From 1cd21a43c91bcfb8975991acffb1e3cb1c7841b7 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Oct 2024 07:12:57 +0000 Subject: [PATCH] fix MaatCmd testcase --- src/inc_internal/maat_expr.h | 7 + src/maat_command.c | 2 +- src/maat_expr.c | 20 +- src/maat_redis_monitor.c | 20 +- test/CMakeLists.txt | 2 - test/file_test_tableinfo.json | 201 - test/maat_framework_gtest.cpp | 3398 +++++++++-------- test/maat_json.json | 54 + .../full/2018-10-09/APP_OBJECT.0000050997 | 38 - .../full/2018-10-09/APP_PAYLOAD.0000050997 | 2 - .../full/2018-10-09/APP_POLICY.0000050997 | 17 - .../full/2018-10-09/APP_RULE.0000050997 | 22 - .../DDOS_PROTECT_TARGET_IP_CB.0000050997 | 2 - .../full/2018-10-09/MM_AV_URL.0000050997 | 2 - .../full/2018-10-09/MM_OBJECT.0000050997 | 2 - .../full/2018-10-09/MM_RULE.0000050997 | 2 - .../full/2018-10-09/NTC_ASN_IP.0000050997 | 2 - .../full/2018-10-09/NTC_BGP_AS.0000050997 | 11 - .../2018-10-09/NTC_DNS_FAKE_IP_CB.0000050997 | 4 - .../full/2018-10-09/NTC_DNS_REGION.0000050997 | 16 - .../NTC_DNS_RES_STRATEGY.0000050997 | 3 - .../full/2018-10-09/NTC_FTP_URL.0000050997 | 6 - .../2018-10-09/NTC_HTTP_REQ_BODY.0000050997 | 5 - .../2018-10-09/NTC_HTTP_RES_BODY.0000050997 | 15 - .../full/2018-10-09/NTC_HTTP_URL.0000050997 | 10 - .../full/2018-10-09/NTC_MAIL_BODY.0000050997 | 3 - .../full/2018-10-09/NTC_MAIL_HDR.0000050997 | 15 - .../2018-10-09/NTC_OBJECT2RULE.0000050997 | 105 - .../full/2018-10-09/NTC_RULE.0000050997 | 79 - .../2018-10-09/NTC_UNIVERSAL_IP.0000050997 | 24 - .../NTC_UNIVERSAL_PROTO_TYPE.0000050997 | 24 - .../full/2018-10-09/WHITE_LIST_IP.0000050997 | 2 - .../2018-10-09/WHITE_LIST_OBJECT.0000050997 | 2 - .../2018-10-09/WHITE_LIST_RULE.0000050997 | 2 - .../full/index/full_config_index.0000050997 | 26 - test/table_info.json | 7 +- test/test_utils.cpp | 221 +- test/test_utils.h | 44 +- 38 files changed, 2177 insertions(+), 2240 deletions(-) delete mode 100644 test/file_test_tableinfo.json delete mode 100644 test/ntcrule/full/2018-10-09/APP_OBJECT.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/APP_PAYLOAD.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/APP_POLICY.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/APP_RULE.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/DDOS_PROTECT_TARGET_IP_CB.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/MM_AV_URL.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/MM_OBJECT.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/MM_RULE.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_ASN_IP.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_BGP_AS.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_DNS_FAKE_IP_CB.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_DNS_REGION.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_DNS_RES_STRATEGY.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_FTP_URL.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_HTTP_REQ_BODY.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_HTTP_RES_BODY.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_HTTP_URL.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_MAIL_BODY.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_MAIL_HDR.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_OBJECT2RULE.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_RULE.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_UNIVERSAL_IP.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/NTC_UNIVERSAL_PROTO_TYPE.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/WHITE_LIST_IP.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/WHITE_LIST_OBJECT.0000050997 delete mode 100644 test/ntcrule/full/2018-10-09/WHITE_LIST_RULE.0000050997 delete mode 100644 test/ntcrule/full/index/full_config_index.0000050997 diff --git a/src/inc_internal/maat_expr.h b/src/inc_internal/maat_expr.h index a5dfc77..ed4081b 100644 --- a/src/inc_internal/maat_expr.h +++ b/src/inc_internal/maat_expr.h @@ -20,6 +20,13 @@ extern "C" #include "maat_table.h" #include "cJSON/cJSON.h" +enum expr_type { + EXPR_TYPE_INVALID = -1, + EXPR_TYPE_AND = 0, + EXPR_TYPE_REGEX, + EXPR_TYPE_MAX +}; + struct expr_runtime; void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, diff --git a/src/maat_command.c b/src/maat_command.c index 27749ea..5b26750 100644 --- a/src/maat_command.c +++ b/src/maat_command.c @@ -323,7 +323,7 @@ error_out: int maat_cmd_set_file(struct maat *maat_inst, const char *key, const char *value, size_t size, enum maat_operation op) { - redisContext *ctx = maat_inst->opts.redis_ctx.write_ctx; + redisContext *ctx = get_redis_ctx_for_write(maat_inst); if (NULL == ctx) { log_fatal(maat_inst->logger, MODULE_MAAT_COMMAND, "[%s:%d] failed: Redis is not connected.", diff --git a/src/maat_expr.c b/src/maat_expr.c index 45bab8a..c0025a2 100644 --- a/src/maat_expr.c +++ b/src/maat_expr.c @@ -39,13 +39,6 @@ struct expr_schema { struct table_manager *ref_tbl_mgr; }; -enum expr_type { - EXPR_TYPE_INVALID = -1, - EXPR_TYPE_AND = 0, - EXPR_TYPE_REGEX, - EXPR_TYPE_MAX -}; - enum match_method { MATCH_METHOD_SUB = 0, MATCH_METHOD_RIGHT, @@ -478,8 +471,14 @@ static int expr_keywords_to_expr_pattern(char *keywords, struct expr_pattern *pa region_str_len = hex2bin(hex_str_start, strlen(hex_str_start), region_string, region_str_len); tmp_start_str = str_unescape(tmp_start_str); - snprintf(tmp_keywords + pattern_len, MAX_KEYWORDS_STR_LEN - pattern_len, "%s%s", tmp_start_str, region_string); - pattern_len = strlen(tmp_keywords); + //snprintf(tmp_keywords + pattern_len, MAX_KEYWORDS_STR_LEN - pattern_len, "%s%s", tmp_start_str, region_string); + if (pattern_len + strlen(tmp_start_str) + region_str_len > MAX_KEYWORDS_STR_LEN) { + return -1; + } + memcpy(tmp_keywords + pattern_len, tmp_start_str, strlen(tmp_start_str)); + pattern_len += strlen(tmp_start_str); + memcpy(tmp_keywords + pattern_len, region_string, region_str_len);//can't use strcpy cause region_string is from hexbin and may contain '\0' + pattern_len += region_str_len; if (region_string != NULL) { FREE(region_string); @@ -490,6 +489,9 @@ static int expr_keywords_to_expr_pattern(char *keywords, struct expr_pattern *pa } if (tmp_end_str != NULL && tmp_end_str[0] != '\0') { tmp_end_str = str_unescape(tmp_end_str); + if (pattern_len + strlen(tmp_start_str) + strlen(tmp_end_str) > MAX_KEYWORDS_STR_LEN) { + return -1; + } snprintf(tmp_keywords + pattern_len, MAX_KEYWORDS_STR_LEN - pattern_len, "%s%s", tmp_start_str, tmp_end_str); pattern_len = strlen(tmp_keywords); } diff --git a/src/maat_redis_monitor.c b/src/maat_redis_monitor.c index 885927b..34cc406 100644 --- a/src/maat_redis_monitor.c +++ b/src/maat_redis_monitor.c @@ -70,17 +70,17 @@ get_foregin_keys(struct serial_rule *p_rule, char foreign_names[][MAX_FOREIGN_NA int foreign_key_size = 0; p_rule->f_keys = ALLOC(struct foreign_key, n_foreign); + cJSON *json = cJSON_Parse(p_rule->table_line); + if (json == NULL) { + log_fatal(logger, MODULE_REDIS_MONITOR, + "[%s:%d] Get %s,%s foreign key failed: " + "Invalid table line", __FUNCTION__, __LINE__, + p_rule->table_name, p_rule->rule_uuid_str); + return; + } + for (int i = 0; i < n_foreign; i++) { const char *p_foreign_name = foreign_names[i]; - cJSON *json = cJSON_Parse(p_rule->table_line); - - if (json == NULL) { - log_fatal(logger, MODULE_REDIS_MONITOR, - "[%s:%d] Get %s,%s foreign key failed: " - "Invalid table line", __FUNCTION__, __LINE__, - p_rule->table_name, p_rule->rule_uuid_str); - continue; - } cJSON *item = cJSON_GetObjectItem(json, p_foreign_name); if (item == NULL || item->type != cJSON_String) { @@ -129,6 +129,8 @@ get_foregin_keys(struct serial_rule *p_rule, char foreign_names[][MAX_FOREIGN_NA p_rule->n_foreign++; } + cJSON_Delete(json); + if (0 == p_rule->n_foreign) { FREE(p_rule->f_keys); } diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 5cd5e73..64a9b4d 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -43,12 +43,10 @@ target_link_libraries(maat_framework_gtest maat_frame_static gtest_static) configure_file(table_info.json table_info.json COPYONLY) configure_file(tsg_table_info.json tsg_table_info.json COPYONLY) -configure_file(file_test_tableinfo.json file_test_tableinfo.json COPYONLY) configure_file(expr_matcher.json expr_matcher.json COPYONLY) configure_file(maat_json.json maat_json.json COPYONLY) configure_file(regex_expr.json regex_expr.json COPYONLY) -file(COPY ntcrule DESTINATION ./) file(COPY tsgrule DESTINATION ./) file(COPY testdata DESTINATION ./) file(COPY test_streamfiles DESTINATION ./) diff --git a/test/file_test_tableinfo.json b/test/file_test_tableinfo.json deleted file mode 100644 index 842ba4e..0000000 --- a/test/file_test_tableinfo.json +++ /dev/null @@ -1,201 +0,0 @@ -[ - { - "table_id":0, - "table_name": "NTC_RULE", - "table_type":"rule", - "valid_column":8, - "custom": { - "rule_id":1, - "tags":6, - "condition_num":9 - } - }, - { - "table_id":1, - "table_name": "WHITE_LIST_RULE", - "table_type":"rule", - "valid_column":8, - "custom": { - "rule_id":1, - "tags":6, - "condition_num":9 - } - }, - { - "table_id":2, - "table_name": "FILE_RULE", - "db_tables": ["NTC_RULE", "WHITE_LIST_RULE"], - "default_rule_table":2, - "table_type":"rule", - "valid_column":8, - "custom": { - "rule_id":1, - "tags":6, - "condition_num":9 - } - }, - { - "table_id":3, - "table_name":"NTC_OBJECT2OBJECT", - "table_type":"object2object", - "valid_column":4, - "custom": { - "object_id":1, - "included_sub_object_ids":2, - "excluded_sub_object_ids":3 - } - }, - { - "table_id":4, - "table_name":"NTC_OBJECT2RULE", - "table_type":"object2rule", - "associated_rule_table_id":2, - "valid_column":3, - "custom": { - "object_id":1, - "rule_id":2, - "negate_option":4, - "attribute_name":5, - "condition_index":6 - } - }, - { - "table_id":5, - "table_name":"NTC_UNIVERSAL_IP", - "table_type":"ip", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "ip":3, - "port":4 - } - }, - { - "table_id":6, - "table_name":"NTC_UNIVERSAL_PROTO_TYPE", - "table_type":"interval", - "valid_column":4, - "custom": { - "item_id":1, - "object_id":2, - "interval":3 - } - }, - { - "table_id":7, - "table_name":"WHITE_LIST_IP", - "table_type":"ip", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "ip":3, - "port":4 - } - }, - { - "table_id":8, - "table_name":"FILE_HTTP_URL", - "db_tables": ["NTC_HTTP_URL", "WHITE_LIST_DOMAIN"], - "table_type":"expr", - "valid_column":7, - "custom": { - "item_id":1, - "object_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 - } - }, - { - "table_id":9, - "table_name":"FILE_HTTP_HDR_REGION", - "db_tables":["NTC_HTTP_REQ_HDR", "NTC_HTTP_RES_HDR"], - "table_type":"expr_plus", - "valid_column":8, - "custom": { - "item_id":1, - "object_id":2, - "district":3, - "keywords":4, - "expr_type":5, - "match_method":6, - "is_hexbin":7 - } - }, - { - "table_id":10, - "table_name":"FILE_HTTP_BODY_REGION", - "db_tables":["NTC_HTTP_REQ_BODY", "NTC_HTTP_RES_BODY"], - "table_type":"expr", - "valid_column":7, - "custom": { - "item_id":1, - "object_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 - } - }, - { - "table_id":11, - "table_name":"NTC_MAIL_HDR", - "table_type":"expr_plus", - "valid_column":8, - "custom": { - "item_id":1, - "object_id":2, - "district":3, - "keywords":4, - "expr_type":5, - "match_method":6, - "is_hexbin":7 - } - }, - { - "table_id":12, - "table_name":"NTC_MAIL_BODY", - "table_type":"expr_plus", - "valid_column":8, - "custom": { - "item_id":1, - "object_id":2, - "district":3, - "keywords":4, - "expr_type":5, - "match_method":6, - "is_hexbin":7 - } - }, - { - "table_id":13, - "table_name":"NTC_FTP_URL", - "table_type":"expr", - "valid_column":7, - "custom": { - "item_id":1, - "object_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 - } - }, - { - "table_id":14, - "table_name":"NTC_FTP_CONTENT", - "table_type":"expr", - "valid_column":7, - "custom": { - "item_id":1, - "object_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 - } - } -] \ No newline at end of file diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index ef8f61b..e1cd6ef 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -25,40 +25,38 @@ const char *g_json_filename = "maat_json.json"; size_t g_thread_num = 4; -#if 0 //TODO -int test_add_expr_command(struct maat *maat_inst, const char *expr_table, - long long rule_id, int timeout, - const char *keywords) +static int test_add_expr_command(struct maat *maat_inst, const char *expr_table, + const char *attr_name, const char *rule_uuid_str, int timeout, + const char *keywords, struct maat_cmd_and_condition *and_condition) { char huge_serv_def[1024 * 2] = {0}; memset(huge_serv_def, 's', sizeof(huge_serv_def) - 1); huge_serv_def[sizeof(huge_serv_def) - 1] = '\0'; - int ret = rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_ADD, - rule_id, huge_serv_def, 1, timeout); - EXPECT_EQ(ret, 1); - long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, "OBJECT2RULE_DEFAULT", MAAT_OP_ADD, - object_id, rule_id, 0, expr_table, 1, timeout); + long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char object_uuid_str[UUID_STR_LEN] = {0}; + char item_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object_id); + snprintf(item_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item_id); + + int ret = expr_table_set_line(maat_inst, expr_table, MAAT_OP_ADD, item_uuid_str, + object_uuid_str, keywords, EXPR_TYPE_AND, 0); EXPECT_EQ(ret, 1); - long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, expr_table, MAAT_OP_ADD, item_id, - object_id, keywords, "null", 1, 0); + and_condition->or_condition_num = 1; + and_condition->negate_option = 0; + and_condition->or_conditions[0].attribute_name = attr_name; + and_condition->or_conditions[0].object_uuids_str[0] = object_uuid_str; + and_condition->or_conditions[0].object_num = 1; + ret = rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_ADD, + rule_uuid_str, and_condition, 1, NULL, timeout); EXPECT_EQ(ret, 1); return ret; } -int del_command(struct maat *maat_inst, int rule_id) -{ - return rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_DEL, - rule_id, "null", 1, 0); -} -#endif - const char *watched_json = "./json_update/maat.json"; const char *old_json = "./json_update/old.json"; const char *new_json = "./json_update/new.json"; @@ -646,7 +644,7 @@ TEST_F(HsStringScan, BackslashR_N_Escape) { state = NULL; } -#if 0 //TODO + TEST_F(HsStringScan, BackslashR_N_Escape_IncUpdate) { int ret = 0; uuid_t results[ARRAY_SIZE]; @@ -662,7 +660,9 @@ TEST_F(HsStringScan, BackslashR_N_Escape_IncUpdate) { ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); - EXPECT_EQ(results[0], 234); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000234"); ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); @@ -670,27 +670,34 @@ TEST_F(HsStringScan, BackslashR_N_Escape_IncUpdate) { maat_state_reset(state); const char *rule_table_name = "RULE_DEFAULT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; + + /* expr table add line */ + long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char object_uuid_str[UUID_STR_LEN] = {0}; + char item_uuid_str[UUID_STR_LEN] = {0}; + const char *keywords = "html>\\\\r\\\\n"; + + snprintf(object_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object_id); + snprintf(item_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item_id); + /* EXPR_TYPE_AND MATCH_METHOD_SUB */ + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_uuid_str, + object_uuid_str, keywords, EXPR_TYPE_AND, 0); + EXPECT_EQ(ret, 1); /* rule table add line */ long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + + struct maat_cmd_and_condition and_condition; + and_condition.or_condition_num = 1; + and_condition.negate_option = 0; + and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; + and_condition.or_conditions[0].object_num = 1; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - - /* object2rule table add line */ - long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object_id, rule_id, 0, table_name, 1, 0); - EXPECT_EQ(ret, 1); - - /* expr table add line */ - long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - const char *keywords = "html>\\\\r\\\\n"; - - /* EXPR_TYPE_AND MATCH_METHOD_SUB */ - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - object_id, keywords, NULL, 1, 0); + rule_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 3); @@ -699,8 +706,10 @@ TEST_F(HsStringScan, BackslashR_N_Escape_IncUpdate) { results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); - EXPECT_EQ(results[0], 234); - EXPECT_EQ(results[1], rule_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000234"); + uuid_unparse(results[1], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str); ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); @@ -709,7 +718,6 @@ TEST_F(HsStringScan, BackslashR_N_Escape_IncUpdate) { maat_state_free(state); state = NULL; } -#endif TEST_F(HsStringScan, BackslashCtrlCharactor) { @@ -1238,7 +1246,6 @@ TEST_F(HsStringScan, StreamHitDirectObject) { state = NULL; } -#if 0 //TODO TEST_F(HsStringScan, dynamic_config) { const char *table_name = "HTTP_URL"; const char *attribute_name = "HTTP_URL"; @@ -1263,27 +1270,33 @@ TEST_F(HsStringScan, dynamic_config) { maat_state_reset(state); const char *rule_table_name = "RULE_DEFAULT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; - - /* rule table add line */ - long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - - /* object2rule table add line */ - long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object_id, rule_id, 0, table_name, 1, 0); - EXPECT_EQ(ret, 1); /* expr table add line */ long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char item_uuid_str[UUID_STR_LEN] = {0}; + char object_uuid_str[UUID_STR_LEN] = {0}; const char *keywords = "welcome to maat"; + snprintf(item_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item_id); + snprintf(object_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object_id); /* EXPR_TYPE_AND MATCH_METHOD_SUB */ - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - object_id, keywords, NULL, 1, 0); + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_uuid_str, + object_uuid_str, keywords, EXPR_TYPE_AND, 0); + EXPECT_EQ(ret, 1); + + /* rule table add line */ + long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + struct maat_cmd_and_condition and_condition; + and_condition.negate_option = 0; + and_condition.or_condition_num = 1; + and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].object_num = 1; + and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 3); @@ -1292,7 +1305,9 @@ TEST_F(HsStringScan, dynamic_config) { ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str); ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); @@ -1301,18 +1316,13 @@ TEST_F(HsStringScan, dynamic_config) { maat_state_reset(state); /* EXPR_TYPE_AND MATCH_METHOD_SUB */ - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_id, - object_id, keywords, NULL, 1, 0); - EXPECT_EQ(ret, 1); - - /* object2rule table del line */ - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL, - object_id, rule_id, 0, table_name, 1, 0); + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_uuid_str, + object_uuid_str, keywords, EXPR_TYPE_AND, 0); EXPECT_EQ(ret, 1); /* rule table del line */ ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, - rule_id, "null", 1, 0); + rule_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -1329,7 +1339,6 @@ TEST_F(HsStringScan, dynamic_config) { maat_state_free(state); state = NULL; } -#endif class RsStringScan : public testing::Test { @@ -1517,7 +1526,7 @@ TEST_F(RsStringScan, BackslashR_N_Escape) { state = NULL; } -#if 0 //TODO + TEST_F(RsStringScan, BackslashR_N_Escape_IncUpdate) { int ret = 0; uuid_t results[ARRAY_SIZE]; @@ -1533,7 +1542,9 @@ TEST_F(RsStringScan, BackslashR_N_Escape_IncUpdate) { ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); - EXPECT_EQ(results[0], 234); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000234"); ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); @@ -1541,27 +1552,34 @@ TEST_F(RsStringScan, BackslashR_N_Escape_IncUpdate) { maat_state_reset(state); const char *rule_table_name = "RULE_DEFAULT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; + + /* expr table add line */ + long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char object_uuid_str[UUID_STR_LEN] = {0}; + char item_uuid_str[UUID_STR_LEN] = {0}; + const char *keywords = "html>\\\\r\\\\n"; + + snprintf(object_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object_id); + snprintf(item_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item_id); + /* EXPR_TYPE_AND MATCH_METHOD_SUB */ + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_uuid_str, + object_uuid_str, keywords, EXPR_TYPE_AND, 0); + EXPECT_EQ(ret, 1); /* rule table add line */ long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + + struct maat_cmd_and_condition and_condition; + and_condition.or_condition_num = 1; + and_condition.negate_option = 0; + and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; + and_condition.or_conditions[0].object_num = 1; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - - /* object2rule table add line */ - long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object_id, rule_id, 0, table_name, 1, 0); - EXPECT_EQ(ret, 1); - - /* expr table add line */ - long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - const char *keywords = "html>\\\\r\\\\n"; - - /* EXPR_TYPE_AND MATCH_METHOD_SUB */ - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - object_id, keywords, NULL, 1, 0); + rule_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 3); @@ -1570,8 +1588,10 @@ TEST_F(RsStringScan, BackslashR_N_Escape_IncUpdate) { results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); - EXPECT_EQ(results[0], 234); - EXPECT_EQ(results[1], rule_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000234"); + uuid_unparse(results[1], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str); ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); @@ -1580,7 +1600,6 @@ TEST_F(RsStringScan, BackslashR_N_Escape_IncUpdate) { maat_state_free(state); state = NULL; } -#endif TEST_F(RsStringScan, BackslashCtrlCharactor) { @@ -2058,7 +2077,6 @@ TEST_F(RsStringScan, StreamInput) { state = NULL; } -#if 0 //TODO TEST_F(RsStringScan, dynamic_config) { const char *table_name = "HTTP_URL"; const char *attribute_name = "HTTP_URL"; @@ -2070,47 +2088,57 @@ TEST_F(RsStringScan, dynamic_config) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); + int ret = maat_scan_string(maat_inst, table_name, attribute_name, data, strlen(data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); - maat_state_reset(state); ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); + maat_state_reset(state); + const char *rule_table_name = "RULE_DEFAULT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; - - /* rule table add line */ - long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - - /* object2rule table add line */ - long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object_id, rule_id, 0, table_name, 1, 0); - EXPECT_EQ(ret, 1); /* expr table add line */ long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char item_uuid_str[UUID_STR_LEN] = {0}; + char object_uuid_str[UUID_STR_LEN] = {0}; const char *keywords = "welcome to maat"; + snprintf(item_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item_id); + snprintf(object_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object_id); - /* EXPR_TYPE_AND MATCH_METHOD_SUB */ - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - object_id, keywords, NULL, 1, 0); + /* EXPR_TYPE_AND MATCH_METHOD_SUB */ + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_uuid_str, + object_uuid_str, keywords, EXPR_TYPE_AND, 0); EXPECT_EQ(ret, 1); - sleep(WAIT_FOR_EFFECTIVE_S * 2); + /* rule table add line */ + long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + struct maat_cmd_and_condition and_condition; + and_condition.negate_option = 0; + and_condition.or_condition_num = 1; + and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].object_num = 1; + and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule_uuid_str, &and_condition, 1, NULL, 0); + EXPECT_EQ(ret, 1); + + sleep(WAIT_FOR_EFFECTIVE_S * 3); ret = maat_scan_string(maat_inst, table_name, attribute_name, data, strlen(data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str); ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); @@ -2118,22 +2146,17 @@ TEST_F(RsStringScan, dynamic_config) { maat_state_reset(state); - /* EXPR_TYPE_AND MATCH_METHOD_SUB*/ - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_id, - object_id, keywords, NULL, 1, 0); - EXPECT_EQ(ret, 1); - - /* object2rule table del line */ - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL, - object_id, rule_id, 0, table_name, 1, 0); + /* EXPR_TYPE_AND MATCH_METHOD_SUB */ + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_uuid_str, + object_uuid_str, keywords, EXPR_TYPE_AND, 0); EXPECT_EQ(ret, 1); /* rule table del line */ ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, - rule_id, table_name, 1, 0); + rule_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); - sleep(WAIT_FOR_EFFECTIVE_S * 2); + sleep(WAIT_FOR_EFFECTIVE_S); ret = maat_scan_string(maat_inst, table_name, attribute_name, data, strlen(data), results, ARRAY_SIZE, &n_hit_result, state); @@ -2147,7 +2170,6 @@ TEST_F(RsStringScan, dynamic_config) { maat_state_free(state); state = NULL; } -#endif class HsStreamScan : public testing::Test { @@ -2184,7 +2206,6 @@ protected: struct maat *HsStreamScan::_shared_maat_inst; -#if 0 //TODO TEST_F(HsStreamScan, dynamic_config) { const char *table_name = "HTTP_URL"; const char *attribute_name = "HTTP_URL"; @@ -2201,7 +2222,10 @@ TEST_F(HsStreamScan, dynamic_config) { // STEP 1: add keywords1 and wait scan stream to hit long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = test_add_expr_command(maat_inst, table_name, rule1_id, 0, keywords1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_condition; + int ret = test_add_expr_command(maat_inst, table_name, attribute_name, rule1_uuid_str, 0, keywords1, &and_condition); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -2223,7 +2247,9 @@ TEST_F(HsStreamScan, dynamic_config) { ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); @@ -2233,8 +2259,10 @@ TEST_F(HsStreamScan, dynamic_config) { // STEP 2: Inc config update, use same stream to scan and wait old expr_runtime invalid random_keyword_generate(keyword_buf, sizeof(keyword_buf)); - long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - ret = test_add_expr_command(maat_inst, table_name, rule_id, 0, keyword_buf); + long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id); + ret = test_add_expr_command(maat_inst, table_name, attribute_name, rule2_uuid_str, 0, keyword_buf, &and_condition); EXPECT_EQ(ret, 1); // Inc config has not yet taken effect, stream scan can hit rule @@ -2242,7 +2270,8 @@ TEST_F(HsStreamScan, dynamic_config) { ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); maat_state_reset(state); @@ -2262,7 +2291,6 @@ TEST_F(HsStreamScan, dynamic_config) { sp = NULL; state = NULL; } -#endif class RsStreamScan : public testing::Test { @@ -2300,11 +2328,7 @@ protected: struct maat *RsStreamScan::_shared_maat_inst; -#if 0 //TODO TEST_F(RsStreamScan, dynamic_config) { - const char *scan_data1 = "www.cyberessays.com"; - const char *scan_data2 = "hello world cyberessays.com/search_results.php?" - "action=search&query=yulingjing,abckkk,1234567"; const char *table_name = "HTTP_URL"; const char *attribute_name = "HTTP_URL"; const char *keywords1 = "hello"; @@ -2312,12 +2336,18 @@ TEST_F(RsStreamScan, dynamic_config) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; + const char *scan_data1 = "www.cyberessays.com"; + const char *scan_data2 = "hello world cyberessays.com/search_results.php?" + "action=search&query=yulingjing,abckkk,1234567"; struct maat *maat_inst = RsStreamScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); // STEP 1: add keywords1 and wait scan stream to hit long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = test_add_expr_command(maat_inst, table_name, rule1_id, 0, keywords1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_condition; + int ret = test_add_expr_command(maat_inst, table_name, attribute_name, rule1_uuid_str, 0, keywords1, &and_condition); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -2339,7 +2369,9 @@ TEST_F(RsStreamScan, dynamic_config) { ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); @@ -2349,8 +2381,10 @@ TEST_F(RsStreamScan, dynamic_config) { // STEP 2: Inc config update, use same stream to scan and wait old expr_runtime invalid random_keyword_generate(keyword_buf, sizeof(keyword_buf)); - long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - ret = test_add_expr_command(maat_inst, table_name, rule_id, 0, keyword_buf); + long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id); + ret = test_add_expr_command(maat_inst, table_name, attribute_name, rule2_uuid_str, 0, keyword_buf, &and_condition); EXPECT_EQ(ret, 1); // Inc config has not yet taken effect, stream scan can hit rule @@ -2358,11 +2392,8 @@ TEST_F(RsStreamScan, dynamic_config) { ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); - - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, - &n_hit_result, state); - EXPECT_EQ(ret, MAAT_SCAN_OK); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); maat_state_reset(state); @@ -2382,7 +2413,6 @@ TEST_F(RsStreamScan, dynamic_config) { sp = NULL; state = NULL; } -#endif class IPScan : public testing::Test { @@ -2780,7 +2810,6 @@ TEST_F(IPScan, BugReport20210515) { state = NULL; } -#if 0 //TODO TEST_F(IPScan, RuleUpdates) { const char *table_name = "IP_PLUS_CONFIG"; const char *attribute_name = "IP_PLUS_CONFIG"; @@ -2806,25 +2835,31 @@ TEST_F(IPScan, RuleUpdates) { maat_state_reset(state); + /* ip table add line */ + long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char object_uuid_str[UUID_STR_LEN] = {0}; + char item_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object_id); + snprintf(item_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item_id); + ret = ip_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_uuid_str, + object_uuid_str, "100.100.100.100", NULL, 0); + EXPECT_EQ(ret, 1); + const char *rule_table_name = "RULE_DEFAULT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; /* rule table add line */ long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + struct maat_cmd_and_condition and_condition; + and_condition.negate_option = 0; + and_condition.or_condition_num = 1; + and_condition.or_conditions[0].object_num = 1; + and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; + and_condition.or_conditions[0].attribute_name = attribute_name; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - - /* object2rule table add line */ - long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object_id, rule_id, 0, table_name, 1, 0); - EXPECT_EQ(ret, 1); - - /* ip table add line */ - long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = ip_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - object_id, "100.100.100.100", 0); + rule_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -2833,7 +2868,9 @@ TEST_F(IPScan, RuleUpdates) { &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str); ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); @@ -2842,18 +2879,13 @@ TEST_F(IPScan, RuleUpdates) { maat_state_reset(state); /* ip table del line */ - ret = ip_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_id, - object_id, "100.100.100.100", 0); - EXPECT_EQ(ret, 1); - - /* object2rule table del line */ - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL, - object_id, rule_id, 0, table_name, 1, 0); + ret = ip_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_uuid_str, + object_uuid_str, "100.100.100.100", NULL, 0); EXPECT_EQ(ret, 1); /* rule table del line */ ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, - rule_id, "null", 1, 0); + rule_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -2869,7 +2901,6 @@ TEST_F(IPScan, RuleUpdates) { maat_state_free(state); state = NULL; } -#endif class IntervalScan : public testing::Test { @@ -5749,19 +5780,6 @@ void rule_ex_param_dup(const char *table_name, void **to, void **from, long argl *((struct rule_ex_param**)to) = from_param; } -TEST_F(RuleTable, RuleRuleUpdate) { - struct maat *maat_inst = RuleTable::_shared_maat_inst; - - const char *rule_table_name = "RULE_DEFAULT"; - uuid_t rule_uuid; - uuid_generate(rule_uuid); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, rule_uuid, "null", NULL, 0, 0); - EXPECT_EQ(ret, 1); - - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule_uuid, "null", NULL, 0, 0); - EXPECT_EQ(ret, 1); -} - TEST_F(RuleTable, Conjunction1) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -6332,26 +6350,38 @@ TEST_F(TableInfo, Conjunction) { state = NULL; } -#if 0 //TODO: change iris rule to json rule class FileTest : public testing::Test { protected: static void SetUpTestCase() { - const char *rule_folder = "./ntcrule/full/index"; - const char *table_info = "./file_test_tableinfo.json"; + char redis_ip[64] = "127.0.0.1"; + int redis_port = 6379; + int redis_db = 0; + + logger = log_handle_create("./maat_framework_gtest.log", 0); + int ret = write_json_to_redis(g_json_filename, redis_ip, redis_port, redis_db, logger); + if (ret < 0) { + log_fatal(logger, MODULE_FRAMEWORK_GTEST, + "[%s:%d] write config to redis failed.", + __FUNCTION__, __LINE__); + } struct maat_options *opts = maat_options_new(); maat_options_set_caller_thread_number(opts, g_thread_num); maat_options_set_instance_name(opts, "files"); maat_options_set_stat_file(opts, "./stat.log"); maat_options_set_perf_on(opts); - maat_options_set_iris(opts, rule_folder, rule_folder); + maat_options_set_redis(opts, redis_ip, redis_port, redis_db); maat_options_set_rule_update_checking_interval_ms(opts, 500); maat_options_set_logger(opts, "./maat_framework_gtest.log", LOG_LEVEL_INFO); - _shared_maat_inst = maat_new(opts, table_info); + _shared_maat_inst = maat_new(opts, g_table_info_path); maat_options_free(opts); - EXPECT_TRUE(_shared_maat_inst != NULL); + if (NULL == _shared_maat_inst) { + log_fatal(logger, MODULE_FRAMEWORK_GTEST, + "[%s:%d] create maat instance in TableInfo failed.", + __FUNCTION__, __LINE__); + } } static void TearDownTestCase() { @@ -6359,24 +6389,24 @@ protected: } static struct maat *_shared_maat_inst; + static struct log_handle *logger; }; struct maat *FileTest::_shared_maat_inst; +struct log_handle *FileTest::logger; TEST_F(FileTest, StreamFiles) { const char test_data_dir[64] = "./test_streamfiles"; - const char *table_name = "NTC_HTTP_REQ_BODY"; + const char *keywords_table_name = "KEYWORDS_TABLE"; + const char *keywords_attribute_name = "KEYWORDS_TABLE"; int thread_id = 0; struct maat *maat_inst = FileTest::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - - ASSERT_GT(table_id, 0); - struct dirent **name_list; int n = my_scandir(test_data_dir, &name_list, NULL, (int (*)(const void*, const void*))alphasort); ASSERT_GT(n, 0); - struct maat_stream *stream = maat_stream_new(maat_inst, table_id, state); + struct maat_stream *stream = maat_stream_new(maat_inst, keywords_table_name, keywords_attribute_name, state); ASSERT_FALSE(stream == NULL); struct stat file_info; @@ -6427,7 +6457,6 @@ TEST_F(FileTest, StreamFiles) { free(name_list); } -#endif class ObjectHierarchy : public testing::Test { @@ -6729,7 +6758,6 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) { state = NULL; } -#if 0 //TODO class MaatCmd : public testing::Test { protected: @@ -6778,28 +6806,34 @@ TEST_F(MaatCmd, SetIP) { const char *ip_table_name = "IP_CONFIG"; const char *ip_attribute_name = "IP_CONFIG"; const char *rule_table_name = "RULE_DEFAULT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); maat_reload_log_level(maat_inst, LOG_LEVEL_INFO); - /* rule table add line */ - long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - - /* object2rule table add line */ - long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object_id, rule_id, 0, ip_table_name, 1, 0); - EXPECT_EQ(ret, 1); - /* item table add line */ const char *ip1 = "172.0.0.1"; + long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item_id, - object_id, ip1, 0); + char object_uuid_str[UUID_STR_LEN] = {0}; + char item_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object_id); + snprintf(item_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item_id); + int ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item_uuid_str, + object_uuid_str, ip1, NULL, 0); + EXPECT_EQ(ret, 1); + + /* rule table add line */ + long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + struct maat_cmd_and_condition and_condition; + and_condition.negate_option = 0; + and_condition.or_condition_num = 1; + and_condition.or_conditions[0].attribute_name = ip_attribute_name; + and_condition.or_conditions[0].object_num = 1; + and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -6815,7 +6849,9 @@ TEST_F(MaatCmd, SetIP) { &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str); ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); @@ -6844,9 +6880,14 @@ TEST_F(MaatCmd, SetExpr) { snprintf(keywords, sizeof(keywords), "%s&%s", keywords1, keywords2); long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 2); + char rule_uuid_str1[UUID_STR_LEN] = {0}; + char rule_uuid_str2[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str1, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", (rule_id - 1)); + snprintf(rule_uuid_str2, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); - test_add_expr_command(maat_inst, table_name, rule_id - 1, 0, keywords); - test_add_expr_command(maat_inst, table_name, rule_id, 0, keywords); + struct maat_cmd_and_condition and_condition1, and_condition2; + test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str1, 0, keywords, &and_condition1); + test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str2, 0, keywords, &and_condition2); sleep(WAIT_FOR_EFFECTIVE_S); @@ -6854,7 +6895,12 @@ TEST_F(MaatCmd, SetExpr) { int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); - //EXPECT_TRUE(results[0] == rule_id || results[0] == (rule_id - 1));//TODO: fix this + EXPECT_EQ(n_hit_result, 2); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str2); + uuid_unparse(results[1], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str1); ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); @@ -6862,11 +6908,11 @@ TEST_F(MaatCmd, SetExpr) { maat_state_reset(state); - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule_id-1, - "null", 1, 0); + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule_uuid_str1, + &and_condition1, 1, NULL, 0); EXPECT_EQ(ret, 1); - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule_id, - "null", 1, 0); + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule_uuid_str2, + &and_condition2, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -6882,7 +6928,10 @@ TEST_F(MaatCmd, SetExpr) { int timeout = 1; rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - test_add_expr_command(maat_inst, table_name, rule_id, timeout, keywords); + char rule_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + struct maat_cmd_and_condition and_condition; + test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str, timeout, keywords, &and_condition); sleep(timeout + 1); ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); @@ -6901,7 +6950,6 @@ TEST_F(MaatCmd, SetExpr8) { const char *scan_data7 = "string1, string2, string3, string4, string5, string6, string7"; const char *rule_table_name = "RULE_DEFAULT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; const char *table_name = "KEYWORDS_TABLE"; const char *attribute_name = "KEYWORDS_TABLE"; @@ -6914,22 +6962,29 @@ TEST_F(MaatCmd, SetExpr8) { struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - /* rule table add line */ - long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - - /* object2rule table add line */ - long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object_id, rule_id, 0, table_name, 1, 0); - EXPECT_EQ(ret, 1); - /* EXPR_TYPE_AND MATCH_METHOD_SUB */ long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - object_id, keywords8, NULL, 1, 0); + long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char item_uuid_str[UUID_STR_LEN] = {0}; + char object_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item_id); + snprintf(object_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object_id); + int ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_uuid_str, + object_uuid_str, keywords8, EXPR_TYPE_AND, 0); + EXPECT_EQ(ret, 1); + + /* rule table add line */ + long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + struct maat_cmd_and_condition and_condition; + and_condition.negate_option = 0; + and_condition.or_condition_num = 1; + and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].object_num = 1; + and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -6938,7 +6993,9 @@ TEST_F(MaatCmd, SetExpr8) { results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str); ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); @@ -6946,12 +7003,12 @@ TEST_F(MaatCmd, SetExpr8) { maat_state_reset(state); - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_id, - object_id, keywords8, NULL, 1, 0); + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_uuid_str, + object_uuid_str, keywords8, EXPR_TYPE_AND, 0); EXPECT_EQ(ret, 1); - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - object_id, keywords7, NULL, 1, 0); + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_uuid_str, + object_uuid_str, keywords7, EXPR_TYPE_AND, 0); sleep(WAIT_FOR_EFFECTIVE_S); @@ -6960,7 +7017,8 @@ TEST_F(MaatCmd, SetExpr8) { results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str); ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); @@ -6977,32 +7035,38 @@ TEST_F(MaatCmd, ObjectScan) { const char *table_name = "HTTP_URL"; const char *attribute_name = "HTTP_URL"; const char *rule_table_name = "RULE_DEFAULT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); /* rule table add line */ long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - - /* object2rule table add line */ long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object_id, rule_id, 0, table_name, 1, 0); + char rule_uuid_str[UUID_STR_LEN] = {0}; + char object_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + snprintf(object_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object_id); + struct maat_cmd_and_condition and_condition; + and_condition.negate_option = 0; + and_condition.or_condition_num = 1; + and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].object_num = 1; + and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; + int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); struct maat_hit_object hit_object; - hit_object.object_id = object_id; - hit_object.attribute_id = table_id; + uuid_parse(object_uuid_str, hit_object.object_uuid); + strncpy(hit_object.attribute_name, attribute_name, sizeof(hit_object.attribute_name)); ret = maat_scan_object(maat_inst, table_name, attribute_name, &hit_object, 1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str); maat_state_free(state); state = NULL; @@ -7014,48 +7078,57 @@ TEST_F(MaatCmd, ObjectScan) { */ TEST_F(MaatCmd, SameFilterRefByOneRule) { const char *attribute_name = "HTTP_URL_FILTER"; + const char *table_name = "HTTP_URL"; const char *scan_data = "http://filtermenot.com"; const char *keywords = "menot.com"; const char *rule_table_name = "RULE_DEFAULT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int table_id = maat_get_table_id(maat_inst, attribute_name); - ASSERT_GT(table_id, 0); + + long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char object_uuid_str[UUID_STR_LEN] = {0}; + char item_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object_id); + snprintf(item_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item_id); + int ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_uuid_str, object_uuid_str, + keywords, EXPR_TYPE_AND, 0); + EXPECT_EQ(ret, 1); long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule_id, "null", 2, 0); // rule has two condition + char rule_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + struct maat_cmd_and_condition and_condition[2]; + and_condition[0].negate_option = 0; + and_condition[0].or_condition_num = 1; + and_condition[0].or_conditions[0].attribute_name = attribute_name; + and_condition[0].or_conditions[0].object_num = 1; + and_condition[0].or_conditions[0].object_uuids_str[0] = object_uuid_str; + //condition1 & condition2 has same filter => {attribute_name, object_uuid} + and_condition[1].negate_option = 0; + and_condition[1].or_condition_num = 1; + and_condition[1].or_conditions[0].attribute_name = attribute_name; + and_condition[1].or_conditions[0].object_num = 1; + and_condition[1].or_conditions[0].object_uuids_str[0] = object_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule_uuid_str, and_condition, 2, NULL, 0); // rule has two condition EXPECT_EQ(ret, 1); - //condition1 & condition2 has same filter => {attribute_id, object_id} - long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object_id, rule_id, 0, attribute_name, 1, 0); - EXPECT_EQ(ret, 1); - - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object_id, rule_id, 0, attribute_name, 2, 0); - EXPECT_EQ(ret, 1); - - long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, "HTTP_URL", MAAT_OP_ADD, item_id, object_id, - keywords, "null", 1, 0); - EXPECT_EQ(ret, 1); - sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_id, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7065,6 +7138,7 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) { TEST_F(MaatCmd, RuleIDRecycle) { const char *table_name = "HTTP_URL"; + const char *attribute_name = "HTTP_URL"; const char *scan_data = "Reuse rule ID is allowed."; const char *keywords = "Reuse&rule"; uuid_t results[ARRAY_SIZE]; @@ -7073,50 +7147,53 @@ TEST_F(MaatCmd, RuleIDRecycle) { struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - - ASSERT_GT(table_id, 0); - long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - test_add_expr_command(maat_inst, table_name, rule_id, 0, keywords); + char rule_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + struct maat_cmd_and_condition and_condition; + test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str, 0, keywords, &and_condition); sleep(WAIT_FOR_EFFECTIVE_S); - int ret = maat_scan_string(maat_inst, table_id, scan_data, + int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - del_command(maat_inst, rule_id); + rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_DEL, rule_uuid_str, &and_condition, 1, NULL, 0); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_id, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - test_add_expr_command(maat_inst, table_name, rule_id, 0, keywords); + test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str, 0, keywords, &and_condition); sleep(WAIT_FOR_EFFECTIVE_S); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_id, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7126,6 +7203,7 @@ TEST_F(MaatCmd, RuleIDRecycle) { TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) { const char *table_name = "HTTP_URL"; + const char *attribute_name = "HTTP_URL"; const char *scan_data = "This string will hit mulptiple rules."; const char *keywords = "string will hit"; uuid_t results[ARRAY_SIZE]; @@ -7134,32 +7212,34 @@ TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) { struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - - ASSERT_GT(table_id, 0); - int i = 0; int repeat_times = 4; long long expect_rule_id[ARRAY_SIZE] = {0}; + char rule_uuid_str_array[ARRAY_SIZE][UUID_STR_LEN]; long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", repeat_times); for (i = 0; i < repeat_times; i++) { //add in ascending order + struct maat_cmd_and_condition and_condition; expect_rule_id[i] = rule_id + 1 - repeat_times + i; - test_add_expr_command(maat_inst, table_name, expect_rule_id[i], 0, keywords); + snprintf(rule_uuid_str_array[i], UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", expect_rule_id[i]); + test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str_array[i], 0, keywords, &and_condition); } sleep(WAIT_FOR_EFFECTIVE_S); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_id, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, repeat_times); for (i = 0; i < repeat_times; i++) { - EXPECT_EQ(results[i], expect_rule_id[repeat_times -i - 1]); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[i], uuid_str); + EXPECT_STREQ(uuid_str, rule_uuid_str_array[repeat_times - i - 1]); } - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7168,8 +7248,8 @@ TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) { TEST_F(MaatCmd, SubObject) { const char *table_name = "HTTP_URL"; + const char *attribute_name = "HTTP_URL"; const char *rule_table_name = "RULE_DEFAULT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; const char *o2o_table_name = "OBJECT2OBJECT"; const char *scan_data1 = "www.v2ex.com/t/573028#程序员的核心竞争力是什么"; const char *keyword1 = "程序员&核心竞争力"; @@ -7177,42 +7257,20 @@ TEST_F(MaatCmd, SubObject) { "&pos=index-dbtlwzl&wt_campaign=M_5CE750003F393&wt_source=PDPS_514ACACFD9E770"; const char *keyword2 = "ask.leju.com/b&/detail/12189672562229248/?&?bi=tg\\&type=sina-pc\\&&\\&pos=" "index-dbtlwzl\\&&\\&type=sina-pc\\&pos=index-dbtlwzl\\&"; - int thread_id = 0; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - - ASSERT_GT(table_id, 0); - - /* rule table add line */ - //rule1 - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - - //rule2 - long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule2_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - - /* object2rule table add line */ - //object1 -> rule1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, table_name, 1, 0); - EXPECT_EQ(ret, 1); - - //object1 -> rule2 - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule2_id, 0, table_name, 1, 0); - EXPECT_EQ(ret, 1); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); //object2 -> object1 -> rule1 long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object2_uuid_str[UUID_STR_LEN]; + snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id); ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD, - object1_id, object2_id, 0); + object1_uuid_str, &object2_uuid_str, 1, NULL, 0, 0); EXPECT_EQ(ret, 1); /* item1 -> object2 -> object1 -> rule1 @@ -7220,21 +7278,51 @@ TEST_F(MaatCmd, SubObject) { \ _ rule2 */ long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - object2_id, keyword1, NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ + char item_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item_id); + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_uuid_str, + object2_uuid_str, keyword1, EXPR_TYPE_AND, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ + + /* rule table add line */ + //rule1 + //object1 -> rule1 + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_condition; + and_condition.negate_option = 0; + and_condition.or_condition_num = 1; + and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].object_num = 1; + and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, &and_condition, 1, NULL, 0); + EXPECT_EQ(ret, 1); + + //rule2 + //object1 -> rule2 + long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id); + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule2_uuid_str, &and_condition, 1, NULL, 0); + EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, table_id, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); - EXPECT_EQ(results[0], rule2_id); - EXPECT_EQ(results[1], rule1_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule2_uuid_str); + uuid_unparse(results[1], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7244,18 +7332,19 @@ TEST_F(MaatCmd, SubObject) { \ \_ X -> rule2 */ - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL, - object1_id, rule2_id, 0, table_name, 1, 0); + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, + rule2_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_id, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7265,25 +7354,24 @@ TEST_F(MaatCmd, SubObject) { \ \_ -> rule2 */ - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL, - object1_id, rule1_id, 0, table_name, 1, 0); - EXPECT_EQ(ret, 1); - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, - rule1_id, "null", 1, 0); + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, + rule1_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object2_id, rule2_id, 0, table_name, 1, 0); + and_condition.or_conditions[0].object_uuids_str[0] = object2_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule2_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_id, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule2_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule2_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7292,22 +7380,26 @@ TEST_F(MaatCmd, SubObject) { /* item1 -> object2 -> object1 -> X \ \_ -> rule2 - item2 -> object3 + item2 -> object3 -> object1 */ long long object3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object3_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object3_id); ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD, - object1_id, object3_id, 0); + object1_uuid_str, &object3_uuid_str, 1, NULL, 0, 0); EXPECT_EQ(ret, 1); long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_id, - object3_id, keyword2, NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ + char item2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item2_id); + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_uuid_str, + object3_uuid_str, keyword2, EXPR_TYPE_AND, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ sleep(2); - ret = maat_scan_string(maat_inst, table_id, scan_data2, strlen(scan_data2), + ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data2, strlen(scan_data2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7316,30 +7408,26 @@ TEST_F(MaatCmd, SubObject) { /* item1 -> object2 -> object1 -> X \ \_ -> rule2 - item2 -> object3 + item2 -> object3 -> object1 */ + and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, table_name, 1, 0); + rule1_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, - rule1_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL, - object1_id, rule1_id, 0, table_name, 1, 0); + rule1_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_id, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule2_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule2_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7349,8 +7437,8 @@ TEST_F(MaatCmd, SubObject) { TEST_F(MaatCmd, RefObject) { const char *table_name = "HTTP_URL"; + const char *attribute_name = "HTTP_URL"; const char* rule_table_name = "RULE_DEFAULT"; - const char* o2r_table_name = "OBJECT2RULE_DEFAULT"; const char* scan_data1 = "m.facebook.com/help/2297503110373101?helpref=hc_nav&refid=69"; const char* keyword1 = "something-should-not-hit"; const char* keyword2 = "facebook.com/help/2297503110373101"; @@ -7358,68 +7446,67 @@ TEST_F(MaatCmd, RefObject) { struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - - ASSERT_GT(table_id, 0); - - //TODO: value=0 MAAT_OPT_ENABLE_UPDATE - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - - //object1 -> rule1 + //object1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, table_name, 1, 0); - EXPECT_EQ(ret, 1); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); //item1 -> object1 -> rule1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item1_id, - object1_id, keyword1, NULL, 1, 0); /* EXPR_TYPE_AND MATCH_METHOD_SUB */ + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); + int ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item1_uuid_str, + object1_uuid_str, keyword1, EXPR_TYPE_AND, 0); /* EXPR_TYPE_AND MATCH_METHOD_SUB */ + EXPECT_EQ(ret, 1); + + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_condition; + and_condition.negate_option = 0; + and_condition.or_condition_num = 1; + and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].object_num = 1; + and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - /* item1 -> object1 -> X -> rule1 - / - / - item2 -> object2 + /* item1 -> object1 -> X + item2 -> object2 -> rule1 */ + rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule1_uuid_str, &and_condition, 1, NULL, 0); + long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object2_id, rule1_id, 0, table_name, 1, 0); + char object2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id); + and_condition.or_conditions[0].object_uuids_str[0] = object2_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_id, - object2_id, keyword2, NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ - EXPECT_EQ(ret, 1); - - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, - rule1_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL, - object1_id, rule1_id, 0, table_name, 1, 0); - EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object2_id, rule1_id, 0, table_name, 1, 0); + char item2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item2_id); + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_uuid_str, + object2_uuid_str, keyword2, EXPR_TYPE_AND, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, table_id, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7429,47 +7516,56 @@ TEST_F(MaatCmd, RefObject) { TEST_F(MaatCmd, Attribute) { const char* rule_table_name = "RULE_DEFAULT"; - const char* o2r_table_name = "OBJECT2RULE_DEFAULT"; const char* table_name="HTTP_SIGNATURE"; - int thread_id = 0; + const char *attribute_req_name = "HTTP_REQUEST_HEADER"; + const char *attribute_resp_name = "HTTP_RESPONSE_HEADER"; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 2, 0); - EXPECT_EQ(ret, 1); - - //object1 -> rule1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, - "HTTP_REQUEST_HEADER", 1, 0); - EXPECT_EQ(ret, 1); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); - //item1 -> object1 -> rule1 + //item1 -> object1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item1_id, - object1_id, "AppleWebKit", "User-Agent", 0, 0);/*EXPR_TYPE_STRING MATCH_METHOD_SUB */ + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item1_uuid_str, + object1_uuid_str, "AppleWebKit", EXPR_TYPE_AND, 0);/*EXPR_TYPE_STRING MATCH_METHOD_SUB */ EXPECT_EQ(ret, 1); - /* item1 -> object1 -> rule1 - / - object2_/ - */ long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object2_id, rule1_id, 0, - "HTTP_RESPONSE_HEADER", 2, 0); - EXPECT_EQ(ret, 1); + char object2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id); /* item1 -> object1 -> rule1 / item2 -> object2/ */ long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_id, - object2_id, "uid=12345678;", "Cookie", 0, 0);/*EXPR_TYPE_STRING MATCH_METHOD_SUB */ + char item2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item2_id); + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_uuid_str, + object2_uuid_str, "uid=12345678;", EXPR_TYPE_AND, 0);/*EXPR_TYPE_STRING MATCH_METHOD_SUB */ + EXPECT_EQ(ret, 1); + + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[2]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = attribute_req_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = attribute_resp_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 2, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -7477,76 +7573,56 @@ TEST_F(MaatCmd, Attribute) { const char* http_req_hdr_ua = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 " "(KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"; const char* http_resp_hdr_cookie = "uid=12345678;BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; sugstore=1;"; - const char *district_str1 = "User-Agent"; - const char *district_str2 = "Cookie"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - int table_id = maat_get_table_id(maat_inst, "HTTP_REQUEST_HEADER"); - ASSERT_GT(table_id, 0); - - ret = maat_state_set_scan_district(state, table_id, district_str1, - strlen(district_str1)); - EXPECT_EQ(ret, 0); - - ret = maat_scan_string(maat_inst, table_id, http_req_hdr_ua, + ret = maat_scan_string(maat_inst, table_name, attribute_req_name, http_req_hdr_ua, strlen(http_req_hdr_ua), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_req_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - table_id = maat_get_table_id(maat_inst, "HTTP_RESPONSE_HEADER"); - ASSERT_GT(table_id, 0); - - ret = maat_state_set_scan_district(state, table_id, district_str2, - strlen(district_str2)); - EXPECT_EQ(ret, 0); - - ret = maat_scan_string(maat_inst, table_id, http_resp_hdr_cookie, + ret = maat_scan_string(maat_inst, table_name, attribute_resp_name, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_resp_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); //delete object1 - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL, - object1_id, rule1_id, 0, - "HTTP_REQUEST_HEADER", 1, 0); - EXPECT_EQ(ret, 1); - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, - rule1_id, "null", 2, 0); - EXPECT_EQ(ret, 1); - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 1, 0); + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, + rule1_uuid_str, and_conditions, 2, NULL, 0); + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = attribute_resp_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object2_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - table_id = maat_get_table_id(maat_inst, "HTTP_RESPONSE_HEADER"); - ASSERT_GT(table_id, 0); - - ret = maat_state_set_scan_district(state, table_id, district_str2, - strlen(district_str2)); - EXPECT_EQ(ret, 0); - - ret = maat_scan_string(maat_inst, table_id, http_resp_hdr_cookie, + ret = maat_scan_string(maat_inst, table_name, attribute_resp_name, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, attribute_resp_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7562,22 +7638,24 @@ TEST_F(MaatCmd, SetLines) { struct maat *maat_inst = MaatCmd::_shared_maat_inst; long long expect_rule_id[TEST_CMD_LINE_NUM] = {0}; const char *table_line_add[TEST_CMD_LINE_NUM] = { - "1\t192.168.0.1\t100\t1", - "1\t192.168.0.1\t101\t1", - "1\t192.168.0.1\t102\t1", - "1\t192.168.0.1\t103\t1", + "{\"uuid\":\"00000000-0000-0000-0000-000000000001\", \"ip\":\"192.168.0.1\", \"entry_id\":100, \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000002\", \"ip\":\"192.168.0.1\", \"entry_id\":101, \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000003\", \"ip\":\"192.168.0.1\", \"entry_id\":102, \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000004\", \"ip\":\"192.168.0.1\", \"entry_id\":103, \"is_valid\":1}", }; const char *table_line_del[TEST_CMD_LINE_NUM] = { - "1\t192.168.0.1\t100\t0", - "1\t192.168.0.1\t101\t0", - "1\t192.168.0.1\t102\t0", - "1\t192.168.0.1\t103\t0", + "{\"uuid\":\"00000000-0000-0000-0000-000000000001\", \"ip\":\"192.168.0.1\", \"entry_id\":100, \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000002\", \"ip\":\"192.168.0.1\", \"entry_id\":101, \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000003\", \"ip\":\"192.168.0.1\", \"entry_id\":102, \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000004\", \"ip\":\"192.168.0.1\", \"entry_id\":103, \"is_valid\":1}", }; int ret = 0; + char rule_uuid_strs[TEST_CMD_LINE_NUM][UUID_STR_LEN]; for (i = 0; i < TEST_CMD_LINE_NUM; i++) { expect_rule_id[i] = maat_cmd_incrby(maat_inst, "TEST_PLUG_SEQ", 1); - line_rule.rule_id = expect_rule_id[i]; + snprintf(rule_uuid_strs[i], UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", expect_rule_id[i]); + line_rule.rule_uuid_str = rule_uuid_strs[i]; line_rule.table_name = table_name; line_rule.table_line = table_line_add[i]; line_rule.expire_after = 0; @@ -7588,7 +7666,7 @@ TEST_F(MaatCmd, SetLines) { for (i = 0; i < TEST_CMD_LINE_NUM; i++) { memset(&line_rule, 0, sizeof(line_rule)); - line_rule.rule_id = expect_rule_id[i]; + line_rule.rule_uuid_str = rule_uuid_strs[i]; line_rule.table_name = table_name; line_rule.table_line = table_line_del[i]; line_rule.expire_after = 0; @@ -7599,13 +7677,8 @@ TEST_F(MaatCmd, SetLines) { } int g_test_update_paused = 0; -void pause_update_test_entry_cb(int table_id,const char* table_line, enum maat_operation op, void* u_para) +void pause_update_test_entry_cb(const char *table_name, const char* table_line, enum maat_operation op, void* u_para) { - char status[32] = {0}; - int entry_id = -1, seq = -1; - int is_valid = 0; - - sscanf(table_line, "%d\t%s\t%d\t%d", &seq, status, &entry_id, &is_valid); EXPECT_EQ(g_test_update_paused, 0); } @@ -7613,20 +7686,19 @@ TEST_F(MaatCmd, PauseUpdate) { struct maat *maat_inst = MaatCmd::_shared_maat_inst; const char *table_name = "QD_ENTRY_INFO"; - - ASSERT_GT(table_id, 0); - - int ret = maat_table_callback_register(maat_inst, table_id, NULL, + int ret = maat_table_callback_register(maat_inst, table_name, NULL, pause_update_test_entry_cb, NULL, NULL); - //TODO: value = 0 MAAT_OPT_ENABLE_UPDATE g_test_update_paused = 1; char *line = NULL; struct maat_cmd_line line_rule; - line_rule.rule_id = maat_cmd_incrby(maat_inst, "TEST_PLUG_SEQ", 1); + long long rule_id = maat_cmd_incrby(maat_inst, "TEST_PLUG_SEQ", 1); + char rule_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + line_rule.rule_uuid_str = rule_uuid_str; line_rule.table_name = table_name; - asprintf(&line, "1\t192.168.0.1\t101\t1"); + asprintf(&line, "{\"uuid\":\"00000000-0000-0000-0000-000000000001\", \"ip\":\"192.168.0.1\", \"entry_id\":101, \"is_valid\":1}"); line_rule.table_line = line; line_rule.expire_after = 0; @@ -7635,7 +7707,6 @@ TEST_F(MaatCmd, PauseUpdate) { free(line); g_test_update_paused = 0; - //TODO: value = 1 MAAT_OPT_ENABLE_UPDATE } void prepare_file_to_set(const char* filename, char** file_buff, @@ -7683,23 +7754,34 @@ int is_same_file(const char *filename1, const char *filename2) int g_test_foregin_read_OK = 0, g_test_foreign_del_OK = 0; char file1_to_del[256], file2_to_del[256]; const char* empty_file_name = "An_empty_file"; -void foreign_key_test_entry_cb(int table_id, const char *table_line, enum maat_operation op, void *u_para) +void foreign_key_test_entry_cb(const char *table_name, const char *table_line, enum maat_operation op, void *u_para) { - int rule_id=-1, not_care=0, tag=0; - int is_valid=0; char file1_origin_name[256], file2_origin_name[256]; char file1_localname[256], file2_localname[256]; - char end[16]; memset(file1_localname, 0, sizeof(file1_localname)); memset(file2_localname, 0, sizeof(file2_localname)); - sscanf(table_line, "%d\t%d\t%d\t%d\t%s\t%s\t\%s\t%s\t%s", - &rule_id, ¬_care, &tag, &is_valid, file1_origin_name, - file1_localname, file2_origin_name, file2_localname, end); - EXPECT_STREQ(end, "End"); + cJSON *json = cJSON_Parse(table_line); + EXPECT_TRUE(json != NULL); - if (is_valid == 1) { + cJSON *tmp_obj = cJSON_GetObjectItem(json, "file1_name"); + EXPECT_TRUE(tmp_obj != NULL); + snprintf(file1_origin_name, sizeof(file1_origin_name), "%s", tmp_obj->valuestring); + + tmp_obj = cJSON_GetObjectItem(json, "file1_key"); + EXPECT_TRUE(tmp_obj != NULL); + snprintf(file1_localname, sizeof(file1_localname), "%s", tmp_obj->valuestring); + + tmp_obj = cJSON_GetObjectItem(json, "file2_name"); + EXPECT_TRUE(tmp_obj != NULL); + snprintf(file2_origin_name, sizeof(file2_origin_name), "%s", tmp_obj->valuestring); + + tmp_obj = cJSON_GetObjectItem(json, "file2_key"); + EXPECT_TRUE(tmp_obj != NULL); + snprintf(file2_localname, sizeof(file2_localname), "%s", tmp_obj->valuestring); + + if (op == MAAT_OP_ADD) { EXPECT_TRUE(is_same_file(file1_origin_name, file1_localname)); if (0 == strncmp(file2_origin_name, empty_file_name, strlen(empty_file_name))) { EXPECT_TRUE(0==strncasecmp(file2_localname, "null", strlen("null"))); @@ -7718,10 +7800,7 @@ TEST_F(MaatCmd, SetFile) { struct maat *maat_inst = MaatCmd::_shared_maat_inst; const char* table_name = "TEST_FOREIGN_KEY"; - - ASSERT_GT(table_id, 0); - - int ret = maat_table_callback_register(maat_inst, table_id, NULL, + int ret = maat_table_callback_register(maat_inst, table_name, NULL, foreign_key_test_entry_cb, NULL, NULL); EXPECT_EQ(ret, 0); @@ -7749,10 +7828,18 @@ TEST_F(MaatCmd, SetFile) { char line[1024] = {0}; int tag = 0; struct maat_cmd_line line_rule; - line_rule.rule_id = maat_cmd_incrby(maat_inst, "TEST_PLUG_SEQ", 1); + long long rule_id = maat_cmd_incrby(maat_inst, "TEST_PLUG_SEQ", 1); + char rule_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + line_rule.rule_uuid_str = rule_uuid_str; line_rule.table_name = table_name; - snprintf(line, sizeof(line),"%lld\t2\t%d\t1\t%s\tredis://%s\t%s\tredis://%s\tEnd", - line_rule.rule_id, tag, file1_name, file1_key, file2_name, file2_key); + snprintf(line, sizeof(line),"{\"uuid\":\"%s\",\ + \"tag\":%d,\ + \"file1_name\":\"%s\",\ + \"file1_key\":\"redis://%s\",\ + \"file2_name\":\"%s\",\ + \"file2_key\":\"redis://%s\"}", + line_rule.rule_uuid_str, tag, file1_name, file1_key, file2_name, file2_key); line_rule.table_line = line; line_rule.expire_after = 0; @@ -7767,15 +7854,7 @@ TEST_F(MaatCmd, SetFile) { ret = maat_cmd_set_file(maat_inst, file2_key, NULL, 0, MAAT_OP_DEL); EXPECT_EQ(ret, 1); - struct maat_cmd_line line_rule_del; - line_rule_del.rule_id = line_rule.rule_id; - line_rule_del.table_name = line_rule.table_name; - memset(line, 0, sizeof(line)); - snprintf(line, sizeof(line), "%lld\t2\t%d\t0\t%s\tredis://%s\t%s\tredis://%s\tEnd", - line_rule.rule_id, tag, file1_name, file1_key, file2_name, file2_key); - line_rule_del.table_line = line; - line_rule_del.expire_after = 0; - ret = maat_cmd_set_line(maat_inst, &line_rule_del, MAAT_OP_DEL); + ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_DEL); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -7788,10 +7867,17 @@ TEST_F(MaatCmd, SetFile) { // Test empty file, file key is a string "null". memset(&line_rule, 0, sizeof(line_rule)); memset(line, 0, sizeof(line)); - line_rule.rule_id = maat_cmd_incrby(maat_inst, "TEST_PLUG_SEQ", 1); + rule_id = maat_cmd_incrby(maat_inst, "TEST_PLUG_SEQ", 1); + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); + line_rule.rule_uuid_str = rule_uuid_str; line_rule.table_name=table_name; - snprintf(line, sizeof(line),"%lld\t2\t%d\t1\t%s\tredis://%s\t%s\t%s\tEnd", - line_rule.rule_id, tag, file1_name, file1_key, empty_file_name, "null"); + snprintf(line, sizeof(line),"{\"uuid\":\"%s\",\ + \"tag\":%d,\ + \"file1_name\":\"%s\",\ + \"file1_key\":\"redis://%s\",\ + \"file2_name\":\"%s\",\ + \"file2_key\":\"%s\"}", + line_rule.rule_uuid_str, tag, file1_name, file1_key, empty_file_name, "null"); line_rule.table_line = line; line_rule.expire_after = 0; @@ -7803,56 +7889,34 @@ TEST_F(MaatCmd, SetFile) { EXPECT_EQ(g_test_foregin_read_OK, 1); } -struct user_info { - char name[256]; - char ip_addr[32]; - int id; -}; -void plugin_ex_new_cb(const char *table_name, int table_id, const char *key, - const char *table_line, void **ad, long argl, void *argp) -{ - int *counter = (int *)argp; - struct user_info *u = ALLOC(struct user_info, 1); - - int ret = sscanf(table_line, "%d\t%s\t%s", &(u->id), u->ip_addr, u->name); - EXPECT_EQ(ret, 3); - - *ad = u; - (*counter)++; -} - -void plugin_ex_free_cb(int table_id, void **ad, long argl, void *argp) -{ - struct user_info *u = (struct user_info *)(*ad); - - memset(u, 0, sizeof(struct user_info)); - free(u); - *ad = NULL; -} - -void plugin_ex_dup_cb(int table_id, void **to, void **from, long argl, void *argp) -{ - struct user_info *u = (struct user_info *)(*from); - - *to = u; -} - TEST_F(MaatCmd, RuleEXData) { const char *plugin_table_name = "RULE_FIREWALL_PLUGIN"; const char *rule_table_name = "RULE_FIREWALL_DEFAULT"; struct maat *maat_inst = MaatCmd::_shared_maat_inst; int *ex_data_counter = MaatCmd::_ex_data_counter; - int plugin_table_id = maat_get_table_id(maat_inst, plugin_table_name); - EXPECT_GT(plugin_table_id, 0); + + long long object_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object_id); long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_condition; + and_condition.negate_option = 0; + and_condition.or_condition_num = 1; + and_condition.or_conditions[0].attribute_name = "HTTP_URL"; + and_condition.or_conditions[0].object_num = 1; + and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "test:rule1,1111", 1, 0); + rule1_uuid_str, &and_condition, 1, "test:rule1,1111", 0); EXPECT_EQ(ret, 1); long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id); ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule2_id, "test:rule2,2222", 1, 0); + rule2_uuid_str, &and_condition, 1, "test:rule2,2222", 0); sleep(WAIT_FOR_EFFECTIVE_S); *ex_data_counter = 0; @@ -7864,60 +7928,98 @@ TEST_F(MaatCmd, RuleEXData) { ASSERT_TRUE(ret == 0); EXPECT_EQ(*ex_data_counter, 2); - void *ex_data = maat_plugin_table_get_ex_data(maat_inst, plugin_table_id, - (char *)&rule1_id, - sizeof(long long)); + void *ex_data = maat_plugin_table_get_ex_data(maat_inst, plugin_table_name, + (char *)rule1_uuid_str, + strlen(rule1_uuid_str)); ASSERT_TRUE(ex_data != NULL); struct rule_ex_param *param = (struct rule_ex_param *)ex_data; EXPECT_EQ(param->id, 1111); - ex_data = maat_plugin_table_get_ex_data(maat_inst, plugin_table_id, - (char *)&rule2_id, - sizeof(long long)); + ex_data = maat_plugin_table_get_ex_data(maat_inst, plugin_table_name, + (char *)rule2_uuid_str, + strlen(rule2_uuid_str)); ASSERT_TRUE(ex_data != NULL); param = (struct rule_ex_param *)ex_data; EXPECT_EQ(param->id, 2222); ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, - rule2_id, "test:rule2,2222", 1, 0); + rule2_uuid_str, &and_condition, 1, "test:rule2,2222", 0); sleep(WAIT_FOR_EFFECTIVE_S); EXPECT_EQ(param->id, 2222); sleep(2); //excced gc_timeout_s(3s), the data pointed by param has been freed } +struct user_info { + char name[256]; + char ip_addr[32]; + int id; +}; +void plugin_ex_new_cb(const char *table_name, const char *key, + const char *table_line, void **ad, long argl, void *argp) +{ + int *counter = (int *)argp; + struct user_info *u = ALLOC(struct user_info, 1); + + cJSON *json = cJSON_Parse(table_line); + EXPECT_TRUE(json != NULL); + + cJSON *tmp_obj = cJSON_GetObjectItem(json, "id"); + EXPECT_TRUE(tmp_obj != NULL); + u->id = tmp_obj->valueint; + + tmp_obj = cJSON_GetObjectItem(json, "key"); + EXPECT_TRUE(tmp_obj != NULL); + snprintf(u->ip_addr, sizeof(u->ip_addr), "%s", tmp_obj->valuestring); + + tmp_obj = cJSON_GetObjectItem(json, "name"); + EXPECT_TRUE(tmp_obj != NULL); + snprintf(u->name, sizeof(u->name), "%s", tmp_obj->valuestring); + + *ad = u; + (*counter)++; +} + +void plugin_ex_free_cb(const char *table_name, void **ad, long argl, void *argp) +{ + struct user_info *u = (struct user_info *)(*ad); + + memset(u, 0, sizeof(struct user_info)); + free(u); + *ad = NULL; +} + +void plugin_ex_dup_cb(const char *table_name, void **to, void **from, long argl, void *argp) +{ + struct user_info *u = (struct user_info *)(*from); + + *to = u; +} + TEST_F(MaatCmd, PluginEXData) { const char *table_name = "TEST_PLUGIN_EXDATA_TABLE"; const int TEST_CMD_LINE_NUM = 4; struct maat *maat_inst = MaatCmd::_shared_maat_inst; int *ex_data_counter = MaatCmd::_ex_data_counter; - const char *table_line_add[TEST_CMD_LINE_NUM] = { - "1\t192.168.0.1\tmahuateng\t1\t0", - "2\t192.168.0.2\tliuqiangdong\t1\t0", - "3\t192.168.0.3\tmayun\t1\t0", - "4\t192.168.0.4\tliyanhong\t1\t0" + const char *table_line[TEST_CMD_LINE_NUM] = { + "{\"id\":1, \"key\":\"192.168.0.1\", \"name\":\"mahuateng\"}", + "{\"id\":2, \"key\":\"192.168.0.2\", \"name\":\"liuqiangdong\"}", + "{\"id\":3, \"key\":\"192.168.0.3\", \"name\":\"mayun\"}", + "{\"id\":4, \"key\":\"192.168.0.4\", \"name\":\"liyanhong\"}", }; - - const char *table_line_del[TEST_CMD_LINE_NUM] = { - "1\t192.168.0.1\tmahuateng\t0\t0", - "2\t192.168.0.2\tliuqiangdong\t0\t0", - "3\t192.168.0.3\tmayun\t0\t0", - "4\t192.168.0.4\tliyanhong\t0\t0" - }; - - - ASSERT_GT(table_id, 0); int i = 0, ret = 0; struct maat_cmd_line line_rule; long long rule_id[TEST_CMD_LINE_NUM] = {0}; + char rule_uuid_strs[TEST_CMD_LINE_NUM][UUID_STR_LEN]; /* 1st line */ for (i = 0; i < TEST_CMD_LINE_NUM; i++) { memset(&line_rule, 0, sizeof(line_rule)); rule_id[i] = maat_cmd_incrby(maat_inst, "TEST_PLUG_SEQ", 1); - line_rule.rule_id = rule_id[i]; + snprintf(rule_uuid_strs[i], UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id[i]); + line_rule.rule_uuid_str = rule_uuid_strs[i]; line_rule.table_name = table_name; - line_rule.table_line = table_line_add[i]; + line_rule.table_line = table_line[i]; line_rule.expire_after = 0; ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); @@ -7938,7 +8040,7 @@ TEST_F(MaatCmd, PluginEXData) { struct user_info *uinfo1 = NULL; const char *key1 = "192.168.0.2"; - uinfo1 = (struct user_info *)maat_plugin_table_get_ex_data(maat_inst, table_id, + uinfo1 = (struct user_info *)maat_plugin_table_get_ex_data(maat_inst, table_name, key1, strlen(key1)); ASSERT_TRUE(uinfo1 != NULL); EXPECT_EQ(0, strcmp(uinfo1->name, "liuqiangdong")); @@ -7946,9 +8048,9 @@ TEST_F(MaatCmd, PluginEXData) { //DEL memset(&line_rule, 0, sizeof(line_rule)); - line_rule.rule_id = rule_id[1]; + line_rule.rule_uuid_str = rule_uuid_strs[1]; line_rule.table_name = table_name; - line_rule.table_line = table_line_del[1]; + line_rule.table_line = table_line[1]; line_rule.expire_after = 0; ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_DEL); @@ -7957,7 +8059,7 @@ TEST_F(MaatCmd, PluginEXData) { sleep(WAIT_FOR_EFFECTIVE_S); //gc_timeout_s == 3 which configured in table_info struct user_info *uinfo2 = NULL; - uinfo2 = (struct user_info *)maat_plugin_table_get_ex_data(maat_inst, table_id, + uinfo2 = (struct user_info *)maat_plugin_table_get_ex_data(maat_inst, table_name, key1, strlen(key1)); ASSERT_TRUE(uinfo2 == NULL); @@ -7974,30 +8076,25 @@ TEST_F(MaatCmd, UpdateIPPlugin) { const int TEST_CMD_LINE_NUM = 4; struct maat *maat_inst = MaatCmd::_shared_maat_inst; int *ex_data_counter = MaatCmd::_ex_data_counter; - const char *table_line_add[TEST_CMD_LINE_NUM] = { - "101\t4\t192.168.30.98/31\tSomething-like-json\t1", - "102\t4\t192.168.30.90-192.168.30.128\tBigger-range-should-in-the-back\t1", - "103\t6\t2001:db8:1234::-2001:db8:1235::\tBigger-range-should-in-the-back\t1", - "104\t6\t2001:db8:1234::1-2001:db8:1234::5210\tSomething-like-json\t1"}; - const char *table_line_del[TEST_CMD_LINE_NUM] = { - "101\t4\t192.168.30.98/31\tSomething-like-json\t0", - "102\t4\t192.168.30.90-192.168.30.128\tBigger-range-should-in-the-back\t0", - "103\t6\t2001:db8:1234::-2001:db8:1235::\tBigger-range-should-in-the-back\t0", - "104\t6\t2001:db8:1234::1-2001:db8:1234::5210\tSomething-like-json\t0"}; - - - ASSERT_GT(table_id, 0); + const char *table_line[TEST_CMD_LINE_NUM] = { + "{\"uuid\":\"00000000-0000-0000-0000-000000000101\", \"ip\":\"192.168.30.98/31\", \"buffer\":\"Something-like-json\", \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000102\", \"ip\":\"192.168.30.90-192.168.30.128\", \"buffer\":\"Bigger-range-should-in-the-back\", \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000103\", \"ip\":\"2001:db8:1234::-2001:db8:1235::\", \"buffer\":\"Bigger-range-should-in-the-back\", \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000104\", \"ip\":\"2001:db8:1234::1-2001:db8:1234::5210\", \"buffer\":\"Something-like-json\", \"is_valid\":1}" + }; int i = 0, ret = 0; struct maat_cmd_line line_rule; long long rule_id[TEST_CMD_LINE_NUM] = {0}; + char rule_uuid_strs[TEST_CMD_LINE_NUM][UUID_STR_LEN]; //add lines for (i = 0; i < TEST_CMD_LINE_NUM; i++) { memset(&line_rule, 0, sizeof(line_rule)); rule_id[i] = maat_cmd_incrby(maat_inst, "TEST_PLUG_SEQ", 1); - line_rule.rule_id = rule_id[i]; + snprintf(rule_uuid_strs[i], UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id[i]); + line_rule.rule_uuid_str = rule_uuid_strs[i]; line_rule.table_name = table_name; - line_rule.table_line = table_line_add[i]; + line_rule.table_line = table_line[i]; line_rule.expire_after = 0; ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); @@ -8021,28 +8118,33 @@ TEST_F(MaatCmd, UpdateIPPlugin) { inet_pton(AF_INET, "192.168.30.99", &(ipv4.ipv4)); memset(results, 0, sizeof(results)); - ret = maat_ip_plugin_table_get_ex_data(maat_inst, table_id, &ipv4, + ret = maat_ip_plugin_table_get_ex_data(maat_inst, table_name, &ipv4, (void **)results, ARRAY_SIZE); EXPECT_EQ(ret, 2); - EXPECT_EQ(results[0]->rule_id, 101); - EXPECT_EQ(results[1]->rule_id, 102); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0]->rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000101"); + uuid_unparse(results[1]->rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000102"); ipv6.ip_type = 6; inet_pton(AF_INET6, "2001:db8:1234::5210", &(ipv6.ipv6)); memset(results, 0, sizeof(results)); - ret = maat_ip_plugin_table_get_ex_data(maat_inst, table_id, &ipv6, + ret = maat_ip_plugin_table_get_ex_data(maat_inst, table_name, &ipv6, (void **)results, ARRAY_SIZE); EXPECT_EQ(ret, 2); - EXPECT_EQ(results[0]->rule_id, 104); - EXPECT_EQ(results[1]->rule_id, 103); + uuid_unparse(results[0]->rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000104"); + uuid_unparse(results[1]->rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000103"); //del lines for (i = 0; i < TEST_CMD_LINE_NUM; i++) { memset(&line_rule, 0, sizeof(line_rule)); - line_rule.rule_id = rule_id[i]; + line_rule.rule_uuid_str = rule_uuid_strs[i]; line_rule.table_name = table_name; - line_rule.table_line = table_line_del[i]; + line_rule.table_line = table_line[i]; line_rule.expire_after = 0; ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_DEL); @@ -8051,13 +8153,15 @@ TEST_F(MaatCmd, UpdateIPPlugin) { sleep(WAIT_FOR_EFFECTIVE_S); //gc_timeout_s == 3 which configured in table_info - ret = maat_ip_plugin_table_get_ex_data(maat_inst, table_id, &ipv4, + ret = maat_ip_plugin_table_get_ex_data(maat_inst, table_name, &ipv4, (void **)results, ARRAY_SIZE); EXPECT_EQ(ret, 0); //the data pointed by results[idx] has in garbage queue, but not be freed yet - EXPECT_EQ(results[0]->rule_id, 104); - EXPECT_EQ(results[1]->rule_id, 103); + uuid_unparse(results[0]->rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000104"); + uuid_unparse(results[1]->rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000103"); sleep(WAIT_FOR_EFFECTIVE_S * 2); //exceed gc_timeout_s, the data pointed by results[idx] has been freed @@ -8068,32 +8172,26 @@ TEST_F(MaatCmd, UpdateFQDNPlugin) { const int TEST_CMD_LINE_NUM = 5; struct maat *maat_inst = MaatCmd::_shared_maat_inst; int *ex_data_counter = MaatCmd::_ex_data_counter; - const char *table_line_add[TEST_CMD_LINE_NUM]={ - "201\twww.example1.com\tcatid=1\t1", - "202\t*.example1.com\tcatid=1\t1", - "203\tnews.example1.com\tcatid=2\t1", - "204\tr3---sn-i3belne6.example2.com\tcatid=3\t1", - "205\tr3---sn-i3belne6.example2.com\tcatid=3\t1"}; - const char *table_line_del[TEST_CMD_LINE_NUM]={ - "201\twww.example1.com\tcatid=1\t0", - "202\t*.example1.com\tcatid=1\t0", - "203\tnews.example1.com\tcatid=2\t0", - "204\tr3---sn-i3belne6.example2.com\tcatid=3\t0", - "205\tr3---sn-i3belne6.example2.com\tcatid=3\t0"}; - - - ASSERT_GT(table_id, 0); + const char *table_line[TEST_CMD_LINE_NUM]={ + "{\"uuid\":\"00000000-0000-0000-0000-000000000201\", \"fqdn\":\"www.example1.com\", \"buffer\":\"catid=1\", \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000202\", \"fqdn\":\"*.example1.com\", \"buffer\":\"catid=1\", \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000203\", \"fqdn\":\"news.example1.com\", \"buffer\":\"catid=2\", \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000204\", \"fqdn\":\"r3---sn-i3belne6.example2.com\", \"buffer\":\"catid=3\", \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000205\", \"fqdn\":\"r3---sn-i3belne6.example2.com\", \"buffer\":\"catid=3\", \"is_valid\":1}" + }; int i = 0, ret = 0; long long rule_id[TEST_CMD_LINE_NUM] = {0}; + char rule_uuid_strs[TEST_CMD_LINE_NUM][UUID_STR_LEN]; struct maat_cmd_line line_rule; //add lines for (i = 0; i < TEST_CMD_LINE_NUM; i++) { memset(&line_rule, 0, sizeof(line_rule)); rule_id[i] = maat_cmd_incrby(maat_inst, "TEST_PLUG_SEQ", 1); - line_rule.rule_id = rule_id[i]; + snprintf(rule_uuid_strs[i], UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id[i]); + line_rule.rule_uuid_str = rule_uuid_strs[i]; line_rule.table_name = table_name; - line_rule.table_line = table_line_add[i]; + line_rule.table_line = table_line[i]; line_rule.expire_after = 0; ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); @@ -8114,7 +8212,7 @@ TEST_F(MaatCmd, UpdateFQDNPlugin) { struct fqdn_plugin_ud *results[ARRAY_SIZE]; memset(results, 0, sizeof(results)); - ret = maat_fqdn_plugin_table_get_ex_data(maat_inst, table_id, + ret = maat_fqdn_plugin_table_get_ex_data(maat_inst, table_name, "r3---sn-i3belne6.example2.com", (void**)results, ARRAY_SIZE); ASSERT_EQ(ret, 2); @@ -8123,9 +8221,9 @@ TEST_F(MaatCmd, UpdateFQDNPlugin) { //del lines for (i = 3; i < TEST_CMD_LINE_NUM; i++) { memset(&line_rule, 0, sizeof(line_rule)); - line_rule.rule_id = rule_id[i]; + line_rule.rule_uuid_str = rule_uuid_strs[i]; line_rule.table_name = table_name; - line_rule.table_line = table_line_del[i]; + line_rule.table_line = table_line[i]; line_rule.expire_after = 0; ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_DEL); @@ -8133,7 +8231,7 @@ TEST_F(MaatCmd, UpdateFQDNPlugin) { } sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_fqdn_plugin_table_get_ex_data(maat_inst, table_id, + ret = maat_fqdn_plugin_table_get_ex_data(maat_inst, table_name, "r3---sn-i3belne6.example2.com", (void**)results, ARRAY_SIZE); ASSERT_EQ(ret, 0); @@ -8148,34 +8246,27 @@ TEST_F(MaatCmd, UpdateBoolPlugin) { const int TEST_CMD_LINE_NUM = 6; struct maat *maat_inst = MaatCmd::_shared_maat_inst; int *ex_data_counter = MaatCmd::_ex_data_counter; - const char *table_line_add[TEST_CMD_LINE_NUM] = { - "301\t1&2&1000\ttunnel1\t1", - "302\t101&102\ttunnel2\t1", - "303\t102\ttunnel3\t1", - "304\t101\ttunnel4\t1", - "305\t0&1&2&3&4&5&6&7\ttunnel5\t1", - "306\t101&101\tinvalid\t1"}; - const char *table_line_del[TEST_CMD_LINE_NUM] = { - "301\t1&2&1000\ttunnel1\t0", - "302\t101&102\ttunnel2\t0", - "303\t102\ttunnel3\t0", - "304\t101\ttunnel4\t0", - "305\t0&1&2&3&4&5&6&7\ttunnel5\t0", - "306\t101&101\tinvalid\t0"}; - - - ASSERT_GT(table_id, 0); + const char *table_line[TEST_CMD_LINE_NUM] = { + "{\"uuid\":\"00000000-0000-0000-0000-000000000301\", \"bool_expr\":\"1&2&1000\", \"buffer\":\"tunnel1\", \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000302\", \"bool_expr\":\"101&102\", \"buffer\":\"tunnel2\", \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000303\", \"bool_expr\":\"102\", \"buffer\":\"tunnel3\", \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000304\", \"bool_expr\":\"101\", \"buffer\":\"tunnel4\", \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000305\", \"bool_expr\":\"0&1&2&3&4&5&6&7\", \"buffer\":\"tunnel5\", \"is_valid\":1}", + "{\"uuid\":\"00000000-0000-0000-0000-000000000306\", \"bool_expr\":\"101&101\", \"buffer\":\"invalid\", \"is_valid\":1}" + }; long long rule_id[TEST_CMD_LINE_NUM] = {0}; + char rule_uuid_strs[TEST_CMD_LINE_NUM][UUID_STR_LEN]; struct maat_cmd_line line_rule; int i = 0, ret = 0; for (i = 0; i < TEST_CMD_LINE_NUM; i++) { memset(&line_rule, 0, sizeof(line_rule)); rule_id[i] = maat_cmd_incrby(maat_inst, "TEST_PLUG_SEQ", 1); - line_rule.rule_id = rule_id[i]; + snprintf(rule_uuid_strs[i], UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id[i]); + line_rule.rule_uuid_str = rule_uuid_strs[i]; line_rule.table_name = table_name; - line_rule.table_line = table_line_add[i]; + line_rule.table_line = table_line[i]; line_rule.expire_after = 0; ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_ADD); @@ -8196,16 +8287,16 @@ TEST_F(MaatCmd, UpdateBoolPlugin) { unsigned long long items[] = {101, 102, 1000}; struct bool_plugin_ud *results[ARRAY_SIZE]; memset(results, 0, sizeof(results)); - ret = maat_bool_plugin_table_get_ex_data(maat_inst, table_id, items, 3, + ret = maat_bool_plugin_table_get_ex_data(maat_inst, table_name, items, 3, (void **)results, ARRAY_SIZE); EXPECT_EQ(ret, 4); - EXPECT_EQ(results[0]->name_len, 8); + EXPECT_EQ(results[0]->name_len, 7); for (i = 3; i < TEST_CMD_LINE_NUM; i++) { memset(&line_rule, 0, sizeof(line_rule)); - line_rule.rule_id = rule_id[i]; + line_rule.rule_uuid_str = rule_uuid_strs[i]; line_rule.table_name = table_name; - line_rule.table_line = table_line_del[i]; + line_rule.table_line = table_line[i]; line_rule.expire_after = 0; ret = maat_cmd_set_line(maat_inst, &line_rule, MAAT_OP_DEL); @@ -8213,10 +8304,10 @@ TEST_F(MaatCmd, UpdateBoolPlugin) { } sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_bool_plugin_table_get_ex_data(maat_inst, table_id, items, 3, + ret = maat_bool_plugin_table_get_ex_data(maat_inst, table_name, items, 3, (void **)results, ARRAY_SIZE); EXPECT_EQ(ret, 2); - EXPECT_EQ(results[0]->name_len, 8); + EXPECT_EQ(results[0]->name_len, 7); sleep(WAIT_FOR_EFFECTIVE_S * 2); //exceed gc_timeout_s, the data pointed by results[idx] has been freed @@ -8224,10 +8315,11 @@ TEST_F(MaatCmd, UpdateBoolPlugin) { #define RULE_ID_NUMS 1000 TEST_F(MaatCmd, ObjectInMassRules) { - const char* o2r_table_name = "OBJECT2RULE_DEFAULT"; const char* rule_table_name = "RULE_DEFAULT"; - const char* table_url = "HTTP_URL"; - const char* table_appid = "APP_ID"; + const char* url_table_name = "HTTP_URL"; + const char* url_attribute_anme = "HTTP_URL"; + const char* appid_table_name = "APP_ID"; + const char* appid_attribute_name = "APP_ID"; int thread_id = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -8235,22 +8327,34 @@ TEST_F(MaatCmd, ObjectInMassRules) { //item_url1 -> object1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - int ret = expr_table_set_line(maat_inst, table_url, MAAT_OP_ADD, item1_id, - object1_id, "baidu.com&tsg", NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ + char object1_uuid_str[UUID_STR_LEN] = {0}; + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); + int ret = expr_table_set_line(maat_inst, url_table_name, MAAT_OP_ADD, item1_uuid_str, + object1_uuid_str, "baidu.com&tsg", EXPR_TYPE_AND, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ EXPECT_EQ(ret, 1); //item_url2 -> object2 long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, table_url, MAAT_OP_ADD, item2_id, - object2_id, "baidu.com&zhengzhou", NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ + char object2_uuid_str[UUID_STR_LEN] = {0}; + char item2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id); + snprintf(item2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item2_id); + ret = expr_table_set_line(maat_inst, url_table_name, MAAT_OP_ADD, item2_uuid_str, + object2_uuid_str, "baidu.com&zhengzhou", EXPR_TYPE_AND, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ EXPECT_EQ(ret, 1); //item_appid -> object3 long long object3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); long long item3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = interval_table_set_line(maat_inst, table_appid, MAAT_OP_ADD, item3_id, - object3_id, "100", NULL, 0); + char object3_uuid_str[UUID_STR_LEN] = {0}; + char item3_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object3_id); + snprintf(item3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item3_id); + ret = interval_table_set_line(maat_inst, appid_table_name, MAAT_OP_ADD, item3_uuid_str, + object3_uuid_str, "100", 0); EXPECT_EQ(ret, 1); /* item_url1 -> object1 -> rule[0 ~ RULE_ID_NUMS] @@ -8259,20 +8363,23 @@ TEST_F(MaatCmd, ObjectInMassRules) { */ int i = 0; long long rule_id[RULE_ID_NUMS] = {0}; + struct maat_cmd_and_condition and_conditions[2]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = url_attribute_anme; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = appid_attribute_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str; for (i = 0; i < RULE_ID_NUMS; i++) { + char rule_uuid_str[UUID_STR_LEN] = {0}; rule_id[i] = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id[i]); ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule_id[i], "mass_rule", 2, 0); - EXPECT_EQ(ret, 1); - } - - for (i = 0; i < RULE_ID_NUMS; i++) { - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule_id[i], 0, table_url, 0, 0); - EXPECT_EQ(ret, 1); - - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object3_id, rule_id[i], 0, table_appid, 2, 0); + rule_uuid_str, and_conditions, 2, "mass_rule", 0); EXPECT_EQ(ret, 1); } @@ -8281,14 +8388,21 @@ TEST_F(MaatCmd, ObjectInMassRules) { item_appid -> object3_/ */ long long target_rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char target_rule_uuid_str[UUID_STR_LEN] = {0}; + snprintf(target_rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", target_rule_id); + struct maat_cmd_and_condition target_and_conditions[2]; + target_and_conditions[0].negate_option = 0; + target_and_conditions[0].or_condition_num = 1; + target_and_conditions[0].or_conditions[0].attribute_name = url_attribute_anme; + target_and_conditions[0].or_conditions[0].object_num = 1; + target_and_conditions[0].or_conditions[0].object_uuids_str[0] = object2_uuid_str; + target_and_conditions[1].negate_option = 0; + target_and_conditions[1].or_condition_num = 1; + target_and_conditions[1].or_conditions[0].attribute_name = appid_attribute_name; + target_and_conditions[1].or_conditions[0].object_num = 1; + target_and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - target_rule_id, "null", 2, 0); - EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object2_id, target_rule_id, 0, table_url, 1, 0); - EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object3_id, target_rule_id, 0, table_appid, 2, 0); + target_rule_uuid_str, target_and_conditions, 2, "null", 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -8297,48 +8411,44 @@ TEST_F(MaatCmd, ObjectInMassRules) { const char* http_url2 = "https://www.baidu.com/s?wd=zhengzhou&rsv_spt=1" "&rsv_iqid=0x8b4cae8100000560&issp=1&f=8&rsv_bp=1"; - int url_table_id = maat_get_table_id(maat_inst, table_url); - ASSERT_GT(url_table_id, 0); - - int appid_table_id = maat_get_table_id(maat_inst, table_appid); - ASSERT_GT(appid_table_id, 0); - - long long results[4] = {0}; + uuid_t results[4]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, url_table_id, http_url2, strlen(http_url2), + ret = maat_scan_string(maat_inst, url_table_name, url_attribute_anme, http_url2, strlen(http_url2), results, 4, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_anme, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_integer(maat_inst, appid_table_id, 100, results, 4, + ret = maat_scan_integer(maat_inst, appid_table_name, appid_attribute_name, 100, results, 4, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], target_rule_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, target_rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, appid_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, url_table_id, http_url1, strlen(http_url1), + ret = maat_scan_string(maat_inst, url_table_name, url_attribute_anme, http_url1, strlen(http_url1), results, 4, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_anme, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_integer(maat_inst, appid_table_id, 100, results, 4, + ret = maat_scan_integer(maat_inst, appid_table_name, appid_attribute_name, 100, results, 4, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 4); - ret = maat_scan_not_logic(maat_inst, appid_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -8348,43 +8458,59 @@ TEST_F(MaatCmd, ObjectInMassRules) { TEST_F(MaatCmd, HitObject) { const char *rule_table_name = "RULE_DEFAULT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; const char *o2o_table_name = "OBJECT2OBJECT"; const char *http_sig_table_name = "HTTP_SIGNATURE"; + const char *http_req_attr_name = "HTTP_REQUEST_HEADER"; + const char *http_resp_attr_name = "HTTP_RESPONSE_HEADER"; const char *ip_table_name = "IP_CONFIG"; + const char *ip_attribute_name = "IP_CONFIG"; const char *keywords_table_name = "KEYWORDS_TABLE"; - int thread_id = 0; + const char *keywords_attr_name = "KEYWORDS"; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - /* rule1 */ - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 2, 0); - EXPECT_EQ(ret, 1); - - //object1 -> rule1 + //object1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, - "HTTP_REQUEST_HEADER", 1, 0); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); + + //item1 -> object1 + long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); + ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, + item1_uuid_str, object1_uuid_str, "hit object item first", + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); - //item1 -> object1 -> rule1 - long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, - item1_id, object1_id, "hit object item first", - "URL", 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ - EXPECT_EQ(ret, 1); + //object21 + long long object21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object21_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object21_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object21_id); /* item1 -> object1 -> rule1 / object21_/ */ - long long object21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object21_id, rule1_id, 0, - "HTTP_RESPONSE_HEADER", 2, 0); + + /* rule1 */ + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[2]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = http_req_attr_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = http_resp_attr_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 2, NULL, 0); EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 @@ -8392,8 +8518,10 @@ TEST_F(MaatCmd, HitObject) { object2 -> object21 _/ */ long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id); ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD, - object21_id, object2_id, 0); + object21_uuid_str, &object2_uuid_str, 1, NULL, 0, 0); EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 @@ -8401,9 +8529,11 @@ TEST_F(MaatCmd, HitObject) { item2 -> object2 -> object21 _/ */ long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item2_id); ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, - item2_id, object2_id, "hit object item second", - "Cookie", 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + item2_uuid_str, object2_uuid_str, "hit object item second", + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* @@ -8414,22 +8544,32 @@ TEST_F(MaatCmd, HitObject) { item2 -> object2 -> object21 _/ */ long long object11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object11_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object11_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object11_id); ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD, - object11_id, object1_id, 0); + object11_uuid_str, &object1_uuid_str, 1, NULL, 0, 0); EXPECT_EQ(ret, 1); //item3 -> object3, object3 is not referenced by any rule. long long item3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long object3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item3_id, - object3_id, "220.181.38.150-220.181.38.151", 0); + char object3_uuid_str[UUID_STR_LEN] = {0}; + char item3_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object3_id); + snprintf(item3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item3_id); + ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item3_uuid_str, + object3_uuid_str, "220.181.38.150-220.181.38.151", NULL, 0); EXPECT_EQ(ret, 1); //item4 -> object4, object4 is not referenced by any rule. long long item4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long object4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object4_uuid_str[UUID_STR_LEN] = {0}; + char item4_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object4_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object4_id); + snprintf(item4_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item4_id); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, - item4_id, object4_id, "hit object item forth", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + item4_uuid_str, object4_uuid_str, "hit object item forth", EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* @@ -8441,10 +8581,12 @@ TEST_F(MaatCmd, HitObject) { */ //item5 -> object1 which means object1 has multi items long long item5_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item5_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item5_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item5_id); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, - item5_id, object1_id, + item5_uuid_str, object1_uuid_str, "hit object item fifth", - NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -8453,15 +8595,9 @@ TEST_F(MaatCmd, HitObject) { const char* http_resp_hdr_cookie = "laptop=thinkpad X1 extrem;hit object item second" "main[XWJOKE]=hoho; Hm_lvt_bbac0322e6ee13093f98d5c4b5a10912=1578874808;"; - int http_req_table_id = maat_get_table_id(maat_inst, "HTTP_REQUEST_HEADER"); - ASSERT_GT(http_req_table_id, 0); - - ret = maat_state_set_scan_district(state, http_req_table_id, "URL", strlen("URL")); - EXPECT_EQ(ret, 0); - uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, http_req_table_id, http_url, strlen(http_url), + ret = maat_scan_string(maat_inst, http_sig_table_name, http_req_attr_name, http_url, strlen(http_url), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -8474,45 +8610,46 @@ TEST_F(MaatCmd, HitObject) { size_t n_hit_object = maat_state_get_direct_hit_object_cnt(state); maat_state_get_direct_hit_objects(state, hit_objects, n_hit_object); EXPECT_EQ(n_hit_object, 1); - EXPECT_EQ(hit_objects[0].item_id, item1_id); - EXPECT_EQ(hit_objects[0].object_id, object1_id); - EXPECT_EQ(hit_objects[0].attribute_id, http_req_table_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(hit_objects[0].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item1_uuid_str); + uuid_unparse(hit_objects[0].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + EXPECT_STREQ(hit_objects[0].attribute_name, http_req_attr_name); memset(hit_objects, 0, sizeof(hit_objects)); n_hit_object = maat_state_get_indirect_hit_object_cnt(state); maat_state_get_indirect_hit_objects(state, hit_objects, n_hit_object); EXPECT_EQ(n_hit_object, 1); - EXPECT_EQ(hit_objects[0].item_id, 0); - EXPECT_EQ(hit_objects[0].object_id, object11_id); - EXPECT_EQ(hit_objects[0].attribute_id, http_req_table_id); + EXPECT_TRUE(uuid_is_null(hit_objects[0].item_uuid)); + uuid_unparse(hit_objects[0].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object11_uuid_str); + EXPECT_STREQ(hit_objects[0].attribute_name, http_req_attr_name); size_t n_last_hit_object = maat_state_get_last_hit_object_cnt(state); - struct maat_hit_object last_hit_objects[128] = {0}; + struct maat_hit_object last_hit_objects[128]; maat_state_get_last_hit_objects(state, last_hit_objects, 128); EXPECT_EQ(n_last_hit_object, 2); - EXPECT_EQ(last_hit_objects[0].item_id, item1_id); - EXPECT_EQ(last_hit_objects[0].object_id, object1_id); - EXPECT_EQ(last_hit_objects[0].attribute_id, http_req_table_id); + uuid_unparse(last_hit_objects[0].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item1_uuid_str); + uuid_unparse(last_hit_objects[0].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + EXPECT_STREQ(last_hit_objects[0].attribute_name, http_req_attr_name); - EXPECT_EQ(last_hit_objects[1].item_id, 0); - EXPECT_EQ(last_hit_objects[1].object_id, object11_id); - EXPECT_EQ(last_hit_objects[1].attribute_id, http_req_table_id); + EXPECT_TRUE(uuid_is_null(last_hit_objects[1].item_uuid)); + uuid_unparse(last_hit_objects[1].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object11_uuid_str); + EXPECT_STREQ(last_hit_objects[1].attribute_name, http_req_attr_name); - int http_res_table_id = maat_get_table_id(maat_inst, "HTTP_RESPONSE_HEADER"); - ASSERT_GT(http_res_table_id, 0); - const char *district_str1 = "Cookie"; - ret = maat_state_set_scan_district(state, http_res_table_id, district_str1, - strlen(district_str1)); - EXPECT_EQ(ret, 0); - - ret = maat_scan_string(maat_inst, http_res_table_id, http_resp_hdr_cookie, + ret = maat_scan_string(maat_inst, http_sig_table_name, http_resp_attr_name, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); scan_times = maat_state_get_scan_count(state); EXPECT_EQ(scan_times, 2); @@ -8522,49 +8659,49 @@ TEST_F(MaatCmd, HitObject) { maat_state_get_direct_hit_objects(state, hit_objects, n_hit_object); EXPECT_EQ(n_hit_object, 1); - EXPECT_EQ(hit_objects[0].item_id, item2_id); - EXPECT_EQ(hit_objects[0].object_id, object2_id); - EXPECT_EQ(hit_objects[0].attribute_id, http_res_table_id); + uuid_unparse(hit_objects[0].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(hit_objects[0].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + EXPECT_STREQ(hit_objects[0].attribute_name, http_resp_attr_name); memset(hit_objects, 0, sizeof(hit_objects)); n_hit_object = maat_state_get_indirect_hit_object_cnt(state); maat_state_get_indirect_hit_objects(state, hit_objects, n_hit_object); EXPECT_EQ(n_hit_object, 1); - EXPECT_EQ(hit_objects[0].item_id, 0); - EXPECT_EQ(hit_objects[0].object_id, object21_id); - EXPECT_EQ(hit_objects[0].attribute_id, http_res_table_id); + EXPECT_TRUE(uuid_is_null(hit_objects[0].item_uuid)); + uuid_unparse(hit_objects[0].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object21_uuid_str); + EXPECT_STREQ(hit_objects[0].attribute_name, http_resp_attr_name); n_last_hit_object = maat_state_get_last_hit_object_cnt(state); maat_state_get_last_hit_objects(state, last_hit_objects, 128); EXPECT_EQ(n_last_hit_object, 2); - EXPECT_EQ(last_hit_objects[0].item_id, item2_id); - EXPECT_EQ(last_hit_objects[0].object_id, object2_id); - EXPECT_EQ(last_hit_objects[0].attribute_id, http_res_table_id); + uuid_unparse(last_hit_objects[0].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(last_hit_objects[0].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + EXPECT_STREQ(last_hit_objects[0].attribute_name, http_resp_attr_name); - EXPECT_EQ(last_hit_objects[1].item_id, 0); - EXPECT_EQ(last_hit_objects[1].object_id, object21_id); - EXPECT_EQ(last_hit_objects[1].attribute_id, http_res_table_id); + EXPECT_TRUE(uuid_is_null(last_hit_objects[1].item_uuid)); + uuid_unparse(last_hit_objects[1].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object21_uuid_str); + EXPECT_STREQ(last_hit_objects[1].attribute_name, http_resp_attr_name); const char* keywords1="In graph theory, hit object item forth"; const char *keywords2="To test one object hit object item fifth"; - - int keywords_table_id = maat_get_table_id(maat_inst, keywords_table_name); - ASSERT_GT(keywords_table_id, 0); - struct maat_stream *stream = maat_stream_new(maat_inst, keywords_table_id, state); + struct maat_stream *stream = maat_stream_new(maat_inst, keywords_table_name, keywords_attr_name, state); ret = maat_stream_scan(stream, keywords1, strlen(keywords1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); scan_times = maat_state_get_scan_count(state); EXPECT_EQ(scan_times, 3); - int ip_table_id = maat_get_table_id(maat_inst, ip_table_name); - ASSERT_GT(ip_table_id, 0); - uint32_t ip_addr; inet_pton(AF_INET, "220.181.38.150", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_id, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -8576,13 +8713,17 @@ TEST_F(MaatCmd, HitObject) { maat_state_get_direct_hit_objects(state, hit_objects, n_hit_object); EXPECT_EQ(n_hit_object, 2); - EXPECT_EQ(hit_objects[0].item_id, item4_id); - EXPECT_EQ(hit_objects[0].object_id, object4_id); - EXPECT_EQ(hit_objects[0].attribute_id, keywords_table_id); //physical table(keywords_table) attribute_id is 0 + uuid_unparse(hit_objects[0].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item4_uuid_str); + uuid_unparse(hit_objects[0].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object4_uuid_str); + EXPECT_STREQ(hit_objects[0].attribute_name, keywords_attr_name); - EXPECT_EQ(hit_objects[1].item_id, item3_id); - EXPECT_EQ(hit_objects[1].object_id, object3_id); - EXPECT_EQ(hit_objects[1].attribute_id, ip_table_id); + uuid_unparse(hit_objects[1].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item3_uuid_str); + uuid_unparse(hit_objects[1].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object3_uuid_str); + EXPECT_STREQ(hit_objects[1].attribute_name, ip_attribute_name); ret = maat_stream_scan(stream, keywords2, strlen(keywords2), results, ARRAY_SIZE, &n_hit_result, state); @@ -8596,29 +8737,38 @@ TEST_F(MaatCmd, HitObject) { maat_state_get_direct_hit_objects(state, hit_objects, n_hit_object); EXPECT_EQ(n_hit_object, 2); - EXPECT_EQ(hit_objects[0].item_id, item5_id); - EXPECT_EQ(hit_objects[0].object_id, object1_id); - EXPECT_EQ(hit_objects[0].attribute_id, keywords_table_id); //physical table(keywords_table) attribute_id is 0 + uuid_unparse(hit_objects[0].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item5_uuid_str); + uuid_unparse(hit_objects[0].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + EXPECT_STREQ(hit_objects[0].attribute_name, keywords_attr_name); - EXPECT_EQ(hit_objects[1].item_id, item4_id); - EXPECT_EQ(hit_objects[1].object_id, object4_id); - EXPECT_EQ(hit_objects[1].attribute_id, keywords_table_id); //physical table(keywords_table) attribute_id is 0 + uuid_unparse(hit_objects[1].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item4_uuid_str); + uuid_unparse(hit_objects[1].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object4_uuid_str); + EXPECT_STREQ(hit_objects[1].attribute_name, keywords_attr_name); n_last_hit_object = maat_state_get_last_hit_object_cnt(state); maat_state_get_last_hit_objects(state, last_hit_objects, 128); EXPECT_EQ(n_last_hit_object, 3); - EXPECT_EQ(last_hit_objects[0].item_id, item5_id); - EXPECT_EQ(last_hit_objects[0].object_id, object1_id); - EXPECT_EQ(last_hit_objects[0].attribute_id, keywords_table_id); + uuid_unparse(last_hit_objects[0].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item5_uuid_str); + uuid_unparse(last_hit_objects[0].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + EXPECT_STREQ(last_hit_objects[0].attribute_name, keywords_attr_name); - EXPECT_EQ(last_hit_objects[1].item_id, item4_id); - EXPECT_EQ(last_hit_objects[1].object_id, object4_id); - EXPECT_EQ(last_hit_objects[1].attribute_id, keywords_table_id); + uuid_unparse(last_hit_objects[1].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item4_uuid_str); + uuid_unparse(last_hit_objects[1].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object4_uuid_str); + EXPECT_STREQ(last_hit_objects[1].attribute_name, keywords_attr_name); - EXPECT_EQ(last_hit_objects[2].item_id, 0); - EXPECT_EQ(last_hit_objects[2].object_id, object11_id); - EXPECT_EQ(last_hit_objects[2].attribute_id, keywords_table_id); + EXPECT_TRUE(uuid_is_null(last_hit_objects[2].item_uuid)); + uuid_unparse(last_hit_objects[2].object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object11_uuid_str); + EXPECT_STREQ(last_hit_objects[2].attribute_name, keywords_attr_name); maat_stream_free(stream); maat_state_free(state); @@ -8627,33 +8777,30 @@ TEST_F(MaatCmd, HitObject) { TEST_F(MaatCmd, HitPathBasic) { const char *o2o_table_name = "OBJECT2OBJECT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; const char *rule_table_name = "RULE_DEFAULT"; const char *http_sig_table_name = "HTTP_SIGNATURE"; + const char *http_req_attr_name = "HTTP_REQUEST_HEADER"; + const char *http_resp_attr_name = "HTTP_RESPONSE_HEADER"; const char *ip_table_name = "IP_CONFIG"; + const char *ip_attribute_name = "IP_CONFIG"; const char *keywords_table_name = "KEYWORDS_TABLE"; - int thread_id = 0; + const char *keywords_attr_name = "KEYWORDS"; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - /* rule1 */ - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 2, 0); - EXPECT_EQ(ret, 1); - //object1 -> rule1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, - "HTTP_REQUEST_HEADER", 1, 0); - EXPECT_EQ(ret, 1); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); //item1 -> object1 -> rule1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, - item1_id, object1_id, "graph_theory", "URL", - 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + item1_uuid_str, object1_uuid_str, "graph_theory", + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 @@ -8661,9 +8808,26 @@ TEST_F(MaatCmd, HitPathBasic) { object21_/ */ long long object21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object21_id, rule1_id, 0, - "HTTP_RESPONSE_HEADER", 2, 0); + char object21_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object21_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object21_id); + + /* rule1 */ + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + struct maat_cmd_and_condition and_conditions[2]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = http_req_attr_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = http_resp_attr_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 2, NULL, 0); EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 @@ -8671,8 +8835,10 @@ TEST_F(MaatCmd, HitPathBasic) { object2 -> object21 _/ */ long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id); ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD, - object21_id, object2_id, 0); + object21_uuid_str, &object2_uuid_str, 1, NULL, 0, 0); EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 @@ -8680,9 +8846,11 @@ TEST_F(MaatCmd, HitPathBasic) { item2 -> object2 -> object21 _/ */ long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item2_id); ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, - item2_id, object2_id, "time=2020-02-11", "Cookie", - 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + item2_uuid_str, object2_uuid_str, "time=2020-02-11", + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* @@ -8693,24 +8861,34 @@ TEST_F(MaatCmd, HitPathBasic) { item2 -> object2 -> object21 _/ */ long long object11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object11_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object11_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object11_id); ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD, - object11_id, object1_id, 0); + object11_uuid_str, &object1_uuid_str, 1, NULL, 0, 0); EXPECT_EQ(ret, 1); //item3 -> object3, object3 is not referenced by any rule. long long item3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long object3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item3_id, - object3_id, "220.181.38.148-220.181.38.149", 0); + char object3_uuid_str[UUID_STR_LEN] = {0}; + char item3_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object3_id); + snprintf(item3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item3_id); + ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item3_uuid_str, + object3_uuid_str, "220.181.38.148-220.181.38.149", NULL, 0); EXPECT_EQ(ret, 1); //item4 -> object4, object4 is not referenced by any rule. long long item4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long object4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object4_uuid_str[UUID_STR_LEN] = {0}; + char item4_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object4_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object4_id); + snprintf(item4_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item4_id); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, - item4_id, object4_id, + item4_uuid_str, object4_uuid_str, "a finite or infinite", - NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -8719,22 +8897,16 @@ TEST_F(MaatCmd, HitPathBasic) { const char* http_resp_hdr_cookie = "laptop=thinkpad X1 extrem;time=2020-02-11T15:34:00;" "main[XWJOKE]=hoho; Hm_lvt_bbac0322e6ee13093f98d5c4b5a10912=1578874808;"; - int http_req_table_id = maat_get_table_id(maat_inst, "HTTP_REQUEST_HEADER"); - ASSERT_GT(http_req_table_id, 0); - - ret = maat_state_set_scan_district(state, http_req_table_id, "URL", strlen("URL")); - EXPECT_EQ(ret, 0); - int Nth_scan = 0; Nth_scan++; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, http_req_table_id, http_url, strlen(http_url), + ret = maat_scan_string(maat_inst, http_sig_table_name, http_req_attr_name, http_url, strlen(http_url), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, http_req_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_sig_table_name, http_req_attr_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -8748,36 +8920,36 @@ TEST_F(MaatCmd, HitPathBasic) { int path_idx = 0; EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, item1_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object11_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, http_req_table_id); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item1_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object11_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); path_idx++; EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, item1_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, http_req_table_id); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); - - int http_res_table_id = maat_get_table_id(maat_inst, "HTTP_RESPONSE_HEADER"); - ASSERT_GT(http_res_table_id, 0); - - ret = maat_state_set_scan_district(state, http_res_table_id, "Cookie", - strlen("Cookie")); - EXPECT_EQ(ret, 0); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item1_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); Nth_scan++; - ret = maat_scan_string(maat_inst, http_res_table_id, http_resp_hdr_cookie, + ret = maat_scan_string(maat_inst, http_sig_table_name, http_resp_attr_name, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, http_res_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_sig_table_name, http_resp_attr_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -8789,36 +8961,50 @@ TEST_F(MaatCmd, HitPathBasic) { path_idx = 0; EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan-1); - EXPECT_EQ(hit_path[path_idx].item_id, item1_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object11_id); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item1_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object11_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); path_idx++; ASSERT_EQ(path_idx, 1); EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan-1); - EXPECT_EQ(hit_path[path_idx].item_id, item1_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item1_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); path_idx++; ASSERT_EQ(path_idx, 2); EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, item2_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object2_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object21_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, http_res_table_id); - EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object21_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); path_idx++; ASSERT_EQ(path_idx, 3); EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, item2_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object2_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, http_res_table_id); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); + const char* keywords1="In graph theory, a path in a graph is a finite or infinite \ sequence of edges which joins a sequence of vertices which, by most definitions,\ are all distinct (and since the vertices are distinct, so are the edges). "; @@ -8826,16 +9012,13 @@ are all distinct (and since the vertices are distinct, so are the edges). "; sequence of edges which joins a sequence of distinct vertices, but with the added restriction\ that the edges be all directed in the same direction."; - int keywords_table_id = maat_get_table_id(maat_inst, keywords_table_name); - ASSERT_GT(keywords_table_id, 0); - - struct maat_stream *stream = maat_stream_new(maat_inst, keywords_table_id, state); + struct maat_stream *stream = maat_stream_new(maat_inst, keywords_table_name, keywords_attr_name, state); Nth_scan++; ret = maat_stream_scan(stream, keywords1, strlen(keywords1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, keywords_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_attr_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -8848,24 +9031,23 @@ that the edges be all directed in the same direction."; path_idx++; ASSERT_EQ(path_idx, 4); EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, item4_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object4_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); - - int ip_table_id = maat_get_table_id(maat_inst, ip_table_name); - ASSERT_GT(ip_table_id, 0); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item4_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object4_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); Nth_scan++; uint32_t ip_addr; inet_pton(AF_INET, "220.181.38.148", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -8878,18 +9060,20 @@ that the edges be all directed in the same direction."; path_idx++; ASSERT_EQ(path_idx, 5); EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, item3_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object3_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item3_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object3_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); Nth_scan++; ret = maat_stream_scan(stream, keywords2, strlen(keywords2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, keywords_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_attr_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -8902,11 +9086,14 @@ that the edges be all directed in the same direction."; path_idx++; ASSERT_EQ(path_idx, 6); EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, item4_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object4_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item4_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object4_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); + maat_stream_free(stream); maat_state_free(state); state = NULL; @@ -8928,32 +9115,27 @@ that the edges be all directed in the same direction."; */ TEST_F(MaatCmd, HitPathAdvanced) { const char *o2o_table_name = "OBJECT2OBJECT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; const char *rule_table_name = "RULE_DEFAULT"; const char *ip_table_name = "IP_CONFIG"; + const char *ip_attribute_name = "IP_CONFIG"; const char *keywords_table_name = "KEYWORDS_TABLE"; - int thread_id = 0; + const char *keywords_attr_name = "KEYWORDS"; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - /* rule1 */ - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 2, 0); - EXPECT_EQ(ret, 1); - //object1 -> rule1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, - "KEYWORDS_TABLE", 1, 0); //condition_index:1 - EXPECT_EQ(ret, 1); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); //item1 -> object1 -> rule1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, - item1_id, object1_id, "computer_theory", NULL, - 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + item1_uuid_str, object1_uuid_str, "computer_theory", + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 @@ -8961,9 +9143,26 @@ TEST_F(MaatCmd, HitPathAdvanced) { object21_/ */ long long object21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object21_id, rule1_id, 0, - "KEYWORDS_TABLE", 2, 0); //condition_index:2 + char object21_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object21_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object21_id); + + /* rule1 */ + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[2]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = keywords_attr_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = keywords_attr_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 2, NULL, 0); EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 @@ -8971,8 +9170,10 @@ TEST_F(MaatCmd, HitPathAdvanced) { object2 -> object21 _/ */ long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id); ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD, - object21_id, object2_id, 0); + object21_uuid_str, &object2_uuid_str, 1, NULL, 0, 0); EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 @@ -8980,28 +9181,13 @@ TEST_F(MaatCmd, HitPathAdvanced) { item2 -> object2 -> object21 _/ */ long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item2_id); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, - item2_id, object2_id, "social_theory", NULL, - 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ - EXPECT_EQ(ret, 1); - - //rule2 - long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule2_id, "null", 2, 0); + item2_uuid_str, object2_uuid_str, "social_theory", + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); - /* item1 -> object1 -> rule1 - / - item2 -> object2 -> object21 _/ - \ - \ - rule2 - */ - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object21_id, rule2_id, 0, - "KEYWORDS_TABLE", 3, 0); //condition_index:3 - EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 / @@ -9012,33 +9198,32 @@ TEST_F(MaatCmd, HitPathAdvanced) { */ long long item3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long object3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item3_id, - object3_id, "220.181.38.168-220.181.38.169", 0); + char object3_uuid_str[UUID_STR_LEN] = {0}; + char item3_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object3_id); + snprintf(item3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item3_id); + ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item3_uuid_str, + object3_uuid_str, "220.181.38.168-220.181.38.169", NULL, 0); EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object3_id, rule2_id, 0, - "IP_CONFIG", 4, 0); //condition_index:4 - EXPECT_EQ(ret, 1); - - /* item1 -> object1 -> rule1 - / - item2 -> object2 -> object21 _/ - \ - \ - item3 -> object3 -> rule2 - \ - \ --> rule3 - */ - long long rule3_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + //rule2 + long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id); + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = keywords_attr_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object21_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule3_id, "null", 2, 0); + rule2_uuid_str, and_conditions, 2, NULL, 0); EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object3_id, rule3_id, 0, - "IP_CONFIG", 5, 0); //condition_index:5 - EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 / @@ -9056,16 +9241,33 @@ TEST_F(MaatCmd, HitPathAdvanced) { */ long long item4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long object4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object4_uuid_str[UUID_STR_LEN] = {0}; + char item4_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object4_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object4_id); + snprintf(item4_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item4_id); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, - item4_id, object4_id, + item4_uuid_str, object4_uuid_str, "basic and advanced", - NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object4_id, rule3_id, 0, - "KEYWORDS_TABLE", 6, 0); //condition_index:6 - EXPECT_EQ(ret, 1); + //rule3 + long long rule3_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule3_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule3_id); + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object3_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = keywords_attr_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object4_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule3_uuid_str, and_conditions, 2, NULL, 0); + EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -9077,7 +9279,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, keywords_table_id, http_url_computer, + ret = maat_scan_string(maat_inst, keywords_table_name, keywords_attr_name, http_url_computer, strlen(http_url_computer), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -9089,63 +9291,75 @@ TEST_F(MaatCmd, HitPathAdvanced) { int path_idx = 0; EXPECT_EQ(hit_path[path_idx].Nth_scan, 1); - EXPECT_EQ(hit_path[path_idx].item_id, item1_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item1_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, -1); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); - ret = maat_scan_string(maat_inst, keywords_table_id, http_url_social, + ret = maat_scan_string(maat_inst, keywords_table_name, keywords_attr_name, http_url_social, strlen(http_url_social), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path)); EXPECT_EQ(n_read, 3); path_idx = 0; EXPECT_EQ(hit_path[path_idx].Nth_scan, 1); - EXPECT_EQ(hit_path[path_idx].item_id, item1_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].condition_index, 1); - EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item1_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_EQ(hit_path[path_idx].condition_index, 0); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); path_idx++; ASSERT_EQ(path_idx, 1); EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); - EXPECT_EQ(hit_path[path_idx].item_id, item2_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object2_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object21_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].condition_index, 2); - EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object21_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_EQ(hit_path[path_idx].condition_index, 1); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); path_idx++; ASSERT_EQ(path_idx, 2); EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); - EXPECT_EQ(hit_path[path_idx].item_id, item2_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object2_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, -1); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); uint32_t ip_addr; inet_pton(AF_INET, "220.181.38.168", &ip_addr); - int ip_table_id = maat_get_table_id(maat_inst, ip_table_name); - ASSERT_GT(ip_table_id, 0); - - ret = maat_scan_ipv4(maat_inst, ip_table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule2_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule2_uuid_str); memset(hit_path, 0, sizeof(hit_path)); n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path)); @@ -9153,60 +9367,79 @@ TEST_F(MaatCmd, HitPathAdvanced) { path_idx = 0; EXPECT_EQ(hit_path[path_idx].Nth_scan, 1); - EXPECT_EQ(hit_path[path_idx].item_id, item1_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].condition_index, 1); - EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item1_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_EQ(hit_path[path_idx].condition_index, 0); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); path_idx++; ASSERT_EQ(path_idx, 1); EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); - EXPECT_EQ(hit_path[path_idx].item_id, item2_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object2_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object21_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].condition_index, 3); - EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object21_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_EQ(hit_path[path_idx].condition_index, 0); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule2_uuid_str); path_idx++; ASSERT_EQ(path_idx, 2); EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); - EXPECT_EQ(hit_path[path_idx].item_id, item2_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object2_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, -1); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); path_idx++; ASSERT_EQ(path_idx, 3); EXPECT_EQ(hit_path[path_idx].Nth_scan, 3); - EXPECT_EQ(hit_path[path_idx].item_id, item3_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object3_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object3_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id); - EXPECT_EQ(hit_path[path_idx].condition_index, 4); - EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item3_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object3_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object3_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_EQ(hit_path[path_idx].condition_index, 1); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule2_uuid_str); path_idx++; ASSERT_EQ(path_idx, 4); EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); - EXPECT_EQ(hit_path[path_idx].item_id, item2_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object2_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object21_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].condition_index, 2); - EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object21_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_EQ(hit_path[path_idx].condition_index, 1); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); const char *keywords1 = "In theory, basic and advanced is common"; - ret = maat_scan_string(maat_inst, keywords_table_id, keywords1, + ret = maat_scan_string(maat_inst, keywords_table_name, keywords_attr_name, keywords1, strlen(keywords1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule3_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule3_uuid_str); memset(hit_path, 0, sizeof(hit_path)); n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path)); @@ -9214,72 +9447,98 @@ TEST_F(MaatCmd, HitPathAdvanced) { path_idx = 0; EXPECT_EQ(hit_path[path_idx].Nth_scan, 1); - EXPECT_EQ(hit_path[path_idx].item_id, item1_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].condition_index, 1); - EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item1_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_EQ(hit_path[path_idx].condition_index, 0); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); path_idx++; ASSERT_EQ(path_idx, 1); EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); - EXPECT_EQ(hit_path[path_idx].item_id, item2_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object2_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object21_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].condition_index, 3); - EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object21_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_EQ(hit_path[path_idx].condition_index, 0); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule2_uuid_str); path_idx++; ASSERT_EQ(path_idx, 2); EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); - EXPECT_EQ(hit_path[path_idx].item_id, item2_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object2_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, -1); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); path_idx++; ASSERT_EQ(path_idx, 3); EXPECT_EQ(hit_path[path_idx].Nth_scan, 3); - EXPECT_EQ(hit_path[path_idx].item_id, item3_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object3_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object3_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id); - EXPECT_EQ(hit_path[path_idx].condition_index, 5); - EXPECT_EQ(hit_path[path_idx].rule_id, rule3_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item3_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object3_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object3_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_EQ(hit_path[path_idx].condition_index, 0); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule3_uuid_str); path_idx++; ASSERT_EQ(path_idx, 4); EXPECT_EQ(hit_path[path_idx].Nth_scan, 4); - EXPECT_EQ(hit_path[path_idx].item_id, item4_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object4_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object4_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].condition_index, 6); - EXPECT_EQ(hit_path[path_idx].rule_id, rule3_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item4_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object4_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object4_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_EQ(hit_path[path_idx].condition_index, 1); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule3_uuid_str); path_idx++; ASSERT_EQ(path_idx, 5); EXPECT_EQ(hit_path[path_idx].Nth_scan, 3); - EXPECT_EQ(hit_path[path_idx].item_id, item3_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object3_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object3_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id); - EXPECT_EQ(hit_path[path_idx].condition_index, 4); - EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item3_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object3_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object3_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_EQ(hit_path[path_idx].condition_index, 1); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule2_uuid_str); path_idx++; ASSERT_EQ(path_idx, 6); EXPECT_EQ(hit_path[path_idx].Nth_scan, 2); - EXPECT_EQ(hit_path[path_idx].item_id, item2_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object2_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object21_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].condition_index, 2); - EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object21_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_EQ(hit_path[path_idx].condition_index, 1); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); maat_state_free(state); state = NULL; @@ -9287,32 +9546,29 @@ TEST_F(MaatCmd, HitPathAdvanced) { TEST_F(MaatCmd, HitPathHasNotObject) { const char *o2o_table_name = "OBJECT2OBJECT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; const char *rule_table_name = "RULE_DEFAULT"; const char *http_sig_table_name = "HTTP_SIGNATURE"; + const char *http_req_attr_name = "HTTP_REQUEST_HEADER"; + const char *http_resp_attr_name = "HTTP_RESPONSE_HEADER"; const char *ip_table_name = "IP_CONFIG"; + const char *ip_attribute_name = "IP_CONFIG"; const char *keywords_table_name = "KEYWORDS_TABLE"; - int thread_id = 0; + const char *keywords_attr_name = "KEYWORDS"; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - /* rule1 */ - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 2, 0); - EXPECT_EQ(ret, 1); - // !object1 -> rule1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 1, - "HTTP_REQUEST_HEADER", 1, 0); - EXPECT_EQ(ret, 1); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); // !(item1 -> object1) -> rule1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, - item1_id, object1_id, "math_theory", "URL", 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + item1_uuid_str, object1_uuid_str, "math_theory", EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* !(item1 -> object1) -> rule1 @@ -9320,9 +9576,26 @@ TEST_F(MaatCmd, HitPathHasNotObject) { object21_/ */ long long object21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object21_id, rule1_id, 0, - "HTTP_RESPONSE_HEADER", 2, 0); + char object21_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object21_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object21_id); + + /* rule1 */ + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[2]; + and_conditions[0].negate_option = 1; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = http_req_attr_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = http_resp_attr_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 2, NULL, 0); EXPECT_EQ(ret, 1); /* !(item1 -> object1) -> rule1 @@ -9330,8 +9603,10 @@ TEST_F(MaatCmd, HitPathHasNotObject) { object2 -> object21 _/ */ long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id); ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD, - object21_id, object2_id, 0); + object21_uuid_str, &object2_uuid_str, 1, NULL, 0, 0); EXPECT_EQ(ret, 1); /* !(item1 -> object1) -> rule1 @@ -9339,9 +9614,11 @@ TEST_F(MaatCmd, HitPathHasNotObject) { item2 -> object2 -> object21 _/ */ long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item2_id); ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, - item2_id, object2_id, "time=2020-02-12", "Cookie", - 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + item2_uuid_str, object2_uuid_str, "time=2020-02-12", + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* @@ -9352,24 +9629,34 @@ TEST_F(MaatCmd, HitPathHasNotObject) { item2 -> object2 -> object21 _/ */ long long object11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object11_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object11_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object11_id); ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD, - object11_id, object1_id, 0); + object11_uuid_str, &object1_uuid_str, 1, NULL, 0, 0); EXPECT_EQ(ret, 1); //item3 -> object3, object3 is not referenced by any rule. long long item3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long object3_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item3_id, - object3_id, "220.181.38.158-220.181.38.159", 0); + char object3_uuid_str[UUID_STR_LEN] = {0}; + char item3_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object3_id); + snprintf(item3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item3_id); + ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item3_uuid_str, + object3_uuid_str, "220.181.38.158-220.181.38.159", NULL, 0); EXPECT_EQ(ret, 1); //item4 -> object4, object4 is not referenced by any rule. long long item4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long object4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object4_uuid_str[UUID_STR_LEN] = {0}; + char item4_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object4_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object4_id); + snprintf(item4_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item4_id); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, - item4_id, object4_id, + item4_uuid_str, object4_uuid_str, "a finite and infinite", - NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -9378,22 +9665,16 @@ TEST_F(MaatCmd, HitPathHasNotObject) { const char* http_resp_hdr_cookie = "laptop=thinkpad X1 extrem;time=2020-02-12T15:34:00;" "main[XWJOKE]=hoho; Hm_lvt_bbac0322e6ee13093f98d5c4b5a10912=1578874808;"; - int http_req_table_id = maat_get_table_id(maat_inst, "HTTP_REQUEST_HEADER"); - ASSERT_GT(http_req_table_id, 0); - - ret = maat_state_set_scan_district(state, http_req_table_id, "URL", strlen("URL")); - EXPECT_EQ(ret, 0); - int Nth_scan = 0; Nth_scan++; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, http_req_table_id, http_url, strlen(http_url), + ret = maat_scan_string(maat_inst, http_sig_table_name, http_req_attr_name, http_url, strlen(http_url), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, http_req_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_sig_table_name, http_req_attr_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9407,38 +9688,37 @@ TEST_F(MaatCmd, HitPathHasNotObject) { int path_idx = 0; EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, -1); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object11_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, http_req_table_id); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].item_uuid) == 1); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object11_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 1); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); path_idx++; EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, -1); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, http_req_table_id); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].item_uuid) == 1); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 1); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); - int http_res_table_id = maat_get_table_id(maat_inst, "HTTP_RESPONSE_HEADER"); - ASSERT_GT(http_res_table_id, 0); - - ret = maat_state_set_scan_district(state, http_res_table_id, "Cookie", - strlen("Cookie")); - EXPECT_EQ(ret, 0); Nth_scan++; - ret = maat_scan_string(maat_inst, http_res_table_id, http_resp_hdr_cookie, + ret = maat_scan_string(maat_inst, http_sig_table_name, http_resp_attr_name, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, http_res_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_sig_table_name, http_resp_attr_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9450,40 +9730,51 @@ TEST_F(MaatCmd, HitPathHasNotObject) { path_idx = 0; EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan-1); - EXPECT_EQ(hit_path[path_idx].item_id, -1); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object11_id); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].item_uuid) == 1); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object11_uuid_str); EXPECT_EQ(hit_path[path_idx].negate_option, 1); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); path_idx++; ASSERT_EQ(path_idx, 1); EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan-1); - EXPECT_EQ(hit_path[path_idx].item_id, -1); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object1_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object1_id); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].item_uuid) == 1); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object1_uuid_str); EXPECT_EQ(hit_path[path_idx].negate_option, 1); - EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); path_idx++; ASSERT_EQ(path_idx, 2); EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, item2_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object2_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object21_id); - EXPECT_EQ(hit_path[path_idx].attribute_id, http_res_table_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object21_uuid_str); + EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); - EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); path_idx++; ASSERT_EQ(path_idx, 3); EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, item2_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object2_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, http_res_table_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item2_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object2_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); const char *keywords1 = "In math theory, a finite and infinite come up all the time."; const char *keywords2= "a finite and infinite come up again."; @@ -9491,13 +9782,13 @@ TEST_F(MaatCmd, HitPathHasNotObject) { int keywords_table_id = maat_get_table_id(maat_inst, keywords_table_name); ASSERT_GT(keywords_table_id, 0); - struct maat_stream *stream = maat_stream_new(maat_inst, keywords_table_id, state); + struct maat_stream *stream = maat_stream_new(maat_inst, keywords_table_name, keywords_attr_name, state); Nth_scan++; ret = maat_stream_scan(stream, keywords1, strlen(keywords1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, keywords_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_attr_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9510,24 +9801,23 @@ TEST_F(MaatCmd, HitPathHasNotObject) { path_idx++; ASSERT_EQ(path_idx, 4); EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, item4_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object4_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item4_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object4_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); - - int ip_table_id = maat_get_table_id(maat_inst, ip_table_name); - ASSERT_GT(ip_table_id, 0); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); Nth_scan++; uint32_t ip_addr; inet_pton(AF_INET, "220.181.38.158", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9540,19 +9830,21 @@ TEST_F(MaatCmd, HitPathHasNotObject) { path_idx++; ASSERT_EQ(path_idx, 5); EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, item3_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object3_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item3_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object3_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); Nth_scan++; ret = maat_stream_scan(stream, keywords2, strlen(keywords2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, keywords_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_attr_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9565,12 +9857,14 @@ TEST_F(MaatCmd, HitPathHasNotObject) { path_idx++; ASSERT_EQ(path_idx, 6); EXPECT_EQ(hit_path[path_idx].Nth_scan, Nth_scan); - EXPECT_EQ(hit_path[path_idx].item_id, item4_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object4_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item4_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object4_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); maat_stream_free(stream); maat_state_free(state); @@ -9580,9 +9874,9 @@ TEST_F(MaatCmd, HitPathHasNotObject) { TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) { int thread_id = 0; const char *o2o_table_name = "OBJECT2OBJECT"; - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; const char *rule_table_name = "RULE_DEFAULT"; const char *http_sig_table_name = "HTTP_SIGNATURE"; + const char *http_resp_attr_name = "HTTP_RESPONSE_HEADER"; struct maat *maat_inst = MaatCmd::_shared_maat_inst; /* item5 -> object5 -> object52 -> rule2 @@ -9591,60 +9885,64 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) { */ long long item5_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long object5_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object5_uuid_str[UUID_STR_LEN] = {0}; + char item5_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object5_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object5_id); + snprintf(item5_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item5_id); int ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, - item5_id, object5_id, + item5_uuid_str, object5_uuid_str, "same superobject referenced by multi rule", - "KEY", 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); long long object52_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object52_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object52_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object52_id); ret = object2object_table_set_line(maat_inst, o2o_table_name, MAAT_OP_ADD, - object52_id, object5_id, 0); + object52_uuid_str, &object5_uuid_str, 1, NULL, 0, 0); EXPECT_EQ(ret, 1); long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id); + struct maat_cmd_and_condition and_condition; + and_condition.negate_option = 0; + and_condition.or_condition_num = 1; + and_condition.or_conditions[0].attribute_name = http_resp_attr_name; + and_condition.or_conditions[0].object_num = 1; + and_condition.or_conditions[0].object_uuids_str[0] = object52_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule2_id, "HTTP_RESPONSE_HEADER", 1, 0); - EXPECT_EQ(ret, 1); - - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object52_id, rule2_id, 0, - "HTTP_RESPONSE_HEADER", 0, 0); + rule2_uuid_str, &and_condition, 1, "HTTP_RESPONSE_HEADER", 0); EXPECT_EQ(ret, 1); long long rule3_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule3_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule3_id); ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule3_id, "HTTP_RESPONSE_HEADER", 1, 0); - EXPECT_EQ(ret, 1); - - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object52_id, rule3_id, 0, - "HTTP_RESPONSE_HEADER", 0, 0); + rule3_uuid_str, &and_condition, 1, "HTTP_RESPONSE_HEADER", 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); - int http_res_table_id = maat_get_table_id(maat_inst, "HTTP_RESPONSE_HEADER"); - ASSERT_GT(http_res_table_id, 0); - struct maat_state *state = maat_state_new(maat_inst, thread_id); - ret = maat_state_set_scan_district(state, http_res_table_id, "KEY", strlen("KEY")); - EXPECT_EQ(ret, 0); - + struct maat_state *state = maat_state_new(maat_inst, thread_id); const char *http_res_key_str = "same superobject referenced by multi rule"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; struct maat_hit_path hit_path[128]; - ret = maat_scan_string(maat_inst, http_res_table_id, http_res_key_str, + ret = maat_scan_string(maat_inst, http_sig_table_name, http_resp_attr_name, http_res_key_str, strlen(http_res_key_str), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); - EXPECT_EQ(results[0], rule3_id); - EXPECT_EQ(results[1], rule2_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule3_uuid_str); + uuid_unparse(results[1], uuid_str); + EXPECT_STREQ(uuid_str, rule2_uuid_str); - ret = maat_scan_not_logic(maat_inst, http_res_table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_sig_table_name, http_resp_attr_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9654,66 +9952,93 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) { int path_idx = 0; EXPECT_EQ(hit_path[path_idx].Nth_scan, 1); - EXPECT_EQ(hit_path[path_idx].item_id, item5_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object5_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object52_id); - EXPECT_EQ(hit_path[path_idx].rule_id, rule3_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item5_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object5_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object52_uuid_str); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule3_uuid_str); path_idx++; EXPECT_EQ(hit_path[path_idx].Nth_scan, 1); - EXPECT_EQ(hit_path[path_idx].item_id, item5_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object5_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, -1); - EXPECT_EQ(hit_path[path_idx].rule_id, -1); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item5_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object5_uuid_str); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); + EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); path_idx++; EXPECT_EQ(hit_path[path_idx].Nth_scan, 1); - EXPECT_EQ(hit_path[path_idx].item_id, item5_id); - EXPECT_EQ(hit_path[path_idx].sub_object_id, object5_id); - EXPECT_EQ(hit_path[path_idx].top_object_id, object52_id); - EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id); + uuid_unparse(hit_path[path_idx].item_uuid, uuid_str); + EXPECT_STREQ(uuid_str, item5_uuid_str); + uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object5_uuid_str); + uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); + EXPECT_STREQ(uuid_str, object52_uuid_str); + uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); + EXPECT_STREQ(uuid_str, rule2_uuid_str); maat_state_free(state); state = NULL; } -TEST_F(MaatCmd, SameScanStatusWhenConditionUpdate_TSG6419) { - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; +TEST_F(MaatCmd, SameScanStatusWhenConditionUpdate_TSG6419) {//TODO: rule will update with all conditions const char* rule_table_name = "RULE_DEFAULT"; const char* ip_table_name = "IP_PLUS_CONFIG"; + const char *ip_attribute_name = "IP_PLUS_CONFIG"; const char *app_id_table_name = "APP_ID"; - int thread_id = 0; + const char *app_id_attribute_name = "APP_ID"; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 2, 0); - EXPECT_EQ(ret, 1); - /* item11 -> object11 -> condition1 -> rule1 / item21 -> object21 -> condition2 _/ */ long long object11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object11_id, rule1_id, 0, ip_table_name, 1, 0); - EXPECT_EQ(ret, 1); + char object11_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object11_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object11_id); long long item11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item11_id, - object11_id, "192.168.2.1-192.168.2.4", 0); + char item11_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item11_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item11_id); + ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item11_uuid_str, + object11_uuid_str, "192.168.2.1-192.168.2.4", NULL, 0); EXPECT_EQ(ret, 1); long long object21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object21_id, rule1_id, 0, app_id_table_name, 2, 0); - EXPECT_EQ(ret, 1); + char object21_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object21_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object21_id); long long item21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item21_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item21_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item21_id); ret = interval_table_set_line(maat_inst, app_id_table_name, MAAT_OP_ADD, - item21_id, object21_id, "31", NULL, 0); + item21_uuid_str, object21_uuid_str, "31", 0); EXPECT_EQ(ret, 1); + + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[3]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object11_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = app_id_attribute_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 2, NULL, 0); + EXPECT_EQ(ret, 1); + sleep(WAIT_FOR_EFFECTIVE_S * 2); uuid_t results[ARRAY_SIZE]; @@ -9721,22 +10046,20 @@ TEST_F(MaatCmd, SameScanStatusWhenConditionUpdate_TSG6419) { uint32_t ip_addr; inet_pton(AF_INET, "192.168.2.2", &ip_addr); - int table_id = maat_get_table_id(maat_inst, ip_table_name); - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); int scan_app_id = 32; - table_id = maat_get_table_id(maat_inst, app_id_table_name); - ret = maat_scan_integer(maat_inst, table_id, scan_app_id, results, + ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9745,41 +10068,49 @@ TEST_F(MaatCmd, SameScanStatusWhenConditionUpdate_TSG6419) { item21 -> object21 -> condition2 _/ item22 -> object22 -> condition3 _/ */ - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, - rule1_id, "null", 2, 0); - EXPECT_EQ(ret, 1); - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 3, 0); - EXPECT_EQ(ret, 1); - long long object22_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object22_id, rule1_id, 0, app_id_table_name, 3, 0); - EXPECT_EQ(ret, 1); + char object22_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object22_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object22_id); long long item22_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item22_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item22_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item22_id); ret = interval_table_set_line(maat_inst, app_id_table_name, MAAT_OP_ADD, - item22_id, object22_id, "32", NULL, 0); + item22_uuid_str, object22_uuid_str, "32", 0); + EXPECT_EQ(ret, 1); + + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, + rule1_uuid_str, and_conditions, 2, NULL, 0); + EXPECT_EQ(ret, 1); + + and_conditions[2].negate_option = 0; + and_conditions[2].or_condition_num = 1; + and_conditions[2].or_conditions[0].attribute_name = app_id_attribute_name; + and_conditions[2].or_conditions[0].object_num = 1; + and_conditions[2].or_conditions[0].object_uuids_str[0] = object22_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 3, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); - table_id = maat_get_table_id(maat_inst, app_id_table_name); - ret = maat_scan_integer(maat_inst, table_id, 31, results, ARRAY_SIZE, + ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, 31, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_integer(maat_inst, table_id, scan_app_id, results, + ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9788,40 +10119,56 @@ TEST_F(MaatCmd, SameScanStatusWhenConditionUpdate_TSG6419) { } TEST_F(MaatCmd, ObjectEdit) { - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; const char *rule_table_name = "RULE_DEFAULT"; const char *ip_table_name = "IP_PLUS_CONFIG"; + const char *ip_attribute_name = "IP_PLUS_CONFIG"; const char *app_id_table_name = "APP_ID"; - int thread_id = 0; + const char *app_id_attribute_name = "APP_ID"; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 2, 0); - EXPECT_EQ(ret, 1); - /* item11 -> object11 -> condition1 -> rule1 item21 -> object21 -> condition2 _/ */ long long object11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object11_id, rule1_id, 0, ip_table_name, 1, 0); - EXPECT_EQ(ret, 1); + char object11_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object11_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object11_id); long long item11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item11_id, - object11_id, "192.168.3.1-192.168.3.4", 0); + char item11_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item11_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item11_id); + ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item11_uuid_str, + object11_uuid_str, "192.168.3.1-192.168.3.4", NULL, 0); EXPECT_EQ(ret, 1); long long object21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object21_id, rule1_id, 0, app_id_table_name, 2, 0); - EXPECT_EQ(ret, 1); + char object21_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object21_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object21_id); long long item21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item21_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item21_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item21_id); ret = interval_table_set_line(maat_inst, app_id_table_name, MAAT_OP_ADD, - item21_id, object21_id, "41", NULL, 0); + item21_uuid_str, object21_uuid_str, "41", 0); + EXPECT_EQ(ret, 1); + + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[2]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object11_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = app_id_attribute_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 2, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -9832,26 +10179,20 @@ TEST_F(MaatCmd, ObjectEdit) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - int table_id = maat_get_table_id(maat_inst, ip_table_name); - ASSERT_GT(table_id, 0); - - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - table_id = maat_get_table_id(maat_inst, app_id_table_name); - ASSERT_GT(table_id, 0); - int scan_app_id = 42; - ret = maat_scan_integer(maat_inst, table_id, scan_app_id, results, + ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9864,29 +10205,28 @@ TEST_F(MaatCmd, ObjectEdit) { char scan_app_id_str[8] = {0}; snprintf(scan_app_id_str, sizeof(scan_app_id_str), "%d", scan_app_id); long long item22_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item22_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item22_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item22_id); ret = interval_table_set_line(maat_inst, app_id_table_name, MAAT_OP_ADD, - item22_id, object21_id, scan_app_id_str, NULL, 0); + item22_uuid_str, object21_uuid_str, scan_app_id_str, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - table_id = maat_get_table_id(maat_inst, ip_table_name); - ASSERT_GT(table_id, 0); - - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); - //TODO: EXPECT_EQ(ret,?) + EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - table_id = maat_get_table_id(maat_inst, app_id_table_name); - ASSERT_GT(table_id, 0); - ret = maat_scan_integer(maat_inst, table_id, scan_app_id, results, + ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9901,27 +10241,25 @@ TEST_F(MaatCmd, ObjectEdit) { item21 -> object21 -> condition2 _/ */ ret = interval_table_set_line(maat_inst, app_id_table_name, MAAT_OP_DEL, - item22_id, object21_id, scan_app_id_str, NULL, 0); + item22_uuid_str, object21_uuid_str, scan_app_id_str, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); memset(results, 0, sizeof(results)); - table_id = maat_get_table_id(maat_inst, ip_table_name); - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - table_id = maat_get_table_id(maat_inst, app_id_table_name); - ret = maat_scan_integer(maat_inst, table_id, scan_app_id, results, + ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9930,27 +10268,36 @@ TEST_F(MaatCmd, ObjectEdit) { } TEST_F(MaatCmd, RuleDelete_TSG6548) { - const char* o2r_table_name = "OBJECT2RULE_DEFAULT"; const char* rule_table_name = "RULE_DEFAULT"; const char* ip_table_name = "IP_PLUS_CONFIG"; - int thread_id = 0; + const char *ip_attribute_name = "IP_PLUS_CONFIG"; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - //item11 -> object11 -> condition1 -> rule1 long long object11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object11_id, rule1_id, 0, ip_table_name, 1, 0); - EXPECT_EQ(ret, 1); + char object11_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object11_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object11_id); long long item11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item11_id, - object11_id, "192.168.73.163-192.168.73.180", 0); + char item11_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item11_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item11_id); + ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item11_uuid_str, + object11_uuid_str, "192.168.73.163-192.168.73.180", NULL, 0); + EXPECT_EQ(ret, 1); + + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[1]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object11_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -9964,22 +10311,20 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { int table_id = maat_get_table_id(maat_inst, ip_table_name); ASSERT_GT(table_id, 0); - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, - rule1_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_DEL, - object11_id, rule1_id, 0, ip_table_name, 1, 0); + rule1_uuid_str, and_conditions, 1, NULL, 0); EXPECT_EQ(ret, 1); int hit_cnt = 0; @@ -9987,11 +10332,12 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { time_t update_time = time(NULL); time_t now = update_time; while (now - update_time < 3) { - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); if (ret == MAAT_SCAN_HIT) { hit_cnt++; - EXPECT_EQ(results[0], rule1_id); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); } if (ret == MAAT_SCAN_HALF_HIT) { miss_cnt++; @@ -10005,28 +10351,37 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { } TEST_F(MaatCmd, UpdateDeadLockDetection) { - const char* o2r_table_name = "OBJECT2RULE_DEFAULT"; const char* rule_table_name = "RULE_DEFAULT"; const char* table_http_url = "HTTP_URL"; - int thread_id = 0; + const char *attribute_http_url = "HTTP_URL"; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - //object1 -> rule1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, table_http_url, 0, 0); - EXPECT_EQ(ret, 1); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); //item1 -> object1 -> rule1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, table_http_url, MAAT_OP_ADD, item1_id, - object1_id, "part-1", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); + ret = expr_table_set_line(maat_inst, table_http_url, MAAT_OP_ADD, item1_uuid_str, + object1_uuid_str, "part-1", EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + EXPECT_EQ(ret, 1); + + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[1]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = attribute_http_url; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -10037,34 +10392,38 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - int table_id = maat_get_table_id(maat_inst, table_http_url); - ASSERT_GT(table_id, 0); - - ret = maat_scan_string(maat_inst, table_id, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_http_url, attribute_http_url, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_http_url, attribute_http_url, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule2_id, "null", 1, 0); - EXPECT_EQ(ret, 1); //object2 -> rule2 long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object2_id, rule2_id, 0, table_http_url, 0, 0); - EXPECT_EQ(ret, 1); + char object2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id); //item2 -> object2 -> rule2 long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, table_http_url, MAAT_OP_ADD, item2_id, - object2_id, "part-2", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + char item2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item2_id); + ret = expr_table_set_line(maat_inst, table_http_url, MAAT_OP_ADD, item2_uuid_str, + object2_uuid_str, "part-2", EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + EXPECT_EQ(ret, 1); + + long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id); + and_conditions[0].or_conditions[0].object_uuids_str[0] = object2_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule2_uuid_str, and_conditions, 1, NULL, 0); EXPECT_EQ(ret, 1); //DON'T DO THIS!!! @@ -10076,12 +10435,12 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { sleep(10); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_id, scan_data2, strlen(scan_data2), + ret = maat_scan_string(maat_inst, table_http_url, attribute_http_url, scan_data2, strlen(scan_data2), results, ARRAY_SIZE, &n_hit_result, state); //After full update, condition ids are re-orgnized, therefore mid are not compatible to the new scanner (hierarchy). EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_http_url, attribute_http_url, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10090,22 +10449,29 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { } TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { - const char* o2r_table_name = "OBJECT2RULE_DEFAULT"; const char* rule_table_name = "RULE_DEFAULT"; const char* scan_table_name = "KEYWORDS_TABLE"; - int thread_id = 0; + const char *scan_attribute_name = "KEYWORDS_TABLE"; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - //object1 -> rule1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, scan_table_name, 0, 0); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); + + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[1]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = scan_attribute_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -10114,23 +10480,22 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - int table_id = maat_get_table_id(maat_inst, scan_table_name); - ASSERT_GT(table_id, 0); - - struct maat_stream *stream = maat_stream_new(maat_inst, table_id, state); + struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_attribute_name, state);//TODO: create stream failed when expr_matcher is NULL ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); //item1 -> object1 -> rule1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); ret = expr_table_set_line(maat_inst, scan_table_name, MAAT_OP_ADD, - item1_id, object1_id, "stream-keywords-001-inc-update", - NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + item1_uuid_str, object1_uuid_str, "stream-keywords-001-inc-update", + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -10142,20 +10507,22 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_stream_free(stream); - stream = maat_stream_new(maat_inst, table_id, state); + stream = maat_stream_new(maat_inst, scan_table_name, scan_attribute_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10165,28 +10532,37 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { } TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { - const char* o2r_table_name = "OBJECT2RULE_DEFAULT"; const char* rule_table_name = "RULE_DEFAULT"; const char* scan_table_name = "KEYWORDS_TABLE"; - int thread_id = 0; + const char *scan_attribute_name = "KEYWORDS_TABLE"; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - //object1 -> rule1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, scan_table_name, 0, 0); - EXPECT_EQ(ret, 1); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); //item1 -> object1 -> rule1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, scan_table_name, MAAT_OP_ADD, item1_id, - object1_id, "stream-keywords-002", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); + ret = expr_table_set_line(maat_inst, scan_table_name, MAAT_OP_ADD, item1_uuid_str, + object1_uuid_str, "stream-keywords-002", EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + EXPECT_EQ(ret, 1); + + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[1]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = scan_attribute_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -10195,17 +10571,16 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - int table_id = maat_get_table_id(maat_inst, scan_table_name); - ASSERT_GT(table_id, 0); - - struct maat_stream *stream = maat_stream_new(maat_inst, table_id, state); + struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_attribute_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10222,7 +10597,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); //Scan was interupted after full update. - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10232,29 +10607,26 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { } TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; const char *rule_table_name = "RULE_DEFAULT"; const char *expr_table_name = "KEYWORDS_TABLE"; + const char *expr_attribute_name = "KEYWORDS_TABLE"; const char *ip_table_name = "IP_PLUS_CONFIG"; - int thread_id = 0; + const char *ip_attribute_name = "IP_PLUS_CONFIG"; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 2, 0); - EXPECT_EQ(ret, 1); - //object1 -> rule1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, expr_table_name, 0, 0); - EXPECT_EQ(ret, 1); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); //item1 -> object1 -> rule1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, item1_id, - object1_id, "stream-keywords-003", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); + ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, item1_uuid_str, + object1_uuid_str, "stream-keywords-003", EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 @@ -10263,12 +10635,30 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { */ long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item2_id, - object2_id, "100.100.100.1", 0); + char object2_uuid_str[UUID_STR_LEN] = {0}; + char item2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id); + snprintf(item2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item2_id); + ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item2_uuid_str, + object2_uuid_str, "100.100.100.1", NULL, 0); EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object2_id, rule1_id, 0, ip_table_name, 1, 0); + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[2]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 2, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -10283,47 +10673,50 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { int table_id = maat_get_table_id(maat_inst, ip_table_name); ASSERT_GT(table_id, 0); - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); //add rule2 for rule runtime inc update long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id); ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule2_id, "null", 1, 0); + rule2_uuid_str, and_conditions, 2, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); const char *scan_data = "Here is a stream-keywords-003, this should hit."; - table_id = maat_get_table_id(maat_inst, expr_table_name); - ASSERT_GT(table_id, 0); - struct maat_stream *stream = maat_stream_new(maat_inst, table_id, state); + struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_attribute_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); /* becase rule1_id has been returned, maat_scan_xx will not return duplicate rule_id again */ - table_id = maat_get_table_id(maat_inst, ip_table_name); - ASSERT_GT(table_id, 0); - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); - EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(n_hit_result, 1); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule2_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10333,30 +10726,27 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { } TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; const char *rule_table_name = "RULE_DEFAULT"; const char *ip_table_name = "IP_PLUS_CONFIG"; + const char *ip_attribute_name = "IP_PLUS_CONFIG"; const char *expr_table_name = "KEYWORDS_TABLE"; - int thread_id = 0; + const char *expr_attribute_name = "KEYWORDS_TABLE"; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - //object1 -> rule1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, expr_table_name, 0, 0); - EXPECT_EQ(ret, 1); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); //item1 -> object1 -> rule1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, - item1_id, object1_id, "stream-keywords-004", - NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + item1_uuid_str, object1_uuid_str, "stream-keywords-004", + EXPR_TYPE_AND, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 @@ -10365,12 +10755,30 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { */ long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); + char object2_uuid_str[UUID_STR_LEN] = {0}; + char item2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id); + snprintf(item2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item2_id); ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, - item2_id, object2_id, "100.100.100.2", 0); + item2_uuid_str, object2_uuid_str, "100.100.100.2", NULL, 0); EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object2_id, rule1_id, 0, ip_table_name, 1, 0); + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[2]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 2, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -10382,14 +10790,11 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { ret = inet_pton(AF_INET, ip_str, &ip_addr); EXPECT_EQ(ret, 1); - int table_id = maat_get_table_id(maat_inst, ip_table_name); - ASSERT_GT(table_id, 0); - - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10401,15 +10806,13 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { sleep(10); const char *scan_data = "Here is a stream-keywords-004, this should hit."; - table_id = maat_get_table_id(maat_inst, expr_table_name); - ASSERT_GT(table_id, 0); - struct maat_stream *stream = maat_stream_new(maat_inst, table_id, state); + struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_attribute_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10417,13 +10820,11 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { After full updating, new rule_rt version is different from that of maat_state, so MAAT_SCAN_HIT will never happen. */ - table_id = maat_get_table_id(maat_inst, ip_table_name); - ASSERT_GT(table_id, 0); - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10433,30 +10834,27 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { } TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; const char *rule_table_name = "RULE_DEFAULT"; const char *expr_table_name = "HTTP_URL"; + const char *expr_attribute_name = "HTTP_URL"; const char *ip_table_name = "IP_PLUS_CONFIG"; + const char *ip_attribute_name = "IP_PLUS_CONFIG"; const char *keywords = "IP&stringinc"; - int thread_id = 0; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 2, 0); - EXPECT_EQ(ret, 1); - //object1 -> rule1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, expr_table_name, 0, 0); - EXPECT_EQ(ret, 1); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); //item1 -> object1 -> rule1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, item1_id, - object1_id, keywords, NULL, 1, 0); /*EXPR_TYPE_AND MATCH_METHOD_SUB*/ + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); + ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, item1_uuid_str, + object1_uuid_str, keywords, EXPR_TYPE_AND, 0); /*EXPR_TYPE_AND MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 @@ -10465,12 +10863,30 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { */ long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item2_id, - object2_id, "100.100.100.1", 0); + char object2_uuid_str[UUID_STR_LEN] = {0}; + char item2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id); + snprintf(item2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item2_id); + ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item2_uuid_str, + object2_uuid_str, "100.100.100.1", NULL, 0); EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object2_id, rule1_id, 0, ip_table_name, 1, 0); + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[2]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 2, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -10482,49 +10898,49 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { ret = inet_pton(AF_INET, ip_str, &ip_addr); EXPECT_EQ(ret, 1); - int table_id = maat_get_table_id(maat_inst, ip_table_name); - ASSERT_GT(table_id, 0); - - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); //add rule2 for rule runtime inc update long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id); ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule2_id, "null", 1, 0); + rule2_uuid_str, and_conditions, 2, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); const char *scan_data = "Here is a IP and stringinc, this should hit."; - table_id = maat_get_table_id(maat_inst, expr_table_name); - ASSERT_GT(table_id, 0); - ret = maat_scan_string(maat_inst, table_id, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); - EXPECT_EQ(results[0], rule1_id); + char uuid_str[UUID_STR_LEN] = {0}; + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); /* becase rule1_id has been returned, maat_scan_xx will not return duplicate rule_id again */ - table_id = maat_get_table_id(maat_inst, ip_table_name); - ASSERT_GT(table_id, 0); - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); - EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(n_hit_result, 1); + uuid_unparse(results[0], uuid_str); + EXPECT_STREQ(uuid_str, rule2_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10533,30 +10949,27 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { } TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { - const char *o2r_table_name = "OBJECT2RULE_DEFAULT"; const char *rule_table_name = "RULE_DEFAULT"; const char *ip_table_name = "IP_PLUS_CONFIG"; + const char *ip_attribute_name = "IP_PLUS_CONFIG"; const char *expr_table_name = "HTTP_URL"; + const char *expr_attribute_name = "HTTP_URL"; const char *keywords = "IP&string"; - int thread_id = 0; + int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); - int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, - rule1_id, "null", 1, 0); - EXPECT_EQ(ret, 1); - //object1 -> rule1 long long object1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object1_id, rule1_id, 0, expr_table_name, 0, 0); - EXPECT_EQ(ret, 1); + char object1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object1_id); //item1 -> object1 -> rule1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); - ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, item1_id, - object1_id, keywords, "null", 1, 0); /*EXPR_TYPE_AND MATCH_METHOD_SUB*/ + char item1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(item1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item1_id); + ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, item1_uuid_str, + object1_uuid_str, keywords, EXPR_TYPE_AND, 0); /*EXPR_TYPE_AND MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* item1 -> object1 -> rule1 @@ -10565,12 +10978,30 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { */ long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1); - ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item2_id, - object2_id, "100.100.100.3", 0); + char object2_uuid_str[UUID_STR_LEN] = {0}; + char item2_uuid_str[UUID_STR_LEN] = {0}; + snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id); + snprintf(item2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", item2_id); + ret = ip_table_set_line(maat_inst, ip_table_name, MAAT_OP_ADD, item2_uuid_str, + object2_uuid_str, "100.100.100.3", NULL, 0); EXPECT_EQ(ret, 1); - ret = object2rule_table_set_line(maat_inst, o2r_table_name, MAAT_OP_ADD, - object2_id, rule1_id, 0, ip_table_name, 1, 0); + long long rule1_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + char rule1_uuid_str[UUID_STR_LEN] = {0}; + snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); + struct maat_cmd_and_condition and_conditions[2]; + and_conditions[0].negate_option = 0; + and_conditions[0].or_condition_num = 1; + and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name; + and_conditions[0].or_conditions[0].object_num = 1; + and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; + and_conditions[1].negate_option = 0; + and_conditions[1].or_condition_num = 1; + and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].object_num = 1; + and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; + ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, + rule1_uuid_str, and_conditions, 2, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -10582,14 +11013,11 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { ret = inet_pton(AF_INET, ip_str, &ip_addr); EXPECT_EQ(ret, 1); - int table_id = maat_get_table_id(maat_inst, ip_table_name); - ASSERT_GT(table_id, 0); - - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10601,14 +11029,12 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { sleep(10); const char *scan_data = "scan IP and string, this should hit."; - table_id = maat_get_table_id(maat_inst, expr_table_name); - ASSERT_GT(table_id, 0); - ret = maat_scan_string(maat_inst, table_id, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10616,21 +11042,17 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { After full updating, new rule_rt version is different from that of maat_state, so MAAT_SCAN_HIT will never happen. */ - table_id = maat_get_table_id(maat_inst, ip_table_name); - ASSERT_GT(table_id, 0); - - ret = maat_scan_ipv4(maat_inst, table_id, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_free(state); state = NULL; } -#endif class MaatRollback : public testing::Test { diff --git a/test/maat_json.json b/test/maat_json.json index 9155994..b922e8f 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -4148,6 +4148,60 @@ ] } ] + }, + { + "uuid": "00000000-0000-0000-0000-000000000237", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "action_parameter": "FileTest.StreamFiles", + "is_valid": "yes", + "and_conditions": [ + { + "attribute_name": "KEYWORDS_TABLE", + "objects": [ + { + "object_name": "236_keywords_object", + "uuid": "00000000-0000-0000-0000-000000000262", + "items": [ + { + "table_type": "expr", + "table_name": "KEYWORDS_TABLE", + "table_content": { + "expression": "处女座从学习寻找自我", + "expr_type": "and" + } + }, + { + "table_type": "expr", + "table_name": "KEYWORDS_TABLE", + "table_content": { + "expression": "亦庄", + "expr_type": "and" + } + }, + { + "table_type": "expr", + "table_name": "KEYWORDS_TABLE", + "table_content": { + "expression": "金牛座&стейк&Taurus", + "expr_type": "and" + } + }, + { + "table_type": "expr", + "table_name": "KEYWORDS_TABLE", + "table_content": { + "expression": "王守仁", + "expr_type": "and" + } + } + ] + } + ] + } + ] } ], "plugin_table": [ diff --git a/test/ntcrule/full/2018-10-09/APP_OBJECT.0000050997 b/test/ntcrule/full/2018-10-09/APP_OBJECT.0000050997 deleted file mode 100644 index 815f37d..0000000 --- a/test/ntcrule/full/2018-10-09/APP_OBJECT.0000050997 +++ /dev/null @@ -1,38 +0,0 @@ -0000000037 -922 193172 1 -199 233 1 -986 193240 1 -570 170503 1 -571 170502 1 -799 193069 1 -573 170504 1 -783 193059 1 -958 193212 1 -984 193240 1 -976 193235 1 -971 193228 1 -964 193218 1 -978 193235 1 -961 193214 1 -950 193198 1 -959 193212 1 -575 170506 1 -970 193228 1 -568 170500 1 -574 170507 1 -963 193214 1 -985 193240 1 -949 193198 1 -972 193228 1 -962 193214 1 -914 193169 1 -913 193169 1 -960 193212 1 -915 193169 1 -567 170501 1 -921 193172 1 -977 193235 1 -13 14 1 -951 193198 1 -572 170505 1 -920 193172 1 diff --git a/test/ntcrule/full/2018-10-09/APP_PAYLOAD.0000050997 b/test/ntcrule/full/2018-10-09/APP_PAYLOAD.0000050997 deleted file mode 100644 index 5f66365..0000000 --- a/test/ntcrule/full/2018-10-09/APP_PAYLOAD.0000050997 +++ /dev/null @@ -1,2 +0,0 @@ -0000000001 -979 964 L2_header c4b8b44a1fce246e96c98a800800 0 0 1 1 diff --git a/test/ntcrule/full/2018-10-09/APP_POLICY.0000050997 b/test/ntcrule/full/2018-10-09/APP_POLICY.0000050997 deleted file mode 100644 index ed51cf1..0000000 --- a/test/ntcrule/full/2018-10-09/APP_POLICY.0000050997 +++ /dev/null @@ -1,17 +0,0 @@ -0000000016 -590 574 PROTO_ID=19&BEHAV_ID=2 1 0 0 1 -584 568 PROTO_ID=61&BEHAV_ID=1 1 0 0 1 -966 949 PROTO_ID=8 0 0 0 1 -937 920 PROTO_ID=16 0 0 0 1 -586 570 PROTO_ID=15&BEHAV_ID=2 1 0 0 1 -591 575 PROTO_ID=19&BEHAV_ID=1 1 0 0 1 -999 984 PROTO_ID=16 0 0 0 1 -587 571 PROTO_ID=15&BEHAV_ID=1 1 0 0 1 -991 976 PROTO_ID=5 0 0 0 1 -589 573 PROTO_ID=13&BEHAV_ID=1 1 0 0 1 -930 913 PROTO_ID=8 0 0 0 1 -985 970 PROTO_ID=18 0 0 0 1 -973 958 PROTO_ID=24 0 0 0 1 -976 961 PROTO_ID=12 0 0 0 1 -583 567 PROTO_ID=61&BEHAV_ID=2 1 0 0 1 -588 572 PROTO_ID=13&BEHAV_ID=2 1 0 0 1 diff --git a/test/ntcrule/full/2018-10-09/APP_RULE.0000050997 b/test/ntcrule/full/2018-10-09/APP_RULE.0000050997 deleted file mode 100644 index d8c1b09..0000000 --- a/test/ntcrule/full/2018-10-09/APP_RULE.0000050997 +++ /dev/null @@ -1,22 +0,0 @@ -0000000021 -193214 35 16 1 1 0 PROTO_ID=12 1 3 0 -193198 35 16 1 1 0 PROTO_ID=8 1 3 0 -193240 35 16 1 1 0 PROTO_ID=16 1 3 0 -193069 1152 1 1 1 0 DOMAIN_ID=46002 1 1 0 -193172 35 16 1 2 0 PROTO_ID=16 1 3 0 -193212 35 16 1 1 0 PROTO_ID=24 1 3 0 -193169 35 16 1 2 0 PROTO_ID=8 1 3 0 -193235 35 16 1 1 0 PROTO_ID=5 1 3 0 -193059 1028 1 1 1 0 APP_ID=90001 1 1 0 -170505 36 16 1 1 0 PROTO_ID=13;BEHAV_ID=2 1 1 0 -193218 1025 1 1 1 0 APP_ID=90001 1 1 0 -170507 36 16 1 1 0 PROTO_ID=19;BEHAV_ID=2 1 1 0 -170500 36 16 1 1 0 PROTO_ID=61;BEHAV_ID=1 1 1 0 -14 1028 1 1 1 0 APP_ID=103301 1 1 0 -193228 35 16 1 1 0 PROTO_ID=18 1 3 0 -170503 36 16 1 1 0 PROTO_ID=15;BEHAV_ID=2 1 1 0 -170502 36 16 1 1 0 PROTO_ID=15;BEHAV_ID=1 1 1 0 -170504 36 16 1 1 0 PROTO_ID=13;BEHAV_ID=1 1 1 0 -170506 36 16 1 1 0 PROTO_ID=19;BEHAV_ID=1 1 1 0 -233 1028 1 1 1 0 APP_ID=102501 1 1 0 -170501 36 16 1 1 0 PROTO_ID=61;BEHAV_ID=2 1 1 0 diff --git a/test/ntcrule/full/2018-10-09/DDOS_PROTECT_TARGET_IP_CB.0000050997 b/test/ntcrule/full/2018-10-09/DDOS_PROTECT_TARGET_IP_CB.0000050997 deleted file mode 100644 index 4d9cd4d..0000000 --- a/test/ntcrule/full/2018-10-09/DDOS_PROTECT_TARGET_IP_CB.0000050997 +++ /dev/null @@ -1,2 +0,0 @@ -0000000001 -270 0 4 0.0.0.0 255.255.255.255 0 65535 127.127.127.127 255.255.255.255 127 65535 6 0 1 32 5 diff --git a/test/ntcrule/full/2018-10-09/MM_AV_URL.0000050997 b/test/ntcrule/full/2018-10-09/MM_AV_URL.0000050997 deleted file mode 100644 index 0eb89d8..0000000 --- a/test/ntcrule/full/2018-10-09/MM_AV_URL.0000050997 +++ /dev/null @@ -1,2 +0,0 @@ -0000000001 -10 10 www.sohu.com 0 0 0 1 diff --git a/test/ntcrule/full/2018-10-09/MM_OBJECT.0000050997 b/test/ntcrule/full/2018-10-09/MM_OBJECT.0000050997 deleted file mode 100644 index 3dbb1ce..0000000 --- a/test/ntcrule/full/2018-10-09/MM_OBJECT.0000050997 +++ /dev/null @@ -1,2 +0,0 @@ -0000000001 -10 5 1 diff --git a/test/ntcrule/full/2018-10-09/MM_RULE.0000050997 b/test/ntcrule/full/2018-10-09/MM_RULE.0000050997 deleted file mode 100644 index b8bdc30..0000000 --- a/test/ntcrule/full/2018-10-09/MM_RULE.0000050997 +++ /dev/null @@ -1,2 +0,0 @@ -0000000001 -5 272 16 1 2 0 0 1 1 0 diff --git a/test/ntcrule/full/2018-10-09/NTC_ASN_IP.0000050997 b/test/ntcrule/full/2018-10-09/NTC_ASN_IP.0000050997 deleted file mode 100644 index 34f78c0..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_ASN_IP.0000050997 +++ /dev/null @@ -1,2 +0,0 @@ -0000000001 -958 941 4 0.0.0.0 255.255.255.255 0 65535 0.0.0.1 255.255.255.255 0 65535 0 0 1 diff --git a/test/ntcrule/full/2018-10-09/NTC_BGP_AS.0000050997 b/test/ntcrule/full/2018-10-09/NTC_BGP_AS.0000050997 deleted file mode 100644 index 84cbd45..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_BGP_AS.0000050997 +++ /dev/null @@ -1,11 +0,0 @@ -0000000010 -621 605 100 0 3 0 1 -741 725 100 0 3 0 1 -744 728 100 0 3 0 1 -630 614 100 0 3 0 1 -627 611 100 0 3 0 1 -20 20 90 0 3 0 1 -614 598 100 0 3 0 1 -631 615 100 0 3 0 1 -624 608 100 0 3 0 1 -422 409 110 0 3 0 1 diff --git a/test/ntcrule/full/2018-10-09/NTC_DNS_FAKE_IP_CB.0000050997 b/test/ntcrule/full/2018-10-09/NTC_DNS_FAKE_IP_CB.0000050997 deleted file mode 100644 index 288d2b5..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_DNS_FAKE_IP_CB.0000050997 +++ /dev/null @@ -1,4 +0,0 @@ -0000000003 -9 0 4 0.0.0.0 255.255.255.255 0 65535 11.11.11.11 255.255.255.255 0 65535 0 0 1 64 -10 133 4 0.0.0.0 255.255.255.255 0 65535 22.22.22.22 255.255.255.255 0 65535 0 0 1 64 -193104 0 6 :: FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF 0 65535 fe80::6770:f9e7:add5:ed1c FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF 0 65535 0 0 1 64 diff --git a/test/ntcrule/full/2018-10-09/NTC_DNS_REGION.0000050997 b/test/ntcrule/full/2018-10-09/NTC_DNS_REGION.0000050997 deleted file mode 100644 index b64c7fb..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_DNS_REGION.0000050997 +++ /dev/null @@ -1,16 +0,0 @@ -0000000015 -886 869 QNAME www.bing.com 0 0 0 1 -68 68 QNAME book.qq.com 0 0 0 1 -885 868 QNAME www.bing.com 0 0 0 1 -67 67 QNAME www.cz88.net 0 0 0 1 -883 866 QNAME youdao.com 0 0 0 1 -881 864 QNAME hk.entertainment.appledaily.com 0 0 0 1 -884 867 QNAME www.sina.com 0 0 0 1 -70 70 QNAME chuangshi.qq.com 0 0 0 1 -445 431 QNAME finance.eastmoney.com 0 0 0 1 -8 8 QNAME www.sina.com 0 0 0 1 -66 66 QNAME www.ip138.com 0 0 0 1 -7 7 QNAME www.sohu.com 0 0 0 1 -446 432 QNAME stock.eastmoney.com 0 0 0 1 -882 865 QNAME youdao.com 0 0 0 1 -880 863 QNAME hk.entertainment.appledaily.com 0 0 0 1 diff --git a/test/ntcrule/full/2018-10-09/NTC_DNS_RES_STRATEGY.0000050997 b/test/ntcrule/full/2018-10-09/NTC_DNS_RES_STRATEGY.0000050997 deleted file mode 100644 index 0992799..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_DNS_RES_STRATEGY.0000050997 +++ /dev/null @@ -1,3 +0,0 @@ -0000000002 -8 101 dns_response1_policy 133 1 0 0 0 0 0 0 0 0 10 30 1 65 -193222 105 STRATEGY_NAME 143 89 0 0 0 0 0 0 0 0 12 24 1 65 diff --git a/test/ntcrule/full/2018-10-09/NTC_FTP_URL.0000050997 b/test/ntcrule/full/2018-10-09/NTC_FTP_URL.0000050997 deleted file mode 100644 index 07802cb..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_FTP_URL.0000050997 +++ /dev/null @@ -1,6 +0,0 @@ -0000000005 -902 885 blockchain 0 0 0 1 -901 884 aaaftpbbbtestccc 0 0 0 1 -879 862 斩首 0 0 0 1 -903 886 movie 0 0 0 1 -900 883 blockchain_guide 0 0 0 1 diff --git a/test/ntcrule/full/2018-10-09/NTC_HTTP_REQ_BODY.0000050997 b/test/ntcrule/full/2018-10-09/NTC_HTTP_REQ_BODY.0000050997 deleted file mode 100644 index 879bd75..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_HTTP_REQ_BODY.0000050997 +++ /dev/null @@ -1,5 +0,0 @@ -0000000004 -1009 994 处女座从学习寻找自我 0 0 0 1 -856 839 亦庄 0 0 0 1 -1036 1021 金牛座&стейк&Taurus 1 0 0 1 -908 891 王守仁 0 0 0 1 diff --git a/test/ntcrule/full/2018-10-09/NTC_HTTP_RES_BODY.0000050997 b/test/ntcrule/full/2018-10-09/NTC_HTTP_RES_BODY.0000050997 deleted file mode 100644 index 93a8ea7..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_HTTP_RES_BODY.0000050997 +++ /dev/null @@ -1,15 +0,0 @@ -0000000014 -845 828 girls 0 0 0 1 -851 834 冰毒 0 0 0 1 -857 840 冰糖 0 0 0 1 -872 855 钓鱼 0 0 0 1 -873 856 zmtests 0 0 0 1 -878 861 斩首 0 0 0 1 -907 890 2018-10-05 0 0 0 1 -1006 991 李白 0 0 0 1 -897 880 zmtests 0 0 0 1 -890 873 zmtests 0 0 0 1 -898 881 功能测试 0 0 0 1 -871 854 春眠 0 0 0 1 -892 875 girl 0 0 0 1 -844 827 girl&is&can&a 1 0 0 1 diff --git a/test/ntcrule/full/2018-10-09/NTC_HTTP_URL.0000050997 b/test/ntcrule/full/2018-10-09/NTC_HTTP_URL.0000050997 deleted file mode 100644 index 1b144d6..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_HTTP_URL.0000050997 +++ /dev/null @@ -1,10 +0,0 @@ -0000000009 -636 620 www.chinaso.com 0 0 0 1 -855 838 www.chinaso.com 0 0 0 1 -862 845 192.168.17.7:8080/website1/index.html 0 0 0 1 -936 919 www.v6test.com 0 0 0 1 -994 979 www.chinaso.com/search/pagesearch.htm?q 0 0 0 1 -854 837 www.bing.com 0 0 0 1 -893 876 www.arocmag.com 0 0 0 1 -1008 993 astro.sina.com.cn/l/2013-05-24/101093841.shtml 0 0 0 1 -1035 1020 www.chinaso.com 0 0 0 1 diff --git a/test/ntcrule/full/2018-10-09/NTC_MAIL_BODY.0000050997 b/test/ntcrule/full/2018-10-09/NTC_MAIL_BODY.0000050997 deleted file mode 100644 index cbbf636..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_MAIL_BODY.0000050997 +++ /dev/null @@ -1,3 +0,0 @@ -0000000002 -663 647 Content shell 0 0 0 1 -640 624 Content shell 0 0 0 1 diff --git a/test/ntcrule/full/2018-10-09/NTC_MAIL_HDR.0000050997 b/test/ntcrule/full/2018-10-09/NTC_MAIL_HDR.0000050997 deleted file mode 100644 index 938f5a7..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_MAIL_HDR.0000050997 +++ /dev/null @@ -1,15 +0,0 @@ -0000000014 -641 625 From @126.com 0 0 0 1 -565 549 Subject sports 0 0 0 1 -666 650 From whale 0 0 0 1 -823 806 From gov.com 0 0 0 1 -833 816 From hu_kwei@zmtests.com 0 0 0 1 -639 623 From whale 0 0 0 1 -566 550 Subject blogger 0 0 0 1 -822 805 From ungov.com 0 0 0 1 -567 551 Subject music 0 0 0 1 -664 648 To hasake 0 0 0 1 -837 820 To hu_kwei@zmtests.com 0 0 0 1 -1049 1034 From ntc_test123@163.com 0 0 0 1 -665 649 From whale 0 0 0 1 -846 829 From @126.com 0 0 0 1 diff --git a/test/ntcrule/full/2018-10-09/NTC_OBJECT2RULE.0000050997 b/test/ntcrule/full/2018-10-09/NTC_OBJECT2RULE.0000050997 deleted file mode 100644 index 633cea4..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_OBJECT2RULE.0000050997 +++ /dev/null @@ -1,105 +0,0 @@ -0000000103 -828 193099 1 0 null 1 -648 192999 1 0 null 1 -869 193126 1 0 null 1 -847 193114 1 0 null 1 -620 192973 1 0 null 1 -834 193105 1 0 null 1 -551 170487 1 0 null 1 -836 193106 1 0 null 1 -723 193040 1 0 null 1 -867 193128 1 0 null 1 -607 192965 1 0 null 1 -624 192976 1 0 null 1 -991 193252 1 0 null 1 -827 193098 1 0 null 1 -861 193133 1 0 null 1 -843 193112 1 0 null 1 -854 193119 1 0 null 1 -611 192967 1 0 null 1 -890 193154 1 0 null 1 -728 193039 1 0 null 1 -980 193237 1 0 null 1 -849 193115 1 0 null 1 -806 193076 1 0 null 1 -820 193091 1 0 null 1 -8 11 1 0 null 1 -845 193113 1 0 null 1 -66 118 1 0 null 1 -614 192966 1 0 null 1 -610 192967 1 0 null 1 -612 192966 1 0 null 1 -855 193120 1 0 null 1 -982 193236 1 0 null 1 -884 193148 1 0 null 1 -70 121 1 0 null 1 -831 193102 1 0 null 1 -856 193121 1 0 null 1 -881 193145 1 0 null 1 -838 193108 1 0 null 1 -873 193138 1 0 null 1 -851 193116 1 0 null 1 -623 192976 1 0 null 1 -68 120 1 0 null 1 -605 192960 1 0 null 1 -983 193236 1 0 null 1 -993 193258 1 0 null 1 -979 193234 1 0 null 1 -816 193088 1 0 null 1 -7 12 1 0 null 1 -603 192960 1 0 null 1 -981 193237 1 0 null 1 -431 170435 1 0 null 1 -846 193114 1 0 null 1 -550 170486 1 0 null 1 -649 192977 1 0 null 1 -919 193171 1 0 null 1 -864 193131 1 0 null 1 -20 32 1 0 null 1 -865 193130 1 0 null 1 -724 193040 1 0 null 1 -1021 19328 0 null 19 1 -829 193101 1 0 null 1 -868 193127 1 0 null 1 -805 193077 1 0 null 1 -613 192966 1 0 null 1 -883 193147 1 0 null 1 -647 193000 1 0 null 1 -726 193039 1 0 null 1 -862 193134 1 0 null 1 -994 193258 1 0 null 1 -549 170485 1 0 null 1 -837 193107 1 0 null 1 -863 193132 1 0 null 1 -727 193039 1 0 null 1 -409 441 1 0 null 1 -833 193103 1 0 null 1 -608 192965 1 0 null 1 -650 193002 1 0 null 1 -844 193112 1 0 null 1 -625 192978 1 0 null 1 -432 170436 1 0 null 1 -67 116 1 0 null 1 -891 193155 1 0 null 1 -598 192959 1 0 null 1 -850 193116 1 0 null 1 -609 192967 1 0 null 1 -835 193106 1 0 null 1 -885 193149 1 0 null 1 -725 193040 1 0 null 1 -615 192968 1 0 null 1 -886 193150 1 0 null 1 -880 193144 1 0 null 1 -606 192965 1 0 null 1 -876 193140 1 0 null 1 -1034 19329 0 null 14 1 -840 193110 1 0 null 1 -839 193108 1 0 null 1 -832 193103 1 0 null 1 -1020 19328 0 null 19 1 -866 193129 1 0 null 1 -604 192960 1 0 null 1 -830 193102 1 0 null 1 -875 193139 1 0 null 1 -848 193115 1 0 null 1 - 0 null 1 \ No newline at end of file diff --git a/test/ntcrule/full/2018-10-09/NTC_RULE.0000050997 b/test/ntcrule/full/2018-10-09/NTC_RULE.0000050997 deleted file mode 100644 index b3097dc..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_RULE.0000050997 +++ /dev/null @@ -1,79 +0,0 @@ -0000000078 -193131 130 1 1 2 0 0 1 1 0 -192977 132 1 1 2 0 0 1 1 0 -193147 133 1 1 2 0 0 1 1 0 -193138 129 1 1 1 0 0 1 1 0 -193234 129 1 1 1 0 0 1 1 0 -193119 129 1 1 1 0 0 1 1 0 -193000 132 1 1 2 0 0 1 1 0 -193155 17 16 1 2 0 0 1 1 0 -193252 129 1 1 1 0 0 1 1 0 -193128 130 1 1 2 0 0 1 1 0 -192973 129 1 1 1 0 0 1 1 0 -193091 132 1 1 1 0 0 1 1 0 -170486 20 16 1 2 0 0 1 1 0 -193132 18 16 1 2 0 DNS_STRATEGY=0 1 1 0 -193140 129 1 1 2 0 0 1 1 0 -192968 31 16 1 2 0 0 1 1 0 -192978 132 1 1 1 0 0 1 1 0 -193236 129 1 1 1 0 0 1 2 0 -193289 129 1 1 1 0 0 1 2 0 -193107 129 1 1 1 0 0 1 1 0 -121 18 16 1 1 0 DNS_STRATEGY=0 1 1 0 -192959 143 1 1 1 0 0 1 1 0 -193126 130 1 1 2 0 0 1 1 0 -193110 129 1 1 1 0 0 1 1 0 -193294 20 16 1 1 0 0 1 1 0 -170435 130 1 1 2 0 0 1 1 0 -193076 132 1 1 1 0 0 1 1 0 -193077 132 1 1 1 0 0 1 1 0 -193121 129 1 1 1 0 0 1 1 0 -192999 132 1 1 2 0 0 1 1 0 -193139 129 1 1 2 0 0 1 1 0 -193237 132 1 1 1 0 0 1 2 0 -193258 129 1 1 1 0 0 1 2 0 -116 130 1 1 1 0 0 1 1 0 -32 143 1 1 2 0 0 1 1 0 -120 18 16 1 1 0 DNS_STRATEGY=0 1 1 0 -193133 129 1 1 1 0 0 1 1 0 -193088 132 1 1 1 0 0 1 1 0 -193149 21 16 1 2 0 0 1 1 0 -193098 129 1 1 2 0 0 1 1 0 -193102 18 16 1 2 0 DNS_STRATEGY=0 1 2 0 -12 18 16 1 2 0 DNS_STRATEGY=101 1 1 0 -193099 129 1 1 1 0 0 1 1 0 -193145 129 1 1 1 0 0 1 1 0 -193134 133 1 1 1 0 0 1 1 0 -193039 31 16 1 1 0 0 1 3 0 -193112 21 16 1 2 0 0 1 2 0 -170436 18 16 1 2 0 DNS_STRATEGY=0 1 1 0 -11 18 16 1 2 0 DNS_STRATEGY=0 1 1 0 -192965 143 1 1 1 0 0 1 3 0 -441 143 1 1 2 0 0 1 1 0 -193101 132 1 1 1 0 0 1 1 0 -193040 31 16 1 1 0 0 1 3 0 -193108 129 1 1 1 0 0 1 2 0 -193150 133 1 1 1 0 0 1 1 0 -192976 132 1 1 2 0 0 1 2 0 -193171 17 16 1 2 0 0 1 1 0 -192960 143 1 1 1 0 0 1 3 0 -193116 20 16 1 2 0 0 1 2 0 -192966 143 1 1 1 0 0 1 3 0 -193103 18 16 1 2 0 DNS_STRATEGY=0 1 2 0 -193106 19 16 1 2 0 0 1 2 0 -193154 129 1 1 2 0 0 1 1 0 -170487 20 16 1 2 0 0 1 1 0 -193113 129 1 1 1 0 0 1 1 0 -193148 133 1 1 2 0 0 1 1 0 -193105 129 1 1 1 0 0 1 1 0 -193144 129 1 1 1 0 0 1 1 0 -193127 18 16 1 2 0 DNS_STRATEGY=0 1 1 0 -193114 21 16 1 2 0 0 1 2 0 -193115 20 16 1 2 0 0 1 2 0 -193129 130 1 1 2 0 0 1 1 0 -118 130 1 1 1 0 0 1 1 0 -193120 129 1 1 2 0 0 1 1 0 -193002 132 1 1 2 0 0 1 1 0 -170485 20 16 1 2 0 0 1 1 0 -193130 18 16 1 2 0 DNS_STRATEGY=0 1 1 0 -192967 143 1 1 1 0 0 1 3 0 diff --git a/test/ntcrule/full/2018-10-09/NTC_UNIVERSAL_IP.0000050997 b/test/ntcrule/full/2018-10-09/NTC_UNIVERSAL_IP.0000050997 deleted file mode 100644 index a18edb6..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_UNIVERSAL_IP.0000050997 +++ /dev/null @@ -1,24 +0,0 @@ -0000000023 -977 962 10.11.36.21/32 0-65535 1 -1000 985 10.11.36.21/32 0-65535 1 -967 950 10.11.36.21/32 0-65535 1 -852 835 ::/128 0-65535 1 -992 977 10.11.36.21/32 0-65535 1 -863 846 0.0.0.0/32 0-65535 1 -849 832 0.0.0.0/32 0-65535 1 -995 980 10.11.36.59/32 0-65535 1 -931 914 10.11.36.21/32 0-65535 1 -739 723 10.11.36.26/32 0-65535 1 -619 603 10.11.36.26/32 0-65535 1 -742 726 10.3.57.1/32 0-65535 1 -938 921 10.11.36.5/32 0-65535 1 -997 982 10.11.36.59/32 0-65535 1 -625 609 10.3.57.1/32 2345-65535 1 -847 830 ::/128 0-65535 1 -865 848 0.0.0.0/32 0-65535 1 -986 971 10.11.36.21/32 0-65535 1 -628 612 10.3.57.1/32 56345-65535 1 -974 959 10.11.36.21/32 0-65535 1 -622 606 10.3.57.1/32 0-65535 1 -867 850 ::/128 0-65535 1 -860 843 ::/128 0-65535 1 \ No newline at end of file diff --git a/test/ntcrule/full/2018-10-09/NTC_UNIVERSAL_PROTO_TYPE.0000050997 b/test/ntcrule/full/2018-10-09/NTC_UNIVERSAL_PROTO_TYPE.0000050997 deleted file mode 100644 index eb47542..0000000 --- a/test/ntcrule/full/2018-10-09/NTC_UNIVERSAL_PROTO_TYPE.0000050997 +++ /dev/null @@ -1,24 +0,0 @@ -0000000023 -939 922 21 1 -978 963 21 1 -743 727 20 1 -968 951 21 1 -996 981 5 1 -853 836 10 1 -629 613 20 1 -620 604 20 1 -626 610 20 1 -998 983 4 1 -864 847 7 1 -932 915 21 1 -987 972 21 1 -866 849 5 1 -861 844 7 1 -740 724 20 1 -993 978 21 1 -848 831 6 1 -1001 986 21 1 -850 833 6 1 -868 851 5 1 -623 607 20 1 -975 960 21 1 diff --git a/test/ntcrule/full/2018-10-09/WHITE_LIST_IP.0000050997 b/test/ntcrule/full/2018-10-09/WHITE_LIST_IP.0000050997 deleted file mode 100644 index 122f93e..0000000 --- a/test/ntcrule/full/2018-10-09/WHITE_LIST_IP.0000050997 +++ /dev/null @@ -1,2 +0,0 @@ -0000000001 -81 81 10.11.36.7/32 22222-65535 1 diff --git a/test/ntcrule/full/2018-10-09/WHITE_LIST_OBJECT.0000050997 b/test/ntcrule/full/2018-10-09/WHITE_LIST_OBJECT.0000050997 deleted file mode 100644 index 6131c1e..0000000 --- a/test/ntcrule/full/2018-10-09/WHITE_LIST_OBJECT.0000050997 +++ /dev/null @@ -1,2 +0,0 @@ -0000000001 -81 128 1 diff --git a/test/ntcrule/full/2018-10-09/WHITE_LIST_RULE.0000050997 b/test/ntcrule/full/2018-10-09/WHITE_LIST_RULE.0000050997 deleted file mode 100644 index 04bbe91..0000000 --- a/test/ntcrule/full/2018-10-09/WHITE_LIST_RULE.0000050997 +++ /dev/null @@ -1,2 +0,0 @@ -0000000001 -128 1 128 1 0 0 0 1 1 0 diff --git a/test/ntcrule/full/index/full_config_index.0000050997 b/test/ntcrule/full/index/full_config_index.0000050997 deleted file mode 100644 index e6de54e..0000000 --- a/test/ntcrule/full/index/full_config_index.0000050997 +++ /dev/null @@ -1,26 +0,0 @@ -APP_RULE 21 ./ntcrule/full/2018-10-09/APP_RULE.0000050997 -APP_OBJECT 37 ./ntcrule/full/2018-10-09/APP_OBJECT.0000050997 -APP_PAYLOAD 1 ./ntcrule/full/2018-10-09/APP_PAYLOAD.0000050997 -APP_POLICY 16 ./ntcrule/full/2018-10-09/APP_POLICY.0000050997 -DDOS_PROTECT_TARGET_IP_CB 1 ./ntcrule/full/2018-10-09/DDOS_PROTECT_TARGET_IP_CB.0000050997 -MM_AV_URL 1 ./ntcrule/full/2018-10-09/MM_AV_URL.0000050997 -MM_RULE 1 ./ntcrule/full/2018-10-09/MM_RULE.0000050997 -MM_OBJECT 1 ./ntcrule/full/2018-10-09/MM_OBJECT.0000050997 -NTC_ASN_IP 1 ./ntcrule/full/2018-10-09/NTC_ASN_IP.0000050997 -NTC_BGP_AS 10 ./ntcrule/full/2018-10-09/NTC_BGP_AS.0000050997 -NTC_RULE 78 ./ntcrule/full/2018-10-09/NTC_RULE.0000050997 -NTC_DNS_FAKE_IP_CB 3 ./ntcrule/full/2018-10-09/NTC_DNS_FAKE_IP_CB.0000050997 -NTC_DNS_REGION 15 ./ntcrule/full/2018-10-09/NTC_DNS_REGION.0000050997 -NTC_DNS_RES_STRATEGY 2 ./ntcrule/full/2018-10-09/NTC_DNS_RES_STRATEGY.0000050997 -NTC_FTP_URL 5 ./ntcrule/full/2018-10-09/NTC_FTP_URL.0000050997 -NTC_OBJECT2RULE 103 ./ntcrule/full/2018-10-09/NTC_OBJECT2RULE.0000050997 -NTC_HTTP_REQ_BODY 4 ./ntcrule/full/2018-10-09/NTC_HTTP_REQ_BODY.0000050997 -NTC_HTTP_RES_BODY 14 ./ntcrule/full/2018-10-09/NTC_HTTP_RES_BODY.0000050997 -NTC_HTTP_URL 9 ./ntcrule/full/2018-10-09/NTC_HTTP_URL.0000050997 -NTC_MAIL_BODY 2 ./ntcrule/full/2018-10-09/NTC_MAIL_BODY.0000050997 -NTC_MAIL_HDR 14 ./ntcrule/full/2018-10-09/NTC_MAIL_HDR.0000050997 -NTC_UNIVERSAL_IP 23 ./ntcrule/full/2018-10-09/NTC_UNIVERSAL_IP.0000050997 -NTC_UNIVERSAL_PROTO_TYPE 23 ./ntcrule/full/2018-10-09/NTC_UNIVERSAL_PROTO_TYPE.0000050997 -WHITE_LIST_RULE 1 ./ntcrule/full/2018-10-09/WHITE_LIST_RULE.0000050997 -WHITE_LIST_OBJECT 1 ./ntcrule/full/2018-10-09/WHITE_LIST_OBJECT.0000050997 -WHITE_LIST_IP 1 ./ntcrule/full/2018-10-09/WHITE_LIST_IP.0000050997 diff --git a/test/table_info.json b/test/table_info.json index 5d0cf68..8681b16 100644 --- a/test/table_info.json +++ b/test/table_info.json @@ -117,8 +117,8 @@ "custom": { "gc_timeout_s":3, "key_type":"pointer", - "key_name":"TODO", - "foreign_names": ["TODO", "TODO"] + "key_name":"uuid", + "foreign_names": ["file1_key", "file2_key"] } }, { @@ -284,10 +284,9 @@ "table_id":66, "table_name":"TEST_IP_PLUGIN_WITH_ADDR_FORMAT", "table_type":"ip_plugin", - "valid_column":5, "custom": { "gc_timeout_s": 3, - "key_name":"TODO" + "key_name":"uuid" } } ] \ No newline at end of file diff --git a/test/test_utils.cpp b/test/test_utils.cpp index 468adcb..37d9d13 100644 --- a/test/test_utils.cpp +++ b/test/test_utils.cpp @@ -4,6 +4,7 @@ #include "maat_table.h" #include "maat_core.h" #include "maat_config_monitor.h" +#include "yyjson/yyjson.h" #include #include @@ -135,40 +136,51 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por } int rule_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, uuid_t rule_uuid, - const char *user_region, struct maat_cmd_condition conditions[], - int condition_num, int expire_after) + enum maat_operation op, const char *rule_uuid_str, + struct maat_cmd_and_condition and_conditions[], + int condition_num, const char *action_para_str, int expire_after) { cJSON *json_root = cJSON_CreateObject(); - char uuid_str[UUID_STR_LEN] = {0}; - uuid_unparse(rule_uuid, uuid_str); - cJSON_AddStringToObject(json_root, "uuid", uuid_str); - cJSON *conditions_array = cJSON_CreateArray(); + cJSON_AddStringToObject(json_root, "uuid", rule_uuid_str); + cJSON *and_conditions_array = cJSON_CreateArray(); for (int i = 0; i < condition_num; i++) { - cJSON *condition = cJSON_CreateObject(); - cJSON_AddStringToObject(condition, "attribute_name", conditions[i].attribute_name); - if (conditions[i].negate_option) { - cJSON_AddStringToObject(condition, "negate_option", "true"); + cJSON *and_condition = cJSON_CreateObject(); + cJSON *or_conditions_array = cJSON_CreateArray(); + for (int j = 0; j < and_conditions[i].or_condition_num; j++) { + cJSON *or_condition = cJSON_CreateObject(); + cJSON *object_uuids_array = cJSON_CreateArray(); + for (int k = 0; k < and_conditions[i].or_conditions[j].object_num; k++) { + cJSON_AddItemToArray(object_uuids_array, cJSON_CreateString(and_conditions[i].or_conditions[j].object_uuids_str[k])); + } + cJSON_AddItemToObject(or_condition, "object_uuids", object_uuids_array); + cJSON_AddStringToObject(or_condition, "attribute_name", and_conditions[i].or_conditions[j].attribute_name); + + cJSON_AddItemToArray(or_conditions_array, or_condition); + } + + cJSON_AddItemToObject(and_condition, "or_conditions", or_conditions_array); + + if (and_conditions[i].negate_option) { + cJSON_AddBoolToObject(and_condition, "negate_option", true); } else { - cJSON_AddStringToObject(condition, "negate_option", "false"); + cJSON_AddBoolToObject(and_condition, "negate_option", false); } - cJSON *object_uuids_array = cJSON_CreateArray(); - for (int j = 0; j < conditions[i].object_num; j++) { - cJSON_AddItemToArray(object_uuids_array, cJSON_CreateString(conditions[i].object_uuids_str[j])); - } - cJSON_AddItemToObject(condition, "object_uuids", object_uuids_array); - cJSON_AddItemToArray(conditions_array, condition); + cJSON_AddItemToArray(and_conditions_array, and_condition); } - cJSON_AddItemToObject(json_root, "conditions", conditions_array); + cJSON_AddItemToObject(json_root, "and_conditions", and_conditions_array); + + if (action_para_str) { + cJSON_AddStringToObject(json_root, "action_parameter", action_para_str); + } char *json_str = cJSON_PrintUnformatted(json_root); struct maat_cmd_line line_rule; - line_rule.rule_uuid_str = uuid_str; + line_rule.rule_uuid_str = rule_uuid_str; line_rule.table_line = json_str; line_rule.table_name = table_name; line_rule.expire_after = expire_after; @@ -181,33 +193,52 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name, return ret; } -#if 0 //TODO -#define TO_OBJECT2X_KEY(object_id, parent_id, condition_index) \ - (((unsigned long)object_id<<32|parent_id) + condition_index) - int object2object_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long object_id, - long long sub_object_id, int expire_after) + enum maat_operation op, const char *object_uuid_str, + const char inc_object_uuid_strs[][UUID_STR_LEN], int inc_object_num, + const char exc_object_uuid_strs[][UUID_STR_LEN], int exc_object_num, int expire_after) { - char table_line[128] = {0}; - sprintf(table_line, "%lld\t%lld\t%s\t%d", object_id, sub_object_id, - "null", op); + cJSON *json_root = cJSON_CreateObject(); + cJSON *inc_object_uuid_str_array = cJSON_CreateArray(); + cJSON *exc_object_uuid_str_array = cJSON_CreateArray(); + + cJSON_AddStringToObject(json_root, "object_uuid", object_uuid_str); + + if (inc_object_num > 0) { + for (int i = 0; i < inc_object_num; i++) { + cJSON_AddItemToArray(inc_object_uuid_str_array, cJSON_CreateString(inc_object_uuid_strs[i])); + } + cJSON_AddItemToObject(json_root, "included_sub_object_uuids", inc_object_uuid_str_array); + } + + if (exc_object_num > 0) { + for (int i = 0; i < exc_object_num; i++) { + cJSON_AddItemToArray(exc_object_uuid_str_array, cJSON_CreateString(exc_object_uuid_strs[i])); + } + cJSON_AddItemToObject(json_root, "excluded_sub_object_uuids", exc_object_uuid_str_array); + } + + char *json_str = cJSON_PrintUnformatted(json_root); struct maat_cmd_line line_rule; - line_rule.rule_id = TO_OBJECT2X_KEY(object_id, sub_object_id, 0); - line_rule.table_line = table_line; + line_rule.rule_uuid_str = object_uuid_str; + line_rule.table_line = json_str; line_rule.table_name = table_name; line_rule.expire_after = expire_after; - return maat_cmd_set_line(maat_inst, &line_rule, op); + int ret = maat_cmd_set_line(maat_inst, &line_rule, op); + free(json_str); + + cJSON_Delete(json_root); + + return ret; } int expr_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long item_id, - long long object_id, const char *keywords, - const char *district, int expr_type, int expire_after) + enum maat_operation op, const char *item_uuid_str, + const char *object_uuid_str, const char *expression, + enum expr_type expr_type, int expire_after) { - char table_line[1024] = {0}; int table_id = maat_get_table_id(maat_inst, table_name); if (table_id < 0) { return 0; @@ -217,24 +248,45 @@ int expr_table_set_line(struct maat *maat_inst, const char *table_name, table_manager_get_table_type(maat_inst->tbl_mgr, table_id); assert(table_type == TABLE_TYPE_EXPR); - - sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d", - item_id, object_id, expr_type, keywords, op);//TODO + cJSON *json_root = cJSON_CreateObject(); + const char *expr_type_str = NULL; + switch (expr_type) { + case EXPR_TYPE_AND: + expr_type_str = "and"; + break; + case EXPR_TYPE_REGEX: + expr_type_str = "regex"; + break; + default: + expr_type_str = "invalid"; + break; + } + + cJSON_AddStringToObject(json_root, "uuid", item_uuid_str); + cJSON_AddStringToObject(json_root, "object_uuid", object_uuid_str); + cJSON_AddStringToObject(json_root, "expression", expression); + cJSON_AddStringToObject(json_root, "expr_type", expr_type_str); + + char *json_str = cJSON_PrintUnformatted(json_root); struct maat_cmd_line line_rule; - line_rule.rule_id = item_id; - line_rule.table_line = table_line; + line_rule.rule_uuid_str = item_uuid_str; + line_rule.table_line = json_str; line_rule.table_name = table_name; line_rule.expire_after = expire_after; - return maat_cmd_set_line(maat_inst, &line_rule, op); + int ret = maat_cmd_set_line(maat_inst, &line_rule, op); + free(json_str); + + cJSON_Delete(json_root); + + return ret; } int interval_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long item_id, long long object_id, - const char *port_str, const char *district, int expire_after) + enum maat_operation op, const char *item_uuid_str, const char *object_uuid_str, + const char *interval_str, int expire_after) { - char table_line[1024] = {0}; int table_id = maat_get_table_id(maat_inst, table_name); if (table_id < 0) { return 0; @@ -244,62 +296,97 @@ int interval_table_set_line(struct maat *maat_inst, const char *table_name, table_manager_get_table_type(maat_inst->tbl_mgr, table_id); assert(table_type == TABLE_TYPE_INTERVAL); - sprintf(table_line, "%lld\t%lld\t%s\t%d", - item_id, object_id, port_str, op);//TODO + cJSON *json_root = cJSON_CreateObject(); + cJSON_AddStringToObject(json_root, "uuid", item_uuid_str); + cJSON_AddStringToObject(json_root, "object_uuid", object_uuid_str); + cJSON_AddStringToObject(json_root, "interval", interval_str); + + char *json_str = cJSON_PrintUnformatted(json_root); struct maat_cmd_line line_rule; - line_rule.rule_id = item_id; - line_rule.table_line = table_line; + line_rule.rule_uuid_str = item_uuid_str; + line_rule.table_line = json_str; line_rule.table_name = table_name; line_rule.expire_after = expire_after; - return maat_cmd_set_line(maat_inst, &line_rule, op); + int ret = maat_cmd_set_line(maat_inst, &line_rule, op); + free(json_str); + + cJSON_Delete(json_root); + + return ret; } int ip_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long item_id, - long long object_id, const char *ip, int expire_after) + enum maat_operation op, const char *item_uuid_str, + const char *object_uuid_str, const char *ip_str, + const char *port_str, int expire_after) { - char table_line[1024] = {0}; int table_id = maat_get_table_id(maat_inst, table_name); if (table_id < 0) { return 0; } - sprintf(table_line, "%lld\t%lld\t%s\t0-65535\t%d", - item_id, object_id, ip, op); + cJSON *json_root = cJSON_CreateObject(); + cJSON_AddStringToObject(json_root, "uuid", item_uuid_str); + cJSON_AddStringToObject(json_root, "object_uuid", object_uuid_str); + cJSON_AddStringToObject(json_root, "ip", ip_str); + if (port_str) { + cJSON_AddStringToObject(json_root, "port", port_str); + } + + char *json_str = cJSON_PrintUnformatted(json_root); struct maat_cmd_line line_rule; - line_rule.rule_id = item_id; - line_rule.table_line = table_line; + line_rule.rule_uuid_str = item_uuid_str; + line_rule.table_line = json_str; line_rule.table_name = table_name; line_rule.expire_after = expire_after; - return maat_cmd_set_line(maat_inst, &line_rule, op); + int ret = maat_cmd_set_line(maat_inst, &line_rule, op); + free(json_str); + + cJSON_Delete(json_root); + + return ret; } + int flag_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long item_id, - long long object_id, long long flag, + enum maat_operation op, const char *item_uuid_str, + const char *object_uuid_str, long long flag, long long flag_mask, int expire_after) { - char table_line[1024] = {0}; int table_id = maat_get_table_id(maat_inst, table_name); if (table_id < 0) { return 0; } - sprintf(table_line, "%lld\t%lld\t%lld\t%lld\t%d", - item_id, object_id, flag, flag_mask, op); + yyjson_mut_doc *doc = yyjson_mut_doc_new(NULL); + yyjson_mut_val *json_root = yyjson_mut_obj(doc); + + yyjson_mut_obj_add_str(doc, json_root, "uuid", item_uuid_str); + yyjson_mut_obj_add_str(doc, json_root, "object_uuid", object_uuid_str); + yyjson_mut_obj_add_int(doc, json_root, "flag", flag); + yyjson_mut_obj_add_int(doc, json_root, "mask", flag_mask); + + yyjson_mut_doc_set_root(doc, json_root); + + char *json_str = yyjson_mut_write(doc, YYJSON_WRITE_NOFLAG, NULL); + struct maat_cmd_line line_rule; - line_rule.rule_id = item_id; - line_rule.table_line = table_line; + line_rule.rule_uuid_str = item_uuid_str; + line_rule.table_line = json_str; line_rule.table_name = table_name; line_rule.expire_after = expire_after; - return maat_cmd_set_line(maat_inst, &line_rule, op); + int ret = maat_cmd_set_line(maat_inst, &line_rule, op); + free(json_str); + + yyjson_mut_doc_free(doc); + + return ret; } -#endif void random_keyword_generate(char *keyword_buf, size_t sz) { diff --git a/test/test_utils.h b/test/test_utils.h index c031465..f5e66c2 100644 --- a/test/test_utils.h +++ b/test/test_utils.h @@ -2,43 +2,51 @@ #include "maat_utils.h" #include "maat_command.h" +#include "maat_expr.h" #include "ip_matcher/ip_matcher.h" -struct maat_cmd_condition { +struct maat_cmd_or_condition { const char *object_uuids_str[8]; int object_num; - int negate_option; const char *attribute_name; }; + +struct maat_cmd_and_condition { + int negate_option; + int or_condition_num; + struct maat_cmd_or_condition or_conditions[8]; +}; + int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_port, int redis_db, struct log_handle *logger); int rule_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, uuid_t rule_uuid, - const char *user_region, struct maat_cmd_condition conditions[], - int condition_num, int expire_after); + enum maat_operation op, const char *rule_uuid_str, + struct maat_cmd_and_condition and_conditions[], + int condition_num, const char *action_para_str, int expire_after); int object2object_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long object_id, - long long sub_object_id, int expire_after); + enum maat_operation op, const char *object_uuid_str, + const char inc_object_uuid_strs[][UUID_STR_LEN], int inc_object_num, + const char exc_object_uuid_strs[][UUID_STR_LEN], int exc_object_num, int expire_after); int expr_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long item_id, - long long object_id, const char *keywords, - const char *district, int expr_type, int expire_after); + enum maat_operation op, const char *item_uuid_str, + const char *object_uuid_str, const char *expression, + enum expr_type expr_type, int expire_after); int interval_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long item_id, - long long object_id, const char *port_str, - const char *district, int expire_after); + enum maat_operation op, const char *item_uuid_str, const char *object_uuid_str, + const char *interval_str, int expire_after); int ip_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long item_id, - long long object_id, const char *ip, int expire_after); + enum maat_operation op, const char *item_uuid_str, + const char *object_uuid_str, const char *ip_str, + const char *port_str, int expire_after); int flag_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long item_id, - long long object_id, long long flag, - long long flag_mask, int expire_after); + enum maat_operation op, const char *item_uuid_str, + const char *object_uuid_str, long long flag, + long long flag_mask, int expire_after); void random_keyword_generate(char *keyword_buf, size_t sz); \ No newline at end of file