gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use attribute_name instead of attribute_id to map condition_id

Browse Source
This commit is contained in:
root
2024-10-08 11:10:03 +00:00
parent 3bbbd53f39
commit 35667246d3
21 changed files with 737 additions and 690 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/maat.h
View File

@@ -25,12 +25,14 @@ extern "C"
#include <netinet/in.h>
#include <uuid/uuid.h>
#define MAX_ATTR_NAME_LEN 128
/* maat instance handle */
struct maat;
struct maat_hit_path {
int Nth_scan;
char *attribute_name; // 0 is not a attribute.
char attribute_name[MAX_ATTR_NAME_LEN]; // 0 is not a attribute.
int negate_option; // 1 means negate condition(condition)
int condition_index; // 0 ~ 7
uuid_t item_uuid;
@@ -42,7 +44,7 @@ struct maat_hit_path {
struct maat_hit_object {
uuid_t item_uuid;
uuid_t object_uuid;
char *attribute_name;
char attribute_name[MAX_ATTR_NAME_LEN];
};
enum maat_scan_status {

4
src/inc_internal/maat_expr.h
View File

@@ -50,12 +50,12 @@ long long expr_runtime_get_version(void *expr_runtime);
* @retval the num of hit object_id
*/
int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data,
size_t data_len, int attribute_id, struct maat_state *state);
size_t data_len, const char *attribute_name, struct maat_state *state);
struct expr_runtime_stream *expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id);
int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream, const char *data,
size_t data_len, int attribute_id, struct maat_state *state);
size_t data_len, const char *attribute_name, struct maat_state *state);
void expr_runtime_stream_close(struct expr_runtime_stream *expr_rt_stream);

2
src/inc_internal/maat_flag.h
View File

@@ -48,7 +48,7 @@ long long flag_runtime_rule_count(void *flag_runtime);
* @retval the num of hit object_id
*/
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, long long flag,
int attribute_id, struct maat_state *state);
const char *attribute_name, struct maat_state *state);
void flag_runtime_perf_stat(struct flag_runtime *flag_rt, struct timespec *start,
struct timespec *end, int thread_id);

2
src/inc_internal/maat_interval.h
View File

@@ -49,7 +49,7 @@ long long interval_runtime_rule_count(void *interval_runtime);
* @retval the num of hit object_id
*/
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, int attribute_id, struct maat_state *state);
long long integer, const char *attribute_name, struct maat_state *state);
void interval_runtime_perf_stat(struct interval_runtime *interval_rt,
struct timespec *start, struct timespec *end,

2
src/inc_internal/maat_ip.h
View File

@@ -42,7 +42,7 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime);
/* ip runtime scan API */
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int port, int attribute_id, struct maat_state *state);
uint8_t *ip_addr, int port, const char *attribute_name, struct maat_state *state);
void ip_runtime_perf_stat(struct ip_runtime *ip_rt, struct timespec *start,
struct timespec *end, int thread_id);

4
src/inc_internal/maat_rule.h
View File

@@ -69,14 +69,14 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
struct maat *maat_instance, int thread_id);
int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst,
int attribute_id, int custom_rule_tbl_id, int Nth_scan,
const char *attribute_name, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item);
void rule_compile_state_clear_last_hit_object(struct rule_compile_state *rule_state);
void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
struct maat *maat_inst, int attribute_id,
struct maat *maat_inst, const char *attribute_name,
int Nth_scan);
size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state,

3
src/inc_internal/maat_table.h
View File

@@ -56,8 +56,6 @@ size_t table_manager_table_size(struct table_manager *tbl_mgr);
size_t table_manager_table_num(struct table_manager *tbl_mgr);
int table_manager_get_table_id(struct table_manager *tbl_mgr, const char *table_name);
int table_manager_get_attribute_id(struct table_manager *tbl_mgr, const char *attribute_name);
int table_manager_attribute_register(struct table_manager *tbl_mgr, const char *attribute_name, struct log_handle *logger);
/**
* @brief get table_name's all conjunction parents' table_id
@@ -77,7 +75,6 @@ int table_manager_get_conj_parent_table_ids(struct table_manager *tbl_mgr, const
int maat_get_table_id(struct maat *maat_inst, const char *table_name);
const char *table_manager_get_table_name(struct table_manager *tbl_mgr,
int table_id);
const char *table_manager_get_attribute_name(struct table_manager *tbl_mgr, int attr_id);
const char *table_manager_get_table_schema_tag(struct table_manager *tbl_mgr, int table_id);

86
src/maat_api.c
View File

@@ -55,8 +55,8 @@ struct maat_stream {
long long expr_rt_version;
struct log_handle *logger;
int thread_id;
int attribute_id;
int table_id;
char attribute_name[MAX_ATTR_NAME_LEN];
};
struct maat_options* maat_options_new(void)
@@ -1024,7 +1024,7 @@ int maat_bool_plugin_table_get_ex_data(struct maat *maat_inst, const char *table
static int
flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
int table_id, int attribute_id, struct maat_state *state)
int table_id, const char *attribute_name, struct maat_state *state)
{
enum table_type table_type =
table_manager_get_table_type(tbl_mgr, table_id);
@@ -1041,7 +1041,7 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
flag_runtime_scan_times_inc((struct flag_runtime *)flag_rt, thread_id);
int object_hit_cnt = flag_runtime_scan((struct flag_runtime *)flag_rt,
thread_id, flag, attribute_id, state);
thread_id, flag, attribute_name, state);
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
@@ -1053,7 +1053,7 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
static int
interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
int table_id, int attribute_id, struct maat_state *state)
int table_id, const char *attribute_name, struct maat_state *state)
{
enum table_type table_type =
@@ -1071,7 +1071,7 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
interval_runtime_scan_times_inc((struct interval_runtime *)interval_rt, thread_id);
int object_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt,
thread_id, integer, attribute_id, state);
thread_id, integer, attribute_name, state);
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
@@ -1083,7 +1083,7 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
static int
ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
int port, int table_id, int attribute_id, struct maat_state *state)
int port, int table_id, const char *attribute_name, struct maat_state *state)
{
enum table_type table_type =
@@ -1100,7 +1100,7 @@ ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
ip_runtime_scan_times_inc(ip_rt, thread_id);
int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4,
(uint8_t *)&ip_addr, port, attribute_id, state);
(uint8_t *)&ip_addr, port, attribute_name, state);
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
@@ -1112,7 +1112,7 @@ ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
static int
ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
int port, int table_id, int attribute_id, struct maat_state *state)
int port, int table_id, const char *attribute_name, struct maat_state *state)
{
enum table_type table_type =
@@ -1129,7 +1129,7 @@ ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
ip_runtime_scan_times_inc(ip_rt, thread_id);
int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6,
ip_addr, port, attribute_id, state);
ip_addr, port, attribute_name, state);
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
@@ -1142,7 +1142,7 @@ ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
static int
string_scan(struct table_manager *tbl_mgr, int thread_id,
const char *data, size_t data_len, int table_id,
int attribute_id, struct maat_state *state)
const char *attribute_name, struct maat_state *state)
{
enum table_type table_type =
table_manager_get_table_type(tbl_mgr, table_id);
@@ -1161,7 +1161,7 @@ string_scan(struct table_manager *tbl_mgr, int thread_id,
int object_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt,
thread_id, data, data_len,
attribute_id, state);
attribute_name, state);
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
@@ -1213,11 +1213,6 @@ int maat_scan_flag(struct maat *maat_inst, const char *table_name, const char *a
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
@@ -1233,7 +1228,7 @@ int maat_scan_flag(struct maat *maat_inst, const char *table_name, const char *a
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = flag_scan(maat_inst->tbl_mgr, state->thread_id, flag,
table_id, attribute_id, state);
table_id, attribute_name, state);
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
@@ -1294,11 +1289,6 @@ int maat_scan_integer(struct maat *maat_inst, const char *table_name, const char
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
@@ -1314,7 +1304,7 @@ int maat_scan_integer(struct maat *maat_inst, const char *table_name, const char
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = interval_scan(maat_inst->tbl_mgr, state->thread_id, integer,
table_id, attribute_id, state);
table_id, attribute_name, state);
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
@@ -1375,11 +1365,6 @@ int maat_scan_ipv4_port(struct maat *maat_inst, const char *table_name, const ch
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
@@ -1395,7 +1380,7 @@ int maat_scan_ipv4_port(struct maat *maat_inst, const char *table_name, const ch
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = ipv4_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port,
table_id, attribute_id, state);
table_id, attribute_name, state);
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
@@ -1456,11 +1441,6 @@ int maat_scan_ipv6_port(struct maat *maat_inst, const char *table_name, const ch
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
@@ -1476,7 +1456,7 @@ int maat_scan_ipv6_port(struct maat *maat_inst, const char *table_name, const ch
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = ipv6_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port,
table_id, attribute_id, state);
table_id, attribute_name, state);
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
@@ -1555,11 +1535,6 @@ int maat_scan_string(struct maat *maat_inst, const char *table_name, const char
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
@@ -1575,7 +1550,7 @@ int maat_scan_string(struct maat *maat_inst, const char *table_name, const char
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = string_scan(maat_inst->tbl_mgr, state->thread_id, data,
data_len, table_id, attribute_id, state);
data_len, table_id, attribute_name, state);
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
@@ -1615,7 +1590,7 @@ int maat_scan_string(struct maat *maat_inst, const char *table_name, const char
}
}
static void maat_state_add_hit_object(struct maat_state *state, int attribute_id,
static void maat_state_add_hit_object(struct maat_state *state, const char *attribute_name,
struct maat_hit_object *objects, size_t n_object)
{
struct maat *maat_inst = state->maat_inst;
@@ -1642,13 +1617,13 @@ static void maat_state_add_hit_object(struct maat_state *state, int attribute_id
uuid_copy(hit_items[i].object_uuid, objects[i].object_uuid);
}
rule_compile_state_update(state->rule_compile_state, maat_inst, attribute_id,
rule_compile_state_update(state->rule_compile_state, maat_inst, attribute_name,
state->rule_table_id, state->Nth_scan,
hit_items, n_hit_item);
}
static void
maat_state_activate_hit_not_object(struct maat_state *state, int attribute_id)
maat_state_activate_hit_not_object(struct maat_state *state, const char *attribute_name)
{
if (NULL == state) {
return;
@@ -1673,7 +1648,7 @@ maat_state_activate_hit_not_object(struct maat_state *state, int attribute_id)
}
rule_compile_state_not_logic_update(state->rule_compile_state, rule_rt, maat_inst,
attribute_id, state->Nth_scan);
attribute_name, state->Nth_scan);
}
int maat_scan_object(struct maat *maat_inst, const char *table_name, const char *attribute_name,
@@ -1694,11 +1669,6 @@ int maat_scan_object(struct maat *maat_inst, const char *table_name, const char
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
maat_inst->stat->scan_err_cnt++;
return MAAT_SCAN_ERR;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
@@ -1708,7 +1678,7 @@ int maat_scan_object(struct maat *maat_inst, const char *table_name, const char
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
maat_state_add_hit_object(state, attribute_id, objects, n_object);
maat_state_add_hit_object(state, attribute_name, objects, n_object);
size_t hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state);
*n_hit_result = hit_rule_cnt;
@@ -1735,11 +1705,6 @@ int maat_scan_not_logic(struct maat *maat_inst, const char *table_name, const ch
return 0;
}
int attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
if (attribute_id < 0) {
return -1;
}
struct maat_runtime *maat_rt = maat_inst->maat_rt;
if (NULL == maat_rt) {
return MAAT_SCAN_OK;
@@ -1748,7 +1713,7 @@ int maat_scan_not_logic(struct maat *maat_inst, const char *table_name, const ch
maat_runtime_ref_inc(maat_rt, state->thread_id);
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
maat_state_activate_hit_not_object(state, attribute_id);
maat_state_activate_hit_not_object(state, attribute_name);
size_t hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state);
*n_hit_result = hit_rule_cnt;
@@ -1773,7 +1738,7 @@ struct maat_stream *maat_stream_new(struct maat *maat_inst, const char *table_na
stream->last_full_version = maat_inst->last_full_version;
stream->thread_id = state->thread_id;
stream->table_id = table_manager_get_table_id(maat_inst->tbl_mgr, table_name);
stream->attribute_id = table_manager_get_attribute_id(maat_inst->tbl_mgr, attribute_name);
snprintf(stream->attribute_name, sizeof(stream->attribute_name), "%s", attribute_name);
stream->logger = maat_inst->logger;
enum table_type table_type = TABLE_TYPE_INVALID;
@@ -1781,9 +1746,6 @@ struct maat_stream *maat_stream_new(struct maat *maat_inst, const char *table_na
if (stream->table_id < 0) {
goto error;
}
if (stream->attribute_id < 0) {
goto error;
}
table_type = table_manager_get_table_type(maat_inst->tbl_mgr,
stream->table_id);
@@ -1835,7 +1797,7 @@ static int expr_stream_scan(struct maat_stream *stream, const char *data,
data_len);
int object_hit_cnt = expr_runtime_stream_scan(stream->expr_rt_stream, data,
data_len, stream->attribute_id, state);
data_len, stream->attribute_name, state);
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}

8
src/maat_expr.c
View File

@@ -812,7 +812,7 @@ long long expr_runtime_get_version(void *expr_runtime)
int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
const char *data, size_t data_len,
int attribute_id, struct maat_state *state)
const char *attribute_name, struct maat_state *state)
{
//clear rule_state->last_hit_object
if (state != NULL && state->rule_compile_state != NULL) {
@@ -876,7 +876,7 @@ next:
state->thread_id, 1);
}
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_num);
}
@@ -902,7 +902,7 @@ expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id)
int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
const char *data, size_t data_len,
int attribute_id, struct maat_state *state)
const char *attribute_name, struct maat_state *state)
{
struct expr_runtime *expr_rt = expr_rt_stream->ref_expr_rt;
@@ -969,7 +969,7 @@ next:
state->thread_id, 1);
}
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

4
src/maat_flag.c
View File

@@ -396,7 +396,7 @@ long long flag_runtime_rule_count(void *flag_runtime)
}
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
long long flag, int attribute_id, struct maat_state *state)
long long flag, const char *attribute_name, struct maat_state *state)
{
//clear rule_state->last_hit_object
if (state != NULL && state->rule_compile_state != NULL) {
@@ -453,7 +453,7 @@ next:
state->thread_id, 1);
}
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

4
src/maat_interval.c
View File

@@ -405,7 +405,7 @@ long long interval_runtime_rule_count(void *interval_runtime)
}
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
long long integer, int attribute_id, struct maat_state *state)
long long integer, const char *attribute_name, struct maat_state *state)
{
//clear rule_state->last_hit_object
if (state != NULL && state->rule_compile_state != NULL) {
@@ -462,7 +462,7 @@ next:
state->thread_id, 1);
}
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

4
src/maat_ip.c
View File

@@ -465,7 +465,7 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime)
}
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
uint8_t *ip_addr, int port, int attribute_id, struct maat_state *state)
uint8_t *ip_addr, int port, const char *attribute_name, struct maat_state *state)
{
//clear rule_state->last_hit_object
if (state != NULL && state->rule_compile_state != NULL) {
@@ -543,7 +543,7 @@ next:
state->thread_id, 1);
}
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_id,
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}

114
src/maat_rule.c
View File

@@ -50,7 +50,7 @@ struct rule_item {
struct condition_query_key {
uuid_t object_uuid;
int attribute_id;
char attribute_name[MAX_ATTR_NAME_LEN];
int negate_option;
};
@@ -61,7 +61,7 @@ struct condition_id_kv {
};
struct table_condition {
int attribute_id;
char attribute_name[MAX_ATTR_NAME_LEN];
int actual_condition_num;
UT_array *condition_ids;
UT_array *object_ids;
@@ -69,7 +69,7 @@ struct table_condition {
};
struct table_object {
int attribute_id;
char attribute_name[MAX_ATTR_NAME_LEN];
UT_array *object_uuids;
UT_hash_handle hh;
};
@@ -101,7 +101,7 @@ struct rule_condition {
long long condition_id;
uuid_t object_uuids[MAX_OBJECT_CNT];
int object_cnt;
int attribute_id;
char attribute_name[MAX_ATTR_NAME_LEN];
char negate_option; // 1 byte
char in_use; // 1 byte
char pad[6]; // for 8 bytes alignment
@@ -126,8 +126,8 @@ struct internal_hit_path {
uuid_t item_uuid;
uuid_t object_uuid;
int Nth_scan;
int attribute_id;
int negate_option; // 1 means negate condition
char attribute_name[MAX_ATTR_NAME_LEN];
};
struct rule2table_id {
@@ -190,11 +190,11 @@ static void maat_rule_free(struct maat_rule *rule)
}
static int validate_table_not_condition(struct rule_runtime *rule_rt,
struct table_manager *tbl_mgr, int attribute_id,
struct table_manager *tbl_mgr, const char *attribute_name,
enum maat_operation op, struct log_handle *logger)
{
struct table_condition *not_condition = NULL;
HASH_FIND_INT(rule_rt->tbl_not_condition_hash, &attribute_id, not_condition);
HASH_FIND_STR(rule_rt->tbl_not_condition_hash, attribute_name, not_condition);
if (MAAT_OP_DEL == op) {
//delete
@@ -207,15 +207,14 @@ static int validate_table_not_condition(struct rule_runtime *rule_rt,
//add
if (NULL == not_condition) {
not_condition = ALLOC(struct table_condition, 1);
not_condition->attribute_id = attribute_id;
snprintf(not_condition->attribute_name, sizeof(not_condition->attribute_name), "%s", attribute_name);
not_condition->actual_condition_num++;
HASH_ADD_INT(rule_rt->tbl_not_condition_hash, attribute_id, not_condition);
HASH_ADD_STR(rule_rt->tbl_not_condition_hash, attribute_name, not_condition);
} else {
if (not_condition->actual_condition_num >= MAX_NOT_CONDITION_NUM) {
const char *attr_name = table_manager_get_attribute_name(tbl_mgr, attribute_id);
log_fatal(logger, MODULE_RULE,
"[%s:%d]attribute:<%s> negate condition num exceed maximum:%d",
__FUNCTION__, __LINE__, attr_name, MAX_NOT_CONDITION_NUM);
__FUNCTION__, __LINE__, attribute_name, MAX_NOT_CONDITION_NUM);
return -1;
}
not_condition->actual_condition_num++;
@@ -280,16 +279,13 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
goto error;
}
condition->attribute_id = table_manager_get_attribute_id(schema->ref_tbl_mgr, tmp_obj->valuestring);
if (condition->attribute_id < 0) {
condition->attribute_id = table_manager_attribute_register(schema->ref_tbl_mgr, tmp_obj->valuestring, logger);
if (condition->attribute_id < 0) {
if (strlen(tmp_obj->valuestring) >= sizeof(condition->attribute_name)) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> attribute_name:%s register failed",
__FUNCTION__, __LINE__, table_name, tmp_obj->valuestring);
"[%s:%d] table: <%s> attribute_name:%s length exceed maximum:%d",
__FUNCTION__, __LINE__, table_name, tmp_obj->valuestring, sizeof(condition->attribute_name));
goto error;
}
}
snprintf(condition->attribute_name, sizeof(condition->attribute_name), "%s", tmp_obj->valuestring);
tmp_obj = cJSON_GetObjectItem(condition_obj, "negate_option");
if (tmp_obj) {
@@ -306,7 +302,7 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
}
if (condition->negate_option == CONDITION_NEGATE_OPTION_SET) {
int ret = validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, condition->attribute_id, MAAT_OP_ADD, logger);
int ret = validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, condition->attribute_name, MAAT_OP_ADD, logger);
if (ret < 0) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> validate negate_option failed, line: %s",
@@ -683,7 +679,9 @@ build_condition_id_kv_hash(struct rule_runtime *rule_rt, int negate_option)
struct condition_query_key key;
struct condition_id_kv *condition_id_kv = NULL;
key.attribute_id = condition->attribute_id;
memset(&key, 0, sizeof(key));
memcpy(key.attribute_name, condition->attribute_name, sizeof(key.attribute_name));
key.negate_option = condition->negate_option;
uuid_copy(key.object_uuid, condition->object_uuids[k]);
@@ -977,7 +975,7 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
static void
rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile_state,
uuid_t item_uuid, uuid_t object_uuid,
int attribute_id, int negate_option, int Nth_scan)
const char *attribute_name, int negate_option, int Nth_scan)
{
if (NULL == rule_compile_state) {
return;
@@ -987,7 +985,7 @@ rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile
uuid_copy(new_path.item_uuid, item_uuid);
new_path.Nth_scan = Nth_scan;
uuid_copy(new_path.object_uuid, object_uuid);
new_path.attribute_id = attribute_id;
snprintf(new_path.attribute_name, sizeof(new_path.attribute_name), "%s", attribute_name);
new_path.negate_option = negate_option;
utarray_push_back(rule_compile_state->internal_hit_paths, &new_path);
@@ -1003,7 +1001,7 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule,
}
if (condition->attribute_id != key->attribute_id) {
if (strncmp(condition->attribute_name, key->attribute_name, sizeof(key->attribute_name)) != 0) {
continue;
}
@@ -1024,7 +1022,7 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule,
static size_t
maat_rule_get_hit_condition_index(struct maat_rule *rule,
int attribute_id, uuid_t hit_object_uuid,
const char *attribute_name, uuid_t hit_object_uuid,
int *condition_idx_array, size_t array_size)
{
size_t hit_condition_cnt = 0;
@@ -1037,7 +1035,7 @@ maat_rule_get_hit_condition_index(struct maat_rule *rule,
}
if (tmp_condition->attribute_id != attribute_id) {
if (strncmp(tmp_condition->attribute_name, attribute_name, sizeof(tmp_condition->attribute_name)) != 0) {
continue;
}
@@ -1068,7 +1066,7 @@ maat_rule_is_hit_path_existed(const struct maat_hit_path *hit_paths,
static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
size_t array_idx, size_t n_hit_path,
size_t *n_new_hit_path, int attribute_id,
size_t *n_new_hit_path, const char *attribute_name,
struct maat_rule *rule)
{
size_t i = 0;
@@ -1086,7 +1084,7 @@ static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
uuid_copy(hit_path_array[idx].rule_uuid, rule->rule_uuid);
// find out which condition in rule hit
n_condition_index =
maat_rule_get_hit_condition_index(rule, attribute_id,
maat_rule_get_hit_condition_index(rule, attribute_name,
hit_path_array[idx].top_object_uuid,
condition_index_array,
MAX_ITEMS_PER_BOOL_EXPR);
@@ -1107,7 +1105,7 @@ static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path;
new_hit_path_cnt++;
n_condition_index =
maat_rule_get_hit_condition_index(rule, attribute_id, tmp_path.top_object_uuid,
maat_rule_get_hit_condition_index(rule, attribute_name, tmp_path.top_object_uuid,
condition_index_array, MAX_ITEMS_PER_BOOL_EXPR);
hit_path_array[n_hit_path + new_hit_path_cnt - 1].condition_index = condition_index_array[0];
if (n_condition_index > 1) {
@@ -1160,14 +1158,12 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
} else {
uuid_copy(key.object_uuid, hit_path_array[j].top_object_uuid);
}
int attribute_id = table_manager_get_attribute_id(rule_rt->ref_maat_rt->ref_tbl_mgr,
hit_path_array[j].attribute_name);
key.attribute_id = attribute_id;
memcpy(key.attribute_name, hit_path_array[j].attribute_name, sizeof(key.attribute_name));
key.negate_option = hit_path_array[j].negate_option;
if (maat_rule_has_condition_query_key(rule, &key)) {
populate_hit_path_with_rule(hit_path_array, j, n_hit_path,
&n_new_hit_path, attribute_id, rule);
&n_new_hit_path, key.attribute_name, rule);
}
}
}
@@ -1178,7 +1174,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
static void
rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_item *hit_items,
size_t n_hit_items, char *attribute_name)
size_t n_hit_items, const char *attribute_name)
{
if (NULL == rule_compile_state || NULL == hit_items) {
return;
@@ -1188,7 +1184,7 @@ rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compil
for (size_t i = 0; i < n_hit_items; i++) {
uuid_copy(hit_object.item_uuid, hit_items[i].item_uuid);
uuid_copy(hit_object.object_uuid, hit_items[i].object_uuid);
hit_object.attribute_name = attribute_name;
snprintf(hit_object.attribute_name, sizeof(hit_object.attribute_name), "%s", attribute_name);
utarray_push_back(rule_compile_state->direct_hit_objects, &hit_object);
}
}
@@ -1196,7 +1192,7 @@ rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compil
static void
rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
uuid_t *object_uuids,
size_t n_object_uuids, char *attribute_name)
size_t n_object_uuids, const char *attribute_name)
{
if (NULL == rule_compile_state || NULL == object_uuids) {
return;
@@ -1206,7 +1202,7 @@ rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_comp
for (size_t i = 0; i < n_object_uuids; i++) {
uuid_clear(hit_object.item_uuid);
uuid_copy(hit_object.object_uuid, object_uuids[i]);
hit_object.attribute_name = attribute_name;
snprintf(hit_object.attribute_name, sizeof(hit_object.attribute_name), "%s", attribute_name);
utarray_push_back(rule_compile_state->indirect_hit_objects, &hit_object);
}
}
@@ -1290,7 +1286,7 @@ rule_compile_state_add_hit_not_conditions(struct rule_compile_state *rule_compil
static void
rule_compile_state_update_hit_conditions(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
uuid_t object_uuid, int attribute_id)
uuid_t object_uuid, const char *attribute_name)
{
if (NULL == rule_compile_state || NULL == rule_rt) {
return;
@@ -1299,8 +1295,9 @@ rule_compile_state_update_hit_conditions(struct rule_compile_state *rule_compile
struct condition_query_key key;
struct condition_id_kv *condition_id_kv = NULL;
memset(&key, 0, sizeof(key));
key.negate_option = 0;
key.attribute_id = attribute_id;
snprintf(key.attribute_name, sizeof(key.attribute_name), "%s", attribute_name);
uuid_copy(key.object_uuid, object_uuid);
HASH_FIND(hh, rule_rt->condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
@@ -1319,7 +1316,7 @@ static void
rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
uuid_t *hit_object_uuids,
size_t n_hit_object_uuid, int attribute_id)
size_t n_hit_object_uuid, const char *attribute_name)
{
if (NULL == rule_compile_state || NULL == rule_rt) {
return;
@@ -1330,7 +1327,7 @@ rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile
}
struct table_object *tbl_object = NULL;
HASH_FIND(hh, rule_compile_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object);
HASH_FIND_STR(rule_compile_state->hit_not_tbl_objects, attribute_name, tbl_object);
if (tbl_object != NULL) {
for (size_t i = 0; i < n_hit_object_uuid; i++) {
uuid_t *object_uuid = (uuid_t *)utarray_find(tbl_object->object_uuids,
@@ -1346,7 +1343,7 @@ rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile
struct condition_id_kv *condition_id_kv = NULL, *tmp_condition_id_kv = NULL;
HASH_ITER(hh, rule_rt->not_condition_id_kv_hash, condition_id_kv, tmp_condition_id_kv) {
if (condition_id_kv->key.attribute_id != attribute_id) {
if (strncmp(condition_id_kv->key.attribute_name, attribute_name, strlen(attribute_name)) != 0) {
continue;
}
@@ -1359,9 +1356,9 @@ rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile
if (NULL == tbl_object) {
tbl_object = ALLOC(struct table_object, 1);
tbl_object->attribute_id = attribute_id;
snprintf(tbl_object->attribute_name, sizeof(tbl_object->attribute_name), "%s", attribute_name);
utarray_new(tbl_object->object_uuids, &ut_rule_object_uuid_icd);
HASH_ADD_INT(rule_compile_state->hit_not_tbl_objects, attribute_id, tbl_object);
HASH_ADD_STR(rule_compile_state->hit_not_tbl_objects, attribute_name, tbl_object);
}
if (!utarray_find(tbl_object->object_uuids, &(condition_id_kv->key.object_uuid),
@@ -1460,7 +1457,7 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
for (int i = 0; i < rule->condition_num; i++) {
struct rule_condition *condition = rule->conditions + i;
if (condition->in_use && condition->negate_option == CONDITION_NEGATE_OPTION_SET) {
validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, condition->attribute_id, MAAT_OP_DEL, logger);
validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, condition->attribute_name, MAAT_OP_DEL, logger);
}
}
@@ -1678,14 +1675,13 @@ int rule_runtime_match(struct rule_runtime *rule_rt, uuid_t *rule_uuids,
}
int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst,
int attribute_id, int custom_rule_tbl_id, int Nth_scan,
const char *attribute_name, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item)
{
size_t i = 0, j = 0;
size_t hit_cnt = n_hit_item;
uuid_t hit_object_uuids[MAX_HIT_OBJECT_NUM];
struct maat_hit_object hit_object;
char *attribute_name = (char*)table_manager_get_attribute_name(maat_inst->tbl_mgr, attribute_id);
utarray_clear(rule_compile_state->this_scan_hit_conditions);
rule_compile_state->this_scan_not_logic = 0;
@@ -1696,7 +1692,7 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
uuid_copy(hit_object.item_uuid, hit_items[i].item_uuid);
uuid_copy(hit_object.object_uuid, hit_items[i].object_uuid);
hit_object.attribute_name = attribute_name;
snprintf(hit_object.attribute_name, sizeof(hit_object.attribute_name), "%s", attribute_name);
utarray_push_back(rule_compile_state->last_hit_objects, &hit_object);
}
@@ -1710,14 +1706,14 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
for (i = 0; i < super_object_cnt; i++) {
uuid_clear(hit_object.item_uuid);
uuid_copy(hit_object.object_uuid, super_object_uuids[i]);
hit_object.attribute_name = attribute_name;
snprintf(hit_object.attribute_name, sizeof(hit_object.attribute_name), "%s", attribute_name);
utarray_push_back(rule_compile_state->last_hit_objects, &hit_object);
}
if (1 == maat_inst->opts.hit_path_on && hit_cnt > 0) {
for (i = 0; i < hit_cnt; i++) {
rule_compile_state_add_internal_hit_path(rule_compile_state, hit_items[i].item_uuid,
hit_items[i].object_uuid, attribute_id, 0, Nth_scan);
hit_items[i].object_uuid, attribute_name, 0, Nth_scan);
}
}
@@ -1745,11 +1741,11 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
for (i = 0; i < hit_cnt; i++) {
rule_compile_state_update_hit_conditions(rule_compile_state, rule_rt,
hit_object_uuids[i], attribute_id);
hit_object_uuids[i], attribute_name);
}
rule_compile_state_cache_hit_not_objects(rule_compile_state, rule_rt, hit_object_uuids,
hit_cnt, attribute_id);
hit_cnt, attribute_name);
return hit_cnt;
}
@@ -1764,7 +1760,7 @@ void rule_compile_state_clear_last_hit_object(struct rule_compile_state *rule_co
void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
struct maat *maat_inst, int attribute_id,
struct maat *maat_inst, const char *attribute_name,
int Nth_scan)
{
if (NULL == rule_compile_state || NULL == maat_inst) {
@@ -1776,7 +1772,7 @@ void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile
utarray_clear(rule_compile_state->this_scan_hit_not_conditions);
struct table_object *tbl_object = NULL;
HASH_FIND(hh, rule_compile_state->hit_not_tbl_objects, &attribute_id, sizeof(int), tbl_object);
HASH_FIND_STR(rule_compile_state->hit_not_tbl_objects, attribute_name, tbl_object);
if (NULL == tbl_object) {
return;
}
@@ -1785,7 +1781,7 @@ void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile
for (size_t i = 0; i < utarray_len(tbl_object->object_uuids); i++) {
uuid_t *object_uuid = utarray_eltptr(tbl_object->object_uuids, i);
struct condition_query_key key;
key.attribute_id = attribute_id;
snprintf(key.attribute_name, sizeof(key.attribute_name), "%s", attribute_name);
key.negate_option = 1;
uuid_copy(key.object_uuid, *object_uuid);
@@ -1799,7 +1795,7 @@ void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile
uuid_t null_uuid;
uuid_clear(null_uuid);
rule_compile_state_add_internal_hit_path(rule_compile_state, null_uuid, *object_uuid,
attribute_id, 1, Nth_scan);
attribute_name, 1, Nth_scan);
}
}
}
@@ -1815,7 +1811,7 @@ size_t rule_compile_state_get_indirect_hit_objects(struct rule_compile_state *ru
(struct maat_hit_object *)utarray_eltptr(rule_compile_state->indirect_hit_objects, i);
uuid_copy(object_array[i].item_uuid, hit_object->item_uuid);
uuid_copy(object_array[i].object_uuid, hit_object->object_uuid);
object_array[i].attribute_name = hit_object->attribute_name;
memcpy(object_array[i].attribute_name, hit_object->attribute_name, sizeof(object_array[i].attribute_name));
}
utarray_clear(rule_compile_state->indirect_hit_objects);
@@ -1859,7 +1855,7 @@ size_t rule_compile_state_get_direct_hit_objects(struct rule_compile_state *rule
object = (struct maat_hit_object *)utarray_eltptr(direct_hit_object, i);
uuid_copy(object_array[i].item_uuid, object->item_uuid);
uuid_copy(object_array[i].object_uuid, object->object_uuid);
object_array[i].attribute_name = object->attribute_name;
memcpy(object_array[i].attribute_name, object->attribute_name, sizeof(object_array[i].attribute_name));
}
utarray_clear(rule_compile_state->direct_hit_objects);
@@ -1919,8 +1915,8 @@ size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule
uuid_copy(tmp_path.item_uuid, internal_path->item_uuid);
uuid_copy(tmp_path.sub_object_uuid, internal_path->object_uuid);
uuid_copy(tmp_path.top_object_uuid, *p);
tmp_path.attribute_name = (char*)table_manager_get_attribute_name(rule_rt->ref_maat_rt->ref_tbl_mgr,
internal_path->attribute_id);
memcpy(tmp_path.attribute_name, internal_path->attribute_name, sizeof(tmp_path.attribute_name));
tmp_path.negate_option = internal_path->negate_option;
tmp_path.condition_index = -1;
uuid_clear(tmp_path.rule_uuid);

118
src/maat_table.c
View File

@@ -52,8 +52,6 @@ struct table_manager {
struct maat_table *tbl[MAX_TABLE_NUM];
size_t n_table;
UT_array *attr_array;
struct rule_tag *accept_tags;
size_t n_accept_tag;
@@ -62,8 +60,6 @@ struct table_manager {
int o2o_table_id;
struct maat_kv_store *tbl_name2id_map;
struct maat_kv_store *conj_tbl_name2id_map;
struct maat_kv_store *attr_name2id_map;
struct maat_kv_store *sequence_map;
struct maat_garbage_bin *ref_garbage_bin;
struct log_handle *logger;
@@ -594,31 +590,6 @@ static int register_single_tbl_name2id(struct maat_kv_store *tbl_name2id_map,
return 0;
}
static int register_single_attribute_name2id(struct maat_kv_store *attr_name2id_map,
const char *attr_name, int attr_id,
struct log_handle *logger)
{
if (strlen(attr_name) >= NAME_MAX) {
log_fatal(logger, MODULE_TABLE,
"[%s:%d] attribute:<%s> name length exceed maxium:%d",
__FUNCTION__, __LINE__, attr_name, NAME_MAX);
return -1;
}
long long tmp_attr_id = -1;
int ret = maat_kv_read(attr_name2id_map, attr_name, &tmp_attr_id, 1);
if (ret > 0 && tmp_attr_id != attr_id) {
log_fatal(logger, MODULE_TABLE,
"[%s:%d] attribute:<%s>(attr_id:%lld) has already been registered"
", can't register again",
__FUNCTION__, __LINE__, attr_name, tmp_attr_id);
return -1;
}
maat_kv_register(attr_name2id_map, attr_name, attr_id);
return 0;
}
static int register_conjunction_tbl_name2id(struct maat_kv_store *conj_tbl_name2id_map,
cJSON *root, struct log_handle *logger)
{
@@ -744,45 +715,6 @@ int maat_default_rule_table_id(cJSON *json, struct log_handle *logger)
return item->valueint;
}
static long long maat_table_get_sequence(struct maat_kv_store *sequence_map,
const char *sequence_name)
{
long long sequence = 1;
int map_ret = maat_kv_read(sequence_map, sequence_name, &sequence, 1);
if (map_ret < 0) {
maat_kv_register(sequence_map, sequence_name, sequence);
} else {
sequence++;
int ret = maat_kv_write(sequence_map, sequence_name, sequence);
if (ret < 0) {
return -1;
}
}
return sequence;
}
int table_manager_attribute_register(struct table_manager *tbl_mgr, const char *attribute_name, struct log_handle *logger)
{
int attr_id = maat_table_get_sequence(tbl_mgr->sequence_map, "attribute_id");
if (attr_id < 0) {
log_fatal(logger, MODULE_TABLE,
"[%s:%d] attribute %s register get id failed", __FUNCTION__, __LINE__, attribute_name);
return -1;
}
if (register_single_attribute_name2id(tbl_mgr->attr_name2id_map, attribute_name, attr_id, logger) < 0) {
log_fatal(logger, MODULE_TABLE,
"[%s:%d] attribute %s register failed", __FUNCTION__, __LINE__, attribute_name);
return -1;
}
utarray_insert(tbl_mgr->attr_array, &attribute_name, attr_id);
return attr_id;
}
struct table_manager *
table_manager_create(const char *table_info_path, const char *accept_tags,
enum maat_expr_engine engine_type, struct maat_garbage_bin *garbage_bin,
@@ -828,11 +760,8 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
tbl_mgr->logger = logger;
tbl_mgr->tbl_name2id_map = maat_kv_store_new();
tbl_mgr->conj_tbl_name2id_map = maat_kv_store_new();
tbl_mgr->attr_name2id_map = maat_kv_store_new();
tbl_mgr->sequence_map = maat_kv_store_new();
tbl_mgr->engine_type = engine_type;
tbl_mgr->ref_garbage_bin = garbage_bin;
utarray_new(tbl_mgr->attr_array, &ut_str_icd);
ret = register_tbl_name2id(tbl_mgr->tbl_name2id_map, root, table_info_path, logger);
if (ret < 0) {
@@ -1025,21 +954,6 @@ void table_manager_destroy(struct table_manager *tbl_mgr)
tbl_mgr->conj_tbl_name2id_map = NULL;
}
if (tbl_mgr->attr_name2id_map != NULL) {
maat_kv_store_free(tbl_mgr->attr_name2id_map);
tbl_mgr->attr_name2id_map = NULL;
}
if (tbl_mgr->sequence_map != NULL) {
maat_kv_store_free(tbl_mgr->sequence_map);
tbl_mgr->sequence_map = NULL;
}
if (tbl_mgr->attr_array != NULL) {
utarray_free(tbl_mgr->attr_array);
tbl_mgr->attr_array = NULL;
}
FREE(tbl_mgr);
}
@@ -1072,21 +986,6 @@ int table_manager_get_table_id(struct table_manager *tbl_mgr, const char *table_
return (int)table_id;
}
int table_manager_get_attribute_id(struct table_manager *tbl_mgr, const char *attr_name)
{
if (NULL == tbl_mgr || NULL == attr_name) {
return -1;
}
long long attr_id = -1;
int ret = maat_kv_read(tbl_mgr->attr_name2id_map, attr_name, &attr_id, 1);
if (ret < 0) {
return -1;
}
return (int)attr_id;
}
int table_manager_get_conj_parent_table_ids(struct table_manager *tbl_mgr, const char *table_name,
long long *table_ids_array, size_t n_table_ids_array)
{
@@ -1121,23 +1020,6 @@ const char *table_manager_get_table_name(struct table_manager *tbl_mgr, int tabl
return tbl_mgr->tbl[table_id]->table_name;
}
const char *table_manager_get_attribute_name(struct table_manager *tbl_mgr, int attr_id)
{
if (NULL == tbl_mgr || attr_id < 0) {
return NULL;
}
if (NULL == tbl_mgr->attr_array) {
return NULL;
}
if (attr_id >= utarray_len(tbl_mgr->attr_array)) {
return NULL;
}
return *(char **)utarray_eltptr(tbl_mgr->attr_array, attr_id);
}
const char *table_manager_get_table_schema_tag(struct table_manager *tbl_mgr, int table_id)
{
if (NULL == tbl_mgr || table_id < 0) {

4
test/json_update/corrupted.json
View File

@@ -3,7 +3,7 @@
"object_table": "OBJECT",
"rules": [
{
"rule_id": "9c5ee166-3af6-fb23-f8f8-8c7062ed3717",
"uuid": "9c5ee166-3af6-fb23-f8f8-8c7062ed3717",
"service": 1,
"action": 1,
"do_blacklist": 1,
@@ -21,7 +21,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "hello&world",
"expression": "hello&world",
"expr_type": "none"
}
}

4
test/json_update/new.json
View File

@@ -3,7 +3,7 @@
"object2object_table": "OBJECT2OBJECT",
"rules": [
{
"rule_id": "9b0d44a1-1e9e-7988-6ab2-c619d5906818",
"uuid": "9b0d44a1-1e9e-7988-6ab2-c619d5906818",
"service": 1,
"action": 1,
"do_blacklist": 1,
@@ -20,7 +20,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "MESA&Maat",
"expression": "MESA&Maat",
"expr_type": "and"
}
}

2
test/json_update/old.json
View File

@@ -20,7 +20,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "hello&world",
"expression": "hello&world",
"expr_type": "and"
}
}

389
test/maat_framework_gtest.cpp
View File

@@ -25,7 +25,7 @@ const char *g_json_filename = "maat_json.json";
size_t g_thread_num = 4;
#if 0 //TODO
int test_add_expr_command(struct maat *maat_inst, const char *expr_table,
long long rule_id, int timeout,
const char *keywords)
@@ -57,6 +57,7 @@ int del_command(struct maat *maat_inst, int rule_id)
return rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_DEL,
rule_id, "null", 1, 0);
}
#endif
const char *watched_json = "./json_update/maat.json";
const char *old_json = "./json_update/old.json";
@@ -432,7 +433,8 @@ TEST_F(FlagScan, hitRepeatedRule) {
ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 194);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000194");
ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -549,7 +551,9 @@ TEST_F(HsStringScan, Full) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 125);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -574,7 +578,9 @@ TEST_F(HsStringScan, Regex) {
ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data),
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 148);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000148");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -599,7 +605,9 @@ TEST_F(HsStringScan, RegexUnicode) {
ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data),
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 229);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000229");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -624,7 +632,9 @@ TEST_F(HsStringScan, BackslashR_N_Escape) {
ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload),
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 225);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000225");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -715,7 +725,9 @@ TEST_F(HsStringScan, BackslashCtrlCharactor)
ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload),
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 235);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000235");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -742,7 +754,9 @@ TEST_F(HsStringScan, Expr8) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 182);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000182");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -786,8 +800,11 @@ TEST_F(HsStringScan, HexBinCaseSensitive) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 206);
EXPECT_EQ(results[1], 191);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000206");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000191");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -824,7 +841,9 @@ TEST_F(HsStringScan, HexbinCombineString)
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 236);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000236");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -867,7 +886,9 @@ TEST_F(HsStringScan, BugReport20190325) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 150);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000150");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -905,8 +926,11 @@ TEST_F(HsStringScan, PrefixAndSuffix) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 151);
EXPECT_EQ(results[1], 152);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000152");
ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -918,7 +942,8 @@ TEST_F(HsStringScan, PrefixAndSuffix) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 151);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151");
ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -936,7 +961,8 @@ TEST_F(HsStringScan, PrefixAndSuffix) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 152);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000152");
ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -962,7 +988,9 @@ TEST_F(HsStringScan, MaatUnescape) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 132);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000132");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1012,7 +1040,9 @@ TEST_F(HsStringScan, OffsetChunk64) {
}
}
EXPECT_EQ(pass_flag, 1);
EXPECT_EQ(results[0], 136);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000136");
maat_stream_free(sp);
fclose(fp);
maat_state_free(state);
@@ -1059,7 +1089,9 @@ TEST_F(HsStringScan, OffsetChunk1460) {
}
}
EXPECT_EQ(pass_flag, 1);
EXPECT_EQ(results[0], 136);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000136");
maat_stream_free(sp);
fclose(fp);
maat_state_free(state);
@@ -1103,7 +1135,9 @@ TEST_F(HsStringScan, StreamScanUTF8) {
}
EXPECT_EQ(pass_flag, 1);
EXPECT_EQ(results[0], 157);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000157");
maat_stream_free(sp);
fclose(fp);
@@ -1142,7 +1176,9 @@ TEST_F(HsStringScan, StreamInput) {
maat_stream_free(sp);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 125);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1337,7 +1373,9 @@ TEST_F(RsStringScan, Full) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 125);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1363,7 +1401,9 @@ TEST_F(RsStringScan, Regex) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 148);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000148");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1388,7 +1428,9 @@ TEST_F(RsStringScan, RegexUnicode) {
ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data),
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 229);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000229");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1413,7 +1455,9 @@ TEST_F(RsStringScan, BackslashR_N_Escape) {
ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload),
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 225);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000225");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1504,7 +1548,9 @@ TEST_F(RsStringScan, BackslashCtrlCharactor)
ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload),
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 235);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000235");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1530,7 +1576,9 @@ TEST_F(RsStringScan, Expr8) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 182);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000182");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1567,8 +1615,12 @@ TEST_F(RsStringScan, HexBinCaseSensitive) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 206);
EXPECT_EQ(results[1], 191);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000206");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000191");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1606,7 +1658,9 @@ TEST_F(RsStringScan, HexbinCombineString)
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 236);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000236");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1649,7 +1703,9 @@ TEST_F(RsStringScan, BugReport20190325) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 150);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000150");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1687,8 +1743,12 @@ TEST_F(RsStringScan, PrefixAndSuffix) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 151);
EXPECT_EQ(results[1], 152);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000152");
ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1700,7 +1760,8 @@ TEST_F(RsStringScan, PrefixAndSuffix) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 151);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151");
ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1718,7 +1779,8 @@ TEST_F(RsStringScan, PrefixAndSuffix) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 152);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000152");
ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1744,7 +1806,9 @@ TEST_F(RsStringScan, MaatUnescape) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 132);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000132");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -1793,7 +1857,9 @@ TEST_F(RsStringScan, OffsetChunk64) {
}
}
EXPECT_EQ(pass_flag, 1);
EXPECT_EQ(results[0], 136);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000136");
maat_stream_free(sp);
fclose(fp);
@@ -1841,7 +1907,9 @@ TEST_F(RsStringScan, OffsetChunk1460) {
}
EXPECT_EQ(pass_flag, 1);
EXPECT_EQ(results[0], 136);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000136");
maat_stream_free(sp);
fclose(fp);
@@ -1888,7 +1956,9 @@ TEST_F(RsStringScan, StreamScanUTF8) {
}
EXPECT_EQ(pass_flag, 1);
EXPECT_EQ(results[0], 157);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000157");
maat_stream_free(sp);
fclose(fp);
@@ -1926,7 +1996,9 @@ TEST_F(RsStringScan, StreamInput) {
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 125);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -2386,7 +2458,9 @@ TEST_F(IPScan, MatchSingleIPv4) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 169);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000169");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -2416,7 +2490,9 @@ TEST_F(IPScan, IPv6Unspecified) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 210);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000210");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -2473,7 +2549,9 @@ TEST_F(IPScan, MatchSingleIPv6) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 210);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000210");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -2503,8 +2581,12 @@ TEST_F(IPScan, MatchIPv4Range) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 208);
EXPECT_EQ(results[1], 154);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000208");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000154");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -2538,7 +2620,9 @@ TEST_F(IPScan, MatchIPv4Port) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 232);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000232");
maat_state_free(state);
state = NULL;
@@ -2563,8 +2647,12 @@ TEST_F(IPScan, MatchIPv6Range) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 210);
EXPECT_EQ(results[1], 155);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000210");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000155");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -2594,8 +2682,12 @@ TEST_F(IPScan, MatchIPv6Port) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 230);
EXPECT_EQ(results[1], 210);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000230");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000210");
maat_state_reset(state);
//If the port is not present, should not match rules with port range. In this case, only rule 210 "::/0" should match.
@@ -2603,7 +2695,8 @@ TEST_F(IPScan, MatchIPv6Port) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 210);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000210");
maat_state_free(state);
state = NULL;
@@ -2823,7 +2916,9 @@ TEST_F(IntervalScan, SingleInteger) {
ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 218);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000218");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -2894,7 +2989,9 @@ TEST_F(ObjectScan, PhysicalTable) {
ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 226);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000226");
maat_state_free(state);
state = NULL;
@@ -2917,7 +3014,9 @@ TEST_F(ObjectScan, Attribute) {
ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 233);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000233");
maat_state_free(state);
state = NULL;
@@ -2944,7 +3043,9 @@ TEST_F(ObjectScan, SetScanRuleTable) {
ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 227);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000227");
maat_state_free(state);
state = NULL;
@@ -3019,7 +3120,9 @@ TEST_F(NOTLogic, OneRegion) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 143);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000143");
maat_state_reset(state);
@@ -3088,7 +3191,9 @@ TEST_F(NOTLogic, ScanNotAtLast) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 144);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000144");
maat_state_free(state);
state = NULL;
@@ -3125,7 +3230,9 @@ TEST_F(NOTLogic, ScanIrrelavantAtLast) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 144);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000144");
maat_state_free(state);
state = NULL;
@@ -3162,7 +3269,9 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyExpr) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 186);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000186");
ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -3211,7 +3320,9 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyInteger) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 187);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000187");
ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -3265,7 +3376,9 @@ TEST_F(NOTLogic, ScanNotIP) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 145);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000145");
maat_state_reset(state);
@@ -3374,7 +3487,9 @@ TEST_F(NOTLogic, NotUrlAndNotIp) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 146);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000146");
maat_state_free(state);
state = NULL;
@@ -3421,7 +3536,9 @@ TEST_F(NOTLogic, NotPhysicalTable) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 224);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000224");
maat_state_free(state);
state = NULL;
@@ -3516,7 +3633,9 @@ TEST_F(NOTLogic, EightNotCondition) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 147);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000147");
maat_state_free(state);
state = NULL;
@@ -3564,7 +3683,9 @@ TEST_F(NOTLogic, NotConditionAndExcludeObject1) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 216);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000216");
maat_state_free(state);
state = NULL;
@@ -3620,7 +3741,9 @@ TEST_F(NOTLogic, NotConditionAndExcludeObject2) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 217);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000217");
maat_state_free(state);
state = NULL;
@@ -3658,7 +3781,9 @@ TEST_F(NOTLogic, SingleNotCondition) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 222);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000222");
maat_state_free(state);
state = NULL;
@@ -3732,7 +3857,9 @@ TEST_F(NOTLogic, MultiNotConditions) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 223);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000223");
maat_state_free(state);
state = NULL;
@@ -3818,7 +3945,9 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 177);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000177");
maat_state_free(state);
state = NULL;
@@ -3873,7 +4002,9 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 181);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000181");
maat_state_reset(state);
@@ -3930,7 +4061,8 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 181);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000181");
maat_state_free(state);
state = NULL;
@@ -4037,7 +4169,9 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 185);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000185");
maat_state_reset(state);
@@ -4134,7 +4268,9 @@ TEST_F(ExcludeLogic, ScanExcludeAtFirst) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 199);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000199");
ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -4173,7 +4309,9 @@ TEST_F(ExcludeLogic, ScanExcludeAtLast) {
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 200);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000200");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -4201,7 +4339,9 @@ TEST_F(ExcludeLogic, ScanIrrelavantAtLast) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 200);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000200");
ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -4237,7 +4377,10 @@ TEST_F(ExcludeLogic, ScanAttribute) {
ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 202);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000202");
maat_state_reset(state);
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
@@ -4249,7 +4392,8 @@ TEST_F(ExcludeLogic, ScanAttribute) {
ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 202);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000202");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -4331,7 +4475,9 @@ TEST_F(ExcludeLogic, ScanWithMultiCondition) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 203);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000203");
ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -4400,7 +4546,9 @@ TEST_F(ExcludeLogic, ExcludeInDifferentLevel) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 204);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000204");
ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -5464,13 +5612,12 @@ TEST_F(RuleTable, RuleRuleUpdate) {
struct maat *maat_inst = RuleTable::_shared_maat_inst;
const char *rule_table_name = "RULE_DEFAULT";
long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = rule_table_set_line(maat_inst, rule_table_name,
MAAT_OP_ADD, rule_id, "null", 1, 0);
uuid_t rule_uuid;
uuid_generate(rule_uuid);
int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, rule_uuid, "null", NULL, 0, 0);
EXPECT_EQ(ret, 1);
ret = rule_table_set_line(maat_inst, rule_table_name,
MAAT_OP_DEL, rule_id, "null", 1, 0);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule_uuid, "null", NULL, 0, 0);
EXPECT_EQ(ret, 1);
}
@@ -5489,8 +5636,12 @@ TEST_F(RuleTable, Conjunction1) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 197);
EXPECT_EQ(results[1], 141);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000197");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000141");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -5519,8 +5670,12 @@ TEST_F(RuleTable, Conjunction2) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 197);
EXPECT_EQ(results[1], 141);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000197");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000141");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -5703,7 +5858,9 @@ TEST_F(Policy, RuleEXData) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 198);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000198");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -5750,7 +5907,9 @@ TEST_F(Policy, SubObject) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 153);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000153");
ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -5979,8 +6138,12 @@ TEST_F(TableInfo, Conjunction) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 134);
EXPECT_EQ(results[1], 133);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000134");
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000133");
ret = maat_scan_not_logic(maat_inst, conj_table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -6159,7 +6322,9 @@ TEST_F(ObjectHierarchy, AttributeOfOnePhysical)
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 160);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000160");
ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -6209,7 +6374,9 @@ TEST_F(ObjectHierarchy, OneObjectInTwoAttribute) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 163);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000163");
ret = maat_scan_not_logic(maat_inst, table_name, res_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -6248,7 +6415,9 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 178);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000178");
ret = maat_scan_not_logic(maat_inst, table_name, dst_asn_sttribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -6271,7 +6440,8 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 178);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000178");
ret = maat_scan_not_logic(maat_inst, table_name, dst_asn_sttribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -6294,7 +6464,8 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 178);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000178");
ret = maat_scan_not_logic(maat_inst, table_name, dst_asn_sttribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -6335,7 +6506,9 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 180);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000180");
maat_state_reset(state);
@@ -6350,7 +6523,8 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 180);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000180");
maat_state_reset(state);
@@ -6369,7 +6543,8 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 180);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000180");
maat_state_free(state);
state = NULL;
@@ -10430,7 +10605,9 @@ TEST_F(MaatRollback, FullConfigRollback) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 125);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -10461,7 +10638,8 @@ TEST_F(MaatRollback, FullConfigRollback) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 125);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -10488,7 +10666,9 @@ TEST_F(MaatRollback, FullConfigRollbackWhenScanUnfinished) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 125);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);
@@ -10519,7 +10699,8 @@ TEST_F(MaatRollback, FullConfigRollbackWhenScanUnfinished) {
results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 125);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125");
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state);

620
test/maat_json.json
View File

File diff suppressed because it is too large Load Diff

2
test/table_info.json
View File

@@ -44,7 +44,7 @@
"gc_timeout_s":3,
"key_type":"integer",
"key_len":8,
"key_name": "rule_id"
"key_name": "uuid"
}
},
{

39
test/test_utils.cpp
View File

@@ -120,17 +120,44 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
const char *user_region, struct maat_cmd_condition conditions[],
int condition_num, int expire_after)
{
char table_line[1024 * 16] = {0};
sprintf(table_line, "%lld\t0\t0\t0\t0\t0\t%s\t%d\t%d\t0.0",
rule_id, user_region, condition_num, op);
cJSON *json_root = cJSON_CreateObject();
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(rule_uuid, uuid_str);
cJSON_AddStringToObject(json_root, "uuid", uuid_str);
cJSON *conditions_array = cJSON_CreateArray();
for (int i = 0; i < condition_num; i++) {
cJSON *condition = cJSON_CreateObject();
cJSON_AddStringToObject(condition, "attribute_name", conditions[i].attribute_name);
if (conditions[i].negate_option) {
cJSON_AddStringToObject(condition, "negate_option", "true");
} else {
cJSON_AddStringToObject(condition, "negate_option", "false");
}
cJSON *object_uuids_array = cJSON_CreateArray();
for (int j = 0; j < conditions[i].object_num; j++) {
cJSON_AddItemToArray(object_uuids_array, cJSON_CreateString(conditions[i].object_uuids_str[j]));
}
cJSON_AddItemToObject(condition, "object_uuids", object_uuids_array);
cJSON_AddItemToArray(conditions_array, condition);
}
cJSON_AddItemToObject(json_root, "conditions", conditions_array);
char *json_str = cJSON_PrintUnformatted(json_root);
struct maat_cmd_line line_rule;
line_rule.rule_id = rule_id;
line_rule.table_line = table_line;
line_rule.rule_uuid_str = uuid_str;
line_rule.table_line = json_str;
line_rule.table_name = table_name;
line_rule.expire_after = expire_after;
return maat_cmd_set_line(maat_inst, &line_rule, op);
int ret = maat_cmd_set_line(maat_inst, &line_rule, op);
free(json_str);
return ret;
}
#if 0 //TODO