gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add a parameter "table_name" for maat_state_get_hit_paths

Browse Source
This commit is contained in:
liuchang
2024-11-28 08:53:31 +00:00
parent e8b826b754
commit 9979fc00f5
12 changed files with 192 additions and 227 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
include/maat.h
View File

@@ -303,8 +303,8 @@ void maat_state_reset(struct maat_state *state);
void maat_state_free(struct maat_state *state);
int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *path_array,
size_t array_size);
int maat_state_get_hit_paths(struct maat_state *state, const char *table_name,
struct maat_hit_path *path_array, size_t array_size);
/**
* @brief get the total number of scans after maat_state_new

1
src/inc_internal/maat_core.h
View File

@@ -185,7 +185,6 @@ struct maat_state {
struct rule_compile_state *rule_compile_state;
int Nth_scan;
uint16_t thread_id;
int16_t rule_table_id;//TODO: need remove ???
uint8_t logic_negate_option;
};

4
src/inc_internal/maat_rule.h
View File

@@ -74,7 +74,7 @@ int rule_runtime_match(int table_id, struct rule_runtime *rule_rt, uuid_t *rule_
int rule_runtime_need_compile(int table_id, struct rule_runtime *rule_rt, struct rule_compile_state *rule_compile_state);
size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
struct rule_compile_state *rule_compile_state,
struct maat_state *state,
struct maat_hit_path *hit_path_array,
size_t array_size, size_t n_hit_path);
@@ -88,7 +88,7 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
struct maat *maat_instance, int thread_id);
int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst,
const char *field_name, int custom_rule_tbl_id, int Nth_scan,
const char *field_name, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item);
void rule_compile_state_not_logic_update(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name, int Nth_scan);

1
src/inc_internal/maat_table.h
View File

@@ -80,7 +80,6 @@ const char *table_manager_get_table_schema_tag(struct table_manager *tbl_mgr, in
enum table_type table_manager_get_table_type(struct table_manager *tbl_mgr, int table_id);
int table_manager_get_default_rule_table_id(struct table_manager *tbl_mgr);
int table_manager_get_object_group_table_id(struct table_manager *tbl_mgr);
enum maat_expr_engine table_manager_get_expr_engine(struct table_manager *tbl_mgr);

17
src/maat_api.c
View File

@@ -1602,8 +1602,7 @@ static void maat_state_add_hit_object(struct maat_state *state, const char *fiel
}
rule_compile_state_update(state->rule_compile_state, maat_inst, field_name,
state->rule_table_id, state->Nth_scan,
hit_items, n_hit_item);
state->Nth_scan, hit_items, n_hit_item);
}
int maat_scan_object(struct maat *maat_inst, const char *table_name, const char *field_name,
@@ -1848,7 +1847,6 @@ void maat_state_reset(struct maat_state *state)
return;
}
state->rule_table_id = 0;
state->Nth_scan = 0;
if (state->rule_compile_state != NULL) {
@@ -1885,8 +1883,8 @@ void maat_state_free(struct maat_state *state)
thread_id, sizeof(struct maat_state));
}
int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *path_array,
size_t array_size)
int maat_state_get_hit_paths(struct maat_state *state, const char *table_name,
struct maat_hit_path *path_array, size_t array_size)
{
if (NULL == state || NULL == path_array || 0 == array_size) {
return -1;
@@ -1903,10 +1901,9 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
return 0;
}
int rule_table_id =
table_manager_get_default_rule_table_id(maat_inst->tbl_mgr);
if (state->rule_table_id > 0) {
rule_table_id = state->rule_table_id;
int rule_table_id = table_manager_get_table_id(maat_inst->tbl_mgr, table_name);
if (rule_table_id < 0) {
return -1;
}
void *rule_rt = table_manager_get_runtime(maat_inst->tbl_mgr,
@@ -1925,7 +1922,7 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
path_array, array_size);
return rule_runtime_get_hit_paths((struct rule_runtime *)rule_rt,
state->thread_id, state->rule_compile_state,
state->thread_id, state,
path_array, array_size, hit_path_cnt);
}

6
src/maat_expr.c
View File

@@ -873,8 +873,7 @@ next:
}
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_num);
state->Nth_scan, hit_maat_items, real_hit_item_num);
}
struct expr_runtime_stream *
@@ -961,8 +960,7 @@ next:
}
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
state->Nth_scan, hit_maat_items, real_hit_item_cnt);
}
void expr_runtime_stream_close(struct expr_runtime_stream *expr_rt_stream)

3
src/maat_flag.c
View File

@@ -454,8 +454,7 @@ next:
}
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
state->Nth_scan, hit_maat_items, real_hit_item_cnt);
}
void flag_runtime_perf_stat(struct flag_runtime *flag_rt, struct timespec *start,

3
src/maat_interval.c
View File

@@ -462,8 +462,7 @@ next:
}
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
state->Nth_scan, hit_maat_items, real_hit_item_cnt);
}
void interval_runtime_perf_stat(struct interval_runtime *interval_rt,

3
src/maat_ip.c
View File

@@ -549,8 +549,7 @@ next:
}
return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
state->Nth_scan, hit_maat_items, real_hit_item_cnt);
}
void ip_runtime_perf_stat(struct ip_runtime *ip_rt, struct timespec *start,

294
src/maat_rule.c
View File

@@ -67,9 +67,8 @@ struct field_hit_object_collection {
UT_array *direct_items;
UT_array *indirect_object_uuids;//TODO: change it to graph?
UT_array *all_object_uuids;
UT_array *negate_object_uuids;
int need_negate_condition;
int need_scan_not_object;
int need_negate_hit_path;
int Nth_scan;
UT_hash_handle hh;
};
@@ -805,7 +804,7 @@ void rule_compile_state_reset(struct rule_compile_state *rule_compile_state)
}
attr_hit_obj->need_negate_condition = 0;
attr_hit_obj->need_scan_not_object = 0;
attr_hit_obj->need_negate_hit_path = 0;
attr_hit_obj->Nth_scan = 0;
}
@@ -1043,79 +1042,6 @@ static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
*n_new_hit_path = new_hit_path_cnt;
}
size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
struct rule_compile_state *rule_compile_state,
struct maat_hit_path *hit_path_array,
size_t array_size, size_t n_hit_path)
{
/* assign hit_path_array[].rule_id */
size_t n_new_hit_path = 0;
struct maat_rule *rule = NULL;
struct condition_query_key key;
struct bool_expr_match *expr_match = rule_rt->expr_match_buff +
(thread_id * MAX_HIT_RULE_NUM);
assert(thread_id >= 0);
int bool_match_ret =
bool_matcher_match(rule_rt->bm,
(unsigned long long *)utarray_eltptr(rule_compile_state->all_hit_conditions, 0),
utarray_len(rule_compile_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM);//TODO: maat_state_compile
for (int idx = 0; idx < bool_match_ret; idx++) {
rule = (struct maat_rule *)expr_match[idx].user_tag;
assert(rule->magic_num == MAAT_RULE_MAGIC);
assert(uuid_compare(rule->rule_uuid, expr_match[idx].expr_uuid) == 0);
if (0 == rule->condition_num) {
continue;
}
for (size_t j = 0; j < n_hit_path && (n_hit_path + n_new_hit_path) < array_size; j++) {
if (uuid_is_null(hit_path_array[j].top_object_uuid)) {
uuid_copy(key.object_uuid, hit_path_array[j].sub_object_uuid);
} else {
uuid_copy(key.object_uuid, hit_path_array[j].top_object_uuid);
}
memcpy(key.field_name, hit_path_array[j].field_name, sizeof(key.field_name));
key.negate_option = hit_path_array[j].negate_option;
if (maat_rule_has_condition_query_key(rule, &key)) {
populate_hit_path_with_rule(hit_path_array, j, n_hit_path,
&n_new_hit_path, key.field_name, rule);
}
}
}
return (n_hit_path + n_new_hit_path);
}
static void
rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_item *hit_items,
size_t n_hit_items, struct field_hit_object_collection * attr_hit_obj_coll)
{
if (NULL == rule_compile_state || NULL == hit_items) {
return;
}
for (size_t i = 0; i < n_hit_items; i++) {
utarray_push_back(attr_hit_obj_coll->direct_items, &hit_items[i]);
}
}
static void
rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
uuid_t *object_uuids, size_t n_object_uuids,
struct field_hit_object_collection * attr_hit_obj_coll)
{
if (NULL == rule_compile_state || NULL == object_uuids) {
return;
}
for (size_t i = 0; i < n_object_uuids; i++) {
utarray_push_back(attr_hit_obj_coll->indirect_object_uuids, &object_uuids[i]);
}
}
static void
rule_compile_state_add_hit_conditions(struct rule_compile_state *rule_compile_state,
UT_array *condition_id_array)
@@ -1204,6 +1130,151 @@ rule_compile_state_add_hit_not_conditions(struct rule_compile_state *rule_compil
}
}
static void rule_runtime_update_hit_conditions(struct maat *maat_inst, struct rule_runtime *rule_rt,
struct rule_compile_state *rule_compile_state, int need_add_hit_path)
{
int clear_negate_hit_path_flag = 0;
utarray_clear(rule_compile_state->all_hit_conditions);
utarray_clear(rule_compile_state->exclude_not_conditions);
struct field_hit_object_collection *attr_hit_obj_coll = NULL, *tmp = NULL;
HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj_coll, tmp) {
struct condition_query_key key;
memset(&key, 0, sizeof(key));
snprintf(key.field_name, sizeof(key.field_name), "%s", attr_hit_obj_coll->field_name);
for (int i = 0; i < utarray_len(attr_hit_obj_coll->all_object_uuids); i++) {
uuid_t *object_uuid = utarray_eltptr(attr_hit_obj_coll->all_object_uuids, i);
uuid_copy(key.object_uuid, *object_uuid);
key.negate_option = 0;
struct condition_id_kv *condition_id_kv = NULL;
HASH_FIND(hh, rule_rt->condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
if (condition_id_kv != NULL) {
rule_compile_state_add_hit_conditions(rule_compile_state, condition_id_kv->condition_ids);
}
if (attr_hit_obj_coll->need_negate_condition) {
key.negate_option = 1;
HASH_FIND(hh, rule_rt->not_condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
if (condition_id_kv != NULL) {
rule_compile_state_add_exclude_not_conditions(rule_compile_state, condition_id_kv->condition_ids);
}
}
}
}
//not conditions
struct condition_id_kv *condition_id_kv = NULL, *tmp_condition_id_kv = NULL;
HASH_ITER(hh, rule_rt->not_condition_id_kv_hash, condition_id_kv, tmp_condition_id_kv) {
HASH_FIND_STR(rule_compile_state->attr_hit_objects_hashtbl, condition_id_kv->key.field_name, attr_hit_obj_coll);
if (attr_hit_obj_coll == NULL || attr_hit_obj_coll->need_negate_condition == 0) {
continue;
}
if (utarray_find(attr_hit_obj_coll->all_object_uuids, &(condition_id_kv->key.object_uuid), compare_object_uuid) != NULL) {
continue;
}
rule_compile_state_add_hit_not_conditions(rule_compile_state, condition_id_kv->condition_ids);
if (need_add_hit_path && maat_inst->opts.hit_path_on && attr_hit_obj_coll->need_negate_hit_path) {
uuid_t null_uuid;
uuid_clear(null_uuid);
rule_compile_state_add_internal_hit_path(rule_compile_state, null_uuid,
condition_id_kv->key.object_uuid,
condition_id_kv->key.field_name, 1,
attr_hit_obj_coll->Nth_scan);
clear_negate_hit_path_flag = 1;
}
}
if (clear_negate_hit_path_flag) {
HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj_coll, tmp) {
attr_hit_obj_coll->need_negate_hit_path = 0;
}
}
return;
}
size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
struct maat_state *state,
struct maat_hit_path *hit_path_array,
size_t array_size, size_t n_hit_path)
{
/* assign hit_path_array[].rule_id */
size_t n_new_hit_path = 0;
struct maat_rule *rule = NULL;
struct condition_query_key key;
struct rule_compile_state *rule_compile_state = state->rule_compile_state;
struct bool_expr_match *expr_match = rule_rt->expr_match_buff +
(thread_id * MAX_HIT_RULE_NUM);
assert(thread_id >= 0);
rule_runtime_update_hit_conditions(state->maat_inst, rule_rt, rule_compile_state, 0);
int bool_match_ret =
bool_matcher_match(rule_rt->bm,
(unsigned long long *)utarray_eltptr(rule_compile_state->all_hit_conditions, 0),
utarray_len(rule_compile_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM);//TODO: maat_state_compile
for (int idx = 0; idx < bool_match_ret; idx++) {
rule = (struct maat_rule *)expr_match[idx].user_tag;
assert(rule->magic_num == MAAT_RULE_MAGIC);
assert(uuid_compare(rule->rule_uuid, expr_match[idx].expr_uuid) == 0);
if (0 == rule->condition_num) {
continue;
}
for (size_t j = 0; j < n_hit_path && (n_hit_path + n_new_hit_path) < array_size; j++) {
if (uuid_is_null(hit_path_array[j].top_object_uuid)) {
uuid_copy(key.object_uuid, hit_path_array[j].sub_object_uuid);
} else {
uuid_copy(key.object_uuid, hit_path_array[j].top_object_uuid);
}
memcpy(key.field_name, hit_path_array[j].field_name, sizeof(key.field_name));
key.negate_option = hit_path_array[j].negate_option;
if (maat_rule_has_condition_query_key(rule, &key)) {
populate_hit_path_with_rule(hit_path_array, j, n_hit_path,
&n_new_hit_path, key.field_name, rule);
}
}
}
return (n_hit_path + n_new_hit_path);
}
static void
rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_item *hit_items,
size_t n_hit_items, struct field_hit_object_collection * attr_hit_obj_coll)
{
if (NULL == rule_compile_state || NULL == hit_items) {
return;
}
for (size_t i = 0; i < n_hit_items; i++) {
utarray_push_back(attr_hit_obj_coll->direct_items, &hit_items[i]);
}
}
static void
rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
uuid_t *object_uuids, size_t n_object_uuids,
struct field_hit_object_collection * attr_hit_obj_coll)
{
if (NULL == rule_compile_state || NULL == object_uuids) {
return;
}
for (size_t i = 0; i < n_object_uuids; i++) {
utarray_push_back(attr_hit_obj_coll->indirect_object_uuids, &object_uuids[i]);
}
}
int rule_runtime_update_rule_exdata(struct rule_runtime *rule_rt,
struct rule_schema *rule_schema,
const char *table_name, const char *row,
@@ -1613,10 +1684,6 @@ int rule_runtime_match(int table_id, struct rule_runtime *rule_rt, uuid_t *rule_
{
struct rule_compile_state *rule_compile_state = state->rule_compile_state;
struct maat_rule *rules[rule_ids_size];
int clear_scan_not_obj_flag = 0;
utarray_clear(rule_compile_state->all_hit_conditions);
utarray_clear(rule_compile_state->exclude_not_conditions);
struct rule_compile_runtime_state *rule_compile_rt_state = NULL;
HASH_FIND_INT(rule_compile_state->rule_runtime_state_hash, &table_id, rule_compile_rt_state);
@@ -1633,68 +1700,7 @@ int rule_runtime_match(int table_id, struct rule_runtime *rule_rt, uuid_t *rule_
rule_compile_rt_state->rule_rt_version = rule_rt->version;
}
struct field_hit_object_collection *attr_hit_obj_coll = NULL, *tmp = NULL;
HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj_coll, tmp) {
struct condition_query_key key;
memset(&key, 0, sizeof(key));
snprintf(key.field_name, sizeof(key.field_name), "%s", attr_hit_obj_coll->field_name);
for (int i = 0; i < utarray_len(attr_hit_obj_coll->all_object_uuids); i++) {
uuid_t *object_uuid = utarray_eltptr(attr_hit_obj_coll->all_object_uuids, i);
uuid_copy(key.object_uuid, *object_uuid);
key.negate_option = 0;
struct condition_id_kv *condition_id_kv = NULL;
HASH_FIND(hh, rule_rt->condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
if (condition_id_kv != NULL) {
rule_compile_state_add_hit_conditions(rule_compile_state, condition_id_kv->condition_ids);
}
if (attr_hit_obj_coll->need_negate_condition) {
key.negate_option = 1;
HASH_FIND(hh, rule_rt->not_condition_id_kv_hash, &key, sizeof(key), condition_id_kv);
if (condition_id_kv != NULL) {
rule_compile_state_add_exclude_not_conditions(rule_compile_state, condition_id_kv->condition_ids);
}
}
}
if (attr_hit_obj_coll->need_scan_not_object) {
clear_scan_not_obj_flag = 1;
}
}
//not conditions
struct condition_id_kv *condition_id_kv = NULL, *tmp_condition_id_kv = NULL;
HASH_ITER(hh, rule_rt->not_condition_id_kv_hash, condition_id_kv, tmp_condition_id_kv) {
HASH_FIND_STR(rule_compile_state->attr_hit_objects_hashtbl, condition_id_kv->key.field_name, attr_hit_obj_coll);
if (attr_hit_obj_coll == NULL || attr_hit_obj_coll->need_negate_condition == 0) {
continue;
}
if (utarray_find(attr_hit_obj_coll->all_object_uuids, &(condition_id_kv->key.object_uuid), compare_object_uuid) != NULL) {
continue;
}
rule_compile_state_add_hit_not_conditions(rule_compile_state, condition_id_kv->condition_ids);
if (state->maat_inst->opts.hit_path_on && attr_hit_obj_coll->need_scan_not_object) {
uuid_t null_uuid;
uuid_clear(null_uuid);
rule_compile_state_add_internal_hit_path(rule_compile_state, null_uuid,
condition_id_kv->key.object_uuid,
condition_id_kv->key.field_name, 1,
attr_hit_obj_coll->Nth_scan);
}
}
if (clear_scan_not_obj_flag) {
HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj_coll, tmp) {
if (attr_hit_obj_coll->need_scan_not_object) {
attr_hit_obj_coll->need_scan_not_object = 0;
}
}
}
rule_runtime_update_hit_conditions(state->maat_inst, rule_rt, rule_compile_state, 1);
// all hit condition_id -> rule_id
size_t bool_match_ret =
@@ -1785,7 +1791,7 @@ static int rule_compile_state_add_hit_objects(struct rule_compile_state *rule_co
}
int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst,
const char *field_name, int custom_rule_tbl_id, int Nth_scan,
const char *field_name, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item)
{
size_t i = 0, j = 0;
@@ -1846,7 +1852,7 @@ void rule_compile_state_not_logic_update(struct maat *maat_inst, struct rule_com
assert(attr_hit_obj_coll != NULL);
attr_hit_obj_coll->need_negate_condition = 1;
attr_hit_obj_coll->need_scan_not_object = 1;
attr_hit_obj_coll->need_negate_hit_path = 1;
attr_hit_obj_coll->Nth_scan = Nth_scan;
struct rule_compile_runtime_state *rule_compile_rt_state = NULL, *tmp = NULL;

31
src/maat_table.c
View File

@@ -50,7 +50,6 @@ struct table_manager {
size_t n_accept_tag;
enum expr_engine_type engine_type;
int default_rule_table_id;
int object_group_table_id;
struct maat_kv_store *tbl_name2id_map;
struct maat_kv_store *conj_tbl_name2id_map;
@@ -697,18 +696,6 @@ static int register_tbl_name2id(struct maat_kv_store *tbl_name2id_map, cJSON *ro
return 0;
}
int maat_default_rule_table_id(cJSON *json, struct log_handle *logger)
{
cJSON *item = cJSON_GetObjectItem(json, "default_rule_table");
if (NULL == item || item->type != cJSON_Number) {
return -1;
}
item = cJSON_GetObjectItem(json, "table_id");
//item is cJSON_Number which has been checked in maat_table_new
return item->valueint;
}
struct table_manager *
table_manager_create(const char *table_info_path, const char *accept_tags,
enum maat_expr_engine engine_type, struct maat_garbage_bin *garbage_bin,
@@ -777,7 +764,6 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
return NULL;
}
int default_rule_table_id = -1;
int object_group_table_id = -1;
struct maat_kv_store *reserved_word_map = maat_kv_store_new();
register_reserved_word(reserved_word_map);
@@ -809,12 +795,6 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
}
}
if (maat_tbl->table_type == TABLE_TYPE_RULE) {
if (default_rule_table_id < 0) {
default_rule_table_id = maat_default_rule_table_id(json, logger);
}
}
if (maat_tbl->table_type == TABLE_TYPE_OBJECT_GROUP) {
object_group_table_id = maat_tbl->table_id;
}
@@ -828,10 +808,8 @@ table_manager_create(const char *table_info_path, const char *accept_tags,
}
}
tbl_mgr->default_rule_table_id = default_rule_table_id;
tbl_mgr->object_group_table_id = object_group_table_id;
log_info(logger, MODULE_TABLE, "default rule table id: %d", default_rule_table_id);
log_info(logger, MODULE_TABLE, "object_group table id: %d", object_group_table_id);
next:
FREE(json_buff);
@@ -1040,15 +1018,6 @@ enum table_type table_manager_get_table_type(struct table_manager *tbl_mgr, int
return tbl_mgr->tbl[table_id]->table_type;
}
int table_manager_get_default_rule_table_id(struct table_manager *tbl_mgr)
{
if (NULL == tbl_mgr) {
return -1;
}
return tbl_mgr->default_rule_table_id;
}
int table_manager_get_object_group_table_id(struct table_manager *tbl_mgr)
{
if (NULL == tbl_mgr) {

52
test/maat_framework_gtest.cpp
View File

@@ -267,7 +267,7 @@ TEST_F(FlagScan, basic) {
struct maat_hit_path hit_path[HIT_PATH_SIZE];
int n_read = 0;
memset(hit_path, 0, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, hit_path, HIT_PATH_SIZE);
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, HIT_PATH_SIZE);
EXPECT_NE(n_read, 0);
maat_state_reset(state);
@@ -337,7 +337,7 @@ TEST_F(FlagScan, withExprRegion) {
int n_read = 0;
memset(hit_path, 0, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, hit_path, HIT_PATH_SIZE);
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, HIT_PATH_SIZE);
EXPECT_NE(n_read, 0);
const char *expr_scan_data = "hello world";
@@ -407,7 +407,7 @@ TEST_F(FlagScan, hitMultiRule) {
int n_read = 0;
memset(hit_path, 0, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, hit_path, HIT_PATH_SIZE);
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, HIT_PATH_SIZE);
EXPECT_NE(n_read, 0);
maat_state_free(state);
@@ -478,7 +478,7 @@ TEST_F(FlagScan, hitRepeatedRule) {
int n_read = 0;
memset(hit_path, 0, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, hit_path, HIT_PATH_SIZE);
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, HIT_PATH_SIZE);
EXPECT_NE(n_read, 0);
maat_state_free(state);
@@ -840,7 +840,7 @@ TEST_P(StringScan, Expr8) {
int n_read = 0;
memset(hit_path, 0, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, hit_path, HIT_PATH_SIZE);
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, HIT_PATH_SIZE);
EXPECT_NE(n_read, 0);
maat_state_free(state);
@@ -5250,7 +5250,7 @@ TEST_F(RuleTable, Conjunction1) {
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000141");
struct maat_hit_path hit_path[HIT_PATH_SIZE];
int n_read = maat_state_get_hit_paths(state, hit_path, HIT_PATH_SIZE);
int n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, HIT_PATH_SIZE);
EXPECT_EQ(n_read, 2);
maat_state_free(state);
@@ -5285,7 +5285,7 @@ TEST_F(RuleTable, Conjunction2) {
struct maat_hit_path hit_path[HIT_PATH_SIZE];
int n_read = maat_state_get_hit_paths(state, hit_path, HIT_PATH_SIZE);
int n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, HIT_PATH_SIZE);
EXPECT_EQ(n_read, 2);
ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
@@ -5298,7 +5298,7 @@ TEST_F(RuleTable, Conjunction2) {
EXPECT_EQ(n_hit_result, 2);
memset(hit_path, 0, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, hit_path, HIT_PATH_SIZE);
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, HIT_PATH_SIZE);
EXPECT_EQ(n_read, 4);
maat_state_free(state);
@@ -5554,7 +5554,7 @@ TEST_F(Policy, EvaluationOrder) {
struct maat_hit_path hit_path[128];
memset(hit_path, 0, sizeof(hit_path));
size_t n_hit_path = maat_state_get_hit_paths(state, hit_path, 128);
size_t n_hit_path = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, 128);
EXPECT_EQ(n_hit_path, 6);
EXPECT_STREQ(hit_path[0].field_name, field_name);
@@ -5669,7 +5669,7 @@ TEST_F(Policy, NotConditionHitPath) {
struct maat_hit_path hit_path[128];
memset(hit_path, 0, sizeof(hit_path));
size_t n_hit_path = maat_state_get_hit_paths(state, hit_path, 128);
size_t n_hit_path = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, 128);
EXPECT_EQ(n_hit_path, 4);
EXPECT_EQ(hit_path[0].Nth_scan, 1);
@@ -8351,7 +8351,7 @@ TEST_F(MaatCmd, HitPathBasic) {
struct maat_hit_path hit_path[128];
memset(hit_path, 0, sizeof(hit_path));
int n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
int n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 2);
int path_idx = 0;
@@ -8392,7 +8392,7 @@ TEST_F(MaatCmd, HitPathBasic) {
scan_times = maat_state_get_scan_count(state);
EXPECT_EQ(scan_times, 2);
n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 4);
path_idx = 0;
@@ -8462,7 +8462,7 @@ that the edges be all directed in the same direction.";
scan_times = maat_state_get_scan_count(state);
EXPECT_EQ(scan_times, 3);
n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 5);
path_idx++;
@@ -8492,7 +8492,7 @@ that the edges be all directed in the same direction.";
scan_times = maat_state_get_scan_count(state);
EXPECT_EQ(scan_times, 4);
n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 6);
path_idx++;
@@ -8519,7 +8519,7 @@ that the edges be all directed in the same direction.";
scan_times = maat_state_get_scan_count(state);
EXPECT_EQ(scan_times, 5);
n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 7);
path_idx++;
@@ -8731,7 +8731,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
struct maat_hit_path hit_path[128];
memset(hit_path, 0, sizeof(hit_path));
int n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
int n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 1);
int path_idx = 0;
@@ -8755,7 +8755,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, rule1_uuid_str);
n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 3);
path_idx = 0;
@@ -8809,7 +8809,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, rule2_uuid_str);
memset(hit_path, 0, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 5);
path_idx = 0;
@@ -8890,7 +8890,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, rule3_uuid_str);
memset(hit_path, 0, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 7);
path_idx = 0;
@@ -9134,7 +9134,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
struct maat_hit_path hit_path[128];
memset(hit_path, 0, sizeof(hit_path));
int n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
int n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 2);
int path_idx = 0;
@@ -9176,7 +9176,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
scan_times = maat_state_get_scan_count(state);
EXPECT_EQ(scan_times, 2);
n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 4);
path_idx = 0;
@@ -9247,7 +9247,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
scan_times = maat_state_get_scan_count(state);
EXPECT_EQ(scan_times, 3);
n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 5);
path_idx++;
@@ -9277,7 +9277,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
scan_times = maat_state_get_scan_count(state);
EXPECT_EQ(scan_times, 4);
n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 6);
path_idx++;
@@ -9305,7 +9305,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
scan_times = maat_state_get_scan_count(state);
EXPECT_EQ(scan_times, 5);
n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 7);
path_idx++;
@@ -9404,7 +9404,7 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) {
EXPECT_STREQ(uuid_str, rule2_uuid_str);
memset(hit_path, 0, sizeof(hit_path));
int n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
int n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 3);
int path_idx = 0;
@@ -9557,7 +9557,7 @@ TEST_F(MaatCmd, ObjectEdit) {
struct maat_hit_path hit_path[128];
memset(hit_path, 0, sizeof(hit_path));
int n_read = maat_state_get_hit_paths(state, hit_path, sizeof(hit_path));
int n_read = maat_state_get_hit_paths(state, default_rule_table_name, hit_path, sizeof(hit_path));
EXPECT_EQ(n_read, 2);
maat_state_reset(state);