gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修复bug:一个分组以虚拟表多次出现在编译配置内,错误的判断为分组重复。

Browse Source
This commit is contained in:
zhengchao
2019-11-26 14:40:03 +08:00
parent 2f10504d64
commit 5f06db9558
4 changed files with 221 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
test/maat_json.json
View File

@@ -196,7 +196,7 @@
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_REGION",
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "HTTP\\bURL",
@@ -1027,7 +1027,7 @@
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_REGION",
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "Content-Type",
@@ -1150,7 +1150,7 @@
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "Virtual",
"user_region": "VirtualWithPhysical",
"is_valid": "yes",
"groups": [
{
@@ -1174,6 +1174,107 @@
]
}
]
},
{
"compile_id": 161,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "virtual_table_test_temp",
"is_valid": "yes",
"groups": [
{
"group_name":"vt_grp_http_sig1",
"not_flag":0,
"regions": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "User-Agent",
"keywords": "Chrome/78.0.3904.108",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
},
{
"group_name":"vt_grp_http_sig2",
"not_flag":0,
"regions": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "Cookie",
"keywords": "uid=12345678",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
},
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr_plus",
"table_content": {
"district": "Cookie",
"keywords": "sessionid=888888",
"expr_type": "none",
"match_method": "sub",
"format": "uncase plain"
}
}
]
}
]
},
{
"compile_id": 162,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "VirtualWithVirtual",
"is_valid": "yes",
"groups": [
{
"group_name":"vt_grp_http_sig1",
"virtual_table":"HTTP_REQUEST_HEADER",
"not_flag":0
},
{
"group_name":"vt_grp_http_sig2",
"virtual_table":"HTTP_RESPONSE_HEADER",
"not_flag":0
}
]
},
{
"compile_id": 163,
"service": 0,
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"effective_rage": 0,
"user_region": "OneGroupInTwoVirtual",
"is_valid": "yes",
"groups": [
{
"group_name":"vt_grp_http_sig2",
"virtual_table":"HTTP_REQUEST_HEADER",
"not_flag":0
},
{
"group_name":"vt_grp_http_sig2",
"virtual_table":"HTTP_RESPONSE_HEADER",
"not_flag":0
}
]
}
],
"plugin_table": [

6
test/table_info.conf
View File

@@ -27,7 +27,7 @@
5 CONTENT_SIZE intval --
6 QD_ENTRY_INFO plugin 4 --
7 FILE_DIGEST digest --
8 HTTP_REGION expr_plus GBK GBK yes 0
8 HTTP_SIGNATURE expr_plus GBK GBK yes 0
9 SIM_URL similar --
10 IMAGE_FP expr UTF8 UTF8 yes 128 quickoff
11 TEST_EFFECTIVE_RANGE_TABLE plugin {"valid":4,"tag":5} --
@@ -39,4 +39,6 @@
17 TROJAN_PAYLOAD expr UTF8 UTF8 yes 0 quickoff
18 MAIL_ADDR expr UTF8 UTF8 yes 0 quickoff
19 IP_PLUS_CONFIG ip_plus --
20 HTTP_RESPONSE_KEYWORDS virtual KEYWORDS_TABLE --
20 HTTP_RESPONSE_KEYWORDS virtual KEYWORDS_TABLE --
21 HTTP_REQUEST_HEADER virtual HTTP_SIGNATURE --
22 HTTP_RESPONSE_HEADER virtual HTTP_SIGNATURE --

87
test/test_maatframe.cpp
View File

@@ -357,7 +357,7 @@ TEST(StringScan, ExprPlus)
int found_pos[4];
const char* region_name="HTTP URL";
const char* scan_data="http://www.cyberessays.com/search_results.php?action=search&query=abckkk,1234567";
table_id=Maat_table_register(g_feather, "HTTP_REGION");
table_id=Maat_table_register(g_feather, "HTTP_SIGNATURE");
ASSERT_GT(table_id, 0);
scan_status_t mid=NULL;
ret=Maat_full_scan_string(g_feather, table_id, CHARSET_GBK, scan_data, strlen(scan_data),
@@ -437,7 +437,7 @@ TEST(StringScan, ExprPlusWithHex)
const char* scan_data="text/html; charset=UTF-8";
const char* region_name="Content-Type";
int found_pos[4];
table_id=Maat_table_register(g_feather, "HTTP_REGION");
table_id=Maat_table_register(g_feather, "HTTP_SIGNATURE");
ASSERT_GT(table_id, 0);
scan_status_t mid=NULL;
ret=Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_DISTRICT, region_name, strlen(region_name));
@@ -1462,9 +1462,9 @@ TEST(ScanResult, LongerServiceDefine)
free(buff);
return;
}
TEST(VirtualTable, Test1)
TEST(VirtualTable, VirtualWithPhysical)
{
#define TestVirtualTable
#define TestVirtualTable1
int ret=0, table_id=0;
const char* http_content="Batman\\:Take me Home.Superman/:Fine,stay with me.";
const char* http_url="https://blog.csdn.net/littlefang/article/details/8213058";
@@ -1502,6 +1502,85 @@ TEST(VirtualTable, Test1)
return;
}
TEST(VirtualTable, VirtualWithVirtual)
{
#define TestVirtualTable2
int ret=0, table_id=0;
const char* http_req_hdr_ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36";
const char* http_resp_hdr_cookie="uid=12345678;BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; sugstore=1;";
struct Maat_rule_t result[4];
memset(result, 0, sizeof(result));
scan_status_t mid=NULL;
table_id=Maat_table_register(g_feather, "HTTP_REQUEST_HEADER");
ASSERT_GT(table_id, 0);
ret=Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_DISTRICT, "User-Agent", strlen("User-Agent"));
ASSERT_EQ(ret, 0);
ret=Maat_full_scan_string(g_feather, table_id, CHARSET_GBK, http_req_hdr_ua, strlen(http_req_hdr_ua),
result, NULL, 4, &mid, 0);
EXPECT_EQ(ret, -2);
table_id=Maat_table_register(g_feather, "HTTP_RESPONSE_HEADER");
ASSERT_GT(table_id, 0);
ret=Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_DISTRICT, "Cookie", strlen("Cookie"));
ASSERT_EQ(ret, 0);
ret=Maat_full_scan_string(g_feather, table_id, CHARSET_GBK, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie),
result, NULL, 4, &mid, 0);
EXPECT_EQ(ret, 1);
EXPECT_EQ(result[0].config_id, 162);
Maat_clean_status(&mid);
return;
}
TEST(VirtualTable, OneGroupInTwoVirtual)
{
#define TestVirtualTable3
int ret=0, table_id=0;
const char* http_resp_hdr_cookie="sessionid=888888;BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; sugstore=1;";
struct Maat_rule_t result[4];
memset(result, 0, sizeof(result));
scan_status_t mid=NULL;
table_id=Maat_table_register(g_feather, "HTTP_REQUEST_HEADER");
ASSERT_GT(table_id, 0);
ret=Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_DISTRICT, "Cookie", strlen("Cookie"));
ASSERT_EQ(ret, 0);
ret=Maat_full_scan_string(g_feather, table_id, CHARSET_GBK, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie),
result, NULL, 4, &mid, 0);
EXPECT_EQ(ret, -2);
table_id=Maat_table_register(g_feather, "HTTP_RESPONSE_HEADER");
ASSERT_GT(table_id, 0);
ret=Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_DISTRICT, "Cookie", strlen("Cookie"));
ASSERT_EQ(ret, 0);
ret=Maat_full_scan_string(g_feather, table_id, CHARSET_GBK, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie),
result, NULL, 4, &mid, 0);
EXPECT_EQ(ret, 1);
EXPECT_EQ(result[0].config_id, 163);
Maat_clean_status(&mid);
return;
}
class MaatFileTest : public testing::Test