#7 在Intval/Similar/Digest/IP中增加对NOT-logic命中的处理。

test/maat_json.json

@@ -655,6 +655,36 @@
                     ]
                 }
             ]
+        },
+        {
+            "compile_id": 145,
+            "service": 1,
+            "action": 1,
+            "do_blacklist": 1,
+            "do_log": 1,
+            "user_region": "NOT-logic-test3",
+            "is_valid": "yes",
+            "groups": [
+                {
+                    "not_flag":0,
+                    "regions": [
+                        {
+                            "table_name": "HTTP_URL",
+                            "table_type": "string",
+                            "table_content": {
+                                "keywords": "must-contained-string-of-rule-145",
+                                "expr_type": "none",
+                                "match_method": "sub",
+                                "format": "uncase plain"
+                            }
+                        }
+                    ]
+                },
+                {
+                    "not_flag":1,
+                     "group_name": "IP_group"
+                }
+            ]
         }
     ],
     "plugin_table": [

test/test_maatframe.cpp

@@ -349,7 +349,6 @@ TEST(NOTLogic, ScanNotAtLast)
 TEST(NOTLogic, ScanIrrelavantAtLast)
 {
 	const char* string_should_hit="This string ONLY contains must-contained-string-of-rule-144.";
-	const char* string_should_not_hit="This string contains both must-contained-string-of-rule-144 and must-not-contained-string-of-rule-144.";
 	const char* string_irrelevant="This string contiains nothing to hit.";
 	int ret=0;
 	int table_id=0;
@@ -363,13 +362,10 @@ TEST(NOTLogic, ScanIrrelavantAtLast)
 	ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, string_should_hit, strlen(string_should_hit), 
 						result,found_pos, 4, &mid, 0);						
 	EXPECT_GE(ret, -2);
-	/*
-	table_id=Maat_table_register(g_feather,not_hit_table_name);
-	ASSERT_GT(table_id, 0);
 
-	ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, string_should_not_hit, strlen(string_should_not_hit), 
-						result,found_pos, 4, &mid, 0);
-	EXPECT_GE(ret, -2);*/
+	table_id=Maat_table_register(g_feather, not_hit_table_name);
+	ASSERT_GT(table_id, 0);
+	
 	Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_LAST_REGION,  NULL, 0);
 	ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, string_irrelevant, strlen(string_irrelevant), 
 					result,found_pos, 4, &mid, 0);
@@ -377,6 +373,42 @@ TEST(NOTLogic, ScanIrrelavantAtLast)
 	EXPECT_EQ(ret, 1);
 	Maat_clean_status(&mid);
 
+}
+TEST(NOTLogic, ScanNotIP)
+{
+	const char* string_should_hit="This string ONLY contains must-contained-string-of-rule-145.";
+	int ret=0;
+	int table_id=0;
+	struct Maat_rule_t result[4];
+	int found_pos[4];
+	const char* hit_table_name="HTTP_URL", *not_hit_table_name="IP_CONFIG";
+	scan_status_t mid=NULL;
+	table_id=Maat_table_register(g_feather,hit_table_name);
+	ASSERT_GT(table_id, 0);
+	
+	ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, string_should_hit, strlen(string_should_hit), 
+						result,found_pos, 4, &mid, 0);						
+	EXPECT_GE(ret, -2);
+	
+	struct ipaddr ipv4_addr;
+	struct stream_tuple4_v4 v4_addr;
+	ipv4_addr.addrtype=ADDR_TYPE_IPV4;
+	inet_pton(AF_INET,"10.0.6.205",&(v4_addr.saddr));
+	v4_addr.source=htons(50001);
+	inet_pton(AF_INET,"10.0.6.201",&(v4_addr.daddr));
+	v4_addr.dest=htons(80);
+	ipv4_addr.v4=&v4_addr;
+
+	table_id=Maat_table_register(g_feather, not_hit_table_name);
+	ASSERT_GT(table_id, 0);
+	
+	Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_LAST_REGION,  NULL, 0);	
+	ret=Maat_scan_proto_addr(g_feather, table_id, &ipv4_addr, 6, result, 4, &mid,0);
+	
+	
+	EXPECT_EQ(ret, -2);
+	Maat_clean_status(&mid);
+
 }
 
 TEST(Helper, ReadColumn)