gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix maat_redis_tool, fix some mem leaks, use (uuid_t *) type as para of function to avoid some problems

Browse Source
This commit is contained in:
root
2024-09-27 11:38:41 +00:00
parent 3315428974
commit 3bbbd53f39
21 changed files with 313 additions and 296 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/maat_command.h
View File

@@ -23,7 +23,7 @@ extern "C"
struct maat_cmd_line {
const char *table_name;
const char *table_line;
long long rule_id; // for MAAT_OP_DEL, only rule_id and table_name are necessary.
const char *rule_uuid_str; // for MAAT_OP_DEL, only rule_id and table_name are necessary.
int expire_after; //expired after $timeout$ seconds, set to 0 for never timeout.
};

4
src/inc_internal/maat_redis_monitor.h
View File

@@ -34,7 +34,7 @@ struct foreign_key {
//rm= Redis Maat
struct serial_rule {
enum maat_operation op;//0: delete, 1: add.
long long rule_id;
char rule_uuid_str[UUID_STR_LEN];
long long timeout; // absolute unix time.
char table_name[MAX_NAME_STR_LEN];
char *table_line;
@@ -48,7 +48,7 @@ struct serial_rule {
void maat_clear_rule_cache(struct serial_rule *s_rule);
void maat_set_serial_rule(struct serial_rule *rule, enum maat_operation op,
long long rule_id, const char *table_name,
const char *rule_uuid_str, const char *table_name,
const char *line, long long timeout);
redisContext *maat_connect_redis(const char *redis_ip, int redis_port,

2
src/inc_internal/maat_rule.h
View File

@@ -104,7 +104,7 @@ size_t rule_compile_state_get_last_hit_objects(struct rule_compile_state *rule_c
size_t rule_compile_state_get_last_hit_object_cnt(struct rule_compile_state *rule_compile_state);
int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state,
uuid_t rule_id);
uuid_t *rule_id);
#ifdef __cplusplus
}

2
src/maat_api.c
View File

@@ -2034,7 +2034,7 @@ int maat_state_get_rule_table_names(struct maat_state *state, uuid_t *rule_ids,
}
for (size_t i = 0; i < n_rule_ids; i++) {
int table_id = rule_compile_state_get_rule_table_id(state->rule_compile_state, rule_ids[i]);
int table_id = rule_compile_state_get_rule_table_id(state->rule_compile_state, &rule_ids[i]);
rule_table_names[i] = (char *)table_manager_get_table_name(state->maat_inst->tbl_mgr, table_id);
}

2
src/maat_bool_plugin.c
View File

@@ -436,6 +436,8 @@ int bool_plugin_runtime_update(void *bool_plugin_runtime,
ex_data_runtime_cached_row_count(bool_plugin_rt->ex_data_rt);
}
cJSON_Delete(json);
return 0;
ERROR:

6
src/maat_command.c
View File

@@ -287,9 +287,9 @@ int maat_cmd_set_line(struct maat *maat_inst,
line_rule->table_name);
if (table_id < 0) {
log_fatal(maat_inst->logger, MODULE_MAAT_COMMAND,
"[%s:%d] Command set line id %lld failed: "
"[%s:%d] Command set line id %s failed: "
"unknown table %s", __FUNCTION__, __LINE__,
line_rule->rule_id, line_rule->table_name);
line_rule->rule_uuid_str, line_rule->table_name);
FREE(s_rule);
return -1;
}
@@ -299,7 +299,7 @@ int maat_cmd_set_line(struct maat *maat_inst,
}
maat_set_serial_rule(s_rule, op,
line_rule->rule_id, line_rule->table_name,
line_rule->rule_uuid_str, line_rule->table_name,
line_rule->table_line, absolute_expire_time);
int success_cnt = maat_cmd_write_rule(write_ctx, s_rule, 1, server_time,

13
src/maat_config_monitor.c
View File

@@ -98,13 +98,19 @@ static void config_load_json_content(const cJSON *json_root, const char *table_n
if (rule == NULL) {
continue;
}
cJSON *rule_table = cJSON_GetObjectItem(rule, "rule_table_name");
char *rule_str = cJSON_PrintUnformatted(rule);
if (rule_str == NULL) {
continue;
}
update_fn(table_name, rule_str, u_param, MAAT_OP_ADD);
if (rule_table != NULL) {
update_fn(rule_table->valuestring, rule_str, u_param, MAAT_OP_ADD);
} else {
update_fn(table_name, rule_str, u_param, MAAT_OP_ADD);
}
FREE(rule_str);
}
}
@@ -276,6 +282,11 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
continue;
}
cJSON *negate_option = cJSON_GetObjectItem(tmp_condition, "negate_option");
if (negate_option == NULL) {
cJSON_AddBoolToObject(tmp_condition, "negate_option", 0);
}
cJSON_ArrayForEach(tmp_object, object_array) {
//find items, generate item_id and object_id
cJSON *object_id_obj = cJSON_GetObjectItem(tmp_object, "uuid");

4
src/maat_core.c
View File

@@ -410,6 +410,7 @@ void *rule_monitor_loop(void *arg)
be null terminated if it contains fewer bytes. */
char maat_name[MAX_INSTANCE_NAME_LEN + 1] = {0};
struct maat *maat_inst = (struct maat *)arg;
struct stat attrib;
if (strlen(maat_inst->opts.inst_name) > 0) {
snprintf(maat_name, sizeof(maat_name), "%s", maat_inst->opts.inst_name);
@@ -428,11 +429,12 @@ void *rule_monitor_loop(void *arg)
__FUNCTION__, __LINE__);
maat_read_full_config(maat_inst);
}
stat(maat_inst->opts.json_ctx.json_file, &attrib);//maat has read fullconfig either in maat_new(deffer==0) or above(deffer==1)
maat_inst->opts.json_ctx.last_md5_time = attrib.st_ctim;
pthread_mutex_unlock(&(maat_inst->background_update_mutex));
char md5_tmp[MD5_DIGEST_LENGTH * 2 + 1] = {0};
char err_str[NAME_MAX] = {0};
struct stat attrib;
cJSON *json_root = NULL;
while (maat_inst->is_running) {

6
src/maat_expr.c
View File

@@ -133,10 +133,10 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
}
uuid_parse(tmp_obj->valuestring, expr_item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "keywords");
tmp_obj = cJSON_GetObjectItem(json, "expression");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no keywords in line:%s",
"[%s:%d] expr table:<%s> has no expression in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
@@ -144,7 +144,7 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
if (len > MAX_KEYWORDS_STR_LEN) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> keywords length too long in line:%s",
"[%s:%d] expr table:<%s> expression length too long in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}

12
src/maat_flag.c
View File

@@ -210,24 +210,24 @@ flag_item_new(struct flag_schema *schema, const char *table_name,
uuid_parse(tmp_obj->valuestring, item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "flag");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) {
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag table:<%s> has no flag in json:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
item->flag = strtoull(tmp_obj->valuestring, NULL, 0);
item->flag = tmp_obj->valueint;
tmp_obj = cJSON_GetObjectItem(json, "flag_mask");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
tmp_obj = cJSON_GetObjectItem(json, "mask");
if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) {
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag table:<%s> has no flag_mask in json:%s",
"[%s:%d] flag table:<%s> has no mask in json:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto error;
}
item->flag_mask = strtoull(tmp_obj->valuestring, NULL, 0);
item->flag_mask = tmp_obj->valueint;
return item;
error:

2
src/maat_fqdn_plugin.c
View File

@@ -414,6 +414,8 @@ int fqdn_plugin_runtime_update(void *fqdn_plugin_runtime,
ex_data_runtime_cached_row_count(fqdn_plugin_rt->ex_data_rt);
}
cJSON_Delete(json);
return 0;
ERROR:

1
src/maat_ip_plugin.c
View File

@@ -412,6 +412,7 @@ int ip_plugin_runtime_update(void *ip_plugin_runtime, void *ip_plugin_schema,
ex_data_runtime_cached_row_count(ip_plugin_rt->ex_data_rt);
}
cJSON_Delete(json);
return 0;
ERROR:

2
src/maat_ipport_plugin.c
View File

@@ -416,6 +416,8 @@ int ipport_plugin_runtime_update(void *ipport_plugin_runtime,
ex_data_runtime_cached_row_count(ipport_plugin_rt->ex_data_rt);
}
cJSON_Delete(json);
return 0;
ERROR:

95
src/maat_object.c
View File

@@ -296,7 +296,7 @@ object2object_item_new(const char *line, struct object2object_schema *o2o_schema
}
uuid_parse(tmp_obj->valuestring, o2o_item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "include_object_uuids");
tmp_obj = cJSON_GetObjectItem(json, "included_sub_object_uuids");
if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) {
log_fatal(logger, MODULE_OBJECT,
"[%s:%d] o2o table:<%s> has no included_sub_object_ids or format is not array in line:%s",
@@ -324,7 +324,7 @@ object2object_item_new(const char *line, struct object2object_schema *o2o_schema
goto error;
}
tmp_obj = cJSON_GetObjectItem(json, "exclude_object_uuids");
tmp_obj = cJSON_GetObjectItem(json, "excluded_sub_object_uuids");
if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) {
log_fatal(logger, MODULE_OBJECT,
"[%s:%d] o2o table:<%s> has no excluded_sub_object_ids or format is not array in line:%s",
@@ -352,8 +352,13 @@ object2object_item_new(const char *line, struct object2object_schema *o2o_schema
goto error;
}
cJSON_Delete(json);
return o2o_item;
error:
if (json) {
cJSON_Delete(json);
}
FREE(o2o_item);
return NULL;
}
@@ -390,12 +395,12 @@ static size_t print_igraph_vector(igraph_vector_t *v, char *buff, size_t sz) {
}
static struct maat_object *
object_topology_add_object(struct maat_object_topology *object_topo, uuid_t object_uuid)
object_topology_add_object(struct maat_object_topology *object_topo, uuid_t *object_uuid)
{
assert(object_topo != NULL);
struct maat_object *object = ALLOC(struct maat_object, 1);
uuid_copy(object->object_uuid, object_uuid);
uuid_copy(object->object_uuid, *object_uuid);
object->vertex_id = object_topo->grp_vertex_id_generator++;
utarray_new(object->incl_super_object_uuids, &ut_object_uuid_icd);
utarray_new(object->excl_super_object_uuids, &ut_object_uuid_icd);
@@ -444,73 +449,73 @@ static void object_topology_del_object(struct maat_object_topology *object_topo,
}
static struct maat_object *
object_topology_find_object(struct maat_object_topology *object_topo, uuid_t object_uuid)
object_topology_find_object(struct maat_object_topology *object_topo, uuid_t *object_uuid)
{
if (NULL == object_topo || uuid_is_null(object_uuid)) {
if (NULL == object_topo || uuid_is_null(*object_uuid)) {
return NULL;
}
struct maat_object *object = NULL;
HASH_FIND(hh_object_uuid, object_topo->hash_by_object_uuid, (char*)&object_uuid, sizeof(uuid_t), object);
HASH_FIND(hh_object_uuid, object_topo->hash_by_object_uuid, (char*)object_uuid, sizeof(uuid_t), object);
return object;
}
static void maat_object_reference_super_object(struct maat_object *object,
uuid_t super_object_uuid,
uuid_t *super_object_uuid,
int is_exclude)
{
if (NULL == object || uuid_is_null(super_object_uuid)) {
if (NULL == object || uuid_is_null(*super_object_uuid)) {
return;
}
if (0 == is_exclude) {
//include superior object
if (!utarray_find(object->incl_super_object_uuids, &super_object_uuid,
if (!utarray_find(object->incl_super_object_uuids, super_object_uuid,
compare_object_uuid)) {
utarray_push_back(object->incl_super_object_uuids, &super_object_uuid);
utarray_push_back(object->incl_super_object_uuids, super_object_uuid);
utarray_sort(object->incl_super_object_uuids, compare_object_uuid);
}
} else {
//exclude superior object
if (!utarray_find(object->excl_super_object_uuids, &super_object_uuid,
if (!utarray_find(object->excl_super_object_uuids, super_object_uuid,
compare_object_uuid)) {
utarray_push_back(object->excl_super_object_uuids, &super_object_uuid);
utarray_push_back(object->excl_super_object_uuids, super_object_uuid);
utarray_sort(object->excl_super_object_uuids, compare_object_uuid);
}
}
}
static void maat_object_reference_sub_object(struct maat_object *object,
uuid_t sub_object_uuid,
uuid_t *sub_object_uuid,
int is_exclude)
{
if (NULL == object || uuid_is_null(sub_object_uuid)) {
if (NULL == object || uuid_is_null(*sub_object_uuid)) {
return;
}
if (0 == is_exclude) {
//include sub object
if (!utarray_find(object->incl_sub_object_uuids, &sub_object_uuid,
if (!utarray_find(object->incl_sub_object_uuids, sub_object_uuid,
compare_object_uuid)) {
utarray_push_back(object->incl_sub_object_uuids, &sub_object_uuid);
utarray_push_back(object->incl_sub_object_uuids, sub_object_uuid);
utarray_sort(object->incl_sub_object_uuids, compare_object_uuid);
}
} else {
//exclude sub object
if (!utarray_find(object->excl_sub_object_uuids, &sub_object_uuid,
if (!utarray_find(object->excl_sub_object_uuids, sub_object_uuid,
compare_object_uuid)) {
utarray_push_back(object->excl_sub_object_uuids, &sub_object_uuid);
utarray_push_back(object->excl_sub_object_uuids, sub_object_uuid);
utarray_sort(object->excl_sub_object_uuids, compare_object_uuid);
}
}
}
static void maat_object_dereference_super_object(struct maat_object *object,
uuid_t super_object_uuid,
uuid_t *super_object_uuid,
int is_exclude)
{
if (NULL == object || uuid_is_null(super_object_uuid)) {
if (NULL == object || uuid_is_null(*super_object_uuid)) {
return;
}
@@ -518,7 +523,7 @@ static void maat_object_dereference_super_object(struct maat_object *object,
uuid_t *tmp_uuid = NULL;
if (0 == is_exclude) {
//include superior object
tmp_uuid = utarray_find(object->incl_super_object_uuids, &super_object_uuid,
tmp_uuid = utarray_find(object->incl_super_object_uuids, super_object_uuid,
compare_object_uuid);
if (tmp_uuid != NULL) {
remove_idx = utarray_eltidx(object->incl_super_object_uuids, tmp_uuid);
@@ -526,7 +531,7 @@ static void maat_object_dereference_super_object(struct maat_object *object,
}
} else {
//exclude superior object
tmp_uuid = utarray_find(object->excl_super_object_uuids, &super_object_uuid,
tmp_uuid = utarray_find(object->excl_super_object_uuids, super_object_uuid,
compare_object_uuid);
if (tmp_uuid != NULL) {
remove_idx = utarray_eltidx(object->excl_super_object_uuids, tmp_uuid);
@@ -536,10 +541,10 @@ static void maat_object_dereference_super_object(struct maat_object *object,
}
static void maat_object_dereference_sub_object(struct maat_object *object,
uuid_t sub_object_uuid,
uuid_t *sub_object_uuid,
int is_exclude)
{
if (NULL == object || uuid_is_null(sub_object_uuid)) {
if (NULL == object || uuid_is_null(*sub_object_uuid)) {
return;
}
@@ -547,7 +552,7 @@ static void maat_object_dereference_sub_object(struct maat_object *object,
uuid_t *tmp_uuid = NULL;
if (0 == is_exclude) {
//include superior object
tmp_uuid = utarray_find(object->incl_sub_object_uuids, &sub_object_uuid,
tmp_uuid = utarray_find(object->incl_sub_object_uuids, sub_object_uuid,
compare_object_uuid);
if (tmp_uuid != NULL) {
remove_idx = utarray_eltidx(object->incl_sub_object_uuids, tmp_uuid);
@@ -555,7 +560,7 @@ static void maat_object_dereference_sub_object(struct maat_object *object,
}
} else {
//exclude superior object
tmp_uuid = utarray_find(object->excl_sub_object_uuids, &sub_object_uuid,
tmp_uuid = utarray_find(object->excl_sub_object_uuids, sub_object_uuid,
compare_object_uuid);
if (tmp_uuid != NULL) {
remove_idx = utarray_eltidx(object->excl_sub_object_uuids, tmp_uuid);
@@ -565,7 +570,7 @@ static void maat_object_dereference_sub_object(struct maat_object *object,
}
static int object_topology_add_object_to_object(struct maat_object_topology *object_topo,
uuid_t object_uuid, uuid_t sub_object_uuid,
uuid_t *object_uuid, uuid_t *sub_object_uuid,
int is_exclude)
{
if (NULL == object_topo) {
@@ -593,8 +598,8 @@ static int object_topology_add_object_to_object(struct maat_object_topology *obj
if (edge_id > 0) {
char object_uuid_str[37] = {0};
char sub_object_uuid_str[37] = {0};
uuid_unparse(object_uuid, object_uuid_str);
uuid_unparse(sub_object_uuid, sub_object_uuid_str);
uuid_unparse(*object_uuid, object_uuid_str);
uuid_unparse(*sub_object_uuid, sub_object_uuid_str);
log_fatal(object_topo->logger, MODULE_OBJECT,
"[%s:%d] Add object %s to object %s failed, relation already existed.",
__FUNCTION__, __LINE__, sub_object_uuid_str, object_uuid_str);
@@ -612,8 +617,8 @@ static int object_topology_add_object_to_object(struct maat_object_topology *obj
if (!is_dag) {
char object_uuid_str[37] = {0};
char sub_object_uuid_str[37] = {0};
uuid_unparse(object_uuid, object_uuid_str);
uuid_unparse(sub_object_uuid, sub_object_uuid_str);
uuid_unparse(*object_uuid, object_uuid_str);
uuid_unparse(*sub_object_uuid, sub_object_uuid_str);
log_fatal(object_topo->logger, MODULE_OBJECT,
"[%s:%d] Sub object cycle detected, sub_object_id:%s, object_id:%s!",
__FUNCTION__, __LINE__, sub_object_uuid_str, object_uuid_str);
@@ -624,7 +629,7 @@ static int object_topology_add_object_to_object(struct maat_object_topology *obj
}
static int object_topology_del_object_from_object(struct maat_object_topology *object_topo,
uuid_t object_uuid, uuid_t sub_object_uuid,
uuid_t *object_uuid, uuid_t *sub_object_uuid,
int is_exclude)
{
if (NULL == object_topo) {
@@ -636,8 +641,8 @@ static int object_topology_del_object_from_object(struct maat_object_topology *o
if (NULL == sub_object) {
char object_uuid_str[37] = {0};
char sub_object_uuid_str[37] = {0};
uuid_unparse(object_uuid, object_uuid_str);
uuid_unparse(sub_object_uuid, sub_object_uuid_str);
uuid_unparse(*object_uuid, object_uuid_str);
uuid_unparse(*sub_object_uuid, sub_object_uuid_str);
log_fatal(object_topo->logger, MODULE_OBJECT,
"[%s:%d] Del object %s from object %s failed, object %s not existed.",
__FUNCTION__, __LINE__, sub_object_uuid_str, object_uuid_str, sub_object_uuid_str);
@@ -648,8 +653,8 @@ static int object_topology_del_object_from_object(struct maat_object_topology *o
if (NULL == object) {
char object_uuid_str[37] = {0};
char sub_object_uuid_str[37] = {0};
uuid_unparse(object_uuid, object_uuid_str);
uuid_unparse(sub_object_uuid, sub_object_uuid_str);
uuid_unparse(*object_uuid, object_uuid_str);
uuid_unparse(*sub_object_uuid, sub_object_uuid_str);
log_fatal(object_topo->logger, MODULE_OBJECT,
"[%s:%d] Del object %s from object %s failed, object %s not existed.",
__FUNCTION__, __LINE__, sub_object_uuid_str, object_uuid_str, object_uuid_str);
@@ -750,7 +755,7 @@ int object2object_runtime_update(void *o2o_runtime, void *o2o_schema,
for (i = 0; i < utarray_len(o2o_item->incl_sub_object_uuids); i++) {
sub_object_uuid = (uuid_t *)utarray_eltptr(o2o_item->incl_sub_object_uuids, i);
ret = object_topology_del_object_from_object(o2o_rt->updating_object_topo,
o2o_item->object_uuid, *sub_object_uuid, 0);
&o2o_item->object_uuid, sub_object_uuid, 0);
if (ret != 0) {
err_flag = 1;
}
@@ -759,7 +764,7 @@ int object2object_runtime_update(void *o2o_runtime, void *o2o_schema,
for (i = 0; i < utarray_len(o2o_item->excl_sub_object_uuids); i++) {
sub_object_uuid = (uuid_t *)utarray_eltptr(o2o_item->excl_sub_object_uuids, i);
ret = object_topology_del_object_from_object(o2o_rt->updating_object_topo,
o2o_item->object_uuid, *sub_object_uuid, 1);
&o2o_item->object_uuid, sub_object_uuid, 1);
if (ret != 0) {
err_flag = 1;
}
@@ -778,7 +783,7 @@ int object2object_runtime_update(void *o2o_runtime, void *o2o_schema,
for (i = 0; i < utarray_len(o2o_item->incl_sub_object_uuids); i++) {
sub_object_uuid = (uuid_t *)utarray_eltptr(o2o_item->incl_sub_object_uuids, i);
ret = object_topology_add_object_to_object(o2o_rt->updating_object_topo,
o2o_item->object_uuid, *sub_object_uuid, 0);
&o2o_item->object_uuid, sub_object_uuid, 0);
if (ret != 0) {
err_flag = 1;
}
@@ -787,7 +792,7 @@ int object2object_runtime_update(void *o2o_runtime, void *o2o_schema,
for (i = 0; i < utarray_len(o2o_item->excl_sub_object_uuids); i++) {
sub_object_uuid = (uuid_t *)utarray_eltptr(o2o_item->excl_sub_object_uuids, i);
ret = object_topology_add_object_to_object(o2o_rt->updating_object_topo,
o2o_item->object_uuid, *sub_object_uuid, 1);
&o2o_item->object_uuid, sub_object_uuid, 1);
if (ret != 0) {
err_flag = 1;
}
@@ -865,7 +870,7 @@ static void get_candidate_super_object_ids(struct maat_object_topology *object_t
//Find super candidates
for (p = (uuid_t *)utarray_front(hit_object_uuids); p != NULL;
p = (uuid_t *)utarray_next(hit_object_uuids, p)) {
struct maat_object *object = object_topology_find_object(object_topo, *p);
struct maat_object *object = object_topology_find_object(object_topo, p);
if (NULL == object) {
//object_id not in object2object table
continue;
@@ -986,7 +991,7 @@ static void verify_candidate_super_object_ids(struct maat_object_topology *objec
}
uuid_copy(prev_object_uuid, *p);
struct maat_object *object = object_topology_find_object(object_topo, *p);
struct maat_object *object = object_topology_find_object(object_topo, p);
if (NULL == object) {
continue;
}
@@ -1029,7 +1034,7 @@ static void verify_candidate_super_object_ids(struct maat_object_topology *objec
*/
for (p = (uuid_t *)utarray_front(candidate_object_uuids); p != NULL;
p = (uuid_t *)utarray_next(candidate_object_uuids, p)) {
struct maat_object *object = object_topology_find_object(object_topo, *p);
struct maat_object *object = object_topology_find_object(object_topo, p);
if (NULL == object) {
continue;
}
@@ -1174,7 +1179,7 @@ size_t object2object_runtime_get_super_objects(void *o2o_runtime, uuid_t *object
size_t o2o_object_uuids_cnt = 0;
for (size_t i = 0; i < n_object_uuids; i++) {
struct maat_object *object = object_topology_find_object(o2o_rt->object_topo, object_uuids[i]);
struct maat_object *object = object_topology_find_object(o2o_rt->object_topo, &object_uuids[i]);
if (NULL == object) {
continue;
}

1
src/maat_plugin.c
View File

@@ -622,6 +622,7 @@ int plugin_runtime_update(void *plugin_runtime, void *plugin_schema,
"plugin table:<%s> update one line, key:%s, key_len:%zu, maat_operation:%d",
table_name, print_key, raw_key_len, op);
yyjson_doc_free(doc);
return 0;
ERROR:

98
src/maat_redis_monitor.c
View File

@@ -50,13 +50,13 @@ struct expected_reply {
};
static char *
get_foreign_cont_filename(const char *table_name, long long rule_id,
get_foreign_cont_filename(const char *table_name, const char* rule_uuid_str,
const char *foreign_key, const char *dir)
{
char buffer[512] = {0};
snprintf(buffer, sizeof(buffer),"%s/%s-%lld-%s", dir,
table_name, rule_id, foreign_key);
snprintf(buffer, sizeof(buffer),"%s/%s-%s-%s", dir,
table_name, rule_uuid_str, foreign_key);
char *filename = ALLOC(char, strlen(buffer) + 1);
memcpy(filename, buffer, strlen(buffer));
@@ -82,9 +82,9 @@ get_foregin_keys(struct serial_rule *p_rule, const char foreign_names[MAX_FOREIG
if (0 != strncmp(p_foreign, foreign_source_prefix,
strlen(foreign_source_prefix))) {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Get %s,%lld foreign key failed: "
"[%s:%d] Get %s,%s foreign key failed: "
"Invalid source prefix %s", __FUNCTION__, __LINE__,
p_rule->table_name, p_rule->rule_id, p_foreign);
p_rule->table_name, p_rule->rule_uuid_str, p_foreign);
continue;
}
@@ -94,15 +94,15 @@ get_foregin_keys(struct serial_rule *p_rule, const char foreign_names[MAX_FOREIG
if (0 != strncmp(p_foreign, foreign_key_prefix,
strlen(foreign_key_prefix))) {
log_info(logger, MODULE_REDIS_MONITOR,
"[%s:%d] %s, %lld foreign key prefix %s is not recommended",
__FUNCTION__, __LINE__, p_rule->table_name, p_rule->rule_id,
"[%s:%d] %s, %s foreign key prefix %s is not recommended",
__FUNCTION__, __LINE__, p_rule->table_name, p_rule->rule_uuid_str,
p_foreign);
}
p_rule->f_keys[p_rule->n_foreign].key = ALLOC(char, foreign_key_size + 1);
memcpy(p_rule->f_keys[p_rule->n_foreign].key, p_foreign, foreign_key_size);
p_rule->f_keys[p_rule->n_foreign].filename =
get_foreign_cont_filename(p_rule->table_name, p_rule->rule_id,
get_foreign_cont_filename(p_rule->table_name, p_rule->rule_uuid_str,
p_rule->f_keys[p_rule->n_foreign].key, dir);
p_rule->n_foreign++;
}
@@ -209,9 +209,9 @@ get_maat_redis_value(redisContext *c, struct serial_rule *rule_list,
for (i = 0; i < rule_num; i++) {
snprintf(redis_cmd, sizeof(redis_cmd),
"GET %s:%s,%lld", mr_key_prefix[rule_list[i].op],
"GET %s:%s,%s", mr_key_prefix[rule_list[i].op],
rule_list[i].table_name,
rule_list[i].rule_id);
rule_list[i].rule_uuid_str);
ret = redisAppendCommand(c, redis_cmd);
assert(ret == REDIS_OK);
}
@@ -220,9 +220,9 @@ get_maat_redis_value(redisContext *c, struct serial_rule *rule_list,
ret = maat_wrap_redis_get_reply(c, &reply);
if (ret == REDIS_ERR) {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Redis GET %s:%s,%lld failed, redis server error",
"[%s:%d] Redis GET %s:%s,%s failed, redis server error",
__FUNCTION__, __LINE__, mr_key_prefix[rule_list[i].op],
rule_list[i].table_name, rule_list[i].rule_id);
rule_list[i].table_name, rule_list[i].rule_uuid_str);
error_happened = 1;
break;
}
@@ -235,9 +235,9 @@ get_maat_redis_value(redisContext *c, struct serial_rule *rule_list,
failed_cnt++;
} else {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Redis GET %s:%s,%lld failed",
"[%s:%d] Redis GET %s:%s,%s failed",
__FUNCTION__, __LINE__, mr_key_prefix[rule_list[i].op],
rule_list[i].table_name, rule_list[i].rule_id);
rule_list[i].table_name, rule_list[i].rule_uuid_str);
error_happened = 1;
}
}
@@ -255,9 +255,9 @@ get_maat_redis_value(redisContext *c, struct serial_rule *rule_list,
for (i = 0; i < failed_cnt; i++) {
idx = retry_ids[i];
snprintf(redis_cmd, sizeof(redis_cmd),
"GET %s:%s,%lld", mr_key_prefix[MAAT_OP_DEL],
"GET %s:%s,%s", mr_key_prefix[MAAT_OP_DEL],
rule_list[idx].table_name,
rule_list[idx].rule_id);
rule_list[idx].rule_uuid_str);
ret = redisAppendCommand(c, redis_cmd);
}
@@ -396,9 +396,9 @@ get_inc_key_list(long long instance_version, long long target_version,
for (i = 0, j = 0; i < (int)reply->elements; i++) {
assert(reply->element[i]->type == REDIS_REPLY_STRING);
int ret = sscanf(reply->element[i]->str, "%3s,%[^,],%lld",
op_str, s_rule[j].table_name, &(s_rule[j].rule_id));
if (ret != 3 || s_rule[j].rule_id < 0) {
int ret = sscanf(reply->element[i]->str, "%3s,%[^,],%s",
op_str, s_rule[j].table_name, s_rule[j].rule_uuid_str);
if (ret != 3 || s_rule[j].rule_uuid_str[0] == '\0') {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Invalid Redis Key: %s",
__FUNCTION__, __LINE__, reply->element[i]->str);
@@ -445,12 +445,12 @@ void maat_clear_rule_cache(struct serial_rule *s_rule)
}
void maat_set_serial_rule(struct serial_rule *rule, enum maat_operation op,
long long rule_id, const char *table_name,
const char *rule_uuid_str, const char *table_name,
const char *line, long long timeout)
{
memset(rule, 0, sizeof(struct serial_rule));
rule->op = op;
rule->rule_id = rule_id;
strncpy(rule->rule_uuid_str, rule_uuid_str, sizeof(rule->rule_uuid_str));
rule->timeout = timeout;
assert(strlen(table_name) < sizeof(rule->table_name));
strncpy(rule->table_name, table_name, sizeof(rule->table_name));
@@ -596,12 +596,12 @@ FULL_UPDATE:
continue;
}
ret = sscanf(sub_reply->element[i]->str, "%*[^:]:%[^,],%lld",
ret = sscanf(sub_reply->element[i]->str, "%*[^:]:%[^,],%s",
s_rule_array[full_idx].table_name,
&(s_rule_array[full_idx].rule_id));
s_rule_array[full_idx].rule_uuid_str);
s_rule_array[full_idx].op = MAAT_OP_ADD;
if (ret != 2 || s_rule_array[full_idx].rule_id < 0 ||
if (ret != 2 || s_rule_array[full_idx].rule_uuid_str[0] == '\0' ||
strlen(s_rule_array[full_idx].table_name) == 0) {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Invalid Redis Key Format: %s",
@@ -693,20 +693,20 @@ get_foreign_conts(redisContext *c, struct serial_rule *rule_list,
ret = maat_wrap_redis_get_reply(c, &reply);
if (ret == REDIS_ERR) {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Get %s,%lld foreign key %s content failed,"
"[%s:%d] Get %s,%s foreign key %s content failed,"
" redis server error", __FUNCTION__, __LINE__,
rule_list[track[i].rule_idx].table_name,
rule_list[track[i].rule_idx].rule_id,
rule_list[track[i].rule_idx].rule_uuid_str,
rule_list[track[i].rule_idx].f_keys[track[i].foreign_idx].key);
break;
}
if (reply->type != REDIS_REPLY_STRING) {
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] Get %s,%lld foreign key %s content failed",
"[%s:%d] Get %s,%s foreign key %s content failed",
__FUNCTION__, __LINE__,
rule_list[track[i].rule_idx].table_name,
rule_list[track[i].rule_idx].rule_id,
rule_list[track[i].rule_idx].rule_uuid_str,
rule_list[track[i].rule_idx].f_keys[track[i].foreign_idx].key);
continue;
} else {
@@ -906,29 +906,29 @@ exec_serial_rule(redisContext *c, const char *transaction_list,
for (i = 0; i < rule_num; i++) {
switch (s_rule[i].op) {
case MAAT_OP_ADD:
redisAppendCommand(c, "SET %s:%s,%lld %s",
redisAppendCommand(c, "SET %s:%s,%s %s",
mr_key_prefix[MAAT_OP_ADD],
s_rule[i].table_name,
s_rule[i].rule_id,
s_rule[i].rule_uuid_str,
s_rule[i].table_line);
expected_reply_add(expect_reply+*cnt, i+offset,
REDIS_REPLY_STATUS, 0);
(*cnt)++;
append_cmd_cnt++;
//Allowing add duplicated members for rule id recycling.
redisAppendCommand(c, "RPUSH %s ADD,%s,%lld",
redisAppendCommand(c, "RPUSH %s ADD,%s,%s",
transaction_list,
s_rule[i].table_name,
s_rule[i].rule_id);
s_rule[i].rule_uuid_str);
expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0);
(*cnt)++;
append_cmd_cnt++;
if (s_rule[i].timeout > 0) {
redisAppendCommand(c, "ZADD %s %lld %s,%lld",
redisAppendCommand(c, "ZADD %s %lld %s,%s",
mr_expire_sset,
s_rule[i].timeout,
s_rule[i].table_name,
s_rule[i].rule_id);
s_rule[i].rule_uuid_str);
expected_reply_add(expect_reply+*cnt, i+offset,
REDIS_REPLY_INTEGER, 1);
expected_reply_add(expect_reply+*cnt, i+offset,
@@ -938,22 +938,22 @@ exec_serial_rule(redisContext *c, const char *transaction_list,
}
break;
case MAAT_OP_DEL:
redisAppendCommand(c, "RENAME %s:%s,%lld %s:%s,%lld",
redisAppendCommand(c, "RENAME %s:%s,%s %s:%s,%s",
mr_key_prefix[MAAT_OP_ADD],
s_rule[i].table_name,
s_rule[i].rule_id,
s_rule[i].rule_uuid_str,
mr_key_prefix[MAAT_OP_DEL],
s_rule[i].table_name,
s_rule[i].rule_id);
s_rule[i].rule_uuid_str);
expected_reply_add(expect_reply+*cnt, i+offset,
REDIS_REPLY_STATUS, 0);
(*cnt)++;
append_cmd_cnt++;
redisAppendCommand(c, "EXPIRE %s:%s,%lld %d",
redisAppendCommand(c, "EXPIRE %s:%s,%s %d",
mr_key_prefix[MAAT_OP_DEL],
s_rule[i].table_name,
s_rule[i].rule_id,
s_rule[i].rule_uuid_str,
MAAT_REDIS_SYNC_TIME);
expected_reply_add(expect_reply+*cnt, i+offset,
REDIS_REPLY_INTEGER, 1);
@@ -961,28 +961,28 @@ exec_serial_rule(redisContext *c, const char *transaction_list,
append_cmd_cnt++;
//NX: Don't update already existing elements. Always add new elements.
redisAppendCommand(c, "RPUSH %s DEL,%s,%lld",
redisAppendCommand(c, "RPUSH %s DEL,%s,%s",
transaction_list,
s_rule[i].table_name,
s_rule[i].rule_id);
s_rule[i].rule_uuid_str);
expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0);
(*cnt)++;
append_cmd_cnt++;
// Try to remove from expiration sorted set, no matter wheather it exists or not.
redisAppendCommand(c, "ZREM %s %s,%lld",
redisAppendCommand(c, "ZREM %s %s,%s",
mr_expire_sset,
s_rule[i].table_name,
s_rule[i].rule_id);
s_rule[i].rule_uuid_str);
expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0);
(*cnt)++;
append_cmd_cnt++;
// Try to remove from label sorted set, no matter wheather it exists or not.
redisAppendCommand(c, "ZREM %s %s,%lld",
redisAppendCommand(c, "ZREM %s %s,%s",
mr_label_sset,
s_rule[i].table_name,
s_rule[i].rule_id);
s_rule[i].rule_uuid_str);
expected_reply_add(expect_reply+*cnt, -1, REDIS_REPLY_INTEGER, 0);
(*cnt)++;
append_cmd_cnt++;
@@ -1085,11 +1085,11 @@ int maat_cmd_write_rule(redisContext *c, struct serial_rule *s_rule,
rule_seq = expected_reply[i].s_rule_seq;
log_fatal(logger, MODULE_REDIS_MONITOR,
"[%s:%d] %s %s %lld failed, rule id maybe conflict"
"[%s:%d] %s %s %s failed, rule id maybe conflict"
" or not exist", __FUNCTION__, __LINE__,
mr_op_str[s_rule[rule_seq].op],
s_rule[rule_seq].table_name,
s_rule[rule_seq].rule_id);
s_rule[rule_seq].rule_uuid_str);
success_cnt--;
last_failed = rule_seq;
}
@@ -1214,8 +1214,8 @@ check_maat_expiration(redisContext *c, struct log_handle *logger)
for (size_t i = 0; i < s_rule_num; i++) {
s_rule[i].op = MAAT_OP_DEL;
ret = sscanf(data_reply->element[i]->str, "%[^,],%lld",
s_rule[i].table_name, &(s_rule[i].rule_id));
ret = sscanf(data_reply->element[i]->str, "%[^,],%s",
s_rule[i].table_name, s_rule[i].rule_uuid_str);
assert(ret == 2);
}
freeReplyObject(data_reply);

61
src/maat_rule.c
View File

@@ -232,8 +232,18 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
struct maat_rule *rule = ALLOC(struct maat_rule, 1);
struct log_handle *logger = rule_rt->logger;
cJSON *tmp_obj = NULL;
cJSON *conditions = NULL;
cJSON *table_json = cJSON_Parse(table_line);
int table_id = table_manager_get_table_id(schema->ref_tbl_mgr, table_name);
if (table_id < 0) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> not found in table manager",
__FUNCTION__, __LINE__, table_name);
goto error;
}
rule->table_id = table_id;
rule->magic_num = MAAT_RULE_MAGIC;
uuid_copy(rule->rule_uuid, rule_uuid);
@@ -242,15 +252,15 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
rule->conditions[i].condition_id = 0;
}
tmp_obj = cJSON_GetObjectItem(table_json, "conditions");
if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) {
conditions = cJSON_GetObjectItem(table_json, "conditions");
if (conditions == NULL || conditions->type != cJSON_Array) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has no conditions or not array format",
__FUNCTION__, __LINE__, table_name);
goto error;
}
rule->condition_num = cJSON_GetArraySize(tmp_obj);
rule->condition_num = cJSON_GetArraySize(conditions);
if (rule->condition_num > MAX_ITEMS_PER_BOOL_EXPR) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> condition_num:%d exceed maximum:%d",
@@ -259,7 +269,7 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
}
for (int i = 0; i < rule->condition_num; i++) {
cJSON *condition_obj = cJSON_GetArrayItem(tmp_obj, i);
cJSON *condition_obj = cJSON_GetArrayItem(conditions, i);
struct rule_condition *condition = rule->conditions + i;
tmp_obj = cJSON_GetObjectItem(condition_obj, "attribute_name");
@@ -283,16 +293,9 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
tmp_obj = cJSON_GetObjectItem(condition_obj, "negate_option");
if (tmp_obj) {
if (tmp_obj->type != cJSON_String) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has no negate_option or not string format",
__FUNCTION__, __LINE__, table_name);
goto error;
}
if (strncmp(tmp_obj->valuestring, "true", 4) == 0) {
if (tmp_obj->type == cJSON_True) {
condition->negate_option = CONDITION_NEGATE_OPTION_SET;
} else if (strncmp(tmp_obj->valuestring, "false", 5) == 0) {
} else if (tmp_obj->type == cJSON_False) {
condition->negate_option = CONDITION_NEGATE_OPTION_UNSET;
} else {
log_fatal(logger, MODULE_RULE,
@@ -398,8 +401,12 @@ rule_item_new(const char *table_line, struct rule_schema *schema,
rule_item->table_line = ALLOC(char, rule_item->table_line_len + 1);
memcpy(rule_item->table_line, table_line, rule_item->table_line_len);
cJSON_Delete(table_json);
return rule_item;
error:
if (table_json) {
cJSON_Delete(table_json);
}
FREE(rule_item);
return NULL;
}
@@ -1369,11 +1376,11 @@ rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile
}
int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile_state,
uuid_t rule_id)
uuid_t *rule_id)
{
struct rule2table_id *tmp = NULL;
tmp = utarray_find(rule_compile_state->hit_rule_table_ids, &rule_id,
tmp = utarray_find(rule_compile_state->hit_rule_table_ids, rule_id,
compare_rule_uuid);
if (NULL == tmp) {
return -1;
@@ -1385,7 +1392,7 @@ int rule_compile_state_get_rule_table_id(struct rule_compile_state *rule_compile
static int
rule_runtime_add_rule(struct rule_runtime *rule_rt,
struct rule_schema *schema,
uuid_t rule_uuid, const char *table_name,
uuid_t *rule_uuid, const char *table_name,
const char *line, struct log_handle *logger)
{
struct maat_rule *rule = NULL;
@@ -1406,20 +1413,20 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash);
if (1 == updating_flag) {
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid,
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)rule_uuid,
sizeof(uuid_t));
} else {
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t));
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t));
}
if (rule != NULL) {
char rule_uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(rule_uuid, rule_uuid_str);
uuid_unparse(*rule_uuid, rule_uuid_str);
log_fatal(logger, MODULE_RULE,
"[%s:%d]rule_id:%s already existed in rule table, drop line:%s",
__FUNCTION__, __LINE__, rule_uuid_str, line);
}
rule = maat_rule_new(rule_rt, schema, table_name, rule_uuid, line, rule_item);
rule = maat_rule_new(rule_rt, schema, table_name, *rule_uuid, line, rule_item);
if (NULL == rule) {
log_fatal(logger, MODULE_RULE,
"[%s:%d]maat_rule_new failed, drop line:%s",
@@ -1427,14 +1434,14 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
return -1;
}
rcu_hash_add(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t), rule);
rcu_hash_add(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t), rule);
return 0;
}
static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
struct rule_schema *schema,
uuid_t rule_uuid,
uuid_t *rule_uuid,
struct log_handle *logger)
{
struct maat_rule *rule = NULL;
@@ -1442,11 +1449,11 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash);
if (1 == updating_flag) {
// find in updating hash
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid,
rule = rcu_updating_hash_find(rule_rt->cfg_hash, (char *)rule_uuid,
sizeof(uuid_t));
} else {
// find in effective hash
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t));
rule = rcu_hash_find(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t));
}
if (rule != NULL) {
@@ -1457,7 +1464,7 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
}
}
rcu_hash_del(rule_rt->cfg_hash, (char *)&rule_uuid, sizeof(uuid_t));
rcu_hash_del(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t));
}
}
@@ -1495,10 +1502,10 @@ int rule_runtime_update(void *rule_runtime, void *rule_schema,
if (MAAT_OP_DEL == op) {
// delete
rule_runtime_del_rule(rule_rt, schema, rule_uuid, rule_rt->logger);
rule_runtime_del_rule(rule_rt, schema, &rule_uuid, rule_rt->logger);
} else {
// add
int ret = rule_runtime_add_rule(rule_rt, schema, rule_uuid,
int ret = rule_runtime_add_rule(rule_rt, schema, &rule_uuid,
table_name, line, rule_rt->logger);
if (ret < 0) {
rule_rt->update_err_cnt++;

220
test/maat_json.json
View File

@@ -10,7 +10,7 @@
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "^AS1234$",
"expression": "^AS1234$",
"expr_type": "and"
}
}
@@ -24,7 +24,7 @@
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "^AS2345$",
"expression": "^AS2345$",
"expr_type": "and"
}
}
@@ -38,7 +38,7 @@
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "^AS6789$",
"expression": "^AS6789$",
"expr_type": "and"
}
}
@@ -52,7 +52,7 @@
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "^AS9001$",
"expression": "^AS9001$",
"expr_type": "and"
}
}
@@ -66,7 +66,7 @@
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "^AS9002$",
"expression": "^AS9002$",
"expr_type": "and"
}
}
@@ -80,7 +80,7 @@
"table_name": "AS_NUMBER",
"table_type": "expr",
"table_content": {
"keywords": "^AS9003$",
"expression": "^AS9003$",
"expr_type": "and"
}
}
@@ -107,7 +107,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "^sports.example.com$",
"expression": "^sports.example.com$",
"expr_type": "and"
}
}
@@ -200,7 +200,7 @@
"table_name": "GeoLocation",
"table_type": "expr",
"table_content": {
"keywords": "^Greece.Sparta$",
"expression": "^Greece.Sparta$",
"expr_type": "and"
}
}
@@ -247,7 +247,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "Take me Home&Batman\\",
"expression": "Take me Home&Batman\\",
"expr_type": "and"
}
}
@@ -261,7 +261,7 @@
"table_type": "expr",
"table_name": "MAIL_ADDR",
"table_content": {
"keywords": "^ceshi3@mailhost.cn",
"expression": "^ceshi3@mailhost.cn",
"expr_type": "and"
}
},
@@ -269,7 +269,7 @@
"table_type": "expr",
"table_name": "MAIL_ADDR",
"table_content": {
"keywords": "^ceshi6@mailhost.cn",
"expression": "^ceshi6@mailhost.cn",
"expr_type": "and"
}
}
@@ -283,7 +283,7 @@
"table_type": "expr",
"table_name": "MAIL_ADDR",
"table_content": {
"keywords": "^ceshi4@mailhost.cn",
"expression": "^ceshi4@mailhost.cn",
"expr_type": "and"
}
}
@@ -298,7 +298,7 @@
"table_type": "expr",
"table_content": {
"keywords": "Chrome/78.0.3904.108",
"expression": "Chrome/78.0.3904.108",
"expr_type": "and"
}
}
@@ -313,7 +313,7 @@
"table_type": "expr",
"table_content": {
"keywords": "uid=12345678",
"expression": "uid=12345678",
"expr_type": "and"
}
},
@@ -322,7 +322,7 @@
"table_type": "expr",
"table_content": {
"keywords": "sessionid=888888",
"expression": "sessionid=888888",
"expr_type": "and"
}
}
@@ -336,7 +336,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "2019/12/27",
"expression": "2019/12/27",
"expr_type": "and"
}
}
@@ -351,7 +351,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-199",
"expression": "must-contained-string-of-rule-199",
"expr_type": "and"
}
}
@@ -366,7 +366,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-199",
"expression": "must-not-contained-string-of-rule-199",
"expr_type": "and"
}
}
@@ -381,7 +381,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-200",
"expression": "must-contained-string-of-rule-200",
"expr_type": "and"
}
}
@@ -396,7 +396,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-200",
"expression": "must-not-contained-string-of-rule-200",
"expr_type": "and"
}
}
@@ -453,7 +453,7 @@
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "jianshu.com$",
"expression": "jianshu.com$",
"expr_type": "and"
}
}
@@ -468,7 +468,7 @@
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "^www.jianshu.com$",
"expression": "^www.jianshu.com$",
"expr_type": "and"
}
}
@@ -483,7 +483,7 @@
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "baidu.com$",
"expression": "baidu.com$",
"expr_type": "and"
}
}
@@ -498,7 +498,7 @@
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "^www.baidu.com$",
"expression": "^www.baidu.com$",
"expr_type": "and"
}
}
@@ -513,7 +513,7 @@
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "^mail.baidu.com$",
"expression": "^mail.baidu.com$",
"expr_type": "and"
}
}
@@ -528,7 +528,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "string-of-rule-217.com$",
"expression": "string-of-rule-217.com$",
"expr_type": "and"
}
}
@@ -543,7 +543,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "www.string-of-rule-217.com",
"expression": "www.string-of-rule-217.com",
"expr_type": "and"
}
}
@@ -663,7 +663,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "abckkk&123",
"expression": "abckkk&123",
"expr_type": "and"
}
}
@@ -728,7 +728,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "action=search\\&query=(.*)",
"expression": "action=search\\&query=(.*)",
"expr_type": "regex"
}
}
@@ -758,7 +758,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "should_not_hit_any_rule",
"expression": "should_not_hit_any_rule",
"expr_type": "and"
}
}
@@ -795,7 +795,7 @@
"table_type": "expr",
"table_content": {
"keywords": "abckkk&123",
"expression": "abckkk&123",
"expr_type": "and"
}
}
@@ -825,7 +825,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "C#中国",
"expression": "C#中国",
"expr_type": "and"
}
}
@@ -855,7 +855,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "2010&يىلىدىكى",
"expression": "2010&يىلىدىكى",
"expr_type": "and"
}
}
@@ -885,7 +885,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "سىياسىي",
"expression": "سىياسىي",
"expr_type": "and"
}
}
@@ -932,7 +932,7 @@
"table_name": "HTTP_HOST",
"table_type": "expr",
"table_content": {
"keywords": "www.3300av.com",
"expression": "www.3300av.com",
"expr_type": "and"
}
}
@@ -962,7 +962,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "novel&27122.txt",
"expression": "novel&27122.txt",
"expr_type": "and"
}
}
@@ -992,7 +992,7 @@
"table_name": "IMAGE_FP",
"table_type": "expr",
"table_content": {
"keywords": "(offset=4362,depth=4458)|323031333A30333A30372032333A35363A313000323031333A30333A30372032333A35363A3130000000FFE20C584943435F50524F46494C4500010100000C484C696E6F021000006D6E74725247422058595A2007CE00020009000600310000|",
"expression": "(offset=4362,depth=4458)|323031333A30333A30372032333A35363A313000323031333A30333A30372032333A35363A3130000000FFE20C584943435F50524F46494C4500010100000C484C696E6F021000006D6E74725247422058595A2007CE00020009000600310000|",
"expr_type": "and"
}
}
@@ -1022,7 +1022,7 @@
"table_name": "IMAGE_FP",
"table_type": "expr",
"table_content": {
"keywords": "(offset=19339,depth=19467)|6CB2CB2F2028474C994991CCFC65CCA5E3B6FF001673985D157358610CACC674EE64CC27B5721CCDABD9CCA7C8E9F7BB1F54A930A6034D50F92711F5B2DACCB0715D2E6873CE5CE431DC701A194C260E9DB78CC89F2C84745869AB88349A3AE0412AB59D9ABA84EDEFFF0057FA4DA66D333698B5AD6F844DA2226D1CADAD5E44|",
"expression": "(offset=19339,depth=19467)|6CB2CB2F2028474C994991CCFC65CCA5E3B6FF001673985D157358610CACC674EE64CC27B5721CCDABD9CCA7C8E9F7BB1F54A930A6034D50F92711F5B2DACCB0715D2E6873CE5CE431DC701A194C260E9DB78CC89F2C84745869AB88349A3AE0412AB59D9ABA84EDEFFF0057FA4DA66D333698B5AD6F844DA2226D1CADAD5E44|",
"expr_type": "and"
}
}
@@ -1054,7 +1054,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "should&hit&aaa",
"expression": "should&hit&aaa",
"expr_type": "and"
}
}
@@ -1086,7 +1086,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "should&hit&bbb",
"expression": "should&hit&bbb",
"expr_type": "and"
}
}
@@ -1116,7 +1116,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "2018-10-05",
"expression": "2018-10-05",
"expr_type": "and"
}
}
@@ -1148,7 +1148,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "i.ytimg.com",
"expression": "i.ytimg.com",
"expr_type": "and"
}
}
@@ -1178,7 +1178,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": ",IgpwcjA0LnN2bzAzKgkxMjcuMC4wLjE",
"expression": ",IgpwcjA0LnN2bzAzKgkxMjcuMC4wLjE",
"expr_type": "and"
}
}
@@ -1209,7 +1209,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-143",
"expression": "must-contained-string-of-rule-143",
"expr_type": "and"
}
}
@@ -1229,7 +1229,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-143",
"expression": "must-not-contained-string-of-rule-143",
"expr_type": "and"
}
}
@@ -1260,7 +1260,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-144",
"expression": "must-contained-string-of-rule-144",
"expr_type": "and"
}
}
@@ -1280,7 +1280,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-144",
"expression": "must-not-contained-string-of-rule-144",
"expr_type": "and"
}
}
@@ -1311,7 +1311,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-145",
"expression": "must-contained-string-of-rule-145",
"expr_type": "and"
}
}
@@ -1350,7 +1350,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-146",
"expression": "must-contained-string-of-rule-146",
"expr_type": "and"
}
}
@@ -1371,7 +1371,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-not-string-of-rule-146",
"expression": "must-contained-not-string-of-rule-146",
"expr_type": "and"
}
}
@@ -1411,7 +1411,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition0-in-rule-147",
"expression": "condition0-in-rule-147",
"expr_type": "and"
}
}
@@ -1432,7 +1432,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition1-in-rule-147",
"expression": "condition1-in-rule-147",
"expr_type": "and"
}
}
@@ -1453,7 +1453,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition2-in-rule-147",
"expression": "condition2-in-rule-147",
"expr_type": "and"
}
}
@@ -1474,7 +1474,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition3-in-rule-147",
"expression": "condition3-in-rule-147",
"expr_type": "and"
}
}
@@ -1495,7 +1495,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition4-in-rule-147",
"expression": "condition4-in-rule-147",
"expr_type": "and"
}
}
@@ -1516,7 +1516,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition5-in-rule-147",
"expression": "condition5-in-rule-147",
"expr_type": "and"
}
}
@@ -1537,7 +1537,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition6-in-rule-147",
"expression": "condition6-in-rule-147",
"expr_type": "and"
}
}
@@ -1558,7 +1558,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "condition7-in-rule-147",
"expression": "condition7-in-rule-147",
"expr_type": "and"
}
}
@@ -1588,7 +1588,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "Cookie:\\s.*head",
"expression": "Cookie:\\s.*head",
"expr_type": "regex"
}
}
@@ -1618,7 +1618,7 @@
"table_type": "expr",
"table_name": "TROJAN_PAYLOAD",
"table_content": {
"keywords": "(offset=0,depth=4)|01000000|",
"expression": "(offset=0,depth=4)|01000000|",
"expr_type": "and"
}
}
@@ -1637,7 +1637,7 @@
"table_type": "expr",
"table_name": "TROJAN_PAYLOAD",
"table_content": {
"keywords": "1:G2.40",
"expression": "1:G2.40",
"expr_type": "and"
}
}
@@ -1667,7 +1667,7 @@
"table_type": "expr",
"table_name": "MAIL_ADDR",
"table_content": {
"keywords": "ceshi3@mailhost.cn$",
"expression": "ceshi3@mailhost.cn$",
"expr_type": "and"
}
}
@@ -1805,7 +1805,7 @@
"table_type": "expr",
"table_name": "TROJAN_PAYLOAD",
"table_content": {
"keywords": "我的订单",
"expression": "我的订单",
"expr_type": "and"
}
}
@@ -1901,7 +1901,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "https://blog.csdn.net/littlefang/article/details/8213058",
"expression": "https://blog.csdn.net/littlefang/article/details/8213058",
"expr_type": "and"
}
}
@@ -1956,7 +1956,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": ">ЗАО «Севергазвтоматика АйС»<",
"expression": ">ЗАО «Севергазвтоматика АйС»<",
"expr_type": "and"
}
}
@@ -1987,7 +1987,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "cavemancircus.com/",
"expression": "cavemancircus.com/",
"expr_type": "and"
}
}
@@ -2037,7 +2037,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "2019/12/27/pretty-girls-6",
"expression": "2019/12/27/pretty-girls-6",
"expr_type": "and"
}
}
@@ -2342,7 +2342,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "string1&string2&string3&string4&string5&string6&string7&string8",
"expression": "string1&string2&string3&string4&string5&string6&string7&string8",
"expr_type": "and"
}
}
@@ -2456,7 +2456,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-186",
"expression": "must-not-contained-string-of-rule-186",
"expr_type": "and"
}
}
@@ -2506,7 +2506,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-187",
"expression": "must-not-contained-string-of-rule-187",
"expr_type": "and"
}
}
@@ -2556,7 +2556,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-188",
"expression": "must-not-contained-string-of-rule-188",
"expr_type": "and"
}
}
@@ -2606,7 +2606,7 @@
"table_type": "expr",
"table_content": {
"keywords": "|ab00|",
"expression": "|ab00|",
"expr_type": "and"
}
}
@@ -2636,7 +2636,7 @@
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "|54455354|",
"expression": "|54455354|",
"expr_type": "and"
}
}
@@ -2667,7 +2667,7 @@
"table_name": "FLAG_CONFIG",
"table_content": {
"flag": 1,
"flag_mask": 3
"mask": 3
}
}
]
@@ -2697,7 +2697,7 @@
"table_name": "FLAG_CONFIG",
"table_content": {
"flag": 2,
"flag_mask": 3
"mask": 3
}
}
]
@@ -2715,7 +2715,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "hello",
"expression": "hello",
"expr_type": "and"
}
}
@@ -2746,7 +2746,7 @@
"table_name": "FLAG_CONFIG",
"table_content": {
"flag": 21,
"flag_mask": 31
"mask": 31
}
}
]
@@ -2775,7 +2775,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "hqdefault.jpg",
"expression": "hqdefault.jpg",
"expr_type": "and"
}
}
@@ -2807,7 +2807,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "firewall",
"expression": "firewall",
"expr_type": "and"
}
}
@@ -3004,7 +3004,7 @@
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "123^456",
"expression": "123^456",
"expr_type": "regex"
}
}
@@ -3034,7 +3034,7 @@
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "|54455354|",
"expression": "|54455354|",
"expr_type": "and"
}
}
@@ -3065,7 +3065,7 @@
"table_name": "FLAG_CONFIG",
"table_content": {
"flag": 1,
"flag_mask": 3
"mask": 3
}
}
]
@@ -3212,7 +3212,7 @@
"table_name": "EXPR_LITERAL_PERF_CONFIG",
"table_type": "expr",
"table_content": {
"keywords": "today&yesterday",
"expression": "today&yesterday",
"expr_type": "and"
}
}
@@ -3243,7 +3243,7 @@
"table_name": "FLAG_PERF_CONFIG",
"table_content": {
"flag": 15,
"flag_mask": 15
"mask": 15
}
}
]
@@ -3272,7 +3272,7 @@
"table_name": "EXPR_REGEX_PERF_CONFIG",
"table_type": "expr",
"table_content": {
"keywords": "action=search\\&query=(.*)",
"expression": "action=search\\&query=(.*)",
"expr_type": "regex"
}
}
@@ -3312,7 +3312,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-for-rule-211",
"expression": "keywords-for-rule-211",
"expr_type": "and"
}
}
@@ -3352,7 +3352,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-for-rule-217",
"expression": "keywords-for-rule-217",
"expr_type": "and"
}
}
@@ -3413,7 +3413,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-1",
"expression": "keywords-dummy-219-1",
"expr_type": "and"
}
}
@@ -3434,7 +3434,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-2",
"expression": "keywords-dummy-219-2",
"expr_type": "and"
}
}
@@ -3455,7 +3455,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-3",
"expression": "keywords-dummy-219-3",
"expr_type": "and"
}
}
@@ -3476,7 +3476,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-4",
"expression": "keywords-dummy-219-4",
"expr_type": "and"
}
}
@@ -3497,7 +3497,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-5",
"expression": "keywords-dummy-219-5",
"expr_type": "and"
}
}
@@ -3518,7 +3518,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-6",
"expression": "keywords-dummy-219-6",
"expr_type": "and"
}
}
@@ -3539,7 +3539,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-7",
"expression": "keywords-dummy-219-7",
"expr_type": "and"
}
}
@@ -3560,7 +3560,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-219-8",
"expression": "keywords-dummy-219-8",
"expr_type": "and"
}
}
@@ -3592,7 +3592,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-220-1",
"expression": "keywords-dummy-220-1",
"expr_type": "and"
}
}
@@ -3613,7 +3613,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-220-2",
"expression": "keywords-dummy-220-2",
"expr_type": "and"
}
}
@@ -3634,7 +3634,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "keywords-dummy-220-3",
"expression": "keywords-dummy-220-3",
"expr_type": "and"
}
}
@@ -3666,7 +3666,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "not_logic_keywords_222",
"expression": "not_logic_keywords_222",
"expr_type": "and"
}
}
@@ -3698,7 +3698,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "not_logic_rule_223_1",
"expression": "not_logic_rule_223_1",
"expr_type": "and"
}
}
@@ -3719,7 +3719,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "not_logic_rule_223_2",
"expression": "not_logic_rule_223_2",
"expr_type": "and"
}
}
@@ -3740,7 +3740,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "not_logic_rule_223_3",
"expression": "not_logic_rule_223_3",
"expr_type": "and"
}
}
@@ -3772,7 +3772,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "not_logic_rule_224_1",
"expression": "not_logic_rule_224_1",
"expr_type": "and"
}
}
@@ -3793,7 +3793,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "not_logic_rule_224_2",
"expression": "not_logic_rule_224_2",
"expr_type": "and"
}
}
@@ -3825,7 +3825,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "GET / HTTP/1.1\\r\\nHost: www.baidu.com\\r\\n\\r\\n",
"expression": "GET / HTTP/1.1\\r\\nHost: www.baidu.com\\r\\n\\r\\n",
"expr_type": "and"
}
}
@@ -3894,7 +3894,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "youtube.com",
"expression": "youtube.com",
"expr_type": "and"
}
}
@@ -3944,7 +3944,7 @@
"table_name": "HTTP_URL",
"table_type": "expr",
"table_content": {
"keywords": "É",
"expression": "É",
"expr_type": "regex"
}
}
@@ -4084,7 +4084,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "html>\\\\r\\\\n",
"expression": "html>\\\\r\\\\n",
"expr_type": "and"
}
}
@@ -4116,7 +4116,7 @@
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "\\(\\)abc\\^\\$def\\|",
"expression": "\\(\\)abc\\^\\$def\\|",
"expr_type": "and"
}
}
@@ -4146,7 +4146,7 @@
"table_type": "expr",
"table_name": "KEYWORDS_TABLE",
"table_content": {
"keywords": "cd |6162|",
"expression": "cd |6162|",
"expr_type": "and"
}
}

47
test/test_utils.cpp
View File

@@ -32,20 +32,16 @@ make_serial_rule(const char *table_name, const char *line, void *u_para, enum ma
buff[strlen(line) - 1] = '\0';
}
const char *redis_rule_key = "TEST_RULE_KEY";
redisReply *reply =
maat_wrap_redis_command(ctx, NULL, "INCRBY %s %d", redis_rule_key, 1);
if (reply->type == REDIS_REPLY_NIL) {
printf("incrby redis_rule_key:%s failed.", redis_rule_key);
cJSON *json = cJSON_Parse(line);
if (NULL == json) {
return -1;
} else {
s_rule->rule_id = maat_read_redis_integer(reply);
freeReplyObject(reply);
reply = NULL;
}
}
cJSON *rule_uuid = cJSON_GetObjectItem(json, "uuid");
if (NULL == rule_uuid || rule_uuid->type != cJSON_String) {
return -1;
}
maat_set_serial_rule(s_rule + line_idx, MAAT_OP_ADD, s_rule->rule_id,
maat_set_serial_rule(s_rule + line_idx, op, rule_uuid->valuestring,
table_name, buff, absolute_expire_time);
(s_rule + line_idx)->ref_ctx = ctx;
line_idx++;
@@ -120,9 +116,9 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por
}
int rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long rule_id,
const char *user_region, int condition_num,
int expire_after)
enum maat_operation op, uuid_t rule_uuid,
const char *user_region, struct maat_cmd_condition conditions[],
int condition_num, int expire_after)
{
char table_line[1024 * 16] = {0};
sprintf(table_line, "%lld\t0\t0\t0\t0\t0\t%s\t%d\t%d\t0.0",
@@ -137,28 +133,10 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
return maat_cmd_set_line(maat_inst, &line_rule, op);
}
#if 0 //TODO
#define TO_OBJECT2X_KEY(object_id, parent_id, condition_index) \
(((unsigned long)object_id<<32|parent_id) + condition_index)
int object2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long object_id,
long long rule_id, int negate_option,
const char *attribute_name, int condition_index,
int expire_after)
{
char table_line[128] = {0};
sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d\t%d",
object_id, rule_id, negate_option, attribute_name, condition_index, op);
struct maat_cmd_line line_rule;
line_rule.rule_id = TO_OBJECT2X_KEY(object_id, rule_id, condition_index);
line_rule.table_line = table_line;
line_rule.table_name = table_name;
line_rule.expire_after = expire_after;
return maat_cmd_set_line(maat_inst, &line_rule, op);
}
int object2object_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long object_id,
long long sub_object_id, int expire_after)
@@ -273,6 +251,7 @@ int flag_table_set_line(struct maat *maat_inst, const char *table_name,
return maat_cmd_set_line(maat_inst, &line_rule, op);
}
#endif
void random_keyword_generate(char *keyword_buf, size_t sz)
{

18
test/test_utils.h
View File

@@ -4,19 +4,19 @@
#include "maat_command.h"
#include "ip_matcher/ip_matcher.h"
struct maat_cmd_condition {
const char *object_uuids_str[8];
int object_num;
int negate_option;
const char *attribute_name;
};
int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_port,
int redis_db, struct log_handle *logger);
int rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long rule_id,
const char *user_region, int condition_num,
int expire_after);
int object2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long object_id,
long long rule_id, int negate_option,
const char *attribute_name, int condition_index,
int expire_after);
enum maat_operation op, uuid_t rule_uuid,
const char *user_region, struct maat_cmd_condition conditions[],
int condition_num, int expire_after);
int object2object_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long object_id,

11
tools/maat_redis_tool.cpp
View File

@@ -46,8 +46,13 @@ static int compare_serial_rule(const void *a, const void *b)
struct serial_rule *rb=(struct serial_rule *)b;
int ret = strcmp(ra->table_name, rb->table_name);
if (0 == ret) {
ret = ra->rule_id - rb->rule_id;
uuid_t uuid_a;
uuid_t uuid_b;
uuid_parse(ra->rule_uuid_str, uuid_a);
uuid_parse(rb->rule_uuid_str, uuid_b);
ret = uuid_compare(uuid_a, uuid_b);
}
return ret;
@@ -183,8 +188,8 @@ static void read_rule_from_redis(redisContext *c, const char *output_path,
rule_list[i].table_line[line_len - 1] = '\0';
}
fprintf(table_fp, "%s\tkey=%lld\n", rule_list[i].table_line,
rule_list[i].rule_id);
fprintf(table_fp, "%s\tkey=%s\n", rule_list[i].table_line,
rule_list[i].rule_uuid_str);
line_count++;
}