在编译配置级别支持合取范式，编译配置最多8个子句（Clause）组成，子句内的分组是“或”运算，子句之间是“与”运算。

2020-05-30 20:56:49 +08:00
parent 091a19fd4c
commit 54504a9d77
8 changed files with 259 additions and 110 deletions
--- a/test/maat_json.json
+++ b/test/maat_json.json
@@ -1,6 +1,42 @@
 {
    "compile_table": "COMPILE",
    "group_table": "GROUP",
+    "groups": [		
+			{
+				"group_name": "ASN1234",
+				"parent_group": "SRC_IP_ASN_1234",
+        "virtual_table":"SOURCE_IP_ASN",
+        "regions": [
+          {
+            "table_name": "AS_NUMBER",
+            "table_type": "string",
+            "table_content": {
+                "keywords": "AS1234",
+                "expr_type": "none",
+                "match_method": "exact",
+                "format": "uncase plain"
+            }
+          }
+        ]
+      },
+      {
+          "group_name": "ASN2345",
+          "parent_group": "DEST_IP_ASN_2345",
+          "virtual_table":"DESTINATION_IP_ASN",
+          "regions": [
+              {
+                  "table_name": "AS_NUMBER",
+                  "table_type": "string",
+                  "table_content": {
+                      "keywords": "AS2345",
+                      "expr_type": "none",
+                      "match_method": "exact",
+                      "format": "uncase plain"
+                  }
+              }
+          ]
+      }
+    ],
    "rules": [
        {
            "compile_id": 123,
@@ -1718,7 +1754,26 @@
 		                "not_flag":0                   
 		            }          
 		        ]
-		    }
+		    },
+        {
+            "compile_id": 178,
+            "service": 1,
+            "action": 1,
+            "do_blacklist": 1,
+            "do_log": 1,
+            "user_region": "non-top-object-as-virtual",
+            "is_valid": "yes",
+            "groups": [
+		            {
+		            		"group_name":"SRC_IP_ASN_1234",
+		                "not_flag":0                   
+		            },          	
+		            {
+		            		"group_name":"DEST_IP_ASN_2345",
+		                "not_flag":0                   
+		            }
+            ]
+        }
    ],
    "plugin_table": [
        {
--- a/test/table_info.conf
+++ b/test/table_info.conf
@@ -28,15 +28,15 @@
 7	FILE_DIGEST	digest	--
 8	HTTP_SIGNATURE	expr_plus	GBK	GBK	yes	0
 9	SIM_URL	similar	--
-10	IMAGE_FP	expr	UTF8	UTF8	yes	128	quickoff
+10	IMAGE_FP	expr	UTF8	UTF8	yes	128
 11	TEST_EFFECTIVE_RANGE_TABLE	plugin	{"valid":4,"tag":5}	--
 12	TEST_FOREIGN_KEY	plugin {"valid":4,"foreign":[6,8],"tag":3}	--
 13	COMPILE_ALIAS	compile	escape	--
 14	TEST_PLUGIN_EXDATA_TABLE	plugin {"key":2,"valid":4,"tag":5,"estimate_size":1024}	--
 15	IR_INTERCEPT_IP plugin  {"valid":14,"tag":18}
-16	APP_PAYLOAD	expr_plus	UTF8	UTF8	yes	0	quickoff
-17	TROJAN_PAYLOAD	expr	UTF8	UTF8	yes	0	quickoff
-18	MAIL_ADDR	expr	UTF8	UTF8	yes	0	quickoff
+16	APP_PAYLOAD	expr_plus	UTF8	UTF8	yes	0
+17	TROJAN_PAYLOAD	expr	UTF8	UTF8	yes	0
+18	MAIL_ADDR	expr	UTF8	UTF8	yes	0
 19	IP_PLUS_CONFIG	ip_plus	--
 20	HTTP_RESPONSE_KEYWORDS	virtual	KEYWORDS_TABLE	--
 21	HTTP_REQUEST_HEADER	virtual	HTTP_SIGNATURE	--
@@ -48,4 +48,7 @@
 25	COMPOSITION_IP_DESTINATION	virtual	IP_PLUS_CONFIG	--
 26	COMPOSITION_IP_SESSION	virtual	IP_PLUS_CONFIG	--
 27	COMPOSITION_IP	composition	{"source":"COMPOSITION_IP_SOURCE","destination":"COMPOSITION_IP_DESTINATION","session":"COMPOSITION_IP_SESSION"}
-28	TEST_IP_PLUGIN_WITH_EXDATA	ip_plugin {"row_id":1,"ip_type":2,"start_ip":3,"end_ip":4,"valid":6}	--
+28	TEST_IP_PLUGIN_WITH_EXDATA	ip_plugin {"row_id":1,"ip_type":2,"start_ip":3,"end_ip":4,"valid":6}	--
+29	AS_NUMBER	expr	UTF8	UTF8	yes	0
+30	SOURCE_IP_ASN	virtual	AS_NUMBER	--
+31	DESTINATION_IP_ASN	virtual	AS_NUMBER	--
--- a/test/test_maatframe.cpp
+++ b/test/test_maatframe.cpp
@@ -1732,7 +1732,7 @@ TEST(ScanResult, LongerServiceDefine)
 }
 TEST(VirtualTable, VirtualWithPhysical)
 {
-#define TestVirtualTable1
+#define VT_VirtualWithPhysical
 	int ret=0, table_id=0;
 	const char* http_content="Batman\\:Take me Home.Superman/:Fine,stay with me.";
 	const char* http_url="https://blog.csdn.net/littlefang/article/details/8213058";
@@ -1772,7 +1772,7 @@ TEST(VirtualTable, VirtualWithPhysical)
 }
 TEST(VirtualTable, VirtualWithVirtual)
 {
-#define TestVirtualTable2
+#define VT_VirtualWithVirtual
 	int ret=0, table_id=0;
 	const char* http_req_hdr_ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36";
 	const char* http_resp_hdr_cookie="uid=12345678;BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; sugstore=1;";
@@ -1812,7 +1812,7 @@ TEST(VirtualTable, VirtualWithVirtual)
 }
 TEST(VirtualTable, OneGroupInTwoVirtual)
 {
-#define TestVirtualTable3
+#define VT_OneGroupInTwoVirtual
 	int ret=0, table_id=0;
 	const char* http_resp_hdr_cookie="sessionid=888888;BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; sugstore=1;";
 	
@@ -1849,6 +1849,36 @@ TEST(VirtualTable, OneGroupInTwoVirtual)

 	return;
 }
+TEST(VirtualTable, VirtualAsNonTopObject)
+{
+#define VT_AsNonTopObject
+	int ret=0, table_id=0;
+
+	const char* src_asn="AS1234", *dst_asn="AS2345";
+	
+	struct Maat_rule_t result[4];
+	memset(result, 0, sizeof(result));
+	
+	scan_status_t mid=NULL;
+
+	table_id=Maat_table_register(g_feather, "SOURCE_IP_ASN");	
+	ASSERT_GT(table_id, 0);
+	ret=Maat_full_scan_string(g_feather, table_id, CHARSET_GBK, src_asn, strlen(src_asn), 
+						result, NULL, 4, &mid, 0);
+	EXPECT_EQ(ret, -2);
+	
+
+	table_id=Maat_table_register(g_feather, "DESTINATION_IP_ASN");	
+	ASSERT_GT(table_id, 0);
+	ret=Maat_full_scan_string(g_feather, table_id, CHARSET_GBK, dst_asn, strlen(dst_asn), 
+						result, NULL, 4, &mid, 0);
+	EXPECT_EQ(ret, 1);
+	EXPECT_EQ(result[0].config_id, 178);	
+
+	Maat_clean_status(&mid);
+
+	return;
+}


 class MaatFileTest : public testing::Test