gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix memory leak

Browse Source
This commit is contained in:
root
2024-10-14 02:25:36 +00:00
parent 586f1c11b2
commit 78f733417c
15 changed files with 262 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/maat_bool_plugin.c
View File

@@ -268,18 +268,22 @@ bool_plugin_accept_tag_match(struct bool_plugin_schema *schema,
FREE(tag_str);
if (TAG_MATCH_ERR == ret) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_BOOL_PLUGIN,
"[%s:%d] bool_plugin table:<%s> has invalid tag"
" in line:%s", __FUNCTION__, __LINE__, table_name,
cJSON_Print(json));
json_str);
FREE(json_str);
return TAG_MATCH_ERR;
}
if (TAG_MATCH_UNMATCHED == ret) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_BOOL_PLUGIN,
"[%s:%d] bool_plugin table:<%s> has unmatched tag"
" in line:%s", __FUNCTION__, __LINE__, table_name,
cJSON_Print(json));
json_str);
FREE(json_str);
return TAG_MATCH_UNMATCHED;
}
}
@@ -305,20 +309,24 @@ bool_plugin_expr_new(struct bool_plugin_schema *schema, const char *table_name,
tmp_obj = cJSON_GetObjectItem(json, schema->key_name);
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_BOOL_PLUGIN,
"[%s:%d] bool_plugin table:<%s> has "
"no key_name %s or invalid format in line:%s", __FUNCTION__,
__LINE__, table_name, schema->key_name, cJSON_Print(json));
__LINE__, table_name, schema->key_name, json_str);
FREE(json_str);
goto error;
}
uuid_parse(tmp_obj->valuestring, bool_expr->expr_uuid);
tmp_obj = cJSON_GetObjectItem(json, "bool_expr");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_BOOL_PLUGIN,
"[%s:%d] bool_plugin table:<%s> has "
"no bool_expr or invalid format in line:%s", __FUNCTION__,
__LINE__, table_name, cJSON_Print(json));
__LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
@@ -333,10 +341,12 @@ bool_plugin_expr_new(struct bool_plugin_schema *schema, const char *table_name,
ret = sscanf(sub_token, "%llu", items + n_item);
n_item++;
if (ret != 1 || n_item > MAX_ITEMS_PER_BOOL_EXPR) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_BOOL_PLUGIN,
"[%s:%d] bool_plugin table:<%s> has "
"invalid format of bool_expr in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
}

26
src/maat_config_monitor.c
View File

@@ -186,35 +186,35 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root,
}
}
static void object_info_add(struct object_info *object_name_map, const char *object_name, const char *object_uuid)
static void object_info_add(struct object_info **object_name_map, const char *object_name, const char *object_uuid)
{
struct object_info *object_info = NULL;
HASH_FIND_STR(object_name_map, object_name, object_info);
HASH_FIND_STR(*object_name_map, object_name, object_info);
if (object_info == NULL) {
object_info = ALLOC(struct object_info, 1);
strncpy(object_info->object_name, object_name, sizeof(object_info->object_name));
strncpy(object_info->object_uuid, object_uuid, sizeof(object_info->object_uuid));
HASH_ADD_STR(object_name_map, object_name, object_info);
HASH_ADD_STR(*object_name_map, object_name, object_info);
}
}
static struct object_info *object_info_find(struct object_info *object_name_map, const char *object_name)
static struct object_info *object_info_find(struct object_info **object_name_map, const char *object_name)
{
struct object_info *object_info = NULL;
HASH_FIND_STR(object_name_map, object_name, object_info);
HASH_FIND_STR(*object_name_map, object_name, object_info);
return object_info;
}
static void object_info_free(struct object_info *object_name_map)
static void object_info_free(struct object_info **object_name_map)
{
struct object_info *object_info, *tmp;
HASH_ITER(hh, object_name_map, object_info, tmp) {
HASH_DEL(object_name_map, object_info);
HASH_ITER(hh, *object_name_map, object_info, tmp) {
HASH_DEL(*object_name_map, object_info);
FREE(object_info);
}
}
static void convert_condition(struct object_info *object_name_map, cJSON *condition, cJSON *top_items, int *object_gen_id, int *item_gen_id)
static void convert_condition(struct object_info **object_name_map, cJSON *condition, cJSON *top_items, int *object_gen_id, int *item_gen_id)
{
cJSON *object_uuid_array = cJSON_CreateArray();
cJSON *object_name = cJSON_GetObjectItem(condition, "object_name");
@@ -386,11 +386,11 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
if (or_conditions) {
cJSON *tmp_or_condition = NULL;
cJSON_ArrayForEach(tmp_or_condition, or_conditions) {
convert_condition(object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id);
convert_condition(&object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id);
}
} else {
cJSON *tmp_or_condition = cJSON_Duplicate(tmp_and_condition, 1);
convert_condition(object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id);
convert_condition(&object_name_map, tmp_or_condition, top_items, &object_gen_id, &item_gen_id);
or_conditions = cJSON_CreateArray();
cJSON_AddItemToArray(or_conditions, tmp_or_condition);
@@ -400,7 +400,7 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
}
object_info_free(object_name_map);
object_info_free(&object_name_map);
}
int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename,
@@ -464,5 +464,7 @@ int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename,
convert_maat_json_rule(json_root, json_buff);
FREE(json_buff);
return 0;
}

26
src/maat_ex_data.c
View File

@@ -44,7 +44,17 @@ void cache_row_free(void *p)
free(*(char **)p);
}
UT_icd ut_cache_row_icd = {sizeof(char*), NULL, NULL, cache_row_free};
void cache_row_copy(void *dst, const void *src)
{
struct ex_data_row *ex_data_row_src = (struct ex_data_row *)src;
struct ex_data_row *ex_data_row_dst = (struct ex_data_row *)dst;
ex_data_row_dst->row = ALLOC(char, strlen(ex_data_row_src->row) + 1);
strcpy(ex_data_row_dst->row, ex_data_row_src->row);
ex_data_row_dst->op = ex_data_row_src->op;
}
UT_icd ut_cache_row_icd = {sizeof(struct ex_data_row), NULL, cache_row_copy, cache_row_free};
struct ex_data_runtime *
ex_data_runtime_new(int table_id, int gc_timeout_s, struct log_handle *logger)
@@ -100,14 +110,16 @@ void ex_data_runtime_cache_row_put(struct ex_data_runtime *ex_data_rt, const cha
}
size_t row_len = strlen(row);
struct ex_data_row *ex_data_row = ALLOC(struct ex_data_row, 1);
ex_data_row->row = ALLOC(char, row_len + 1);
struct ex_data_row ex_data_row;
ex_data_row.row = ALLOC(char, row_len + 1);
ex_data_row->op = op;
memcpy(ex_data_row->row, row, row_len);
ex_data_row.op = op;
memcpy(ex_data_row.row, row, row_len);
ex_data_rt->cache_size += row_len;
utarray_push_back(ex_data_rt->cache_rows, &ex_data_row);
ex_data_rt->cache_row_num++;
FREE(ex_data_row.row);
}
const struct ex_data_row *ex_data_runtime_cached_row_get(struct ex_data_runtime *ex_data_rt, size_t index)
@@ -116,9 +128,7 @@ const struct ex_data_row *ex_data_runtime_cached_row_get(struct ex_data_runtime
return NULL;
}
const char **row = NULL;
row = (const char **)utarray_eltptr(ex_data_rt->cache_rows, index);
return (struct ex_data_row *)*row;
return (struct ex_data_row *)utarray_eltptr(ex_data_rt->cache_rows, index);
}
size_t ex_data_runtime_cached_row_count(struct ex_data_runtime *ex_data_rt)

24
src/maat_expr.c
View File

@@ -104,35 +104,43 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
tmp_obj = cJSON_GetObjectItem(json, "object_uuid");
if (tmp_obj == NULL && tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no object_id in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
uuid_parse(tmp_obj->valuestring, expr_item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "expression");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no expression in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
len = strlen(tmp_obj->valuestring);
if (len > MAX_KEYWORDS_STR_LEN) {
char *json_str = cJSON_Print(json);
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> expression length too long in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
memcpy(expr_item->keywords, tmp_obj->valuestring, len);
tmp_obj = cJSON_GetObjectItem(json, "expr_type");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no expr_type in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
@@ -145,9 +153,11 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
}
if (expr_item->expr_type == EXPR_TYPE_INVALID) {
char *json_str = cJSON_Print(json);
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has invalid expr_type in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
} else if (expr_item->expr_type == EXPR_TYPE_REGEX) {
ret = expr_matcher_verify_regex_expression(expr_item->keywords, expr_rt->logger);
@@ -603,10 +613,12 @@ int expr_runtime_update(void *expr_runtime, void *expr_schema,
uuid_t item_uuid;
uuid_parse(tmp_obj->valuestring, item_uuid);
if (uuid_is_null(item_uuid)) {
char *json_str = cJSON_Print(json);
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> item_id wrong"
" in table_line:%s", __FUNCTION__, __LINE__, table_name,
cJSON_Print(json));
json_str);
FREE(json_str);
expr_rt->update_err_cnt++;
goto ERROR;
}

11
src/maat_flag.c
View File

@@ -202,18 +202,21 @@ flag_item_new(struct flag_schema *schema, const char *table_name,
tmp_obj = cJSON_GetObjectItem(json, "object_uuid");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag table:<%s> has no object_id in json:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
goto error;
}
uuid_parse(tmp_obj->valuestring, item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "flag");
if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) {
char *json_str = cJSON_Print(json);
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag table:<%s> has no flag in json:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
@@ -221,9 +224,11 @@ flag_item_new(struct flag_schema *schema, const char *table_name,
tmp_obj = cJSON_GetObjectItem(json, "mask");
if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) {
char *json_str = cJSON_Print(json);
log_fatal(flag_rt->logger, MODULE_FLAG,
"[%s:%d] flag table:<%s> has no mask in json:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}

16
src/maat_fqdn_plugin.c
View File

@@ -220,18 +220,22 @@ fqdn_plugin_accept_tag_match(struct fqdn_plugin_schema *schema,
FREE(tag_str);
if (TAG_MATCH_ERR == ret) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_FQDN_PLUGIN,
"[%s:%d] fqdn_plugin table:<%s> has invalid tag"
" format in line:%s", __FUNCTION__, __LINE__,
table_name, cJSON_Print(json));
table_name, json_str);
FREE(json_str);
return TAG_MATCH_ERR;
}
if (TAG_MATCH_UNMATCHED == ret) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_FQDN_PLUGIN,
"[%s:%d] fqdn_plugin table:<%s> has unmatched tag"
" in line:%s", __FUNCTION__, __LINE__, table_name,
cJSON_Print(json));
json_str);
FREE(json_str);
return TAG_MATCH_UNMATCHED;
}
}
@@ -255,18 +259,22 @@ fqdn_plugin_rule_new(const cJSON *json, struct fqdn_plugin_schema *schema,
tmp_obj = cJSON_GetObjectItem(json, schema->key_name);
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_FQDN_PLUGIN,
"[%s:%d] fqdn_plugin table:<%s> has no key_name or invalid format in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
uuid_parse(tmp_obj->valuestring, fqdn_plugin_rule->uuid);
tmp_obj = cJSON_GetObjectItem(json, "fqdn");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_FQDN_PLUGIN,
"[%s:%d] fqdn_plugin table:<%s> has no fqdn in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}

8
src/maat_interval.c
View File

@@ -173,18 +173,22 @@ interval_item_new(struct interval_schema *schema, const char *table_name,
tmp_obj = cJSON_GetObjectItem(json, "object_uuid");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(interval_rt->logger, MODULE_INTERVAL,
"[%s:%d] interval table:<%s> has no object_id in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
uuid_parse(tmp_obj->valuestring, item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "interval");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(interval_rt->logger, MODULE_INTERVAL,
"[%s:%d] interval table:<%s> has no interval in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
memcpy(port_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring));

20
src/maat_ip.c
View File

@@ -109,18 +109,22 @@ ip_item_new(struct ip_schema *ip_schema, const char *table_name,
tmp_obj = cJSON_GetObjectItem(json, "object_uuid");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IP,
"[%s:%d] ip table:<%s> has no object_id in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
uuid_parse(tmp_obj->valuestring, ip_item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "ip");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IP,
"[%s:%d] ip table:<%s> has no ip in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
memcpy(ip_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring));
@@ -134,18 +138,22 @@ ip_item_new(struct ip_schema *ip_schema, const char *table_name,
if (IPv4 == ip_item->addr_type) {
ret = ip_format2range(ip_str, ip_item->addr_type, &ip_item->ipv4.min_ip, &ip_item->ipv4.max_ip);
if (ret < 0) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IP,
"[%s:%d] ip table:<%s> ip_format2range(ip4) failed in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
} else {
//ipv6
ret = ip_format2range(ip_str, ip_item->addr_type, ip_item->ipv6.min_ip, ip_item->ipv6.max_ip);
if (ret < 0) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IP,
"[%s:%d] ip table:<%s> ip_format2range(ip6) failed in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
}
@@ -319,9 +327,11 @@ int ip_runtime_update(void *ip_runtime, void *ip_schema,
tmp_obj = cJSON_GetObjectItem(json, "uuid");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(ip_rt->logger, MODULE_IP,
"[%s:%d] ip table:<%s> has no item_id in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
ip_rt->update_err_cnt++;
goto ERROR;
}

24
src/maat_ip_plugin.c
View File

@@ -118,16 +118,20 @@ ip_plugin_accept_tag_match(struct ip_plugin_schema *schema,
FREE(tag_str);
if (TAG_MATCH_ERR == ret) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IP_PLUGIN,
"[%s:%d] ip_plugin table:<%s> has invalid tag format"
" in line:%s", __FUNCTION__, __LINE__, table_name, cJSON_Print(json));
" in line:%s", __FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
return TAG_MATCH_ERR;
}
if (TAG_MATCH_UNMATCHED == ret) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IP_PLUGIN,
"[%s:%d] ip_plugin table:<%s> has unmatched tag in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
return TAG_MATCH_UNMATCHED;
}
}
@@ -151,18 +155,22 @@ ip_plugin_rule_new(struct ip_plugin_schema *schema, const char *table_name,
tmp_obj = cJSON_GetObjectItem(json, schema->key_name);
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IP_PLUGIN,
"[%s:%d] ip_plugin table:<%s> has no key %s or invalid format in line:%s",
__FUNCTION__, __LINE__, table_name, schema->key_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, schema->key_name, json_str);
FREE(json_str);
goto error;
}
uuid_parse(tmp_obj->valuestring, ip_plugin_rule->rule_uuid);
tmp_obj = cJSON_GetObjectItem(json, "ip");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IP_PLUGIN,
"[%s:%d] ip_plugin table:<%s> has no ip field or invalid format in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
strncpy(ip_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring));
@@ -176,20 +184,24 @@ ip_plugin_rule_new(struct ip_plugin_schema *schema, const char *table_name,
if (IPv4 == ip_plugin_rule->type) {
ret = ip_format2range(ip_str, ip_plugin_rule->type, &ip_plugin_rule->ipv4_rule.start_ip, &ip_plugin_rule->ipv4_rule.end_ip);
if (ret < 0) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IP_PLUGIN,
"[%s:%d] ip_plugin table:<%s>> ip_format2range(ip4)"
" failed in line:%s", __FUNCTION__, __LINE__,
table_name, cJSON_Print(json));
table_name, json_str);
FREE(json_str);
goto error;
}
} else {
//ipv6
ret = ip_format2range(ip_str, ip_plugin_rule->type, ip_plugin_rule->ipv6_rule.start_ip, ip_plugin_rule->ipv6_rule.end_ip);
if (ret < 0) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IP_PLUGIN,
"[%s:%d] ip_plugin table:<%s> ip_format2range(ip6)"
" failed in line:%s", __FUNCTION__, __LINE__,
table_name, cJSON_Print(json));
table_name, json_str);
FREE(json_str);
goto error;
}
}

20
src/maat_ipport_plugin.c
View File

@@ -233,18 +233,22 @@ ipport_item_new(struct ipport_plugin_schema *schema, const char *table_name,
tmp_obj = cJSON_GetObjectItem(json, schema->key_name);
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IPPORT_PLUGIN,
"[%s:%d] ipport table:<%s> has no key or invalid format, line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
uuid_parse(tmp_obj->valuestring, ipport_item->item_uuid);
tmp_obj = cJSON_GetObjectItem(json, "ip");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IPPORT_PLUGIN,
"[%s:%d] ipport table:<%s> has no ip or invalid format in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
strncpy(ip_str, tmp_obj->valuestring, strlen(tmp_obj->valuestring));
@@ -258,27 +262,33 @@ ipport_item_new(struct ipport_plugin_schema *schema, const char *table_name,
if (IPV4 == ipport_item->ip_type) {
ret = ip_format2range(ip_str, ipport_item->ip_type, &ipport_item->ipv4.min_ip, &ipport_item->ipv4.max_ip);
if (ret < 0) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IPPORT_PLUGIN,
"[%s:%d] ipport table:<%s> ip_format2range(ip4) failed in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
} else {
//ipv6
ret = ip_format2range(ip_str, ipport_item->ip_type, ipport_item->ipv6.min_ip, ipport_item->ipv6.max_ip);
if (ret < 0) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IPPORT_PLUGIN,
"[%s:%d] ipport table:<%s> ip_format2range(ip6) failed in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}
}
tmp_obj = cJSON_GetObjectItem(json, "port");
if (NULL == tmp_obj || tmp_obj->type != cJSON_String) {
char *json_str = cJSON_Print(json);
log_fatal(logger, MODULE_IPPORT_PLUGIN,
"[%s:%d] ipport table:<%s> has no port or invalid format in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, json_str);
FREE(json_str);
goto error;
}

31
src/maat_plugin.c
View File

@@ -378,7 +378,7 @@ static int plugin_accept_tag_match(struct plugin_schema *schema,
{
size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr);
cJSON *tmp_obj = NULL;
int ret = 0;
int ret = TAG_MATCH_MATCHED;
cJSON *json = cJSON_Parse(line);
tmp_obj = cJSON_GetObjectItem(json, "effective_range");
@@ -390,21 +390,24 @@ static int plugin_accept_tag_match(struct plugin_schema *schema,
if (TAG_MATCH_ERR == ret) {
log_fatal(logger, MODULE_PLUGIN,
"[%s:%d] table: <%s> has invalid tag format in table_line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
return TAG_MATCH_ERR;
__FUNCTION__, __LINE__, table_name, line);
goto END;
}
if (TAG_MATCH_UNMATCHED == ret) {
log_fatal(logger, MODULE_PLUGIN,
"[%s:%d] table: <%s> has unmatched tag in table_line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
return TAG_MATCH_UNMATCHED;
__FUNCTION__, __LINE__, table_name, line);
goto END;
}
}
cJSON_Delete(json);
END:
if (json) {
cJSON_Delete(json);
}
return TAG_MATCH_MATCHED;
return ret;
}
static int plugin_table_line_get_ip_key(struct plugin_schema *schema,
@@ -419,7 +422,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema,
log_fatal(logger, MODULE_PLUGIN,
"[%s:%d] plugin table:<%s> ip_key too long exceed maximum:%d in "
"table_line:%s", __FUNCTION__, __LINE__, table_name,
INET6_ADDRSTRLEN, cJSON_Print(json));
INET6_ADDRSTRLEN, line);
goto ERROR;
}
@@ -430,7 +433,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema,
if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) {
log_fatal(logger, MODULE_PLUGIN,
"[%s:%d] plugin table:<%s> has no addr_type or not number format in table_line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, line);
goto ERROR;
}
@@ -446,7 +449,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema,
log_fatal(logger, MODULE_PLUGIN,
"[%s:%d] plugin table:<%s> ipv4 key"
" illegal in table_line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, line);
goto ERROR;
}
@@ -459,7 +462,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema,
log_fatal(logger, MODULE_PLUGIN,
"[%s:%d] plugin table:<%s> ipv6 key"
" illegal in table_line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, line);
goto ERROR;
}
@@ -469,11 +472,15 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema,
log_fatal(logger, MODULE_PLUGIN,
"[%s:%d] plugin table:<%s> addr_type:%d illegal, just"
" allow{4, 6}, table_line:%s",
__FUNCTION__, __LINE__, table_name, addr_type, cJSON_Print(json));
__FUNCTION__, __LINE__, table_name, addr_type, line);
goto ERROR;
}
if (json) {
cJSON_Delete(json);
}
return 0;
ERROR:
if (json) {
cJSON_Delete(json);

60
src/maat_rule.c
View File

@@ -345,6 +345,10 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
rule_item->condition_num = rule->condition_num;
rule->user_data = rule_item;
if (table_json) {
cJSON_Delete(table_json);
}
return rule;
error:
@@ -352,6 +356,10 @@ error:
maat_rule_free(rule);
}
if (table_json) {
cJSON_Delete(table_json);
}
return NULL;
}
@@ -361,33 +369,38 @@ static int rule_accept_tag_match(struct rule_schema *schema, const char *line,
size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr);
cJSON *tmp_obj = NULL;
cJSON *table_json = cJSON_Parse(line);
int ret = TAG_MATCH_MATCHED;
tmp_obj = cJSON_GetObjectItem(table_json, "effective_range");
if ((tmp_obj && cJSON_GetArraySize(tmp_obj) > 0) && n_tag > 0) {
char *tag_str = cJSON_Print(tmp_obj);
int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
FREE(tag_str);
if (TAG_MATCH_ERR == ret) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has invalid tag format in line:%s",
__FUNCTION__, __LINE__, table_name, line);
return TAG_MATCH_ERR;
goto END;
}
if (TAG_MATCH_UNMATCHED == ret) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has unmatched tag in line:%s",
__FUNCTION__, __LINE__, table_name, line);
return TAG_MATCH_UNMATCHED;
goto END;
}
}
return TAG_MATCH_MATCHED;
END:
if (table_json) {
cJSON_Delete(table_json);
}
return ret;
}
static struct rule_item *
rule_item_new(const char *table_line, struct rule_schema *schema,
static struct rule_item *rule_item_new(const char *table_line, struct rule_schema *schema,
const char *table_name, struct log_handle *logger)
{
int ret = rule_accept_tag_match(schema, table_line, table_name, logger);
@@ -403,7 +416,7 @@ rule_item_new(const char *table_line, struct rule_schema *schema,
if (tmp_obj == NULL && tmp_obj->type != cJSON_String) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has no rule_id or not string format in line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(table_json));
__FUNCTION__, __LINE__, table_name, table_line);
goto error;
}
uuid_parse(tmp_obj->valuestring, rule_item->rule_uuid);
@@ -530,6 +543,25 @@ void rule_runtime_free(void *rule_runtime)
rule_rt->not_condition_id_kv_hash = NULL;
}
if (rule_rt->tbl_not_condition_hash != NULL) {
struct table_condition *not_condition = NULL, *tmp_not_condition = NULL;
HASH_ITER(hh, rule_rt->tbl_not_condition_hash, not_condition, tmp_not_condition) {
HASH_DEL(rule_rt->tbl_not_condition_hash, not_condition);
if (not_condition->condition_ids != NULL) {
utarray_free(not_condition->condition_ids);
not_condition->condition_ids = NULL;
}
if (not_condition->object_ids != NULL) {
utarray_free(not_condition->object_ids);
not_condition->object_ids = NULL;
}
FREE(not_condition);
}
assert(rule_rt->tbl_not_condition_hash == NULL);
}
if (rule_rt->expr_match_buff != NULL) {
FREE(rule_rt->expr_match_buff);
}
@@ -1424,7 +1456,7 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
struct rule_item *rule_item = rule_item_new(line, schema, table_name,
rule_rt->logger);
if (NULL == rule_item) {
return -1;
goto ERROR;
}
int table_id = table_manager_get_table_id(schema->ref_tbl_mgr, table_name);
@@ -1432,7 +1464,7 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
log_fatal(logger, MODULE_RULE,
"[%s:%d]table_name:%s has invalid table_id:%d, drop line:%s",
__FUNCTION__, __LINE__, table_name, table_id, line);
return -1;
goto ERROR;
}
int updating_flag = rcu_hash_is_updating(rule_rt->cfg_hash);
@@ -1449,6 +1481,7 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
log_fatal(logger, MODULE_RULE,
"[%s:%d]rule_id:%s already existed in rule table, drop line:%s",
__FUNCTION__, __LINE__, rule_uuid_str, line);
goto ERROR;
}
rule = maat_rule_new(rule_rt, schema, table_name, *rule_uuid, line, rule_item);
@@ -1456,12 +1489,19 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
log_fatal(logger, MODULE_RULE,
"[%s:%d]maat_rule_new failed, drop line:%s",
__FUNCTION__, __LINE__, line);
return -1;
goto ERROR;
}
rcu_hash_add(rule_rt->cfg_hash, (char *)rule_uuid, sizeof(uuid_t), rule);
return 0;
ERROR:
if (rule_item != NULL) {
rule_item_free(rule_item);
}
return -1;
}
static void rule_runtime_del_rule(struct rule_runtime *rule_rt,

8
test/maat_framework_gtest.cpp
View File

@@ -5104,10 +5104,10 @@ void ipport_plugin_ex_free_cb(const char *table_name, void **ad, long argl, void
if (ud->buffer) {
memset(ud->buffer, 0, ud->buf_len);
ud->buf_len = 0;
free(ud->buffer);
FREE(ud->buffer);
}
free(ud);
FREE(ud);
*ad = NULL;
}
@@ -5656,6 +5656,8 @@ void rule_ex_param_new(const char *table_name, const char *key,
(*counter)++;
*ad = param;
cJSON_Delete(json);
}
void rule_ex_param_free(const char *table_name, void **ad, long argl, void *argp)
@@ -5828,6 +5830,8 @@ void accept_tags_entry_cb(const char *table_name, const char *table_line, enum m
EXPECT_STREQ(tmp_obj->valuestring, "SUCCESS");
(*callback_times)++;
cJSON_Delete(json);
}
TEST_F(Policy, PluginRuleTags1) {

57
test/maat_json.json
View File

@@ -304,30 +304,6 @@
}
]
},
{
"object_name": "vt_grp_http_sig2",
"uuid": "00000000-0000-0000-0000-000000000153",
"items": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr",
"table_content": {
"expression": "uid=12345678",
"expr_type": "and"
}
},
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr",
"table_content": {
"expression": "sessionid=888888",
"expr_type": "and"
}
}
]
},
{
"object_name": "167_url_object",
"uuid": "00000000-0000-0000-0000-000000000158",
@@ -1922,16 +1898,37 @@
{
"attribute_name": "HTTP_REQUEST_HEADER",
"negate_option": false,
"object_uuids": [
"00000000-0000-0000-0000-000000000153"
]
"objects": [
{
"object_name": "vt_grp_http_sig2",
"uuid": "00000000-0000-0000-0000-000000000153",
"items": [
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr",
"table_content": {
"expression": "uid=12345678",
"expr_type": "and"
}
},
{
"table_name": "HTTP_SIGNATURE",
"table_type": "expr",
"table_content": {
"expression": "sessionid=888888",
"expr_type": "and"
}
}
]
}
]
},
{
"attribute_name": "HTTP_RESPONSE_HEADER",
"negate_option": false,
"object_uuids": [
"00000000-0000-0000-0000-000000000153"
]
"object_name": "vt_grp_http_sig2"
}
]
},

26
test/test_utils.cpp
View File

@@ -24,6 +24,8 @@ make_serial_rule(const char *table_name, const char *line, void *u_para, enum ma
struct serial_rule *s_rule=(struct serial_rule *)u_para;
redisContext *ctx = s_rule->ref_ctx;
char *buff = ALLOC(char, strlen(line) + 1);
cJSON *rule_uuid = NULL;
int ret = 0;
memcpy(buff, line, strlen(line) + 1);
@@ -34,16 +36,18 @@ make_serial_rule(const char *table_name, const char *line, void *u_para, enum ma
cJSON *json = cJSON_Parse(line);
if (NULL == json) {
return -1;
ret = -1;
goto END;
}
cJSON *rule_uuid = cJSON_GetObjectItem(json, "uuid");
rule_uuid = cJSON_GetObjectItem(json, "uuid");
if (NULL == rule_uuid) {
rule_uuid = cJSON_GetObjectItem(json, "object_uuid");//for object2object table
}
if (NULL == rule_uuid || rule_uuid->type != cJSON_String) {
return -1;
ret = -1;
goto END;
}
maat_set_serial_rule(s_rule + line_idx, op, rule_uuid->valuestring,
@@ -51,9 +55,15 @@ make_serial_rule(const char *table_name, const char *line, void *u_para, enum ma
(s_rule + line_idx)->ref_ctx = ctx;
line_idx++;
FREE(buff);
END:
if (json) {
cJSON_Delete(json);
}
if (buff) {
FREE(buff);
}
return 0;
return ret;
}
int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_port,
@@ -71,6 +81,10 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por
convert_maat_json_rule(&json_root, (unsigned char *)json_buff);
if (json_buff) {
FREE(json_buff);
}
redisContext *c = maat_connect_redis(redis_ip, redis_port, redis_db, logger);
if (NULL == c) {
return -1;
@@ -162,6 +176,8 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
int ret = maat_cmd_set_line(maat_inst, &line_rule, op);
free(json_str);
cJSON_Delete(json_root);
return ret;
}