diff --git a/include/maat.h b/include/maat.h index 4fff9d4..dc7e35b 100644 --- a/include/maat.h +++ b/include/maat.h @@ -29,12 +29,13 @@ struct maat; struct maat_hit_path { int Nth_scan; - int vtable_id; // 0 is not a virtual table. - int NOT_flag; // 1 means NOT clause(condition) - long long item_id; - long long sub_group_id; - long long top_group_id; - long long compile_id; + int vtable_id; // 0 is not a virtual table. + int NOT_flag; // 1 means NOT clause(condition) + int clause_index; // 0 ~ 7 + long long item_id; + long long sub_group_id; + long long top_group_id; + long long compile_id; }; struct maat_hit_group { diff --git a/readme.md b/readme.md index d3a22a4..dc4eacd 100644 --- a/readme.md +++ b/readme.md @@ -217,7 +217,7 @@ int main() * [Rules](./docs/table_data.md) -* [Logic (AND | OR | NOT)](./docs/logic%20(AND%20%7C%20OR%20%7C%20NOT).md) +* [Logical operation](./docs/logical_operation.md) * [Scan API](./docs/scan_api.md) diff --git a/src/maat_compile.c b/src/maat_compile.c index 504d4a7..c72f1fb 100644 --- a/src/maat_compile.c +++ b/src/maat_compile.c @@ -529,6 +529,7 @@ int group2compile_associated_compile_table_id(void *g2c_schema) return schema->asso_compile_table_id; } +#define COMPILE_GC_TIMEOUT_S 5 void *compile_runtime_new(void *compile_schema, size_t max_thread_num, struct maat_garbage_bin *garbage_bin, struct log_handle *logger) @@ -542,7 +543,7 @@ void *compile_runtime_new(void *compile_schema, size_t max_thread_num, compile_rt->expr_match_buff = ALLOC(struct bool_expr_match, max_thread_num * MAX_HIT_COMPILE_NUM); compile_rt->version = time(NULL); - compile_rt->cfg_hash = rcu_hash_new(rcu_compile_cfg_free, NULL, 0); + compile_rt->cfg_hash = rcu_hash_new(rcu_compile_cfg_free, NULL, COMPILE_GC_TIMEOUT_S); compile_rt->tbl_cfg_hash = rcu_hash_new(rcu_compile_table_cfg_free, NULL, 0); compile_rt->clause_id_kv_hash = NULL; compile_rt->not_clause_id_kv_hash = NULL; @@ -1641,6 +1642,39 @@ static int maat_compile_has_clause_query_key(struct maat_compile *compile, return 0; } +static size_t maat_compile_get_hit_clause_index(struct maat_compile *compile, + int vtable_id, long long hit_group_id, + int *clause_idx_array, size_t array_size) +{ + size_t hit_clause_cnt = 0; + struct compile_clause *tmp_clause = NULL; + + for (int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { + tmp_clause = &compile->clauses[i]; + if (!tmp_clause->in_use) { + continue; + } + + struct clause_literal *tmp_cl = NULL; + for (size_t j = 0; j < utarray_len(tmp_clause->literals); j++) { + tmp_cl = (struct clause_literal *)utarray_eltptr(tmp_clause->literals, j); + if (tmp_cl->vtable_id != vtable_id) { + continue; + } + + long long *tmp_group_id = bsearch(&hit_group_id, tmp_cl->group_ids, + tmp_cl->group_cnt, sizeof(long long), + compare_group_id); + if (tmp_group_id != NULL) { + clause_idx_array[hit_clause_cnt++] = i; + break; + } + } + } + + return hit_clause_cnt; +} + static int maat_compile_is_hit_path_existed(const struct maat_hit_path *hit_paths, size_t n_path, const struct maat_hit_path *find) { @@ -1653,13 +1687,69 @@ static int maat_compile_is_hit_path_existed(const struct maat_hit_path *hit_path return 0; } +void populate_hit_path_with_compile(struct maat_hit_path *hit_path_array, + size_t array_idx, size_t n_hit_path, + size_t *n_new_hit_path, struct maat_compile *compile) +{ + size_t i = 0; + size_t idx = array_idx; + size_t n_clause_index = 0; + size_t new_hit_path_cnt = *n_new_hit_path; + int clause_index_array[MAX_ITEMS_PER_BOOL_EXPR] = {0}; + + if (hit_path_array[idx].top_group_id < 0) { + hit_path_array[idx].top_group_id = hit_path_array[idx].sub_group_id; + } + + struct maat_hit_path tmp_path; + if (hit_path_array[idx].compile_id < 0) { + hit_path_array[idx].compile_id = compile->compile_id; + // find out which clause in compile hit + n_clause_index = maat_compile_get_hit_clause_index(compile, hit_path_array[idx].vtable_id, + hit_path_array[idx].top_group_id, clause_index_array, + MAX_ITEMS_PER_BOOL_EXPR); + hit_path_array[idx].clause_index = clause_index_array[0]; + if (n_clause_index > 1) { + for (i = 1; i < n_clause_index; i++) { + tmp_path = hit_path_array[idx]; + tmp_path.clause_index = clause_index_array[i]; + hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path; + new_hit_path_cnt++; + } + } + } else { + // means same clause_query_id hit more than one compile_id + tmp_path = hit_path_array[idx]; + tmp_path.compile_id = compile->compile_id; + if (!maat_compile_is_hit_path_existed(hit_path_array, n_hit_path + new_hit_path_cnt, &tmp_path)) { + hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path; + new_hit_path_cnt++; + n_clause_index = maat_compile_get_hit_clause_index(compile, tmp_path.vtable_id, tmp_path.top_group_id, + clause_index_array, MAX_ITEMS_PER_BOOL_EXPR); + hit_path_array[n_hit_path + new_hit_path_cnt - 1].clause_index = clause_index_array[0]; + if (n_clause_index > 1) { + for (i = 1; i < n_clause_index; i++) { + tmp_path = hit_path_array[n_hit_path + new_hit_path_cnt - 1]; + tmp_path.clause_index = clause_index_array[i]; + hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path; + new_hit_path_cnt++; + } + } + } + } + + *n_new_hit_path = new_hit_path_cnt; +} + size_t compile_runtime_get_hit_paths(struct compile_runtime *compile_rt, int thread_id, struct compile_state *compile_state, struct maat_hit_path *hit_path_array, size_t array_size, size_t n_hit_path) { /* assign hit_path_array[].compile_id */ - size_t new_hit_path_cnt = 0; + size_t n_new_hit_path = 0; + size_t n_clause_index = 0; + int clause_index_array[MAX_ITEMS_PER_BOOL_EXPR] = {0}; struct maat_compile *compile = NULL; struct clause_query_key key = {0, 0, 0}; struct bool_expr_match *expr_match = compile_rt->expr_match_buff + @@ -1682,7 +1772,7 @@ size_t compile_runtime_get_hit_paths(struct compile_runtime *compile_rt, int thr continue; } - for (size_t j = 0; j < n_hit_path && (n_hit_path + new_hit_path_cnt) < array_size; j++) { + for (size_t j = 0; j < n_hit_path && (n_hit_path + n_new_hit_path) < array_size; j++) { if (hit_path_array[j].top_group_id < 0) { key.group_id = hit_path_array[j].sub_group_id; } else { @@ -1692,26 +1782,12 @@ size_t compile_runtime_get_hit_paths(struct compile_runtime *compile_rt, int thr key.vtable_id = hit_path_array[j].vtable_id; key.not_flag = hit_path_array[j].NOT_flag; if (maat_compile_has_clause_query_key(compile, &key)) { - if (hit_path_array[j].top_group_id < 0) { - hit_path_array[j].top_group_id = hit_path_array[j].sub_group_id; - } - - if (hit_path_array[j].compile_id < 0) { - hit_path_array[j].compile_id = compile->compile_id; - } else { - // means same clause_query_id hit more than one compile_id - struct maat_hit_path tmp_path = hit_path_array[j]; - tmp_path.compile_id = compile->compile_id; - if(!maat_compile_is_hit_path_existed(hit_path_array, n_hit_path + new_hit_path_cnt, &tmp_path)) { - hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path; - new_hit_path_cnt++; - } - } + populate_hit_path_with_compile(hit_path_array, j, n_hit_path, &n_new_hit_path, compile); } } } - return (n_hit_path + new_hit_path_cnt); + return (n_hit_path + n_new_hit_path); } static void compile_state_add_direct_hit_groups(struct compile_state *compile_state, @@ -2310,7 +2386,7 @@ int compile_runtime_commit(void *compile_runtime, const char *table_name, compile_rt->bm = new_bool_matcher; compile_rt->clause_id_kv_hash = new_clause_id_kv_hash; compile_rt->not_clause_id_kv_hash = new_not_clause_id_kv_hash; - rcu_hash_commit(compile_rt->cfg_hash); + rcu_hash_commit(compile_rt->cfg_hash); //after commit, old cfg still available within COMPILE_GC_TIMEOUT_S. rcu_hash_commit(compile_rt->tbl_cfg_hash); maat_garbage_bagging(compile_rt->ref_garbage_bin, old_bool_matcher, NULL, @@ -2609,9 +2685,11 @@ size_t compile_state_get_internal_hit_paths(struct compile_state *compile_state, tmp_path.top_group_id = *p; tmp_path.vtable_id = internal_path->vtable_id; tmp_path.NOT_flag = internal_path->NOT_flag; + tmp_path.clause_index = -1; tmp_path.compile_id = -1; - /* check if internal_path is duplicated from hit_path_array[] element */ + /* check if internal_path is duplicated from hit_path_array[] + * element */ if (hit_path_cnt > 0) { if (maat_compile_is_hit_path_existed(hit_path_array, hit_path_cnt, &tmp_path)) { continue; diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index 69288a6..c1c9283 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -6170,6 +6170,7 @@ protected: maat_options_set_stat_file(opts, "./stat.log"); maat_options_set_logger(opts, "./maat_framework_gtest.log", LOG_LEVEL_INFO); maat_options_set_accept_tags(opts, accept_tags); + maat_options_set_hit_path_enabled(opts); _shared_maat_inst = maat_new(opts, table_info_path); maat_options_free(opts); @@ -6400,9 +6401,50 @@ TEST_F(Policy, EvaluationOrder) { results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 3); - EXPECT_EQ(results[0], 168); - EXPECT_EQ(results[1], 167); - EXPECT_EQ(results[2], 166); + EXPECT_EQ(results[0], 166); + EXPECT_EQ(results[1], 168); + EXPECT_EQ(results[2], 167); + + struct maat_hit_path hit_path[128]; + memset(hit_path, 0, sizeof(hit_path)); + size_t n_hit_path = maat_state_get_hit_paths(state, hit_path, 128); + EXPECT_EQ(n_hit_path, 6); + + EXPECT_EQ(hit_path[0].vtable_id, table_id); + EXPECT_EQ(hit_path[0].sub_group_id, 158); + EXPECT_EQ(hit_path[0].top_group_id, 158); + EXPECT_EQ(hit_path[0].clause_index, 2); + EXPECT_EQ(hit_path[0].compile_id, 168); + + EXPECT_EQ(hit_path[1].vtable_id, table_id); + EXPECT_EQ(hit_path[1].sub_group_id, 157); + EXPECT_EQ(hit_path[1].top_group_id, 157); + EXPECT_EQ(hit_path[1].clause_index, 0); + EXPECT_EQ(hit_path[1].compile_id, 166); + + EXPECT_EQ(hit_path[2].vtable_id, table_id); + EXPECT_EQ(hit_path[2].sub_group_id, 155); + EXPECT_EQ(hit_path[2].top_group_id, -1); + EXPECT_EQ(hit_path[2].clause_index, -1); + EXPECT_EQ(hit_path[2].compile_id, -1); + + EXPECT_EQ(hit_path[3].vtable_id, table_id); + EXPECT_EQ(hit_path[3].sub_group_id, 158); + EXPECT_EQ(hit_path[3].top_group_id, 158); + EXPECT_EQ(hit_path[3].clause_index, 6); + EXPECT_EQ(hit_path[3].compile_id, 168); + + EXPECT_EQ(hit_path[4].vtable_id, table_id); + EXPECT_EQ(hit_path[4].sub_group_id, 158); + EXPECT_EQ(hit_path[4].top_group_id, 158); + EXPECT_EQ(hit_path[4].clause_index, 1); + EXPECT_EQ(hit_path[4].compile_id, 167); + + EXPECT_EQ(hit_path[5].vtable_id, table_id); + EXPECT_EQ(hit_path[5].sub_group_id, 158); + EXPECT_EQ(hit_path[5].top_group_id, 158); + EXPECT_EQ(hit_path[5].clause_index, 3); + EXPECT_EQ(hit_path[5].compile_id, 167); ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, &n_hit_result, state); @@ -8880,7 +8922,7 @@ TEST_F(MaatCmdTest, HitGroup) { state = NULL; } -TEST_F(MaatCmdTest, HitPath) { +TEST_F(MaatCmdTest, HitPathBasic) { const char *g2g_table_name = "GROUP2GROUP"; const char *g2c_table_name = "GROUP2COMPILE_DEFAULT"; const char *compile_table_name = "COMPILE_DEFAULT"; @@ -9165,6 +9207,382 @@ that the edges be all directed in the same direction."; EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); EXPECT_EQ(hit_path[path_idx].compile_id, -1); maat_stream_free(stream); + maat_state_free(state); + state = NULL; +} + +/* same group in multi compile */ +/* + item1 -> group1 -> compile1 + / + / + item2 -> group2 -> group21 + \ + \ + item3 -> group3 -> compile2 + \ + \--> compile3 + / + item4 -> group4 -/ +*/ +TEST_F(MaatCmdTest, HitPathAdvanced) { + const char *g2g_table_name = "GROUP2GROUP"; + const char *g2c_table_name = "GROUP2COMPILE_DEFAULT"; + const char *compile_table_name = "COMPILE_DEFAULT"; + const char *ip_table_name = "IP_CONFIG"; + const char *keywords_table_name = "KEYWORDS_TABLE"; + int thread_id = 0; + struct maat *maat_inst = MaatCmdTest::_shared_maat_inst; + struct maat_state *state = maat_state_new(maat_inst, thread_id); + + /* compile1 */ + long long compile1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + int ret = compile_table_set_line(maat_inst, compile_table_name, MAAT_OP_ADD, + compile1_id, "null", 2, 0); + EXPECT_EQ(ret, 1); + + //group1 -> compile1 + long long group1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); + ret = group2compile_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, + group1_id, compile1_id, 0, + "KEYWORDS_TABLE", 1, 0); //clause_index:1 + EXPECT_EQ(ret, 1); + + //item1 -> group1 -> compile1 + long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, + item1_id, group1_id, "computer_theory", NULL, + 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + EXPECT_EQ(ret, 1); + + /* item1 -> group1 -> compile1 + / + group21_/ + */ + long long group21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); + ret = group2compile_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, + group21_id, compile1_id, 0, + "KEYWORDS_TABLE", 2, 0); //clause_index:2 + EXPECT_EQ(ret, 1); + + /* item1 -> group1 -> compile1 + / + group2 -> group21 _/ + */ + long long group2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); + ret = group2group_table_set_line(maat_inst, g2g_table_name, MAAT_OP_ADD, + group2_id, group21_id, 0, 0); + EXPECT_EQ(ret, 1); + + /* item1 -> group1 -> compile1 + / + item2 -> group2 -> group21 _/ + */ + long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, + item2_id, group2_id, "social_theory", NULL, + 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + EXPECT_EQ(ret, 1); + + //compile2 + long long compile2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + ret = compile_table_set_line(maat_inst, compile_table_name, MAAT_OP_ADD, + compile2_id, "null", 2, 0); + EXPECT_EQ(ret, 1); + + /* item1 -> group1 -> compile1 + / + item2 -> group2 -> group21 _/ + \ + \ + compile2 + */ + ret = group2compile_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, + group21_id, compile2_id, 0, + "KEYWORDS_TABLE", 3, 0); //clause_index:3 + EXPECT_EQ(ret, 1); + + /* item1 -> group1 -> compile1 + / + item2 -> group2 -> group21 _/ + \ + \ + item3 -> group3 -> compile2 + */ + long long item3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + long long group3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); + ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item3_id, + group3_id, IPv4, "220.181.38.168", "220.181.38.169", + 0, 65535, 0); + EXPECT_EQ(ret, 1); + + ret = group2compile_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, + group3_id, compile2_id, 0, + "IP_CONFIG", 4, 0); //clause_index:4 + EXPECT_EQ(ret, 1); + + /* item1 -> group1 -> compile1 + / + item2 -> group2 -> group21 _/ + \ + \ + item3 -> group3 -> compile2 + \ + \ --> compile3 + */ + long long compile3_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + ret = compile_table_set_line(maat_inst, compile_table_name, MAAT_OP_ADD, + compile3_id, "null", 2, 0); + EXPECT_EQ(ret, 1); + + ret = group2compile_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, + group3_id, compile3_id, 0, + "IP_CONFIG", 5, 0); //clause_index:5 + EXPECT_EQ(ret, 1); + + /* item1 -> group1 -> compile1 + / + / + item2 -> group2 -> group21 + \ + \ + item3 -> group3 -> compile2 + \ + \ + compile3 + / + / + item4 -> group4 + */ + char temp[1024]={0}; + long long item4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + long long group4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); + ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, + item4_id, group4_id, + str_escape(temp, sizeof(temp), "basic and advanced"), + NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + EXPECT_EQ(ret, 1); + + ret = group2compile_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, + group4_id, compile3_id, 0, + "KEYWORDS_TABLE", 6, 0); //clause_index:6 + EXPECT_EQ(ret, 1); + + sleep(WAIT_FOR_EFFECTIVE_S * 2); + + const char* http_url_computer = "en.wikipedia.org/wiki/Path_(computer_theory)"; + const char* http_url_social = "en.wikipedia.org/wiki/Path_(social_theory)"; + + int keywords_table_id = maat_get_table_id(maat_inst, "KEYWORDS_TABLE"); + ASSERT_GT(keywords_table_id, 0); + + long long results[ARRAY_SIZE] = {0}; + size_t n_hit_result = 0; + ret = maat_scan_string(maat_inst, keywords_table_id, http_url_computer, + strlen(http_url_computer), results, ARRAY_SIZE, + &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); + + struct maat_hit_path hit_path[128]; + memset(hit_path, 0, sizeof(hit_path)); + int n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path)); + EXPECT_EQ(n_read, 1); + + int path_idx = 0; + EXPECT_EQ(hit_path[path_idx].Nth_scan, 1); + EXPECT_EQ(hit_path[path_idx].item_id, item1_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, -1); + EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, -1); + EXPECT_EQ(hit_path[path_idx].compile_id, -1); + + ret = maat_scan_string(maat_inst, keywords_table_id, http_url_social, + strlen(http_url_social), results, ARRAY_SIZE, + &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(n_hit_result, 1); + EXPECT_EQ(results[0], compile1_id); + + n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path)); + EXPECT_EQ(n_read, 3); + + path_idx = 0; + EXPECT_EQ(hit_path[path_idx].Nth_scan, 1); + EXPECT_EQ(hit_path[path_idx].item_id, item1_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id); + EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, 1); + EXPECT_EQ(hit_path[path_idx].compile_id, compile1_id); + + path_idx++; + ASSERT_EQ(path_idx, 1); + EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); + EXPECT_EQ(hit_path[path_idx].item_id, item2_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id); + EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, 2); + EXPECT_EQ(hit_path[path_idx].compile_id, compile1_id); + + path_idx++; + ASSERT_EQ(path_idx, 2); + EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); + EXPECT_EQ(hit_path[path_idx].item_id, item2_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, -1); + EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, -1); + EXPECT_EQ(hit_path[path_idx].compile_id, -1); + + uint32_t ip_addr; + inet_pton(AF_INET, "220.181.38.168", &ip_addr); + uint16_t port = htons(17272); + + int ip_table_id = maat_get_table_id(maat_inst, ip_table_name); + ASSERT_GT(ip_table_id, 0); + + ret = maat_scan_ipv4(maat_inst, ip_table_id, ip_addr, port, 6, results, + ARRAY_SIZE, &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(n_hit_result, 1); + EXPECT_EQ(results[0], compile2_id); + + memset(hit_path, 0, sizeof(hit_path)); + n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path)); + EXPECT_EQ(n_read, 5); + + path_idx = 0; + EXPECT_EQ(hit_path[path_idx].Nth_scan, 1); + EXPECT_EQ(hit_path[path_idx].item_id, item1_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id); + EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, 1); + EXPECT_EQ(hit_path[path_idx].compile_id, compile1_id); + + path_idx++; + ASSERT_EQ(path_idx, 1); + EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); + EXPECT_EQ(hit_path[path_idx].item_id, item2_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id); + EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, 3); + EXPECT_EQ(hit_path[path_idx].compile_id, compile2_id); + + path_idx++; + ASSERT_EQ(path_idx, 2); + EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); + EXPECT_EQ(hit_path[path_idx].item_id, item2_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, -1); + EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, -1); + EXPECT_EQ(hit_path[path_idx].compile_id, -1); + + path_idx++; + ASSERT_EQ(path_idx, 3); + EXPECT_EQ(hit_path[path_idx].Nth_scan, 3); + EXPECT_EQ(hit_path[path_idx].item_id, item3_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, group3_id); + EXPECT_EQ(hit_path[path_idx].vtable_id, ip_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, 4); + EXPECT_EQ(hit_path[path_idx].compile_id, compile2_id); + + path_idx++; + ASSERT_EQ(path_idx, 4); + EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); + EXPECT_EQ(hit_path[path_idx].item_id, item2_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id); + EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, 2); + EXPECT_EQ(hit_path[path_idx].compile_id, compile1_id); + + const char *keywords1 = "In theory, basic and advanced is common"; + ret = maat_scan_string(maat_inst, keywords_table_id, keywords1, + strlen(keywords1), results, ARRAY_SIZE, + &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(n_hit_result, 1); + EXPECT_EQ(results[0], compile3_id); + + memset(hit_path, 0, sizeof(hit_path)); + n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path)); + EXPECT_EQ(n_read, 7); + + path_idx = 0; + EXPECT_EQ(hit_path[path_idx].Nth_scan, 1); + EXPECT_EQ(hit_path[path_idx].item_id, item1_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id); + EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, 1); + EXPECT_EQ(hit_path[path_idx].compile_id, compile1_id); + + path_idx++; + ASSERT_EQ(path_idx, 1); + EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); + EXPECT_EQ(hit_path[path_idx].item_id, item2_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id); + EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, 3); + EXPECT_EQ(hit_path[path_idx].compile_id, compile2_id); + + path_idx++; + ASSERT_EQ(path_idx, 2); + EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); + EXPECT_EQ(hit_path[path_idx].item_id, item2_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, -1); + EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, -1); + EXPECT_EQ(hit_path[path_idx].compile_id, -1); + + path_idx++; + ASSERT_EQ(path_idx, 3); + EXPECT_EQ(hit_path[path_idx].Nth_scan, 3); + EXPECT_EQ(hit_path[path_idx].item_id, item3_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, group3_id); + EXPECT_EQ(hit_path[path_idx].vtable_id, ip_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, 5); + EXPECT_EQ(hit_path[path_idx].compile_id, compile3_id); + + path_idx++; + ASSERT_EQ(path_idx, 4); + EXPECT_EQ(hit_path[path_idx].Nth_scan, 4); + EXPECT_EQ(hit_path[path_idx].item_id, item4_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group4_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, group4_id); + EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, 6); + EXPECT_EQ(hit_path[path_idx].compile_id, compile3_id); + + path_idx++; + ASSERT_EQ(path_idx, 5); + EXPECT_EQ(hit_path[path_idx].Nth_scan, 3); + EXPECT_EQ(hit_path[path_idx].item_id, item3_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, group3_id); + EXPECT_EQ(hit_path[path_idx].vtable_id, ip_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, 4); + EXPECT_EQ(hit_path[path_idx].compile_id, compile2_id); + + path_idx++; + ASSERT_EQ(path_idx, 6); + EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); + EXPECT_EQ(hit_path[path_idx].item_id, item2_id); + EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); + EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id); + EXPECT_EQ(hit_path[path_idx].vtable_id, keywords_table_id); + EXPECT_EQ(hit_path[path_idx].clause_index, 2); + EXPECT_EQ(hit_path[path_idx].compile_id, compile1_id); + maat_state_free(state); state = NULL; } diff --git a/test/maat_json.json b/test/maat_json.json index bc96f2d..a3c7f4e 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -1845,6 +1845,7 @@ "virtual_table": "HTTP_URL", "group_name": "167_url_group", "group_id": 158, + "clause_index": 1, "regions": [ { "table_name": "HTTP_URL", @@ -1857,6 +1858,12 @@ } } ] + }, + { + "virtual_table": "HTTP_URL", + "group_name": "167_url_group", + "group_id": 158, + "clause_index": 3 } ] }, @@ -1872,20 +1879,15 @@ "groups": [ { "virtual_table": "HTTP_URL", - "group_name": "168_url_group", - "group_id": 159, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "2019/12/27", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" - } - } - ] + "group_name": "167_url_group", + "group_id": 158, + "clause_index": 2 + }, + { + "virtual_table": "HTTP_URL", + "group_name": "167_url_group", + "group_id": 158, + "clause_index": 6 } ] }, @@ -1902,6 +1904,7 @@ "virtual_table": "IP_PLUS_CONFIG", "group_name": "169_IP_group", "group_id": 160, + "clause_index": 0, "not_flag" : 0, "regions": [ {