diff --git a/include/maat_command.h b/include/maat_command.h index b1ee983..b0cf211 100644 --- a/include/maat_command.h +++ b/include/maat_command.h @@ -23,7 +23,7 @@ extern "C" struct maat_cmd_line { const char *table_name; const char *table_line; - long long rule_id; // for MAAT_OP_DEL, only rule_id and table_name are necessary. + const char *rule_uuid_str; // for MAAT_OP_DEL, only rule_id and table_name are necessary. int expire_after; //expired after $timeout$ seconds, set to 0 for never timeout. }; diff --git a/src/inc_internal/maat_redis_monitor.h b/src/inc_internal/maat_redis_monitor.h index b03640e..bbdfa35 100644 --- a/src/inc_internal/maat_redis_monitor.h +++ b/src/inc_internal/maat_redis_monitor.h @@ -34,7 +34,7 @@ struct foreign_key { //rm= Redis Maat struct serial_rule { enum maat_operation op;//0: delete, 1: add. - long long rule_id; + char rule_uuid_str[UUID_STR_LEN]; long long timeout; // absolute unix time. char table_name[MAX_NAME_STR_LEN]; char *table_line; @@ -48,7 +48,7 @@ struct serial_rule { void maat_clear_rule_cache(struct serial_rule *s_rule); void maat_set_serial_rule(struct serial_rule *rule, enum maat_operation op, - long long rule_id, const char *table_name, + const char *rule_uuid_str, const char *table_name, const char *line, long long timeout); redisContext *maat_connect_redis(const char *redis_ip, int redis_port, diff --git a/src/inc_internal/maat_rule.h b/src/inc_internal/maat_rule.h index 247f349..f1bbb07 100644 --- a/src/inc_internal/maat_rule.h +++ b/src/inc_internal/maat_rule.h @@ -104,7 +104,7 @@ size_t rule_compile_state_get_last_hit_objects(struct rule_compile_state *rule_c size_t rule_compile_state_get_last_hit_object_cnt(struct rule_compile_state *rule_compile_state); int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state, - uuid_t rule_id); + uuid_t *rule_id); #ifdef __cplusplus } diff --git a/src/maat_api.c b/src/maat_api.c index 1f334c1..25451d5 100644 --- a/src/maat_api.c +++ b/src/maat_api.c @@ -2034,7 +2034,7 @@ int maat_state_get_rule_table_names(struct maat_state *state, uuid_t *rule_ids, } for (size_t i = 0; i < n_rule_ids; i++) { - int table_id = rule_compile_state_get_rule_table_id(state->rule_compile_state, rule_ids[i]); + int table_id = rule_compile_state_get_rule_table_id(state->rule_compile_state, &rule_ids[i]); rule_table_names[i] = (char *)table_manager_get_table_name(state->maat_inst->tbl_mgr, table_id); } diff --git a/src/maat_bool_plugin.c b/src/maat_bool_plugin.c index ad67e23..f72a4cd 100644 --- a/src/maat_bool_plugin.c +++ b/src/maat_bool_plugin.c @@ -436,6 +436,8 @@ int bool_plugin_runtime_update(void *bool_plugin_runtime, ex_data_runtime_cached_row_count(bool_plugin_rt->ex_data_rt); } + cJSON_Delete(json); + return 0; ERROR: diff --git a/src/maat_command.c b/src/maat_command.c index b093cb7..27749ea 100644 --- a/src/maat_command.c +++ b/src/maat_command.c @@ -287,9 +287,9 @@ int maat_cmd_set_line(struct maat *maat_inst, line_rule->table_name); if (table_id < 0) { log_fatal(maat_inst->logger, MODULE_MAAT_COMMAND, - "[%s:%d] Command set line id %lld failed: " + "[%s:%d] Command set line id %s failed: " "unknown table %s", __FUNCTION__, __LINE__, - line_rule->rule_id, line_rule->table_name); + line_rule->rule_uuid_str, line_rule->table_name); FREE(s_rule); return -1; } @@ -299,7 +299,7 @@ int maat_cmd_set_line(struct maat *maat_inst, } maat_set_serial_rule(s_rule, op, - line_rule->rule_id, line_rule->table_name, + line_rule->rule_uuid_str, line_rule->table_name, line_rule->table_line, absolute_expire_time); int success_cnt = maat_cmd_write_rule(write_ctx, s_rule, 1, server_time, diff --git a/src/maat_config_monitor.c b/src/maat_config_monitor.c index 23d22ed..c45c639 100644 --- a/src/maat_config_monitor.c +++ b/src/maat_config_monitor.c @@ -98,13 +98,19 @@ static void config_load_json_content(const cJSON *json_root, const char *table_n if (rule == NULL) { continue; } + cJSON *rule_table = cJSON_GetObjectItem(rule, "rule_table_name"); char *rule_str = cJSON_PrintUnformatted(rule); if (rule_str == NULL) { continue; } - update_fn(table_name, rule_str, u_param, MAAT_OP_ADD); + if (rule_table != NULL) { + update_fn(rule_table->valuestring, rule_str, u_param, MAAT_OP_ADD); + } else { + update_fn(table_name, rule_str, u_param, MAAT_OP_ADD); + } + FREE(rule_str); } } @@ -276,6 +282,11 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff) continue; } + cJSON *negate_option = cJSON_GetObjectItem(tmp_condition, "negate_option"); + if (negate_option == NULL) { + cJSON_AddBoolToObject(tmp_condition, "negate_option", 0); + } + cJSON_ArrayForEach(tmp_object, object_array) { //find items, generate item_id and object_id cJSON *object_id_obj = cJSON_GetObjectItem(tmp_object, "uuid"); diff --git a/src/maat_core.c b/src/maat_core.c index d6f0288..2f4a32f 100644 --- a/src/maat_core.c +++ b/src/maat_core.c @@ -410,6 +410,7 @@ void *rule_monitor_loop(void *arg) be null terminated if it contains fewer bytes. */ char maat_name[MAX_INSTANCE_NAME_LEN + 1] = {0}; struct maat *maat_inst = (struct maat *)arg; + struct stat attrib; if (strlen(maat_inst->opts.inst_name) > 0) { snprintf(maat_name, sizeof(maat_name), "%s", maat_inst->opts.inst_name); @@ -428,11 +429,12 @@ void *rule_monitor_loop(void *arg) __FUNCTION__, __LINE__); maat_read_full_config(maat_inst); } + stat(maat_inst->opts.json_ctx.json_file, &attrib);//maat has read fullconfig either in maat_new(deffer==0) or above(deffer==1) + maat_inst->opts.json_ctx.last_md5_time = attrib.st_ctim; pthread_mutex_unlock(&(maat_inst->background_update_mutex)); char md5_tmp[MD5_DIGEST_LENGTH * 2 + 1] = {0}; char err_str[NAME_MAX] = {0}; - struct stat attrib; cJSON *json_root = NULL; while (maat_inst->is_running) { diff --git a/src/maat_expr.c b/src/maat_expr.c index 630d3c1..39b7b09 100644 --- a/src/maat_expr.c +++ b/src/maat_expr.c @@ -133,10 +133,10 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name, } uuid_parse(tmp_obj->valuestring, expr_item->object_uuid); - tmp_obj = cJSON_GetObjectItem(json, "keywords"); + tmp_obj = cJSON_GetObjectItem(json, "expression"); if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { log_fatal(expr_rt->logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> has no keywords in line:%s", + "[%s:%d] expr table:<%s> has no expression in line:%s", __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } @@ -144,7 +144,7 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name, if (len > MAX_KEYWORDS_STR_LEN) { log_fatal(expr_rt->logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> keywords length too long in line:%s", + "[%s:%d] expr table:<%s> expression length too long in line:%s", __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } diff --git a/src/maat_flag.c b/src/maat_flag.c index 53041ba..e81b6ea 100644 --- a/src/maat_flag.c +++ b/src/maat_flag.c @@ -210,24 +210,24 @@ flag_item_new(struct flag_schema *schema, const char *table_name, uuid_parse(tmp_obj->valuestring, item->object_uuid); tmp_obj = cJSON_GetObjectItem(json, "flag"); - if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { + if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) { log_fatal(flag_rt->logger, MODULE_FLAG, "[%s:%d] flag table:<%s> has no flag in json:%s", __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - item->flag = strtoull(tmp_obj->valuestring, NULL, 0); + item->flag = tmp_obj->valueint; - tmp_obj = cJSON_GetObjectItem(json, "flag_mask"); - if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { + tmp_obj = cJSON_GetObjectItem(json, "mask"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) { log_fatal(flag_rt->logger, MODULE_FLAG, - "[%s:%d] flag table:<%s> has no flag_mask in json:%s", + "[%s:%d] flag table:<%s> has no mask in json:%s", __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); goto error; } - item->flag_mask = strtoull(tmp_obj->valuestring, NULL, 0); + item->flag_mask = tmp_obj->valueint; return item; error: diff --git a/src/maat_fqdn_plugin.c b/src/maat_fqdn_plugin.c index cfc9625..3b7b659 100644 --- a/src/maat_fqdn_plugin.c +++ b/src/maat_fqdn_plugin.c @@ -414,6 +414,8 @@ int fqdn_plugin_runtime_update(void *fqdn_plugin_runtime, ex_data_runtime_cached_row_count(fqdn_plugin_rt->ex_data_rt); } + cJSON_Delete(json); + return 0; ERROR: diff --git a/src/maat_ip_plugin.c b/src/maat_ip_plugin.c index 6550360..d75af36 100644 --- a/src/maat_ip_plugin.c +++ b/src/maat_ip_plugin.c @@ -412,6 +412,7 @@ int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema, ex_data_runtime_cached_row_count(ip_plugin_rt->ex_data_rt); } + cJSON_Delete(json); return 0; ERROR: diff --git a/src/maat_ipport_plugin.c b/src/maat_ipport_plugin.c index 9b6eb71..3cf434d 100644 --- a/src/maat_ipport_plugin.c +++ b/src/maat_ipport_plugin.c @@ -416,6 +416,8 @@ int ipport_plugin_runtime_update(void *ipport_plugin_runtime, ex_data_runtime_cached_row_count(ipport_plugin_rt->ex_data_rt); } + cJSON_Delete(json); + return 0; ERROR: diff --git a/src/maat_object.c b/src/maat_object.c index 3222718..5961be2 100644 --- a/src/maat_object.c +++ b/src/maat_object.c @@ -296,7 +296,7 @@ object2object_item_new(const char *line, struct object2object_schema *o2o_schema } uuid_parse(tmp_obj->valuestring, o2o_item->object_uuid); - tmp_obj = cJSON_GetObjectItem(json, "include_object_uuids"); + tmp_obj = cJSON_GetObjectItem(json, "included_sub_object_uuids"); if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) { log_fatal(logger, MODULE_OBJECT, "[%s:%d] o2o table:<%s> has no included_sub_object_ids or format is not array in line:%s", @@ -324,7 +324,7 @@ object2object_item_new(const char *line, struct object2object_schema *o2o_schema goto error; } - tmp_obj = cJSON_GetObjectItem(json, "exclude_object_uuids"); + tmp_obj = cJSON_GetObjectItem(json, "excluded_sub_object_uuids"); if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) { log_fatal(logger, MODULE_OBJECT, "[%s:%d] o2o table:<%s> has no excluded_sub_object_ids or format is not array in line:%s", @@ -352,8 +352,13 @@ object2object_item_new(const char *line, struct object2object_schema *o2o_schema goto error; } + cJSON_Delete(json); + return o2o_item; error: + if (json) { + cJSON_Delete(json); + } FREE(o2o_item); return NULL; } @@ -390,12 +395,12 @@ static size_t print_igraph_vector(igraph_vector_t *v, char *buff, size_t sz) { } static struct maat_object * -object_topology_add_object(struct maat_object_topology *object_topo, uuid_t object_uuid) +object_topology_add_object(struct maat_object_topology *object_topo, uuid_t *object_uuid) { assert(object_topo != NULL); struct maat_object *object = ALLOC(struct maat_object, 1); - uuid_copy(object->object_uuid, object_uuid); + uuid_copy(object->object_uuid, *object_uuid); object->vertex_id = object_topo->grp_vertex_id_generator++; utarray_new(object->incl_super_object_uuids, &ut_object_uuid_icd); utarray_new(object->excl_super_object_uuids, &ut_object_uuid_icd); @@ -444,73 +449,73 @@ static void object_topology_del_object(struct maat_object_topology *object_topo, } static struct maat_object * -object_topology_find_object(struct maat_object_topology *object_topo, uuid_t object_uuid) +object_topology_find_object(struct maat_object_topology *object_topo, uuid_t *object_uuid) { - if (NULL == object_topo || uuid_is_null(object_uuid)) { + if (NULL == object_topo || uuid_is_null(*object_uuid)) { return NULL; } struct maat_object *object = NULL; - HASH_FIND(hh_object_uuid, object_topo->hash_by_object_uuid, (char*)&object_uuid, sizeof(uuid_t), object); + HASH_FIND(hh_object_uuid, object_topo->hash_by_object_uuid, (char*)object_uuid, sizeof(uuid_t), object); return object; } static void maat_object_reference_super_object(struct maat_object *object, - uuid_t super_object_uuid, + uuid_t *super_object_uuid, int is_exclude) { - if (NULL == object || uuid_is_null(super_object_uuid)) { + if (NULL == object || uuid_is_null(*super_object_uuid)) { return; } if (0 == is_exclude) { //include superior object - if (!utarray_find(object->incl_super_object_uuids, &super_object_uuid, + if (!utarray_find(object->incl_super_object_uuids, super_object_uuid, compare_object_uuid)) { - utarray_push_back(object->incl_super_object_uuids, &super_object_uuid); + utarray_push_back(object->incl_super_object_uuids, super_object_uuid); utarray_sort(object->incl_super_object_uuids, compare_object_uuid); } } else { //exclude superior object - if (!utarray_find(object->excl_super_object_uuids, &super_object_uuid, + if (!utarray_find(object->excl_super_object_uuids, super_object_uuid, compare_object_uuid)) { - utarray_push_back(object->excl_super_object_uuids, &super_object_uuid); + utarray_push_back(object->excl_super_object_uuids, super_object_uuid); utarray_sort(object->excl_super_object_uuids, compare_object_uuid); } } } static void maat_object_reference_sub_object(struct maat_object *object, - uuid_t sub_object_uuid, + uuid_t *sub_object_uuid, int is_exclude) { - if (NULL == object || uuid_is_null(sub_object_uuid)) { + if (NULL == object || uuid_is_null(*sub_object_uuid)) { return; } if (0 == is_exclude) { //include sub object - if (!utarray_find(object->incl_sub_object_uuids, &sub_object_uuid, + if (!utarray_find(object->incl_sub_object_uuids, sub_object_uuid, compare_object_uuid)) { - utarray_push_back(object->incl_sub_object_uuids, &sub_object_uuid); + utarray_push_back(object->incl_sub_object_uuids, sub_object_uuid); utarray_sort(object->incl_sub_object_uuids, compare_object_uuid); } } else { //exclude sub object - if (!utarray_find(object->excl_sub_object_uuids, &sub_object_uuid, + if (!utarray_find(object->excl_sub_object_uuids, sub_object_uuid, compare_object_uuid)) { - utarray_push_back(object->excl_sub_object_uuids, &sub_object_uuid); + utarray_push_back(object->excl_sub_object_uuids, sub_object_uuid); utarray_sort(object->excl_sub_object_uuids, compare_object_uuid); } } } static void maat_object_dereference_super_object(struct maat_object *object, - uuid_t super_object_uuid, + uuid_t *super_object_uuid, int is_exclude) { - if (NULL == object || uuid_is_null(super_object_uuid)) { + if (NULL == object || uuid_is_null(*super_object_uuid)) { return; } @@ -518,7 +523,7 @@ static void maat_object_dereference_super_object(struct maat_object *object, uuid_t *tmp_uuid = NULL; if (0 == is_exclude) { //include superior object - tmp_uuid = utarray_find(object->incl_super_object_uuids, &super_object_uuid, + tmp_uuid = utarray_find(object->incl_super_object_uuids, super_object_uuid, compare_object_uuid); if (tmp_uuid != NULL) { remove_idx = utarray_eltidx(object->incl_super_object_uuids, tmp_uuid); @@ -526,7 +531,7 @@ static void maat_object_dereference_super_object(struct maat_object *object, } } else { //exclude superior object - tmp_uuid = utarray_find(object->excl_super_object_uuids, &super_object_uuid, + tmp_uuid = utarray_find(object->excl_super_object_uuids, super_object_uuid, compare_object_uuid); if (tmp_uuid != NULL) { remove_idx = utarray_eltidx(object->excl_super_object_uuids, tmp_uuid); @@ -536,10 +541,10 @@ static void maat_object_dereference_super_object(struct maat_object *object, } static void maat_object_dereference_sub_object(struct maat_object *object, - uuid_t sub_object_uuid, + uuid_t *sub_object_uuid, int is_exclude) { - if (NULL == object || uuid_is_null(sub_object_uuid)) { + if (NULL == object || uuid_is_null(*sub_object_uuid)) { return; } @@ -547,7 +552,7 @@ static void maat_object_dereference_sub_object(struct maat_object *object, uuid_t *tmp_uuid = NULL; if (0 == is_exclude) { //include superior object - tmp_uuid = utarray_find(object->incl_sub_object_uuids, &sub_object_uuid, + tmp_uuid = utarray_find(object->incl_sub_object_uuids, sub_object_uuid, compare_object_uuid); if (tmp_uuid != NULL) { remove_idx = utarray_eltidx(object->incl_sub_object_uuids, tmp_uuid); @@ -555,7 +560,7 @@ static void maat_object_dereference_sub_object(struct maat_object *object, } } else { //exclude superior object - tmp_uuid = utarray_find(object->excl_sub_object_uuids, &sub_object_uuid, + tmp_uuid = utarray_find(object->excl_sub_object_uuids, sub_object_uuid, compare_object_uuid); if (tmp_uuid != NULL) { remove_idx = utarray_eltidx(object->excl_sub_object_uuids, tmp_uuid); @@ -565,7 +570,7 @@ static void maat_object_dereference_sub_object(struct maat_object *object, } static int object_topology_add_object_to_object(struct maat_object_topology *object_topo, - uuid_t object_uuid, uuid_t sub_object_uuid, + uuid_t *object_uuid, uuid_t *sub_object_uuid, int is_exclude) { if (NULL == object_topo) { @@ -593,8 +598,8 @@ static int object_topology_add_object_to_object(struct maat_object_topology *obj if (edge_id > 0) { char object_uuid_str[37] = {0}; char sub_object_uuid_str[37] = {0}; - uuid_unparse(object_uuid, object_uuid_str); - uuid_unparse(sub_object_uuid, sub_object_uuid_str); + uuid_unparse(*object_uuid, object_uuid_str); + uuid_unparse(*sub_object_uuid, sub_object_uuid_str); log_fatal(object_topo->logger, MODULE_OBJECT, "[%s:%d] Add object %s to object %s failed, relation already existed.", __FUNCTION__, __LINE__, sub_object_uuid_str, object_uuid_str); @@ -612,8 +617,8 @@ static int object_topology_add_object_to_object(struct maat_object_topology *obj if (!is_dag) { char object_uuid_str[37] = {0}; char sub_object_uuid_str[37] = {0}; - uuid_unparse(object_uuid, object_uuid_str); - uuid_unparse(sub_object_uuid, sub_object_uuid_str); + uuid_unparse(*object_uuid, object_uuid_str); + uuid_unparse(*sub_object_uuid, sub_object_uuid_str); log_fatal(object_topo->logger, MODULE_OBJECT, "[%s:%d] Sub object cycle detected, sub_object_id:%s, object_id:%s!", __FUNCTION__, __LINE__, sub_object_uuid_str, object_uuid_str); @@ -624,7 +629,7 @@ static int object_topology_add_object_to_object(struct maat_object_topology *obj } static int object_topology_del_object_from_object(struct maat_object_topology *object_topo, - uuid_t object_uuid, uuid_t sub_object_uuid, + uuid_t *object_uuid, uuid_t *sub_object_uuid, int is_exclude) { if (NULL == object_topo) { @@ -636,8 +641,8 @@ static int object_topology_del_object_from_object(struct maat_object_topology *o if (NULL == sub_object) { char object_uuid_str[37] = {0}; char sub_object_uuid_str[37] = {0}; - uuid_unparse(object_uuid, object_uuid_str); - uuid_unparse(sub_object_uuid, sub_object_uuid_str); + uuid_unparse(*object_uuid, object_uuid_str); + uuid_unparse(*sub_object_uuid, sub_object_uuid_str); log_fatal(object_topo->logger, MODULE_OBJECT, "[%s:%d] Del object %s from object %s failed, object %s not existed.", __FUNCTION__, __LINE__, sub_object_uuid_str, object_uuid_str, sub_object_uuid_str); @@ -648,8 +653,8 @@ static int object_topology_del_object_from_object(struct maat_object_topology *o if (NULL == object) { char object_uuid_str[37] = {0}; char sub_object_uuid_str[37] = {0}; - uuid_unparse(object_uuid, object_uuid_str); - uuid_unparse(sub_object_uuid, sub_object_uuid_str); + uuid_unparse(*object_uuid, object_uuid_str); + uuid_unparse(*sub_object_uuid, sub_object_uuid_str); log_fatal(object_topo->logger, MODULE_OBJECT, "[%s:%d] Del object %s from object %s failed, object %s not existed.", __FUNCTION__, __LINE__, sub_object_uuid_str, object_uuid_str, object_uuid_str); @@ -750,7 +755,7 @@ int object2object_runtime_update(void *o2o_runtime, void *o2o_schema, for (i = 0; i < utarray_len(o2o_item->incl_sub_object_uuids); i++) { sub_object_uuid = (uuid_t *)utarray_eltptr(o2o_item->incl_sub_object_uuids, i); ret = object_topology_del_object_from_object(o2o_rt->updating_object_topo, - o2o_item->object_uuid, *sub_object_uuid, 0); + &o2o_item->object_uuid, sub_object_uuid, 0); if (ret != 0) { err_flag = 1; } @@ -759,7 +764,7 @@ int object2object_runtime_update(void *o2o_runtime, void *o2o_schema, for (i = 0; i < utarray_len(o2o_item->excl_sub_object_uuids); i++) { sub_object_uuid = (uuid_t *)utarray_eltptr(o2o_item->excl_sub_object_uuids, i); ret = object_topology_del_object_from_object(o2o_rt->updating_object_topo, - o2o_item->object_uuid, *sub_object_uuid, 1); + &o2o_item->object_uuid, sub_object_uuid, 1); if (ret != 0) { err_flag = 1; } @@ -778,7 +783,7 @@ int object2object_runtime_update(void *o2o_runtime, void *o2o_schema, for (i = 0; i < utarray_len(o2o_item->incl_sub_object_uuids); i++) { sub_object_uuid = (uuid_t *)utarray_eltptr(o2o_item->incl_sub_object_uuids, i); ret = object_topology_add_object_to_object(o2o_rt->updating_object_topo, - o2o_item->object_uuid, *sub_object_uuid, 0); + &o2o_item->object_uuid, sub_object_uuid, 0); if (ret != 0) { err_flag = 1; } @@ -787,7 +792,7 @@ int object2object_runtime_update(void *o2o_runtime, void *o2o_schema, for (i = 0; i < utarray_len(o2o_item->excl_sub_object_uuids); i++) { sub_object_uuid = (uuid_t *)utarray_eltptr(o2o_item->excl_sub_object_uuids, i); ret = object_topology_add_object_to_object(o2o_rt->updating_object_topo, - o2o_item->object_uuid, *sub_object_uuid, 1); + &o2o_item->object_uuid, sub_object_uuid, 1); if (ret != 0) { err_flag = 1; } @@ -865,7 +870,7 @@ static void get_candidate_super_object_ids(struct maat_object_topology *object_t //Find super candidates for (p = (uuid_t *)utarray_front(hit_object_uuids); p != NULL; p = (uuid_t *)utarray_next(hit_object_uuids, p)) { - struct maat_object *object = object_topology_find_object(object_topo, *p); + struct maat_object *object = object_topology_find_object(object_topo, p); if (NULL == object) { //object_id not in object2object table continue; @@ -986,7 +991,7 @@ static void verify_candidate_super_object_ids(struct maat_object_topology *objec } uuid_copy(prev_object_uuid, *p); - struct maat_object *object = object_topology_find_object(object_topo, *p); + struct maat_object *object = object_topology_find_object(object_topo, p); if (NULL == object) { continue; } @@ -1029,7 +1034,7 @@ static void verify_candidate_super_object_ids(struct maat_object_topology *objec */ for (p = (uuid_t *)utarray_front(candidate_object_uuids); p != NULL; p = (uuid_t *)utarray_next(candidate_object_uuids, p)) { - struct maat_object *object = object_topology_find_object(object_topo, *p); + struct maat_object *object = object_topology_find_object(object_topo, p); if (NULL == object) { continue; } @@ -1174,7 +1179,7 @@ size_t object2object_runtime_get_super_objects(void *o2o_runtime, uuid_t *object size_t o2o_object_uuids_cnt = 0; for (size_t i = 0; i < n_object_uuids; i++) { - struct maat_object *object = object_topology_find_object(o2o_rt->object_topo, object_uuids[i]); + struct maat_object *object = object_topology_find_object(o2o_rt->object_topo, &object_uuids[i]); if (NULL == object) { continue; } diff --git a/src/maat_plugin.c b/src/maat_plugin.c index 14eab57..1ff9635 100644 --- a/src/maat_plugin.c +++ b/src/maat_plugin.c @@ -622,6 +622,7 @@ int plugin_runtime_update(void *plugin_runtime, void *plugin_schema, "plugin table:<%s> update one line, key:%s, key_len:%zu, maat_operation:%d", table_name, print_key, raw_key_len, op); + yyjson_doc_free(doc); return 0; ERROR: diff --git a/src/maat_redis_monitor.c b/src/maat_redis_monitor.c index 4d29dbe..1e5fbf1 100644 --- a/src/maat_redis_monitor.c +++ b/src/maat_redis_monitor.c @@ -50,13 +50,13 @@ struct expected_reply { }; static char * -get_foreign_cont_filename(const char *table_name, long long rule_id, +get_foreign_cont_filename(const char *table_name, const char* rule_uuid_str, const char *foreign_key, const char *dir) { char buffer[512] = {0}; - snprintf(buffer, sizeof(buffer),"%s/%s-%lld-%s", dir, - table_name, rule_id, foreign_key); + snprintf(buffer, sizeof(buffer),"%s/%s-%s-%s", dir, + table_name, rule_uuid_str, foreign_key); char *filename = ALLOC(char, strlen(buffer) + 1); memcpy(filename, buffer, strlen(buffer)); @@ -82,9 +82,9 @@ get_foregin_keys(struct serial_rule *p_rule, const char foreign_names[MAX_FOREIG if (0 != strncmp(p_foreign, foreign_source_prefix, strlen(foreign_source_prefix))) { log_fatal(logger, MODULE_REDIS_MONITOR, - "[%s:%d] Get %s,%lld foreign key failed: " + "[%s:%d] Get %s,%s foreign key failed: " "Invalid source prefix %s", __FUNCTION__, __LINE__, - p_rule->table_name, p_rule->rule_id, p_foreign); + p_rule->table_name, p_rule->rule_uuid_str, p_foreign); continue; } @@ -94,15 +94,15 @@ get_foregin_keys(struct serial_rule *p_rule, const char foreign_names[MAX_FOREIG if (0 != strncmp(p_foreign, foreign_key_prefix, strlen(foreign_key_prefix))) { log_info(logger, MODULE_REDIS_MONITOR, - "[%s:%d] %s, %lld foreign key prefix %s is not recommended", - __FUNCTION__, __LINE__, p_rule->table_name, p_rule->rule_id, + "[%s:%d] %s, %s foreign key prefix %s is not recommended", + __FUNCTION__, __LINE__, p_rule->table_name, p_rule->rule_uuid_str, p_foreign); } p_rule->f_keys[p_rule->n_foreign].key = ALLOC(char, foreign_key_size + 1); memcpy(p_rule->f_keys[p_rule->n_foreign].key, p_foreign, foreign_key_size); p_rule->f_keys[p_rule->n_foreign].filename = - get_foreign_cont_filename(p_rule->table_name, p_rule->rule_id, + get_foreign_cont_filename(p_rule->table_name, p_rule->rule_uuid_str, p_rule->f_keys[p_rule->n_foreign].key, dir); p_rule->n_foreign++; } @@ -209,9 +209,9 @@ get_maat_redis_value(redisContext *c, struct serial_rule *rule_list, for (i = 0; i < rule_num; i++) { snprintf(redis_cmd, sizeof(redis_cmd), - "GET %s:%s,%lld", mr_key_prefix[rule_list[i].op], + "GET %s:%s,%s", mr_key_prefix[rule_list[i].op], rule_list[i].table_name, - rule_list[i].rule_id); + rule_list[i].rule_uuid_str); ret = redisAppendCommand(c, redis_cmd); assert(ret == REDIS_OK); } @@ -220,9 +220,9 @@ get_maat_redis_value(redisContext *c, struct serial_rule *rule_list, ret = maat_wrap_redis_get_reply(c, &reply); if (ret == REDIS_ERR) { log_fatal(logger, MODULE_REDIS_MONITOR, - "[%s:%d] Redis GET %s:%s,%lld failed, redis server error", + "[%s:%d] Redis GET %s:%s,%s failed, redis server error", __FUNCTION__, __LINE__, mr_key_prefix[rule_list[i].op], - rule_list[i].table_name, rule_list[i].rule_id); + rule_list[i].table_name, rule_list[i].rule_uuid_str); error_happened = 1; break; } @@ -235,9 +235,9 @@ get_maat_redis_value(redisContext *c, struct serial_rule *rule_list, failed_cnt++; } else { log_fatal(logger, MODULE_REDIS_MONITOR, - "[%s:%d] Redis GET %s:%s,%lld failed", + "[%s:%d] Redis GET %s:%s,%s failed", __FUNCTION__, __LINE__, mr_key_prefix[rule_list[i].op], - rule_list[i].table_name, rule_list[i].rule_id); + rule_list[i].table_name, rule_list[i].rule_uuid_str); error_happened = 1; } } @@ -255,9 +255,9 @@ get_maat_redis_value(redisContext *c, struct serial_rule *rule_list, for (i = 0; i < failed_cnt; i++) { idx = retry_ids[i]; snprintf(redis_cmd, sizeof(redis_cmd), - "GET %s:%s,%lld", mr_key_prefix[MAAT_OP_DEL], + "GET %s:%s,%s", mr_key_prefix[MAAT_OP_DEL], rule_list[idx].table_name, - rule_list[idx].rule_id); + rule_list[idx].rule_uuid_str); ret = redisAppendCommand(c, redis_cmd); } @@ -396,9 +396,9 @@ get_inc_key_list(long long instance_version, long long target_version, for (i = 0, j = 0; i < (int)reply->elements; i++) { assert(reply->element[i]->type == REDIS_REPLY_STRING); - int ret = sscanf(reply->element[i]->str, "%3s,%[^,],%lld", - op_str, s_rule[j].table_name, &(s_rule[j].rule_id)); - if (ret != 3 || s_rule[j].rule_id < 0) { + int ret = sscanf(reply->element[i]->str, "%3s,%[^,],%s", + op_str, s_rule[j].table_name, s_rule[j].rule_uuid_str); + if (ret != 3 || s_rule[j].rule_uuid_str[0] == '\0') { log_fatal(logger, MODULE_REDIS_MONITOR, "[%s:%d] Invalid Redis Key: %s", __FUNCTION__, __LINE__, reply->element[i]->str); @@ -445,12 +445,12 @@ void maat_clear_rule_cache(struct serial_rule *s_rule) } void maat_set_serial_rule(struct serial_rule *rule, enum maat_operation op, - long long rule_id, const char *table_name, + const char *rule_uuid_str, const char *table_name, const char *line, long long timeout) { memset(rule, 0, sizeof(struct serial_rule)); rule->op = op; - rule->rule_id = rule_id; + strncpy(rule->rule_uuid_str, rule_uuid_str, sizeof(rule->rule_uuid_str)); rule->timeout = timeout; assert(strlen(table_name) < sizeof(rule->table_name)); strncpy(rule->table_name, table_name, sizeof(rule->table_name)); @@ -596,12 +596,12 @@ FULL_UPDATE: continue; } - ret = sscanf(sub_reply->element[i]->str, "%*[^:]:%[^,],%lld", + ret = sscanf(sub_reply->element[i]->str, "%*[^:]:%[^,],%s", s_rule_array[full_idx].table_name, - &(s_rule_array[full_idx].rule_id)); + s_rule_array[full_idx].rule_uuid_str); s_rule_array[full_idx].op = MAAT_OP_ADD; - if (ret != 2 || s_rule_array[full_idx].rule_id < 0 || + if (ret != 2 || s_rule_array[full_idx].rule_uuid_str[0] == '\0' || strlen(s_rule_array[full_idx].table_name) == 0) { log_fatal(logger, MODULE_REDIS_MONITOR, "[%s:%d] Invalid Redis Key Format: %s", @@ -693,20 +693,20 @@ get_foreign_conts(redisContext *c, struct serial_rule *rule_list, ret = maat_wrap_redis_get_reply(c, &reply); if (ret == REDIS_ERR) { log_fatal(logger, MODULE_REDIS_MONITOR, - "[%s:%d] Get %s,%lld foreign key %s content failed," + "[%s:%d] Get %s,%s foreign key %s content failed," " redis server error", __FUNCTION__, __LINE__, rule_list[track[i].rule_idx].table_name, - rule_list[track[i].rule_idx].rule_id, + rule_list[track[i].rule_idx].rule_uuid_str, rule_list[track[i].rule_idx].f_keys[track[i].foreign_idx].key); break; } if (reply->type != REDIS_REPLY_STRING) { log_fatal(logger, MODULE_REDIS_MONITOR, - "[%s:%d] Get %s,%lld foreign key %s content failed", + "[%s:%d] Get %s,%s foreign key %s content failed", __FUNCTION__, __LINE__, rule_list[track[i].rule_idx].table_name, - rule_list[track[i].rule_idx].rule_id, + rule_list[track[i].rule_idx].rule_uuid_str, rule_list[track[i].rule_idx].f_keys[track[i].foreign_idx].key); continue; } else { @@ -906,29 +906,29 @@ exec_serial_rule(redisContext *c, const char *transaction_list, for (i = 0; i < rule_num; i++) { switch (s_rule[i].op) { case MAAT_OP_ADD: - redisAppendCommand(c, "SET %s:%s,%lld %s", + redisAppendCommand(c, "SET %s:%s,%s %s", mr_key_prefix[MAAT_OP_ADD], s_rule[i].table_name, - s_rule[i].rule_id, + s_rule[i].rule_uuid_str, s_rule[i].table_line); expected_reply_add(expect_reply+*cnt, i+offset, REDIS_REPLY_STATUS, 0); (*cnt)++; append_cmd_cnt++; //Allowing add duplicated members for rule id recycling. - redisAppendCommand(c, "RPUSH %s ADD,%s,%lld", + redisAppendCommand(c, "RPUSH %s ADD,%s,%s", transaction_list, s_rule[i].table_name, - s_rule[i].rule_id); + s_rule[i].rule_uuid_str); expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0); (*cnt)++; append_cmd_cnt++; if (s_rule[i].timeout > 0) { - redisAppendCommand(c, "ZADD %s %lld %s,%lld", + redisAppendCommand(c, "ZADD %s %lld %s,%s", mr_expire_sset, s_rule[i].timeout, s_rule[i].table_name, - s_rule[i].rule_id); + s_rule[i].rule_uuid_str); expected_reply_add(expect_reply+*cnt, i+offset, REDIS_REPLY_INTEGER, 1); expected_reply_add(expect_reply+*cnt, i+offset, @@ -938,22 +938,22 @@ exec_serial_rule(redisContext *c, const char *transaction_list, } break; case MAAT_OP_DEL: - redisAppendCommand(c, "RENAME %s:%s,%lld %s:%s,%lld", + redisAppendCommand(c, "RENAME %s:%s,%s %s:%s,%s", mr_key_prefix[MAAT_OP_ADD], s_rule[i].table_name, - s_rule[i].rule_id, + s_rule[i].rule_uuid_str, mr_key_prefix[MAAT_OP_DEL], s_rule[i].table_name, - s_rule[i].rule_id); + s_rule[i].rule_uuid_str); expected_reply_add(expect_reply+*cnt, i+offset, REDIS_REPLY_STATUS, 0); (*cnt)++; append_cmd_cnt++; - redisAppendCommand(c, "EXPIRE %s:%s,%lld %d", + redisAppendCommand(c, "EXPIRE %s:%s,%s %d", mr_key_prefix[MAAT_OP_DEL], s_rule[i].table_name, - s_rule[i].rule_id, + s_rule[i].rule_uuid_str, MAAT_REDIS_SYNC_TIME); expected_reply_add(expect_reply+*cnt, i+offset, REDIS_REPLY_INTEGER, 1); @@ -961,28 +961,28 @@ exec_serial_rule(redisContext *c, const char *transaction_list, append_cmd_cnt++; //NX: Don't update already existing elements. Always add new elements. - redisAppendCommand(c, "RPUSH %s DEL,%s,%lld", + redisAppendCommand(c, "RPUSH %s DEL,%s,%s", transaction_list, s_rule[i].table_name, - s_rule[i].rule_id); + s_rule[i].rule_uuid_str); expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0); (*cnt)++; append_cmd_cnt++; // Try to remove from expiration sorted set, no matter wheather it exists or not. - redisAppendCommand(c, "ZREM %s %s,%lld", + redisAppendCommand(c, "ZREM %s %s,%s", mr_expire_sset, s_rule[i].table_name, - s_rule[i].rule_id); + s_rule[i].rule_uuid_str); expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0); (*cnt)++; append_cmd_cnt++; // Try to remove from label sorted set, no matter wheather it exists or not. - redisAppendCommand(c, "ZREM %s %s,%lld", + redisAppendCommand(c, "ZREM %s %s,%s", mr_label_sset, s_rule[i].table_name, - s_rule[i].rule_id); + s_rule[i].rule_uuid_str); expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0); (*cnt)++; append_cmd_cnt++; @@ -1085,11 +1085,11 @@ int maat_cmd_write_rule(redisContext *c, struct serial_rule *s_rule, rule_seq = expected_reply[i].s_rule_seq; log_fatal(logger, MODULE_REDIS_MONITOR, - "[%s:%d] %s %s %lld failed, rule id maybe conflict" + "[%s:%d] %s %s %s failed, rule id maybe conflict" " or not exist", __FUNCTION__, __LINE__, mr_op_str[s_rule[rule_seq].op], s_rule[rule_seq].table_name, - s_rule[rule_seq].rule_id); + s_rule[rule_seq].rule_uuid_str); success_cnt--; last_failed = rule_seq; } @@ -1214,8 +1214,8 @@ check_maat_expiration(redisContext *c, struct log_handle *logger) for (size_t i = 0; i < s_rule_num; i++) { s_rule[i].op = MAAT_OP_DEL; - ret = sscanf(data_reply->element[i]->str, "%[^,],%lld", - s_rule[i].table_name, &(s_rule[i].rule_id)); + ret = sscanf(data_reply->element[i]->str, "%[^,],%s", + s_rule[i].table_name, s_rule[i].rule_uuid_str); assert(ret == 2); } freeReplyObject(data_reply); diff --git a/src/maat_rule.c b/src/maat_rule.c index c209521..e95e510 100644 --- a/src/maat_rule.c +++ b/src/maat_rule.c @@ -232,8 +232,18 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule struct maat_rule *rule = ALLOC(struct maat_rule, 1); struct log_handle *logger = rule_rt->logger; cJSON *tmp_obj = NULL; + cJSON *conditions = NULL; cJSON *table_json = cJSON_Parse(table_line); + int table_id = table_manager_get_table_id(schema->ref_tbl_mgr, table_name); + if (table_id < 0) { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> not found in table manager", + __FUNCTION__, __LINE__, table_name); + goto error; + } + + rule->table_id = table_id; rule->magic_num = MAAT_RULE_MAGIC; uuid_copy(rule->rule_uuid, rule_uuid); @@ -242,15 +252,15 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule rule->conditions[i].condition_id = 0; } - tmp_obj = cJSON_GetObjectItem(table_json, "conditions"); - if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) { + conditions = cJSON_GetObjectItem(table_json, "conditions"); + if (conditions == NULL || conditions->type != cJSON_Array) { log_fatal(logger, MODULE_RULE, "[%s:%d] table: <%s> has no conditions or not array format", __FUNCTION__, __LINE__, table_name); goto error; } - rule->condition_num = cJSON_GetArraySize(tmp_obj); + rule->condition_num = cJSON_GetArraySize(conditions); if (rule->condition_num > MAX_ITEMS_PER_BOOL_EXPR) { log_fatal(logger, MODULE_RULE, "[%s:%d] table: <%s> condition_num:%d exceed maximum:%d", @@ -259,7 +269,7 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule } for (int i = 0; i < rule->condition_num; i++) { - cJSON *condition_obj = cJSON_GetArrayItem(tmp_obj, i); + cJSON *condition_obj = cJSON_GetArrayItem(conditions, i); struct rule_condition *condition = rule->conditions + i; tmp_obj = cJSON_GetObjectItem(condition_obj, "attribute_name"); @@ -283,16 +293,9 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule tmp_obj = cJSON_GetObjectItem(condition_obj, "negate_option"); if (tmp_obj) { - if (tmp_obj->type != cJSON_String) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> has no negate_option or not string format", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - if (strncmp(tmp_obj->valuestring, "true", 4) == 0) { + if (tmp_obj->type == cJSON_True) { condition->negate_option = CONDITION_NEGATE_OPTION_SET; - } else if (strncmp(tmp_obj->valuestring, "false", 5) == 0) { + } else if (tmp_obj->type == cJSON_False) { condition->negate_option = CONDITION_NEGATE_OPTION_UNSET; } else { log_fatal(logger, MODULE_RULE, @@ -398,8 +401,12 @@ rule_item_new(const char *table_line, struct rule_schema *schema, rule_item->table_line = ALLOC(char, rule_item->table_line_len + 1); memcpy(rule_item->table_line, table_line, rule_item->table_line_len); + cJSON_Delete(table_json); return rule_item; error: + if (table_json) { + cJSON_Delete(table_json); + } FREE(rule_item); return NULL; } @@ -1369,11 +1376,11 @@ rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile } int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state, - uuid_t rule_id) + uuid_t *rule_id) { struct rule2table_id *tmp = NULL; - tmp = utarray_find(rule_compile_state->hit_rule_table_ids, &rule_id, + tmp = utarray_find(rule_compile_state->hit_rule_table_ids, rule_id, compare_rule_uuid); if (NULL == tmp) { return -1; @@ -1385,7 +1392,7 @@ int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile static int rule_runtime_add_rule(struct rule_runtime *rule_rt, struct rule_schema *schema, - uuid_t rule_uuid, const char *table_name, + uuid_t *rule_uuid, const char *table_name, const char *line, struct log_handle *logger) { struct maat_rule *rule = NULL; @@ -1406,20 +1413,20 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt, int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash); if (1 == updating_flag) { - rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid, + rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t)); } else { - rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t)); + rule = rcu_hash_find(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t)); } if (rule != NULL) { char rule_uuid_str[UUID_STR_LEN] = {0}; - uuid_unparse(rule_uuid, rule_uuid_str); + uuid_unparse(*rule_uuid, rule_uuid_str); log_fatal(logger, MODULE_RULE, "[%s:%d]rule_id:%s already existed in rule table, drop line:%s", __FUNCTION__, __LINE__, rule_uuid_str, line); } - rule = maat_rule_new(rule_rt, schema, table_name, rule_uuid, line, rule_item); + rule = maat_rule_new(rule_rt, schema, table_name, *rule_uuid, line, rule_item); if (NULL == rule) { log_fatal(logger, MODULE_RULE, "[%s:%d]maat_rule_new failed, drop line:%s", @@ -1427,14 +1434,14 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt, return -1; } - rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t), rule); + rcu_hash_add(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t), rule); return 0; } static void rule_runtime_del_rule(struct rule_runtime *rule_rt, struct rule_schema *schema, - uuid_t rule_uuid, + uuid_t *rule_uuid, struct log_handle *logger) { struct maat_rule *rule = NULL; @@ -1442,11 +1449,11 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt, int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash); if (1 == updating_flag) { // find in updating hash - rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid, + rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t)); } else { // find in effective hash - rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t)); + rule = rcu_hash_find(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t)); } if (rule != NULL) { @@ -1457,7 +1464,7 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt, } } - rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t)); + rcu_hash_del(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t)); } } @@ -1495,10 +1502,10 @@ int rule_runtime_update(void *rule_runtime, void *rule_schema, if (MAAT_OP_DEL == op) { // delete - rule_runtime_del_rule(rule_rt, schema, rule_uuid, rule_rt->logger); + rule_runtime_del_rule(rule_rt, schema, &rule_uuid, rule_rt->logger); } else { // add - int ret = rule_runtime_add_rule(rule_rt, schema, rule_uuid, + int ret = rule_runtime_add_rule(rule_rt, schema, &rule_uuid, table_name, line, rule_rt->logger); if (ret < 0) { rule_rt->update_err_cnt++; diff --git a/test/maat_json.json b/test/maat_json.json index 7f580b8..887dd9c 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -10,7 +10,7 @@ "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { - "keywords": "^AS1234$", + "expression": "^AS1234$", "expr_type": "and" } } @@ -24,7 +24,7 @@ "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { - "keywords": "^AS2345$", + "expression": "^AS2345$", "expr_type": "and" } } @@ -38,7 +38,7 @@ "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { - "keywords": "^AS6789$", + "expression": "^AS6789$", "expr_type": "and" } } @@ -52,7 +52,7 @@ "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { - "keywords": "^AS9001$", + "expression": "^AS9001$", "expr_type": "and" } } @@ -66,7 +66,7 @@ "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { - "keywords": "^AS9002$", + "expression": "^AS9002$", "expr_type": "and" } } @@ -80,7 +80,7 @@ "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { - "keywords": "^AS9003$", + "expression": "^AS9003$", "expr_type": "and" } } @@ -107,7 +107,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "^sports.example.com$", + "expression": "^sports.example.com$", "expr_type": "and" } } @@ -200,7 +200,7 @@ "table_name": "GeoLocation", "table_type": "expr", "table_content": { - "keywords": "^Greece.Sparta$", + "expression": "^Greece.Sparta$", "expr_type": "and" } } @@ -247,7 +247,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "Take me Home&Batman\\", + "expression": "Take me Home&Batman\\", "expr_type": "and" } } @@ -261,7 +261,7 @@ "table_type": "expr", "table_name": "MAIL_ADDR", "table_content": { - "keywords": "^ceshi3@mailhost.cn", + "expression": "^ceshi3@mailhost.cn", "expr_type": "and" } }, @@ -269,7 +269,7 @@ "table_type": "expr", "table_name": "MAIL_ADDR", "table_content": { - "keywords": "^ceshi6@mailhost.cn", + "expression": "^ceshi6@mailhost.cn", "expr_type": "and" } } @@ -283,7 +283,7 @@ "table_type": "expr", "table_name": "MAIL_ADDR", "table_content": { - "keywords": "^ceshi4@mailhost.cn", + "expression": "^ceshi4@mailhost.cn", "expr_type": "and" } } @@ -298,7 +298,7 @@ "table_type": "expr", "table_content": { - "keywords": "Chrome/78.0.3904.108", + "expression": "Chrome/78.0.3904.108", "expr_type": "and" } } @@ -313,7 +313,7 @@ "table_type": "expr", "table_content": { - "keywords": "uid=12345678", + "expression": "uid=12345678", "expr_type": "and" } }, @@ -322,7 +322,7 @@ "table_type": "expr", "table_content": { - "keywords": "sessionid=888888", + "expression": "sessionid=888888", "expr_type": "and" } } @@ -336,7 +336,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "2019/12/27", + "expression": "2019/12/27", "expr_type": "and" } } @@ -351,7 +351,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "must-contained-string-of-rule-199", + "expression": "must-contained-string-of-rule-199", "expr_type": "and" } } @@ -366,7 +366,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "must-not-contained-string-of-rule-199", + "expression": "must-not-contained-string-of-rule-199", "expr_type": "and" } } @@ -381,7 +381,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "must-contained-string-of-rule-200", + "expression": "must-contained-string-of-rule-200", "expr_type": "and" } } @@ -396,7 +396,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "must-not-contained-string-of-rule-200", + "expression": "must-not-contained-string-of-rule-200", "expr_type": "and" } } @@ -453,7 +453,7 @@ "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { - "keywords": "jianshu.com$", + "expression": "jianshu.com$", "expr_type": "and" } } @@ -468,7 +468,7 @@ "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { - "keywords": "^www.jianshu.com$", + "expression": "^www.jianshu.com$", "expr_type": "and" } } @@ -483,7 +483,7 @@ "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { - "keywords": "baidu.com$", + "expression": "baidu.com$", "expr_type": "and" } } @@ -498,7 +498,7 @@ "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { - "keywords": "^www.baidu.com$", + "expression": "^www.baidu.com$", "expr_type": "and" } } @@ -513,7 +513,7 @@ "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { - "keywords": "^mail.baidu.com$", + "expression": "^mail.baidu.com$", "expr_type": "and" } } @@ -528,7 +528,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "string-of-rule-217.com$", + "expression": "string-of-rule-217.com$", "expr_type": "and" } } @@ -543,7 +543,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "www.string-of-rule-217.com", + "expression": "www.string-of-rule-217.com", "expr_type": "and" } } @@ -663,7 +663,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "abckkk&123", + "expression": "abckkk&123", "expr_type": "and" } } @@ -728,7 +728,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "action=search\\&query=(.*)", + "expression": "action=search\\&query=(.*)", "expr_type": "regex" } } @@ -758,7 +758,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "should_not_hit_any_rule", + "expression": "should_not_hit_any_rule", "expr_type": "and" } } @@ -795,7 +795,7 @@ "table_type": "expr", "table_content": { - "keywords": "abckkk&123", + "expression": "abckkk&123", "expr_type": "and" } } @@ -825,7 +825,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "C#中国", + "expression": "C#中国", "expr_type": "and" } } @@ -855,7 +855,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "2010&يىلىدىكى", + "expression": "2010&يىلىدىكى", "expr_type": "and" } } @@ -885,7 +885,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "سىياسىي", + "expression": "سىياسىي", "expr_type": "and" } } @@ -932,7 +932,7 @@ "table_name": "HTTP_HOST", "table_type": "expr", "table_content": { - "keywords": "www.3300av.com", + "expression": "www.3300av.com", "expr_type": "and" } } @@ -962,7 +962,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "novel&27122.txt", + "expression": "novel&27122.txt", "expr_type": "and" } } @@ -992,7 +992,7 @@ "table_name": "IMAGE_FP", "table_type": "expr", "table_content": { - "keywords": "(offset=4362,depth=4458)|323031333A30333A30372032333A35363A313000323031333A30333A30372032333A35363A3130000000FFE20C584943435F50524F46494C4500010100000C484C696E6F021000006D6E74725247422058595A2007CE00020009000600310000|", + "expression": "(offset=4362,depth=4458)|323031333A30333A30372032333A35363A313000323031333A30333A30372032333A35363A3130000000FFE20C584943435F50524F46494C4500010100000C484C696E6F021000006D6E74725247422058595A2007CE00020009000600310000|", "expr_type": "and" } } @@ -1022,7 +1022,7 @@ "table_name": "IMAGE_FP", "table_type": "expr", "table_content": { - "keywords": "(offset=19339,depth=19467)|6CB2CB2F2028474C994991CCFC65CCA5E3B6FF001673985D157358610CACC674EE64CC27B5721CCDABD9CCA7C8E9F7BB1F54A930A6034D50F92711F5B2DACCB0715D2E6873CE5CE431DC701A194C260E9DB78CC89F2C84745869AB88349A3AE0412AB59D9ABA84EDEFFF0057FA4DA66D333698B5AD6F844DA2226D1CADAD5E44|", + "expression": "(offset=19339,depth=19467)|6CB2CB2F2028474C994991CCFC65CCA5E3B6FF001673985D157358610CACC674EE64CC27B5721CCDABD9CCA7C8E9F7BB1F54A930A6034D50F92711F5B2DACCB0715D2E6873CE5CE431DC701A194C260E9DB78CC89F2C84745869AB88349A3AE0412AB59D9ABA84EDEFFF0057FA4DA66D333698B5AD6F844DA2226D1CADAD5E44|", "expr_type": "and" } } @@ -1054,7 +1054,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "should&hit&aaa", + "expression": "should&hit&aaa", "expr_type": "and" } } @@ -1086,7 +1086,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "should&hit&bbb", + "expression": "should&hit&bbb", "expr_type": "and" } } @@ -1116,7 +1116,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "2018-10-05", + "expression": "2018-10-05", "expr_type": "and" } } @@ -1148,7 +1148,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "i.ytimg.com", + "expression": "i.ytimg.com", "expr_type": "and" } } @@ -1178,7 +1178,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": ",IgpwcjA0LnN2bzAzKgkxMjcuMC4wLjE", + "expression": ",IgpwcjA0LnN2bzAzKgkxMjcuMC4wLjE", "expr_type": "and" } } @@ -1209,7 +1209,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "must-contained-string-of-rule-143", + "expression": "must-contained-string-of-rule-143", "expr_type": "and" } } @@ -1229,7 +1229,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "must-not-contained-string-of-rule-143", + "expression": "must-not-contained-string-of-rule-143", "expr_type": "and" } } @@ -1260,7 +1260,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "must-contained-string-of-rule-144", + "expression": "must-contained-string-of-rule-144", "expr_type": "and" } } @@ -1280,7 +1280,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "must-not-contained-string-of-rule-144", + "expression": "must-not-contained-string-of-rule-144", "expr_type": "and" } } @@ -1311,7 +1311,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "must-contained-string-of-rule-145", + "expression": "must-contained-string-of-rule-145", "expr_type": "and" } } @@ -1350,7 +1350,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "must-contained-string-of-rule-146", + "expression": "must-contained-string-of-rule-146", "expr_type": "and" } } @@ -1371,7 +1371,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "must-contained-not-string-of-rule-146", + "expression": "must-contained-not-string-of-rule-146", "expr_type": "and" } } @@ -1411,7 +1411,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "condition0-in-rule-147", + "expression": "condition0-in-rule-147", "expr_type": "and" } } @@ -1432,7 +1432,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "condition1-in-rule-147", + "expression": "condition1-in-rule-147", "expr_type": "and" } } @@ -1453,7 +1453,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "condition2-in-rule-147", + "expression": "condition2-in-rule-147", "expr_type": "and" } } @@ -1474,7 +1474,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "condition3-in-rule-147", + "expression": "condition3-in-rule-147", "expr_type": "and" } } @@ -1495,7 +1495,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "condition4-in-rule-147", + "expression": "condition4-in-rule-147", "expr_type": "and" } } @@ -1516,7 +1516,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "condition5-in-rule-147", + "expression": "condition5-in-rule-147", "expr_type": "and" } } @@ -1537,7 +1537,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "condition6-in-rule-147", + "expression": "condition6-in-rule-147", "expr_type": "and" } } @@ -1558,7 +1558,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "condition7-in-rule-147", + "expression": "condition7-in-rule-147", "expr_type": "and" } } @@ -1588,7 +1588,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "Cookie:\\s.*head", + "expression": "Cookie:\\s.*head", "expr_type": "regex" } } @@ -1618,7 +1618,7 @@ "table_type": "expr", "table_name": "TROJAN_PAYLOAD", "table_content": { - "keywords": "(offset=0,depth=4)|01000000|", + "expression": "(offset=0,depth=4)|01000000|", "expr_type": "and" } } @@ -1637,7 +1637,7 @@ "table_type": "expr", "table_name": "TROJAN_PAYLOAD", "table_content": { - "keywords": "1:G2.40", + "expression": "1:G2.40", "expr_type": "and" } } @@ -1667,7 +1667,7 @@ "table_type": "expr", "table_name": "MAIL_ADDR", "table_content": { - "keywords": "ceshi3@mailhost.cn$", + "expression": "ceshi3@mailhost.cn$", "expr_type": "and" } } @@ -1805,7 +1805,7 @@ "table_type": "expr", "table_name": "TROJAN_PAYLOAD", "table_content": { - "keywords": "我的订单", + "expression": "我的订单", "expr_type": "and" } } @@ -1901,7 +1901,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "https://blog.csdn.net/littlefang/article/details/8213058", + "expression": "https://blog.csdn.net/littlefang/article/details/8213058", "expr_type": "and" } } @@ -1956,7 +1956,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": ">ЗАО «Севергазвтоматика АйС»<", + "expression": ">ЗАО «Севергазвтоматика АйС»<", "expr_type": "and" } } @@ -1987,7 +1987,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "cavemancircus.com/", + "expression": "cavemancircus.com/", "expr_type": "and" } } @@ -2037,7 +2037,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "2019/12/27/pretty-girls-6", + "expression": "2019/12/27/pretty-girls-6", "expr_type": "and" } } @@ -2342,7 +2342,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "string1&string2&string3&string4&string5&string6&string7&string8", + "expression": "string1&string2&string3&string4&string5&string6&string7&string8", "expr_type": "and" } } @@ -2456,7 +2456,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "must-not-contained-string-of-rule-186", + "expression": "must-not-contained-string-of-rule-186", "expr_type": "and" } } @@ -2506,7 +2506,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "must-not-contained-string-of-rule-187", + "expression": "must-not-contained-string-of-rule-187", "expr_type": "and" } } @@ -2556,7 +2556,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "must-not-contained-string-of-rule-188", + "expression": "must-not-contained-string-of-rule-188", "expr_type": "and" } } @@ -2606,7 +2606,7 @@ "table_type": "expr", "table_content": { - "keywords": "|ab00|", + "expression": "|ab00|", "expr_type": "and" } } @@ -2636,7 +2636,7 @@ "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { - "keywords": "|54455354|", + "expression": "|54455354|", "expr_type": "and" } } @@ -2667,7 +2667,7 @@ "table_name": "FLAG_CONFIG", "table_content": { "flag": 1, - "flag_mask": 3 + "mask": 3 } } ] @@ -2697,7 +2697,7 @@ "table_name": "FLAG_CONFIG", "table_content": { "flag": 2, - "flag_mask": 3 + "mask": 3 } } ] @@ -2715,7 +2715,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "hello", + "expression": "hello", "expr_type": "and" } } @@ -2746,7 +2746,7 @@ "table_name": "FLAG_CONFIG", "table_content": { "flag": 21, - "flag_mask": 31 + "mask": 31 } } ] @@ -2775,7 +2775,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "hqdefault.jpg", + "expression": "hqdefault.jpg", "expr_type": "and" } } @@ -2807,7 +2807,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "firewall", + "expression": "firewall", "expr_type": "and" } } @@ -3004,7 +3004,7 @@ "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { - "keywords": "123^456", + "expression": "123^456", "expr_type": "regex" } } @@ -3034,7 +3034,7 @@ "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { - "keywords": "|54455354|", + "expression": "|54455354|", "expr_type": "and" } } @@ -3065,7 +3065,7 @@ "table_name": "FLAG_CONFIG", "table_content": { "flag": 1, - "flag_mask": 3 + "mask": 3 } } ] @@ -3212,7 +3212,7 @@ "table_name": "EXPR_LITERAL_PERF_CONFIG", "table_type": "expr", "table_content": { - "keywords": "today&yesterday", + "expression": "today&yesterday", "expr_type": "and" } } @@ -3243,7 +3243,7 @@ "table_name": "FLAG_PERF_CONFIG", "table_content": { "flag": 15, - "flag_mask": 15 + "mask": 15 } } ] @@ -3272,7 +3272,7 @@ "table_name": "EXPR_REGEX_PERF_CONFIG", "table_type": "expr", "table_content": { - "keywords": "action=search\\&query=(.*)", + "expression": "action=search\\&query=(.*)", "expr_type": "regex" } } @@ -3312,7 +3312,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "keywords-for-rule-211", + "expression": "keywords-for-rule-211", "expr_type": "and" } } @@ -3352,7 +3352,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "keywords-for-rule-217", + "expression": "keywords-for-rule-217", "expr_type": "and" } } @@ -3413,7 +3413,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "keywords-dummy-219-1", + "expression": "keywords-dummy-219-1", "expr_type": "and" } } @@ -3434,7 +3434,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "keywords-dummy-219-2", + "expression": "keywords-dummy-219-2", "expr_type": "and" } } @@ -3455,7 +3455,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "keywords-dummy-219-3", + "expression": "keywords-dummy-219-3", "expr_type": "and" } } @@ -3476,7 +3476,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "keywords-dummy-219-4", + "expression": "keywords-dummy-219-4", "expr_type": "and" } } @@ -3497,7 +3497,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "keywords-dummy-219-5", + "expression": "keywords-dummy-219-5", "expr_type": "and" } } @@ -3518,7 +3518,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "keywords-dummy-219-6", + "expression": "keywords-dummy-219-6", "expr_type": "and" } } @@ -3539,7 +3539,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "keywords-dummy-219-7", + "expression": "keywords-dummy-219-7", "expr_type": "and" } } @@ -3560,7 +3560,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "keywords-dummy-219-8", + "expression": "keywords-dummy-219-8", "expr_type": "and" } } @@ -3592,7 +3592,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "keywords-dummy-220-1", + "expression": "keywords-dummy-220-1", "expr_type": "and" } } @@ -3613,7 +3613,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "keywords-dummy-220-2", + "expression": "keywords-dummy-220-2", "expr_type": "and" } } @@ -3634,7 +3634,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "keywords-dummy-220-3", + "expression": "keywords-dummy-220-3", "expr_type": "and" } } @@ -3666,7 +3666,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "not_logic_keywords_222", + "expression": "not_logic_keywords_222", "expr_type": "and" } } @@ -3698,7 +3698,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "not_logic_rule_223_1", + "expression": "not_logic_rule_223_1", "expr_type": "and" } } @@ -3719,7 +3719,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "not_logic_rule_223_2", + "expression": "not_logic_rule_223_2", "expr_type": "and" } } @@ -3740,7 +3740,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "not_logic_rule_223_3", + "expression": "not_logic_rule_223_3", "expr_type": "and" } } @@ -3772,7 +3772,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "not_logic_rule_224_1", + "expression": "not_logic_rule_224_1", "expr_type": "and" } } @@ -3793,7 +3793,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "not_logic_rule_224_2", + "expression": "not_logic_rule_224_2", "expr_type": "and" } } @@ -3825,7 +3825,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "GET / HTTP/1.1\\r\\nHost: www.baidu.com\\r\\n\\r\\n", + "expression": "GET / HTTP/1.1\\r\\nHost: www.baidu.com\\r\\n\\r\\n", "expr_type": "and" } } @@ -3894,7 +3894,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "youtube.com", + "expression": "youtube.com", "expr_type": "and" } } @@ -3944,7 +3944,7 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "É", + "expression": "É", "expr_type": "regex" } } @@ -4084,7 +4084,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "html>\\\\r\\\\n", + "expression": "html>\\\\r\\\\n", "expr_type": "and" } } @@ -4116,7 +4116,7 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "\\(\\)abc\\^\\$def\\|", + "expression": "\\(\\)abc\\^\\$def\\|", "expr_type": "and" } } @@ -4146,7 +4146,7 @@ "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { - "keywords": "cd |6162|", + "expression": "cd |6162|", "expr_type": "and" } } diff --git a/test/test_utils.cpp b/test/test_utils.cpp index b947019..56f46fc 100644 --- a/test/test_utils.cpp +++ b/test/test_utils.cpp @@ -32,20 +32,16 @@ make_serial_rule(const char *table_name, const char *line, void *u_para, enum ma buff[strlen(line) - 1] = '\0'; } - const char *redis_rule_key = "TEST_RULE_KEY"; - redisReply *reply = - maat_wrap_redis_command(ctx, NULL, "INCRBY %s %d", redis_rule_key, 1); - - if (reply->type == REDIS_REPLY_NIL) { - printf("incrby redis_rule_key:%s failed.", redis_rule_key); + cJSON *json = cJSON_Parse(line); + if (NULL == json) { return -1; - } else { - s_rule->rule_id = maat_read_redis_integer(reply); - freeReplyObject(reply); - reply = NULL; - } + } + cJSON *rule_uuid = cJSON_GetObjectItem(json, "uuid"); + if (NULL == rule_uuid || rule_uuid->type != cJSON_String) { + return -1; + } - maat_set_serial_rule(s_rule + line_idx, MAAT_OP_ADD, s_rule->rule_id, + maat_set_serial_rule(s_rule + line_idx, op, rule_uuid->valuestring, table_name, buff, absolute_expire_time); (s_rule + line_idx)->ref_ctx = ctx; line_idx++; @@ -120,9 +116,9 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por } int rule_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long rule_id, - const char *user_region, int condition_num, - int expire_after) + enum maat_operation op, uuid_t rule_uuid, + const char *user_region, struct maat_cmd_condition conditions[], + int condition_num, int expire_after) { char table_line[1024 * 16] = {0}; sprintf(table_line, "%lld\t0\t0\t0\t0\t0\t%s\t%d\t%d\t0.0", @@ -137,28 +133,10 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name, return maat_cmd_set_line(maat_inst, &line_rule, op); } +#if 0 //TODO #define TO_OBJECT2X_KEY(object_id, parent_id, condition_index) \ (((unsigned long)object_id<<32|parent_id) + condition_index) -int object2rule_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long object_id, - long long rule_id, int negate_option, - const char *attribute_name, int condition_index, - int expire_after) -{ - char table_line[128] = {0}; - sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d\t%d", - object_id, rule_id, negate_option, attribute_name, condition_index, op); - - struct maat_cmd_line line_rule; - line_rule.rule_id = TO_OBJECT2X_KEY(object_id, rule_id, condition_index); - line_rule.table_line = table_line; - line_rule.table_name = table_name; - line_rule.expire_after = expire_after; - - return maat_cmd_set_line(maat_inst, &line_rule, op); -} - int object2object_table_set_line(struct maat *maat_inst, const char *table_name, enum maat_operation op, long long object_id, long long sub_object_id, int expire_after) @@ -273,6 +251,7 @@ int flag_table_set_line(struct maat *maat_inst, const char *table_name, return maat_cmd_set_line(maat_inst, &line_rule, op); } +#endif void random_keyword_generate(char *keyword_buf, size_t sz) { diff --git a/test/test_utils.h b/test/test_utils.h index 098617d..c031465 100644 --- a/test/test_utils.h +++ b/test/test_utils.h @@ -4,19 +4,19 @@ #include "maat_command.h" #include "ip_matcher/ip_matcher.h" +struct maat_cmd_condition { + const char *object_uuids_str[8]; + int object_num; + int negate_option; + const char *attribute_name; +}; int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_port, int redis_db, struct log_handle *logger); int rule_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long rule_id, - const char *user_region, int condition_num, - int expire_after); - -int object2rule_table_set_line(struct maat *maat_inst, const char *table_name, - enum maat_operation op, long long object_id, - long long rule_id, int negate_option, - const char *attribute_name, int condition_index, - int expire_after); + enum maat_operation op, uuid_t rule_uuid, + const char *user_region, struct maat_cmd_condition conditions[], + int condition_num, int expire_after); int object2object_table_set_line(struct maat *maat_inst, const char *table_name, enum maat_operation op, long long object_id, diff --git a/tools/maat_redis_tool.cpp b/tools/maat_redis_tool.cpp index 396bd2c..a471478 100644 --- a/tools/maat_redis_tool.cpp +++ b/tools/maat_redis_tool.cpp @@ -46,8 +46,13 @@ static int compare_serial_rule(const void *a, const void *b) struct serial_rule *rb=(struct serial_rule *)b; int ret = strcmp(ra->table_name, rb->table_name); + if (0 == ret) { - ret = ra->rule_id - rb->rule_id; + uuid_t uuid_a; + uuid_t uuid_b; + uuid_parse(ra->rule_uuid_str, uuid_a); + uuid_parse(rb->rule_uuid_str, uuid_b); + ret = uuid_compare(uuid_a, uuid_b); } return ret; @@ -183,8 +188,8 @@ static void read_rule_from_redis(redisContext *c, const char *output_path, rule_list[i].table_line[line_len - 1] = '\0'; } - fprintf(table_fp, "%s\tkey=%lld\n", rule_list[i].table_line, - rule_list[i].rule_id); + fprintf(table_fp, "%s\tkey=%s\n", rule_list[i].table_line, + rule_list[i].rule_uuid_str); line_count++; }