[PATCH]add get_hit_groups inc/full API

2023-07-11 11:30:57 +08:00
parent f8a0b406fa
commit 6911420ebf
6 changed files with 86 additions and 14 deletions
--- a/include/maat.h
+++ b/include/maat.h
@@ -54,6 +54,11 @@ enum maat_update_type {
    MAAT_UPDATE_TYPE_INC
 };

+enum maat_list_type {
+    MAAT_LIST_TYPE_FULL = 1,
+    MAAT_LIST_TYPE_INC
+};
+
 struct ip_addr {
    int ip_type;             //4: IPv4, 6: IPv6
    union {
@@ -269,10 +274,20 @@ int maat_state_set_scan_compile_table(struct maat_state *state, int compile_tabl
 int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *paths, 
                             size_t n_path);
                             
+/**
+ * @brief get the total number of scans after maat_state_new
+*/
 size_t maat_state_get_scan_count(struct maat_state *state);

-int maat_state_get_hit_groups(struct maat_state *state, struct maat_hit_group *groups, 
-                              size_t n_group);
+/**
+ * @brief get hit groups(full or incremental)
+ * 
+ * @param type: 
+ *          MAAT_LIST_TYPE_FULL => get all hit groups after maat_state_new
+ *          MAAT_LIST_TYPE_INC  => get hit groups for this scan
+*/
+int maat_state_get_hit_groups(struct maat_state *state, enum maat_list_type type,
+                              struct maat_hit_group *groups, size_t n_group);

 /* return hit object compile_id */
 int maat_hit_group_compile_id(struct maat *instance, struct maat_hit_group *group);
--- a/src/inc_internal/maat_compile.h
+++ b/src/inc_internal/maat_compile.h
@@ -112,8 +112,10 @@ size_t maat_compile_state_get_internal_hit_paths(struct maat_compile_state *comp
                                                 struct group2group_runtime *g2g_rt,
                                                 struct maat_hit_path *hit_path_array, 
                                                 size_t array_size);
+
 size_t maat_compile_state_get_hit_groups(struct maat_compile_state *compile_state,
                                         struct group2group_runtime *g2g_rt,
+                                         enum maat_list_type type,
                                         struct maat_hit_group *hit_group_array,
                                         size_t array_size);

--- a/src/maat_api.c
+++ b/src/maat_api.c
@@ -1935,8 +1935,8 @@ size_t maat_state_get_scan_count(struct maat_state *state)
    return state->scan_cnt;
 }

-int maat_state_get_hit_groups(struct maat_state *state, struct maat_hit_group *groups, 
-                              size_t n_group)
+int maat_state_get_hit_groups(struct maat_state *state, enum maat_list_type type,
+                              struct maat_hit_group *groups, size_t n_group)
 {
    if (NULL == state || NULL == groups || 0 == n_group) {
        return -1;
@@ -1951,7 +1951,7 @@ int maat_state_get_hit_groups(struct maat_state *state, struct maat_hit_group *g

    return maat_compile_state_get_hit_groups(state->compile_state,
                                             (struct group2group_runtime *)g2g_runtime,
-                                             groups, n_group);
+                                             type, groups, n_group);
 }

 int maat_hit_group_compile_id(struct maat *instance, struct maat_hit_group *group)
--- a/src/maat_compile.c
+++ b/src/maat_compile.c
@@ -144,6 +144,7 @@ struct maat_compile_state {
    time_t compile_rt_version;

 	UT_array *internal_hit_paths;
+    UT_array *internal_inc_hit_paths;
 	UT_array *all_hit_clauses;
 	UT_array *this_scan_hit_clauses;
 };
@@ -1358,6 +1359,7 @@ struct maat_compile_state *maat_compile_state_new(void)
    struct maat_compile_state *compile_state = ALLOC(struct maat_compile_state, 1);

 	utarray_new(compile_state->internal_hit_paths, &ut_hit_path_icd);
+    utarray_new(compile_state->internal_inc_hit_paths, &ut_hit_path_icd);
 	utarray_new(compile_state->all_hit_clauses, &ut_clause_id_icd);
 	utarray_new(compile_state->this_scan_hit_clauses, &ut_clause_id_icd);

@@ -1376,6 +1378,7 @@ void maat_compile_state_reset(struct maat_compile_state *compile_state)
    compile_state->not_clause_hit_flag = 0;

    utarray_clear(compile_state->internal_hit_paths);
+    utarray_clear(compile_state->internal_inc_hit_paths);
    utarray_clear(compile_state->all_hit_clauses);
    utarray_clear(compile_state->this_scan_hit_clauses);
 }
@@ -1394,6 +1397,12 @@ void maat_compile_state_free(struct maat_compile_state *compile_state,
        compile_state->internal_hit_paths = NULL;
    }
    
+    if (compile_state->internal_inc_hit_paths != NULL) {
+        free_bytes += utarray_len(compile_state->internal_inc_hit_paths) * sizeof(struct maat_internal_hit_path);
+        utarray_free(compile_state->internal_inc_hit_paths);
+        compile_state->internal_inc_hit_paths = NULL;
+    }
+
    if (compile_state->all_hit_clauses != NULL) {
        free_bytes += utarray_len(compile_state->all_hit_clauses) * sizeof(long long);
        utarray_free(compile_state->all_hit_clauses);
@@ -1532,9 +1541,13 @@ static void maat_compile_state_update_hit_path(struct maat_compile_state *compil
 	if (compile_state->Nth_scan != Nth_scan) {
 		assert(compile_state->this_scan_hit_item_flag == 0);
 		compile_state->Nth_scan = Nth_scan;
+        utarray_clear(compile_state->internal_inc_hit_paths);
 		utarray_clear(compile_state->this_scan_hit_clauses);
 	}

+    maat_compile_hit_path_add(compile_state->internal_inc_hit_paths, item_id, group_id,
+                              vtable_id, Nth_scan, Nth_item_result);
+
    maat_compile_hit_path_add(compile_state->internal_hit_paths, item_id, group_id, 
                              vtable_id, Nth_scan, Nth_item_result);

@@ -2093,6 +2106,7 @@ void maat_compile_state_update(int vtable_id, struct maat_item *hit_items,

 size_t maat_compile_state_get_hit_groups(struct maat_compile_state *compile_state,
                                         struct group2group_runtime *g2g_rt,
+                                         enum maat_list_type type,
                                         struct maat_hit_group *hit_group_array,
                                         size_t array_size)
 {
@@ -2103,10 +2117,18 @@ size_t maat_compile_state_get_hit_groups(struct maat_compile_state *compile_stat
    size_t i = 0;
    UT_array *all_hit_groups;
    utarray_new(all_hit_groups, &ut_hit_group_icd);
-    struct maat_internal_hit_path *internal_path = NULL;

-    for (i = 0; i < utarray_len(compile_state->internal_hit_paths); i++) {
-        internal_path = (struct maat_internal_hit_path *)utarray_eltptr(compile_state->internal_hit_paths, i);
+    struct maat_internal_hit_path *internal_path = NULL;
+    UT_array *tmp_hit_path = NULL;
+    
+    if (type == MAAT_LIST_TYPE_FULL) {
+        tmp_hit_path = compile_state->internal_hit_paths;
+    } else if (type == MAAT_LIST_TYPE_INC) {
+        tmp_hit_path = compile_state->internal_inc_hit_paths;
+    }
+
+    for (i = 0; i < utarray_len(tmp_hit_path); i++) {
+        internal_path = (struct maat_internal_hit_path *)utarray_eltptr(tmp_hit_path, i);

        long long super_group_ids[MAX_SCANNER_HIT_GROUP_NUM];
        size_t super_group_cnt = group2group_runtime_get_super_groups(g2g_rt, &(internal_path->group_id), 1,
--- a/test/maat_demo/include/maat.h
+++ b/test/maat_demo/include/maat.h
@@ -54,6 +54,11 @@ enum maat_update_type {
    MAAT_UPDATE_TYPE_INC
 };

+enum maat_list_type {
+    MAAT_LIST_TYPE_FULL = 1,
+    MAAT_LIST_TYPE_INC
+};
+
 struct ip_addr {
    int ip_type;             //4: IPv4, 6: IPv6
    union {
@@ -271,8 +276,8 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
                             
 size_t maat_state_get_scan_count(struct maat_state *state);

-int maat_state_get_hit_groups(struct maat_state *state, struct maat_hit_group *groups, 
-                              size_t n_group);
+int maat_state_get_hit_groups(struct maat_state *state, enum maat_list_type type,
+                              struct maat_hit_group *groups, size_t n_group);

 /* return hit object compile_id */
 int maat_hit_group_compile_id(struct maat *instance, struct maat_hit_group *group);
--- a/test/maat_framework_gtest.cpp
+++ b/test/maat_framework_gtest.cpp
@@ -5510,7 +5510,15 @@ TEST_F(MaatCmdTest, HitPath) {

    struct maat_hit_group hit_groups[128];
    memset(hit_groups, 0, sizeof(hit_groups));
-    int n_hit_group = maat_state_get_hit_groups(state, hit_groups, sizeof(hit_groups));
+    int n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_FULL, hit_groups, sizeof(hit_groups));
+    EXPECT_EQ(n_hit_group, 2);
+    EXPECT_EQ(hit_groups[0].group_id, group1_id);
+    EXPECT_EQ(hit_groups[0].vtable_id, http_req_table_id);
+    EXPECT_EQ(hit_groups[1].group_id, group11_id);
+    EXPECT_EQ(hit_groups[1].vtable_id, http_req_table_id);
+
+    memset(hit_groups, 0, sizeof(hit_groups));
+    n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_INC, hit_groups, sizeof(hit_groups));
    EXPECT_EQ(n_hit_group, 2);
    EXPECT_EQ(hit_groups[0].group_id, group1_id);
    EXPECT_EQ(hit_groups[0].vtable_id, http_req_table_id);
@@ -5553,7 +5561,7 @@ TEST_F(MaatCmdTest, HitPath) {
    scan_count = maat_state_get_scan_count(state);
    EXPECT_EQ(scan_count, 2);

-    n_hit_group = maat_state_get_hit_groups(state, hit_groups, sizeof(hit_groups));
+    n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_FULL, hit_groups, sizeof(hit_groups));
    EXPECT_EQ(n_hit_group, 4);
    EXPECT_EQ(hit_groups[0].group_id, group1_id);
    EXPECT_EQ(hit_groups[0].vtable_id, http_req_table_id);
@@ -5564,6 +5572,14 @@ TEST_F(MaatCmdTest, HitPath) {
    EXPECT_EQ(hit_groups[3].group_id, group11_id);
    EXPECT_EQ(hit_groups[3].vtable_id, http_req_table_id);

+    memset(hit_groups, 0, sizeof(hit_groups));
+    n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_INC, hit_groups, sizeof(hit_groups));
+    EXPECT_EQ(n_hit_group, 2);
+    EXPECT_EQ(hit_groups[0].group_id, group21_id);
+    EXPECT_EQ(hit_groups[0].vtable_id, http_res_table_id);
+    EXPECT_EQ(hit_groups[1].group_id, group2_id);
+    EXPECT_EQ(hit_groups[1].vtable_id, http_res_table_id);
+
    n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
    EXPECT_EQ(n_read, 4);
    
@@ -5617,7 +5633,7 @@ that the edges be all directed in the same direction.";
    scan_count = maat_state_get_scan_count(state);
    EXPECT_EQ(scan_count, 3);

-    n_hit_group = maat_state_get_hit_groups(state, hit_groups, sizeof(hit_groups));
+    n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_FULL, hit_groups, sizeof(hit_groups));
    EXPECT_EQ(n_hit_group, 5);
    EXPECT_EQ(hit_groups[0].group_id, group1_id);
    EXPECT_EQ(hit_groups[0].vtable_id, http_req_table_id);
@@ -5630,6 +5646,12 @@ that the edges be all directed in the same direction.";
    EXPECT_EQ(hit_groups[4].group_id, group4_id);
    EXPECT_EQ(hit_groups[4].vtable_id, 0); //physical table(keywords_table) vtable_id is 0

+    memset(hit_groups, 0, sizeof(hit_groups));
+    n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_INC, hit_groups, sizeof(hit_groups));
+    EXPECT_EQ(n_hit_group, 1);
+    EXPECT_EQ(hit_groups[0].group_id, group4_id);
+    EXPECT_EQ(hit_groups[0].vtable_id, 0); //physical table(keywords_table) vtable_id is 0 
+
    n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
    EXPECT_EQ(n_read, 5);

@@ -5655,7 +5677,7 @@ that the edges be all directed in the same direction.";
    scan_count = maat_state_get_scan_count(state);
    EXPECT_EQ(scan_count, 4);

-    n_hit_group = maat_state_get_hit_groups(state, hit_groups, sizeof(hit_groups));
+    n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_FULL, hit_groups, sizeof(hit_groups));
    EXPECT_EQ(n_hit_group, 6);
    EXPECT_EQ(hit_groups[0].group_id, group1_id);
    EXPECT_EQ(hit_groups[0].vtable_id, http_req_table_id);
@@ -5670,6 +5692,12 @@ that the edges be all directed in the same direction.";
    EXPECT_EQ(hit_groups[5].group_id, group4_id);
    EXPECT_EQ(hit_groups[5].vtable_id, 0); //physical table(keywords_table) vtable_id is 0

+    memset(hit_groups, 0, sizeof(hit_groups));
+    n_hit_group = maat_state_get_hit_groups(state, MAAT_LIST_TYPE_INC, hit_groups, sizeof(hit_groups));
+    EXPECT_EQ(n_hit_group, 1);
+    EXPECT_EQ(hit_groups[0].group_id, group3_id);
+    EXPECT_EQ(hit_groups[0].vtable_id, 0); //physical table(keywords_table) vtable_id is 0
+ 
    n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
    EXPECT_EQ(n_read, 6);