diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 867e51e..4ed24b8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,7 +2,7 @@ variables: GIT_STRATEGY: "clone" BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux" BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/ - INSTALL_DEPENDENCY_LIBRARY: framework_env openssl-devel libasan libfieldstat4-devel libuuid + INSTALL_DEPENDENCY_LIBRARY: framework_env openssl-devel libasan libfieldstat4-devel libuuid-devel stages: - build diff --git a/src/maat_config_monitor.c b/src/maat_config_monitor.c index 27831af..0ebc24e 100644 --- a/src/maat_config_monitor.c +++ b/src/maat_config_monitor.c @@ -214,6 +214,72 @@ static void object_info_free(struct object_info *object_name_map) } } +static void convert_condition(struct object_info *object_name_map, cJSON *condition, cJSON *top_items, int *object_gen_id, int *item_gen_id) +{ + cJSON *object_uuid_array = cJSON_CreateArray(); + cJSON *object_name = cJSON_GetObjectItem(condition, "object_name"); + cJSON *object_uuid = cJSON_GetObjectItem(condition, "object_uuid"); + + if (object_name && object_uuid) { + object_info_add(object_name_map, object_name->valuestring, object_uuid->valuestring); + } + + if (object_uuid) { + cJSON_AddItemToArray(object_uuid_array, cJSON_CreateString(object_uuid->valuestring)); + } else if (object_name) { + struct object_info *object_info = object_info_find(object_name_map, object_name->valuestring); + if (object_info) { + cJSON_AddItemToArray(object_uuid_array, cJSON_CreateString(object_info->object_uuid)); + } + } + + cJSON *object_array = cJSON_GetObjectItem(condition, "objects"); + cJSON *tmp_object = NULL; + cJSON_ArrayForEach(tmp_object, object_array) {//convert objects in condition + //find items, generate item_id and object_id + cJSON *object_id_obj = cJSON_GetObjectItem(tmp_object, "uuid"); + cJSON *object_name_obj = cJSON_GetObjectItem(tmp_object, "object_name"); + cJSON *items = cJSON_GetObjectItem(tmp_object, "items"); + cJSON *item = NULL; + char obj_uuid_str[UUID_STR_LEN]; + memset(obj_uuid_str, 0, sizeof(obj_uuid_str)); + if (object_id_obj != NULL) { + snprintf(obj_uuid_str, sizeof(obj_uuid_str), "%s", object_id_obj->valuestring); + } else { + snprintf(obj_uuid_str, sizeof(obj_uuid_str), "00000000-0000-0000-0000-00000000%d", (*object_gen_id)++); + } + + if (object_name_obj) { + object_info_add(object_name_map, object_name_obj->valuestring, obj_uuid_str); + } + + cJSON_ArrayForEach(item, items) { + cJSON *table_name = cJSON_GetObjectItem(item, "table_name"); + cJSON *tmp_item = cJSON_CreateObject(); + cJSON_AddItemToObject(tmp_item, "table_name", cJSON_CreateString(table_name->valuestring)); + + cJSON *dup = cJSON_Duplicate(cJSON_GetObjectItem(item, "table_content"), 1); + + if (cJSON_GetObjectItem(dup, "uuid") == NULL) { + char uuid_str[UUID_STR_LEN]; + snprintf(uuid_str, sizeof(uuid_str), "00000000-0000-0000-0000-00000000%d", (*item_gen_id)++); + cJSON_AddStringToObject(dup, "uuid", uuid_str); + } + cJSON_AddStringToObject(dup, "object_uuid", obj_uuid_str); + + cJSON_AddItemToObject(tmp_item, "table_content", dup); + cJSON_AddItemToArray(top_items, tmp_item); + } + + cJSON_AddItemToArray(object_uuid_array, cJSON_CreateString(obj_uuid_str)); + } + //replace object content with object_id + cJSON_DeleteItemFromObject(condition, "objects"); + cJSON_AddItemToObject(condition, "object_uuids", object_uuid_array); + + return; +} + void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff) { *json_root = cJSON_Parse((const char *)json_buff); @@ -307,74 +373,29 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff) */ cJSON *tmp_rule = NULL; cJSON_ArrayForEach(tmp_rule, rules) { - cJSON *tmp_condition = NULL; - cJSON *condition_array = cJSON_GetObjectItem(tmp_rule, "conditions"); - cJSON_ArrayForEach(tmp_condition, condition_array) { - cJSON *tmp_object = NULL; - cJSON *object_uuid_array = cJSON_CreateArray(); + cJSON *tmp_and_condition = NULL; + cJSON *condition_array = cJSON_GetObjectItem(tmp_rule, "and_conditions"); + cJSON_ArrayForEach(tmp_and_condition, condition_array) { - cJSON *negate_option = cJSON_GetObjectItem(tmp_condition, "negate_option"); + cJSON *negate_option = cJSON_GetObjectItem(tmp_and_condition, "negate_option"); if (negate_option == NULL) { - cJSON_AddBoolToObject(tmp_condition, "negate_option", 0); + cJSON_AddBoolToObject(tmp_and_condition, "negate_option", 0); } - cJSON *object_name = cJSON_GetObjectItem(tmp_condition, "object_name"); - cJSON *object_uuid = cJSON_GetObjectItem(tmp_condition, "object_uuid"); - if (object_name && object_uuid) { - object_info_add(object_name_map, object_name->valuestring, object_uuid->valuestring); + cJSON *or_conditions = cJSON_GetObjectItem(tmp_and_condition, "or_conditions"); + if (or_conditions) { + cJSON *tmp_or_condition = NULL; + cJSON_ArrayForEach(tmp_or_condition, or_conditions) { + convert_condition(object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id); + } + } else { + cJSON *tmp_or_condition = cJSON_Duplicate(tmp_and_condition, 1); + convert_condition(object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id); + + or_conditions = cJSON_CreateArray(); + cJSON_AddItemToArray(or_conditions, tmp_or_condition); + cJSON_AddItemToObject(tmp_and_condition, "or_conditions", or_conditions); } - - if (object_uuid) { - cJSON_AddItemToArray(object_uuid_array, cJSON_CreateString(object_uuid->valuestring)); - } else if (object_name) { - struct object_info *object_info = object_info_find(object_name_map, object_name->valuestring); - if (object_info) { - cJSON_AddItemToArray(object_uuid_array, cJSON_CreateString(object_info->object_uuid)); - } - } - - cJSON *object_array = cJSON_GetObjectItem(tmp_condition, "objects"); - cJSON_ArrayForEach(tmp_object, object_array) {//convert objects in rule - //find items, generate item_id and object_id - cJSON *object_id_obj = cJSON_GetObjectItem(tmp_object, "uuid"); - cJSON *object_name_obj = cJSON_GetObjectItem(tmp_object, "object_name"); - cJSON *items = cJSON_GetObjectItem(tmp_object, "items"); - cJSON *item = NULL; - char obj_uuid_str[UUID_STR_LEN]; - memset(obj_uuid_str, 0, sizeof(obj_uuid_str)); - if (object_id_obj != NULL) { - snprintf(obj_uuid_str, sizeof(obj_uuid_str), "%s", object_id_obj->valuestring); - } else { - snprintf(obj_uuid_str, sizeof(obj_uuid_str), "00000000-0000-0000-0000-00000000%d", object_gen_id++); - } - - if (object_name_obj) { - object_info_add(object_name_map, object_name_obj->valuestring, obj_uuid_str); - } - - cJSON_ArrayForEach(item, items) { - cJSON *table_name = cJSON_GetObjectItem(item, "table_name"); - cJSON *tmp_item = cJSON_CreateObject(); - cJSON_AddItemToObject(tmp_item, "table_name", cJSON_CreateString(table_name->valuestring)); - - cJSON *dup = cJSON_Duplicate(cJSON_GetObjectItem(item, "table_content"), 1); - - if (cJSON_GetObjectItem(dup, "uuid") == NULL) { - char uuid_str[UUID_STR_LEN]; - snprintf(uuid_str, sizeof(uuid_str), "00000000-0000-0000-0000-00000000%d", item_gen_id++); - cJSON_AddStringToObject(dup, "uuid", uuid_str); - } - cJSON_AddStringToObject(dup, "object_uuid", obj_uuid_str); - - cJSON_AddItemToObject(tmp_item, "table_content", dup); - cJSON_AddItemToArray(top_items, tmp_item); - } - - cJSON_AddItemToArray(object_uuid_array, cJSON_CreateString(obj_uuid_str)); - } - //replace object content with object_id - cJSON_DeleteItemFromObject(tmp_condition, "objects"); - cJSON_AddItemToObject(tmp_condition, "object_uuids", object_uuid_array); } } diff --git a/src/maat_rule.c b/src/maat_rule.c index 92d6597..1108b1e 100644 --- a/src/maat_rule.c +++ b/src/maat_rule.c @@ -99,9 +99,7 @@ struct condition_literal { struct rule_condition { long long condition_id; - uuid_t object_uuids[MAX_OBJECT_CNT]; - int object_cnt; - char attribute_name[MAX_ATTR_NAME_LEN]; + UT_array *literals; char negate_option; // 1 byte char in_use; // 1 byte char pad[6]; // for 8 bytes alignment @@ -153,6 +151,7 @@ struct rule_compile_state { }; UT_icd ut_condition_id_icd = {sizeof(long long), NULL, NULL, NULL}; +UT_icd ut_condition_literal_icd = {sizeof(struct condition_literal), NULL, NULL, NULL}; UT_icd ut_rule_object_uuid_icd = {sizeof(uuid_t), NULL, NULL, NULL}; UT_icd ut_maat_hit_object_icd = {sizeof(struct maat_hit_object), NULL, NULL, NULL}; UT_icd ut_hit_path_icd = {sizeof(struct internal_hit_path), NULL, NULL, NULL}; @@ -181,6 +180,11 @@ static void maat_rule_free(struct maat_rule *rule) for (int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { condition = rule->conditions + i; + if (condition->literals != NULL) { + utarray_free(condition->literals); + condition->literals = NULL; + } + condition->in_use = 0; condition->condition_id = 0; } @@ -231,7 +235,7 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule struct maat_rule *rule = ALLOC(struct maat_rule, 1); struct log_handle *logger = rule_rt->logger; cJSON *tmp_obj = NULL; - cJSON *conditions = NULL; + cJSON *conditions_obj = NULL; cJSON *table_json = cJSON_Parse(table_line); int table_id = table_manager_get_table_id(schema->ref_tbl_mgr, table_name); @@ -247,19 +251,20 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule uuid_copy(rule->rule_uuid, rule_uuid); for(int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { + utarray_new(rule->conditions[i].literals, &ut_condition_literal_icd); rule->conditions[i].in_use = 0; rule->conditions[i].condition_id = 0; } - conditions = cJSON_GetObjectItem(table_json, "conditions"); - if (conditions == NULL || conditions->type != cJSON_Array) { + conditions_obj = cJSON_GetObjectItem(table_json, "and_conditions"); + if (conditions_obj == NULL || conditions_obj->type != cJSON_Array) { log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> has no conditions or not array format", + "[%s:%d] table: <%s> has no and_conditions or not array format", __FUNCTION__, __LINE__, table_name); goto error; } - rule->condition_num = cJSON_GetArraySize(conditions); + rule->condition_num = cJSON_GetArraySize(conditions_obj); if (rule->condition_num > MAX_ITEMS_PER_BOOL_EXPR) { log_fatal(logger, MODULE_RULE, "[%s:%d] table: <%s> condition_num:%d exceed maximum:%d", @@ -268,25 +273,9 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule } for (int i = 0; i < rule->condition_num; i++) { - cJSON *condition_obj = cJSON_GetArrayItem(conditions, i); + cJSON *condition_obj = cJSON_GetArrayItem(conditions_obj, i); struct rule_condition *condition = rule->conditions + i; - tmp_obj = cJSON_GetObjectItem(condition_obj, "attribute_name"); - if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { - log_fatal(rule_rt->logger, MODULE_RULE, - "[%s:%d] table: <%s> has no attribute_name or not string format", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - if (strlen(tmp_obj->valuestring) >= sizeof(condition->attribute_name)) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> attribute_name:%s length exceed maximum:%d", - __FUNCTION__, __LINE__, table_name, tmp_obj->valuestring, sizeof(condition->attribute_name)); - goto error; - } - snprintf(condition->attribute_name, sizeof(condition->attribute_name), "%s", tmp_obj->valuestring); - tmp_obj = cJSON_GetObjectItem(condition_obj, "negate_option"); if (tmp_obj) { if (tmp_obj->type == cJSON_True) { @@ -299,30 +288,55 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule __FUNCTION__, __LINE__, table_name, tmp_obj->valuestring); goto error; } - } - - if (condition->negate_option == CONDITION_NEGATE_OPTION_SET) { - int ret = validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, condition->attribute_name, MAAT_OP_ADD, logger); - if (ret < 0) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> validate negate_option failed, line: %s", - __FUNCTION__, __LINE__, table_name, table_line); - goto error; - } } - tmp_obj = cJSON_GetObjectItem(condition_obj, "object_uuids"); - if (tmp_obj && tmp_obj->type == cJSON_Array) { - int n_object_ids = cJSON_GetArraySize(tmp_obj); + cJSON *or_conditions_obj = cJSON_GetObjectItem(condition_obj, "or_conditions"); + cJSON *literal_obj = NULL; + cJSON_ArrayForEach(literal_obj, or_conditions_obj) { + struct condition_literal tmp_literal; + memset(&tmp_literal, 0, sizeof(tmp_literal)); - condition->object_cnt = n_object_ids; + tmp_obj = cJSON_GetObjectItem(literal_obj, "attribute_name"); + if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { + log_fatal(rule_rt->logger, MODULE_RULE, + "[%s:%d] table: <%s> has no attribute_name or not string format", + __FUNCTION__, __LINE__, table_name); + goto error; + } - for (int j = 0; j < n_object_ids; j++) { - cJSON *object_id_obj = cJSON_GetArrayItem(tmp_obj, j); - if (object_id_obj && object_id_obj->type == cJSON_String) { - uuid_parse(object_id_obj->valuestring, condition->object_uuids[j]); + if (strlen(tmp_obj->valuestring) >= sizeof(tmp_literal.attribute_name)) { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> attribute_name:%s length exceed maximum:%d", + __FUNCTION__, __LINE__, table_name, tmp_obj->valuestring, sizeof(tmp_literal.attribute_name)); + goto error; + } + snprintf(tmp_literal.attribute_name, sizeof(tmp_literal.attribute_name), "%s", tmp_obj->valuestring); + + if (condition->negate_option == CONDITION_NEGATE_OPTION_SET) { + int ret = validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, tmp_literal.attribute_name, MAAT_OP_ADD, logger); + if (ret < 0) { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> validate negate_option failed, line: %s", + __FUNCTION__, __LINE__, table_name, table_line); + goto error; } } + + tmp_obj = cJSON_GetObjectItem(literal_obj, "object_uuids"); + if (tmp_obj && tmp_obj->type == cJSON_Array) { + int n_object_ids = cJSON_GetArraySize(tmp_obj); + + tmp_literal.object_cnt = n_object_ids; + + for (int j = 0; j < n_object_ids; j++) { + cJSON *object_id_obj = cJSON_GetArrayItem(tmp_obj, j); + if (object_id_obj && object_id_obj->type == cJSON_String) { + uuid_parse(object_id_obj->valuestring, tmp_literal.object_uuids[j]); + } + } + } + + utarray_push_back(condition->literals, &tmp_literal); } condition->in_use = 1; @@ -676,32 +690,37 @@ build_condition_id_kv_hash(struct rule_runtime *rule_rt, int negate_option) } } - for (size_t k = 0; k < condition->object_cnt; k++) { - struct condition_query_key key; - struct condition_id_kv *condition_id_kv = NULL; + struct condition_literal *tmp_literal = NULL; + for (size_t j = 0; j < utarray_len(condition->literals); j++) { + tmp_literal = (struct condition_literal *)utarray_eltptr(condition->literals, j); - memset(&key, 0, sizeof(key)); + for (size_t k = 0; k < tmp_literal->object_cnt; k++) { + struct condition_query_key key; + struct condition_id_kv *condition_id_kv = NULL; - memcpy(key.attribute_name, condition->attribute_name, sizeof(key.attribute_name)); - key.negate_option = condition->negate_option; - uuid_copy(key.object_uuid, condition->object_uuids[k]); - - HASH_FIND(hh, condition_id_kv_hash, &key, sizeof(struct condition_query_key), - condition_id_kv); - if (NULL == condition_id_kv) { - condition_id_kv = ALLOC(struct condition_id_kv, 1); - condition_id_kv->key = key; - utarray_new(condition_id_kv->condition_ids, &ut_condition_id_icd); - HASH_ADD_KEYPTR(hh, condition_id_kv_hash, &condition_id_kv->key, - sizeof(condition_id_kv->key), condition_id_kv); + memset(&key, 0, sizeof(key)); + + memcpy(key.attribute_name, tmp_literal->attribute_name, sizeof(key.attribute_name)); + key.negate_option = condition->negate_option; + uuid_copy(key.object_uuid, tmp_literal->object_uuids[k]); + + HASH_FIND(hh, condition_id_kv_hash, &key, sizeof(struct condition_query_key), + condition_id_kv); + if (NULL == condition_id_kv) { + condition_id_kv = ALLOC(struct condition_id_kv, 1); + condition_id_kv->key = key; + utarray_new(condition_id_kv->condition_ids, &ut_condition_id_icd); + HASH_ADD_KEYPTR(hh, condition_id_kv_hash, &condition_id_kv->key, + sizeof(condition_id_kv->key), condition_id_kv); + } + + if (utarray_find(condition_id_kv->condition_ids, &(condition->condition_id), + compare_condition_id)) { + continue; + } + utarray_push_back(condition_id_kv->condition_ids, &(condition->condition_id)); + utarray_sort(condition_id_kv->condition_ids, compare_condition_id); } - - if (utarray_find(condition_id_kv->condition_ids, &(condition->condition_id), - compare_condition_id)) { - continue; - } - utarray_push_back(condition_id_kv->condition_ids, &(condition->condition_id)); - utarray_sort(condition_id_kv->condition_ids, compare_condition_id); } } } @@ -1001,20 +1020,24 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule, continue; } + struct condition_literal *tmp_literal = NULL; + for (size_t j = 0; j < utarray_len(condition->literals); j++) { + tmp_literal = (struct condition_literal *)utarray_eltptr(condition->literals, j); - if (strncmp(condition->attribute_name, key->attribute_name, sizeof(key->attribute_name)) != 0) { - continue; - } + if (strncmp(tmp_literal->attribute_name, key->attribute_name, sizeof(key->attribute_name)) != 0) { + continue; + } - if (condition->negate_option != key->negate_option) { - continue; - } + if (condition->negate_option != key->negate_option) { + continue; + } - uuid_t *tmp_object_uuid = bsearch(&(key->object_uuid), condition->object_uuids, - condition->object_cnt, sizeof(uuid_t), - compare_object_uuid); - if (tmp_object_uuid != NULL) { - return 1; + uuid_t *tmp_object_uuid = bsearch(&(key->object_uuid), tmp_literal->object_uuids, + tmp_literal->object_cnt, sizeof(uuid_t), + compare_object_uuid); + if (tmp_object_uuid != NULL) { + return 1; + } } } @@ -1035,16 +1058,21 @@ maat_rule_get_hit_condition_index(struct maat_rule *rule, continue; } + struct condition_literal *tmp_literal = NULL; + for (size_t j = 0; j < utarray_len(tmp_condition->literals); j++) { + tmp_literal = (struct condition_literal *)utarray_eltptr(tmp_condition->literals, j); + + if (strncmp(tmp_literal->attribute_name, attribute_name, sizeof(tmp_literal->attribute_name)) != 0) { + continue; + } - if (strncmp(tmp_condition->attribute_name, attribute_name, sizeof(tmp_condition->attribute_name)) != 0) { - continue; - } - - uuid_t *tmp_object_uuid = bsearch(hit_object_uuid, tmp_condition->object_uuids, - tmp_condition->object_cnt, sizeof(uuid_t), - compare_object_uuid); - if (tmp_object_uuid != NULL) { - condition_idx_array[hit_condition_cnt++] = i; + uuid_t *tmp_object_uuid = bsearch(hit_object_uuid, tmp_literal->object_uuids, + tmp_literal->object_cnt, sizeof(uuid_t), + compare_object_uuid); + if (tmp_object_uuid != NULL) { + condition_idx_array[hit_condition_cnt++] = i; + break; + } } } @@ -1457,7 +1485,10 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt, for (int i = 0; i < rule->condition_num; i++) { struct rule_condition *condition = rule->conditions + i; if (condition->in_use && condition->negate_option == CONDITION_NEGATE_OPTION_SET) { - validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, condition->attribute_name, MAAT_OP_DEL, logger); + for (size_t j = 0; j < utarray_len(condition->literals); j++) { + struct condition_literal *literal = (struct condition_literal *)utarray_eltptr(condition->literals, j); + validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, literal->attribute_name, MAAT_OP_DEL, logger); + } } } diff --git a/test/json_update/corrupted.json b/test/json_update/corrupted.json index 42c7966..dedd097 100644 --- a/test/json_update/corrupted.json +++ b/test/json_update/corrupted.json @@ -10,7 +10,7 @@ "do_log": 1, "user_region": "anything", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "object_name": "Untitled", "attribute_name": "HTTP_URL", diff --git a/test/json_update/new.json b/test/json_update/new.json index 268f24d..21d4581 100644 --- a/test/json_update/new.json +++ b/test/json_update/new.json @@ -10,7 +10,7 @@ "do_log": 1, "user_region": "anything", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ diff --git a/test/json_update/old.json b/test/json_update/old.json index d26485d..e228915 100644 --- a/test/json_update/old.json +++ b/test/json_update/old.json @@ -10,7 +10,7 @@ "do_log": 1, "user_region": "anything", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ diff --git a/test/maat_json.json b/test/maat_json.json index 2231a79..fa241a7 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -645,7 +645,7 @@ "do_log": 1, "action_parameter": "escaped\\bdata:have\\ba\\bspace\\band\\ba\\b\\&\\bsymbol.", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_CONFIG", "object_uuids": [ @@ -681,7 +681,7 @@ "do_log": 1, "action_parameter": "anything", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_CONFIG", "object_uuids": [ @@ -716,7 +716,7 @@ "do_log": 1, "action_parameter": "anything", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ @@ -746,7 +746,7 @@ "do_log": 1, "action_parameter": "anything", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ @@ -782,7 +782,7 @@ "do_log": 1, "action_parameter": "StringScan.ExprPlus", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_SIGNATURE", "objects": [ @@ -813,7 +813,7 @@ "do_log": 1, "action_parameter": "utf8_中文", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ @@ -843,7 +843,7 @@ "do_log": 1, "action_parameter": "utf8_维语", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "objects": [ @@ -873,7 +873,7 @@ "do_log": 1, "action_parameter": "utf8_维语2", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "objects": [ @@ -903,7 +903,7 @@ "do_log": 1, "action_parameter": "string\\bunescape", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "object_name": "TakeMeHome", @@ -919,7 +919,7 @@ "do_log": 1, "action_parameter": "13018_table_conjunction_test_part1\bnow_its_very_very_long0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ @@ -949,7 +949,7 @@ "do_log": 1, "action_parameter": "table_conjunction_test_part2", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ @@ -980,7 +980,7 @@ "effective_range":{}, "action_parameter": "offset_string", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IMAGE_FP", "objects": [ @@ -1011,7 +1011,7 @@ "effective_range":{}, "action_parameter": "offset_string", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IMAGE_FP", "objects": [ @@ -1042,7 +1042,7 @@ "effective_range": {"tag_sets":[[{"tag":"location","value":["北京/朝阳/华严北里","上海/浦东/陆家嘴"]},{"tag":"isp","value":["电信","联通"]}],[{"tag":"location","value":["北京"]},{"tag":"isp","value":["联通"]}]]}, "action_parameter": "Not\\baccepted\\btags", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ @@ -1073,7 +1073,7 @@ "effective_range": "{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}", "action_parameter": "Accepted\\btags", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ @@ -1103,7 +1103,7 @@ "do_log": 1, "action_parameter": "file_streams", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "objects": [ @@ -1134,7 +1134,7 @@ "action_parameter": "Something:I\\bhave\\ba\\bname,7799", "rule_table_name": "RULE_ALIAS", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "o2r_table_name": "OBJECT2RULE_ALIAS", "attribute_name": "HTTP_URL", @@ -1165,7 +1165,7 @@ "do_log": 1, "action_parameter": "StringScan.UTF8EncodedURL", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ @@ -1195,7 +1195,7 @@ "do_log": 1, "action_parameter": "NOTLogic.OneRegion", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL_FILTER", "negate_option": false, @@ -1246,7 +1246,7 @@ "do_log": 1, "action_parameter": "NOTLogic.ScanNotAtLast", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL_FILTER", "negate_option": false, @@ -1297,7 +1297,7 @@ "do_log": 1, "action_parameter": "NOTLogic.ScanNotIP", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "negate_option": false, @@ -1335,7 +1335,7 @@ "do_log": 1, "action_parameter": "NOTLogic.NotExprConditionAndNotIPCondition", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL_FILTER", "negate_option": false, @@ -1396,7 +1396,7 @@ "do_log": 1, "action_parameter": "NOTLogic.8NotCondition", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_RESPONSE_KEYWORDS_1", "negate_option": true, @@ -1575,7 +1575,7 @@ "do_log": 1, "action_parameter": "StringScan.Regex", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ @@ -1605,7 +1605,7 @@ "do_log": 0, "action_parameter": "StringScan.BugReport20190325", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "TROJAN_PAYLOAD", "objects": [ @@ -1654,7 +1654,7 @@ "do_log": 0, "action_parameter": "StringScan.PrefixAndSuffix", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "MAIL_ADDR", "objects": [ @@ -1684,7 +1684,7 @@ "do_log": 0, "action_parameter": "StringScan.PrefixAndSuffix", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "MAIL_ADDR", "object_uuids": [ @@ -1707,7 +1707,7 @@ "do_log": 0, "action_parameter": "Policy.SubObject", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "MAIL_ADDR", "negate_option": false, @@ -1732,7 +1732,7 @@ "do_log": 0, "action_parameter": "ipv4_plus", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_PLUS_CONFIG", "negate_option": false, @@ -1762,7 +1762,7 @@ "do_log": 0, "action_parameter": "ipv6_plus", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_PLUS_CONFIG", "negate_option": false, @@ -1792,7 +1792,7 @@ "do_log": 0, "action_parameter": "StringScan.StreamScanUTF8", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "TROJAN_PAYLOAD", "objects": [ @@ -1822,7 +1822,7 @@ "do_log": 0, "action_parameter": "IPScan.IPv4_CIDR", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_PLUS_CONFIG", "objects": [ @@ -1851,7 +1851,7 @@ "do_log": 0, "action_parameter": "IPScan.IPv6_CIDR", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_PLUS_CONFIG", "objects": [ @@ -1880,7 +1880,7 @@ "do_log": 0, "action_parameter": "AttributeWithOnePhysical", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_RESPONSE_KEYWORDS", "negate_option": false, @@ -1918,7 +1918,7 @@ "do_log": 0, "action_parameter": "OneObjectInTwoAttribute", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_REQUEST_HEADER", "negate_option": false, @@ -1943,7 +1943,7 @@ "do_log": 1, "action_parameter": "CharsetWindows1251", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "objects": [ @@ -1974,7 +1974,7 @@ "action_parameter": "EvaluationOrder", "is_valid": "yes", "evaluation_order": "2.111", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ @@ -2024,7 +2024,7 @@ "action_parameter": "EvaluationOrder", "is_valid": "yes", "evaluation_order": "100.233", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ @@ -2055,7 +2055,7 @@ "action_parameter": "EvaluationOrder", "is_valid": "yes", "evaluation_order": "300.999", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "condition_index": 1, @@ -2081,7 +2081,7 @@ "action_parameter": "EvaluationOrder", "is_valid": "yes", "evaluation_order": "0", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "object_uuids": [ @@ -2106,7 +2106,7 @@ "do_log": 0, "action_parameter": "IPScan.IPv4_Any", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_PLUS_CONFIG", "condition_index": 0, @@ -2137,7 +2137,7 @@ "do_log": 0, "action_parameter": "IPScan.IPv4_attribute_name.source", "is_valid": "no", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_PLUS_CONFIG", "negate_option": false, @@ -2167,7 +2167,7 @@ "do_log": 0, "action_parameter": "IPScan.IPv4_attribute_name.destination", "is_valid": "no", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_PLUS_CONFIG", "negate_option": false, @@ -2195,9 +2195,9 @@ "action": 1, "do_blacklist": 1, "do_log": 1, - "action_parameter": "NOTLogic.MulticonditionsInOneNotCondition", + "action_parameter": "NOTLogic.Multiand_conditionsInOneNotCondition", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "ASN_NOT_LOGIC", "negate_option": true, @@ -2226,7 +2226,7 @@ "do_log": 1, "action_parameter": "Hierarchy.MultiObjectInOneCondition", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "SOURCE_IP_ASN", "object_uuids": [ @@ -2255,24 +2255,25 @@ "do_log": 1, "action_parameter": "Hierarchy.MultiObjectInOneCondition", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { - "attribute_name": "SOURCE_IP_ASN", - "negate_option": false, - "object_uuids": [ - "00000000-0000-0000-0000-000000000001", - "00000000-0000-0000-0000-000000000003", - "00000000-0000-0000-0000-000000000004" - ], - "condition_index": 0 - }, - { - "attribute_name": "SOURCE_IP_GEO", - "negate_option": false, - "object_uuids": [ - "00000000-0000-0000-0000-000000000015" - ], - "condition_index": 0 + "negate_option": false, + "or_conditions":[ + { + "attribute_name": "SOURCE_IP_ASN", + "object_uuids": [ + "00000000-0000-0000-0000-000000000001", + "00000000-0000-0000-0000-000000000003", + "00000000-0000-0000-0000-000000000004" + ] + }, + { + "attribute_name": "SOURCE_IP_GEO", + "object_uuids": [ + "00000000-0000-0000-0000-000000000015" + ] + } + ] }, { "attribute_name": "IP_CONFIG", @@ -2292,32 +2293,33 @@ "do_log": 1, "action_parameter": "NOTLogic.MultiLiteralsInOneNotCondition", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { - "attribute_name": "SOURCE_IP_ASN", - "negate_option": true, - "object_uuids": [ - "00000000-0000-0000-0000-000000000001", - "00000000-0000-0000-0000-000000000003", - "00000000-0000-0000-0000-000000000004" - ], - "condition_index": 0 - }, - { - "attribute_name": "IP_PLUS_CONFIG", - "negate_option": true, - "object_uuids": [ - "00000000-0000-0000-0000-000000000014" - ], - "condition_index": 0 + "negate_option": true, + "or_conditions": [ + { + "attribute_name": "SOURCE_IP_ASN", + "object_uuids": [ + "00000000-0000-0000-0000-000000000001", + "00000000-0000-0000-0000-000000000003", + "00000000-0000-0000-0000-000000000004" + ] + }, + { + "attribute_name": "IP_PLUS_CONFIG", + "negate_option": true, + "object_uuids": [ + "00000000-0000-0000-0000-000000000014" + ] + } + ] }, { "attribute_name": "SOURCE_IP_GEO", "negate_option": false, "object_uuids": [ "00000000-0000-0000-0000-000000000015" - ], - "condition_index": 1 + ] } ] }, @@ -2329,7 +2331,7 @@ "do_log": 1, "action_parameter": "8-expr", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "objects": [ @@ -2360,7 +2362,7 @@ "do_log": 0, "action": 0, "service": 0, - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_CONFIG", "objects": [ @@ -2389,24 +2391,25 @@ "do_log": 1, "action_parameter": "NOTLogic.SameAttributeInMultiCondition", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { - "attribute_name": "DESTINATION_IP_ASN", - "negate_option": true, - "object_uuids": [ - "00000000-0000-0000-0000-000000000001", - "00000000-0000-0000-0000-000000000003", - "00000000-0000-0000-0000-000000000004" - ], - "condition_index": 0 - }, - { - "attribute_name": "SOURCE_IP_GEO", - "negate_option": true, - "object_uuids": [ - "00000000-0000-0000-0000-000000000015" - ], - "condition_index": 0 + "negate_option": true, + "or_conditions": [ + { + "attribute_name": "DESTINATION_IP_ASN", + "object_uuids": [ + "00000000-0000-0000-0000-000000000001", + "00000000-0000-0000-0000-000000000003", + "00000000-0000-0000-0000-000000000004" + ] + }, + { + "attribute_name": "SOURCE_IP_GEO", + "object_uuids": [ + "00000000-0000-0000-0000-000000000015" + ] + } + ] }, { "attribute_name": "DESTINATION_IP_ASN", @@ -2442,7 +2445,7 @@ "do_log": 1, "action_parameter": "NOTLogic.ScanHitAtLast", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL_FILTER", "negate_option": true, @@ -2492,7 +2495,7 @@ "do_log": 1, "action_parameter": "NOTLogic.ScanHitAtLast", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL_FILTER", "negate_option": true, @@ -2542,7 +2545,7 @@ "do_log": 1, "action_parameter": "NOTLogic.ScanHitAtLast", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL_FILTER", "negate_option": true, @@ -2592,7 +2595,7 @@ "service": 0, "do_blacklist": 0, "action_parameter": "StringScan.ShouldNotHitExprPlus", - "conditions": [ + "and_conditions": [ { "attribute_name": "APP_PAYLOAD", "objects": [ @@ -2623,7 +2626,7 @@ "do_log": 0, "action_parameter": "StringScan.HexBinCaseSensitive", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "objects": [ @@ -2653,7 +2656,7 @@ "do_log": 0, "action_parameter": "anything", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "FLAG_CONFIG", "objects": [ @@ -2683,7 +2686,7 @@ "do_log": 0, "action_parameter": "anything", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "FLAG_CONFIG", "objects": [ @@ -2732,7 +2735,7 @@ "do_log": 0, "action_parameter": "anything", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "FLAG_CONFIG", "objects": [ @@ -2762,7 +2765,7 @@ "do_log": 1, "action_parameter": "Something:I\\bhave\\ba\\bname,8866", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ @@ -2793,7 +2796,7 @@ "action_parameter": "Something:I have a name,7799", "rule_table_name": "RULE_FIREWALL_DEFAULT", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "o2r_table_name": "OBJECT2RULE_FIREWALL", "attribute_name": "HTTP_URL", @@ -2824,7 +2827,7 @@ "do_log": 1, "action_parameter": "ExcludeLogic.ScanNotAtLast", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "object_name": "ExcludeLogicObject199", @@ -2842,7 +2845,7 @@ "do_log": 1, "action_parameter": "ExcludeLogic.OneRegion", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "object_uuids": [ @@ -2859,7 +2862,7 @@ "do_log": 1, "action_parameter": "null", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "ATTRIBUTE_IP_PLUS_TABLE", "object_name": "ExcludeLogicObject202", @@ -2878,7 +2881,7 @@ "do_log": 1, "action_parameter": "null", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "ATTRIBUTE_IP_PLUS_SOURCE", "objects": [ @@ -2932,7 +2935,7 @@ "do_log": 1, "action_parameter": "null", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "ATTRIBUTE_IP_PLUS_SOURCE", "objects": [ @@ -2985,7 +2988,7 @@ "do_log": 0, "action_parameter": "StringScan.RegexExpressionIllegal", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "objects": [ @@ -3015,7 +3018,7 @@ "do_log": 0, "action_parameter": "duplicateRuleFor191", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "objects": [ @@ -3045,7 +3048,7 @@ "do_log": 0, "action_parameter": "duplicateRuleFor192", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "FLAG_CONFIG", "objects": [ @@ -3075,7 +3078,7 @@ "do_log": 0, "action_parameter": "duplicateRuleFor154", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_PLUS_CONFIG", "negate_option": false, @@ -3105,7 +3108,7 @@ "do_log": 0, "action_parameter": "ipv6_::", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_PLUS_CONFIG", "objects": [ @@ -3134,7 +3137,7 @@ "do_log": 0, "action_parameter": "ip_perf_test", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_PERF_CONFIG", "negate_option": false, @@ -3164,7 +3167,7 @@ "do_log": 1, "action_parameter": "integer_perf_test", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "INTEGER_PERF_CONFIG", "objects": [ @@ -3193,7 +3196,7 @@ "do_log": 1, "action_parameter": "expr_perf_test", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "EXPR_LITERAL_PERF_CONFIG", "objects": [ @@ -3223,7 +3226,7 @@ "do_log": 0, "action_parameter": "flag_perf_test", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "FLAG_PERF_CONFIG", "objects": [ @@ -3253,7 +3256,7 @@ "do_log": 1, "action_parameter": "expr_perf_test", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "EXPR_REGEX_PERF_CONFIG", "objects": [ @@ -3283,7 +3286,7 @@ "do_log": 0, "action_parameter": "NOTCondition&ExcludeObject", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL_FILTER", "negate_option": false, @@ -3323,7 +3326,7 @@ "do_log": 0, "action_parameter": "NOTCondition&ExcludeObject", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL_FILTER", "negate_option": true, @@ -3363,7 +3366,7 @@ "do_log": 1, "action_parameter": "anything", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "CONTENT_SIZE", "objects": [ @@ -3392,7 +3395,7 @@ "do_log": 1, "action_parameter": "anything", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_DUMMY", "negate_option": false, @@ -3571,7 +3574,7 @@ "do_log": 1, "action_parameter": "anything", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_DUMMY", "negate_option": false, @@ -3645,7 +3648,7 @@ "do_log": 0, "action_parameter": "NOTLogic.SingleNotCondition", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_NOT_LOGIC_1", "negate_option": true, @@ -3677,7 +3680,7 @@ "do_log": 0, "action_parameter": "NOTLogic.MultiNotCondition", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_NOT_LOGIC", "negate_option": true, @@ -3751,7 +3754,7 @@ "do_log": 0, "action_parameter": "NOTLogic.NotPhysicalTable", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "negate_option": true, @@ -3804,7 +3807,7 @@ "do_log": 0, "action_parameter": "Payload escape", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "negate_option": false, @@ -3836,7 +3839,7 @@ "do_log": 1, "action_parameter": "maat_scan_object", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "object_name": "226_url_object", @@ -3855,7 +3858,7 @@ "action_parameter": "maat_scan_object", "rule_table_name": "RULE_FIREWALL_DEFAULT", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "object_name": "227_url_object", @@ -3873,7 +3876,7 @@ "do_log": 1, "action_parameter": "NotConditionHitPath", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "negate_option": false, @@ -3925,7 +3928,7 @@ "do_log": 1, "action_parameter": "StringScan.Regex", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_URL", "objects": [ @@ -3955,7 +3958,7 @@ "do_log": 0, "action_parameter": "ipv6_::", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_PLUS_CONFIG", "objects": [ @@ -3985,7 +3988,7 @@ "do_log": 0, "action_parameter": "should_not_hit", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_PLUS_CONFIG", "objects": [ @@ -4015,7 +4018,7 @@ "do_log": 0, "action_parameter": "should_not_hit", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "IP_PLUS_CONFIG", "objects": [ @@ -4045,7 +4048,7 @@ "do_log": 1, "action_parameter": "maat_scan_object", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "HTTP_RESPONSE_KEYWORDS", "object_name": "233_url_object", @@ -4063,7 +4066,7 @@ "do_log": 0, "action_parameter": "Payload escape", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "negate_option": false, @@ -4095,7 +4098,7 @@ "do_log": 0, "action_parameter": "Payload escape", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "negate_option": false, @@ -4127,7 +4130,7 @@ "do_log": 0, "action_parameter": "StringScan.HexBinCombineString", "is_valid": "yes", - "conditions": [ + "and_conditions": [ { "attribute_name": "KEYWORDS_TABLE", "objects": [