diff --git a/include/maat.h b/include/maat.h index e149d8a..f6587d5 100644 --- a/include/maat.h +++ b/include/maat.h @@ -54,6 +54,11 @@ enum maat_update_type { MAAT_UPDATE_TYPE_INC }; +enum maat_list_type { + MAAT_LIST_TYPE_FULL = 1, + MAAT_LIST_TYPE_INC +}; + struct ip_addr { int ip_type; //4: IPv4, 6: IPv6 union { @@ -269,10 +274,20 @@ int maat_state_set_scan_compile_table(struct maat_state *state, int compile_tabl int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *paths, size_t n_path); +/** + * @brief get the total number of scans after maat_state_new +*/ size_t maat_state_get_scan_count(struct maat_state *state); -int maat_state_get_hit_groups(struct maat_state *state, struct maat_hit_group *groups, - size_t n_group); +/** + * @brief get hit groups(full or incremental) + * + * @param type: + * MAAT_LIST_TYPE_FULL => get all hit groups after maat_state_new + * MAAT_LIST_TYPE_INC => get hit groups for this scan +*/ +int maat_state_get_hit_groups(struct maat_state *state, enum maat_list_type type, + struct maat_hit_group *groups, size_t n_group); /* return hit object compile_id */ int maat_hit_group_compile_id(struct maat *instance, struct maat_hit_group *group); diff --git a/src/inc_internal/maat_compile.h b/src/inc_internal/maat_compile.h index 4887750..ca7d974 100644 --- a/src/inc_internal/maat_compile.h +++ b/src/inc_internal/maat_compile.h @@ -112,8 +112,10 @@ size_t maat_compile_state_get_internal_hit_paths(struct maat_compile_state *comp struct group2group_runtime *g2g_rt, struct maat_hit_path *hit_path_array, size_t array_size); + size_t maat_compile_state_get_hit_groups(struct maat_compile_state *compile_state, struct group2group_runtime *g2g_rt, + enum maat_list_type type, struct maat_hit_group *hit_group_array, size_t array_size); diff --git a/src/maat_api.c b/src/maat_api.c index 302e3f4..8efb2c5 100644 --- a/src/maat_api.c +++ b/src/maat_api.c @@ -1935,8 +1935,8 @@ size_t maat_state_get_scan_count(struct maat_state *state) return state->scan_cnt; } -int maat_state_get_hit_groups(struct maat_state *state, struct maat_hit_group *groups, - size_t n_group) +int maat_state_get_hit_groups(struct maat_state *state, enum maat_list_type type, + struct maat_hit_group *groups, size_t n_group) { if (NULL == state || NULL == groups || 0 == n_group) { return -1; @@ -1951,7 +1951,7 @@ int maat_state_get_hit_groups(struct maat_state *state, struct maat_hit_group *g return maat_compile_state_get_hit_groups(state->compile_state, (struct group2group_runtime *)g2g_runtime, - groups, n_group); + type, groups, n_group); } int maat_hit_group_compile_id(struct maat *instance, struct maat_hit_group *group) diff --git a/src/maat_compile.c b/src/maat_compile.c index 9a94007..4413dba 100644 --- a/src/maat_compile.c +++ b/src/maat_compile.c @@ -144,6 +144,7 @@ struct maat_compile_state { time_t compile_rt_version; UT_array *internal_hit_paths; + UT_array *internal_inc_hit_paths; UT_array *all_hit_clauses; UT_array *this_scan_hit_clauses; }; @@ -1358,6 +1359,7 @@ struct maat_compile_state *maat_compile_state_new(void) struct maat_compile_state *compile_state = ALLOC(struct maat_compile_state, 1); utarray_new(compile_state->internal_hit_paths, &ut_hit_path_icd); + utarray_new(compile_state->internal_inc_hit_paths, &ut_hit_path_icd); utarray_new(compile_state->all_hit_clauses, &ut_clause_id_icd); utarray_new(compile_state->this_scan_hit_clauses, &ut_clause_id_icd); @@ -1376,6 +1378,7 @@ void maat_compile_state_reset(struct maat_compile_state *compile_state) compile_state->not_clause_hit_flag = 0; utarray_clear(compile_state->internal_hit_paths); + utarray_clear(compile_state->internal_inc_hit_paths); utarray_clear(compile_state->all_hit_clauses); utarray_clear(compile_state->this_scan_hit_clauses); } @@ -1394,6 +1397,12 @@ void maat_compile_state_free(struct maat_compile_state *compile_state, compile_state->internal_hit_paths = NULL; } + if (compile_state->internal_inc_hit_paths != NULL) { + free_bytes += utarray_len(compile_state->internal_inc_hit_paths) * sizeof(struct maat_internal_hit_path); + utarray_free(compile_state->internal_inc_hit_paths); + compile_state->internal_inc_hit_paths = NULL; + } + if (compile_state->all_hit_clauses != NULL) { free_bytes += utarray_len(compile_state->all_hit_clauses) * sizeof(long long); utarray_free(compile_state->all_hit_clauses); @@ -1532,9 +1541,13 @@ static void maat_compile_state_update_hit_path(struct maat_compile_state *compil if (compile_state->Nth_scan != Nth_scan) { assert(compile_state->this_scan_hit_item_flag == 0); compile_state->Nth_scan = Nth_scan; + utarray_clear(compile_state->internal_inc_hit_paths); utarray_clear(compile_state->this_scan_hit_clauses); } + maat_compile_hit_path_add(compile_state->internal_inc_hit_paths, item_id, group_id, + vtable_id, Nth_scan, Nth_item_result); + maat_compile_hit_path_add(compile_state->internal_hit_paths, item_id, group_id, vtable_id, Nth_scan, Nth_item_result); @@ -2093,6 +2106,7 @@ void maat_compile_state_update(int vtable_id, struct maat_item *hit_items, size_t maat_compile_state_get_hit_groups(struct maat_compile_state *compile_state, struct group2group_runtime *g2g_rt, + enum maat_list_type type, struct maat_hit_group *hit_group_array, size_t array_size) { @@ -2103,10 +2117,18 @@ size_t maat_compile_state_get_hit_groups(struct maat_compile_state *compile_stat size_t i = 0; UT_array *all_hit_groups; utarray_new(all_hit_groups, &ut_hit_group_icd); - struct maat_internal_hit_path *internal_path = NULL; - for (i = 0; i < utarray_len(compile_state->internal_hit_paths); i++) { - internal_path = (struct maat_internal_hit_path *)utarray_eltptr(compile_state->internal_hit_paths, i); + struct maat_internal_hit_path *internal_path = NULL; + UT_array *tmp_hit_path = NULL; + + if (type == MAAT_LIST_TYPE_FULL) { + tmp_hit_path = compile_state->internal_hit_paths; + } else if (type == MAAT_LIST_TYPE_INC) { + tmp_hit_path = compile_state->internal_inc_hit_paths; + } + + for (i = 0; i < utarray_len(tmp_hit_path); i++) { + internal_path = (struct maat_internal_hit_path *)utarray_eltptr(tmp_hit_path, i); long long super_group_ids[MAX_SCANNER_HIT_GROUP_NUM]; size_t super_group_cnt = group2group_runtime_get_super_groups(g2g_rt, &(internal_path->group_id), 1, diff --git a/test/maat_demo/include/maat.h b/test/maat_demo/include/maat.h index e149d8a..0b00074 100644 --- a/test/maat_demo/include/maat.h +++ b/test/maat_demo/include/maat.h @@ -54,6 +54,11 @@ enum maat_update_type { MAAT_UPDATE_TYPE_INC }; +enum maat_list_type { + MAAT_LIST_TYPE_FULL = 1, + MAAT_LIST_TYPE_INC +}; + struct ip_addr { int ip_type; //4: IPv4, 6: IPv6 union { @@ -271,8 +276,8 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat size_t maat_state_get_scan_count(struct maat_state *state); -int maat_state_get_hit_groups(struct maat_state *state, struct maat_hit_group *groups, - size_t n_group); +int maat_state_get_hit_groups(struct maat_state *state, enum maat_list_type type, + struct maat_hit_group *groups, size_t n_group); /* return hit object compile_id */ int maat_hit_group_compile_id(struct maat *instance, struct maat_hit_group *group); diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index 3dfcd9e..fa36c0a 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -5510,7 +5510,15 @@ TEST_F(MaatCmdTest, HitPath) { struct maat_hit_group hit_groups[128]; memset(hit_groups, 0, sizeof(hit_groups)); - int n_hit_group = maat_state_get_hit_groups(state, hit_groups, sizeof(hit_groups)); + int n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_FULL, hit_groups, sizeof(hit_groups)); + EXPECT_EQ(n_hit_group, 2); + EXPECT_EQ(hit_groups[0].group_id, group1_id); + EXPECT_EQ(hit_groups[0].vtable_id, http_req_table_id); + EXPECT_EQ(hit_groups[1].group_id, group11_id); + EXPECT_EQ(hit_groups[1].vtable_id, http_req_table_id); + + memset(hit_groups, 0, sizeof(hit_groups)); + n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_INC, hit_groups, sizeof(hit_groups)); EXPECT_EQ(n_hit_group, 2); EXPECT_EQ(hit_groups[0].group_id, group1_id); EXPECT_EQ(hit_groups[0].vtable_id, http_req_table_id); @@ -5553,7 +5561,7 @@ TEST_F(MaatCmdTest, HitPath) { scan_count = maat_state_get_scan_count(state); EXPECT_EQ(scan_count, 2); - n_hit_group = maat_state_get_hit_groups(state, hit_groups, sizeof(hit_groups)); + n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_FULL, hit_groups, sizeof(hit_groups)); EXPECT_EQ(n_hit_group, 4); EXPECT_EQ(hit_groups[0].group_id, group1_id); EXPECT_EQ(hit_groups[0].vtable_id, http_req_table_id); @@ -5564,6 +5572,14 @@ TEST_F(MaatCmdTest, HitPath) { EXPECT_EQ(hit_groups[3].group_id, group11_id); EXPECT_EQ(hit_groups[3].vtable_id, http_req_table_id); + memset(hit_groups, 0, sizeof(hit_groups)); + n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_INC, hit_groups, sizeof(hit_groups)); + EXPECT_EQ(n_hit_group, 2); + EXPECT_EQ(hit_groups[0].group_id, group21_id); + EXPECT_EQ(hit_groups[0].vtable_id, http_res_table_id); + EXPECT_EQ(hit_groups[1].group_id, group2_id); + EXPECT_EQ(hit_groups[1].vtable_id, http_res_table_id); + n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path)); EXPECT_EQ(n_read, 4); @@ -5617,7 +5633,7 @@ that the edges be all directed in the same direction."; scan_count = maat_state_get_scan_count(state); EXPECT_EQ(scan_count, 3); - n_hit_group = maat_state_get_hit_groups(state, hit_groups, sizeof(hit_groups)); + n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_FULL, hit_groups, sizeof(hit_groups)); EXPECT_EQ(n_hit_group, 5); EXPECT_EQ(hit_groups[0].group_id, group1_id); EXPECT_EQ(hit_groups[0].vtable_id, http_req_table_id); @@ -5630,6 +5646,12 @@ that the edges be all directed in the same direction."; EXPECT_EQ(hit_groups[4].group_id, group4_id); EXPECT_EQ(hit_groups[4].vtable_id, 0); //physical table(keywords_table) vtable_id is 0 + memset(hit_groups, 0, sizeof(hit_groups)); + n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_INC, hit_groups, sizeof(hit_groups)); + EXPECT_EQ(n_hit_group, 1); + EXPECT_EQ(hit_groups[0].group_id, group4_id); + EXPECT_EQ(hit_groups[0].vtable_id, 0); //physical table(keywords_table) vtable_id is 0 + n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path)); EXPECT_EQ(n_read, 5); @@ -5655,7 +5677,7 @@ that the edges be all directed in the same direction."; scan_count = maat_state_get_scan_count(state); EXPECT_EQ(scan_count, 4); - n_hit_group = maat_state_get_hit_groups(state, hit_groups, sizeof(hit_groups)); + n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_FULL, hit_groups, sizeof(hit_groups)); EXPECT_EQ(n_hit_group, 6); EXPECT_EQ(hit_groups[0].group_id, group1_id); EXPECT_EQ(hit_groups[0].vtable_id, http_req_table_id); @@ -5670,6 +5692,12 @@ that the edges be all directed in the same direction."; EXPECT_EQ(hit_groups[5].group_id, group4_id); EXPECT_EQ(hit_groups[5].vtable_id, 0); //physical table(keywords_table) vtable_id is 0 + memset(hit_groups, 0, sizeof(hit_groups)); + n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_INC, hit_groups, sizeof(hit_groups)); + EXPECT_EQ(n_hit_group, 1); + EXPECT_EQ(hit_groups[0].group_id, group3_id); + EXPECT_EQ(hit_groups[0].vtable_id, 0); //physical table(keywords_table) vtable_id is 0 + n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path)); EXPECT_EQ(n_read, 6);