diff --git a/include/maat.h b/include/maat.h index c6bba19..1167cd5 100644 --- a/include/maat.h +++ b/include/maat.h @@ -25,14 +25,14 @@ extern "C" #include #include -#define MAX_ATTR_NAME_LEN 128 +#define MAX_FIELD_NAME_LEN 128 /* maat instance handle */ struct maat; struct maat_hit_path { int Nth_scan; - char attribute_name[MAX_ATTR_NAME_LEN]; // 0 is not a attribute. + char field_name[MAX_FIELD_NAME_LEN]; // 0 is not a field. int negate_option; // 1 means negate condition(condition) int condition_index; // 0 ~ 7 uuid_t item_uuid; @@ -44,7 +44,7 @@ struct maat_hit_path { struct maat_hit_object { uuid_t item_uuid; uuid_t object_uuid; - char attribute_name[MAX_ATTR_NAME_LEN]; + char field_name[MAX_FIELD_NAME_LEN]; }; enum maat_scan_status { @@ -254,11 +254,11 @@ struct maat_state; * MAAT_SCAN_HALF_HIT * MAAT_SCAN_HIT */ -int maat_scan_flag(struct maat *instance, const char *table_name, const char *attribute_name, +int maat_scan_flag(struct maat *instance, const char *table_name, const char *field_name, long long flag, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_integer(struct maat *instance, const char *table_name, const char *attribute_name, +int maat_scan_integer(struct maat *instance, const char *table_name, const char *field_name, long long integer, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); @@ -266,34 +266,34 @@ int maat_scan_integer(struct maat *instance, const char *table_name, const char * @param ip_addr: ipv4 address in network order * @param port: port in host order. If the port is not specified, use -1. Note that 0 is a valid port. */ -int maat_scan_ipv4_port(struct maat *instance, const char *table_name, const char *attribute_name, +int maat_scan_ipv4_port(struct maat *instance, const char *table_name, const char *field_name, uint32_t ip_addr, int port, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_ipv6_port(struct maat *instance, const char *table_name, const char *attribute_name, +int maat_scan_ipv6_port(struct maat *instance, const char *table_name, const char *field_name, uint8_t *ip_addr, int port, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_ipv4(struct maat *instance, const char *table_name, const char *attribute_name, +int maat_scan_ipv4(struct maat *instance, const char *table_name, const char *field_name, uint32_t ip_addr, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_ipv6(struct maat *instance, const char *table_name, const char *attribute_name, +int maat_scan_ipv6(struct maat *instance, const char *table_name, const char *field_name, uint8_t *ip_addr, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_string(struct maat *instance, const char *table_name, const char *attribute_name, +int maat_scan_string(struct maat *instance, const char *table_name, const char *field_name, const char *data, size_t data_len, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_object(struct maat *instance, const char *table_name, const char *attribute_name, +int maat_scan_object(struct maat *instance, const char *table_name, const char *field_name, struct maat_hit_object *objects, size_t n_object, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); -int maat_scan_not_logic(struct maat *instance, const char *table_name, const char *attribute_name, +int maat_scan_not_logic(struct maat *instance, const char *table_name, const char *field_name, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state); struct maat_stream; -struct maat_stream *maat_stream_new(struct maat *instance, const char *table_name, const char *attribute_name, struct maat_state *state); +struct maat_stream *maat_stream_new(struct maat *instance, const char *table_name, const char *field_name, struct maat_state *state); int maat_stream_scan(struct maat_stream *stream, const char *data, int data_len, uuid_t *results, size_t n_result, size_t *n_hit_result, diff --git a/src/inc_internal/maat_expr.h b/src/inc_internal/maat_expr.h index ed4081b..2cbba06 100644 --- a/src/inc_internal/maat_expr.h +++ b/src/inc_internal/maat_expr.h @@ -57,12 +57,12 @@ long long expr_runtime_get_version(void *expr_runtime); * @retval the num of hit object_id */ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data, - size_t data_len, const char *attribute_name, struct maat_state *state); + size_t data_len, const char *field_name, struct maat_state *state); struct expr_runtime_stream *expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id); int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream, const char *data, - size_t data_len, const char *attribute_name, struct maat_state *state); + size_t data_len, const char *field_name, struct maat_state *state); void expr_runtime_stream_close(struct expr_runtime_stream *expr_rt_stream); diff --git a/src/inc_internal/maat_flag.h b/src/inc_internal/maat_flag.h index c89d64b..a783374 100644 --- a/src/inc_internal/maat_flag.h +++ b/src/inc_internal/maat_flag.h @@ -48,7 +48,7 @@ long long flag_runtime_rule_count(void *flag_runtime); * @retval the num of hit object_id */ int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, long long flag, - const char *attribute_name, struct maat_state *state); + const char *field_name, struct maat_state *state); void flag_runtime_perf_stat(struct flag_runtime *flag_rt, struct timespec *start, struct timespec *end, int thread_id); diff --git a/src/inc_internal/maat_interval.h b/src/inc_internal/maat_interval.h index a795917..1bb35f8 100644 --- a/src/inc_internal/maat_interval.h +++ b/src/inc_internal/maat_interval.h @@ -49,7 +49,7 @@ long long interval_runtime_rule_count(void *interval_runtime); * @retval the num of hit object_id */ int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id, - long long integer, const char *attribute_name, struct maat_state *state); + long long integer, const char *field_name, struct maat_state *state); void interval_runtime_perf_stat(struct interval_runtime *interval_rt, struct timespec *start, struct timespec *end, diff --git a/src/inc_internal/maat_ip.h b/src/inc_internal/maat_ip.h index 12b337c..653a37a 100644 --- a/src/inc_internal/maat_ip.h +++ b/src/inc_internal/maat_ip.h @@ -42,7 +42,7 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime); /* ip runtime scan API */ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, - uint8_t *ip_addr, int port, const char *attribute_name, struct maat_state *state); + uint8_t *ip_addr, int port, const char *field_name, struct maat_state *state); void ip_runtime_perf_stat(struct ip_runtime *ip_rt, struct timespec *start, struct timespec *end, int thread_id); diff --git a/src/inc_internal/maat_rule.h b/src/inc_internal/maat_rule.h index 42739bf..ca2e9e5 100644 --- a/src/inc_internal/maat_rule.h +++ b/src/inc_internal/maat_rule.h @@ -69,14 +69,14 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state, struct maat *maat_instance, int thread_id); int rule_compile_state_update(struct maat_state *maat_state, struct maat *maat_inst, - const char *attribute_name, int custom_rule_tbl_id, int Nth_scan, + const char *field_name, int custom_rule_tbl_id, int Nth_scan, struct maat_item *hit_items, size_t n_hit_item); void rule_compile_state_clear_last_hit_object(struct rule_compile_state *rule_state); void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile_state, struct rule_runtime *rule_rt, - struct maat *maat_inst, const char *attribute_name, + struct maat *maat_inst, const char *field_name, int Nth_scan); size_t rule_compile_state_get_internal_hit_paths(struct maat_state *maat_state, diff --git a/src/maat_api.c b/src/maat_api.c index 34283db..45fe377 100644 --- a/src/maat_api.c +++ b/src/maat_api.c @@ -56,7 +56,7 @@ struct maat_stream { struct log_handle *logger; int thread_id; int table_id; - char attribute_name[MAX_ATTR_NAME_LEN]; + char field_name[MAX_FIELD_NAME_LEN]; }; struct maat_options* maat_options_new(void) @@ -1024,7 +1024,7 @@ int maat_bool_plugin_table_get_ex_data(struct maat *maat_inst, const char *table static int flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag, - int table_id, const char *attribute_name, struct maat_state *state) + int table_id, const char *field_name, struct maat_state *state) { enum table_type table_type = table_manager_get_table_type(tbl_mgr, table_id); @@ -1041,7 +1041,7 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag, flag_runtime_scan_times_inc((struct flag_runtime *)flag_rt, thread_id); int object_hit_cnt = flag_runtime_scan((struct flag_runtime *)flag_rt, - thread_id, flag, attribute_name, state); + thread_id, flag, field_name, state); if (object_hit_cnt <= 0) { return object_hit_cnt; } @@ -1053,7 +1053,7 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag, static int interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer, - int table_id, const char *attribute_name, struct maat_state *state) + int table_id, const char *field_name, struct maat_state *state) { enum table_type table_type = @@ -1071,7 +1071,7 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer, interval_runtime_scan_times_inc((struct interval_runtime *)interval_rt, thread_id); int object_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt, - thread_id, integer, attribute_name, state); + thread_id, integer, field_name, state); if (object_hit_cnt <= 0) { return object_hit_cnt; } @@ -1083,7 +1083,7 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer, static int ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr, - int port, int table_id, const char *attribute_name, struct maat_state *state) + int port, int table_id, const char *field_name, struct maat_state *state) { enum table_type table_type = @@ -1100,7 +1100,7 @@ ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr, ip_runtime_scan_times_inc(ip_rt, thread_id); int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4, - (uint8_t *)&ip_addr, port, attribute_name, state); + (uint8_t *)&ip_addr, port, field_name, state); if (object_hit_cnt <= 0) { return object_hit_cnt; } @@ -1112,7 +1112,7 @@ ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr, static int ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr, - int port, int table_id, const char *attribute_name, struct maat_state *state) + int port, int table_id, const char *field_name, struct maat_state *state) { enum table_type table_type = @@ -1129,7 +1129,7 @@ ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr, ip_runtime_scan_times_inc(ip_rt, thread_id); int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6, - ip_addr, port, attribute_name, state); + ip_addr, port, field_name, state); if (object_hit_cnt <= 0) { return object_hit_cnt; } @@ -1142,7 +1142,7 @@ ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr, static int string_scan(struct table_manager *tbl_mgr, int thread_id, const char *data, size_t data_len, int table_id, - const char *attribute_name, struct maat_state *state) + const char *field_name, struct maat_state *state) { enum table_type table_type = table_manager_get_table_type(tbl_mgr, table_id); @@ -1161,7 +1161,7 @@ string_scan(struct table_manager *tbl_mgr, int thread_id, int object_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt, thread_id, data, data_len, - attribute_name, state); + field_name, state); if (object_hit_cnt <= 0) { return object_hit_cnt; } @@ -1192,7 +1192,7 @@ object_to_rule(struct maat *maat_inst, uuid_t *results, size_t n_result, results, n_result, state); } -int maat_scan_flag(struct maat *maat_inst, const char *table_name, const char *attribute_name, +int maat_scan_flag(struct maat *maat_inst, const char *table_name, const char *field_name, long long flag, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { @@ -1228,7 +1228,7 @@ int maat_scan_flag(struct maat *maat_inst, const char *table_name, const char *a alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); int hit_object_cnt = flag_scan(maat_inst->tbl_mgr, state->thread_id, flag, - table_id, attribute_name, state); + table_id, field_name, state); if (hit_object_cnt < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1268,7 +1268,7 @@ int maat_scan_flag(struct maat *maat_inst, const char *table_name, const char *a } } -int maat_scan_integer(struct maat *maat_inst, const char *table_name, const char *attribute_name, +int maat_scan_integer(struct maat *maat_inst, const char *table_name, const char *field_name, long long integer, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { @@ -1304,7 +1304,7 @@ int maat_scan_integer(struct maat *maat_inst, const char *table_name, const char alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); int hit_object_cnt = interval_scan(maat_inst->tbl_mgr, state->thread_id, integer, - table_id, attribute_name, state); + table_id, field_name, state); if (hit_object_cnt < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1344,7 +1344,7 @@ int maat_scan_integer(struct maat *maat_inst, const char *table_name, const char } } -int maat_scan_ipv4_port(struct maat *maat_inst, const char *table_name, const char *attribute_name, +int maat_scan_ipv4_port(struct maat *maat_inst, const char *table_name, const char *field_name, uint32_t ip_addr, int port, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { @@ -1380,7 +1380,7 @@ int maat_scan_ipv4_port(struct maat *maat_inst, const char *table_name, const ch alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); int hit_object_cnt = ipv4_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port, - table_id, attribute_name, state); + table_id, field_name, state); if (hit_object_cnt < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1420,7 +1420,7 @@ int maat_scan_ipv4_port(struct maat *maat_inst, const char *table_name, const ch } } -int maat_scan_ipv6_port(struct maat *maat_inst, const char *table_name, const char *attribute_name, +int maat_scan_ipv6_port(struct maat *maat_inst, const char *table_name, const char *field_name, uint8_t *ip_addr, int port, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { @@ -1456,7 +1456,7 @@ int maat_scan_ipv6_port(struct maat *maat_inst, const char *table_name, const ch alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); int hit_object_cnt = ipv6_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port, - table_id, attribute_name, state); + table_id, field_name, state); if (hit_object_cnt < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1497,23 +1497,23 @@ int maat_scan_ipv6_port(struct maat *maat_inst, const char *table_name, const ch } #define PORT_IGNORED -1 -inline int maat_scan_ipv6(struct maat *instance, const char *table_name, const char *attribute_name, +inline int maat_scan_ipv6(struct maat *instance, const char *table_name, const char *field_name, uint8_t *ip_addr, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { - return maat_scan_ipv6_port(instance, table_name, attribute_name, ip_addr, PORT_IGNORED, + return maat_scan_ipv6_port(instance, table_name, field_name, ip_addr, PORT_IGNORED, results, n_result, n_hit_result, state); } -inline int maat_scan_ipv4(struct maat *instance, const char *table_name, const char *attribute_name, +inline int maat_scan_ipv4(struct maat *instance, const char *table_name, const char *field_name, uint32_t ip_addr, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { - return maat_scan_ipv4_port(instance, table_name, attribute_name, ip_addr, PORT_IGNORED, + return maat_scan_ipv4_port(instance, table_name, field_name, ip_addr, PORT_IGNORED, results, n_result, n_hit_result, state); } -int maat_scan_string(struct maat *maat_inst, const char *table_name, const char *attribute_name, +int maat_scan_string(struct maat *maat_inst, const char *table_name, const char *field_name, const char *data, size_t data_len, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { @@ -1550,7 +1550,7 @@ int maat_scan_string(struct maat *maat_inst, const char *table_name, const char alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); int hit_object_cnt = string_scan(maat_inst->tbl_mgr, state->thread_id, data, - data_len, table_id, attribute_name, state); + data_len, table_id, field_name, state); if (hit_object_cnt < 0) { maat_inst->stat->scan_err_cnt++; return MAAT_SCAN_ERR; @@ -1590,7 +1590,7 @@ int maat_scan_string(struct maat *maat_inst, const char *table_name, const char } } -static void maat_state_add_hit_object(struct maat_state *state, const char *attribute_name, +static void maat_state_add_hit_object(struct maat_state *state, const char *field_name, struct maat_hit_object *objects, size_t n_object) { struct maat *maat_inst = state->maat_inst; @@ -1617,13 +1617,13 @@ static void maat_state_add_hit_object(struct maat_state *state, const char *attr uuid_copy(hit_items[i].object_uuid, objects[i].object_uuid); } - rule_compile_state_update(state, maat_inst, attribute_name, + rule_compile_state_update(state, maat_inst, field_name, state->rule_table_id, state->Nth_scan, hit_items, n_hit_item); } static void -maat_state_activate_hit_not_object(struct maat_state *state, const char *attribute_name) +maat_state_activate_hit_not_object(struct maat_state *state, const char *field_name) { if (NULL == state) { return; @@ -1648,10 +1648,10 @@ maat_state_activate_hit_not_object(struct maat_state *state, const char *attribu } rule_compile_state_not_logic_update(state->rule_compile_state, rule_rt, maat_inst, - attribute_name, state->Nth_scan); + field_name, state->Nth_scan); } -int maat_scan_object(struct maat *maat_inst, const char *table_name, const char *attribute_name, +int maat_scan_object(struct maat *maat_inst, const char *table_name, const char *field_name, struct maat_hit_object *objects, size_t n_object, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) @@ -1678,7 +1678,7 @@ int maat_scan_object(struct maat *maat_inst, const char *table_name, const char maat_runtime_ref_inc(maat_rt, state->thread_id); alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); - maat_state_add_hit_object(state, attribute_name, objects, n_object); + maat_state_add_hit_object(state, field_name, objects, n_object); size_t hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state); *n_hit_result = hit_rule_cnt; @@ -1692,7 +1692,7 @@ int maat_scan_object(struct maat *maat_inst, const char *table_name, const char return MAAT_SCAN_OK; } -int maat_scan_not_logic(struct maat *maat_inst, const char *table_name, const char *attribute_name, +int maat_scan_not_logic(struct maat *maat_inst, const char *table_name, const char *field_name, uuid_t *results, size_t n_result, size_t *n_hit_result, struct maat_state *state) { @@ -1713,7 +1713,7 @@ int maat_scan_not_logic(struct maat *maat_inst, const char *table_name, const ch maat_runtime_ref_inc(maat_rt, state->thread_id); alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1); - maat_state_activate_hit_not_object(state, attribute_name); + maat_state_activate_hit_not_object(state, field_name); size_t hit_rule_cnt = object_to_rule(maat_inst, results, n_result, state); *n_hit_result = hit_rule_cnt; @@ -1727,7 +1727,7 @@ int maat_scan_not_logic(struct maat *maat_inst, const char *table_name, const ch return MAAT_SCAN_OK; } -struct maat_stream *maat_stream_new(struct maat *maat_inst, const char *table_name, const char *attribute_name, struct maat_state *state) +struct maat_stream *maat_stream_new(struct maat *maat_inst, const char *table_name, const char *field_name, struct maat_state *state) { if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) { return NULL; @@ -1738,7 +1738,7 @@ struct maat_stream *maat_stream_new(struct maat *maat_inst, const char *table_na stream->last_full_version = maat_inst->last_full_version; stream->thread_id = state->thread_id; stream->table_id = table_manager_get_table_id(maat_inst->tbl_mgr, table_name); - snprintf(stream->attribute_name, sizeof(stream->attribute_name), "%s", attribute_name); + snprintf(stream->field_name, sizeof(stream->field_name), "%s", field_name); stream->logger = maat_inst->logger; enum table_type table_type = TABLE_TYPE_INVALID; @@ -1797,7 +1797,7 @@ static int expr_stream_scan(struct maat_stream *stream, const char *data, data_len); int object_hit_cnt = expr_runtime_stream_scan(stream->expr_rt_stream, data, - data_len, stream->attribute_name, state); + data_len, stream->field_name, state); if (object_hit_cnt <= 0) { return object_hit_cnt; } diff --git a/src/maat_config_monitor.c b/src/maat_config_monitor.c index 53a42d1..a28bfaf 100644 --- a/src/maat_config_monitor.c +++ b/src/maat_config_monitor.c @@ -348,10 +348,10 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff) /* "rules": [ "items":[ { { - "uuid": "201", "table_name": "ATTR_APP_ID", + "uuid": "201", "table_name": "FIELD_APP_ID", "conditions": [ "table_content": { { "uuid": "1", - "attribute_name": "ATTR_APP_ID", "object_uuid": "1", + "field_name": "FIELD_APP_ID", "object_uuid": "1", "objects": [ "interval": "4001" { "items":[ --------------> } @@ -363,7 +363,7 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff) ] "uuid": "201", } "conditions": [ ], { - "misc": "blah, blah" "attribute_name": "ATTR_APP_ID", + "misc": "blah, blah" "field_name": "FIELD_APP_ID", } "object_uuids": ["1"] ] } ] diff --git a/src/maat_expr.c b/src/maat_expr.c index 64794bf..056c324 100644 --- a/src/maat_expr.c +++ b/src/maat_expr.c @@ -813,7 +813,7 @@ long long expr_runtime_get_version(void *expr_runtime) int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data, size_t data_len, - const char *attribute_name, struct maat_state *state) + const char *field_name, struct maat_state *state) { //clear rule_state->last_hit_object if (state != NULL && state->rule_compile_state != NULL) { @@ -877,7 +877,7 @@ next: state->thread_id, 1); } - return rule_compile_state_update(state, state->maat_inst, attribute_name, + return rule_compile_state_update(state, state->maat_inst, field_name, state->rule_table_id, state->Nth_scan, hit_maat_items, real_hit_item_num); } @@ -903,7 +903,7 @@ expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id) int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream, const char *data, size_t data_len, - const char *attribute_name, struct maat_state *state) + const char *field_name, struct maat_state *state) { struct expr_runtime *expr_rt = expr_rt_stream->ref_expr_rt; @@ -970,7 +970,7 @@ next: state->thread_id, 1); } - return rule_compile_state_update(state, state->maat_inst, attribute_name, + return rule_compile_state_update(state, state->maat_inst, field_name, state->rule_table_id, state->Nth_scan, hit_maat_items, real_hit_item_cnt); } diff --git a/src/maat_flag.c b/src/maat_flag.c index cbdc8a8..fc3773c 100644 --- a/src/maat_flag.c +++ b/src/maat_flag.c @@ -401,7 +401,7 @@ long long flag_runtime_rule_count(void *flag_runtime) } int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, - long long flag, const char *attribute_name, struct maat_state *state) + long long flag, const char *field_name, struct maat_state *state) { //clear rule_state->last_hit_object if (state != NULL && state->rule_compile_state != NULL) { @@ -458,7 +458,7 @@ next: state->thread_id, 1); } - return rule_compile_state_update(state, state->maat_inst, attribute_name, + return rule_compile_state_update(state, state->maat_inst, field_name, state->rule_table_id, state->Nth_scan, hit_maat_items, real_hit_item_cnt); } diff --git a/src/maat_interval.c b/src/maat_interval.c index c9f671c..d764112 100644 --- a/src/maat_interval.c +++ b/src/maat_interval.c @@ -409,7 +409,7 @@ long long interval_runtime_rule_count(void *interval_runtime) } int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id, - long long integer, const char *attribute_name, struct maat_state *state) + long long integer, const char *field_name, struct maat_state *state) { //clear rule_state->last_hit_object if (state != NULL && state->rule_compile_state != NULL) { @@ -466,7 +466,7 @@ next: state->thread_id, 1); } - return rule_compile_state_update(state, state->maat_inst, attribute_name, + return rule_compile_state_update(state, state->maat_inst, field_name, state->rule_table_id, state->Nth_scan, hit_maat_items, real_hit_item_cnt); } diff --git a/src/maat_ip.c b/src/maat_ip.c index d61243d..98075f3 100644 --- a/src/maat_ip.c +++ b/src/maat_ip.c @@ -475,7 +475,7 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime) } int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type, - uint8_t *ip_addr, int port, const char *attribute_name, struct maat_state *state) + uint8_t *ip_addr, int port, const char *field_name, struct maat_state *state) { //clear rule_state->last_hit_object if (state != NULL && state->rule_compile_state != NULL) { @@ -553,7 +553,7 @@ next: state->thread_id, 1); } - return rule_compile_state_update(state, state->maat_inst, attribute_name, + return rule_compile_state_update(state, state->maat_inst, field_name, state->rule_table_id, state->Nth_scan, hit_maat_items, real_hit_item_cnt); } diff --git a/src/maat_rule.c b/src/maat_rule.c index d2dce18..471b80d 100644 --- a/src/maat_rule.c +++ b/src/maat_rule.c @@ -50,7 +50,7 @@ struct rule_item { struct condition_query_key { uuid_t object_uuid; - char attribute_name[MAX_ATTR_NAME_LEN]; + char field_name[MAX_FIELD_NAME_LEN]; int negate_option; }; @@ -61,15 +61,15 @@ struct condition_id_kv { }; struct table_condition { - char attribute_name[MAX_ATTR_NAME_LEN]; + char field_name[MAX_FIELD_NAME_LEN]; int actual_condition_num; UT_array *condition_ids; UT_array *object_ids; UT_hash_handle hh; }; -struct negate_attribute_object { - char attribute_name[MAX_ATTR_NAME_LEN]; +struct negate_field_object { + char field_name[MAX_FIELD_NAME_LEN]; UT_array *object_uuids; UT_hash_handle hh; }; @@ -83,7 +83,7 @@ struct rule_runtime { struct condition_id_kv *not_condition_id_kv_hash; //store NOT_condition_ids(negate_option == 1) struct bool_expr_match *expr_match_buff; struct maat_garbage_bin *ref_garbage_bin; - struct table_condition *tbl_not_condition_hash; //each attribute's negate condition number <= MAX_NOT_CONDITION_NUM + struct table_condition *tbl_not_condition_hash; //each field's negate condition number <= MAX_NOT_CONDITION_NUM struct log_handle *logger; time_t version; @@ -94,7 +94,7 @@ struct rule_runtime { struct condition_literal { uuid_t object_uuids[MAX_OBJECT_CNT]; int object_cnt; - char attribute_name[MAX_ATTR_NAME_LEN]; + char field_name[MAX_FIELD_NAME_LEN]; }; struct rule_condition { @@ -125,7 +125,7 @@ struct internal_hit_path { uuid_t object_uuid; int Nth_scan; int negate_option; // 1 means negate condition - char attribute_name[MAX_ATTR_NAME_LEN]; + char field_name[MAX_FIELD_NAME_LEN]; }; struct rule2table_id { @@ -147,7 +147,7 @@ struct rule_compile_state { UT_array *indirect_hit_objects; UT_array *last_hit_objects; UT_array *hit_rule_table_ids; - struct negate_attribute_object *hit_negate_attribute_objects; + struct negate_field_object *hit_negate_field_objects; }; UT_icd ut_condition_id_icd = {sizeof(long long), NULL, NULL, NULL}; @@ -194,11 +194,11 @@ static void maat_rule_free(struct maat_rule *rule) } static int validate_table_not_condition(struct rule_runtime *rule_rt, - struct table_manager *tbl_mgr, const char *attribute_name, + struct table_manager *tbl_mgr, const char *field_name, enum maat_operation op, struct log_handle *logger) { struct table_condition *not_condition = NULL; - HASH_FIND_STR(rule_rt->tbl_not_condition_hash, attribute_name, not_condition); + HASH_FIND_STR(rule_rt->tbl_not_condition_hash, field_name, not_condition); if (MAAT_OP_DEL == op) { //delete @@ -211,14 +211,14 @@ static int validate_table_not_condition(struct rule_runtime *rule_rt, //add if (NULL == not_condition) { not_condition = ALLOC(struct table_condition, 1); - snprintf(not_condition->attribute_name, sizeof(not_condition->attribute_name), "%s", attribute_name); + snprintf(not_condition->field_name, sizeof(not_condition->field_name), "%s", field_name); not_condition->actual_condition_num++; - HASH_ADD_STR(rule_rt->tbl_not_condition_hash, attribute_name, not_condition); + HASH_ADD_STR(rule_rt->tbl_not_condition_hash, field_name, not_condition); } else { if (not_condition->actual_condition_num >= MAX_NOT_CONDITION_NUM) { log_fatal(logger, MODULE_RULE, - "[%s:%d]attribute:<%s> negate condition num exceed maximum:%d", - __FUNCTION__, __LINE__, attribute_name, MAX_NOT_CONDITION_NUM); + "[%s:%d]field:<%s> negate condition num exceed maximum:%d", + __FUNCTION__, __LINE__, field_name, MAX_NOT_CONDITION_NUM); return -1; } not_condition->actual_condition_num++; @@ -296,24 +296,24 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule struct condition_literal tmp_literal; memset(&tmp_literal, 0, sizeof(tmp_literal)); - tmp_obj = cJSON_GetObjectItem(literal_obj, "attribute_name"); + tmp_obj = cJSON_GetObjectItem(literal_obj, "field_name"); if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { log_fatal(rule_rt->logger, MODULE_RULE, - "[%s:%d] table: <%s> has no attribute_name or not string format", + "[%s:%d] table: <%s> has no field_name or not string format", __FUNCTION__, __LINE__, table_name); goto error; } - if (strlen(tmp_obj->valuestring) >= sizeof(tmp_literal.attribute_name)) { + if (strlen(tmp_obj->valuestring) >= sizeof(tmp_literal.field_name)) { log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> attribute_name:%s length exceed maximum:%d", - __FUNCTION__, __LINE__, table_name, tmp_obj->valuestring, sizeof(tmp_literal.attribute_name)); + "[%s:%d] table: <%s> field_name:%s length exceed maximum:%d", + __FUNCTION__, __LINE__, table_name, tmp_obj->valuestring, sizeof(tmp_literal.field_name)); goto error; } - snprintf(tmp_literal.attribute_name, sizeof(tmp_literal.attribute_name), "%s", tmp_obj->valuestring); + snprintf(tmp_literal.field_name, sizeof(tmp_literal.field_name), "%s", tmp_obj->valuestring); if (condition->negate_option == CONDITION_NEGATE_OPTION_SET) { - int ret = validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, tmp_literal.attribute_name, MAAT_OP_ADD, logger); + int ret = validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, tmp_literal.field_name, MAAT_OP_ADD, logger); if (ret < 0) { log_fatal(logger, MODULE_RULE, "[%s:%d] table: <%s> validate negate_option failed, line: %s", @@ -732,7 +732,7 @@ build_condition_id_kv_hash(struct rule_runtime *rule_rt, int negate_option) memset(&key, 0, sizeof(key)); - memcpy(key.attribute_name, tmp_literal->attribute_name, sizeof(key.attribute_name)); + memcpy(key.field_name, tmp_literal->field_name, sizeof(key.field_name)); key.negate_option = condition->negate_option; uuid_copy(key.object_uuid, tmp_literal->object_uuids[k]); @@ -890,7 +890,7 @@ struct rule_compile_state *rule_compile_state_new(void) utarray_new(rule_compile_state->indirect_hit_objects, &ut_maat_hit_object_icd); utarray_new(rule_compile_state->last_hit_objects, &ut_maat_hit_object_icd); utarray_new(rule_compile_state->hit_rule_table_ids, &ut_hit_rule_table_id_icd); - rule_compile_state->hit_negate_attribute_objects = NULL; + rule_compile_state->hit_negate_field_objects = NULL; return rule_compile_state; } @@ -903,11 +903,11 @@ rule_compile_state_hit_not_condition_objects_free(struct rule_compile_state *rul } long long free_bytes = 0; - struct negate_attribute_object *negate_attr_obj = NULL, *tmp_negate_attr_obj = NULL; - HASH_ITER(hh, rule_compile_state->hit_negate_attribute_objects, negate_attr_obj, tmp_negate_attr_obj) { + struct negate_field_object *negate_attr_obj = NULL, *tmp_negate_attr_obj = NULL; + HASH_ITER(hh, rule_compile_state->hit_negate_field_objects, negate_attr_obj, tmp_negate_attr_obj) { free_bytes += (sizeof(negate_attr_obj) + utarray_len(negate_attr_obj->object_uuids) * sizeof(uuid_t)); - HASH_DEL(rule_compile_state->hit_negate_attribute_objects, negate_attr_obj); + HASH_DEL(rule_compile_state->hit_negate_field_objects, negate_attr_obj); if (negate_attr_obj->object_uuids != NULL) { utarray_free(negate_attr_obj->object_uuids); negate_attr_obj->object_uuids = NULL; @@ -938,8 +938,8 @@ void rule_compile_state_reset(struct rule_compile_state *rule_compile_state) utarray_clear(rule_compile_state->last_hit_objects); utarray_clear(rule_compile_state->hit_rule_table_ids); - struct negate_attribute_object *negate_attr_obj = NULL, *tmp_negate_attr_obj = NULL; - HASH_ITER(hh, rule_compile_state->hit_negate_attribute_objects, negate_attr_obj, tmp_negate_attr_obj) { + struct negate_field_object *negate_attr_obj = NULL, *tmp_negate_attr_obj = NULL; + HASH_ITER(hh, rule_compile_state->hit_negate_field_objects, negate_attr_obj, tmp_negate_attr_obj) { utarray_clear(negate_attr_obj->object_uuids); } } @@ -1027,7 +1027,7 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state, static void rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile_state, uuid_t item_uuid, uuid_t object_uuid, - const char *attribute_name, int negate_option, int Nth_scan) + const char *field_name, int negate_option, int Nth_scan) { if (NULL == rule_compile_state) { return; @@ -1037,7 +1037,7 @@ rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile uuid_copy(new_path.item_uuid, item_uuid); new_path.Nth_scan = Nth_scan; uuid_copy(new_path.object_uuid, object_uuid); - snprintf(new_path.attribute_name, sizeof(new_path.attribute_name), "%s", attribute_name); + snprintf(new_path.field_name, sizeof(new_path.field_name), "%s", field_name); new_path.negate_option = negate_option; utarray_push_back(rule_compile_state->internal_hit_paths, &new_path); @@ -1056,7 +1056,7 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule, for (size_t j = 0; j < utarray_len(condition->literals); j++) { tmp_literal = (struct condition_literal *)utarray_eltptr(condition->literals, j); - if (strncmp(tmp_literal->attribute_name, key->attribute_name, sizeof(key->attribute_name)) != 0) { + if (strncmp(tmp_literal->field_name, key->field_name, sizeof(key->field_name)) != 0) { continue; } @@ -1078,7 +1078,7 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule, static size_t maat_rule_get_hit_condition_index(struct maat_rule *rule, - const char *attribute_name, uuid_t *hit_object_uuid, + const char *field_name, uuid_t *hit_object_uuid, int *condition_idx_array, size_t array_size) { size_t hit_condition_cnt = 0; @@ -1094,7 +1094,7 @@ maat_rule_get_hit_condition_index(struct maat_rule *rule, for (size_t j = 0; j < utarray_len(tmp_condition->literals); j++) { tmp_literal = (struct condition_literal *)utarray_eltptr(tmp_condition->literals, j); - if (strncmp(tmp_literal->attribute_name, attribute_name, sizeof(tmp_literal->attribute_name)) != 0) { + if (strncmp(tmp_literal->field_name, field_name, sizeof(tmp_literal->field_name)) != 0) { continue; } @@ -1126,7 +1126,7 @@ maat_rule_is_hit_path_existed(const struct maat_hit_path *hit_paths, static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array, size_t array_idx, size_t n_hit_path, - size_t *n_new_hit_path, const char *attribute_name, + size_t *n_new_hit_path, const char *field_name, struct maat_rule *rule) { size_t i = 0; @@ -1144,7 +1144,7 @@ static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array, uuid_copy(hit_path_array[idx].rule_uuid, rule->rule_uuid); // find out which condition in rule hit n_condition_index = - maat_rule_get_hit_condition_index(rule, attribute_name, + maat_rule_get_hit_condition_index(rule, field_name, &hit_path_array[idx].top_object_uuid, condition_index_array, MAX_ITEMS_PER_BOOL_EXPR); @@ -1165,7 +1165,7 @@ static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array, hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path; new_hit_path_cnt++; n_condition_index = - maat_rule_get_hit_condition_index(rule, attribute_name, &tmp_path.top_object_uuid, + maat_rule_get_hit_condition_index(rule, field_name, &tmp_path.top_object_uuid, condition_index_array, MAX_ITEMS_PER_BOOL_EXPR); hit_path_array[n_hit_path + new_hit_path_cnt - 1].condition_index = condition_index_array[0]; if (n_condition_index > 1) { @@ -1219,11 +1219,11 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, uuid_copy(key.object_uuid, hit_path_array[j].top_object_uuid); } - memcpy(key.attribute_name, hit_path_array[j].attribute_name, sizeof(key.attribute_name)); + memcpy(key.field_name, hit_path_array[j].field_name, sizeof(key.field_name)); key.negate_option = hit_path_array[j].negate_option; if (maat_rule_has_condition_query_key(rule, &key)) { populate_hit_path_with_rule(hit_path_array, j, n_hit_path, - &n_new_hit_path, key.attribute_name, rule); + &n_new_hit_path, key.field_name, rule); } } } @@ -1234,7 +1234,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, static void rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compile_state, struct maat_item *hit_items, - size_t n_hit_items, const char *attribute_name) + size_t n_hit_items, const char *field_name) { if (NULL == rule_compile_state || NULL == hit_items) { return; @@ -1244,7 +1244,7 @@ rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compil for (size_t i = 0; i < n_hit_items; i++) { uuid_copy(hit_object.item_uuid, hit_items[i].item_uuid); uuid_copy(hit_object.object_uuid, hit_items[i].object_uuid); - snprintf(hit_object.attribute_name, sizeof(hit_object.attribute_name), "%s", attribute_name); + snprintf(hit_object.field_name, sizeof(hit_object.field_name), "%s", field_name); utarray_push_back(rule_compile_state->direct_hit_objects, &hit_object); } } @@ -1252,7 +1252,7 @@ rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compil static void rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_compile_state, uuid_t *object_uuids, - size_t n_object_uuids, const char *attribute_name) + size_t n_object_uuids, const char *field_name) { if (NULL == rule_compile_state || NULL == object_uuids) { return; @@ -1262,7 +1262,7 @@ rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_comp for (size_t i = 0; i < n_object_uuids; i++) { uuid_clear(hit_object.item_uuid); uuid_copy(hit_object.object_uuid, object_uuids[i]); - snprintf(hit_object.attribute_name, sizeof(hit_object.attribute_name), "%s", attribute_name); + snprintf(hit_object.field_name, sizeof(hit_object.field_name), "%s", field_name); utarray_push_back(rule_compile_state->indirect_hit_objects, &hit_object); } } @@ -1346,7 +1346,7 @@ rule_compile_state_add_hit_not_conditions(struct rule_compile_state *rule_compil static void rule_compile_state_update_hit_conditions(struct rule_compile_state *rule_compile_state, struct rule_runtime *rule_rt, - uuid_t object_uuid, const char *attribute_name) + uuid_t object_uuid, const char *field_name) { if (NULL == rule_compile_state || NULL == rule_rt) { return; @@ -1357,7 +1357,7 @@ rule_compile_state_update_hit_conditions(struct rule_compile_state *rule_compile memset(&key, 0, sizeof(key)); key.negate_option = 0; - snprintf(key.attribute_name, sizeof(key.attribute_name), "%s", attribute_name); + snprintf(key.field_name, sizeof(key.field_name), "%s", field_name); uuid_copy(key.object_uuid, object_uuid); HASH_FIND(hh, rule_rt->condition_id_kv_hash, &key, sizeof(key), condition_id_kv); @@ -1376,27 +1376,27 @@ static void rule_compile_state_cache_hit_not_objects(struct rule_compile_state *rule_compile_state, struct rule_runtime *rule_rt, uuid_t *hit_object_uuids, - size_t n_hit_object_uuid, const char *attribute_name) + size_t n_hit_object_uuid, const char *field_name) { if (NULL == rule_compile_state || NULL == rule_rt) { return; } - struct negate_attribute_object *negate_attr_obj = NULL; - HASH_FIND_STR(rule_compile_state->hit_negate_attribute_objects, attribute_name, negate_attr_obj); + struct negate_field_object *negate_attr_obj = NULL; + HASH_FIND_STR(rule_compile_state->hit_negate_field_objects, field_name, negate_attr_obj); if (negate_attr_obj == NULL || utarray_len(negate_attr_obj->object_uuids) == 0) { struct condition_id_kv *condition_id_kv = NULL, *tmp_condition_id_kv = NULL; HASH_ITER(hh, rule_rt->not_condition_id_kv_hash, condition_id_kv, tmp_condition_id_kv) { - if (strncmp(condition_id_kv->key.attribute_name, attribute_name, strlen(attribute_name)) != 0) { + if (strncmp(condition_id_kv->key.field_name, field_name, strlen(field_name)) != 0) { continue; } if (NULL == negate_attr_obj) { - negate_attr_obj = ALLOC(struct negate_attribute_object, 1); - snprintf(negate_attr_obj->attribute_name, sizeof(negate_attr_obj->attribute_name), "%s", attribute_name); + negate_attr_obj = ALLOC(struct negate_field_object, 1); + snprintf(negate_attr_obj->field_name, sizeof(negate_attr_obj->field_name), "%s", field_name); utarray_new(negate_attr_obj->object_uuids, &ut_rule_object_uuid_icd); - HASH_ADD_STR(rule_compile_state->hit_negate_attribute_objects, attribute_name, negate_attr_obj); + HASH_ADD_STR(rule_compile_state->hit_negate_field_objects, field_name, negate_attr_obj); } if (!utarray_find(negate_attr_obj->object_uuids, &(condition_id_kv->key.object_uuid), @@ -1519,7 +1519,7 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt, if (condition->in_use && condition->negate_option == CONDITION_NEGATE_OPTION_SET) { for (size_t j = 0; j < utarray_len(condition->literals); j++) { struct condition_literal *literal = (struct condition_literal *)utarray_eltptr(condition->literals, j); - validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, literal->attribute_name, MAAT_OP_DEL, logger); + validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, literal->field_name, MAAT_OP_DEL, logger); } } } @@ -1738,7 +1738,7 @@ int rule_runtime_match(struct rule_runtime *rule_rt, uuid_t *rule_uuids, } int rule_compile_state_update(struct maat_state *maat_state, struct maat *maat_inst, - const char *attribute_name, int custom_rule_tbl_id, int Nth_scan, + const char *field_name, int custom_rule_tbl_id, int Nth_scan, struct maat_item *hit_items, size_t n_hit_item) { size_t i = 0, j = 0; @@ -1756,7 +1756,7 @@ int rule_compile_state_update(struct maat_state *maat_state, struct maat *maat_i uuid_copy(hit_object.item_uuid, hit_items[i].item_uuid); uuid_copy(hit_object.object_uuid, hit_items[i].object_uuid); - snprintf(hit_object.attribute_name, sizeof(hit_object.attribute_name), "%s", attribute_name); + snprintf(hit_object.field_name, sizeof(hit_object.field_name), "%s", field_name); utarray_push_back(rule_compile_state->last_hit_objects, &hit_object); } @@ -1770,21 +1770,21 @@ int rule_compile_state_update(struct maat_state *maat_state, struct maat *maat_i for (i = 0; i < super_object_cnt; i++) { uuid_clear(hit_object.item_uuid); uuid_copy(hit_object.object_uuid, super_object_uuids[i]); - snprintf(hit_object.attribute_name, sizeof(hit_object.attribute_name), "%s", attribute_name); + snprintf(hit_object.field_name, sizeof(hit_object.field_name), "%s", field_name); utarray_push_back(rule_compile_state->last_hit_objects, &hit_object); } if (1 == maat_inst->opts.hit_path_on && hit_cnt > 0) { for (i = 0; i < hit_cnt; i++) { rule_compile_state_add_internal_hit_path(rule_compile_state, hit_items[i].item_uuid, - hit_items[i].object_uuid, attribute_name, 0, Nth_scan); + hit_items[i].object_uuid, field_name, 0, Nth_scan); } } if (1 == maat_inst->opts.hit_object_on) { - rule_compile_state_add_direct_hit_objects(rule_compile_state, hit_items, hit_cnt, attribute_name); + rule_compile_state_add_direct_hit_objects(rule_compile_state, hit_items, hit_cnt, field_name); rule_compile_state_add_indirect_hit_objects(rule_compile_state, super_object_uuids, - super_object_cnt, attribute_name); + super_object_cnt, field_name); } /* update hit condition */ @@ -1805,11 +1805,11 @@ int rule_compile_state_update(struct maat_state *maat_state, struct maat *maat_i for (i = 0; i < hit_cnt; i++) { rule_compile_state_update_hit_conditions(rule_compile_state, rule_rt, - hit_object_uuids[i], attribute_name); + hit_object_uuids[i], field_name); } rule_compile_state_cache_hit_not_objects(rule_compile_state, rule_rt, hit_object_uuids, - hit_cnt, attribute_name); + hit_cnt, field_name); return hit_cnt; } @@ -1824,7 +1824,7 @@ void rule_compile_state_clear_last_hit_object(struct rule_compile_state *rule_co void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile_state, struct rule_runtime *rule_rt, - struct maat *maat_inst, const char *attribute_name, + struct maat *maat_inst, const char *field_name, int Nth_scan) { if (NULL == rule_compile_state || NULL == maat_inst) { @@ -1835,8 +1835,8 @@ void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile rule_compile_state->Nth_scan = Nth_scan; utarray_clear(rule_compile_state->this_scan_hit_not_conditions); - struct negate_attribute_object *negate_attr_obj = NULL; - HASH_FIND_STR(rule_compile_state->hit_negate_attribute_objects, attribute_name, negate_attr_obj); + struct negate_field_object *negate_attr_obj = NULL; + HASH_FIND_STR(rule_compile_state->hit_negate_field_objects, field_name, negate_attr_obj); if (NULL == negate_attr_obj) { return; } @@ -1848,7 +1848,7 @@ void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile uuid_t *object_uuid = utarray_eltptr(negate_attr_obj->object_uuids, i); memset(&key, 0, sizeof(key)); - snprintf(key.attribute_name, sizeof(key.attribute_name), "%s", attribute_name); + snprintf(key.field_name, sizeof(key.field_name), "%s", field_name); key.negate_option = 1; uuid_copy(key.object_uuid, *object_uuid); @@ -1862,7 +1862,7 @@ void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile uuid_t null_uuid; uuid_clear(null_uuid); rule_compile_state_add_internal_hit_path(rule_compile_state, null_uuid, *object_uuid, - attribute_name, 1, Nth_scan); + field_name, 1, Nth_scan); } } } @@ -1878,7 +1878,7 @@ size_t rule_compile_state_get_indirect_hit_objects(struct rule_compile_state *ru (struct maat_hit_object *)utarray_eltptr(rule_compile_state->indirect_hit_objects, i); uuid_copy(object_array[i].item_uuid, hit_object->item_uuid); uuid_copy(object_array[i].object_uuid, hit_object->object_uuid); - memcpy(object_array[i].attribute_name, hit_object->attribute_name, sizeof(object_array[i].attribute_name)); + memcpy(object_array[i].field_name, hit_object->field_name, sizeof(object_array[i].field_name)); } utarray_clear(rule_compile_state->indirect_hit_objects); @@ -1922,7 +1922,7 @@ size_t rule_compile_state_get_direct_hit_objects(struct rule_compile_state *rule object = (struct maat_hit_object *)utarray_eltptr(direct_hit_object, i); uuid_copy(object_array[i].item_uuid, object->item_uuid); uuid_copy(object_array[i].object_uuid, object->object_uuid); - memcpy(object_array[i].attribute_name, object->attribute_name, sizeof(object_array[i].attribute_name)); + memcpy(object_array[i].field_name, object->field_name, sizeof(object_array[i].field_name)); } utarray_clear(rule_compile_state->direct_hit_objects); @@ -1984,7 +1984,7 @@ size_t rule_compile_state_get_internal_hit_paths(struct maat_state *maat_state, uuid_copy(tmp_path.sub_object_uuid, internal_path->object_uuid); uuid_copy(tmp_path.top_object_uuid, *p); - memcpy(tmp_path.attribute_name, internal_path->attribute_name, sizeof(tmp_path.attribute_name)); + memcpy(tmp_path.field_name, internal_path->field_name, sizeof(tmp_path.field_name)); tmp_path.negate_option = internal_path->negate_option; tmp_path.condition_index = -1; uuid_clear(tmp_path.rule_uuid); diff --git a/src/maat_table.c b/src/maat_table.c index 54377ee..72def32 100644 --- a/src/maat_table.c +++ b/src/maat_table.c @@ -42,7 +42,7 @@ struct maat_table { void *updating_runtime; }; -struct maat_attribute { +struct maat_field { int table_id; int attr_id; char attr_name[MAX_NAME_STR_LEN + 1]; diff --git a/test/benchmark/benchmark_gtest.cpp b/test/benchmark/benchmark_gtest.cpp index f09ce7a..f835d16 100644 --- a/test/benchmark/benchmark_gtest.cpp +++ b/test/benchmark/benchmark_gtest.cpp @@ -136,7 +136,7 @@ void generate_rule_sample(const char *table_name, int sample_count) fclose(fp); } -void generate_object2rule_sample(const char *table_name, const char *attribute_name, +void generate_object2rule_sample(const char *table_name, const char *field_name, int sample_count) { FILE *fp = fopen(table_name, "w+"); @@ -148,7 +148,7 @@ void generate_object2rule_sample(const char *table_name, const char *attribute_n fprintf(fp, "%d\n", sample_count); for (int i = 0; i < sample_count; i++) { - fprintf(fp, "%d\t%d\t0\t%s\t1\t1\n", i+1, 100+i, attribute_name); + fprintf(fp, "%d\t%d\t0\t%s\t1\t1\n", i+1, 100+i, field_name); } fclose(fp); diff --git a/test/benchmark/benchmark_table_info.conf b/test/benchmark/benchmark_table_info.conf index ad60009..c10226d 100644 --- a/test/benchmark/benchmark_table_info.conf +++ b/test/benchmark/benchmark_table_info.conf @@ -573,7 +573,7 @@ "object_id":1, "rule_id":2, "negate_option":3, - "attribute_name":4, + "field_name":4, "condition_index":5 } }, diff --git a/test/json_update/corrupted.json b/test/json_update/corrupted.json index dedd097..9ff4224 100644 --- a/test/json_update/corrupted.json +++ b/test/json_update/corrupted.json @@ -13,7 +13,7 @@ "and_conditions": [ { "object_name": "Untitled", - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "items": [ diff --git a/test/json_update/new.json b/test/json_update/new.json index 38329ab..1be32fc 100644 --- a/test/json_update/new.json +++ b/test/json_update/new.json @@ -12,7 +12,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "items": [ diff --git a/test/json_update/old.json b/test/json_update/old.json index b7d7462..4e06e5e 100644 --- a/test/json_update/old.json +++ b/test/json_update/old.json @@ -12,7 +12,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "items": [ diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index f3622fc..4325835 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -47,7 +47,7 @@ static int test_add_expr_command(struct maat *maat_inst, const char *expr_table, and_condition->or_condition_num = 1; and_condition->negate_option = 0; - and_condition->or_conditions[0].attribute_name = attr_name; + and_condition->or_conditions[0].field_name = attr_name; and_condition->or_conditions[0].object_uuids_str[0] = object_uuid_str; and_condition->or_conditions[0].object_num = 1; ret = rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_ADD, @@ -108,7 +108,7 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old) { const char *hit_old_data = "Hello world! I'm eve."; const char *hit_new_data = "Maat was borned in MESA."; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *table_name = "HTTP_URL"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -116,7 +116,7 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old) struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, hit_old_data, + int ret = maat_scan_string(maat_inst, table_name, field_name, hit_old_data, strlen(hit_old_data), results, ARRAY_SIZE, &n_hit_result, state); if (is_old) { @@ -128,12 +128,12 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old) EXPECT_EQ(ret, MAAT_SCAN_OK); } - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, table_name, attribute_name, hit_new_data, + ret = maat_scan_string(maat_inst, table_name, field_name, hit_new_data, strlen(hit_new_data), results, ARRAY_SIZE, &n_hit_result, state); if (!is_old) { @@ -145,7 +145,7 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old) EXPECT_EQ(ret, MAAT_SCAN_OK); } - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -220,7 +220,7 @@ struct log_handle *FlagScan::logger; TEST_F(FlagScan, basic) { const char *flag_table_name = "FLAG_CONFIG"; - const char *attribute_name = "FLAG_CONFIG"; + const char *field_name = "FLAG_CONFIG"; struct maat *maat_inst = FlagScan::_shared_maat_inst; //rule_id:192 flag: 0000 0001 mask: 0000 0011 @@ -233,7 +233,7 @@ TEST_F(FlagScan, basic) { memset(results, 0, sizeof(results)); - int ret = maat_scan_flag(maat_inst, flag_table_name, attribute_name, scan_data, results, + int ret = maat_scan_flag(maat_inst, flag_table_name, field_name, scan_data, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -244,7 +244,7 @@ TEST_F(FlagScan, basic) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000192"); - ret = maat_scan_not_logic(maat_inst, flag_table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -258,7 +258,7 @@ TEST_F(FlagScan, basic) { scan_data = 13; memset(results, 0, sizeof(results)); n_hit_result = 0; - ret = maat_scan_flag(maat_inst, flag_table_name, attribute_name, scan_data, results, + ret = maat_scan_flag(maat_inst, flag_table_name, field_name, scan_data, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -268,7 +268,7 @@ TEST_F(FlagScan, basic) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000192"); - ret = maat_scan_not_logic(maat_inst, flag_table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); @@ -276,12 +276,12 @@ TEST_F(FlagScan, basic) { scan_data = 6; memset(results, 0, sizeof(results)); n_hit_result = 0; - ret = maat_scan_flag(maat_inst, flag_table_name, attribute_name, scan_data, results, + ret = maat_scan_flag(maat_inst, flag_table_name, field_name, scan_data, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, flag_table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -291,9 +291,9 @@ TEST_F(FlagScan, basic) { TEST_F(FlagScan, withExprRegion) { const char *flag_table_name = "FLAG_CONFIG"; - const char *flag_attribute_name = "FLAG_CONFIG"; + const char *flag_field_name = "FLAG_CONFIG"; const char *expr_table_name = "HTTP_URL"; - const char *expr_attribute_name = "HTTP_URL"; + const char *expr_field_name = "HTTP_URL"; struct maat *maat_inst = FlagScan::_shared_maat_inst; //rule_id:193 flag: 0000 0010 mask: 0000 0011 @@ -306,12 +306,12 @@ TEST_F(FlagScan, withExprRegion) { memset(results, 0, sizeof(results)); - int ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data, results, + int ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -323,7 +323,7 @@ TEST_F(FlagScan, withExprRegion) { EXPECT_NE(n_read, 0); const char *expr_scan_data = "hello world"; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, expr_scan_data, + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, expr_scan_data, strlen(expr_scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -332,7 +332,7 @@ TEST_F(FlagScan, withExprRegion) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000193"); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -342,7 +342,7 @@ TEST_F(FlagScan, withExprRegion) { TEST_F(FlagScan, hitMultiRule) { const char *flag_table_name = "FLAG_CONFIG"; - const char *flag_attribute_name = "FLAG_CONFIG"; + const char *flag_field_name = "FLAG_CONFIG"; struct maat *maat_inst = FlagScan::_shared_maat_inst; //rule_id:192 flag: 0000 0001 mask: 0000 0011 @@ -356,7 +356,7 @@ TEST_F(FlagScan, hitMultiRule) { memset(results, 0, sizeof(results)); - int ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data, results, + int ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 3); @@ -370,16 +370,16 @@ TEST_F(FlagScan, hitMultiRule) { uuid_unparse(results[2], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000192"); - ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); memset(results, 0, sizeof(results)); - ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data, results, + ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -396,7 +396,7 @@ TEST_F(FlagScan, hitMultiRule) { TEST_F(FlagScan, hitRepeatedRule) { const char *flag_table_name = "FLAG_CONFIG"; - const char *flag_attribute_name = "FLAG_CONFIG"; + const char *flag_field_name = "FLAG_CONFIG"; struct maat *maat_inst = FlagScan::_shared_maat_inst; uuid_t results[ARRAY_SIZE]; @@ -409,7 +409,7 @@ TEST_F(FlagScan, hitRepeatedRule) { //rule_id:192 flag: 0000 0001 mask: 0000 0011 //scan_data: 0000 1001 or 0000 1101 should hit long long flag_scan_data1 = 9; - int ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data1, results, + int ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -419,7 +419,7 @@ TEST_F(FlagScan, hitRepeatedRule) { uuid_unparse(results[1], uuid_str); EXPECT_EQ(strcmp(uuid_str, "00000000-0000-0000-0000-000000000192"), 0); - ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -428,23 +428,23 @@ TEST_F(FlagScan, hitRepeatedRule) { //scan_data: 0001 0101 should hit rule192 and rule194 long long flag_scan_data2 = 21; memset(results, 0, sizeof(results)); - ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data2, results, + ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data2, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000194"); - ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); memset(results, 0, sizeof(results)); - ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data2, results, + ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data2, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -522,7 +522,7 @@ struct log_handle *StringScan::logger; TEST_P(StringScan, ScanDataOnlyOneByte) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = StringScan::_shared_maat_inst; uuid_t results[ARRAY_SIZE]; @@ -532,12 +532,12 @@ TEST_P(StringScan, ScanDataOnlyOneByte) { const char scan_data = 0x20; memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, &scan_data, sizeof(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, &scan_data, sizeof(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -547,7 +547,7 @@ TEST_P(StringScan, ScanDataOnlyOneByte) { TEST_P(StringScan, Full) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = StringScan::_shared_maat_inst; uuid_t results[ARRAY_SIZE]; @@ -558,7 +558,7 @@ TEST_P(StringScan, Full) { "?action=search&query=username,abckkk,1234567"; memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -566,7 +566,7 @@ TEST_P(StringScan, Full) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -581,12 +581,12 @@ TEST_P(StringScan, Regex) { int thread_id = 0; const char *scan_data = "Cookie: Txa123aheadBCAxd"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -594,7 +594,7 @@ TEST_P(StringScan, Regex) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000148"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -609,19 +609,19 @@ TEST_P(StringScan, RegexUnicode) { int thread_id = 0; const char *scan_data = "String contains É"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); char uuid_str[UUID_STR_LEN] = {0}; uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000229"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -635,20 +635,20 @@ TEST_P(StringScan, BackslashR_N_Escape) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; const char *payload = "GET / HTTP/1.1\r\nHost: www.baidu.com\r\n\r\n"; struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), + ret = maat_scan_string(maat_inst, table_name, field_name, payload, strlen(payload), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); char uuid_str[UUID_STR_LEN] = {0}; uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000225"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -663,20 +663,20 @@ TEST_P(StringScan, BackslashR_N_Escape_IncUpdate) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; const char *payload = "html>\\r\\n"; struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), + ret = maat_scan_string(maat_inst, table_name, field_name, payload, strlen(payload), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); char uuid_str[UUID_STR_LEN] = {0}; uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000234"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); @@ -705,7 +705,7 @@ TEST_P(StringScan, BackslashR_N_Escape_IncUpdate) { struct maat_cmd_and_condition and_condition; and_condition.or_condition_num = 1; and_condition.negate_option = 0; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; and_condition.or_conditions[0].object_num = 1; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -714,7 +714,7 @@ TEST_P(StringScan, BackslashR_N_Escape_IncUpdate) { sleep(WAIT_FOR_EFFECTIVE_S * 3); - ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), + ret = maat_scan_string(maat_inst, table_name, field_name, payload, strlen(payload), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -723,7 +723,7 @@ TEST_P(StringScan, BackslashR_N_Escape_IncUpdate) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -738,20 +738,20 @@ TEST_P(StringScan, BackslashCtrlCharactor) size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; const char *payload = "()abc^$def|"; struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), + ret = maat_scan_string(maat_inst, table_name, field_name, payload, strlen(payload), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); char uuid_str[UUID_STR_LEN] = {0}; uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000235"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -762,7 +762,7 @@ TEST_P(StringScan, BackslashCtrlCharactor) TEST_P(StringScan, Expr8) { int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; struct maat *maat_inst = StringScan::_shared_maat_inst; char scan_data[128] = "string1, string2, string3, string4, string5, " "string6, string7, string8"; @@ -772,7 +772,7 @@ TEST_P(StringScan, Expr8) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -780,7 +780,7 @@ TEST_P(StringScan, Expr8) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000182"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -797,7 +797,7 @@ TEST_P(StringScan, Expr8) { TEST_P(StringScan, HexBinCaseSensitive) { const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; const char *scan_data1 = "String TeST should not hit."; const char *scan_data2 = "String TEST should hit"; struct maat *maat_inst = StringScan::_shared_maat_inst; @@ -808,17 +808,17 @@ TEST_P(StringScan, HexBinCaseSensitive) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data2, strlen(scan_data2), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data2, strlen(scan_data2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -828,7 +828,7 @@ TEST_P(StringScan, HexBinCaseSensitive) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000191"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -838,7 +838,7 @@ TEST_P(StringScan, HexBinCaseSensitive) { TEST_P(StringScan, HexbinCombineString) { const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; const char *scan_data1 = "abcd ABCD"; const char *scan_data2 = "abcd abCD"; struct maat *maat_inst = StringScan::_shared_maat_inst; @@ -849,17 +849,17 @@ TEST_P(StringScan, HexbinCombineString) struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data2, strlen(scan_data2), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data2, strlen(scan_data2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -867,7 +867,7 @@ TEST_P(StringScan, HexbinCombineString) uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000236"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -894,7 +894,7 @@ TEST_P(StringScan, BugReport20190325) { 0x00, 0x31, 0x3a, 0x47, 0x32, 0x2e, 0x34, 0x30, 0x00}; const char *table_name = "TROJAN_PAYLOAD"; - const char *attribute_name = "TROJAN_PAYLOAD"; + const char *field_name = "TROJAN_PAYLOAD"; struct maat *maat_inst = StringScan::_shared_maat_inst; int thread_id = 0; @@ -903,7 +903,7 @@ TEST_P(StringScan, BugReport20190325) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, (char *)scan_data, + int ret = maat_scan_string(maat_inst, table_name, field_name, (char *)scan_data, sizeof(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -912,7 +912,7 @@ TEST_P(StringScan, BugReport20190325) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000150"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -925,9 +925,9 @@ TEST_P(StringScan, PrefixAndSuffix) { const char *hit_suffix = "11111111111ceshi3@mailhost.cn"; const char *hit_prefix = "ceshi3@mailhost.cn11111111111"; const char *cont_sz_table_name = "CONTENT_SIZE"; - const char *cont_sz_attribute_name = "CONTENT_SIZE"; + const char *cont_sz_field_name = "CONTENT_SIZE"; const char *mail_addr_table_name = "MAIL_ADDR"; - const char *mail_addr_attribute_name = "MAIL_ADDR"; + const char *mail_addr_field_name = "MAIL_ADDR"; struct maat *maat_inst = StringScan::_shared_maat_inst; int thread_id = 0; @@ -936,14 +936,14 @@ TEST_P(StringScan, PrefixAndSuffix) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_integer(maat_inst, cont_sz_table_name, cont_sz_attribute_name, 2015, results, + int ret = maat_scan_integer(maat_inst, cont_sz_table_name, cont_sz_field_name, 2015, results, ARRAY_SIZE, &n_hit_result, state); - ret = maat_scan_not_logic(maat_inst, cont_sz_table_name, cont_sz_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, cont_sz_table_name, cont_sz_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_attribute_name, hit_twice, + ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_field_name, hit_twice, strlen(hit_twice), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -954,12 +954,12 @@ TEST_P(StringScan, PrefixAndSuffix) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000152"); - ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_attribute_name, hit_suffix, + ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_field_name, hit_suffix, strlen(hit_suffix), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -967,18 +967,18 @@ TEST_P(StringScan, PrefixAndSuffix) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151"); - ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_integer(maat_inst, cont_sz_table_name, cont_sz_attribute_name, 2015, results, + ret = maat_scan_integer(maat_inst, cont_sz_table_name, cont_sz_field_name, 2015, results, ARRAY_SIZE, &n_hit_result, state); - ret = maat_scan_not_logic(maat_inst, cont_sz_table_name, cont_sz_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, cont_sz_table_name, cont_sz_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_attribute_name, hit_prefix, + ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_field_name, hit_prefix, strlen(hit_prefix), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -986,7 +986,7 @@ TEST_P(StringScan, PrefixAndSuffix) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000152"); - ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -997,7 +997,7 @@ TEST_P(StringScan, PrefixAndSuffix) { TEST_P(StringScan, MaatUnescape) { const char *scan_data = "Batman\\:Take me Home.Superman/:Fine,stay with me."; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; struct maat *maat_inst = StringScan::_shared_maat_inst; int thread_id = 0; @@ -1006,7 +1006,7 @@ TEST_P(StringScan, MaatUnescape) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1014,7 +1014,7 @@ TEST_P(StringScan, MaatUnescape) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000132"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1024,7 +1024,7 @@ TEST_P(StringScan, MaatUnescape) { TEST_P(StringScan, OffsetChunk64) { const char *table_name = "IMAGE_FP"; - const char *attribute_name = "IMAGE_FP"; + const char *field_name = "IMAGE_FP"; const char *file_name = "./testdata/mesa_logo.jpg"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -1039,7 +1039,7 @@ TEST_P(StringScan, OffsetChunk64) { memset(results, 0, sizeof(results)); - struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state); + struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state); ASSERT_TRUE(sp != NULL); int ret = 0; @@ -1054,7 +1054,7 @@ TEST_P(StringScan, OffsetChunk64) { break; } - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); if (ret > 0) { pass_flag = 1; @@ -1073,7 +1073,7 @@ TEST_P(StringScan, OffsetChunk64) { TEST_P(StringScan, OffsetChunk1460) { const char *table_name = "IMAGE_FP"; - const char *attribute_name = "IMAGE_FP"; + const char *field_name = "IMAGE_FP"; const char *file_name = "./testdata/mesa_logo.jpg"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -1088,7 +1088,7 @@ TEST_P(StringScan, OffsetChunk1460) { memset(results, 0, sizeof(results)); - struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state); + struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state); ASSERT_TRUE(sp != NULL); int ret = 0; @@ -1103,7 +1103,7 @@ TEST_P(StringScan, OffsetChunk1460) { break; } - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); if (ret > 0) { pass_flag = 1; @@ -1122,7 +1122,7 @@ TEST_P(StringScan, OffsetChunk1460) { TEST_P(StringScan, StreamScanUTF8) { const char *table_name = "TROJAN_PAYLOAD"; - const char *attribute_name = "TROJAN_PAYLOAD"; + const char *field_name = "TROJAN_PAYLOAD"; const char* file_name = "./testdata/jd.com.html"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -1135,7 +1135,7 @@ TEST_P(StringScan, StreamScanUTF8) { ASSERT_FALSE(fp == NULL); memset(results, 0, sizeof(results)); - struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state); + struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state); ASSERT_FALSE(sp == NULL); int pass_flag = 0; @@ -1148,7 +1148,7 @@ TEST_P(StringScan, StreamScanUTF8) { break; } - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); if (ret == MAAT_SCAN_HIT) { pass_flag = 1; @@ -1171,7 +1171,7 @@ TEST_P(StringScan, StreamScanUTF8) { TEST_P(StringScan, InvisibleCharactor) { const char *hex_data = "00A12B3CEEFF"; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; struct maat *maat_inst = StringScan::_shared_maat_inst; int thread_id = 0; @@ -1188,7 +1188,7 @@ TEST_P(StringScan, InvisibleCharactor) { } memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, (char*)binary_data, binary_data_length, + int ret = maat_scan_string(maat_inst, table_name, field_name, (char*)binary_data, binary_data_length, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1196,7 +1196,7 @@ TEST_P(StringScan, InvisibleCharactor) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000238"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1211,21 +1211,21 @@ TEST_P(StringScan, StreamInput) { struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *scan_data1 = "www.cyberessays.com"; const char *scan_data2 = "http://www.cyberessays.com/search_results.php?" "action=search&query=yulingjing,abckkk,1234567"; memset(results, 0, sizeof(results)); - struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state); + struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state); ASSERT_TRUE(sp != NULL); int ret = maat_stream_scan(sp, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1238,7 +1238,7 @@ TEST_P(StringScan, StreamInput) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1255,13 +1255,13 @@ TEST_P(StringScan, StreamHitDirectObject) { struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); const char *table_name_url = "HTTP_URL"; - const char *attribute_name_url = "HTTP_URL"; + const char *field_name_url = "HTTP_URL"; const char *scan_data1 = "www.3300av.com"; const char *scan_data2 = "sdadhuadhasdgufgh;sdfhjaufhiwebfiusdafhaos;dhfaluhjweh"; memset(results, 0, sizeof(results)); - struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, attribute_name_url, state); + struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, field_name_url, state); ASSERT_TRUE(sp != NULL); ret = maat_stream_scan(sp, scan_data1, strlen(scan_data1), results, @@ -1278,7 +1278,7 @@ TEST_P(StringScan, StreamHitDirectObject) { uuid_unparse(object_array[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000112"); - ret = maat_scan_not_logic(maat_inst, table_name_url, attribute_name_url, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name_url, field_name_url, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1291,11 +1291,11 @@ TEST_P(StringScan, StreamHitDirectObject) { maat_state_reset(state); - const char *attribute_name_sig = "HTTP_SIGNATURE"; + const char *field_name_sig = "HTTP_SIGNATURE"; const char *table_name_sig = "HTTP_SIGNATURE"; const char *scan_data3 = "abckkk"; const char *scan_data4 = "123"; - sp = maat_stream_new(maat_inst, table_name_sig, attribute_name_sig, state); + sp = maat_stream_new(maat_inst, table_name_sig, field_name_sig, state); ASSERT_TRUE(sp != NULL); ret = maat_stream_scan(sp, scan_data3, strlen(scan_data3), results, @@ -1313,7 +1313,7 @@ TEST_P(StringScan, StreamHitDirectObject) { uuid_unparse(object_array[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000107"); - ret = maat_scan_not_logic(maat_inst, table_name_sig, attribute_name_sig, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name_sig, field_name_sig, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1358,7 +1358,7 @@ TEST_P(StringScan, RegexSuffix) TEST_P(StringScan, dynamic_config) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; char data[128] = "hello world, welcome to maat version4, it's funny."; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -1368,12 +1368,12 @@ TEST_P(StringScan, dynamic_config) { memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, data, strlen(data), + int ret = maat_scan_string(maat_inst, table_name, field_name, data, strlen(data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1402,7 +1402,7 @@ TEST_P(StringScan, dynamic_config) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -1411,7 +1411,7 @@ TEST_P(StringScan, dynamic_config) { sleep(WAIT_FOR_EFFECTIVE_S * 3); - ret = maat_scan_string(maat_inst, table_name, attribute_name, data, strlen(data), results, + ret = maat_scan_string(maat_inst, table_name, field_name, data, strlen(data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1419,7 +1419,7 @@ TEST_P(StringScan, dynamic_config) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1437,12 +1437,12 @@ TEST_P(StringScan, dynamic_config) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, data, strlen(data), results, + ret = maat_scan_string(maat_inst, table_name, field_name, data, strlen(data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1506,7 +1506,7 @@ struct maat *StreamScan::_shared_maat_inst; TEST_P(StreamScan, dynamic_config) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *keywords1 = "hello"; char keyword_buf[128]; uuid_t results[ARRAY_SIZE]; @@ -1523,21 +1523,21 @@ TEST_P(StreamScan, dynamic_config) { char rule1_uuid_str[UUID_STR_LEN] = {0}; snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); struct maat_cmd_and_condition and_condition; - int ret = test_add_expr_command(maat_inst, table_name, attribute_name, rule1_uuid_str, 0, keywords1, &and_condition); + int ret = test_add_expr_command(maat_inst, table_name, field_name, rule1_uuid_str, 0, keywords1, &and_condition); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); memset(results, 0, sizeof(results)); - struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state); + struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state); ASSERT_TRUE(sp != NULL); ret = maat_stream_scan(sp, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1549,7 +1549,7 @@ TEST_P(StreamScan, dynamic_config) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1560,7 +1560,7 @@ TEST_P(StreamScan, dynamic_config) { long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); char rule2_uuid_str[UUID_STR_LEN] = {0}; snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id); - ret = test_add_expr_command(maat_inst, table_name, attribute_name, rule2_uuid_str, 0, keyword_buf, &and_condition); + ret = test_add_expr_command(maat_inst, table_name, field_name, rule2_uuid_str, 0, keyword_buf, &and_condition); EXPECT_EQ(ret, 1); // Inc config has not yet taken effect, stream scan can hit rule @@ -1580,7 +1580,7 @@ TEST_P(StreamScan, dynamic_config) { ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1643,7 +1643,7 @@ struct log_handle *IPScan::logger; TEST_F(IPScan, IPv4Unspecified) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1657,12 +1657,12 @@ TEST_F(IPScan, IPv4Unspecified) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip1, results, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1672,7 +1672,7 @@ TEST_F(IPScan, IPv4Unspecified) { TEST_F(IPScan, IPv4Broadcast) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1686,12 +1686,12 @@ TEST_F(IPScan, IPv4Broadcast) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip1, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1701,7 +1701,7 @@ TEST_F(IPScan, IPv4Broadcast) { TEST_F(IPScan, MatchSingleIPv4) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1715,7 +1715,7 @@ TEST_F(IPScan, MatchSingleIPv4) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1723,7 +1723,7 @@ TEST_F(IPScan, MatchSingleIPv4) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000169"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1733,7 +1733,7 @@ TEST_F(IPScan, MatchSingleIPv4) { TEST_F(IPScan, IPv6Unspecified) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1747,7 +1747,7 @@ TEST_F(IPScan, IPv6Unspecified) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1755,7 +1755,7 @@ TEST_F(IPScan, IPv6Unspecified) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000210"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1764,7 +1764,7 @@ TEST_F(IPScan, IPv6Unspecified) { TEST_F(IPScan, IPv6Broadcast) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1778,12 +1778,12 @@ TEST_F(IPScan, IPv6Broadcast) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1792,7 +1792,7 @@ TEST_F(IPScan, IPv6Broadcast) { TEST_F(IPScan, MatchSingleIPv6) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1806,7 +1806,7 @@ TEST_F(IPScan, MatchSingleIPv6) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1814,7 +1814,7 @@ TEST_F(IPScan, MatchSingleIPv6) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000210"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1824,7 +1824,7 @@ TEST_F(IPScan, MatchSingleIPv6) { TEST_F(IPScan, MatchIPv4Range) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1838,7 +1838,7 @@ TEST_F(IPScan, MatchIPv4Range) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -1849,7 +1849,7 @@ TEST_F(IPScan, MatchIPv4Range) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000154"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1858,7 +1858,7 @@ TEST_F(IPScan, MatchIPv4Range) { } TEST_F(IPScan, MatchIPv4Port) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1872,12 +1872,12 @@ TEST_F(IPScan, MatchIPv4Port) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4_port(maat_inst, table_name, attribute_name, sip, 443, results, ARRAY_SIZE, + ret = maat_scan_ipv4_port(maat_inst, table_name, field_name, sip, 443, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_ipv4_port(maat_inst, table_name, attribute_name, sip, 80, results, ARRAY_SIZE, + ret = maat_scan_ipv4_port(maat_inst, table_name, field_name, sip, 80, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1890,7 +1890,7 @@ TEST_F(IPScan, MatchIPv4Port) { } TEST_F(IPScan, MatchIPv6Range) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1904,7 +1904,7 @@ TEST_F(IPScan, MatchIPv6Range) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -1915,7 +1915,7 @@ TEST_F(IPScan, MatchIPv6Range) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000155"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1924,7 +1924,7 @@ TEST_F(IPScan, MatchIPv6Range) { } TEST_F(IPScan, MatchIPv6Port) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1939,7 +1939,7 @@ TEST_F(IPScan, MatchIPv6Port) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv6_port(maat_inst, table_name, attribute_name, sip, port, results, ARRAY_SIZE, + ret = maat_scan_ipv6_port(maat_inst, table_name, field_name, sip, port, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -1952,7 +1952,7 @@ TEST_F(IPScan, MatchIPv6Port) { maat_state_reset(state); //If the port is not present, should not match rules with port range. In this case, only rule 210 "::/0" should match. - ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1965,7 +1965,7 @@ TEST_F(IPScan, MatchIPv6Port) { TEST_F(IPScan, BugReport20210515) { const char *table_name = "IP_CONFIG"; - const char *attribute_name = "IP_CONFIG"; + const char *field_name = "IP_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1979,11 +1979,11 @@ TEST_F(IPScan, BugReport20210515) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv6(maat_inst, table_name, field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1993,7 +1993,7 @@ TEST_F(IPScan, BugReport20210515) { TEST_F(IPScan, RuleUpdates) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -2005,12 +2005,12 @@ TEST_F(IPScan, RuleUpdates) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; struct maat_state *state = maat_state_new(maat_inst, thread_id); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2038,14 +2038,14 @@ TEST_F(IPScan, RuleUpdates) { and_condition.or_condition_num = 1; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, rule_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2053,7 +2053,7 @@ TEST_F(IPScan, RuleUpdates) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2071,11 +2071,11 @@ TEST_F(IPScan, RuleUpdates) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2133,29 +2133,29 @@ TEST_F(IntervalScan, IntegerRange) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "CONTENT_SIZE"; - const char *attribute_name = "CONTENT_SIZE"; + const char *field_name = "CONTENT_SIZE"; struct maat *maat_inst = IntervalScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); unsigned int scan_data1 = 2015; - int ret = maat_scan_integer(maat_inst, table_name, attribute_name, scan_data1, results, + int ret = maat_scan_integer(maat_inst, table_name, field_name, scan_data1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); unsigned int scan_data2 = 300; - ret = maat_scan_integer(maat_inst, table_name, attribute_name, scan_data2, results, + ret = maat_scan_integer(maat_inst, table_name, field_name, scan_data2, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2168,13 +2168,13 @@ TEST_F(IntervalScan, SingleInteger) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "CONTENT_SIZE"; - const char *attribute_name = "CONTENT_SIZE"; + const char *field_name = "CONTENT_SIZE"; struct maat *maat_inst = IntervalScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); unsigned int scan_data1 = 3000; - int ret = maat_scan_integer(maat_inst, table_name, attribute_name, scan_data1, results, + int ret = maat_scan_integer(maat_inst, table_name, field_name, scan_data1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2182,7 +2182,7 @@ TEST_F(IntervalScan, SingleInteger) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000218"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2240,14 +2240,14 @@ TEST_F(ObjectScan, PhysicalTable) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; struct maat *maat_inst = ObjectScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); struct maat_hit_object hit_object; uuid_parse("00000000-0000-0000-0000-000000000247", hit_object.object_uuid); - int ret = maat_scan_object(maat_inst, table_name, attribute_name, &hit_object, 1, results, + int ret = maat_scan_object(maat_inst, table_name, field_name, &hit_object, 1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2260,11 +2260,11 @@ TEST_F(ObjectScan, PhysicalTable) { sleep(2); } -TEST_F(ObjectScan, Attribute) { +TEST_F(ObjectScan, Field) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *field_name = "HTTP_RESPONSE_KEYWORDS"; const char *table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = ObjectScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -2272,7 +2272,7 @@ TEST_F(ObjectScan, Attribute) { struct maat_hit_object hit_object; uuid_parse("00000000-0000-0000-0000-000000000259", hit_object.object_uuid); - int ret = maat_scan_object(maat_inst, table_name, attribute_name, &hit_object, 1, results, + int ret = maat_scan_object(maat_inst, table_name, field_name, &hit_object, 1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2290,7 +2290,7 @@ TEST_F(ObjectScan, SetScanRuleTable) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; struct maat *maat_inst = ObjectScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -2301,7 +2301,7 @@ TEST_F(ObjectScan, SetScanRuleTable) { struct maat_hit_object hit_object; uuid_parse("00000000-0000-0000-0000-000000000248", hit_object.object_uuid); - ret = maat_scan_object(maat_inst, table_name, attribute_name, &hit_object, 1, results, + ret = maat_scan_object(maat_inst, table_name, field_name, &hit_object, 1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2367,18 +2367,18 @@ TEST_F(NOTLogic, OneRegion) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *attribute_name = "HTTP_URL_FILTER"; + const char *field_name = "HTTP_URL_FILTER"; const char *table_name = "HTTP_URL"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_hit, + int ret = maat_scan_string(maat_inst, table_name, field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2388,12 +2388,12 @@ TEST_F(NOTLogic, OneRegion) { maat_state_reset(state); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_not_hit, + ret = maat_scan_string(maat_inst, table_name, field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2409,47 +2409,47 @@ TEST_F(NOTLogic, ScanNotAtLast) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *hit_attribute_name = "HTTP_URL_FILTER"; + const char *hit_field_name = "HTTP_URL_FILTER"; const char *hit_table_name = "HTTP_URL"; - const char *not_hit_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *not_hit_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *not_hit_table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); // scan string_should_hit(HTTP_URL_FILTER) & string_should_not_hit(HTTP_RESPONSE_KEYWORDS) => not hit rule - int ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + int ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_should_not_hit, + ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_contain_nothing, + ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_contain_nothing, strlen(string_contain_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); //scan string_should_hit(HTTP_URL_FILTER) & nothing(HTTP_RESPONSE_KEYWORDS) => hit rule144 - ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_contain_nothing, + ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_contain_nothing, strlen(string_contain_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2467,28 +2467,28 @@ TEST_F(NOTLogic, ScanIrrelavantAtLast) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *hit_attribute_name = "HTTP_URL_FILTER"; + const char *hit_field_name = "HTTP_URL_FILTER"; const char *hit_table_name = "HTTP_URL"; - const char *not_hit_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *not_hit_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *not_hit_table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + int ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_irrelevant, + ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_irrelevant, strlen(string_irrelevant), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2506,28 +2506,28 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyExpr) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *not_hit_attribute_name = "HTTP_URL_FILTER"; + const char *not_hit_field_name = "HTTP_URL_FILTER"; const char *not_hit_table_name = "HTTP_URL"; - const char *hit_attribute_name = "IP_PLUS_CONFIG"; + const char *hit_field_name = "IP_PLUS_CONFIG"; const char *hit_table_name = "IP_PLUS_CONFIG"; - const char *empty_attribute_name = "EMPTY_KEYWORD"; + const char *empty_field_name = "EMPTY_KEYWORD"; const char *empty_table_name = "EMPTY_KEYWORD"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_should_not_hit, + int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); uint32_t sip; inet_pton(AF_INET, "10.0.8.186", &sip); - ret = maat_scan_ipv4(maat_inst, hit_table_name, hit_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, hit_table_name, hit_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2535,16 +2535,16 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyExpr) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000186"); - ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, empty_table_name, empty_attribute_name, string_match_no_region, + ret = maat_scan_string(maat_inst, empty_table_name, empty_field_name, string_match_no_region, strlen(string_match_no_region), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, empty_table_name, empty_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, empty_table_name, empty_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2557,28 +2557,28 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyInteger) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *not_hit_attribute_name = "HTTP_URL_FILTER"; + const char *not_hit_field_name = "HTTP_URL_FILTER"; const char *not_hit_table_name = "HTTP_URL"; - const char *hit_attribute_name = "IP_PLUS_CONFIG"; + const char *hit_field_name = "IP_PLUS_CONFIG"; const char *hit_table_name = "IP_PLUS_CONFIG"; - const char *empty_attribute_name = "EMPTY_INTERGER"; + const char *empty_field_name = "EMPTY_INTERGER"; const char *empty_table_name = "EMPTY_INTERGER"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_should_not_hit, + int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); uint32_t sip; inet_pton(AF_INET, "10.0.8.187", &sip); - ret = maat_scan_ipv4(maat_inst, hit_table_name, hit_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, hit_table_name, hit_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2586,18 +2586,18 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyInteger) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000187"); - ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); int empty_table_id = maat_get_table_id(maat_inst, empty_table_name); ASSERT_GT(empty_table_id, 0); - ret = maat_scan_integer(maat_inst, empty_table_name, empty_attribute_name, 2015, + ret = maat_scan_integer(maat_inst, empty_table_name, empty_field_name, 2015, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, empty_table_name, empty_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, empty_table_name, empty_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2611,30 +2611,30 @@ TEST_F(NOTLogic, ScanNotIP) { size_t n_hit_result = 0; int thread_id = 0; const char *hit_table_name = "HTTP_URL"; - const char *hit_attribute_name = "HTTP_URL"; - const char *not_hit_attribute_name = "ATTRIBUTE_IP_CONFIG"; + const char *hit_field_name = "HTTP_URL"; + const char *not_hit_field_name = "FIELD_IP_CONFIG"; const char *not_hit_table_name = "IP_CONFIG"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - // scan string_should_hit(HTTP_URL) & hit ip(ATTRIBUTE_IP_CONFIG) => not hit rule - int ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + // scan string_should_hit(HTTP_URL) & hit ip(FIELD_IP_CONFIG) => not hit rule + int ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); uint32_t sip; inet_pton(AF_INET, "10.0.6.205", &sip); - ret = maat_scan_ipv4(maat_inst, not_hit_table_name, not_hit_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, not_hit_table_name, not_hit_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2644,18 +2644,18 @@ TEST_F(NOTLogic, ScanNotIP) { maat_state_reset(state); - // scan string_should_hit(HTTP_URL) & not hit ip(ATTRIBUTE_IP_CONFIG) => hit rule145 - ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + // scan string_should_hit(HTTP_URL) & not hit ip(FIELD_IP_CONFIG) => hit rule145 + ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); inet_pton(AF_INET, "10.0.6.201", &sip); - ret = maat_scan_ipv4(maat_inst, not_hit_table_name, not_hit_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, not_hit_table_name, not_hit_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2671,81 +2671,81 @@ TEST_F(NOTLogic, NotUrlAndNotIp) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *url_attribute_name = "HTTP_URL_FILTER"; + const char *url_field_name = "HTTP_URL_FILTER"; const char *url_table_name = "HTTP_URL"; - const char *ip_attribute_name = "ATTRIBUTE_IP_CONFIG"; + const char *ip_field_name = "FIELD_IP_CONFIG"; const char *ip_table_name = "IP_CONFIG"; - const char *http_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *http_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *http_table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - //scan string_should_half_hit(HTTP_URL_FILTER) & hit ip(ATTRIBUTE_IP_CONFIG) => not hit rule - int ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string_should_half_hit, + //scan string_should_half_hit(HTTP_URL_FILTER) & hit ip(FIELD_IP_CONFIG) => not hit rule + int ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string_should_half_hit, strlen(string_should_half_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); uint32_t sip; inet_pton(AF_INET, "10.0.6.201", &sip); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - // scan string_should_half_hit(HTTP_RESPONSE_KEYWORDS) & not hit ip(ATTRIBUTE_IP_CONFIG) => not hit rule + // scan string_should_half_hit(HTTP_RESPONSE_KEYWORDS) & not hit ip(FIELD_IP_CONFIG) => not hit rule - ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_should_not_hit, + ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); inet_pton(AF_INET, "10.1.0.0", &sip); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - // scan scan string_should_half_hit(HTTP_URL_FILTER) & not hit ip(ATTRIBUTE_IP_CONFIG) => hit rule146 - ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string_should_half_hit, + // scan scan string_should_half_hit(HTTP_URL_FILTER) & not hit ip(FIELD_IP_CONFIG) => hit rule146 + ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string_should_half_hit, strlen(string_should_half_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_nothing, + ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); inet_pton(AF_INET, "10.1.0.0", &sip); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2765,7 +2765,7 @@ TEST_F(NOTLogic, NotPhysicalTable) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *field_name = "HTTP_RESPONSE_KEYWORDS"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -2779,7 +2779,7 @@ TEST_F(NOTLogic, NotPhysicalTable) { &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string2, strlen(string2), + ret = maat_scan_string(maat_inst, table_name, field_name, string2, strlen(string2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -2794,7 +2794,7 @@ TEST_F(NOTLogic, NotPhysicalTable) { &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string2, strlen(string2), + ret = maat_scan_string(maat_inst, table_name, field_name, string2, strlen(string2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2811,87 +2811,87 @@ TEST_F(NOTLogic, EightNotCondition) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *attribute_name1 = "HTTP_RESPONSE_KEYWORDS_1"; - const char *attribute_name2 = "HTTP_RESPONSE_KEYWORDS_2"; - const char *attribute_name3 = "HTTP_RESPONSE_KEYWORDS_3"; - const char *attribute_name4 = "HTTP_RESPONSE_KEYWORDS_4"; - const char *attribute_name5 = "HTTP_RESPONSE_KEYWORDS_5"; - const char *attribute_name6 = "HTTP_RESPONSE_KEYWORDS_6"; - const char *attribute_name7 = "HTTP_RESPONSE_KEYWORDS_7"; - const char *attribute_name8 = "HTTP_RESPONSE_KEYWORDS_8"; + const char *field_name1 = "HTTP_RESPONSE_KEYWORDS_1"; + const char *field_name2 = "HTTP_RESPONSE_KEYWORDS_2"; + const char *field_name3 = "HTTP_RESPONSE_KEYWORDS_3"; + const char *field_name4 = "HTTP_RESPONSE_KEYWORDS_4"; + const char *field_name5 = "HTTP_RESPONSE_KEYWORDS_5"; + const char *field_name6 = "HTTP_RESPONSE_KEYWORDS_6"; + const char *field_name7 = "HTTP_RESPONSE_KEYWORDS_7"; + const char *field_name8 = "HTTP_RESPONSE_KEYWORDS_8"; const char *table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, table_name, attribute_name1, string_nothing, + int ret = maat_scan_string(maat_inst, table_name, field_name1, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name1, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name2, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name2, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name2, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name2, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name3, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name3, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name3, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name3, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name4, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name4, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name4, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name4, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name5, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name5, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name5, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name5, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name6, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name6, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name6, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name6, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name7, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name7, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name7, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name7, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name8, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name8, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name8, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name8, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2911,37 +2911,37 @@ TEST_F(NOTLogic, NotConditionAndExcludeObject1) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *url_attribute_name = "HTTP_URL_FILTER"; + const char *url_field_name = "HTTP_URL_FILTER"; const char *url_table_name = "HTTP_URL"; - const char *http_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *http_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *http_table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string_should_not_hit, + int ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string_should_half_hit, + ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string_should_half_hit, strlen(string_should_half_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_nothing, + ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2960,46 +2960,46 @@ TEST_F(NOTLogic, NotConditionAndExcludeObject2) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *url_attribute_name = "HTTP_URL_FILTER"; + const char *url_field_name = "HTTP_URL_FILTER"; const char *url_table_name = "HTTP_URL"; - const char *http_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *http_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *http_table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_keywords, + int ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_keywords, strlen(string_keywords), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string1, strlen(string1), + ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string1, strlen(string1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_keywords, + ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_keywords, strlen(string_keywords), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string2, strlen(string2), + ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string2, strlen(string2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3014,7 +3014,7 @@ TEST_F(NOTLogic, NotConditionAndExcludeObject2) { TEST_F(NOTLogic, SingleNotCondition) { const char *string_nothing = "nothing string"; const char *string_should_hit = "string has not_logic_keywords_222"; - const char *attribute_name = "HTTP_NOT_LOGIC_1"; + const char *field_name = "HTTP_NOT_LOGIC_1"; const char *table_name = "KEYWORDS_TABLE"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -3023,23 +3023,23 @@ TEST_F(NOTLogic, SingleNotCondition) { struct maat_state *state = maat_state_new(maat_inst, thread_id); //string_should_hit(HTTP_NOT_LOGIC_1) => not hit rule - int ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_hit, + int ret = maat_scan_string(maat_inst, table_name, field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); //string nothing(HTTP_NOT_LOGIC_1) => hit rule222 - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), + ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3056,7 +3056,7 @@ TEST_F(NOTLogic, MultiNotConditions) { const char *string1 = "string has not_logic_rule_223_1"; const char *string2 = "string has not_logic_rule_223_1"; const char *string3 = "string has not_logic_rule_223_1"; - const char *attribute_name = "HTTP_NOT_LOGIC"; + const char *field_name = "HTTP_NOT_LOGIC"; const char *table_name = "KEYWORDS_TABLE"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -3066,56 +3066,56 @@ TEST_F(NOTLogic, MultiNotConditions) { // rule223 = !string1 & !string2 & !string3 //Case1: scan string1 & !string2 & !string3 - int ret = maat_scan_string(maat_inst, table_name, attribute_name, string1, strlen(string1), + int ret = maat_scan_string(maat_inst, table_name, field_name, string1, strlen(string1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), + ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); //Case2: scan !string1 & string2 & !string3 - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), + ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string2, strlen(string2), + ret = maat_scan_string(maat_inst, table_name, field_name, string2, strlen(string2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); //Case3: scan !string1 & !string2 & string3 - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), + ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string3, strlen(string3), + ret = maat_scan_string(maat_inst, table_name, field_name, string3, strlen(string3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); //Case4: scan !string1 & !string2 & !string3 - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), + ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3133,8 +3133,8 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) { const char *src_asn3 = "AS9001"; const char *src_asn_nothing = "nothing string"; const char *dst_asn = "AS2345"; - const char *src_asn_attribute_name = "ASN_NOT_LOGIC"; - const char *dst_asn_attribute_name = "DESTINATION_IP_ASN"; + const char *src_asn_field_name = "ASN_NOT_LOGIC"; + const char *dst_asn_field_name = "DESTINATION_IP_ASN"; const char *table_name = "AS_NUMBER"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -3145,15 +3145,15 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) { //-------------------------------------- // Source ASN1 & Dest ASN => not hit rule //-------------------------------------- - int ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn1, strlen(src_asn1), + int ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn1, strlen(src_asn1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, dst_asn_attribute_name, dst_asn, strlen(dst_asn), + ret = maat_scan_string(maat_inst, table_name, dst_asn_field_name, dst_asn, strlen(dst_asn), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -3162,15 +3162,15 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) { //-------------------------------------- // Source ASN2 & Dest ASN => not hit rule //-------------------------------------- - ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn2, strlen(src_asn2), + ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn2, strlen(src_asn2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, dst_asn_attribute_name, dst_asn, strlen(dst_asn), + ret = maat_scan_string(maat_inst, table_name, dst_asn_field_name, dst_asn, strlen(dst_asn), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -3179,31 +3179,31 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) { //-------------------------------------- // Source ASN3 & Dest ASN => not hit rule //-------------------------------------- - ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, dst_asn_attribute_name, dst_asn, strlen(dst_asn), + ret = maat_scan_string(maat_inst, table_name, dst_asn_field_name, dst_asn, strlen(dst_asn), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); maat_state_reset(state); // Source nothing & Dest ASN => hit rule177 - ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn_nothing, + ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn_nothing, strlen(src_asn_nothing),results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, dst_asn_attribute_name, dst_asn, strlen(dst_asn), + ret = maat_scan_string(maat_inst, table_name, dst_asn_field_name, dst_asn, strlen(dst_asn), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3220,11 +3220,11 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { const char *src_asn2 = "AS6789"; const char *src_nothing = "nothing"; const char *my_county = "Greece.Sparta"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *src_asn_attribute_name = "SOURCE_IP_ASN"; + const char *src_asn_field_name = "SOURCE_IP_ASN"; const char *src_asn_table_name = "AS_NUMBER"; - const char *ip_geo_attribute_name = "SOURCE_IP_GEO"; + const char *ip_geo_field_name = "SOURCE_IP_GEO"; const char *ip_geo_table_name = "GeoLocation"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -3235,15 +3235,15 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { //------------------------------------------- // Source ASN1 & IP Geo //------------------------------------------- - int ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_asn1, strlen(src_asn1), + int ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_asn1, strlen(src_asn1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3252,15 +3252,15 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { //------------------------------------------- // Source nothing & IP Geo //------------------------------------------- - ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_nothing, strlen(src_nothing), + ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_nothing, strlen(src_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3273,15 +3273,15 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { //------------------------------------------- // Source ASN2 & IP Geo //------------------------------------------- - ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_asn2, strlen(src_asn2), + ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_asn2, strlen(src_asn2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3292,15 +3292,15 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { //-------------------------------------- uint32_t ip_addr; inet_pton(AF_INET, "192.168.40.88", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3311,15 +3311,15 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { //-------------------------------------- inet_pton(AF_INET, "192.168.40.89", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3330,16 +3330,16 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { state = NULL; } -TEST_F(NOTLogic, SameAttributeInMultiCondition) { +TEST_F(NOTLogic, SameFieldInMultiCondition) { const char *src_asn1 = "AS1234"; const char *src_asn2 = "AS9002"; const char *src_asn3 = "AS9003"; const char *my_county = "Greece.Sparta"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; - const char *dst_asn_attribute_name = "DESTINATION_IP_ASN"; + const char *ip_field_name = "IP_PLUS_CONFIG"; + const char *dst_asn_field_name = "DESTINATION_IP_ASN"; const char *dst_asn_table_name = "AS_NUMBER"; - const char *ip_geo_attribute_name = "SOURCE_IP_GEO"; + const char *ip_geo_field_name = "SOURCE_IP_GEO"; const char *ip_geo_table_name = "GeoLocation"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -3352,19 +3352,19 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) { //------------------------------------------- // Dest ASN1 & Dest ASN3 & IP Config //------------------------------------------- - int ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn1, strlen(src_asn1), + int ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn1, strlen(src_asn1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3373,19 +3373,19 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) { //------------------------------------------- // Dest ASN2 & Dest ASN3 & IP Config //------------------------------------------- - ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn2, strlen(src_asn2), + ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn2, strlen(src_asn2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -3394,23 +3394,23 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) { //------------------------------------------- // Dest IP Geo & Dest ASN3 & IP Config //------------------------------------------- - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_geo_table_name, ip_geo_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_geo_table_name, ip_geo_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -3419,15 +3419,15 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) { //------------------------------------------- // Dest ASN3 & IP Geo //------------------------------------------- - ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3440,16 +3440,16 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) { //-------------------------------------- // IP Config & IP Geo //-------------------------------------- - ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); inet_pton(AF_INET, "192.168.40.89", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3510,22 +3510,22 @@ TEST_F(ExcludeLogic, ScanExcludeAtFirst) { size_t n_hit_result = 0; int thread_id = 0; const char *not_hit_table_name = "KEYWORDS_TABLE"; - const char *not_hit_attribute_name = "KEYWORDS_TABLE"; + const char *not_hit_field_name = "KEYWORDS_TABLE"; const char *hit_table_name = "HTTP_URL"; - const char *hit_attribute_name = "HTTP_URL"; + const char *hit_field_name = "HTTP_URL"; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_should_not_hit, + int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -3534,7 +3534,7 @@ TEST_F(ExcludeLogic, ScanExcludeAtFirst) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000199"); - ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3550,22 +3550,22 @@ TEST_F(ExcludeLogic, ScanExcludeAtLast) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_not_hit, + int ret = maat_scan_string(maat_inst, table_name, field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_hit, + ret = maat_scan_string(maat_inst, table_name, field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); @@ -3575,7 +3575,7 @@ TEST_F(ExcludeLogic, ScanExcludeAtLast) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000200"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3590,13 +3590,13 @@ TEST_F(ExcludeLogic, ScanIrrelavantAtLast) { size_t n_hit_result = 0; int thread_id = 0; const char *hit_table_name = "HTTP_URL"; - const char *hit_attribute_name = "HTTP_URL"; + const char *hit_field_name = "HTTP_URL"; const char *not_hit_table_name = "KEYWORDS_TABLE"; - const char *not_hit_attribute_name = "KEYWORDS_TABLE"; + const char *not_hit_field_name = "KEYWORDS_TABLE"; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + int ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -3605,16 +3605,16 @@ TEST_F(ExcludeLogic, ScanIrrelavantAtLast) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000200"); - ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_irrelevant, + ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_irrelevant, strlen(string_irrelevant), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3622,20 +3622,20 @@ TEST_F(ExcludeLogic, ScanIrrelavantAtLast) { state = NULL; } -TEST_F(ExcludeLogic, ScanAttribute) { +TEST_F(ExcludeLogic, ScanField) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - const char *attribute_name = "ATTRIBUTE_IP_PLUS_TABLE"; + const char *field_name = "FIELD_IP_PLUS_TABLE"; const char *table_name = "IP_PLUS_CONFIG"; uint32_t should_hit_ip; uint32_t should_not_hit_ip; inet_pton(AF_INET, "100.64.1.1", &should_hit_ip); - int ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, should_hit_ip, results, + int ret = maat_scan_ipv4(maat_inst, table_name, field_name, should_hit_ip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3645,41 +3645,41 @@ TEST_F(ExcludeLogic, ScanAttribute) { maat_state_reset(state); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); inet_pton(AF_INET, "100.64.1.5", &should_hit_ip); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, should_hit_ip, results, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, should_hit_ip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000202"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); inet_pton(AF_INET, "100.64.1.6", &should_not_hit_ip); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, should_not_hit_ip, results, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, should_not_hit_ip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); inet_pton(AF_INET, "100.64.1.11", &should_not_hit_ip); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, should_not_hit_ip, results, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, should_not_hit_ip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3692,8 +3692,8 @@ TEST_F(ExcludeLogic, ScanWithMultiCondition) { int thread_id = 0; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - const char *src_ip_attribute_name = "ATTRIBUTE_IP_PLUS_SOURCE"; - const char *dst_ip_attribute_name = "ATTRIBUTE_IP_PLUS_DESTINATION"; + const char *src_ip_field_name = "FIELD_IP_PLUS_SOURCE"; + const char *dst_ip_field_name = "FIELD_IP_PLUS_DESTINATION"; const char *ip_table_name = "IP_PLUS_CONFIG"; int ip_table_id = maat_get_table_id(maat_inst, ip_table_name); @@ -3702,38 +3702,38 @@ TEST_F(ExcludeLogic, ScanWithMultiCondition) { uint32_t ip_addr; inet_pton(AF_INET, "192.168.50.43", &ip_addr); - int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_attribute_name, ip_addr, results, + int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); inet_pton(AF_INET, "47.92.108.93", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - const char *expr_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *expr_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *expr_table_name = "KEYWORDS_TABLE"; const char *should_not_hit_expr = "www.jianshu.com"; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_not_hit_expr, + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_not_hit_expr, strlen(should_not_hit_expr), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); const char *should_hit_expr = "mail.jianshu.com"; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_hit_expr, + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_hit_expr, strlen(should_hit_expr), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -3742,7 +3742,7 @@ TEST_F(ExcludeLogic, ScanWithMultiCondition) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000203"); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3756,56 +3756,56 @@ TEST_F(ExcludeLogic, ExcludeInDifferentLevel) { int thread_id = 0; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - const char *src_ip_attribute_name = "ATTRIBUTE_IP_PLUS_SOURCE"; - const char *dst_ip_attribute_name = "ATTRIBUTE_IP_PLUS_DESTINATION"; + const char *src_ip_field_name = "FIELD_IP_PLUS_SOURCE"; + const char *dst_ip_field_name = "FIELD_IP_PLUS_DESTINATION"; const char *ip_table_name = "IP_PLUS_CONFIG"; uint32_t ip_addr; inet_pton(AF_INET, "100.64.2.1", &ip_addr); - int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_attribute_name, ip_addr, results, + int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); inet_pton(AF_INET, "100.64.2.6", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - const char *expr_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *expr_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *expr_table_name = "KEYWORDS_TABLE"; const char *should_not_hit_expr1 = "www.baidu.com"; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_not_hit_expr1, + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_not_hit_expr1, strlen(should_not_hit_expr1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); const char *should_not_hit_expr2 = "mail.baidu.com"; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_not_hit_expr2, + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_not_hit_expr2, strlen(should_not_hit_expr2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); const char *should_hit_expr = "hit.baidu.com"; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_hit_expr, + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_hit_expr, strlen(should_hit_expr), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -3814,7 +3814,7 @@ TEST_F(ExcludeLogic, ExcludeInDifferentLevel) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000204"); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -4713,7 +4713,7 @@ TEST_F(BoolPluginTable, EX_DATA) { EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000305"); } -class Attribute : public testing::Test +class Field : public testing::Test { protected: static void SetUpTestCase() { @@ -4742,7 +4742,7 @@ protected: maat_options_free(opts); if (NULL == _shared_maat_inst) { log_fatal(logger, MODULE_FRAMEWORK_GTEST, - "[%s:%d] create maat instance in Attribute failed.", + "[%s:%d] create maat instance in Field failed.", __FUNCTION__, __LINE__); } } @@ -4756,23 +4756,23 @@ protected: static struct maat *_shared_maat_inst; }; -struct maat *Attribute::_shared_maat_inst; -struct log_handle *Attribute::logger; +struct maat *Field::_shared_maat_inst; +struct log_handle *Field::logger; -TEST_F(Attribute, basic) { +TEST_F(Field, basic) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *field_name = "HTTP_RESPONSE_KEYWORDS"; const char *table_name = "KEYWORDS_TABLE"; - struct maat *maat_inst = Attribute::_shared_maat_inst; + struct maat *maat_inst = Field::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); char scan_data[128] = "string1, string2, string3, string4, string5," " string6, string7, string8"; - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); @@ -4968,11 +4968,11 @@ TEST_F(RuleTable, Conjunction1) { const char *scan_data = "i.ytimg.com/vi/OtCNcustg_I/hqdefault.jpg?sqp=-oaymwEZCNAC" "ELwBSFXyq4qpAwsIARUAAIhCGAFwAQ==&rs=AOn4CLDOp_5fHMaCA9XZuJdCRv4DNDorMg"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = RuleTable::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -4983,7 +4983,7 @@ TEST_F(RuleTable, Conjunction1) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000141"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5002,11 +5002,11 @@ TEST_F(RuleTable, Conjunction2) { const char *scan_data = "i.ytimg.com/vi/OtCNcustg_I/hqdefault.jpg?sqp=-oaymwEZCNACELw" "BSFXyq4qpAwsIARUAAIhCGAFwAQ==&rs=AOn4CLDOp_5fHMaCA9XZuJdCRv4DNDorMg"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = RuleTable::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -5017,7 +5017,7 @@ TEST_F(RuleTable, Conjunction2) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000141"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5025,11 +5025,11 @@ TEST_F(RuleTable, Conjunction2) { int n_read = maat_state_get_hit_paths(state, hit_path, HIT_PATH_SIZE); EXPECT_EQ(n_read, 2); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5145,26 +5145,26 @@ TEST_F(Policy, RuleRuleTags) { const char *should_hit = "string bbb should hit"; const char *should_not_hit = "string aaa should not hit"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = Policy::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, should_not_hit, + int ret = maat_scan_string(maat_inst, table_name, field_name, should_not_hit, strlen(should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name, should_hit, + ret = maat_scan_string(maat_inst, table_name, field_name, should_hit, strlen(should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5176,7 +5176,7 @@ TEST_F(Policy, RuleEXData) { const char *url = "firewall should hit"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *plugin_table_name = "RULE_FIREWALL_PLUGIN"; const char *conj_rule_table_name = "RULE_FIREWALL_CONJUNCTION"; const char *expect_name = "I have a name"; @@ -5198,7 +5198,7 @@ TEST_F(Policy, RuleEXData) { ret = maat_state_set_scan_rule_table(state, conj_rule_table_name); EXPECT_EQ(ret, 0); - ret = maat_scan_string(maat_inst, table_name, attribute_name, url, strlen(url), + ret = maat_scan_string(maat_inst, table_name, field_name, url, strlen(url), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -5206,7 +5206,7 @@ TEST_F(Policy, RuleEXData) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000198"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5233,21 +5233,21 @@ TEST_F(Policy, SubObject) { uint32_t ip_addr; inet_pton(AF_INET,"10.0.6.201", &ip_addr); - const char *attribute_name = "MAIL_ADDR"; + const char *field_name = "MAIL_ADDR"; const char *table_name = "MAIL_ADDR"; - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; + const char *ip_field_name = "IP_CONFIG"; - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -5255,7 +5255,7 @@ TEST_F(Policy, SubObject) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000153"); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5270,9 +5270,9 @@ TEST_F(Policy, EvaluationOrder) { struct maat *maat_inst = Policy::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; - int ret = maat_scan_string(maat_inst, table_name, attribute_name, url, strlen(url), + int ret = maat_scan_string(maat_inst, table_name, field_name, url, strlen(url), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 3); @@ -5291,7 +5291,7 @@ TEST_F(Policy, EvaluationOrder) { size_t n_hit_path = maat_state_get_hit_paths(state, hit_path, 128); EXPECT_EQ(n_hit_path, 6); - EXPECT_STREQ(hit_path[0].attribute_name, attribute_name); + EXPECT_STREQ(hit_path[0].field_name, field_name); uuid_unparse(hit_path[0].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000157"); uuid_unparse(hit_path[0].top_object_uuid, uuid_str); @@ -5300,7 +5300,7 @@ TEST_F(Policy, EvaluationOrder) { uuid_unparse(hit_path[0].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000166"); - EXPECT_STREQ(hit_path[1].attribute_name, attribute_name); + EXPECT_STREQ(hit_path[1].field_name, field_name); uuid_unparse(hit_path[1].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000155"); EXPECT_EQ(uuid_is_null(hit_path[1].top_object_uuid), 1); @@ -5308,7 +5308,7 @@ TEST_F(Policy, EvaluationOrder) { EXPECT_EQ(uuid_is_null(hit_path[1].rule_uuid), 1); - EXPECT_STREQ(hit_path[2].attribute_name, attribute_name); + EXPECT_STREQ(hit_path[2].field_name, field_name); uuid_unparse(hit_path[2].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158"); uuid_unparse(hit_path[2].top_object_uuid, uuid_str); @@ -5318,7 +5318,7 @@ TEST_F(Policy, EvaluationOrder) { EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000168"); - EXPECT_STREQ(hit_path[3].attribute_name, attribute_name); + EXPECT_STREQ(hit_path[3].field_name, field_name); uuid_unparse(hit_path[3].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158"); uuid_unparse(hit_path[3].top_object_uuid, uuid_str); @@ -5328,7 +5328,7 @@ TEST_F(Policy, EvaluationOrder) { EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000168"); - EXPECT_STREQ(hit_path[4].attribute_name, attribute_name); + EXPECT_STREQ(hit_path[4].field_name, field_name); uuid_unparse(hit_path[4].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158"); uuid_unparse(hit_path[4].top_object_uuid, uuid_str); @@ -5338,7 +5338,7 @@ TEST_F(Policy, EvaluationOrder) { EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000167"); - EXPECT_STREQ(hit_path[5].attribute_name, attribute_name); + EXPECT_STREQ(hit_path[5].field_name, field_name); uuid_unparse(hit_path[5].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158"); uuid_unparse(hit_path[5].top_object_uuid, uuid_str); @@ -5347,7 +5347,7 @@ TEST_F(Policy, EvaluationOrder) { uuid_unparse(hit_path[5].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000167"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5355,17 +5355,17 @@ TEST_F(Policy, EvaluationOrder) { inet_pton(AF_INET, "192.168.23.23", &ip_addr); const char *ip_plus_table_name = "IP_PLUS_CONFIG"; - const char *ip_plus_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_plus_field_name = "IP_PLUS_CONFIG"; memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4(maat_inst, ip_plus_table_name, ip_plus_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_plus_table_name, ip_plus_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000165"); - ret = maat_scan_not_logic(maat_inst, ip_plus_table_name, ip_plus_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_plus_table_name, ip_plus_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5374,9 +5374,9 @@ TEST_F(Policy, EvaluationOrder) { TEST_F(Policy, NotConditionHitPath) { const char *url_table_name = "HTTP_URL"; - const char *url_attribute_name = "HTTP_URL"; + const char *url_field_name = "HTTP_URL"; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "ATTRIBUTE_IP_CONFIG"; + const char *ip_field_name = "FIELD_IP_CONFIG"; const char *url = "www.youtube.com"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -5384,18 +5384,18 @@ TEST_F(Policy, NotConditionHitPath) { struct maat *maat_inst = Policy::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, url, strlen(url), + int ret = maat_scan_string(maat_inst, url_table_name, url_field_name, url, strlen(url), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); uint32_t ip_addr; inet_pton(AF_INET, "192.168.101.101", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -5409,7 +5409,7 @@ TEST_F(Policy, NotConditionHitPath) { EXPECT_EQ(n_hit_path, 4); EXPECT_EQ(hit_path[0].Nth_scan, 1); - EXPECT_STREQ(hit_path[0].attribute_name, url_attribute_name); + EXPECT_STREQ(hit_path[0].field_name, url_field_name); EXPECT_EQ(hit_path[0].negate_option, 0); EXPECT_EQ(hit_path[0].condition_index, 0); uuid_unparse(hit_path[0].sub_object_uuid, uuid_str); @@ -5421,7 +5421,7 @@ TEST_F(Policy, NotConditionHitPath) { EXPECT_EQ(hit_path[1].Nth_scan, 2); - EXPECT_STREQ(hit_path[1].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[1].field_name, ip_field_name); EXPECT_EQ(hit_path[1].negate_option, 1); EXPECT_EQ(hit_path[1].condition_index, -1); uuid_unparse(hit_path[1].sub_object_uuid, uuid_str); @@ -5431,7 +5431,7 @@ TEST_F(Policy, NotConditionHitPath) { EXPECT_EQ(uuid_is_null(hit_path[1].rule_uuid), 1); EXPECT_EQ(hit_path[2].Nth_scan, 2); - EXPECT_STREQ(hit_path[2].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[2].field_name, ip_field_name); EXPECT_EQ(hit_path[2].negate_option, 1); EXPECT_EQ(hit_path[2].condition_index, -1); uuid_unparse(hit_path[2].sub_object_uuid, uuid_str); @@ -5441,7 +5441,7 @@ TEST_F(Policy, NotConditionHitPath) { EXPECT_EQ(hit_path[3].Nth_scan, 2); - EXPECT_STREQ(hit_path[3].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[3].field_name, ip_field_name); EXPECT_EQ(hit_path[3].negate_option, 1); EXPECT_EQ(hit_path[3].condition_index, 1); uuid_unparse(hit_path[3].sub_object_uuid, uuid_str); @@ -5507,11 +5507,11 @@ TEST_F(TableInfo, Conjunction) { const char *scan_data = "soq is using table conjunction function." "http://www.3300av.com/novel/27122.txt"; const char *conj_table_name = "HTTP_HOST"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = TableInfo::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, conj_table_name, attribute_name, scan_data, + int ret = maat_scan_string(maat_inst, conj_table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -5523,7 +5523,7 @@ TEST_F(TableInfo, Conjunction) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000133"); - ret = maat_scan_not_logic(maat_inst, conj_table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, conj_table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5578,7 +5578,7 @@ struct log_handle *FileTest::logger; TEST_F(FileTest, StreamFiles) { const char test_data_dir[64] = "./test_streamfiles"; const char *keywords_table_name = "KEYWORDS_TABLE"; - const char *keywords_attribute_name = "KEYWORDS_TABLE"; + const char *keywords_field_name = "KEYWORDS_TABLE"; int thread_id = 0; struct maat *maat_inst = FileTest::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -5587,7 +5587,7 @@ TEST_F(FileTest, StreamFiles) { int n = my_scandir(test_data_dir, &name_list, NULL, (int (*)(const void*, const void*))alphasort); ASSERT_GT(n, 0); - struct maat_stream *stream = maat_stream_new(maat_inst, keywords_table_name, keywords_attribute_name, state); + struct maat_stream *stream = maat_stream_new(maat_inst, keywords_table_name, keywords_field_name, state); ASSERT_FALSE(stream == NULL); struct stat file_info; @@ -5685,13 +5685,13 @@ protected: struct maat *ObjectHierarchy::_shared_maat_inst; struct log_handle *ObjectHierarchy::logger; -TEST_F(ObjectHierarchy, AttributeOfOnePhysical) +TEST_F(ObjectHierarchy, FieldOfOnePhysical) { const char *http_content = "Batman\\:Take me Home.Superman/:Fine,stay with me."; const char *http_url = "https://blog.csdn.net/littlefang/article/details/8213058"; - const char *url_attribute_name = "HTTP_URL"; + const char *url_field_name = "HTTP_URL"; const char *url_table_name = "HTTP_URL"; - const char *keywords_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *keywords_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *keywords_table_name = "KEYWORDS_TABLE"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -5699,15 +5699,15 @@ TEST_F(ObjectHierarchy, AttributeOfOnePhysical) struct maat *maat_inst = ObjectHierarchy::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, http_url, strlen(http_url), + int ret = maat_scan_string(maat_inst, url_table_name, url_field_name, http_url, strlen(http_url), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, keywords_table_name, keywords_attribute_name, http_content, strlen(http_content), + ret = maat_scan_string(maat_inst, keywords_table_name, keywords_field_name, http_content, strlen(http_content), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -5715,7 +5715,7 @@ TEST_F(ObjectHierarchy, AttributeOfOnePhysical) uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000160"); - ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5723,12 +5723,12 @@ TEST_F(ObjectHierarchy, AttributeOfOnePhysical) const char *should_not_hit = "2018-10-05 is a keywords of table " "KEYWORDS_TABLE. Should not hit."; - ret = maat_scan_string(maat_inst, keywords_table_name, keywords_attribute_name, should_not_hit, + ret = maat_scan_string(maat_inst, keywords_table_name, keywords_field_name, should_not_hit, strlen(should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5736,10 +5736,10 @@ TEST_F(ObjectHierarchy, AttributeOfOnePhysical) state = NULL; } -TEST_F(ObjectHierarchy, OneObjectInTwoAttribute) { +TEST_F(ObjectHierarchy, OneObjectInTwoField) { const char *http_resp_hdr_cookie = "sessionid=888888;BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; sugstore=1;"; - const char *req_attribute_name = "HTTP_REQUEST_HEADER"; - const char *res_attribute_name = "HTTP_RESPONSE_HEADER"; + const char *req_field_name = "HTTP_REQUEST_HEADER"; + const char *res_field_name = "HTTP_RESPONSE_HEADER"; const char *table_name = "HTTP_SIGNATURE"; uuid_t results[ARRAY_SIZE]; @@ -5749,16 +5749,16 @@ TEST_F(ObjectHierarchy, OneObjectInTwoAttribute) { struct maat *maat_inst = ObjectHierarchy::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - ret = maat_scan_string(maat_inst, table_name, req_attribute_name, http_resp_hdr_cookie, + ret = maat_scan_string(maat_inst, table_name, req_field_name, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, req_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, req_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, res_attribute_name, http_resp_hdr_cookie, + ret = maat_scan_string(maat_inst, table_name, res_field_name, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -5767,7 +5767,7 @@ TEST_F(ObjectHierarchy, OneObjectInTwoAttribute) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000163"); - ret = maat_scan_not_logic(maat_inst, table_name, res_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, res_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5780,7 +5780,7 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) { const char *src_asn2 = "AS6789"; const char *src_asn3 = "AS9001"; const char *dst_asn = "AS2345"; - const char *src_asn_attribute_name = "SOURCE_IP_ASN"; + const char *src_asn_field_name = "SOURCE_IP_ASN"; const char *dst_asn_sttribute_name = "DESTINATION_IP_ASN"; const char *table_name = "AS_NUMBER"; uuid_t results[ARRAY_SIZE]; @@ -5792,11 +5792,11 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) { //-------------------------------------- // Source ASN1 & Dest ASN //-------------------------------------- - int ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn1, strlen(src_asn1), + int ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn1, strlen(src_asn1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5817,11 +5817,11 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) { //-------------------------------------- // Source ASN2 & Dest ASN //-------------------------------------- - ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn2, strlen(src_asn2), + ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn2, strlen(src_asn2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5841,11 +5841,11 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) { //-------------------------------------- // Source ASN3 & Dest ASN //-------------------------------------- - ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5869,10 +5869,10 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) { const char *src_asn2 = "AS6789"; const char *my_county = "Greece.Sparta"; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; - const char *src_asn_attribute_name = "SOURCE_IP_ASN"; + const char *ip_field_name = "IP_CONFIG"; + const char *src_asn_field_name = "SOURCE_IP_ASN"; const char *src_asn_table_name = "AS_NUMBER"; - const char *ip_geo_attribute_name = "SOURCE_IP_GEO"; + const char *ip_geo_field_name = "SOURCE_IP_GEO"; const char *ip_geo_table_name = "GeoLocation"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -5884,14 +5884,14 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) { // Source ASN1 & IP //-------------------------------------- - int ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_asn1, strlen(src_asn1), + int ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_asn1, strlen(src_asn1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); uint32_t ip_addr; inet_pton(AF_INET, "192.168.40.88", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -5904,11 +5904,11 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) { //-------------------------------------- // IP Geo & IP //-------------------------------------- - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -5920,15 +5920,15 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) { //-------------------------------------- // (Source ASN2 | IP Geo) & IP //-------------------------------------- - ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_asn2, strlen(src_asn2), + ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_asn2, strlen(src_asn2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -5985,7 +5985,7 @@ TEST_F(MaatCmd, SetIP) { size_t n_hit_result = 0; int thread_id = 0; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; + const char *ip_field_name = "IP_CONFIG"; const char *rule_table_name = "RULE_DEFAULT"; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -6010,7 +6010,7 @@ TEST_F(MaatCmd, SetIP) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = ip_attribute_name; + and_condition.or_conditions[0].field_name = ip_field_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6026,7 +6026,7 @@ TEST_F(MaatCmd, SetIP) { int table_id = maat_get_table_id(maat_inst, ip_table_name); ASSERT_GE(table_id, 0); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -6034,7 +6034,7 @@ TEST_F(MaatCmd, SetIP) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6046,7 +6046,7 @@ TEST_F(MaatCmd, SetExpr) { const char *scan_data = "Hiredis is a minimalistic C client library" " for the Redis database.\r\n"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *keywords1 = "Hiredis"; const char *keywords2 = "C Client"; @@ -6067,13 +6067,13 @@ TEST_F(MaatCmd, SetExpr) { snprintf(rule_uuid_str2, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); struct maat_cmd_and_condition and_condition1, and_condition2; - test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str1, 0, keywords, &and_condition1); - test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str2, 0, keywords, &and_condition2); + test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str1, 0, keywords, &and_condition1); + test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str2, 0, keywords, &and_condition2); sleep(WAIT_FOR_EFFECTIVE_S); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -6083,7 +6083,7 @@ TEST_F(MaatCmd, SetExpr) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str1); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6097,11 +6097,11 @@ TEST_F(MaatCmd, SetExpr) { EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6112,13 +6112,13 @@ TEST_F(MaatCmd, SetExpr) { char rule_uuid_str[UUID_STR_LEN] = {0}; snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); struct maat_cmd_and_condition and_condition; - test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str, timeout, keywords, &and_condition); + test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str, timeout, keywords, &and_condition); sleep(timeout + 1); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6132,7 +6132,7 @@ TEST_F(MaatCmd, SetExpr8) { const char *rule_table_name = "RULE_DEFAULT"; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; const char *keywords8 = "string1&string2&string3&string4&string5&string6&string7&string8"; const char *keywords7 = "string1&string2&string3&string4&string5&string6&string7"; @@ -6161,7 +6161,7 @@ TEST_F(MaatCmd, SetExpr8) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6170,7 +6170,7 @@ TEST_F(MaatCmd, SetExpr8) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data8, strlen(scan_data8), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data8, strlen(scan_data8), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -6178,7 +6178,7 @@ TEST_F(MaatCmd, SetExpr8) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6194,14 +6194,14 @@ TEST_F(MaatCmd, SetExpr8) { sleep(WAIT_FOR_EFFECTIVE_S); memset(&results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data7, strlen(scan_data7), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data7, strlen(scan_data7), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6214,7 +6214,7 @@ TEST_F(MaatCmd, ObjectScan) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *rule_table_name = "RULE_DEFAULT"; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -6229,7 +6229,7 @@ TEST_F(MaatCmd, ObjectScan) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6240,8 +6240,8 @@ TEST_F(MaatCmd, ObjectScan) { struct maat_hit_object hit_object; uuid_parse(object_uuid_str, hit_object.object_uuid); - strncpy(hit_object.attribute_name, attribute_name, sizeof(hit_object.attribute_name)); - ret = maat_scan_object(maat_inst, table_name, attribute_name, &hit_object, 1, results, ARRAY_SIZE, + strncpy(hit_object.field_name, field_name, sizeof(hit_object.field_name)); + ret = maat_scan_object(maat_inst, table_name, field_name, &hit_object, 1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -6254,11 +6254,11 @@ TEST_F(MaatCmd, ObjectScan) { } /** - * Filter such as URL: http://filtermenot.com => {attribute_id, object_id} + * Filter such as URL: http://filtermenot.com => {field_id, object_id} One rule reference this filter twice, the rule should be hit. */ TEST_F(MaatCmd, SameFilterRefByOneRule) { - const char *attribute_name = "HTTP_URL_FILTER"; + const char *field_name = "HTTP_URL_FILTER"; const char *table_name = "HTTP_URL"; const char *scan_data = "http://filtermenot.com"; const char *keywords = "menot.com"; @@ -6286,13 +6286,13 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) { struct maat_cmd_and_condition and_condition[2]; and_condition[0].negate_option = 0; and_condition[0].or_condition_num = 1; - and_condition[0].or_conditions[0].attribute_name = attribute_name; + and_condition[0].or_conditions[0].field_name = field_name; and_condition[0].or_conditions[0].object_num = 1; and_condition[0].or_conditions[0].object_uuids_str[0] = object_uuid_str; - //condition1 & condition2 has same filter => {attribute_name, object_uuid} + //condition1 & condition2 has same filter => {field_name, object_uuid} and_condition[1].negate_option = 0; and_condition[1].or_condition_num = 1; - and_condition[1].or_conditions[0].attribute_name = attribute_name; + and_condition[1].or_conditions[0].field_name = field_name; and_condition[1].or_conditions[0].object_num = 1; and_condition[1].or_conditions[0].object_uuids_str[0] = object_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6301,7 +6301,7 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -6309,7 +6309,7 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6319,7 +6319,7 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) { TEST_F(MaatCmd, RuleIDRecycle) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *scan_data = "Reuse rule ID is allowed."; const char *keywords = "Reuse&rule"; uuid_t results[ARRAY_SIZE]; @@ -6332,10 +6332,10 @@ TEST_F(MaatCmd, RuleIDRecycle) { char rule_uuid_str[UUID_STR_LEN] = {0}; snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); struct maat_cmd_and_condition and_condition; - test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str, 0, keywords, &and_condition); + test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str, 0, keywords, &and_condition); sleep(WAIT_FOR_EFFECTIVE_S); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -6344,7 +6344,7 @@ TEST_F(MaatCmd, RuleIDRecycle) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6353,28 +6353,28 @@ TEST_F(MaatCmd, RuleIDRecycle) { rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_DEL, rule_uuid_str, &and_condition, 1, NULL, 0); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str, 0, keywords, &and_condition); + test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str, 0, keywords, &and_condition); sleep(WAIT_FOR_EFFECTIVE_S); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6384,7 +6384,7 @@ TEST_F(MaatCmd, RuleIDRecycle) { TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *scan_data = "This string will hit mulptiple rules."; const char *keywords = "string will hit"; uuid_t results[ARRAY_SIZE]; @@ -6404,13 +6404,13 @@ TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) { struct maat_cmd_and_condition and_condition; expect_rule_id[i] = rule_id + 1 - repeat_times + i; snprintf(rule_uuid_str_array[i], UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", expect_rule_id[i]); - test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str_array[i], 0, keywords, &and_condition); + test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str_array[i], 0, keywords, &and_condition); } sleep(WAIT_FOR_EFFECTIVE_S); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, repeat_times); @@ -6420,7 +6420,7 @@ TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) { EXPECT_STREQ(uuid_str, rule_uuid_str_array[repeat_times - i - 1]); } - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6429,7 +6429,7 @@ TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) { TEST_F(MaatCmd, SubObject) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *rule_table_name = "RULE_DEFAULT"; const char *object_group_table_name = "OBJECT_GROUP"; const char *scan_data1 = "www.v2ex.com/t/573028#程序员的核心竞争力是什么"; @@ -6473,7 +6473,7 @@ TEST_F(MaatCmd, SubObject) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6493,7 +6493,7 @@ TEST_F(MaatCmd, SubObject) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -6503,7 +6503,7 @@ TEST_F(MaatCmd, SubObject) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6518,14 +6518,14 @@ TEST_F(MaatCmd, SubObject) { EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6545,14 +6545,14 @@ TEST_F(MaatCmd, SubObject) { EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6576,11 +6576,11 @@ TEST_F(MaatCmd, SubObject) { ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_uuid_str, object3_uuid_str, keyword2, EXPR_TYPE_AND, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ sleep(2); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data2, strlen(scan_data2), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data2, strlen(scan_data2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6601,14 +6601,14 @@ TEST_F(MaatCmd, SubObject) { EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6618,7 +6618,7 @@ TEST_F(MaatCmd, SubObject) { TEST_F(MaatCmd, RefObject) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char* rule_table_name = "RULE_DEFAULT"; const char* scan_data1 = "m.facebook.com/help/2297503110373101?helpref=hc_nav&refid=69"; const char* keyword1 = "something-should-not-hit"; @@ -6646,7 +6646,7 @@ TEST_F(MaatCmd, RefObject) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6679,7 +6679,7 @@ TEST_F(MaatCmd, RefObject) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -6687,7 +6687,7 @@ TEST_F(MaatCmd, RefObject) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6695,11 +6695,11 @@ TEST_F(MaatCmd, RefObject) { state = NULL; } -TEST_F(MaatCmd, Attribute) { +TEST_F(MaatCmd, Field) { const char* rule_table_name = "RULE_DEFAULT"; const char* table_name="HTTP_SIGNATURE"; - const char *attribute_req_name = "HTTP_REQUEST_HEADER"; - const char *attribute_resp_name = "HTTP_RESPONSE_HEADER"; + const char *field_req_name = "HTTP_REQUEST_HEADER"; + const char *field_resp_name = "HTTP_RESPONSE_HEADER"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -6737,12 +6737,12 @@ TEST_F(MaatCmd, Attribute) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = attribute_req_name; + and_conditions[0].or_conditions[0].field_name = field_req_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = attribute_resp_name; + and_conditions[1].or_conditions[0].field_name = field_resp_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6757,16 +6757,16 @@ TEST_F(MaatCmd, Attribute) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, table_name, attribute_req_name, http_req_hdr_ua, + ret = maat_scan_string(maat_inst, table_name, field_req_name, http_req_hdr_ua, strlen(http_req_hdr_ua), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_req_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_req_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_resp_name, http_resp_hdr_cookie, + ret = maat_scan_string(maat_inst, table_name, field_resp_name, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -6775,7 +6775,7 @@ TEST_F(MaatCmd, Attribute) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_resp_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_resp_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6786,7 +6786,7 @@ TEST_F(MaatCmd, Attribute) { rule1_uuid_str, and_conditions, 2, NULL, 0); and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = attribute_resp_name; + and_conditions[0].or_conditions[0].field_name = field_resp_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object2_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6795,7 +6795,7 @@ TEST_F(MaatCmd, Attribute) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_resp_name, http_resp_hdr_cookie, + ret = maat_scan_string(maat_inst, table_name, field_resp_name, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -6803,7 +6803,7 @@ TEST_F(MaatCmd, Attribute) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_resp_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_resp_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7088,7 +7088,7 @@ TEST_F(MaatCmd, RuleEXData) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = "HTTP_URL"; + and_condition.or_conditions[0].field_name = "HTTP_URL"; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -7502,9 +7502,9 @@ TEST_F(MaatCmd, UpdateBoolPlugin) { TEST_F(MaatCmd, ObjectInMassRules) { const char* rule_table_name = "RULE_DEFAULT"; const char* url_table_name = "HTTP_URL"; - const char* url_attribute_anme = "HTTP_URL"; + const char* url_field_anme = "HTTP_URL"; const char* appid_table_name = "APP_ID"; - const char* appid_attribute_name = "APP_ID"; + const char* appid_field_name = "APP_ID"; int thread_id = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -7551,12 +7551,12 @@ TEST_F(MaatCmd, ObjectInMassRules) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = url_attribute_anme; + and_conditions[0].or_conditions[0].field_name = url_field_anme; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = appid_attribute_name; + and_conditions[1].or_conditions[0].field_name = appid_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str; for (i = 0; i < RULE_ID_NUMS; i++) { @@ -7578,12 +7578,12 @@ TEST_F(MaatCmd, ObjectInMassRules) { struct maat_cmd_and_condition target_and_conditions[2]; target_and_conditions[0].negate_option = 0; target_and_conditions[0].or_condition_num = 1; - target_and_conditions[0].or_conditions[0].attribute_name = url_attribute_anme; + target_and_conditions[0].or_conditions[0].field_name = url_field_anme; target_and_conditions[0].or_conditions[0].object_num = 1; target_and_conditions[0].or_conditions[0].object_uuids_str[0] = object2_uuid_str; target_and_conditions[1].negate_option = 0; target_and_conditions[1].or_condition_num = 1; - target_and_conditions[1].or_conditions[0].attribute_name = appid_attribute_name; + target_and_conditions[1].or_conditions[0].field_name = appid_field_name; target_and_conditions[1].or_conditions[0].object_num = 1; target_and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -7598,15 +7598,15 @@ TEST_F(MaatCmd, ObjectInMassRules) { uuid_t results[4]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, url_table_name, url_attribute_anme, http_url2, strlen(http_url2), + ret = maat_scan_string(maat_inst, url_table_name, url_field_anme, http_url2, strlen(http_url2), results, 4, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_anme, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_anme, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_integer(maat_inst, appid_table_name, appid_attribute_name, 100, results, 4, + ret = maat_scan_integer(maat_inst, appid_table_name, appid_field_name, 100, results, 4, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -7614,26 +7614,26 @@ TEST_F(MaatCmd, ObjectInMassRules) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, target_rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, url_table_name, url_attribute_anme, http_url1, strlen(http_url1), + ret = maat_scan_string(maat_inst, url_table_name, url_field_anme, http_url1, strlen(http_url1), results, 4, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_anme, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_anme, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_integer(maat_inst, appid_table_name, appid_attribute_name, 100, results, 4, + ret = maat_scan_integer(maat_inst, appid_table_name, appid_field_name, 100, results, 4, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 4); - ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7648,7 +7648,7 @@ TEST_F(MaatCmd, HitObject) { const char *http_req_attr_name = "HTTP_REQUEST_HEADER"; const char *http_resp_attr_name = "HTTP_RESPONSE_HEADER"; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; + const char *ip_field_name = "IP_CONFIG"; const char *keywords_table_name = "KEYWORDS_TABLE"; const char *keywords_attr_name = "KEYWORDS"; int thread_id = 0, ret = 0; @@ -7686,12 +7686,12 @@ TEST_F(MaatCmd, HitObject) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = http_req_attr_name; + and_conditions[0].or_conditions[0].field_name = http_req_attr_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = http_resp_attr_name; + and_conditions[1].or_conditions[0].field_name = http_resp_attr_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -7800,7 +7800,7 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item1_uuid_str); uuid_unparse(hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(hit_objects[0].attribute_name, http_req_attr_name); + EXPECT_STREQ(hit_objects[0].field_name, http_req_attr_name); memset(hit_objects, 0, sizeof(hit_objects)); n_hit_object = maat_state_get_indirect_hit_object_cnt(state); @@ -7809,7 +7809,7 @@ TEST_F(MaatCmd, HitObject) { EXPECT_TRUE(uuid_is_null(hit_objects[0].item_uuid)); uuid_unparse(hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object11_uuid_str); - EXPECT_STREQ(hit_objects[0].attribute_name, http_req_attr_name); + EXPECT_STREQ(hit_objects[0].field_name, http_req_attr_name); size_t n_last_hit_object = maat_state_get_last_hit_object_cnt(state); struct maat_hit_object last_hit_objects[128]; @@ -7820,12 +7820,12 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item1_uuid_str); uuid_unparse(last_hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(last_hit_objects[0].attribute_name, http_req_attr_name); + EXPECT_STREQ(last_hit_objects[0].field_name, http_req_attr_name); EXPECT_TRUE(uuid_is_null(last_hit_objects[1].item_uuid)); uuid_unparse(last_hit_objects[1].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object11_uuid_str); - EXPECT_STREQ(last_hit_objects[1].attribute_name, http_req_attr_name); + EXPECT_STREQ(last_hit_objects[1].field_name, http_req_attr_name); ret = maat_scan_string(maat_inst, http_sig_table_name, http_resp_attr_name, http_resp_hdr_cookie, @@ -7848,7 +7848,7 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item2_uuid_str); uuid_unparse(hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); - EXPECT_STREQ(hit_objects[0].attribute_name, http_resp_attr_name); + EXPECT_STREQ(hit_objects[0].field_name, http_resp_attr_name); memset(hit_objects, 0, sizeof(hit_objects)); n_hit_object = maat_state_get_indirect_hit_object_cnt(state); @@ -7857,7 +7857,7 @@ TEST_F(MaatCmd, HitObject) { EXPECT_TRUE(uuid_is_null(hit_objects[0].item_uuid)); uuid_unparse(hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_objects[0].attribute_name, http_resp_attr_name); + EXPECT_STREQ(hit_objects[0].field_name, http_resp_attr_name); n_last_hit_object = maat_state_get_last_hit_object_cnt(state); maat_state_get_last_hit_objects(state, last_hit_objects, 128); @@ -7867,12 +7867,12 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item2_uuid_str); uuid_unparse(last_hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); - EXPECT_STREQ(last_hit_objects[0].attribute_name, http_resp_attr_name); + EXPECT_STREQ(last_hit_objects[0].field_name, http_resp_attr_name); EXPECT_TRUE(uuid_is_null(last_hit_objects[1].item_uuid)); uuid_unparse(last_hit_objects[1].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(last_hit_objects[1].attribute_name, http_resp_attr_name); + EXPECT_STREQ(last_hit_objects[1].field_name, http_resp_attr_name); const char* keywords1="In graph theory, hit object item forth"; const char *keywords2="To test one object hit object item fifth"; @@ -7886,7 +7886,7 @@ TEST_F(MaatCmd, HitObject) { uint32_t ip_addr; inet_pton(AF_INET, "220.181.38.150", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -7902,13 +7902,13 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item4_uuid_str); uuid_unparse(hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object4_uuid_str); - EXPECT_STREQ(hit_objects[0].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_objects[0].field_name, keywords_attr_name); uuid_unparse(hit_objects[1].item_uuid, uuid_str); EXPECT_STREQ(uuid_str, item3_uuid_str); uuid_unparse(hit_objects[1].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object3_uuid_str); - EXPECT_STREQ(hit_objects[1].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_objects[1].field_name, ip_field_name); ret = maat_stream_scan(stream, keywords2, strlen(keywords2), results, ARRAY_SIZE, &n_hit_result, state); @@ -7926,7 +7926,7 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item5_uuid_str); uuid_unparse(hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(hit_objects[0].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_objects[0].field_name, keywords_attr_name); n_last_hit_object = maat_state_get_last_hit_object_cnt(state); maat_state_get_last_hit_objects(state, last_hit_objects, 128); @@ -7936,12 +7936,12 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item5_uuid_str); uuid_unparse(last_hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(last_hit_objects[0].attribute_name, keywords_attr_name); + EXPECT_STREQ(last_hit_objects[0].field_name, keywords_attr_name); EXPECT_TRUE(uuid_is_null(last_hit_objects[1].item_uuid)); uuid_unparse(last_hit_objects[1].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object11_uuid_str); - EXPECT_STREQ(last_hit_objects[1].attribute_name, keywords_attr_name); + EXPECT_STREQ(last_hit_objects[1].field_name, keywords_attr_name); maat_stream_free(stream); maat_state_free(state); @@ -7955,7 +7955,7 @@ TEST_F(MaatCmd, HitPathBasic) { const char *http_req_attr_name = "HTTP_REQUEST_HEADER"; const char *http_resp_attr_name = "HTTP_RESPONSE_HEADER"; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; + const char *ip_field_name = "IP_CONFIG"; const char *keywords_table_name = "KEYWORDS_TABLE"; const char *keywords_attr_name = "KEYWORDS"; int thread_id = 0, ret = 0; @@ -7990,12 +7990,12 @@ TEST_F(MaatCmd, HitPathBasic) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = http_req_attr_name; + and_conditions[0].or_conditions[0].field_name = http_req_attr_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = http_resp_attr_name; + and_conditions[1].or_conditions[0].field_name = http_resp_attr_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); @@ -8100,7 +8100,7 @@ TEST_F(MaatCmd, HitPathBasic) { EXPECT_STREQ(uuid_str, object1_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object11_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_req_attr_name); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); path_idx++; @@ -8110,7 +8110,7 @@ TEST_F(MaatCmd, HitPathBasic) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_req_attr_name); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); Nth_scan++; @@ -8163,7 +8163,7 @@ TEST_F(MaatCmd, HitPathBasic) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_resp_attr_name); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8175,7 +8175,7 @@ TEST_F(MaatCmd, HitPathBasic) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_resp_attr_name); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); const char* keywords1="In graph theory, a path in a graph is a finite or infinite \ @@ -8209,18 +8209,18 @@ that the edges be all directed in the same direction."; uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object4_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); Nth_scan++; uint32_t ip_addr; inet_pton(AF_INET, "220.181.38.148", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -8238,7 +8238,7 @@ that the edges be all directed in the same direction."; uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object3_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); Nth_scan++; @@ -8264,7 +8264,7 @@ that the edges be all directed in the same direction."; uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object4_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); maat_stream_free(stream); @@ -8290,7 +8290,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { const char *object_group_table_name = "OBJECT_GROUP"; const char *rule_table_name = "RULE_DEFAULT"; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; + const char *ip_field_name = "IP_CONFIG"; const char *keywords_table_name = "KEYWORDS_TABLE"; const char *keywords_attr_name = "KEYWORDS"; int thread_id = 0, ret = 0; @@ -8326,12 +8326,12 @@ TEST_F(MaatCmd, HitPathAdvanced) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = keywords_attr_name; + and_conditions[0].or_conditions[0].field_name = keywords_attr_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = keywords_attr_name; + and_conditions[1].or_conditions[0].field_name = keywords_attr_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -8385,12 +8385,12 @@ TEST_F(MaatCmd, HitPathAdvanced) { snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id); and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = keywords_attr_name; + and_conditions[0].or_conditions[0].field_name = keywords_attr_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object21_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].field_name = ip_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -8430,12 +8430,12 @@ TEST_F(MaatCmd, HitPathAdvanced) { snprintf(rule3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule3_id); and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[0].or_conditions[0].field_name = ip_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object3_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = keywords_attr_name; + and_conditions[1].or_conditions[0].field_name = keywords_attr_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object4_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -8470,7 +8470,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, -1); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -8493,7 +8493,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object1_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8507,7 +8507,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 1); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8520,14 +8520,14 @@ TEST_F(MaatCmd, HitPathAdvanced) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, -1); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); uint32_t ip_addr; inet_pton(AF_INET, "220.181.38.168", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -8546,7 +8546,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object1_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8560,7 +8560,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); @@ -8573,7 +8573,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, -1); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -8586,7 +8586,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object3_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object3_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name); EXPECT_EQ(hit_path[path_idx].condition_index, 1); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); @@ -8600,7 +8600,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 1); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8626,7 +8626,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object1_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8640,7 +8640,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); @@ -8653,7 +8653,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, -1); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -8666,7 +8666,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object3_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object3_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name); EXPECT_EQ(hit_path[path_idx].condition_index, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule3_uuid_str); @@ -8680,7 +8680,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object4_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object4_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 1); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule3_uuid_str); @@ -8694,7 +8694,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object3_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object3_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name); EXPECT_EQ(hit_path[path_idx].condition_index, 1); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); @@ -8708,7 +8708,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 1); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8724,7 +8724,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { const char *http_req_attr_name = "HTTP_REQUEST_HEADER"; const char *http_resp_attr_name = "HTTP_RESPONSE_HEADER"; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; + const char *ip_field_name = "IP_CONFIG"; const char *keywords_table_name = "KEYWORDS_TABLE"; const char *keywords_attr_name = "KEYWORDS"; int thread_id = 0, ret = 0; @@ -8759,12 +8759,12 @@ TEST_F(MaatCmd, HitPathHasNotObject) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 1; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = http_req_attr_name; + and_conditions[0].or_conditions[0].field_name = http_req_attr_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = http_resp_attr_name; + and_conditions[1].or_conditions[0].field_name = http_resp_attr_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -8867,7 +8867,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { EXPECT_STREQ(uuid_str, object1_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object11_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_req_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 1); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -8877,7 +8877,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_req_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 1); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -8932,7 +8932,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_resp_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8945,7 +8945,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_resp_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -8979,18 +8979,18 @@ TEST_F(MaatCmd, HitPathHasNotObject) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object4_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); Nth_scan++; uint32_t ip_addr; inet_pton(AF_INET, "220.181.38.158", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9008,7 +9008,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object3_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -9035,7 +9035,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object4_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -9081,7 +9081,7 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = http_resp_attr_name; + and_condition.or_conditions[0].field_name = http_resp_attr_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object52_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9161,9 +9161,9 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) { TEST_F(MaatCmd, ObjectEdit) { const char *rule_table_name = "RULE_DEFAULT"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; const char *app_id_table_name = "APP_ID"; - const char *app_id_attribute_name = "APP_ID"; + const char *app_id_field_name = "APP_ID"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9199,12 +9199,12 @@ TEST_F(MaatCmd, ObjectEdit) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[0].or_conditions[0].field_name = ip_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object11_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = app_id_attribute_name; + and_conditions[1].or_conditions[0].field_name = app_id_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9219,20 +9219,20 @@ TEST_F(MaatCmd, ObjectEdit) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); int scan_app_id = 42; - ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, results, + ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_field_name, scan_app_id, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9253,12 +9253,12 @@ TEST_F(MaatCmd, ObjectEdit) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, results, + ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_field_name, scan_app_id, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -9266,7 +9266,7 @@ TEST_F(MaatCmd, ObjectEdit) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9287,19 +9287,19 @@ TEST_F(MaatCmd, ObjectEdit) { sleep(WAIT_FOR_EFFECTIVE_S); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, results, + ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_field_name, scan_app_id, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9310,7 +9310,7 @@ TEST_F(MaatCmd, ObjectEdit) { TEST_F(MaatCmd, RuleDelete_TSG6548) { const char* rule_table_name = "RULE_DEFAULT"; const char* ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9333,7 +9333,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { struct maat_cmd_and_condition and_conditions[1]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[0].or_conditions[0].field_name = ip_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object11_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9351,7 +9351,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { int table_id = maat_get_table_id(maat_inst, ip_table_name); ASSERT_GT(table_id, 0); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -9359,7 +9359,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9372,7 +9372,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { time_t update_time = time(NULL); time_t now = update_time; while (now - update_time < 3) { - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); if (ret == MAAT_SCAN_HIT) { hit_cnt++; @@ -9393,7 +9393,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { TEST_F(MaatCmd, UpdateDeadLockDetection) { const char* rule_table_name = "RULE_DEFAULT"; const char* table_http_url = "HTTP_URL"; - const char *attribute_http_url = "HTTP_URL"; + const char *field_http_url = "HTTP_URL"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9417,7 +9417,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { struct maat_cmd_and_condition and_conditions[1]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = attribute_http_url; + and_conditions[0].or_conditions[0].field_name = field_http_url; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9432,7 +9432,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, table_http_url, attribute_http_url, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_http_url, field_http_url, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -9440,7 +9440,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_http_url, attribute_http_url, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_http_url, field_http_url, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9475,12 +9475,12 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { sleep(10); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_http_url, attribute_http_url, scan_data2, strlen(scan_data2), + ret = maat_scan_string(maat_inst, table_http_url, field_http_url, scan_data2, strlen(scan_data2), results, ARRAY_SIZE, &n_hit_result, state); //After full update, condition ids are re-orgnized, therefore mid are not compatible to the new scanner (hierarchy). EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_http_url, attribute_http_url, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_http_url, field_http_url, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9491,7 +9491,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { const char* rule_table_name = "RULE_DEFAULT"; const char* scan_table_name = "KEYWORDS_TABLE"; - const char *scan_attribute_name = "KEYWORDS_TABLE"; + const char *scan_field_name = "KEYWORDS_TABLE"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9507,7 +9507,7 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { struct maat_cmd_and_condition and_conditions[1]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = scan_attribute_name; + and_conditions[0].or_conditions[0].field_name = scan_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9520,12 +9520,12 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_attribute_name, state); + struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_field_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9547,13 +9547,13 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_stream_free(stream); - stream = maat_stream_new(maat_inst, scan_table_name, scan_attribute_name, state); + stream = maat_stream_new(maat_inst, scan_table_name, scan_field_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -9562,7 +9562,7 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9574,7 +9574,7 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { const char* rule_table_name = "RULE_DEFAULT"; const char* scan_table_name = "KEYWORDS_TABLE"; - const char *scan_attribute_name = "KEYWORDS_TABLE"; + const char *scan_field_name = "KEYWORDS_TABLE"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9598,7 +9598,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { struct maat_cmd_and_condition and_conditions[1]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = scan_attribute_name; + and_conditions[0].or_conditions[0].field_name = scan_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9611,7 +9611,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_attribute_name, state); + struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_field_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -9620,7 +9620,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9637,7 +9637,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); //Scan was interupted after full update. - ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9649,9 +9649,9 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { const char *rule_table_name = "RULE_DEFAULT"; const char *expr_table_name = "KEYWORDS_TABLE"; - const char *expr_attribute_name = "KEYWORDS_TABLE"; + const char *expr_field_name = "KEYWORDS_TABLE"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9689,12 +9689,12 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name; + and_conditions[0].or_conditions[0].field_name = expr_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].field_name = ip_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9713,11 +9713,11 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { int table_id = maat_get_table_id(maat_inst, ip_table_name); ASSERT_GT(table_id, 0); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9733,7 +9733,7 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { const char *scan_data = "Here is a stream-keywords-003, this should hit."; - struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_attribute_name, state); + struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_field_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -9742,21 +9742,21 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); /* becase rule1_id has been returned, maat_scan_xx will not return duplicate rule_id again */ - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9768,9 +9768,9 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { const char *rule_table_name = "RULE_DEFAULT"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; const char *expr_table_name = "KEYWORDS_TABLE"; - const char *expr_attribute_name = "KEYWORDS_TABLE"; + const char *expr_field_name = "KEYWORDS_TABLE"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9809,12 +9809,12 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name; + and_conditions[0].or_conditions[0].field_name = expr_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].field_name = ip_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9830,11 +9830,11 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { ret = inet_pton(AF_INET, ip_str, &ip_addr); EXPECT_EQ(ret, 1); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9847,12 +9847,12 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { const char *scan_data = "Here is a stream-keywords-004, this should hit."; - struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_attribute_name, state); + struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_field_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9860,11 +9860,11 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { After full updating, new rule_rt version is different from that of maat_state, so MAAT_SCAN_HIT will never happen. */ - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9876,9 +9876,9 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { const char *rule_table_name = "RULE_DEFAULT"; const char *expr_table_name = "HTTP_URL"; - const char *expr_attribute_name = "HTTP_URL"; + const char *expr_field_name = "HTTP_URL"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; const char *keywords = "IP&stringinc"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; @@ -9917,12 +9917,12 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name; + and_conditions[0].or_conditions[0].field_name = expr_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].field_name = ip_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9938,11 +9938,11 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { ret = inet_pton(AF_INET, ip_str, &ip_addr); EXPECT_EQ(ret, 1); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9958,7 +9958,7 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { const char *scan_data = "Here is a IP and stringinc, this should hit."; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -9966,21 +9966,21 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); /* becase rule1_id has been returned, maat_scan_xx will not return duplicate rule_id again */ - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9991,9 +9991,9 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { const char *rule_table_name = "RULE_DEFAULT"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; const char *expr_table_name = "HTTP_URL"; - const char *expr_attribute_name = "HTTP_URL"; + const char *expr_field_name = "HTTP_URL"; const char *keywords = "IP&string"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; @@ -10032,12 +10032,12 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name; + and_conditions[0].or_conditions[0].field_name = expr_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].field_name = ip_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -10053,11 +10053,11 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { ret = inet_pton(AF_INET, ip_str, &ip_addr); EXPECT_EQ(ret, 1); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10070,11 +10070,11 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { const char *scan_data = "scan IP and string, this should hit."; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10082,11 +10082,11 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { After full updating, new rule_rt version is different from that of maat_state, so MAAT_SCAN_HIT will never happen. */ - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10231,7 +10231,7 @@ rollback_redis_version(redisContext *c, struct log_handle *logger) TEST_F(MaatRollback, FullConfigRollback) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = MaatRollback::_shared_maat_inst; struct log_handle *logger = MaatRollback::logger; @@ -10242,7 +10242,7 @@ TEST_F(MaatRollback, FullConfigRollback) { const char *scan_data = "http://www.cyberessays.com/search_results.php?" "action=search&query=username,abckkk,1234567"; - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -10250,7 +10250,7 @@ TEST_F(MaatRollback, FullConfigRollback) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10275,14 +10275,14 @@ TEST_F(MaatRollback, FullConfigRollback) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10292,7 +10292,7 @@ TEST_F(MaatRollback, FullConfigRollback) { TEST_F(MaatRollback, FullConfigRollbackWhenScanUnfinished) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = MaatRollback::_shared_maat_inst; struct log_handle *logger = MaatRollback::logger; @@ -10303,7 +10303,7 @@ TEST_F(MaatRollback, FullConfigRollbackWhenScanUnfinished) { const char *scan_data = "http://www.cyberessays.com/search_results.php?" "action=search&query=username,abckkk,1234567"; - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -10311,7 +10311,7 @@ TEST_F(MaatRollback, FullConfigRollbackWhenScanUnfinished) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10336,14 +10336,14 @@ TEST_F(MaatRollback, FullConfigRollbackWhenScanUnfinished) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); diff --git a/test/maat_json.json b/test/maat_json.json index d387590..f159902 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -623,13 +623,13 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IP_CONFIG", + "field_name": "IP_CONFIG", "object_uuids": [ "00000000-0000-0000-0000-000000000100" ] }, { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "123_url_object", @@ -659,13 +659,13 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IP_CONFIG", + "field_name": "IP_CONFIG", "object_uuids": [ "00000000-0000-0000-0000-000000000100" ] }, { - "attribute_name": "CONTENT_SIZE", + "field_name": "CONTENT_SIZE", "objects": [ { "object_name": "124_interval_object", @@ -694,7 +694,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "125_url_object", @@ -724,7 +724,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "126_url_object", @@ -743,7 +743,7 @@ ] }, { - "attribute_name": "CONTENT_SIZE", + "field_name": "CONTENT_SIZE", "object_uuids": [ "00000000-0000-0000-0000-000000000106" ] @@ -760,7 +760,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_SIGNATURE", + "field_name": "HTTP_SIGNATURE", "objects": [ { "object_name": "128_expr_object", @@ -791,7 +791,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "129_url_object", @@ -821,7 +821,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "objects": [ { "object_name": "130_keywords_object", @@ -851,7 +851,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "objects": [ { "object_name": "131_keywords_object", @@ -881,7 +881,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "object_name": "TakeMeHome", "object_uuid": "00000000-0000-0000-0000-000000000111" } @@ -897,7 +897,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "133_host_object", @@ -927,7 +927,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "134_url_object", @@ -958,7 +958,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IMAGE_FP", + "field_name": "IMAGE_FP", "objects": [ { "object_name": "136_expr_object", @@ -989,7 +989,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IMAGE_FP", + "field_name": "IMAGE_FP", "objects": [ { "object_name": "137_expr_object", @@ -1020,7 +1020,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "138_url_object", @@ -1051,7 +1051,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "139_url_object", @@ -1081,7 +1081,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "objects": [ { "object_name": "140_keywords_object", @@ -1113,7 +1113,7 @@ "and_conditions": [ { "o2r_table_name": "OBJECT2RULE_ALIAS", - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "141_url_object", @@ -1143,7 +1143,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "142_url_object", @@ -1173,7 +1173,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL_FILTER", + "field_name": "HTTP_URL_FILTER", "negate_option": false, "objects": [ { @@ -1193,7 +1193,7 @@ ] }, { - "attribute_name": "HTTP_URL_FILTER", + "field_name": "HTTP_URL_FILTER", "negate_option": true, "objects": [ { @@ -1224,7 +1224,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL_FILTER", + "field_name": "HTTP_URL_FILTER", "negate_option": false, "objects": [ { @@ -1244,7 +1244,7 @@ ] }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS", + "field_name": "HTTP_RESPONSE_KEYWORDS", "negate_option": true, "objects": [ { @@ -1275,7 +1275,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "negate_option": false, "objects": [ { @@ -1295,7 +1295,7 @@ ] }, { - "attribute_name": "ATTRIBUTE_IP_CONFIG", + "field_name": "FIELD_IP_CONFIG", "negate_option": true, "object_uuids": [ "00000000-0000-0000-0000-000000000100" @@ -1313,7 +1313,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL_FILTER", + "field_name": "HTTP_URL_FILTER", "negate_option": false, "condition_index": 0, "objects": [ @@ -1334,7 +1334,7 @@ ] }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS", + "field_name": "HTTP_RESPONSE_KEYWORDS", "negate_option": true, "condition_index": 1, "objects": [ @@ -1355,7 +1355,7 @@ ] }, { - "attribute_name": "ATTRIBUTE_IP_CONFIG", + "field_name": "FIELD_IP_CONFIG", "negate_option": true, "condition_index": 2, "object_uuids": [ @@ -1374,7 +1374,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_RESPONSE_KEYWORDS_1", + "field_name": "HTTP_RESPONSE_KEYWORDS_1", "negate_option": true, "condition_index": 0, "objects": [ @@ -1395,7 +1395,7 @@ ] }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS_2", + "field_name": "HTTP_RESPONSE_KEYWORDS_2", "negate_option": true, "condition_index": 1, "objects": [ @@ -1416,7 +1416,7 @@ ] }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS_3", + "field_name": "HTTP_RESPONSE_KEYWORDS_3", "negate_option": true, "condition_index": 2, "objects": [ @@ -1437,7 +1437,7 @@ ] }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS_4", + "field_name": "HTTP_RESPONSE_KEYWORDS_4", "negate_option": true, "condition_index": 3, "objects": [ @@ -1458,7 +1458,7 @@ ] }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS_5", + "field_name": "HTTP_RESPONSE_KEYWORDS_5", "negate_option": true, "condition_index": 4, "objects": [ @@ -1479,7 +1479,7 @@ ] }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS_6", + "field_name": "HTTP_RESPONSE_KEYWORDS_6", "negate_option": true, "condition_index": 5, "objects": [ @@ -1500,7 +1500,7 @@ ] }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS_7", + "field_name": "HTTP_RESPONSE_KEYWORDS_7", "negate_option": true, "condition_index": 6, "objects": [ @@ -1521,7 +1521,7 @@ ] }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS_8", + "field_name": "HTTP_RESPONSE_KEYWORDS_8", "negate_option": true, "condition_index": 7, "objects": [ @@ -1553,7 +1553,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "148_url_object", @@ -1583,7 +1583,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "TROJAN_PAYLOAD", + "field_name": "TROJAN_PAYLOAD", "objects": [ { "object_name": "billgates_regist1", @@ -1602,7 +1602,7 @@ ] }, { - "attribute_name": "TROJAN_PAYLOAD", + "field_name": "TROJAN_PAYLOAD", "objects": [ { "object_name": "billgates_regist2", @@ -1632,7 +1632,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "MAIL_ADDR", + "field_name": "MAIL_ADDR", "objects": [ { "object_name": "151_expr_object", @@ -1662,13 +1662,13 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "MAIL_ADDR", + "field_name": "MAIL_ADDR", "object_uuids": [ "00000000-0000-0000-0000-000000000141" ] }, { - "attribute_name": "CONTENT_SIZE", + "field_name": "CONTENT_SIZE", "object_uuids": [ "00000000-0000-0000-0000-000000000500" ] @@ -1685,7 +1685,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "MAIL_ADDR", + "field_name": "MAIL_ADDR", "negate_option": false, "object_uuids": [ "00000000-0000-0000-0000-000000000143", @@ -1693,7 +1693,7 @@ ] }, { - "attribute_name": "IP_CONFIG", + "field_name": "IP_CONFIG", "object_uuids": [ "00000000-0000-0000-0000-000000000502" ] @@ -1710,7 +1710,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "negate_option": false, "objects": [ { @@ -1740,7 +1740,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "negate_option": false, "objects": [ { @@ -1770,7 +1770,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "TROJAN_PAYLOAD", + "field_name": "TROJAN_PAYLOAD", "objects": [ { "object_name": "157_expr_object", @@ -1800,7 +1800,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "objects": [ { "object_name": "158_IP_object", @@ -1829,7 +1829,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "objects": [ { "object_name": "159_IP_object", @@ -1854,18 +1854,18 @@ "action": 0, "do_blacklist": 0, "do_log": 0, - "action_parameter": "AttributeWithOnePhysical", + "action_parameter": "FieldWithOnePhysical", "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_RESPONSE_KEYWORDS", + "field_name": "HTTP_RESPONSE_KEYWORDS", "negate_option": false, "object_uuids":[ "00000000-0000-0000-0000-000000000111" ] }, { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "negate_option": false, "objects": [ { @@ -1892,11 +1892,11 @@ "action": 0, "do_blacklist": 0, "do_log": 0, - "action_parameter": "OneObjectInTwoAttribute", + "action_parameter": "OneObjectInTwoField", "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_REQUEST_HEADER", + "field_name": "HTTP_REQUEST_HEADER", "negate_option": false, "objects": [ { @@ -1926,7 +1926,7 @@ ] }, { - "attribute_name": "HTTP_RESPONSE_HEADER", + "field_name": "HTTP_RESPONSE_HEADER", "negate_option": false, "object_name": "vt_grp_http_sig2" } @@ -1942,7 +1942,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "objects": [ { "object_name": "164_keywords_object", @@ -1973,7 +1973,7 @@ "evaluation_order": "2.111", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "165_url_object", @@ -1992,7 +1992,7 @@ ] }, { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "negate_option": false, "objects": [ { @@ -2023,7 +2023,7 @@ "evaluation_order": "100.233", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "166_url_object", @@ -2054,14 +2054,14 @@ "evaluation_order": "300.999", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "condition_index": 1, "object_uuids": [ "00000000-0000-0000-0000-000000000158" ] }, { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "object_uuids": [ "00000000-0000-0000-0000-000000000158" ], @@ -2080,14 +2080,14 @@ "evaluation_order": "0", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "object_uuids": [ "00000000-0000-0000-0000-000000000158" ], "condition_index": 2 }, { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "object_uuids": [ "00000000-0000-0000-0000-000000000158" ], @@ -2105,7 +2105,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "condition_index": 0, "negate_option": false, "objects": [ @@ -2132,15 +2132,15 @@ "action": 0, "do_blacklist": 0, "do_log": 0, - "action_parameter": "IPScan.IPv4_attribute_name.source", + "action_parameter": "IPScan.IPv4_field_name.source", "is_valid": "no", "and_conditions": [ { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "negate_option": false, "objects": [ { - "object_name": "ipv4_attribute_name.source", + "object_name": "ipv4_field_name.source", "uuid": "00000000-0000-0000-0000-000000000161", "items": [ { @@ -2162,15 +2162,15 @@ "action": 0, "do_blacklist": 0, "do_log": 0, - "action_parameter": "IPScan.IPv4_attribute_name.destination", + "action_parameter": "IPScan.IPv4_field_name.destination", "is_valid": "no", "and_conditions": [ { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "negate_option": false, "objects": [ { - "object_name": "ipv4_attribute_name.destination", + "object_name": "ipv4_field_name.destination", "uuid": "00000000-0000-0000-0000-000000000162", "items": [ { @@ -2196,7 +2196,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "ASN_NOT_LOGIC", + "field_name": "ASN_NOT_LOGIC", "negate_option": true, "object_uuids": [ "00000000-0000-0000-0000-000000000001", @@ -2206,7 +2206,7 @@ "condition_index": 0 }, { - "attribute_name": "DESTINATION_IP_ASN", + "field_name": "DESTINATION_IP_ASN", "negate_option": false, "object_uuids": [ "00000000-0000-0000-0000-000000000002" @@ -2225,7 +2225,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "SOURCE_IP_ASN", + "field_name": "SOURCE_IP_ASN", "object_uuids": [ "00000000-0000-0000-0000-000000000001", "00000000-0000-0000-0000-000000000003", @@ -2235,7 +2235,7 @@ "condition_index": 0 }, { - "attribute_name": "DESTINATION_IP_ASN", + "field_name": "DESTINATION_IP_ASN", "negate_option": false, "object_uuids": [ "00000000-0000-0000-0000-000000000002" @@ -2257,7 +2257,7 @@ "negate_option": false, "or_conditions":[ { - "attribute_name": "SOURCE_IP_ASN", + "field_name": "SOURCE_IP_ASN", "object_uuids": [ "00000000-0000-0000-0000-000000000001", "00000000-0000-0000-0000-000000000003", @@ -2265,7 +2265,7 @@ ] }, { - "attribute_name": "SOURCE_IP_GEO", + "field_name": "SOURCE_IP_GEO", "object_uuids": [ "00000000-0000-0000-0000-000000000015" ] @@ -2273,7 +2273,7 @@ ] }, { - "attribute_name": "IP_CONFIG", + "field_name": "IP_CONFIG", "negate_option": false, "object_uuids": [ "00000000-0000-0000-0000-000000000012" @@ -2295,7 +2295,7 @@ "negate_option": true, "or_conditions": [ { - "attribute_name": "SOURCE_IP_ASN", + "field_name": "SOURCE_IP_ASN", "object_uuids": [ "00000000-0000-0000-0000-000000000001", "00000000-0000-0000-0000-000000000003", @@ -2303,7 +2303,7 @@ ] }, { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "object_uuids": [ "00000000-0000-0000-0000-000000000014" ] @@ -2311,7 +2311,7 @@ ] }, { - "attribute_name": "SOURCE_IP_GEO", + "field_name": "SOURCE_IP_GEO", "negate_option": false, "object_uuids": [ "00000000-0000-0000-0000-000000000015" @@ -2329,7 +2329,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "objects": [ { "object_name": "182_keywords_object", @@ -2360,7 +2360,7 @@ "service": 0, "and_conditions": [ { - "attribute_name": "IP_CONFIG", + "field_name": "IP_CONFIG", "objects": [ { "object_name": "184_IP_object", @@ -2385,14 +2385,14 @@ "action": 1, "do_blacklist": 1, "do_log": 1, - "action_parameter": "NOTLogic.SameAttributeInMultiCondition", + "action_parameter": "NOTLogic.SameFieldInMultiCondition", "is_valid": "yes", "and_conditions": [ { "negate_option": true, "or_conditions": [ { - "attribute_name": "DESTINATION_IP_ASN", + "field_name": "DESTINATION_IP_ASN", "object_uuids": [ "00000000-0000-0000-0000-000000000001", "00000000-0000-0000-0000-000000000003", @@ -2400,7 +2400,7 @@ ] }, { - "attribute_name": "SOURCE_IP_GEO", + "field_name": "SOURCE_IP_GEO", "object_uuids": [ "00000000-0000-0000-0000-000000000015" ] @@ -2408,7 +2408,7 @@ ] }, { - "attribute_name": "DESTINATION_IP_ASN", + "field_name": "DESTINATION_IP_ASN", "negate_option": true, "object_uuids": [ "00000000-0000-0000-0000-000000000005" @@ -2416,7 +2416,7 @@ "condition_index": 1 }, { - "attribute_name": "DESTINATION_IP_ASN", + "field_name": "DESTINATION_IP_ASN", "negate_option": false, "object_uuids": [ "00000000-0000-0000-0000-000000000006" @@ -2424,7 +2424,7 @@ "condition_index": 2 }, { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "negate_option": false, "object_uuids": [ "00000000-0000-0000-0000-000000000013" @@ -2443,7 +2443,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL_FILTER", + "field_name": "HTTP_URL_FILTER", "negate_option": true, "objects": [ { @@ -2463,7 +2463,7 @@ ] }, { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "negate_option": false, "objects": [ { @@ -2493,7 +2493,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL_FILTER", + "field_name": "HTTP_URL_FILTER", "negate_option": true, "objects": [ { @@ -2513,7 +2513,7 @@ ] }, { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "negate_option": false, "objects": [ { @@ -2543,7 +2543,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL_FILTER", + "field_name": "HTTP_URL_FILTER", "negate_option": true, "objects": [ { @@ -2563,7 +2563,7 @@ ] }, { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "negate_option": false, "objects": [ { @@ -2593,7 +2593,7 @@ "action_parameter": "StringScan.ShouldNotHitExprPlus", "and_conditions": [ { - "attribute_name": "APP_PAYLOAD", + "field_name": "APP_PAYLOAD", "objects": [ { "object_name": "189_app_object", @@ -2624,7 +2624,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "objects": [ { "object_name": "191_keywords_object", @@ -2654,7 +2654,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "FLAG_CONFIG", + "field_name": "FLAG_CONFIG", "objects": [ { "object_name": "192_flag_object", @@ -2684,7 +2684,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "FLAG_CONFIG", + "field_name": "FLAG_CONFIG", "objects": [ { "object_name": "193_flag_object", @@ -2703,7 +2703,7 @@ ] }, { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "193_url_object", @@ -2733,7 +2733,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "FLAG_CONFIG", + "field_name": "FLAG_CONFIG", "objects": [ { "object_name": "194_flag_object", @@ -2763,7 +2763,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "197_url_object", @@ -2795,7 +2795,7 @@ "and_conditions": [ { "o2r_table_name": "OBJECT2RULE_FIREWALL", - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "198_url_object", @@ -2825,7 +2825,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "object_name": "ExcludeLogicObject199", "object_uuids": [ "00000000-0000-0000-0000-000000000503" @@ -2843,7 +2843,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "object_uuids": [ "00000000-0000-0000-0000-000000000504" ] @@ -2860,7 +2860,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "ATTRIBUTE_IP_PLUS_TABLE", + "field_name": "FIELD_IP_PLUS_TABLE", "object_name": "ExcludeLogicObject202", "object_uuids": [ "00000000-0000-0000-0000-000000000505" @@ -2879,7 +2879,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "ATTRIBUTE_IP_PLUS_SOURCE", + "field_name": "FIELD_IP_PLUS_SOURCE", "objects": [ { "object_name": "ExcludeLogicObject203_1", @@ -2897,7 +2897,7 @@ ] }, { - "attribute_name": "ATTRIBUTE_IP_PLUS_DESTINATION", + "field_name": "FIELD_IP_PLUS_DESTINATION", "objects": [ { "object_name": "ExcludeLogicObject203_2", @@ -2915,7 +2915,7 @@ ] }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS", + "field_name": "HTTP_RESPONSE_KEYWORDS", "object_name": "ExcludeLogicObject203_3", "object_uuids": [ "00000000-0000-0000-0000-000000000506" @@ -2933,7 +2933,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "ATTRIBUTE_IP_PLUS_SOURCE", + "field_name": "FIELD_IP_PLUS_SOURCE", "objects": [ { "object_name": "ExcludeLogicObject204_1", @@ -2951,7 +2951,7 @@ ] }, { - "attribute_name": "ATTRIBUTE_IP_PLUS_DESTINATION", + "field_name": "FIELD_IP_PLUS_DESTINATION", "objects": [ { "object_name": "ExcludeLogicObject204_2", @@ -2969,7 +2969,7 @@ ] }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS", + "field_name": "HTTP_RESPONSE_KEYWORDS", "object_uuids": [ "00000000-0000-0000-0000-000000000508" ] @@ -2986,7 +2986,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "objects": [ { "object_name": "205_keywords_object", @@ -3016,7 +3016,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "objects": [ { "object_name": "206_keywords_object", @@ -3046,7 +3046,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "FLAG_CONFIG", + "field_name": "FLAG_CONFIG", "objects": [ { "object_name": "207_flag_object", @@ -3076,7 +3076,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "negate_option": false, "objects": [ { @@ -3106,7 +3106,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "objects": [ { "object_name": "210_IP_object", @@ -3135,7 +3135,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IP_PERF_CONFIG", + "field_name": "IP_PERF_CONFIG", "negate_option": false, "objects": [ { @@ -3165,7 +3165,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "INTEGER_PERF_CONFIG", + "field_name": "INTEGER_PERF_CONFIG", "objects": [ { "object_name": "212_interval_object", @@ -3194,7 +3194,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "EXPR_LITERAL_PERF_CONFIG", + "field_name": "EXPR_LITERAL_PERF_CONFIG", "objects": [ { "object_name": "213_expr_object", @@ -3224,7 +3224,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "FLAG_PERF_CONFIG", + "field_name": "FLAG_PERF_CONFIG", "objects": [ { "object_name": "214_flag_object", @@ -3254,7 +3254,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "EXPR_REGEX_PERF_CONFIG", + "field_name": "EXPR_REGEX_PERF_CONFIG", "objects": [ { "object_name": "215_expr_object", @@ -3284,7 +3284,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL_FILTER", + "field_name": "HTTP_URL_FILTER", "negate_option": false, "object_uuids": [ "00000000-0000-0000-0000-000000000504" @@ -3292,7 +3292,7 @@ "condition_index": 0 }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS", + "field_name": "HTTP_RESPONSE_KEYWORDS", "negate_option": true, "condition_index": 1, "objects": [ @@ -3324,7 +3324,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL_FILTER", + "field_name": "HTTP_URL_FILTER", "negate_option": true, "object_uuids": [ "00000000-0000-0000-0000-000000000509" @@ -3332,7 +3332,7 @@ "condition_index": 0 }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS", + "field_name": "HTTP_RESPONSE_KEYWORDS", "negate_option": false, "condition_index": 1, "objects": [ @@ -3364,7 +3364,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "CONTENT_SIZE", + "field_name": "CONTENT_SIZE", "objects": [ { "object_name": "218_interval_object", @@ -3393,7 +3393,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_DUMMY", + "field_name": "HTTP_DUMMY", "negate_option": false, "condition_index": 0, "objects": [ @@ -3414,7 +3414,7 @@ ] }, { - "attribute_name": "HTTP_DUMMY", + "field_name": "HTTP_DUMMY", "negate_option": true, "condition_index": 1, "objects": [ @@ -3435,7 +3435,7 @@ ] }, { - "attribute_name": "HTTP_DUMMY", + "field_name": "HTTP_DUMMY", "negate_option": true, "condition_index": 2, "objects": [ @@ -3456,7 +3456,7 @@ ] }, { - "attribute_name": "HTTP_DUMMY", + "field_name": "HTTP_DUMMY", "negate_option": true, "condition_index": 3, "objects": [ @@ -3477,7 +3477,7 @@ ] }, { - "attribute_name": "HTTP_DUMMY", + "field_name": "HTTP_DUMMY", "negate_option": true, "condition_index": 4, "objects": [ @@ -3498,7 +3498,7 @@ ] }, { - "attribute_name": "HTTP_DUMMY", + "field_name": "HTTP_DUMMY", "negate_option": true, "condition_index": 5, "objects": [ @@ -3519,7 +3519,7 @@ ] }, { - "attribute_name": "HTTP_DUMMY", + "field_name": "HTTP_DUMMY", "negate_option": true, "condition_index": 6, "objects": [ @@ -3540,7 +3540,7 @@ ] }, { - "attribute_name": "HTTP_DUMMY", + "field_name": "HTTP_DUMMY", "negate_option": true, "condition_index": 7, "objects": [ @@ -3572,7 +3572,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_DUMMY", + "field_name": "HTTP_DUMMY", "negate_option": false, "condition_index": 0, "objects": [ @@ -3593,7 +3593,7 @@ ] }, { - "attribute_name": "HTTP_DUMMY", + "field_name": "HTTP_DUMMY", "negate_option": true, "condition_index": 1, "objects": [ @@ -3614,7 +3614,7 @@ ] }, { - "attribute_name": "HTTP_DUMMY", + "field_name": "HTTP_DUMMY", "negate_option": true, "condition_index": 2, "objects": [ @@ -3646,7 +3646,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_NOT_LOGIC_1", + "field_name": "HTTP_NOT_LOGIC_1", "negate_option": true, "condition_index": 0, "objects": [ @@ -3678,7 +3678,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_NOT_LOGIC", + "field_name": "HTTP_NOT_LOGIC", "negate_option": true, "condition_index": 0, "objects": [ @@ -3699,7 +3699,7 @@ ] }, { - "attribute_name": "HTTP_NOT_LOGIC", + "field_name": "HTTP_NOT_LOGIC", "negate_option": true, "condition_index": 1, "objects": [ @@ -3720,7 +3720,7 @@ ] }, { - "attribute_name": "HTTP_NOT_LOGIC", + "field_name": "HTTP_NOT_LOGIC", "negate_option": true, "condition_index": 2, "objects": [ @@ -3752,7 +3752,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "negate_option": true, "condition_index": 0, "objects": [ @@ -3773,7 +3773,7 @@ ] }, { - "attribute_name": "HTTP_RESPONSE_KEYWORDS", + "field_name": "HTTP_RESPONSE_KEYWORDS", "negate_option": false, "condition_index": 1, "objects": [ @@ -3805,7 +3805,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "negate_option": false, "condition_index": 0, "objects": [ @@ -3837,7 +3837,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "object_name": "226_url_object", "object_uuids": [ "00000000-0000-0000-0000-000000000247" @@ -3856,7 +3856,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "object_name": "227_url_object", "object_uuids": [ "00000000-0000-0000-0000-000000000248" @@ -3874,7 +3874,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "negate_option": false, "condition_index": 1, "objects": [ @@ -3895,7 +3895,7 @@ ] }, { - "attribute_name": "ATTRIBUTE_IP_CONFIG", + "field_name": "FIELD_IP_CONFIG", "negate_option": true, "condition_index": 2, "objects": [ @@ -3926,7 +3926,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_URL", + "field_name": "HTTP_URL", "objects": [ { "object_name": "229_url_object", @@ -3956,7 +3956,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "objects": [ { "object_name": "230_IP_object", @@ -3986,7 +3986,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "objects": [ { "object_name": "231_IP_object", @@ -4016,7 +4016,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "IP_PLUS_CONFIG", + "field_name": "IP_PLUS_CONFIG", "objects": [ { "object_name": "232_IP_object", @@ -4046,7 +4046,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "HTTP_RESPONSE_KEYWORDS", + "field_name": "HTTP_RESPONSE_KEYWORDS", "object_name": "233_url_object", "object_uuids": [ "00000000-0000-0000-0000-000000000259" @@ -4064,7 +4064,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "negate_option": false, "condition_index": 0, "objects": [ @@ -4096,7 +4096,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "negate_option": false, "condition_index": 0, "objects": [ @@ -4128,7 +4128,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "objects": [ { "object_name": "236_keywords_object", @@ -4158,7 +4158,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "objects": [ { "object_name": "237_keywords_object", @@ -4212,7 +4212,7 @@ "is_valid": "yes", "and_conditions": [ { - "attribute_name": "KEYWORDS_TABLE", + "field_name": "KEYWORDS_TABLE", "objects": [ { "object_name": "238_keywords_object", diff --git a/test/table_info.json b/test/table_info.json index c038366..16efd66 100644 --- a/test/table_info.json +++ b/test/table_info.json @@ -68,7 +68,7 @@ "table_id":11, "table_name":"KEYWORDS_TABLE", "table_type":"expr", - "schema_tag": "{\"http_response_keywords\": \"attribute\"}" + "schema_tag": "{\"http_response_keywords\": \"field\"}" }, { "table_id":12, @@ -155,7 +155,7 @@ "table_id":24, "table_name":"IP_PLUS_CONFIG", "table_type":"ip", - "schema_tag": "{\"attribute_ip_plus_table\": \"attribute\"}" + "schema_tag": "{\"field_ip_plus_table\": \"field\"}" }, { "table_id":29, diff --git a/test/test_utils.cpp b/test/test_utils.cpp index 946935c..63cbb87 100644 --- a/test/test_utils.cpp +++ b/test/test_utils.cpp @@ -155,7 +155,7 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name, cJSON_AddItemToArray(object_uuids_array, cJSON_CreateString(and_conditions[i].or_conditions[j].object_uuids_str[k])); } cJSON_AddItemToObject(or_condition, "object_uuids", object_uuids_array); - cJSON_AddStringToObject(or_condition, "attribute_name", and_conditions[i].or_conditions[j].attribute_name); + cJSON_AddStringToObject(or_condition, "field_name", and_conditions[i].or_conditions[j].field_name); cJSON_AddItemToArray(or_conditions_array, or_condition); } diff --git a/test/test_utils.h b/test/test_utils.h index bf35708..1711fe5 100644 --- a/test/test_utils.h +++ b/test/test_utils.h @@ -8,7 +8,7 @@ struct maat_cmd_or_condition { const char *object_uuids_str[8]; int object_num; - const char *attribute_name; + const char *field_name; }; struct maat_cmd_and_condition {