fix MaatCmd testcase

src/inc_internal/maat_expr.h

@@ -20,6 +20,13 @@ extern "C"
 #include "maat_table.h"
 #include "cJSON/cJSON.h"
 
+enum expr_type {
+    EXPR_TYPE_INVALID = -1,
+	EXPR_TYPE_AND = 0,
+    EXPR_TYPE_REGEX,
+    EXPR_TYPE_MAX
+};
+
 struct expr_runtime;
 
 void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, 

src/maat_command.c

@@ -323,7 +323,7 @@ error_out:
 int maat_cmd_set_file(struct maat *maat_inst, const char *key,
 					  const char *value, size_t size, enum maat_operation op)
 {
-	redisContext *ctx = maat_inst->opts.redis_ctx.write_ctx;
+	redisContext *ctx = get_redis_ctx_for_write(maat_inst);
 	if (NULL == ctx) {
 		log_fatal(maat_inst->logger, MODULE_MAAT_COMMAND, 
                   "[%s:%d] failed: Redis is not connected.", 

src/maat_expr.c

@@ -39,13 +39,6 @@ struct expr_schema {
     struct table_manager *ref_tbl_mgr;
 };
 
-enum expr_type {
-    EXPR_TYPE_INVALID = -1,
-	EXPR_TYPE_AND = 0,
-    EXPR_TYPE_REGEX,
-    EXPR_TYPE_MAX
-};
-
 enum match_method {
     MATCH_METHOD_SUB = 0,
 	MATCH_METHOD_RIGHT,
@@ -478,8 +471,14 @@ static int expr_keywords_to_expr_pattern(char *keywords, struct expr_pattern *pa
         region_str_len = hex2bin(hex_str_start, strlen(hex_str_start), region_string, region_str_len);
         
         tmp_start_str = str_unescape(tmp_start_str);
-        snprintf(tmp_keywords + pattern_len, MAX_KEYWORDS_STR_LEN - pattern_len, "%s%s", tmp_start_str, region_string);
+        //snprintf(tmp_keywords + pattern_len, MAX_KEYWORDS_STR_LEN - pattern_len, "%s%s", tmp_start_str, region_string);
-        pattern_len = strlen(tmp_keywords);
+        if (pattern_len + strlen(tmp_start_str) + region_str_len > MAX_KEYWORDS_STR_LEN) {
+            return -1;
+        }
+        memcpy(tmp_keywords + pattern_len, tmp_start_str, strlen(tmp_start_str));
+        pattern_len += strlen(tmp_start_str);
+        memcpy(tmp_keywords + pattern_len, region_string, region_str_len);//can't use strcpy cause region_string is from hexbin and may contain '\0'
+        pattern_len += region_str_len;
 
         if (region_string != NULL) {
             FREE(region_string);
@@ -490,6 +489,9 @@ static int expr_keywords_to_expr_pattern(char *keywords, struct expr_pattern *pa
     }
     if (tmp_end_str != NULL && tmp_end_str[0] != '\0') {
         tmp_end_str = str_unescape(tmp_end_str);
+        if (pattern_len + strlen(tmp_start_str) + strlen(tmp_end_str) > MAX_KEYWORDS_STR_LEN) {
+            return -1;
+        }
         snprintf(tmp_keywords + pattern_len, MAX_KEYWORDS_STR_LEN - pattern_len, "%s%s", tmp_start_str, tmp_end_str);
         pattern_len = strlen(tmp_keywords);
     }

src/maat_redis_monitor.c

@@ -70,17 +70,17 @@ get_foregin_keys(struct serial_rule *p_rule, char foreign_names[][MAX_FOREIGN_NA
 	int foreign_key_size = 0;
 	p_rule->f_keys = ALLOC(struct foreign_key, n_foreign);
 
+	cJSON *json = cJSON_Parse(p_rule->table_line);
+	if (json == NULL) {
+		log_fatal(logger, MODULE_REDIS_MONITOR, 
+					"[%s:%d] Get %s,%s foreign key failed: "
+					"Invalid table line", __FUNCTION__, __LINE__,
+					p_rule->table_name, p_rule->rule_uuid_str);
+		return;
+	}
+
 	for (int i = 0; i < n_foreign; i++) {
 		const char *p_foreign_name = foreign_names[i];
-		cJSON *json = cJSON_Parse(p_rule->table_line);
-
-		if (json == NULL) {
-			log_fatal(logger, MODULE_REDIS_MONITOR, 
-					  "[%s:%d] Get %s,%s foreign key failed: "
-					  "Invalid table line", __FUNCTION__, __LINE__,
-					  p_rule->table_name, p_rule->rule_uuid_str);
-			continue;
-		}
 
 		cJSON *item = cJSON_GetObjectItem(json, p_foreign_name);
 		if (item == NULL || item->type != cJSON_String) {
@@ -129,6 +129,8 @@ get_foregin_keys(struct serial_rule *p_rule, char foreign_names[][MAX_FOREIGN_NA
 		p_rule->n_foreign++;
 	}
 
+	cJSON_Delete(json);
+
 	if (0 == p_rule->n_foreign) {
 		FREE(p_rule->f_keys);
 	}

test/CMakeLists.txt

@@ -43,12 +43,10 @@ target_link_libraries(maat_framework_gtest maat_frame_static gtest_static)
 
 configure_file(table_info.json table_info.json COPYONLY)
 configure_file(tsg_table_info.json tsg_table_info.json COPYONLY)
-configure_file(file_test_tableinfo.json file_test_tableinfo.json COPYONLY)
 configure_file(expr_matcher.json expr_matcher.json COPYONLY)
 configure_file(maat_json.json maat_json.json COPYONLY)
 configure_file(regex_expr.json regex_expr.json COPYONLY)
 
-file(COPY ntcrule DESTINATION ./)
 file(COPY tsgrule DESTINATION ./)
 file(COPY testdata DESTINATION ./)
 file(COPY test_streamfiles DESTINATION ./)

test/file_test_tableinfo.json

@@ -1,201 +0,0 @@
-[
-    {
-        "table_id":0,
-        "table_name": "NTC_RULE",
-        "table_type":"rule",
-        "valid_column":8,
-        "custom": {
-            "rule_id":1,
-            "tags":6,
-            "condition_num":9
-        }
-    },
-    {
-        "table_id":1,
-        "table_name": "WHITE_LIST_RULE",
-        "table_type":"rule",
-        "valid_column":8,
-        "custom": {
-            "rule_id":1,
-            "tags":6,
-            "condition_num":9
-        }
-    },
-    {
-        "table_id":2,
-        "table_name": "FILE_RULE",
-        "db_tables": ["NTC_RULE", "WHITE_LIST_RULE"],
-        "default_rule_table":2,
-        "table_type":"rule",
-        "valid_column":8,
-        "custom": {
-            "rule_id":1,
-            "tags":6,
-            "condition_num":9
-        }
-    },
-    {
-        "table_id":3,
-        "table_name":"NTC_OBJECT2OBJECT",
-        "table_type":"object2object",
-        "valid_column":4,
-        "custom": {
-            "object_id":1,
-            "included_sub_object_ids":2,
-            "excluded_sub_object_ids":3
-        }
-    },
-    {
-        "table_id":4,
-        "table_name":"NTC_OBJECT2RULE",
-        "table_type":"object2rule",
-        "associated_rule_table_id":2,
-        "valid_column":3,
-        "custom": {
-            "object_id":1,
-            "rule_id":2,
-            "negate_option":4,
-            "attribute_name":5,
-            "condition_index":6
-        }
-    },
-    {
-        "table_id":5,
-        "table_name":"NTC_UNIVERSAL_IP",
-        "table_type":"ip",
-        "valid_column":5,
-        "custom": {
-            "item_id":1,
-            "object_id":2,
-            "ip":3,
-            "port":4
-        }
-    },
-    {
-        "table_id":6,
-        "table_name":"NTC_UNIVERSAL_PROTO_TYPE",
-        "table_type":"interval",
-        "valid_column":4,
-        "custom": {
-            "item_id":1,
-            "object_id":2,
-            "interval":3
-        }
-    },
-    {
-        "table_id":7,
-        "table_name":"WHITE_LIST_IP",
-        "table_type":"ip",
-        "valid_column":5,
-        "custom": {
-            "item_id":1,
-            "object_id":2,
-            "ip":3,
-            "port":4
-        }
-    },
-    {
-        "table_id":8,
-        "table_name":"FILE_HTTP_URL",
-        "db_tables": ["NTC_HTTP_URL", "WHITE_LIST_DOMAIN"],
-        "table_type":"expr",
-        "valid_column":7,
-        "custom": {
-            "item_id":1,
-            "object_id":2,
-            "keywords":3,
-            "expr_type":4,
-            "match_method":5,
-            "is_hexbin":6
-        }
-    },
-    {
-        "table_id":9,
-        "table_name":"FILE_HTTP_HDR_REGION",
-        "db_tables":["NTC_HTTP_REQ_HDR", "NTC_HTTP_RES_HDR"],
-        "table_type":"expr_plus",
-        "valid_column":8,
-        "custom": {
-            "item_id":1,
-            "object_id":2,
-            "district":3,
-            "keywords":4,
-            "expr_type":5,
-            "match_method":6,
-            "is_hexbin":7
-        }
-    },
-    {
-        "table_id":10,
-        "table_name":"FILE_HTTP_BODY_REGION",
-        "db_tables":["NTC_HTTP_REQ_BODY", "NTC_HTTP_RES_BODY"],
-        "table_type":"expr",
-        "valid_column":7,
-        "custom": {
-            "item_id":1,
-            "object_id":2,
-            "keywords":3,
-            "expr_type":4,
-            "match_method":5,
-            "is_hexbin":6
-        }
-    },
-    {
-        "table_id":11,
-        "table_name":"NTC_MAIL_HDR",
-        "table_type":"expr_plus",
-        "valid_column":8,
-        "custom": {
-            "item_id":1,
-            "object_id":2,
-            "district":3,
-            "keywords":4,
-            "expr_type":5,
-            "match_method":6,
-            "is_hexbin":7
-        }
-    },
-    {
-        "table_id":12,
-        "table_name":"NTC_MAIL_BODY",
-        "table_type":"expr_plus",
-        "valid_column":8,
-        "custom": {
-            "item_id":1,
-            "object_id":2,
-            "district":3,
-            "keywords":4,
-            "expr_type":5,
-            "match_method":6,
-            "is_hexbin":7
-        }
-    },
-    {
-        "table_id":13,
-        "table_name":"NTC_FTP_URL",
-        "table_type":"expr",
-        "valid_column":7,
-        "custom": {
-            "item_id":1,
-            "object_id":2,
-            "keywords":3,
-            "expr_type":4,
-            "match_method":5,
-            "is_hexbin":6
-        }
-    },
-    {
-        "table_id":14,
-        "table_name":"NTC_FTP_CONTENT",
-        "table_type":"expr",
-        "valid_column":7,
-        "custom": {
-            "item_id":1,
-            "object_id":2,
-            "keywords":3,
-            "expr_type":4,
-            "match_method":5,
-            "is_hexbin":6
-        }
-    }
-]

test/maat_json.json

@@ -4148,6 +4148,60 @@
 					]
 				}
 			]
+		},
+		{
+			"uuid": "00000000-0000-0000-0000-000000000237",
+			"service": 0,
+			"action": 0,
+			"do_blacklist": 0,
+			"do_log": 0,
+			"action_parameter": "FileTest.StreamFiles",
+			"is_valid": "yes",
+			"and_conditions": [
+				{
+					"attribute_name": "KEYWORDS_TABLE",
+					"objects": [
+						{
+							"object_name": "236_keywords_object",
+							"uuid": "00000000-0000-0000-0000-000000000262",
+							"items": [
+								{
+									"table_type": "expr",
+									"table_name": "KEYWORDS_TABLE",
+									"table_content": {
+										"expression": "处女座从学习寻找自我",
+										"expr_type": "and"
+									}
+								},
+								{
+									"table_type": "expr",
+									"table_name": "KEYWORDS_TABLE",
+									"table_content": {
+										"expression": "亦庄",
+										"expr_type": "and"
+									}
+								},
+								{
+									"table_type": "expr",
+									"table_name": "KEYWORDS_TABLE",
+									"table_content": {
+										"expression": "金牛座&стейк&Taurus",
+										"expr_type": "and"
+									}
+								},
+								{
+									"table_type": "expr",
+									"table_name": "KEYWORDS_TABLE",
+									"table_content": {
+										"expression": "王守仁",
+										"expr_type": "and"
+									}
+								}
+							]
+						}
+					]
+				}
+			]
 		}
 	],
 	"plugin_table": [

test/ntcrule/full/2018-10-09/APP_OBJECT.0000050997

@@ -1,38 +0,0 @@
-0000000037
-922	193172	1
-199	233	1
-986	193240	1
-570	170503	1
-571	170502	1
-799	193069	1
-573	170504	1
-783	193059	1
-958	193212	1
-984	193240	1
-976	193235	1
-971	193228	1
-964	193218	1
-978	193235	1
-961	193214	1
-950	193198	1
-959	193212	1
-575	170506	1
-970	193228	1
-568	170500	1
-574	170507	1
-963	193214	1
-985	193240	1
-949	193198	1
-972	193228	1
-962	193214	1
-914	193169	1
-913	193169	1
-960	193212	1
-915	193169	1
-567	170501	1
-921	193172	1
-977	193235	1
-13	14	1
-951	193198	1
-572	170505	1
-920	193172	1

test/ntcrule/full/2018-10-09/APP_PAYLOAD.0000050997

@@ -1,2 +0,0 @@
-0000000001
-979	964	L2_header	c4b8b44a1fce246e96c98a800800	0	0	1	1

test/ntcrule/full/2018-10-09/APP_POLICY.0000050997

@@ -1,17 +0,0 @@
-0000000016
-590	574	PROTO_ID=19&BEHAV_ID=2	1	0	0	1
-584	568	PROTO_ID=61&BEHAV_ID=1	1	0	0	1
-966	949	PROTO_ID=8	0	0	0	1
-937	920	PROTO_ID=16	0	0	0	1
-586	570	PROTO_ID=15&BEHAV_ID=2	1	0	0	1
-591	575	PROTO_ID=19&BEHAV_ID=1	1	0	0	1
-999	984	PROTO_ID=16	0	0	0	1
-587	571	PROTO_ID=15&BEHAV_ID=1	1	0	0	1
-991	976	PROTO_ID=5	0	0	0	1
-589	573	PROTO_ID=13&BEHAV_ID=1	1	0	0	1
-930	913	PROTO_ID=8	0	0	0	1
-985	970	PROTO_ID=18	0	0	0	1
-973	958	PROTO_ID=24	0	0	0	1
-976	961	PROTO_ID=12	0	0	0	1
-583	567	PROTO_ID=61&BEHAV_ID=2	1	0	0	1
-588	572	PROTO_ID=13&BEHAV_ID=2	1	0	0	1

test/ntcrule/full/2018-10-09/APP_RULE.0000050997

@@ -1,22 +0,0 @@
-0000000021
-193214	35	16	1	1	0	PROTO_ID=12	1	3	0
-193198	35	16	1	1	0	PROTO_ID=8	1	3	0
-193240	35	16	1	1	0	PROTO_ID=16	1	3	0
-193069	1152	1	1	1	0	DOMAIN_ID=46002	1	1	0
-193172	35	16	1	2	0	PROTO_ID=16	1	3	0
-193212	35	16	1	1	0	PROTO_ID=24	1	3	0
-193169	35	16	1	2	0	PROTO_ID=8	1	3	0
-193235	35	16	1	1	0	PROTO_ID=5	1	3	0
-193059	1028	1	1	1	0	APP_ID=90001	1	1	0
-170505	36	16	1	1	0	PROTO_ID=13;BEHAV_ID=2	1	1	0
-193218	1025	1	1	1	0	APP_ID=90001	1	1	0
-170507	36	16	1	1	0	PROTO_ID=19;BEHAV_ID=2	1	1	0
-170500	36	16	1	1	0	PROTO_ID=61;BEHAV_ID=1	1	1	0
-14	1028	1	1	1	0	APP_ID=103301	1	1	0
-193228	35	16	1	1	0	PROTO_ID=18	1	3	0
-170503	36	16	1	1	0	PROTO_ID=15;BEHAV_ID=2	1	1	0
-170502	36	16	1	1	0	PROTO_ID=15;BEHAV_ID=1	1	1	0
-170504	36	16	1	1	0	PROTO_ID=13;BEHAV_ID=1	1	1	0
-170506	36	16	1	1	0	PROTO_ID=19;BEHAV_ID=1	1	1	0
-233	1028	1	1	1	0	APP_ID=102501	1	1	0
-170501	36	16	1	1	0	PROTO_ID=61;BEHAV_ID=2	1	1	0

test/ntcrule/full/2018-10-09/DDOS_PROTECT_TARGET_IP_CB.0000050997

@@ -1,2 +0,0 @@
-0000000001
-270	0	4	0.0.0.0	255.255.255.255	0	65535	127.127.127.127	255.255.255.255	127	65535	6	0	1	32	5

test/ntcrule/full/2018-10-09/MM_AV_URL.0000050997

@@ -1,2 +0,0 @@
-0000000001
-10	10	www.sohu.com	0	0	0	1

test/ntcrule/full/2018-10-09/MM_OBJECT.0000050997

@@ -1,2 +0,0 @@
-0000000001
-10	5	1

test/ntcrule/full/2018-10-09/MM_RULE.0000050997

@@ -1,2 +0,0 @@
-0000000001
-5	272	16	1	2	0	0	1	1	0

test/ntcrule/full/2018-10-09/NTC_ASN_IP.0000050997

@@ -1,2 +0,0 @@
-0000000001
-958	941	4	0.0.0.0	255.255.255.255	0	65535	0.0.0.1	255.255.255.255	0	65535	0	0	1

test/ntcrule/full/2018-10-09/NTC_BGP_AS.0000050997

@@ -1,11 +0,0 @@
-0000000010
-621	605	100	0	3	0	1
-741	725	100	0	3	0	1
-744	728	100	0	3	0	1
-630	614	100	0	3	0	1
-627	611	100	0	3	0	1
-20	20	90	0	3	0	1
-614	598	100	0	3	0	1
-631	615	100	0	3	0	1
-624	608	100	0	3	0	1
-422	409	110	0	3	0	1

test/ntcrule/full/2018-10-09/NTC_DNS_FAKE_IP_CB.0000050997

@@ -1,4 +0,0 @@
-0000000003
-9	0	4	0.0.0.0	255.255.255.255	0	65535	11.11.11.11	255.255.255.255	0	65535	0	0	1	64
-10	133	4	0.0.0.0	255.255.255.255	0	65535	22.22.22.22	255.255.255.255	0	65535	0	0	1	64
-193104	0	6	::	FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF	0	65535	fe80::6770:f9e7:add5:ed1c	FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF	0	65535	0	0	1	64

test/ntcrule/full/2018-10-09/NTC_DNS_REGION.0000050997

@@ -1,16 +0,0 @@
-0000000015
-886	869	QNAME	www.bing.com	0	0	0	1
-68	68	QNAME	book.qq.com	0	0	0	1
-885	868	QNAME	www.bing.com	0	0	0	1
-67	67	QNAME	www.cz88.net	0	0	0	1
-883	866	QNAME	youdao.com	0	0	0	1
-881	864	QNAME	hk.entertainment.appledaily.com	0	0	0	1
-884	867	QNAME	www.sina.com	0	0	0	1
-70	70	QNAME	chuangshi.qq.com	0	0	0	1
-445	431	QNAME	finance.eastmoney.com	0	0	0	1
-8	8	QNAME	www.sina.com	0	0	0	1
-66	66	QNAME	www.ip138.com	0	0	0	1
-7	7	QNAME	www.sohu.com	0	0	0	1
-446	432	QNAME	stock.eastmoney.com	0	0	0	1
-882	865	QNAME	youdao.com	0	0	0	1
-880	863	QNAME	hk.entertainment.appledaily.com	0	0	0	1

test/ntcrule/full/2018-10-09/NTC_DNS_RES_STRATEGY.0000050997

@@ -1,3 +0,0 @@
-0000000002
-8	101	dns_response1_policy	133	1	0	0	0	0	0	0	0	0	10	30	1	65
-193222	105	STRATEGY_NAME	143	89	0	0	0	0	0	0	0	0	12	24	1	65

test/ntcrule/full/2018-10-09/NTC_FTP_URL.0000050997

@@ -1,6 +0,0 @@
-0000000005
-902	885	blockchain	0	0	0	1
-901	884	aaaftpbbbtestccc	0	0	0	1
-879	862	斩首	0	0	0	1
-903	886	movie	0	0	0	1
-900	883	blockchain_guide	0	0	0	1

test/ntcrule/full/2018-10-09/NTC_HTTP_REQ_BODY.0000050997

@@ -1,5 +0,0 @@
-0000000004
-1009	994	处女座从学习寻找自我	0	0	0	1
-856	839	亦庄	0	0	0	1
-1036	1021	金牛座&стейк&Taurus	1	0	0	1
-908	891	王守仁	0	0	0	1

test/ntcrule/full/2018-10-09/NTC_HTTP_RES_BODY.0000050997

@@ -1,15 +0,0 @@
-0000000014
-845	828	girls	0	0	0	1
-851	834	冰毒	0	0	0	1
-857	840	冰糖	0	0	0	1
-872	855	钓鱼	0	0	0	1
-873	856	zmtests	0	0	0	1
-878	861	斩首	0	0	0	1
-907	890	2018-10-05	0	0	0	1
-1006	991	李白	0	0	0	1
-897	880	zmtests	0	0	0	1
-890	873	zmtests	0	0	0	1
-898	881	功能测试	0	0	0	1
-871	854	春眠	0	0	0	1
-892	875	girl	0	0	0	1
-844	827	girl&is&can&a	1	0	0	1

test/ntcrule/full/2018-10-09/NTC_HTTP_URL.0000050997

@@ -1,10 +0,0 @@
-0000000009
-636	620	www.chinaso.com	0	0	0	1
-855	838	www.chinaso.com	0	0	0	1
-862	845	192.168.17.7:8080/website1/index.html	0	0	0	1
-936	919	www.v6test.com	0	0	0	1
-994	979	www.chinaso.com/search/pagesearch.htm?q	0	0	0	1
-854	837	www.bing.com	0	0	0	1
-893	876	www.arocmag.com	0	0	0	1
-1008	993	astro.sina.com.cn/l/2013-05-24/101093841.shtml	0	0	0	1
-1035	1020	www.chinaso.com	0	0	0	1

test/ntcrule/full/2018-10-09/NTC_MAIL_BODY.0000050997

@@ -1,3 +0,0 @@
-0000000002
-663	647	Content	shell	0	0	0	1
-640	624	Content	shell	0	0	0	1

test/ntcrule/full/2018-10-09/NTC_MAIL_HDR.0000050997

@@ -1,15 +0,0 @@
-0000000014
-641	625	From	@126.com	0	0	0	1
-565	549	Subject	sports	0	0	0	1
-666	650	From	whale	0	0	0	1
-823	806	From	gov.com	0	0	0	1
-833	816	From	hu_kwei@zmtests.com	0	0	0	1
-639	623	From	whale	0	0	0	1
-566	550	Subject	blogger	0	0	0	1
-822	805	From	ungov.com	0	0	0	1
-567	551	Subject	music	0	0	0	1
-664	648	To	hasake	0	0	0	1
-837	820	To	hu_kwei@zmtests.com	0	0	0	1
-1049	1034	From	ntc_test123@163.com	0	0	0	1
-665	649	From	whale	0	0	0	1
-846	829	From	@126.com	0	0	0	1

test/ntcrule/full/2018-10-09/NTC_OBJECT2RULE.0000050997

@@ -1,105 +0,0 @@
-0000000103
-828	193099	1	0	null	1
-648	192999	1	0	null	1
-869	193126	1	0	null	1
-847	193114	1	0	null	1
-620	192973	1	0	null	1
-834	193105	1	0	null	1
-551	170487	1	0	null	1
-836	193106	1	0	null	1
-723	193040	1	0	null	1
-867	193128	1	0	null	1
-607	192965	1	0	null	1
-624	192976	1	0	null	1
-991	193252	1	0	null	1
-827	193098	1	0	null	1
-861	193133	1	0	null	1
-843	193112	1	0	null	1
-854	193119	1	0	null	1
-611	192967	1	0	null	1
-890	193154	1	0	null	1
-728	193039	1	0	null	1
-980	193237	1	0	null	1
-849	193115	1	0	null	1
-806	193076	1	0	null	1
-820	193091	1	0	null	1
-8	11	1    	0	null	1
-845	193113	1	0	null	1
-66	118	1    	0	null	1
-614	192966	1	0	null	1
-610	192967	1	0	null	1
-612	192966	1	0	null	1
-855	193120	1	0	null	1
-982	193236	1	0	null	1
-884	193148	1	0	null	1
-70	121	1    	0	null	1
-831	193102	1	0	null	1
-856	193121	1	0	null	1
-881	193145	1	0	null	1
-838	193108	1	0	null	1
-873	193138	1	0	null	1
-851	193116	1	0	null	1
-623	192976	1	0	null	1
-68	120	1    	0	null	1
-605	192960	1	0	null	1
-983	193236	1	0	null	1
-993	193258	1	0	null	1
-979	193234	1	0	null	1
-816	193088	1	0	null	1
-7	12	1    	0	null	1
-603	192960	1	0	null	1
-981	193237	1	0	null	1
-431	170435	1	0	null	1
-846	193114	1	0	null	1
-550	170486	1	0	null	1
-649	192977	1	0	null	1
-919	193171	1	0	null	1
-864	193131	1	0	null	1
-20	32	1    	0	null	1
-865	193130	1	0	null	1
-724	193040	1	0	null	1
-1021	19328	0	null	19	1
-829	193101	1	0	null	1
-868	193127	1	0	null	1
-805	193077	1	0	null	1
-613	192966	1	0	null	1
-883	193147	1	0	null	1
-647	193000	1	0	null	1
-726	193039	1	0	null	1
-862	193134	1	0	null	1
-994	193258	1	0	null	1
-549	170485	1	0	null	1
-837	193107	1	0	null	1
-863	193132	1	0	null	1
-727	193039	1	0	null	1
-409	441	1    	0	null	1
-833	193103	1	0	null	1
-608	192965	1	0	null	1
-650	193002	1	0	null	1
-844	193112	1	0	null	1
-625	192978	1	0	null	1
-432	170436	1	0	null	1
-67	116	1    	0	null	1
-891	193155	1	0	null	1
-598	192959	1	0	null	1
-850	193116	1	0	null	1
-609	192967	1	0	null	1
-835	193106	1	0	null	1
-885	193149	1	0	null	1
-725	193040	1	0	null	1
-615	192968	1	0	null	1
-886	193150	1	0	null	1
-880	193144	1	0	null	1
-606	192965	1	0	null	1
-876	193140	1	0	null	1
-1034	19329	0	null	14	1
-840	193110	1	0	null	1
-839	193108	1	0	null	1
-832	193103	1	0	null	1
-1020	19328	0	null	19	1
-866	193129	1	0	null	1
-604	192960	1	0	null	1
-830	193102	1	0	null	1
-875	193139	1	0	null	1
-848	193115	1	0	null	1
-             	0	null	1

test/ntcrule/full/2018-10-09/NTC_RULE.0000050997

@@ -1,79 +0,0 @@
-0000000078
-193131	130	1	1	2	0	0	1	1	0
-192977	132	1	1	2	0	0	1	1	0
-193147	133	1	1	2	0	0	1	1	0
-193138	129	1	1	1	0	0	1	1	0
-193234	129	1	1	1	0	0	1	1	0
-193119	129	1	1	1	0	0	1	1	0
-193000	132	1	1	2	0	0	1	1	0
-193155	17	16	1	2	0	0	1	1	0
-193252	129	1	1	1	0	0	1	1	0
-193128	130	1	1	2	0	0	1	1	0
-192973	129	1	1	1	0	0	1	1	0
-193091	132	1	1	1	0	0	1	1	0
-170486	20	16	1	2	0	0	1	1	0
-193132	18	16	1	2	0	DNS_STRATEGY=0	1	1	0
-193140	129	1	1	2	0	0	1	1	0
-192968	31	16	1	2	0	0	1	1	0
-192978	132	1	1	1	0	0	1	1	0
-193236	129	1	1	1	0	0	1	2	0
-193289	129	1	1	1	0	0	1	2	0
-193107	129	1	1	1	0	0	1	1	0
-121	18	16	1	1	0	DNS_STRATEGY=0	1	1	0
-192959	143	1	1	1	0	0	1	1	0
-193126	130	1	1	2	0	0	1	1	0
-193110	129	1	1	1	0	0	1	1	0
-193294	20	16	1	1	0	0	1	1	0
-170435	130	1	1	2	0	0	1	1	0
-193076	132	1	1	1	0	0	1	1	0
-193077	132	1	1	1	0	0	1	1	0
-193121	129	1	1	1	0	0	1	1	0
-192999	132	1	1	2	0	0	1	1	0
-193139	129	1	1	2	0	0	1	1	0
-193237	132	1	1	1	0	0	1	2	0
-193258	129	1	1	1	0	0	1	2	0
-116	130	1	1	1	0	0	1	1	0
-32	143	1	1	2	0	0	1	1	0
-120	18	16	1	1	0	DNS_STRATEGY=0	1	1	0
-193133	129	1	1	1	0	0	1	1	0
-193088	132	1	1	1	0	0	1	1	0
-193149	21	16	1	2	0	0	1	1	0
-193098	129	1	1	2	0	0	1	1	0
-193102	18	16	1	2	0	DNS_STRATEGY=0	1	2	0
-12	18	16	1	2	0	DNS_STRATEGY=101	1	1	0
-193099	129	1	1	1	0	0	1	1	0
-193145	129	1	1	1	0	0	1	1	0
-193134	133	1	1	1	0	0	1	1	0
-193039	31	16	1	1	0	0	1	3	0
-193112	21	16	1	2	0	0	1	2	0
-170436	18	16	1	2	0	DNS_STRATEGY=0	1	1	0
-11	18	16	1	2	0	DNS_STRATEGY=0	1	1	0
-192965	143	1	1	1	0	0	1	3	0
-441	143	1	1	2	0	0	1	1	0
-193101	132	1	1	1	0	0	1	1	0
-193040	31	16	1	1	0	0	1	3	0
-193108	129	1	1	1	0	0	1	2	0
-193150	133	1	1	1	0	0	1	1	0
-192976	132	1	1	2	0	0	1	2	0
-193171	17	16	1	2	0	0	1	1	0
-192960	143	1	1	1	0	0	1	3	0
-193116	20	16	1	2	0	0	1	2	0
-192966	143	1	1	1	0	0	1	3	0
-193103	18	16	1	2	0	DNS_STRATEGY=0	1	2	0
-193106	19	16	1	2	0	0	1	2	0
-193154	129	1	1	2	0	0	1	1	0
-170487	20	16	1	2	0	0	1	1	0
-193113	129	1	1	1	0	0	1	1	0
-193148	133	1	1	2	0	0	1	1	0
-193105	129	1	1	1	0	0	1	1	0
-193144	129	1	1	1	0	0	1	1	0
-193127	18	16	1	2	0	DNS_STRATEGY=0	1	1	0
-193114	21	16	1	2	0	0	1	2	0
-193115	20	16	1	2	0	0	1	2	0
-193129	130	1	1	2	0	0	1	1	0
-118	130	1	1	1	0	0	1	1	0
-193120	129	1	1	2	0	0	1	1	0
-193002	132	1	1	2	0	0	1	1	0
-170485	20	16	1	2	0	0	1	1	0
-193130	18	16	1	2	0	DNS_STRATEGY=0	1	1	0
-192967	143	1	1	1	0	0	1	3	0

test/ntcrule/full/2018-10-09/NTC_UNIVERSAL_IP.0000050997

@@ -1,24 +0,0 @@
-0000000023
-977 962 10.11.36.21/32   0-65535    1
-1000    985 10.11.36.21/32  0-65535 1
-967 950 10.11.36.21/32  0-65535 1
-852 835 ::/128  0-65535 1
-992	977 10.11.36.21/32  0-65535 1
-863	846 0.0.0.0/32  0-65535 1
-849	832 0.0.0.0/32  0-65535 1
-995	980 10.11.36.59/32  0-65535 1
-931	914 10.11.36.21/32  0-65535 1
-739	723 10.11.36.26/32  0-65535 1
-619	603 10.11.36.26/32  0-65535 1
-742	726 10.3.57.1/32    0-65535 1
-938	921 10.11.36.5/32   0-65535 1
-997	982 10.11.36.59/32  0-65535 1
-625	609 10.3.57.1/32    2345-65535  1
-847	830 ::/128  0-65535 1
-865	848 0.0.0.0/32  0-65535 1
-986	971 10.11.36.21/32  0-65535 1
-628	612 10.3.57.1/32    56345-65535 1
-974	959 10.11.36.21/32  0-65535 1
-622	606 10.3.57.1/32    0-65535 1
-867	850 ::/128  0-65535 1
-860	843 ::/128  0-65535 1

test/ntcrule/full/2018-10-09/NTC_UNIVERSAL_PROTO_TYPE.0000050997

@@ -1,24 +0,0 @@
-0000000023
-939	922	21	1
-978	963	21	1
-743	727	20	1
-968	951	21	1
-996	981	5	1
-853	836	10	1
-629	613	20	1
-620	604	20	1
-626	610	20	1
-998	983	4	1
-864	847	7	1
-932	915	21	1
-987	972	21	1
-866	849	5	1
-861	844	7	1
-740	724	20	1
-993	978	21	1
-848	831	6	1
-1001	986	21	1
-850	833	6	1
-868	851	5	1
-623	607	20	1
-975	960	21	1

test/ntcrule/full/2018-10-09/WHITE_LIST_IP.0000050997

@@ -1,2 +0,0 @@
-0000000001
-81	81  10.11.36.7/32   22222-65535 1

test/ntcrule/full/2018-10-09/WHITE_LIST_OBJECT.0000050997

@@ -1,2 +0,0 @@
-0000000001
-81	128	1

test/ntcrule/full/2018-10-09/WHITE_LIST_RULE.0000050997

@@ -1,2 +0,0 @@
-0000000001
-128	1	128	1	0	0	0	1	1	0

test/ntcrule/full/index/full_config_index.0000050997

@@ -1,26 +0,0 @@
-APP_RULE	21	./ntcrule/full/2018-10-09/APP_RULE.0000050997
-APP_OBJECT	37	./ntcrule/full/2018-10-09/APP_OBJECT.0000050997
-APP_PAYLOAD	1	./ntcrule/full/2018-10-09/APP_PAYLOAD.0000050997
-APP_POLICY	16	./ntcrule/full/2018-10-09/APP_POLICY.0000050997
-DDOS_PROTECT_TARGET_IP_CB	1	./ntcrule/full/2018-10-09/DDOS_PROTECT_TARGET_IP_CB.0000050997
-MM_AV_URL	1	./ntcrule/full/2018-10-09/MM_AV_URL.0000050997
-MM_RULE	1	./ntcrule/full/2018-10-09/MM_RULE.0000050997
-MM_OBJECT	1	./ntcrule/full/2018-10-09/MM_OBJECT.0000050997
-NTC_ASN_IP	1	./ntcrule/full/2018-10-09/NTC_ASN_IP.0000050997
-NTC_BGP_AS	10	./ntcrule/full/2018-10-09/NTC_BGP_AS.0000050997
-NTC_RULE	78	./ntcrule/full/2018-10-09/NTC_RULE.0000050997
-NTC_DNS_FAKE_IP_CB	3	./ntcrule/full/2018-10-09/NTC_DNS_FAKE_IP_CB.0000050997
-NTC_DNS_REGION	15	./ntcrule/full/2018-10-09/NTC_DNS_REGION.0000050997
-NTC_DNS_RES_STRATEGY	2	./ntcrule/full/2018-10-09/NTC_DNS_RES_STRATEGY.0000050997
-NTC_FTP_URL	5	./ntcrule/full/2018-10-09/NTC_FTP_URL.0000050997
-NTC_OBJECT2RULE	103	./ntcrule/full/2018-10-09/NTC_OBJECT2RULE.0000050997
-NTC_HTTP_REQ_BODY	4	./ntcrule/full/2018-10-09/NTC_HTTP_REQ_BODY.0000050997
-NTC_HTTP_RES_BODY	14	./ntcrule/full/2018-10-09/NTC_HTTP_RES_BODY.0000050997
-NTC_HTTP_URL	9	./ntcrule/full/2018-10-09/NTC_HTTP_URL.0000050997
-NTC_MAIL_BODY	2	./ntcrule/full/2018-10-09/NTC_MAIL_BODY.0000050997
-NTC_MAIL_HDR	14	./ntcrule/full/2018-10-09/NTC_MAIL_HDR.0000050997
-NTC_UNIVERSAL_IP	23	./ntcrule/full/2018-10-09/NTC_UNIVERSAL_IP.0000050997
-NTC_UNIVERSAL_PROTO_TYPE	23	./ntcrule/full/2018-10-09/NTC_UNIVERSAL_PROTO_TYPE.0000050997
-WHITE_LIST_RULE	1	./ntcrule/full/2018-10-09/WHITE_LIST_RULE.0000050997
-WHITE_LIST_OBJECT	1	./ntcrule/full/2018-10-09/WHITE_LIST_OBJECT.0000050997
-WHITE_LIST_IP	1	./ntcrule/full/2018-10-09/WHITE_LIST_IP.0000050997

test/table_info.json

@@ -117,8 +117,8 @@
         "custom": {
             "gc_timeout_s":3,
             "key_type":"pointer",
-            "key_name":"TODO",
+            "key_name":"uuid",
-            "foreign_names": ["TODO", "TODO"]
+            "foreign_names": ["file1_key", "file2_key"]
         }
     },
     {
@@ -284,10 +284,9 @@
         "table_id":66,
         "table_name":"TEST_IP_PLUGIN_WITH_ADDR_FORMAT",
         "table_type":"ip_plugin",
-        "valid_column":5,
         "custom": {
             "gc_timeout_s": 3,
-            "key_name":"TODO"
+            "key_name":"uuid"
         }
     }
 ]

test/test_utils.cpp

@@ -4,6 +4,7 @@
 #include "maat_table.h"
 #include "maat_core.h"
 #include "maat_config_monitor.h"
+#include "yyjson/yyjson.h"
 
 #include <assert.h>
 #include <unistd.h>
@@ -135,40 +136,51 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por
 }
 
 int rule_table_set_line(struct maat *maat_inst, const char *table_name,
-                           enum maat_operation op, uuid_t rule_uuid,
+                           enum maat_operation op, const char *rule_uuid_str,
-                           const char *user_region, struct maat_cmd_condition conditions[],
+                           struct maat_cmd_and_condition and_conditions[],
-                           int condition_num, int expire_after)
+                           int condition_num, const char *action_para_str, int expire_after)
 {
     cJSON *json_root = cJSON_CreateObject();
-    char uuid_str[UUID_STR_LEN] = {0};
 
-    uuid_unparse(rule_uuid, uuid_str);
+    cJSON_AddStringToObject(json_root, "uuid", rule_uuid_str);
-    cJSON_AddStringToObject(json_root, "uuid", uuid_str);
+    cJSON *and_conditions_array = cJSON_CreateArray();
-    cJSON *conditions_array = cJSON_CreateArray();
 
     for (int i = 0; i < condition_num; i++) {
-        cJSON *condition = cJSON_CreateObject();
+        cJSON *and_condition = cJSON_CreateObject();
-        cJSON_AddStringToObject(condition, "attribute_name", conditions[i].attribute_name);
+        cJSON *or_conditions_array = cJSON_CreateArray();
-        if (conditions[i].negate_option) {
+        for (int j = 0; j < and_conditions[i].or_condition_num; j++) {
-            cJSON_AddStringToObject(condition, "negate_option", "true");
+            cJSON *or_condition = cJSON_CreateObject();
+            cJSON *object_uuids_array = cJSON_CreateArray();
+            for (int k = 0; k < and_conditions[i].or_conditions[j].object_num; k++) {
+                cJSON_AddItemToArray(object_uuids_array, cJSON_CreateString(and_conditions[i].or_conditions[j].object_uuids_str[k]));
+            }
+            cJSON_AddItemToObject(or_condition, "object_uuids", object_uuids_array);
+            cJSON_AddStringToObject(or_condition, "attribute_name", and_conditions[i].or_conditions[j].attribute_name);
+
+            cJSON_AddItemToArray(or_conditions_array, or_condition);
+        }
+
+        cJSON_AddItemToObject(and_condition, "or_conditions", or_conditions_array);
+        
+        if (and_conditions[i].negate_option) {
+            cJSON_AddBoolToObject(and_condition, "negate_option", true);
         } else {
-            cJSON_AddStringToObject(condition, "negate_option", "false");
+            cJSON_AddBoolToObject(and_condition, "negate_option", false);
         }
         
-        cJSON *object_uuids_array = cJSON_CreateArray();
+        cJSON_AddItemToArray(and_conditions_array, and_condition);
-        for (int j = 0; j < conditions[i].object_num; j++) {
-            cJSON_AddItemToArray(object_uuids_array, cJSON_CreateString(conditions[i].object_uuids_str[j]));
-        }
-        cJSON_AddItemToObject(condition, "object_uuids", object_uuids_array);
-        cJSON_AddItemToArray(conditions_array, condition);
     }
 
-    cJSON_AddItemToObject(json_root, "conditions", conditions_array);
+    cJSON_AddItemToObject(json_root, "and_conditions", and_conditions_array);
+
+    if (action_para_str) {
+        cJSON_AddStringToObject(json_root, "action_parameter", action_para_str);
+    }
 
     char *json_str = cJSON_PrintUnformatted(json_root);
 
     struct maat_cmd_line line_rule;
-    line_rule.rule_uuid_str = uuid_str;
+    line_rule.rule_uuid_str = rule_uuid_str;
     line_rule.table_line = json_str;
     line_rule.table_name = table_name;
     line_rule.expire_after = expire_after;
@@ -181,33 +193,52 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
     return ret;
 }
 
-#if 0 //TODO
-#define TO_OBJECT2X_KEY(object_id, parent_id, condition_index) \
-        (((unsigned long)object_id<<32|parent_id) + condition_index)
-
 int object2object_table_set_line(struct maat *maat_inst, const char *table_name,
-                               enum maat_operation op, long long object_id,
+                               enum maat_operation op, const char *object_uuid_str,
-                               long long sub_object_id, int expire_after)
+                               const char inc_object_uuid_strs[][UUID_STR_LEN], int inc_object_num,
+                               const char exc_object_uuid_strs[][UUID_STR_LEN], int exc_object_num, int expire_after)
 {
-    char table_line[128] = {0};
+    cJSON *json_root = cJSON_CreateObject();
-    sprintf(table_line, "%lld\t%lld\t%s\t%d", object_id, sub_object_id,
+    cJSON *inc_object_uuid_str_array = cJSON_CreateArray();
-            "null", op);
+    cJSON *exc_object_uuid_str_array = cJSON_CreateArray();
+
+    cJSON_AddStringToObject(json_root, "object_uuid", object_uuid_str);
+
+    if (inc_object_num > 0) {
+        for (int i = 0; i < inc_object_num; i++) {
+            cJSON_AddItemToArray(inc_object_uuid_str_array, cJSON_CreateString(inc_object_uuid_strs[i]));
+        }
+        cJSON_AddItemToObject(json_root, "included_sub_object_uuids", inc_object_uuid_str_array);
+    }
+
+    if (exc_object_num > 0) {
+        for (int i = 0; i < exc_object_num; i++) {
+            cJSON_AddItemToArray(exc_object_uuid_str_array, cJSON_CreateString(exc_object_uuid_strs[i]));
+        }
+        cJSON_AddItemToObject(json_root, "excluded_sub_object_uuids", exc_object_uuid_str_array);
+    }
+
+    char *json_str = cJSON_PrintUnformatted(json_root);
 
     struct maat_cmd_line line_rule;
-    line_rule.rule_id = TO_OBJECT2X_KEY(object_id, sub_object_id, 0);
+    line_rule.rule_uuid_str = object_uuid_str;
-    line_rule.table_line = table_line;
+    line_rule.table_line = json_str;
     line_rule.table_name = table_name;
     line_rule.expire_after = expire_after;
 
-    return maat_cmd_set_line(maat_inst, &line_rule, op);
+    int ret = maat_cmd_set_line(maat_inst, &line_rule, op);
+    free(json_str);
+
+    cJSON_Delete(json_root);
+
+    return ret;
 }
 
 int expr_table_set_line(struct maat *maat_inst, const char *table_name,
-                        enum maat_operation op, long long item_id,
+                        enum maat_operation op, const char *item_uuid_str,
-                        long long object_id, const char *keywords,
+                        const char *object_uuid_str, const char *expression,
-                        const char *district, int expr_type, int expire_after)
+                        enum expr_type expr_type, int expire_after)
 {
-    char table_line[1024] = {0};
     int table_id = maat_get_table_id(maat_inst, table_name);
     if (table_id < 0) {
         return 0;
@@ -217,24 +248,45 @@ int expr_table_set_line(struct maat *maat_inst, const char *table_name,
         table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
     assert(table_type == TABLE_TYPE_EXPR);
 
-    
+    cJSON *json_root = cJSON_CreateObject();
-    sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d",
+    const char *expr_type_str = NULL;
-            item_id, object_id, expr_type, keywords, op);//TODO
+    switch (expr_type) {
+        case EXPR_TYPE_AND:
+            expr_type_str = "and";
+            break;
+        case EXPR_TYPE_REGEX:
+            expr_type_str = "regex";
+            break;
+        default:
+            expr_type_str = "invalid";
+            break;
+    }
+
+    cJSON_AddStringToObject(json_root, "uuid", item_uuid_str);
+    cJSON_AddStringToObject(json_root, "object_uuid", object_uuid_str);
+    cJSON_AddStringToObject(json_root, "expression", expression);
+    cJSON_AddStringToObject(json_root, "expr_type", expr_type_str);
+
+    char *json_str = cJSON_PrintUnformatted(json_root);
 
     struct maat_cmd_line line_rule;
-    line_rule.rule_id = item_id;
+    line_rule.rule_uuid_str = item_uuid_str;
-    line_rule.table_line = table_line;
+    line_rule.table_line = json_str;
     line_rule.table_name = table_name;
     line_rule.expire_after = expire_after;
 
-    return maat_cmd_set_line(maat_inst, &line_rule, op);
+    int ret = maat_cmd_set_line(maat_inst, &line_rule, op);
+    free(json_str);
+
+    cJSON_Delete(json_root);
+
+    return ret;
 }
 
 int interval_table_set_line(struct maat *maat_inst, const char *table_name,
-    enum maat_operation op, long long item_id, long long object_id,
+    enum maat_operation op, const char *item_uuid_str, const char *object_uuid_str,
-    const char *port_str, const char *district, int expire_after)
+    const char *interval_str, int expire_after)
 {
-    char table_line[1024] = {0};
     int table_id = maat_get_table_id(maat_inst, table_name);
     if (table_id < 0) {
         return 0;
@@ -244,62 +296,97 @@ int interval_table_set_line(struct maat *maat_inst, const char *table_name,
         table_manager_get_table_type(maat_inst->tbl_mgr, table_id);
     assert(table_type == TABLE_TYPE_INTERVAL);
 
-    sprintf(table_line, "%lld\t%lld\t%s\t%d",
+    cJSON *json_root = cJSON_CreateObject();
-            item_id, object_id, port_str, op);//TODO
+    cJSON_AddStringToObject(json_root, "uuid", item_uuid_str);
+    cJSON_AddStringToObject(json_root, "object_uuid", object_uuid_str);
+    cJSON_AddStringToObject(json_root, "interval", interval_str);
+
+    char *json_str = cJSON_PrintUnformatted(json_root);
 
     struct maat_cmd_line line_rule;
-    line_rule.rule_id = item_id;
+    line_rule.rule_uuid_str = item_uuid_str;
-    line_rule.table_line = table_line;
+    line_rule.table_line = json_str;
     line_rule.table_name = table_name;
     line_rule.expire_after = expire_after;
 
-    return maat_cmd_set_line(maat_inst, &line_rule, op);
+    int ret = maat_cmd_set_line(maat_inst, &line_rule, op);
+    free(json_str);
+
+    cJSON_Delete(json_root);
+
+    return ret;
 }
 
 int ip_table_set_line(struct maat *maat_inst, const char *table_name,
-                      enum maat_operation op, long long item_id,
+                      enum maat_operation op, const char *item_uuid_str,
-                      long long object_id, const char *ip, int expire_after)
+                      const char *object_uuid_str, const char *ip_str, 
+                      const char *port_str, int expire_after)
 {
-    char table_line[1024] = {0};
     int table_id = maat_get_table_id(maat_inst, table_name);
     if (table_id < 0) {
         return 0;
     }
 
-    sprintf(table_line, "%lld\t%lld\t%s\t0-65535\t%d",
+    cJSON *json_root = cJSON_CreateObject();
-            item_id, object_id, ip, op);
+    cJSON_AddStringToObject(json_root, "uuid", item_uuid_str);
+    cJSON_AddStringToObject(json_root, "object_uuid", object_uuid_str);
+    cJSON_AddStringToObject(json_root, "ip", ip_str);
+    if (port_str) {
+        cJSON_AddStringToObject(json_root, "port", port_str);
+    }
+
+    char *json_str = cJSON_PrintUnformatted(json_root);
     struct maat_cmd_line line_rule;
     
-    line_rule.rule_id = item_id;
+    line_rule.rule_uuid_str = item_uuid_str;
-    line_rule.table_line = table_line;
+    line_rule.table_line = json_str;
     line_rule.table_name = table_name;
     line_rule.expire_after = expire_after;
 
-    return maat_cmd_set_line(maat_inst, &line_rule, op);
+    int ret = maat_cmd_set_line(maat_inst, &line_rule, op);
+    free(json_str);
+
+    cJSON_Delete(json_root);
+
+    return ret;
 }
+
 int flag_table_set_line(struct maat *maat_inst, const char *table_name,
-                    enum maat_operation op, long long item_id,
+                    enum maat_operation op, const char *item_uuid_str,
-                    long long object_id, long long flag,
+                    const char *object_uuid_str, long long flag,
                     long long flag_mask, int expire_after)
 {
-    char table_line[1024] = {0};
     int table_id = maat_get_table_id(maat_inst, table_name);
     if (table_id < 0) {
         return 0;
     }
 
-    sprintf(table_line, "%lld\t%lld\t%lld\t%lld\t%d",
+    yyjson_mut_doc *doc = yyjson_mut_doc_new(NULL);
-            item_id, object_id, flag, flag_mask, op);
+    yyjson_mut_val *json_root = yyjson_mut_obj(doc);
+
+    yyjson_mut_obj_add_str(doc, json_root, "uuid", item_uuid_str);
+    yyjson_mut_obj_add_str(doc, json_root, "object_uuid", object_uuid_str);
+    yyjson_mut_obj_add_int(doc, json_root, "flag", flag);
+    yyjson_mut_obj_add_int(doc, json_root, "mask", flag_mask);
+
+    yyjson_mut_doc_set_root(doc, json_root);
+
+    char *json_str = yyjson_mut_write(doc, YYJSON_WRITE_NOFLAG, NULL);
+
     struct maat_cmd_line line_rule;
 
-    line_rule.rule_id = item_id;
+    line_rule.rule_uuid_str = item_uuid_str;
-    line_rule.table_line = table_line;
+    line_rule.table_line = json_str;
     line_rule.table_name = table_name;
     line_rule.expire_after = expire_after;
 
-    return maat_cmd_set_line(maat_inst, &line_rule, op);
+    int ret = maat_cmd_set_line(maat_inst, &line_rule, op);
+    free(json_str);
+
+    yyjson_mut_doc_free(doc);
+
+    return ret;
 }
-#endif
 
 void random_keyword_generate(char *keyword_buf, size_t sz)
 {

test/test_utils.h

@@ -2,43 +2,51 @@
 
 #include "maat_utils.h"
 #include "maat_command.h"
+#include "maat_expr.h"
 #include "ip_matcher/ip_matcher.h"
 
-struct maat_cmd_condition {
+struct maat_cmd_or_condition {
     const char *object_uuids_str[8];
     int object_num;
-    int negate_option;
     const char *attribute_name;
 };
+
+struct maat_cmd_and_condition {
+    int negate_option;
+    int or_condition_num;
+    struct maat_cmd_or_condition or_conditions[8];
+};
+
 int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_port,
                         int redis_db, struct log_handle *logger);
 
 int rule_table_set_line(struct maat *maat_inst, const char *table_name,
-                           enum maat_operation op, uuid_t rule_uuid,
+                           enum maat_operation op, const char *rule_uuid_str,
-                           const char *user_region, struct maat_cmd_condition conditions[],
+                           struct maat_cmd_and_condition and_conditions[],
-                           int condition_num, int expire_after);
+                           int condition_num, const char *action_para_str, int expire_after);
 
 int object2object_table_set_line(struct maat *maat_inst, const char *table_name,
-                               enum maat_operation op, long long object_id,
+                               enum maat_operation op, const char *object_uuid_str,
-                               long long sub_object_id, int expire_after);
+                               const char inc_object_uuid_strs[][UUID_STR_LEN], int inc_object_num,
+                               const char exc_object_uuid_strs[][UUID_STR_LEN], int exc_object_num, int expire_after);
 
 int expr_table_set_line(struct maat *maat_inst, const char *table_name,
-                        enum maat_operation op, long long item_id,
+                        enum maat_operation op, const char *item_uuid_str,
-                        long long object_id, const char *keywords,
+                        const char *object_uuid_str, const char *expression,
-                        const char *district, int expr_type, int expire_after);
+                        enum expr_type expr_type, int expire_after);
 
 int interval_table_set_line(struct maat *maat_inst, const char *table_name,
-                        enum maat_operation op, long long item_id, 
+    enum maat_operation op, const char *item_uuid_str, const char *object_uuid_str,
-                        long long object_id, const char *port_str, 
+    const char *interval_str, int expire_after);
-                        const char *district, int expire_after);
 
 int ip_table_set_line(struct maat *maat_inst, const char *table_name,
-                      enum maat_operation op, long long item_id,
+                      enum maat_operation op, const char *item_uuid_str,
-                      long long object_id, const char *ip, int expire_after);
+                      const char *object_uuid_str, const char *ip_str, 
+                      const char *port_str, int expire_after);
 
 int flag_table_set_line(struct maat *maat_inst, const char *table_name,
-                        enum maat_operation op, long long item_id,
+                    enum maat_operation op, const char *item_uuid_str,
-                        long long object_id, long long flag,
+                    const char *object_uuid_str, long long flag,
-                        long long flag_mask, int expire_after);
+                    long long flag_mask, int expire_after);
 
 void random_keyword_generate(char *keyword_buf, size_t sz);