diff --git a/docs/api_reference.md b/docs/api_reference.md index 91376d1..48c1b29 100644 --- a/docs/api_reference.md +++ b/docs/api_reference.md @@ -861,7 +861,7 @@ int maat_scan_not_logic(struct maat *instance, int table_id, size_t *n_hit_result, struct maat_state *state); ``` -If the rule configuration contains NOT-conditions, this interface needs to be called to activate the calculation of rule_id involving NOT-conditions. This means that other scanning interfaces will not activate NOT-conditions except for calling this interface. When to call this interface is determined by the caller. For example, on a session, four packets were scanned with maat_scan_string and three rule_id were hit. The NOT-condition was expected to be activated, so this interface was called and two new rule_id were hit. +If the rule configuration contains negate-conditions, this interface needs to be called to activate the calculation of rule_id involving negate-conditions. This means that other scanning interfaces will not activate negate-conditions except for calling this interface. When to call this interface is determined by the caller. For example, on a session, four packets were scanned with maat_scan_string and three rule_id were hit. The negate-condition was expected to be activated, so this interface was called and two new rule_id were hit. Since this interface only activates non-conditions and does not call the underlying scanning engine to perform actual scanning tasks, there is no data to be scanned. diff --git a/docs/getting_started.md b/docs/getting_started.md index dce8e43..f87b01e 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -60,7 +60,7 @@ Table schema is stored in a json file(such as table_info.conf), which is loaded "custom": { "group_id":1, "rule_id":2, - "not_flag":4, + "negate_option":4, "attribute_name":5, "condition_index":6 } diff --git a/docs/logical_combinations.md b/docs/logical_combinations.md index 2f4064f..ffe1041 100644 --- a/docs/logical_combinations.md +++ b/docs/logical_combinations.md @@ -124,7 +124,7 @@ rule(rule) = condition1 & !condition2 The JSON configuration for the logical `OR` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=145. -The group_name: "123_IP_group" is a NOT condition of this rule. +The group_name: "123_IP_group" is a negate condition of this rule. ## Group exclude diff --git a/docs/maat_table.md b/docs/maat_table.md index cf34468..f1bd1a4 100644 --- a/docs/maat_table.md +++ b/docs/maat_table.md @@ -256,7 +256,7 @@ Describe the relationship between group and rule. | **group_ids** | VARCHAR(256) | group ids are separated by commas(g1,g2,g3) | | **rule_id** | LONG LONG | rule id | | **is_valid** | INT | 0(invalid), 1(valid) | -| **not_flag** | INT | logical 'NOT', identify a NOT condition, 0(no) 1(yes) | +| **negate_option** | INT | logical 'NOT', identify a negate condition, 0(no) 1(yes) | | **attribute** | VARCHAR2(256) | attribute name, NOT NULL | | **Nth_condition** | INT | the condition seq in (conjunctive normal form)CNF, from 0 to 7. groups with the same condition ID are logical 'OR' | @@ -443,7 +443,7 @@ In addition to the rule table, there is also the group2rule table in the table s **Note:** This will involve the terminology of [condition](./terminology.md#condition). -1. For expressions without NOT-conditions, returning the matched rule_id: +1. For expressions without negate-conditions, returning the matched rule_id: * rule1 = condition1 & condition2 = {attribute1, g1} & {attribute2, g2} @@ -451,7 +451,7 @@ In addition to the rule table, there is also the group2rule table in the table s Given the matched attribute_id and group_id, all matching rule_ids can be provided. For example, if scanning attribute1 matches g2 and attribute2 matches g3, rule_runtime will return the matched rule_id 2. -2. For expressions with NOT-conditions, returning the matched rule_id: +2. For expressions with negate-conditions, returning the matched rule_id: * rule3 = condition1 & !condition2 = {attribute1, g1} & !{attribute2, g2} @@ -459,7 +459,7 @@ In addition to the rule table, there is also the group2rule table in the table s If scanning attribute1 matches g1 and attribute2 matches g3, rule_runtime will return the matched rule_id 4. -3. If a rule_id is matched, the full hit path can be obtained: **item_id -> group_id ->** {super_group_id} -> condition{**attribute_id, not_flag, condition_index} -> rule_id**. If the matched group is not referenced by a rule, a half hit path can be obtained: **item_id -> group_id** -> {super_group_id}. +3. If a rule_id is matched, the full hit path can be obtained: **item_id -> group_id ->** {super_group_id} -> condition{**attribute_id, negate_option, condition_index} -> rule_id**. If the matched group is not referenced by a rule, a half hit path can be obtained: **item_id -> group_id** -> {super_group_id}. 4. Getting the matched group_ids and the count of hit groups. @@ -473,9 +473,9 @@ Rule runtime loads the rule table and group2rule table configurations into memor 1. All condition_ids under the same rule are used to construct AND expressions, and all rule AND expressions are used to build a bool_matcher. -2. For not_flag=0 (conditions), a `condition_id hash` is built, key:{group_id, attribute_id, not_flag}, value:condition_id. +2. For negate_option=0 (conditions), a `condition_id hash` is built, key:{group_id, attribute_id, negate_option}, value:condition_id. -3. For not_flag=1 (NOT-conditions), a `NOT_condition_id hash` is built, key:{group_id, attribute_id, not_flag}, value:condition_id. +3. For negate_option=1 (negate-conditions), a `NOT_condition_id hash` is built, key:{group_id, attribute_id, negate_option}, value:condition_id. * **Data Plane** @@ -493,10 +493,10 @@ On the data plane, services are provided externally through the maat API, primar * Use the hit condition_ids to determine if there are any hit rule_ids. If there are, populate the half-hit path which will become full-hit path. -2. **maat_scan_not_logic**: This interface is used to activate NOT-condition logic. +2. **maat_scan_not_logic**: This interface is used to activate negate-condition logic. -* Traverse the `NOT_condition_group` of `attribute_id`. For each `group_id`, form a key `{group_id, attribute_id, 1}` to obtain the `NOT_condition_id`. If it is in the `exclude condition_ids` set, ignore it; otherwise, add it to the `all hit condition_ids` set as a hit `NOT_condition_id`, and record the half-hit path of the NOT-condition. +* Traverse the `NOT_condition_group` of `attribute_id`. For each `group_id`, form a key `{group_id, attribute_id, 1}` to obtain the `NOT_condition_id`. If it is in the `exclude condition_ids` set, ignore it; otherwise, add it to the `all hit condition_ids` set as a hit `NOT_condition_id`, and record the half-hit path of the negate-condition. -* Use the `all hit condition_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the NOT-condition which will become full-hit path. +* Use the `all hit condition_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the negate-condition which will become full-hit path. 3. **xx_get_hit_path**: This interface is used to retrieve the hit path. \ No newline at end of file diff --git a/docs/monitor_tools.md b/docs/monitor_tools.md index 7851bf5..894f4ed 100644 --- a/docs/monitor_tools.md +++ b/docs/monitor_tools.md @@ -22,7 +22,7 @@ The statistical information in the above figure is divided into two parts, part1 - plug_acc_num: total number of configurations for plugin tables -- NOT_condition_num: total number of NOT-conditions +- NOT_condition_num: total number of negate-conditions - excl_grp_num: total number of exclude groups diff --git a/docs/terminology.md b/docs/terminology.md index 29760b5..723b24a 100644 --- a/docs/terminology.md +++ b/docs/terminology.md @@ -60,7 +60,7 @@ The relationship between group and rule is stored in the [group2rule table](./ma A condition consists of several Literals and the relationship between them is a `logical 'OR'`. -Conditions are divided into two categories based on whether they contain the logical "NOT" operation: `condition` and `NOT-condition`. In Maat, the logical "NOT" only appears in the condition, which means that if you want to use the logical "NOT", you need to configure conditions for the rules. +Conditions are divided into two categories based on whether they contain the logical "NOT" operation: `condition` and `negate-condition`. In Maat, the logical "NOT" only appears in the condition, which means that if you want to use the logical "NOT", you need to configure conditions for the rules. ## Literal diff --git a/include/maat.h b/include/maat.h index 6aa27b5..0d275ac 100644 --- a/include/maat.h +++ b/include/maat.h @@ -30,7 +30,7 @@ struct maat; struct maat_hit_path { int Nth_scan; int attribute_id; // 0 is not a attribute. - int NOT_flag; // 1 means NOT condition(condition) + int negate_option; // 1 means negate condition(condition) int condition_index; // 0 ~ 7 long long item_id; long long sub_group_id; diff --git a/scanner/bool_matcher/bool_matcher.cpp b/scanner/bool_matcher/bool_matcher.cpp index 0d781ad..7f82342 100644 --- a/scanner/bool_matcher/bool_matcher.cpp +++ b/scanner/bool_matcher/bool_matcher.cpp @@ -60,7 +60,7 @@ struct bool_matcher * bool_matcher_new(struct bool_expr * exprs, size_t expr_num { for(unsigned int j=0; jitem_num; ++j) { - if(expr->items[j].not_flag==0) + if(expr->items[j].negate_option==0) { while(iitems[j].item_id) ++i; if(i==item_num || item_ids[i]>expr->items[j].item_id) return 0; diff --git a/scanner/bool_matcher/bool_matcher.h b/scanner/bool_matcher/bool_matcher.h index 3b86e5f..ae21812 100644 --- a/scanner/bool_matcher/bool_matcher.h +++ b/scanner/bool_matcher/bool_matcher.h @@ -27,14 +27,14 @@ extern "C" #define MAX_ITEMS_PER_BOOL_EXPR 8 - /* not_flag=0表示布尔项item_id必须出现;not_flag=1表示布尔项item_id不能出现 */ + /* negate_option=0表示布尔项item_id必须出现;negate_option=1表示布尔项item_id不能出现 */ struct bool_item { unsigned long long item_id; - unsigned char not_flag; + unsigned char negate_option; }; - /* At least one item's not_flag should be 0. */ + /* At least one item's negate_option should be 0. */ struct bool_expr { unsigned long long expr_id; diff --git a/scanner/expr_matcher/expr_matcher.cpp b/scanner/expr_matcher/expr_matcher.cpp index eed5d1e..05aacad 100644 --- a/scanner/expr_matcher/expr_matcher.cpp +++ b/scanner/expr_matcher/expr_matcher.cpp @@ -221,7 +221,7 @@ static struct bool_expr *bool_exprs_new(struct expr_rule *rules, size_t n_rule, } bool_exprs[i].items[j].item_id = pattern_index++; - bool_exprs[i].items[j].not_flag = 0; + bool_exprs[i].items[j].negate_option = 0; } bool_exprs[i].expr_id = rules[i].expr_id; diff --git a/src/inc_internal/maat_core.h b/src/inc_internal/maat_core.h index 813db9c..e4d42ff 100644 --- a/src/inc_internal/maat_core.h +++ b/src/inc_internal/maat_core.h @@ -195,7 +195,7 @@ struct maat_state { uint16_t thread_id; int16_t rule_table_id; uint8_t district_flag; - uint8_t logic_not_flag; + uint8_t logic_negate_option; }; int my_scandir(const char *dir, struct dirent ***namelist, diff --git a/src/json2iris.c b/src/json2iris.c index 567666d..a0ccded 100644 --- a/src/json2iris.c +++ b/src/json2iris.c @@ -643,7 +643,7 @@ write_region_rule(cJSON *region_json, int rule_id, int group_id, static int write_group2rule_line(int *group_ids, size_t n_group_id, - int rule_id, int group_not_flag, + int rule_id, int group_negate_option, int condition_index, const char *attribute, struct iris_description *p_iris, struct iris_table *g2c_table) @@ -670,10 +670,10 @@ write_group2rule_line(int *group_ids, size_t n_group_id, } group_id_str[strlen(group_id_str) - 1] = '\0'; snprintf(buff, sizeof(buff), "%s\t%d\t%d\t%s\t%d\t1\n", group_id_str, - rule_id, group_not_flag, attribute, condition_index); + rule_id, group_negate_option, attribute, condition_index); } else { snprintf(buff, sizeof(buff), "%d\t%d\t%d\t%s\t%d\t1\n", group_ids[0], - rule_id, group_not_flag, attribute, condition_index); + rule_id, group_negate_option, attribute, condition_index); } table->write_pos += memcat(&(table->buff), table->write_pos, @@ -753,7 +753,7 @@ write_group_rule(cJSON *group_json, int parent_id, struct log_handle *logger) { int ret = 0; - int group_not_flag = 0; + int group_negate_option = 0; int condition_index = 0; const char *group_name = NULL; char group_name_array[32][MAX_NAME_STR_LEN]; @@ -797,11 +797,11 @@ write_group_rule(cJSON *group_json, int parent_id, attribute = item->valuestring; } - item = cJSON_GetObjectItem(group_json, "not_flag"); + item = cJSON_GetObjectItem(group_json, "negate_option"); if (NULL == item || item->type != cJSON_Number) { - group_not_flag = 0; + group_negate_option = 0; } else { - group_not_flag = item->valueint; + group_negate_option = item->valueint; } item = cJSON_GetObjectItem(group_json, "condition_index"); @@ -833,7 +833,7 @@ write_group_rule(cJSON *group_json, int parent_id, } assert(parent_type == PARENT_TYPE_RULE); ret = write_group2rule_line(group_ids, group_name_cnt, parent_id, - group_not_flag, condition_index, + group_negate_option, condition_index, attribute, p_iris, g2c_table); } else { @@ -894,7 +894,7 @@ write_group_rule(cJSON *group_json, int parent_id, if (parent_type == PARENT_TYPE_RULE) { ret = write_group2rule_line(&(group_info->group_id), 1, parent_id, - group_not_flag, condition_index, + group_negate_option, condition_index, attribute, p_iris, g2c_table); if (ret < 0) { log_fatal(logger, MODULE_JSON2IRIS, diff --git a/src/maat_api.c b/src/maat_api.c index 2d08517..0cf4ffa 100644 --- a/src/maat_api.c +++ b/src/maat_api.c @@ -50,9 +50,9 @@ enum district_flag { DISTRICT_FLAG_SET }; -enum logic_not_flag { - LOGIC_NOT_FLAG_UNSET, - LOGIC_NOT_FLAG_SET +enum logic_negate_option { + LOGIC_NEGATE_OPTION_UNSET, + LOGIC_NEGATE_OPTION_SET }; struct maat_stream { diff --git a/src/maat_bool_plugin.c b/src/maat_bool_plugin.c index 91efbf9..1d9a04c 100644 --- a/src/maat_bool_plugin.c +++ b/src/maat_bool_plugin.c @@ -375,7 +375,7 @@ bool_plugin_expr_new(struct bool_plugin_schema *schema, const char *table_name, n_item = ull_dedup(items, n_item); for (size_t i = 0; i < n_item; i++) { bool_expr->items[i].item_id = items[i]; - bool_expr->items[i].not_flag = 0; + bool_expr->items[i].negate_option = 0; } bool_expr->item_num = n_item; diff --git a/src/maat_rule.c b/src/maat_rule.c index 0674440..eb30f17 100644 --- a/src/maat_rule.c +++ b/src/maat_rule.c @@ -30,9 +30,9 @@ #define MAX_NOT_CONDITION_NUM 8 -enum condition_not_flag { - CONDITION_NOT_FLAG_UNSET = 0, - CONDITION_NOT_FLAG_SET +enum condition_negate_option { + CONDITION_NEGATE_OPTION_UNSET = 0, + CONDITION_NEGATE_OPTION_SET }; struct rule_schema { @@ -47,7 +47,7 @@ struct rule_schema { struct group2rule_schema { int group_id_column; int rule_id_column; - int not_flag_column; + int negate_option_column; int attribute_name_column; int condition_index_column; int asso_rule_table_id; //asso is abbreviation for associated @@ -65,7 +65,7 @@ struct rule_item { struct group2rule_item { UT_array *group_ids; long long rule_id; - int not_flag; + int negate_option; int attribute_id; int condition_index; }; @@ -73,7 +73,7 @@ struct group2rule_item { struct condition_query_key { long long group_id; int attribute_id; - int not_flag; + int negate_option; }; struct condition_id_kv { @@ -101,8 +101,8 @@ struct rule_runtime { struct bool_matcher *bm; struct rcu_hash_table *cfg_hash; // struct maat_runtime *ref_maat_rt; - struct condition_id_kv *condition_id_kv_hash; //store condition_ids(not_flag == 0) - struct condition_id_kv *not_condition_id_kv_hash; //store NOT_condition_ids(not_flag == 1) + struct condition_id_kv *condition_id_kv_hash; //store condition_ids(negate_option == 0) + struct condition_id_kv *not_condition_id_kv_hash; //store NOT_condition_ids(negate_option == 1) struct bool_expr_match *expr_match_buff; struct maat_garbage_bin *ref_garbage_bin; struct log_handle *logger; @@ -117,7 +117,7 @@ struct group2rule_runtime { long long rule_num; long long update_err_cnt; struct rule_runtime *ref_rule_rt; - struct table_condition *tbl_not_condition_hash; //each attribute's not condition number <= MAX_NOT_CONDITION_NUM + struct table_condition *tbl_not_condition_hash; //each attribute's negate condition number <= MAX_NOT_CONDITION_NUM }; struct condition_literal { @@ -129,7 +129,7 @@ struct condition_literal { struct rule_condition { long long condition_id; UT_array *literals; //struct condition_literal - char not_flag; // 1 byte + char negate_option; // 1 byte char in_use; // 1 byte char pad[6]; // for 8 bytes alignment }; @@ -155,7 +155,7 @@ struct internal_hit_path { long long group_id; int Nth_scan; int attribute_id; - int NOT_flag; // 1 means NOT condition + int negate_option; // 1 means negate condition }; struct rule2table_id { @@ -469,12 +469,12 @@ void *group2rule_schema_new(cJSON *json, struct table_manager *tbl_mgr, goto error; } - custom_item = cJSON_GetObjectItem(item, "not_flag"); + custom_item = cJSON_GetObjectItem(item, "negate_option"); if (custom_item != NULL && custom_item->type == cJSON_Number) { - g2c_schema->not_flag_column = custom_item->valueint; + g2c_schema->negate_option_column = custom_item->valueint; } else { log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> schema has no not_flag column", + "[%s:%d] table: <%s> schema has no negate_option column", __FUNCTION__, __LINE__, table_name); goto error; } @@ -732,21 +732,21 @@ group2rule_item_new(const char *line, struct group2rule_schema *g2c_schema, } g2c_item->rule_id = atoll(line + column_offset); - ret = get_column_pos(line, g2c_schema->not_flag_column, &column_offset, + ret = get_column_pos(line, g2c_schema->negate_option_column, &column_offset, &column_len); if (ret < 0) { log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> has no NOT_flag in line:%s ", + "[%s:%d] g2c table:<%s> has no negate_option in line:%s ", __FUNCTION__, __LINE__, table_name, line); goto error; } - g2c_item->not_flag = atoi(line + column_offset); - if (g2c_item->not_flag != CONDITION_NOT_FLAG_SET && - g2c_item->not_flag != CONDITION_NOT_FLAG_UNSET) { + g2c_item->negate_option = atoi(line + column_offset); + if (g2c_item->negate_option != CONDITION_NEGATE_OPTION_SET && + g2c_item->negate_option != CONDITION_NEGATE_OPTION_UNSET) { log_fatal(logger, MODULE_RULE, - "[%s:%d] g2c table:<%s> NOT_flag:%d is illegal in line:%s ", - __FUNCTION__, __LINE__, table_name, g2c_item->not_flag, line); + "[%s:%d] g2c table:<%s> negate_option:%d is illegal in line:%s ", + __FUNCTION__, __LINE__, table_name, g2c_item->negate_option, line); goto error; } @@ -870,7 +870,7 @@ static void maat_rule_condition_add_literal(struct maat_rule *rule, { struct rule_condition *condition = rule->conditions + g2c_item->condition_index; - condition->not_flag = g2c_item->not_flag; + condition->negate_option = g2c_item->negate_option; if (0 == condition->in_use) { condition->in_use = 1; @@ -944,12 +944,12 @@ maat_rule_bool_matcher_new(struct rule_runtime *rule_rt, for (size_t it = 0; it < tmp_cl->group_cnt; it++) { printf(" rule_rt:%p rule_id:%lld, condition_id:%llu, condition_query_key{%lld: %d, %d}\n", rule_rt, iter_rule->rule_id, iter_rule->conditions[i].condition_id, tmp_cl->group_ids[it], - tmp_cl->attribute_id, iter_rule->conditions[i].not_flag); + tmp_cl->attribute_id, iter_rule->conditions[i].negate_option); } } #endif bool_expr_array[expr_cnt].items[j].item_id = iter_rule->conditions[i].condition_id; - bool_expr_array[expr_cnt].items[j].not_flag = 0; + bool_expr_array[expr_cnt].items[j].negate_option = 0; j++; } } @@ -1035,14 +1035,14 @@ static inline int compare_rule_id(const void *a, const void *b) * @brief build hash for condition or not_condition * * @param rule_rt: rule runtime handle - * @param not_flag: specify whether to build condition or NOT_condition hash for rule runtime + * @param negate_option: specify whether to build condition or NOT_condition hash for rule runtime * 0 -> condition hash * 1 -> NOT_condition hash * * @retval generated condition_id_kv_hash */ static struct condition_id_kv * -build_condition_id_kv_hash(struct rule_runtime *rule_rt, int not_flag) +build_condition_id_kv_hash(struct rule_runtime *rule_rt, int negate_option) { if (NULL == rule_rt) { return NULL; @@ -1060,12 +1060,12 @@ build_condition_id_kv_hash(struct rule_runtime *rule_rt, int not_flag) continue; } - if (0 == not_flag) { - if (CONDITION_NOT_FLAG_SET == condition->not_flag) { + if (0 == negate_option) { + if (CONDITION_NEGATE_OPTION_SET == condition->negate_option) { continue; } } else { - if (CONDITION_NOT_FLAG_UNSET == condition->not_flag) { + if (CONDITION_NEGATE_OPTION_UNSET == condition->negate_option) { continue; } } @@ -1076,7 +1076,7 @@ build_condition_id_kv_hash(struct rule_runtime *rule_rt, int not_flag) for (size_t k = 0; k < tmp_cl->group_cnt; k++) { struct condition_query_key key = - {tmp_cl->group_ids[k], tmp_cl->attribute_id, condition->not_flag}; + {tmp_cl->group_ids[k], tmp_cl->attribute_id, condition->negate_option}; struct condition_id_kv *condition_id_kv = NULL; HASH_FIND(hh, condition_id_kv_hash, &key, sizeof(struct condition_query_key), @@ -1256,7 +1256,7 @@ maat_rule_clone(struct maat_rule *rule, int deep_copy) for (size_t i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) { new_rule->conditions[i].condition_id = rule->conditions[i].condition_id; new_rule->conditions[i].in_use = rule->conditions[i].in_use; - new_rule->conditions[i].not_flag = rule->conditions[i].not_flag; + new_rule->conditions[i].negate_option = rule->conditions[i].negate_option; utarray_new(new_rule->conditions[i].literals, &ut_condition_literal_icd); for (size_t j = 0; j < utarray_len(rule->conditions[i].literals); j++) { tmp_literal = @@ -1570,7 +1570,7 @@ void rule_state_free(struct rule_state *rule_state, static void rule_state_add_internal_hit_path(struct rule_state *rule_state, long long item_id, long long group_id, - int attribute_id, int NOT_flag, int Nth_scan) + int attribute_id, int negate_option, int Nth_scan) { if (NULL == rule_state) { return; @@ -1581,7 +1581,7 @@ rule_state_add_internal_hit_path(struct rule_state *rule_state, new_path.Nth_scan = Nth_scan; new_path.group_id = group_id; new_path.attribute_id = attribute_id; - new_path.NOT_flag = NOT_flag; + new_path.negate_option = negate_option; utarray_push_back(rule_state->internal_hit_paths, &new_path); } @@ -1602,7 +1602,7 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule, continue; } - if (condition->not_flag != key->not_flag) { + if (condition->negate_option != key->negate_option) { continue; } @@ -1761,7 +1761,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id, } key.attribute_id = hit_path_array[j].attribute_id; - key.not_flag = hit_path_array[j].NOT_flag; + key.negate_option = hit_path_array[j].negate_option; if (maat_rule_has_condition_query_key(rule, &key)) { populate_hit_path_with_rule(hit_path_array, j, n_hit_path, &n_new_hit_path, rule); @@ -1901,7 +1901,7 @@ rule_state_update_hit_conditions(struct rule_state *rule_state, rule_state_add_hit_conditions(rule_state, condition_id_kv->condition_ids); } - key.not_flag = 1; + key.negate_option = 1; HASH_FIND(hh, rule_rt->not_condition_id_kv_hash, &key, sizeof(key), condition_id_kv); if (condition_id_kv != NULL) { rule_state_add_exclude_not_conditions(rule_state, condition_id_kv->condition_ids); @@ -2196,7 +2196,7 @@ static int validate_table_not_condition(struct group2rule_runtime *g2c_rt, if (not_condition->actual_condition_num >= MAX_NOT_CONDITION_NUM) { const char *table_name = table_manager_get_table_name(tbl_mgr, table_id); log_fatal(logger, MODULE_RULE, - "[%s:%d]table:<%s> NOT condition num exceed maximum:%d", + "[%s:%d]table:<%s> negate condition num exceed maximum:%d", __FUNCTION__, __LINE__, table_name, MAX_NOT_CONDITION_NUM); return -1; } @@ -2237,13 +2237,13 @@ int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema, return -1; } - if (1 == g2c_item->not_flag) { + if (1 == g2c_item->negate_option) { ret = validate_table_not_condition(g2c_rt, schema->ref_tbl_mgr, g2c_item->attribute_id, is_valid, rule_rt->logger); if (ret < 0) { log_fatal(rule_rt->logger, MODULE_RULE, - "[%s:%d]validate NOT condition failed, abandon config:%s", + "[%s:%d]validate negate condition failed, abandon config:%s", __FUNCTION__, __LINE__, line); goto next; } @@ -2254,7 +2254,7 @@ int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema, ret = maat_remove_group_from_rule(rule_rt->cfg_hash, g2c_item, rule_rt->logger); if (0 == ret) { - if (g2c_item->not_flag) { + if (g2c_item->negate_option) { g2c_rt->not_condition_cnt--; } g2c_rt->rule_num--; @@ -2266,7 +2266,7 @@ int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema, ret = maat_add_group_to_rule(rule_rt->cfg_hash, g2c_item, rule_rt->logger); if (0 == ret) { - if (g2c_item->not_flag) { + if (g2c_item->negate_option) { g2c_rt->not_condition_cnt++; } g2c_rt->rule_num++; @@ -2713,7 +2713,7 @@ size_t rule_state_get_internal_hit_paths(struct rule_state *rule_state, tmp_path.sub_group_id = internal_path->group_id; tmp_path.top_group_id = *p; tmp_path.attribute_id = internal_path->attribute_id; - tmp_path.NOT_flag = internal_path->NOT_flag; + tmp_path.negate_option = internal_path->negate_option; tmp_path.condition_index = -1; tmp_path.rule_id = -1; diff --git a/test/benchmark/benchmark_table_info.conf b/test/benchmark/benchmark_table_info.conf index d6cf0c9..5601996 100644 --- a/test/benchmark/benchmark_table_info.conf +++ b/test/benchmark/benchmark_table_info.conf @@ -572,7 +572,7 @@ "custom": { "group_id":1, "rule_id":2, - "not_flag":3, + "negate_option":3, "attribute_name":4, "condition_index":5 } diff --git a/test/bool_matcher_gtest.cpp b/test/bool_matcher_gtest.cpp index 0017a3f..28e1699 100644 --- a/test/bool_matcher_gtest.cpp +++ b/test/bool_matcher_gtest.cpp @@ -15,9 +15,9 @@ TEST(bool_matcher_match, MultiExprWithSameID) { bool_expr_array->expr_id = 100; bool_expr_array->item_num = 2; bool_expr_array->items[0].item_id = 1; - bool_expr_array->items[0].not_flag = 0; + bool_expr_array->items[0].negate_option = 0; bool_expr_array->items[1].item_id = 1; - bool_expr_array->items[1].not_flag = 0; + bool_expr_array->items[1].negate_option = 0; size_t mem_size = 0; struct bool_matcher *bm = bool_matcher_new(bool_expr_array, 1, &mem_size); diff --git a/test/file_test_tableinfo.conf b/test/file_test_tableinfo.conf index 9d929c0..c7bfd59 100644 --- a/test/file_test_tableinfo.conf +++ b/test/file_test_tableinfo.conf @@ -54,7 +54,7 @@ "custom": { "group_id":1, "rule_id":2, - "not_flag":4, + "negate_option":4, "attribute_name":5, "condition_index":6 } diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index 3ba632e..bcfcf1b 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -6845,7 +6845,7 @@ TEST_F(Policy, NotConditionHitPath) { EXPECT_EQ(hit_path[0].Nth_scan, 1); EXPECT_EQ(hit_path[0].attribute_id, url_table_id); - EXPECT_EQ(hit_path[0].NOT_flag, 0); + EXPECT_EQ(hit_path[0].negate_option, 0); EXPECT_EQ(hit_path[0].condition_index, 1); EXPECT_EQ(hit_path[0].sub_group_id, 249); EXPECT_EQ(hit_path[0].top_group_id, 249); @@ -6853,7 +6853,7 @@ TEST_F(Policy, NotConditionHitPath) { EXPECT_EQ(hit_path[1].Nth_scan, 2); EXPECT_EQ(hit_path[1].attribute_id, ip_table_id); - EXPECT_EQ(hit_path[1].NOT_flag, 1); + EXPECT_EQ(hit_path[1].negate_option, 1); EXPECT_EQ(hit_path[1].condition_index, -1); EXPECT_EQ(hit_path[1].sub_group_id, 100); EXPECT_EQ(hit_path[1].top_group_id, 144); @@ -6861,7 +6861,7 @@ TEST_F(Policy, NotConditionHitPath) { EXPECT_EQ(hit_path[2].Nth_scan, 2); EXPECT_EQ(hit_path[2].attribute_id, ip_table_id); - EXPECT_EQ(hit_path[2].NOT_flag, 1); + EXPECT_EQ(hit_path[2].negate_option, 1); EXPECT_EQ(hit_path[2].condition_index, -1); EXPECT_EQ(hit_path[2].sub_group_id, 100); EXPECT_EQ(hit_path[2].top_group_id, -1); @@ -6869,7 +6869,7 @@ TEST_F(Policy, NotConditionHitPath) { EXPECT_EQ(hit_path[3].Nth_scan, 2); EXPECT_EQ(hit_path[3].attribute_id, ip_table_id); - EXPECT_EQ(hit_path[3].NOT_flag, 1); + EXPECT_EQ(hit_path[3].negate_option, 1); EXPECT_EQ(hit_path[3].condition_index, 2); EXPECT_EQ(hit_path[3].sub_group_id, 250); EXPECT_EQ(hit_path[3].top_group_id, 250); @@ -10122,7 +10122,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group11_id); EXPECT_EQ(hit_path[path_idx].attribute_id, http_req_table_id); - EXPECT_EQ(hit_path[path_idx].NOT_flag, 1); + EXPECT_EQ(hit_path[path_idx].negate_option, 1); EXPECT_EQ(hit_path[path_idx].rule_id, -1); path_idx++; @@ -10131,7 +10131,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id); EXPECT_EQ(hit_path[path_idx].top_group_id, -1); EXPECT_EQ(hit_path[path_idx].attribute_id, http_req_table_id); - EXPECT_EQ(hit_path[path_idx].NOT_flag, 1); + EXPECT_EQ(hit_path[path_idx].negate_option, 1); EXPECT_EQ(hit_path[path_idx].rule_id, -1); int http_res_table_id = maat_get_table_id(maat_inst, "HTTP_RESPONSE_HEADER"); @@ -10164,7 +10164,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) { EXPECT_EQ(hit_path[path_idx].item_id, -1); EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group11_id); - EXPECT_EQ(hit_path[path_idx].NOT_flag, 1); + EXPECT_EQ(hit_path[path_idx].negate_option, 1); EXPECT_EQ(hit_path[path_idx].rule_id, -1); path_idx++; @@ -10173,7 +10173,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) { EXPECT_EQ(hit_path[path_idx].item_id, -1); EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id); - EXPECT_EQ(hit_path[path_idx].NOT_flag, 1); + EXPECT_EQ(hit_path[path_idx].negate_option, 1); EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); path_idx++; @@ -10183,7 +10183,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id); EXPECT_EQ(hit_path[path_idx].attribute_id, http_res_table_id); - EXPECT_EQ(hit_path[path_idx].NOT_flag, 0); + EXPECT_EQ(hit_path[path_idx].negate_option, 0); EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id); path_idx++; @@ -10193,7 +10193,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id); EXPECT_EQ(hit_path[path_idx].top_group_id, -1); EXPECT_EQ(hit_path[path_idx].attribute_id, http_res_table_id); - EXPECT_EQ(hit_path[path_idx].NOT_flag, 0); + EXPECT_EQ(hit_path[path_idx].negate_option, 0); EXPECT_EQ(hit_path[path_idx].rule_id, -1); const char *keywords1 = "In math theory, a finite and infinite come up all the time."; @@ -10225,7 +10225,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group4_id); EXPECT_EQ(hit_path[path_idx].top_group_id, -1); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].NOT_flag, 0); + EXPECT_EQ(hit_path[path_idx].negate_option, 0); EXPECT_EQ(hit_path[path_idx].rule_id, -1); int ip_table_id = maat_get_table_id(maat_inst, ip_table_name); @@ -10255,7 +10255,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id); EXPECT_EQ(hit_path[path_idx].top_group_id, -1); EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id); - EXPECT_EQ(hit_path[path_idx].NOT_flag, 0); + EXPECT_EQ(hit_path[path_idx].negate_option, 0); EXPECT_EQ(hit_path[path_idx].rule_id, -1); Nth_scan++; @@ -10280,7 +10280,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) { EXPECT_EQ(hit_path[path_idx].sub_group_id, group4_id); EXPECT_EQ(hit_path[path_idx].top_group_id, -1); EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id); - EXPECT_EQ(hit_path[path_idx].NOT_flag, 0); + EXPECT_EQ(hit_path[path_idx].negate_option, 0); EXPECT_EQ(hit_path[path_idx].rule_id, -1); maat_stream_free(stream); diff --git a/test/maat_json.json b/test/maat_json.json index c6cb0eb..311b42c 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -735,7 +735,7 @@ "attribute": "HTTP_URL_FILTER", "group_name": "143_url_group1", "group_id": 121, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_name": "HTTP_URL", @@ -751,7 +751,7 @@ "attribute": "HTTP_URL_FILTER", "group_name": "143_url_group2", "group_id": 122, - "not_flag": 1, + "negate_option": 1, "regions": [ { "table_name": "HTTP_URL", @@ -778,7 +778,7 @@ "attribute": "HTTP_URL_FILTER", "group_name": "144_url_group", "group_id": 123, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_name": "HTTP_URL", @@ -794,7 +794,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS", "group_name": "144_keywords_group", "group_id": 124, - "not_flag": 1, + "negate_option": 1, "regions": [ { "table_name": "KEYWORDS_TABLE", @@ -821,7 +821,7 @@ "attribute": "HTTP_URL", "group_name": "145_url_group", "group_id": 125, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_name": "HTTP_URL", @@ -836,7 +836,7 @@ { "attribute": "ATTRIBUTE_IP_CONFIG", "group_name": "123_IP_group", - "not_flag": 1 + "negate_option": 1 } ] }, @@ -853,7 +853,7 @@ "attribute": "HTTP_URL_FILTER", "group_name": "146_url_group", "group_id": 126, - "not_flag": 0, + "negate_option": 0, "condition_index": 0, "regions": [ { @@ -870,7 +870,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS", "group_name": "146_keywords_group", "group_id": 127, - "not_flag": 1, + "negate_option": 1, "condition_index": 1, "regions": [ { @@ -886,7 +886,7 @@ { "attribute": "ATTRIBUTE_IP_CONFIG", "group_name": "123_IP_group", - "not_flag": 1, + "negate_option": 1, "condition_index": 2 } ] @@ -904,7 +904,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS_1", "group_name": "147_keywords_group1", "group_id": 128, - "not_flag": 1, + "negate_option": 1, "condition_index": 0, "regions": [ { @@ -921,7 +921,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS_2", "group_name": "147_keywords_group2", "group_id": 129, - "not_flag": 1, + "negate_option": 1, "condition_index": 1, "regions": [ { @@ -938,7 +938,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS_3", "group_name": "147_keywords_group3", "group_id": 130, - "not_flag": 1, + "negate_option": 1, "condition_index": 2, "regions": [ { @@ -955,7 +955,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS_4", "group_name": "147_keywords_group4", "group_id": 131, - "not_flag": 1, + "negate_option": 1, "condition_index": 3, "regions": [ { @@ -972,7 +972,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS_5", "group_name": "147_keywords_group5", "group_id": 132, - "not_flag": 1, + "negate_option": 1, "condition_index": 4, "regions": [ { @@ -989,7 +989,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS_6", "group_name": "147_keywords_group6", "group_id": 133, - "not_flag": 1, + "negate_option": 1, "condition_index": 5, "regions": [ { @@ -1006,7 +1006,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS_7", "group_name": "147_keywords_group7", "group_id": 134, - "not_flag": 1, + "negate_option": 1, "condition_index": 6, "regions": [ { @@ -1023,7 +1023,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS_8", "group_name": "147_keywords_group8", "group_id": 135, - "not_flag": 1, + "negate_option": 1, "condition_index": 7, "regions": [ { @@ -1215,7 +1215,7 @@ "attribute": "MAIL_ADDR", "group_name": "153_expr_group", "group_id": 143, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_type": "expr", @@ -1258,7 +1258,7 @@ "attribute": "IP_PLUS_CONFIG", "group_name": "154_IP_group", "group_id": 145, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_type":"ip", @@ -1284,7 +1284,7 @@ "attribute": "IP_PLUS_CONFIG", "group_name": "155_IP_group", "group_id": 146, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_type":"ip", @@ -1412,13 +1412,13 @@ { "attribute": "HTTP_RESPONSE_KEYWORDS", "group_name": "TakeMeHome", - "not_flag": 0 + "negate_option": 0 }, { "attribute": "HTTP_URL", "group_name": "160_url_group", "group_id": 151, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_name": "HTTP_URL", @@ -1445,7 +1445,7 @@ "attribute": "HTTP_SIGNATURE", "group_name": "vt_grp_http_sig1", "group_id": 152, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_name": "HTTP_SIGNATURE", @@ -1462,7 +1462,7 @@ "attribute": "HTTP_SIGNATURE", "group_name": "vt_grp_http_sig2", "group_id": 153, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_name": "HTTP_SIGNATURE", @@ -1498,12 +1498,12 @@ { "attribute": "HTTP_REQUEST_HEADER", "group_name": "vt_grp_http_sig1", - "not_flag": 0 + "negate_option": 0 }, { "attribute": "HTTP_RESPONSE_HEADER", "group_name": "vt_grp_http_sig2", - "not_flag": 0 + "negate_option": 0 } ] }, @@ -1519,12 +1519,12 @@ { "attribute": "HTTP_REQUEST_HEADER", "group_name": "vt_grp_http_sig2", - "not_flag": 0 + "negate_option": 0 }, { "attribute": "HTTP_RESPONSE_HEADER", "group_name": "vt_grp_http_sig2", - "not_flag": 0 + "negate_option": 0 } ] }, @@ -1583,7 +1583,7 @@ "attribute": "IP_PLUS_CONFIG", "group_name": "165_IP_group", "group_id": 156, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_type":"ip", @@ -1695,7 +1695,7 @@ "group_name": "169_IP_group", "group_id": 160, "condition_index": 0, - "not_flag" : 0, + "negate_option" : 0, "regions": [ { "table_type":"ip", @@ -1721,7 +1721,7 @@ "attribute": "IP_PLUS_CONFIG", "group_name": "ipv4_attribute.source", "group_id": 161, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_type":"ip", @@ -1747,7 +1747,7 @@ "attribute": "IP_PLUS_CONFIG", "group_name": "ipv4_attribute.destination", "group_id": 162, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_type":"ip", @@ -1772,13 +1772,13 @@ { "attribute": "ASN_NOT_LOGIC", "group_name": ["ASN1234", "ASN6789", "ASN9001"], - "not_flag": 1, + "negate_option": 1, "condition_index": 0 }, { "attribute": "DESTINATION_IP_ASN", "group_name": "ASN2345", - "not_flag": 0, + "negate_option": 0, "condition_index": 1 } ] @@ -1795,13 +1795,13 @@ { "attribute": "SOURCE_IP_ASN", "group_name": ["ASN1234", "ASN6789", "ASN9001"], - "not_flag": 0, + "negate_option": 0, "condition_index": 0 }, { "attribute": "DESTINATION_IP_ASN", "group_name": "ASN2345", - "not_flag": 0, + "negate_option": 0, "condition_index": 1 } ] @@ -1844,19 +1844,19 @@ { "attribute": "SOURCE_IP_ASN", "group_name": ["ASN1234", "ASN6789", "ASN9001"], - "not_flag": 0, + "negate_option": 0, "condition_index": 0 }, { "attribute": "SOURCE_IP_GEO", "group_name": "Country-Sparta-IP", - "not_flag": 0, + "negate_option": 0, "condition_index": 0 }, { "attribute": "IP_CONFIG", "group_name": "financial-department-ip", - "not_flag": 0, + "negate_option": 0, "condition_index": 1 } ] @@ -1873,19 +1873,19 @@ { "attribute": "SOURCE_IP_ASN", "group_name": ["ASN1234", "ASN6789", "ASN9001"], - "not_flag": 1, + "negate_option": 1, "condition_index": 0 }, { "attribute": "IP_PLUS_CONFIG", "group_name": "develop-department-ip", - "not_flag": 1, + "negate_option": 1, "condition_index": 0 }, { "attribute": "SOURCE_IP_GEO", "group_name": "Country-Sparta-IP", - "not_flag": 0, + "negate_option": 0, "condition_index": 1 } ] @@ -1954,31 +1954,31 @@ { "attribute": "DESTINATION_IP_ASN", "group_name": ["ASN1234", "ASN6789", "ASN9001"], - "not_flag": 1, + "negate_option": 1, "condition_index": 0 }, { "attribute": "SOURCE_IP_GEO", "group_name": "Country-Sparta-IP", - "not_flag": 1, + "negate_option": 1, "condition_index": 0 }, { "attribute": "DESTINATION_IP_ASN", "group_name": "ASN9002", - "not_flag": 1, + "negate_option": 1, "condition_index": 1 }, { "attribute": "DESTINATION_IP_ASN", "group_name": "ASN9003", - "not_flag": 0, + "negate_option": 0, "condition_index": 2 }, { "attribute": "IP_PLUS_CONFIG", "group_name": "security-department-ip", - "not_flag": 0, + "negate_option": 0, "condition_index": 3 } ] @@ -1996,7 +1996,7 @@ "attribute": "HTTP_URL_FILTER", "group_name": "186_expr_group", "group_id": 170, - "not_flag": 1, + "negate_option": 1, "regions": [ { "table_name": "HTTP_URL", @@ -2012,7 +2012,7 @@ "attribute": "IP_PLUS_CONFIG", "group_name": "186_IP_group", "group_id": 171, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_type":"ip", @@ -2038,7 +2038,7 @@ "attribute": "HTTP_URL_FILTER", "group_name": "187_url_group", "group_id": 172, - "not_flag": 1, + "negate_option": 1, "regions": [ { "table_name": "HTTP_URL", @@ -2054,7 +2054,7 @@ "attribute": "IP_PLUS_CONFIG", "group_name": "187_IP_group", "group_id": 173, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_type":"ip", @@ -2080,7 +2080,7 @@ "attribute": "HTTP_URL_FILTER", "group_name": "188_url_group", "group_id": 174, - "not_flag": 1, + "negate_option": 1, "regions": [ { "table_name": "HTTP_URL", @@ -2096,7 +2096,7 @@ "attribute": "IP_PLUS_CONFIG", "group_name": "188_IP_group", "group_id": 175, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_type":"ip", @@ -2841,7 +2841,7 @@ "attribute": "IP_PLUS_CONFIG", "group_name": "208_IP_group", "group_id": 213, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_type":"ip", @@ -2918,7 +2918,7 @@ "attribute": "IP_PERF_CONFIG", "group_name": "211_IP_group", "group_id": 216, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_type":"ip", @@ -3046,14 +3046,14 @@ { "attribute": "HTTP_URL_FILTER", "group_name": "ExcludeLogicGroup200", - "not_flag": 0, + "negate_option": 0, "condition_index": 0 }, { "attribute": "HTTP_RESPONSE_KEYWORDS", "group_name": "NOTConditionAndExcludeGroup216", "group_id": 221, - "not_flag": 1, + "negate_option": 1, "condition_index": 1, "regions": [ { @@ -3081,7 +3081,7 @@ "attribute": "HTTP_URL_FILTER", "group_name": "NOTConditionAndExcludeGroup217_1", "group_id": 222, - "not_flag": 1, + "negate_option": 1, "condition_index": 0, "sub_groups": [ { @@ -3120,7 +3120,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS", "group_name": "NOTConditionAndExcludeGroup217_2", "group_id": 225, - "not_flag": 0, + "negate_option": 0, "condition_index": 1, "regions": [ { @@ -3173,7 +3173,7 @@ "attribute": "HTTP_DUMMY", "group_name": "NOTConditionAndExcludeGroup219_1", "group_id": 227, - "not_flag": 0, + "negate_option": 0, "condition_index": 0, "regions": [ { @@ -3190,7 +3190,7 @@ "attribute": "HTTP_DUMMY", "group_name": "NOTConditionAndExcludeGroup219_2", "group_id": 228, - "not_flag": 1, + "negate_option": 1, "condition_index": 1, "regions": [ { @@ -3207,7 +3207,7 @@ "attribute": "HTTP_DUMMY", "group_name": "NOTConditionAndExcludeGroup219_3", "group_id": 229, - "not_flag": 1, + "negate_option": 1, "condition_index": 2, "regions": [ { @@ -3224,7 +3224,7 @@ "attribute": "HTTP_DUMMY", "group_name": "NOTConditionAndExcludeGroup219_4", "group_id": 230, - "not_flag": 1, + "negate_option": 1, "condition_index": 3, "regions": [ { @@ -3241,7 +3241,7 @@ "attribute": "HTTP_DUMMY", "group_name": "NOTConditionAndExcludeGroup219_5", "group_id": 231, - "not_flag": 1, + "negate_option": 1, "condition_index": 4, "regions": [ { @@ -3258,7 +3258,7 @@ "attribute": "HTTP_DUMMY", "group_name": "NOTConditionAndExcludeGroup219_6", "group_id": 232, - "not_flag": 1, + "negate_option": 1, "condition_index": 5, "regions": [ { @@ -3275,7 +3275,7 @@ "attribute": "HTTP_DUMMY", "group_name": "NOTConditionAndExcludeGroup219_7", "group_id": 233, - "not_flag": 1, + "negate_option": 1, "condition_index": 6, "regions": [ { @@ -3292,7 +3292,7 @@ "attribute": "HTTP_DUMMY", "group_name": "NOTConditionAndExcludeGroup219_8", "group_id": 234, - "not_flag": 1, + "negate_option": 1, "condition_index": 7, "regions": [ { @@ -3320,7 +3320,7 @@ "attribute": "HTTP_DUMMY", "group_name": "NOTConditionAndExcludeGroup220_1", "group_id": 235, - "not_flag": 0, + "negate_option": 0, "condition_index": 0, "regions": [ { @@ -3337,7 +3337,7 @@ "attribute": "HTTP_DUMMY", "group_name": "NOTConditionAndExcludeGroup220_2", "group_id": 236, - "not_flag": 1, + "negate_option": 1, "condition_index": 1, "regions": [ { @@ -3354,7 +3354,7 @@ "attribute": "HTTP_DUMMY", "group_name": "NOTConditionAndExcludeGroup220_3", "group_id": 237, - "not_flag": 1, + "negate_option": 1, "condition_index": 2, "regions": [ { @@ -3382,7 +3382,7 @@ "attribute": "HTTP_REQUEST_HEADER", "group_name": "NOTLogicGroup_221_1", "group_id": 238, - "not_flag": 1, + "negate_option": 1, "regions": [ { "table_name": "HTTP_SIGNATURE", @@ -3399,7 +3399,7 @@ "attribute": "HTTP_URL", "group_name": "NOTLogicGroup_221_2", "group_id": 239, - "not_flag": 0, + "negate_option": 0, "regions": [ { "table_name": "HTTP_URL", @@ -3426,7 +3426,7 @@ "attribute": "HTTP_NOT_LOGIC_1", "group_name": "NOTLogicGroup_222", "group_id": 240, - "not_flag": 1, + "negate_option": 1, "condition_index": 0, "regions": [ { @@ -3454,7 +3454,7 @@ "attribute": "HTTP_NOT_LOGIC", "group_name": "NOTLogicGroup_223_1", "group_id": 241, - "not_flag": 1, + "negate_option": 1, "condition_index": 0, "regions": [ { @@ -3471,7 +3471,7 @@ "attribute": "HTTP_NOT_LOGIC", "group_name": "NOTLogicGroup_223_2", "group_id": 242, - "not_flag": 1, + "negate_option": 1, "condition_index": 1, "regions": [ { @@ -3488,7 +3488,7 @@ "attribute": "HTTP_NOT_LOGIC", "group_name": "NOTLogicGroup_223_1", "group_id": 243, - "not_flag": 1, + "negate_option": 1, "condition_index": 2, "regions": [ { @@ -3516,7 +3516,7 @@ "attribute": "KEYWORDS_TABLE", "group_name": "NOTLogicGroup_224_1", "group_id": 244, - "not_flag": 1, + "negate_option": 1, "condition_index": 0, "regions": [ { @@ -3533,7 +3533,7 @@ "attribute": "HTTP_RESPONSE_KEYWORDS", "group_name": "NOTLogicGroup_224_2", "group_id": 245, - "not_flag": 0, + "negate_option": 0, "condition_index": 1, "regions": [ { @@ -3561,7 +3561,7 @@ "attribute": "KEYWORDS_TABLE", "group_name": "EscapeGroup_225_1", "group_id": 246, - "not_flag": 0, + "negate_option": 0, "condition_index": 0, "regions": [ { @@ -3623,7 +3623,7 @@ "attribute": "HTTP_URL", "group_name": "228_url_group", "group_id": 249, - "not_flag": 0, + "negate_option": 0, "condition_index": 1, "regions": [ { @@ -3640,7 +3640,7 @@ "attribute": "ATTRIBUTE_IP_CONFIG", "group_name": "228_IP_group", "group_id": 250, - "not_flag": 1, + "negate_option": 1, "condition_index": 2, "regions": [ { @@ -3787,7 +3787,7 @@ "attribute": "KEYWORDS_TABLE", "group_name": "EscapeGroup_234_1", "group_id": 260, - "not_flag": 0, + "negate_option": 0, "condition_index": 0, "regions": [ { @@ -3815,7 +3815,7 @@ "attribute": "KEYWORDS_TABLE", "group_name": "EscapeGroup_235_1", "group_id": 261, - "not_flag": 0, + "negate_option": 0, "condition_index": 0, "regions": [ { diff --git a/test/table_info.conf b/test/table_info.conf index e5deca3..28cee86 100644 --- a/test/table_info.conf +++ b/test/table_info.conf @@ -47,7 +47,7 @@ "custom": { "group_id":1, "rule_id":2, - "not_flag":3, + "negate_option":3, "attribute_name":4, "condition_index":5 } @@ -84,7 +84,7 @@ "custom": { "group_id":1, "rule_id":2, - "not_flag":3, + "negate_option":3, "attribute_name":4, "condition_index":5 } diff --git a/test/test_utils.cpp b/test/test_utils.cpp index 0fe704e..d44bd12 100644 --- a/test/test_utils.cpp +++ b/test/test_utils.cpp @@ -170,13 +170,13 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name, int group2rule_table_set_line(struct maat *maat_inst, const char *table_name, enum maat_operation op, long long group_id, - long long rule_id, int not_flag, + long long rule_id, int negate_option, const char *attribute_name, int condition_index, int expire_after) { char table_line[128] = {0}; sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d\t%d", - group_id, rule_id, not_flag, attribute_name, condition_index, op); + group_id, rule_id, negate_option, attribute_name, condition_index, op); struct maat_cmd_line line_rule; line_rule.rule_id = TO_GROUP2X_KEY(group_id, rule_id, condition_index); diff --git a/test/test_utils.h b/test/test_utils.h index 6c44207..cbe674f 100644 --- a/test/test_utils.h +++ b/test/test_utils.h @@ -20,7 +20,7 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name, int group2rule_table_set_line(struct maat *maat_inst, const char *table_name, enum maat_operation op, long long group_id, - long long rule_id, int not_flag, + long long rule_id, int negate_option, const char *attribute_name, int condition_index, int expire_after);