON *item = NULL;
|
||||||
char obj_uuid_str[UUID_STR_LEN];
|
char obj_uuid_str[UUID_STR_LEN];
|
||||||
@@ -297,8 +345,11 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
|
|||||||
if (object_id_obj != NULL) {
|
if (object_id_obj != NULL) {
|
||||||
snprintf(obj_uuid_str, sizeof(obj_uuid_str), "%s", object_id_obj->valuestring);
|
snprintf(obj_uuid_str, sizeof(obj_uuid_str), "%s", object_id_obj->valuestring);
|
||||||
} else {
|
} else {
|
||||||
uuid_generate(tmp_uuid);
|
snprintf(obj_uuid_str, sizeof(obj_uuid_str), "00000000-0000-0000-0000-00000000%d", object_gen_id++);
|
||||||
uuid_unparse(tmp_uuid, obj_uuid_str);
|
}
|
||||||
|
|
||||||
|
if (object_name_obj) {
|
||||||
|
object_info_add(object_name_map, object_name_obj->valuestring, obj_uuid_str);
|
||||||
}
|
}
|
||||||
|
|
||||||
cJSON_ArrayForEach(item, items) {
|
cJSON_ArrayForEach(item, items) {
|
||||||
@@ -310,8 +361,7 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
|
|||||||
|
|
||||||
if (cJSON_GetObjectItem(dup, "uuid") == NULL) {
|
if (cJSON_GetObjectItem(dup, "uuid") == NULL) {
|
||||||
char uuid_str[UUID_STR_LEN];
|
char uuid_str[UUID_STR_LEN];
|
||||||
uuid_generate(tmp_uuid);
|
snprintf(uuid_str, sizeof(uuid_str), "00000000-0000-0000-0000-00000000%d", item_gen_id++);
|
||||||
uuid_unparse(tmp_uuid, uuid_str);
|
|
||||||
cJSON_AddStringToObject(dup, "uuid", uuid_str);
|
cJSON_AddStringToObject(dup, "uuid", uuid_str);
|
||||||
}
|
}
|
||||||
cJSON_AddStringToObject(dup, "object_uuid", obj_uuid_str);
|
cJSON_AddStringToObject(dup, "object_uuid", obj_uuid_str);
|
||||||
@@ -328,6 +378,8 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
|
|||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
object_info_free(object_name_map);
|
||||||
}
|
}
|
||||||
|
|
||||||
int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename,
|
int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename,
|
||||||
|
|||||||
@@ -212,7 +212,7 @@ fqdn_plugin_accept_tag_match(struct fqdn_plugin_schema *schema,
|
|||||||
cJSON *tmp_obj = NULL;
|
cJSON *tmp_obj = NULL;
|
||||||
|
|
||||||
tmp_obj = cJSON_GetObjectItem(json, "effective_range");
|
tmp_obj = cJSON_GetObjectItem(json, "effective_range");
|
||||||
if (tmp_obj != NULL && n_tag > 0) {
|
if ((tmp_obj && cJSON_GetArraySize(tmp_obj) > 0) && n_tag > 0) {
|
||||||
|
|
||||||
char *tag_str = cJSON_Print(tmp_obj);
|
char *tag_str = cJSON_Print(tmp_obj);
|
||||||
|
|
||||||
|
|||||||
@@ -111,7 +111,7 @@ ip_plugin_accept_tag_match(struct ip_plugin_schema *schema,
|
|||||||
size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr);
|
size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr);
|
||||||
|
|
||||||
tmp_obj = cJSON_GetObjectItem(json, "effective_range");
|
tmp_obj = cJSON_GetObjectItem(json, "effective_range");
|
||||||
if (tmp_obj && n_tag > 0) {
|
if ((tmp_obj && cJSON_GetArraySize(tmp_obj) > 0) && n_tag > 0) {
|
||||||
char *tag_str = cJSON_Print(tmp_obj);
|
char *tag_str = cJSON_Print(tmp_obj);
|
||||||
|
|
||||||
int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
|
int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
|
||||||
|
|||||||
@@ -383,7 +383,7 @@ static int plugin_accept_tag_match(struct plugin_schema *schema,
|
|||||||
|
|
||||||
tmp_obj = cJSON_GetObjectItem(json, "effective_range");
|
tmp_obj = cJSON_GetObjectItem(json, "effective_range");
|
||||||
|
|
||||||
if (tmp_obj != NULL && n_tag > 0) {
|
if ((tmp_obj != NULL && cJSON_GetArraySize(tmp_obj) > 0) && n_tag > 0) {
|
||||||
char *tag_str = cJSON_Print(tmp_obj);
|
char *tag_str = cJSON_Print(tmp_obj);
|
||||||
ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
|
ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
|
||||||
FREE(tag_str);
|
FREE(tag_str);
|
||||||
|
|||||||
@@ -92,9 +92,9 @@ struct rule_runtime {
|
|||||||
};
|
};
|
||||||
|
|
||||||
struct condition_literal {
|
struct condition_literal {
|
||||||
long long object_ids[MAX_OBJECT_CNT];
|
uuid_t object_uuids[MAX_OBJECT_CNT];
|
||||||
int object_cnt;
|
int object_cnt;
|
||||||
int attribute_id;
|
char attribute_name[MAX_ATTR_NAME_LEN];
|
||||||
};
|
};
|
||||||
|
|
||||||
struct rule_condition {
|
struct rule_condition {
|
||||||
@@ -350,7 +350,7 @@ static int rule_accept_tag_match(struct rule_schema *schema, const char *line,
|
|||||||
|
|
||||||
tmp_obj = cJSON_GetObjectItem(table_json, "effective_range");
|
tmp_obj = cJSON_GetObjectItem(table_json, "effective_range");
|
||||||
|
|
||||||
if (tmp_obj && n_tag > 0) {
|
if ((tmp_obj && cJSON_GetArraySize(tmp_obj) > 0) && n_tag > 0) {
|
||||||
char *tag_str = cJSON_Print(tmp_obj);
|
char *tag_str = cJSON_Print(tmp_obj);
|
||||||
int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
|
int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
|
||||||
FREE(tag_str);
|
FREE(tag_str);
|
||||||
@@ -1023,7 +1023,7 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule,
|
|||||||
|
|
||||||
static size_t
|
static size_t
|
||||||
maat_rule_get_hit_condition_index(struct maat_rule *rule,
|
maat_rule_get_hit_condition_index(struct maat_rule *rule,
|
||||||
const char *attribute_name, uuid_t hit_object_uuid,
|
const char *attribute_name, uuid_t *hit_object_uuid,
|
||||||
int *condition_idx_array, size_t array_size)
|
int *condition_idx_array, size_t array_size)
|
||||||
{
|
{
|
||||||
size_t hit_condition_cnt = 0;
|
size_t hit_condition_cnt = 0;
|
||||||
@@ -1040,12 +1040,11 @@ maat_rule_get_hit_condition_index(struct maat_rule *rule,
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
uuid_t *tmp_object_uuid = bsearch(&hit_object_uuid, tmp_condition->object_uuids,
|
uuid_t *tmp_object_uuid = bsearch(hit_object_uuid, tmp_condition->object_uuids,
|
||||||
tmp_condition->object_cnt, sizeof(uuid_t),
|
tmp_condition->object_cnt, sizeof(uuid_t),
|
||||||
compare_object_uuid);
|
compare_object_uuid);
|
||||||
if (tmp_object_uuid != NULL) {
|
if (tmp_object_uuid != NULL) {
|
||||||
condition_idx_array[hit_condition_cnt++] = i;
|
condition_idx_array[hit_condition_cnt++] = i;
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1086,7 +1085,7 @@ static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
|
|||||||
// find out which condition in rule hit
|
// find out which condition in rule hit
|
||||||
n_condition_index =
|
n_condition_index =
|
||||||
maat_rule_get_hit_condition_index(rule, attribute_name,
|
maat_rule_get_hit_condition_index(rule, attribute_name,
|
||||||
hit_path_array[idx].top_object_uuid,
|
&hit_path_array[idx].top_object_uuid,
|
||||||
condition_index_array,
|
condition_index_array,
|
||||||
MAX_ITEMS_PER_BOOL_EXPR);
|
MAX_ITEMS_PER_BOOL_EXPR);
|
||||||
hit_path_array[idx].condition_index = condition_index_array[0];
|
hit_path_array[idx].condition_index = condition_index_array[0];
|
||||||
@@ -1106,7 +1105,7 @@ static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
|
|||||||
hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path;
|
hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path;
|
||||||
new_hit_path_cnt++;
|
new_hit_path_cnt++;
|
||||||
n_condition_index =
|
n_condition_index =
|
||||||
maat_rule_get_hit_condition_index(rule, attribute_name, tmp_path.top_object_uuid,
|
maat_rule_get_hit_condition_index(rule, attribute_name, &tmp_path.top_object_uuid,
|
||||||
condition_index_array, MAX_ITEMS_PER_BOOL_EXPR);
|
condition_index_array, MAX_ITEMS_PER_BOOL_EXPR);
|
||||||
hit_path_array[n_hit_path + new_hit_path_cnt - 1].condition_index = condition_index_array[0];
|
hit_path_array[n_hit_path + new_hit_path_cnt - 1].condition_index = condition_index_array[0];
|
||||||
if (n_condition_index > 1) {
|
if (n_condition_index > 1) {
|
||||||
|
|||||||
@@ -615,4 +615,11 @@ int ids_str2longlong_array(const char *ids_str, UT_array *ids_array)
|
|||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
void print_uuid_str(uuid_t uuid)
|
||||||
|
{
|
||||||
|
char uuid_str[37] = {0};
|
||||||
|
uuid_unparse(uuid, uuid_str);
|
||||||
|
printf("%s\n", uuid_str);
|
||||||
}
|
}
|
||||||
@@ -5988,7 +5988,6 @@ TEST_F(Policy, SubObject) {
|
|||||||
maat_state_free(state);
|
maat_state_free(state);
|
||||||
}
|
}
|
||||||
|
|
||||||
#if 0 //TODO: fix the test case
|
|
||||||
TEST_F(Policy, EvaluationOrder) {
|
TEST_F(Policy, EvaluationOrder) {
|
||||||
const char *url = "cavemancircus.com/2019/12/27/pretty-girls-6/";
|
const char *url = "cavemancircus.com/2019/12/27/pretty-girls-6/";
|
||||||
uuid_t results[ARRAY_SIZE];
|
uuid_t results[ARRAY_SIZE];
|
||||||
@@ -6003,69 +6002,96 @@ TEST_F(Policy, EvaluationOrder) {
|
|||||||
results, ARRAY_SIZE, &n_hit_result, state);
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
||||||
EXPECT_EQ(n_hit_result, 3);
|
EXPECT_EQ(n_hit_result, 3);
|
||||||
EXPECT_EQ(results[0], 166);
|
char uuid_str[UUID_STR_LEN] = {0};
|
||||||
EXPECT_EQ(results[1], 168);
|
uuid_unparse(results[0], uuid_str);
|
||||||
EXPECT_EQ(results[2], 167);
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000166");
|
||||||
|
|
||||||
|
uuid_unparse(results[1], uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000168");
|
||||||
|
|
||||||
|
uuid_unparse(results[2], uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000167");
|
||||||
|
|
||||||
struct maat_hit_path hit_path[128];
|
struct maat_hit_path hit_path[128];
|
||||||
memset(hit_path, 0, sizeof(hit_path));
|
memset(hit_path, 0, sizeof(hit_path));
|
||||||
size_t n_hit_path = maat_state_get_hit_paths(state, hit_path, 128);
|
size_t n_hit_path = maat_state_get_hit_paths(state, hit_path, 128);
|
||||||
EXPECT_EQ(n_hit_path, 6);
|
EXPECT_EQ(n_hit_path, 6);
|
||||||
|
|
||||||
EXPECT_EQ(hit_path[0].attribute_id, table_id);
|
EXPECT_STREQ(hit_path[0].attribute_name, attribute_name);
|
||||||
EXPECT_EQ(hit_path[0].sub_object_id, 158);
|
uuid_unparse(hit_path[0].sub_object_uuid, uuid_str);
|
||||||
EXPECT_EQ(hit_path[0].top_object_id, 158);
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000157");
|
||||||
EXPECT_EQ(hit_path[0].condition_index, 2);
|
uuid_unparse(hit_path[0].top_object_uuid, uuid_str);
|
||||||
EXPECT_EQ(hit_path[0].rule_id, 168);
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000157");
|
||||||
|
EXPECT_EQ(hit_path[0].condition_index, 0);
|
||||||
|
uuid_unparse(hit_path[0].rule_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000166");
|
||||||
|
|
||||||
EXPECT_EQ(hit_path[1].attribute_id, table_id);
|
EXPECT_STREQ(hit_path[1].attribute_name, attribute_name);
|
||||||
EXPECT_EQ(hit_path[1].sub_object_id, 157);
|
uuid_unparse(hit_path[1].sub_object_uuid, uuid_str);
|
||||||
EXPECT_EQ(hit_path[1].top_object_id, 157);
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000155");
|
||||||
EXPECT_EQ(hit_path[1].condition_index, 0);
|
EXPECT_EQ(uuid_is_null(hit_path[1].top_object_uuid), 1);
|
||||||
EXPECT_EQ(hit_path[1].rule_id, 166);
|
EXPECT_EQ(hit_path[1].condition_index, -1);
|
||||||
|
EXPECT_EQ(uuid_is_null(hit_path[1].rule_uuid), 1);
|
||||||
|
|
||||||
EXPECT_EQ(hit_path[2].attribute_id, table_id);
|
|
||||||
EXPECT_EQ(hit_path[2].sub_object_id, 155);
|
|
||||||
EXPECT_EQ(hit_path[2].top_object_id, -1);
|
|
||||||
EXPECT_EQ(hit_path[2].condition_index, -1);
|
|
||||||
EXPECT_EQ(hit_path[2].rule_id, -1);
|
|
||||||
|
|
||||||
EXPECT_EQ(hit_path[3].attribute_id, table_id);
|
EXPECT_STREQ(hit_path[2].attribute_name, attribute_name);
|
||||||
EXPECT_EQ(hit_path[3].sub_object_id, 158);
|
uuid_unparse(hit_path[2].sub_object_uuid, uuid_str);
|
||||||
EXPECT_EQ(hit_path[3].top_object_id, 158);
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158");
|
||||||
EXPECT_EQ(hit_path[3].condition_index, 6);
|
uuid_unparse(hit_path[2].top_object_uuid, uuid_str);
|
||||||
EXPECT_EQ(hit_path[3].rule_id, 168);
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158");
|
||||||
|
EXPECT_EQ(hit_path[2].condition_index, 0);
|
||||||
|
uuid_unparse(hit_path[2].rule_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000168");
|
||||||
|
|
||||||
|
|
||||||
EXPECT_EQ(hit_path[4].attribute_id, table_id);
|
EXPECT_STREQ(hit_path[3].attribute_name, attribute_name);
|
||||||
EXPECT_EQ(hit_path[4].sub_object_id, 158);
|
uuid_unparse(hit_path[3].sub_object_uuid, uuid_str);
|
||||||
EXPECT_EQ(hit_path[4].top_object_id, 158);
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158");
|
||||||
EXPECT_EQ(hit_path[4].condition_index, 1);
|
uuid_unparse(hit_path[3].top_object_uuid, uuid_str);
|
||||||
EXPECT_EQ(hit_path[4].rule_id, 167);
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158");
|
||||||
|
EXPECT_EQ(hit_path[3].condition_index, 1);
|
||||||
|
uuid_unparse(hit_path[3].rule_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000168");
|
||||||
|
|
||||||
EXPECT_EQ(hit_path[5].attribute_id, table_id);
|
|
||||||
EXPECT_EQ(hit_path[5].sub_object_id, 158);
|
|
||||||
EXPECT_EQ(hit_path[5].top_object_id, 158);
|
|
||||||
EXPECT_EQ(hit_path[5].condition_index, 3);
|
|
||||||
EXPECT_EQ(hit_path[5].rule_id, 167);
|
|
||||||
|
|
||||||
ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE,
|
EXPECT_STREQ(hit_path[4].attribute_name, attribute_name);
|
||||||
|
uuid_unparse(hit_path[4].sub_object_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158");
|
||||||
|
uuid_unparse(hit_path[4].top_object_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158");
|
||||||
|
EXPECT_EQ(hit_path[4].condition_index, 0);
|
||||||
|
uuid_unparse(hit_path[4].rule_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000167");
|
||||||
|
|
||||||
|
|
||||||
|
EXPECT_STREQ(hit_path[5].attribute_name, attribute_name);
|
||||||
|
uuid_unparse(hit_path[5].sub_object_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158");
|
||||||
|
uuid_unparse(hit_path[5].top_object_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158");
|
||||||
|
EXPECT_EQ(hit_path[5].condition_index, 1);
|
||||||
|
uuid_unparse(hit_path[5].rule_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000167");
|
||||||
|
|
||||||
|
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
|
||||||
&n_hit_result, state);
|
&n_hit_result, state);
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
||||||
|
|
||||||
uint32_t ip_addr;
|
uint32_t ip_addr;
|
||||||
inet_pton(AF_INET, "192.168.23.23", &ip_addr);
|
inet_pton(AF_INET, "192.168.23.23", &ip_addr);
|
||||||
|
|
||||||
table_id = maat_get_table_id(maat_inst, "IP_PLUS_CONFIG");
|
const char *ip_plus_table_name = "IP_PLUS_CONFIG";
|
||||||
ASSERT_GT(table_id, 0);
|
const char *ip_plus_attribute_name = "IP_PLUS_CONFIG";
|
||||||
|
|
||||||
memset(results, 0, sizeof(results));
|
memset(results, 0, sizeof(results));
|
||||||
ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, ARRAY_SIZE,
|
ret = maat_scan_ipv4(maat_inst, ip_plus_table_name, ip_plus_attribute_name, ip_addr, results, ARRAY_SIZE,
|
||||||
&n_hit_result, state);
|
&n_hit_result, state);
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
||||||
EXPECT_EQ(n_hit_result, 1);
|
EXPECT_EQ(n_hit_result, 1);
|
||||||
EXPECT_EQ(results[0], 165);
|
uuid_unparse(results[0], uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000165");
|
||||||
|
|
||||||
ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE,
|
ret = maat_scan_not_logic(maat_inst, ip_plus_table_name, ip_plus_attribute_name, results, ARRAY_SIZE,
|
||||||
&n_hit_result, state);
|
&n_hit_result, state);
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
||||||
|
|
||||||
@@ -6074,7 +6100,9 @@ TEST_F(Policy, EvaluationOrder) {
|
|||||||
|
|
||||||
TEST_F(Policy, NotConditionHitPath) {
|
TEST_F(Policy, NotConditionHitPath) {
|
||||||
const char *url_table_name = "HTTP_URL";
|
const char *url_table_name = "HTTP_URL";
|
||||||
const char *ip_table_name = "ATTRIBUTE_IP_CONFIG";
|
const char *url_attribute_name = "HTTP_URL";
|
||||||
|
const char *ip_table_name = "IP_CONFIG";
|
||||||
|
const char *ip_attribute_name = "ATTRIBUTE_IP_CONFIG";
|
||||||
const char *url = "www.youtube.com";
|
const char *url = "www.youtube.com";
|
||||||
uuid_t results[ARRAY_SIZE];
|
uuid_t results[ARRAY_SIZE];
|
||||||
size_t n_hit_result = 0;
|
size_t n_hit_result = 0;
|
||||||
@@ -6082,28 +6110,24 @@ TEST_F(Policy, NotConditionHitPath) {
|
|||||||
struct maat *maat_inst = Policy::_shared_maat_inst;
|
struct maat *maat_inst = Policy::_shared_maat_inst;
|
||||||
struct maat_state *state = maat_state_new(maat_inst, thread_id);
|
struct maat_state *state = maat_state_new(maat_inst, thread_id);
|
||||||
|
|
||||||
int url_table_id = maat_get_table_id(maat_inst, url_table_name);
|
int ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, url, strlen(url),
|
||||||
ASSERT_GT(url_table_id, 0);
|
|
||||||
|
|
||||||
int ret = maat_scan_string(maat_inst, url_table_id, url, strlen(url),
|
|
||||||
results, ARRAY_SIZE, &n_hit_result, state);
|
results, ARRAY_SIZE, &n_hit_result, state);
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
|
||||||
|
|
||||||
int ip_table_id = maat_get_table_id(maat_inst, ip_table_name);
|
|
||||||
ASSERT_GT(ip_table_id, 0);
|
|
||||||
|
|
||||||
uint32_t ip_addr;
|
uint32_t ip_addr;
|
||||||
inet_pton(AF_INET, "192.168.101.101", &ip_addr);
|
inet_pton(AF_INET, "192.168.101.101", &ip_addr);
|
||||||
|
|
||||||
ret = maat_scan_ipv4(maat_inst, ip_table_id, ip_addr, results,
|
ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results,
|
||||||
ARRAY_SIZE, &n_hit_result, state);
|
ARRAY_SIZE, &n_hit_result, state);
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
EXPECT_EQ(ret, MAAT_SCAN_OK);
|
||||||
|
|
||||||
ret = maat_scan_not_logic(maat_inst, ip_table_id, results, ARRAY_SIZE,
|
ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE,
|
||||||
&n_hit_result, state);
|
&n_hit_result, state);
|
||||||
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
EXPECT_EQ(ret, MAAT_SCAN_HIT);
|
||||||
EXPECT_EQ(n_hit_result, 1);
|
EXPECT_EQ(n_hit_result, 1);
|
||||||
EXPECT_EQ(results[0], 228);
|
char uuid_str[UUID_STR_LEN] = {0};
|
||||||
|
uuid_unparse(results[0], uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000228");
|
||||||
|
|
||||||
struct maat_hit_path hit_path[128];
|
struct maat_hit_path hit_path[128];
|
||||||
memset(hit_path, 0, sizeof(hit_path));
|
memset(hit_path, 0, sizeof(hit_path));
|
||||||
@@ -6111,40 +6135,50 @@ TEST_F(Policy, NotConditionHitPath) {
|
|||||||
EXPECT_EQ(n_hit_path, 4);
|
EXPECT_EQ(n_hit_path, 4);
|
||||||
|
|
||||||
EXPECT_EQ(hit_path[0].Nth_scan, 1);
|
EXPECT_EQ(hit_path[0].Nth_scan, 1);
|
||||||
EXPECT_EQ(hit_path[0].attribute_id, url_table_id);
|
EXPECT_STREQ(hit_path[0].attribute_name, url_attribute_name);
|
||||||
EXPECT_EQ(hit_path[0].negate_option, 0);
|
EXPECT_EQ(hit_path[0].negate_option, 0);
|
||||||
EXPECT_EQ(hit_path[0].condition_index, 1);
|
EXPECT_EQ(hit_path[0].condition_index, 0);
|
||||||
EXPECT_EQ(hit_path[0].sub_object_id, 249);
|
uuid_unparse(hit_path[0].sub_object_uuid, uuid_str);
|
||||||
EXPECT_EQ(hit_path[0].top_object_id, 249);
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000249");
|
||||||
EXPECT_EQ(hit_path[0].rule_id, 228);
|
uuid_unparse(hit_path[0].top_object_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000249");
|
||||||
|
uuid_unparse(hit_path[0].rule_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000228");
|
||||||
|
|
||||||
|
|
||||||
EXPECT_EQ(hit_path[1].Nth_scan, 2);
|
EXPECT_EQ(hit_path[1].Nth_scan, 2);
|
||||||
EXPECT_EQ(hit_path[1].attribute_id, ip_table_id);
|
EXPECT_STREQ(hit_path[1].attribute_name, ip_attribute_name);
|
||||||
EXPECT_EQ(hit_path[1].negate_option, 1);
|
EXPECT_EQ(hit_path[1].negate_option, 1);
|
||||||
EXPECT_EQ(hit_path[1].condition_index, -1);
|
EXPECT_EQ(hit_path[1].condition_index, -1);
|
||||||
EXPECT_EQ(hit_path[1].sub_object_id, 100);
|
uuid_unparse(hit_path[1].sub_object_uuid, uuid_str);
|
||||||
EXPECT_EQ(hit_path[1].top_object_id, 144);
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000100");
|
||||||
EXPECT_EQ(hit_path[1].rule_id, -1);
|
uuid_unparse(hit_path[1].top_object_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000502");
|
||||||
|
EXPECT_EQ(uuid_is_null(hit_path[1].rule_uuid), 1);
|
||||||
|
|
||||||
EXPECT_EQ(hit_path[2].Nth_scan, 2);
|
EXPECT_EQ(hit_path[2].Nth_scan, 2);
|
||||||
EXPECT_EQ(hit_path[2].attribute_id, ip_table_id);
|
EXPECT_STREQ(hit_path[2].attribute_name, ip_attribute_name);
|
||||||
EXPECT_EQ(hit_path[2].negate_option, 1);
|
EXPECT_EQ(hit_path[2].negate_option, 1);
|
||||||
EXPECT_EQ(hit_path[2].condition_index, -1);
|
EXPECT_EQ(hit_path[2].condition_index, -1);
|
||||||
EXPECT_EQ(hit_path[2].sub_object_id, 100);
|
uuid_unparse(hit_path[2].sub_object_uuid, uuid_str);
|
||||||
EXPECT_EQ(hit_path[2].top_object_id, -1);
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000100");
|
||||||
EXPECT_EQ(hit_path[2].rule_id, -1);
|
EXPECT_EQ(uuid_is_null(hit_path[2].top_object_uuid), 1);
|
||||||
|
EXPECT_EQ(uuid_is_null(hit_path[2].rule_uuid), 1);
|
||||||
|
|
||||||
|
|
||||||
EXPECT_EQ(hit_path[3].Nth_scan, 2);
|
EXPECT_EQ(hit_path[3].Nth_scan, 2);
|
||||||
EXPECT_EQ(hit_path[3].attribute_id, ip_table_id);
|
EXPECT_STREQ(hit_path[3].attribute_name, ip_attribute_name);
|
||||||
EXPECT_EQ(hit_path[3].negate_option, 1);
|
EXPECT_EQ(hit_path[3].negate_option, 1);
|
||||||
EXPECT_EQ(hit_path[3].condition_index, 2);
|
EXPECT_EQ(hit_path[3].condition_index, 1);
|
||||||
EXPECT_EQ(hit_path[3].sub_object_id, 250);
|
uuid_unparse(hit_path[3].sub_object_uuid, uuid_str);
|
||||||
EXPECT_EQ(hit_path[3].top_object_id, 250);
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000250");
|
||||||
EXPECT_EQ(hit_path[3].rule_id, 228);
|
uuid_unparse(hit_path[3].top_object_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000250");
|
||||||
|
uuid_unparse(hit_path[3].rule_uuid, uuid_str);
|
||||||
|
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000228");
|
||||||
|
|
||||||
maat_state_free(state);
|
maat_state_free(state);
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
class TableInfo : public testing::Test
|
class TableInfo : public testing::Test
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -906,9 +906,8 @@
|
|||||||
"conditions": [
|
"conditions": [
|
||||||
{
|
{
|
||||||
"attribute_name": "KEYWORDS_TABLE",
|
"attribute_name": "KEYWORDS_TABLE",
|
||||||
"object_uuids":[
|
"object_name": "TakeMeHome",
|
||||||
"00000000-0000-0000-0000-000000000111"
|
"object_uuid": "00000000-0000-0000-0000-000000000111"
|
||||||
]
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
@@ -978,6 +977,7 @@
|
|||||||
"action": 1,
|
"action": 1,
|
||||||
"do_blacklist": 1,
|
"do_blacklist": 1,
|
||||||
"do_log": 1,
|
"do_log": 1,
|
||||||
|
"effective_range":{},
|
||||||
"action_parameter": "offset_string",
|
"action_parameter": "offset_string",
|
||||||
"is_valid": "yes",
|
"is_valid": "yes",
|
||||||
"conditions": [
|
"conditions": [
|
||||||
@@ -1008,6 +1008,7 @@
|
|||||||
"action": 1,
|
"action": 1,
|
||||||
"do_blacklist": 1,
|
"do_blacklist": 1,
|
||||||
"do_log": 1,
|
"do_log": 1,
|
||||||
|
"effective_range":{},
|
||||||
"action_parameter": "offset_string",
|
"action_parameter": "offset_string",
|
||||||
"is_valid": "yes",
|
"is_valid": "yes",
|
||||||
"conditions": [
|
"conditions": [
|
||||||
|
|||||||
Reference in New Issue
Block a user