[patch]maat not handle regex string

src/inc_internal/maat_utils.h

@@ -94,8 +94,6 @@ int load_file_to_memory(const char *file_name, unsigned char **pp_out, size_t *o
 
 char *strtok_r_esc(char *s, const char delim, char **save_ptr);
 
-char *str_unescape_and(char *s);
-
 char *str_unescape(char *s);
 
 char *md5_file(const char *filename, char *md5string);

src/maat_expr.c

@@ -624,7 +624,6 @@ int expr_item_to_expr_rule(struct expr_item *expr_item, struct expr_rule *expr_r
 
     switch (expr_item->expr_type) {
         case EXPR_TYPE_AND:
-        case EXPR_TYPE_REGEX:
             for (i = 0, pos = expr_item->keywords; ; i++, pos = NULL) {
                 tmp = strtok_r_esc(pos, '&', &saveptr);
                 if (NULL == tmp) {
@@ -639,11 +638,7 @@ int expr_item_to_expr_rule(struct expr_item *expr_item, struct expr_rule *expr_r
                 }
 
                 sub_key_array[i] = tmp;
-                if (expr_item->expr_type == EXPR_TYPE_REGEX) {
-                    sub_key_array[i] = str_unescape_and(sub_key_array[i]);
-                } else {
-                    sub_key_array[i] = str_unescape(sub_key_array[i]);
-                }
+                sub_key_array[i] = str_unescape(sub_key_array[i]); 
             }
             sub_expr_cnt = i;
             break;
@@ -689,6 +684,10 @@ int expr_item_to_expr_rule(struct expr_item *expr_item, struct expr_rule *expr_r
             sub_key_array[0] = expr_item->keywords;
             sub_key_array[0] = str_unescape(sub_key_array[0]);
             break;
+        case EXPR_TYPE_REGEX:
+            sub_expr_cnt = 1;
+            sub_key_array[0] = expr_item->keywords;
+            break;
         default:
             log_error(logger, MODULE_EXPR, 
                       "[%s:%d]abandon config expr_item(item_id:%lld) has invalid expr type=%d",

src/maat_utils.c

@@ -168,25 +168,6 @@ char *strtok_r_esc(char *s, const char delim, char **save_ptr)
 	*save_ptr = token;
 
     return s;  
-} 
-
-char *str_unescape_and(char *s)
-{
-	size_t i = 0;
-    size_t j = 0;
-
-	for (i = 0,j = 0; i < strlen(s); i++) {
-		if (s[i] == '\\' && s[i+1] == '&') {
-			s[j] = '&';
-			i++;
-			j++;
-		} else {
-			s[j] = s[i];
-			j++;
-		}
-	}
-	s[j] = '\0';
-	return s;
 }
 
 char *str_unescape(char *s)

test/regex_expr.conf

@@ -92,6 +92,20 @@
                     "pattern": "123^abc"
                 }
             ]
+        },
+        {
+
+            "rule_id": 306,
+            "pattern_num": 1,
+            "patterns": [
+                {
+                    "pattern_type": "regex",
+                    "match_method": "sub",
+                    "case_sensitive": "no",
+                    "is_hexbin": "no",
+                    "pattern": "^[1-9]\d{5}(18|19|([23]\d))\d{2}((0[1-9])|(10|11|12))(([0-2][1-9])|10|20|30|31)\d{3}[0-9Xx]$"
+                }
+            ]
         }
     ]
 }