diff --git a/docs/getting_started.md b/docs/getting_started.md
index bd8cf49..62aee80 100644
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -61,7 +61,7 @@ Table schema is stored in a json file(such as table_info.json), which is loaded
"object_id":1,
"rule_id":2,
"negate_option":4,
- "attribute_name":5,
+ "field_name":5,
"condition_index":6
}
},
diff --git a/docs/logical_combinations.md b/docs/logical_combinations.md
index 3c09331..2afd6a3 100644
--- a/docs/logical_combinations.md
+++ b/docs/logical_combinations.md
@@ -42,7 +42,7 @@ Before showing how to configure the specific rules, we need some raw materials (
```bash
rule(rule) = condition1 & condition2
- = {attribute1, object1, condition_index1} & {attribute2, object2, condition_index2}
+ = {field1, object1, condition_index1} & {field2, object2, condition_index2}
= {2, 211, 1} & {1, 201, 2}
```
@@ -53,7 +53,7 @@ rule(rule) = condition1 & condition2
```bash
rule(rule) = condition1 & condition2
- = {attribute1, object1, condition_index1} & {attribute2, object2, condition_index2}
+ = {field1, object1, condition_index1} & {field2, object2, condition_index2}
= {2, 211, 1} & {3, 221, 2}
```
@@ -74,7 +74,7 @@ object_name: "152_mail_addr" and object_name: "interval_object_refered" are two
```bash
rule(rule) = condition1 & condition2
- = {attribute1, (object1 | object2), condition_index1} & {attribute2, object3, condition_index2}
+ = {field1, (object1 | object2), condition_index1} & {field2, object3, condition_index2}
= {2, (211 | 212), 1} & {1, 201, 2}
```
@@ -86,7 +86,7 @@ rule(rule) = condition1 & condition2
```bash
rule(rule) = condition1 & condition2
- = {attribute1, object1, condition_index1} & {attribute2, (object2 | object3), condition_index2}
+ = {field1, object1, condition_index1} & {field2, (object2 | object3), condition_index2}
= {2, 211, 1} & {3, (221 | 222), 2}
```
@@ -106,7 +106,7 @@ object_name: "152_mail_addr" contains two regions(items) with a logical `OR` rel
```bash
rule(rule) = condition1 & !condition2
- = {attribute1, object1, condition_index1} & !{attribute2, object2, condition_index2}
+ = {field1, object1, condition_index1} & !{field2, object2, condition_index2}
= {2, 211, 1} & !{1, 201, 2}
```
@@ -118,7 +118,7 @@ rule(rule) = condition1 & !condition2
```bash
rule(rule) = condition1 & !condition2
- = {attribute1, object1, condition_index1} & !{attribute2, (object2 | object3), condition_index2}
+ = {field1, object1, condition_index1} & !{field2, (object2 | object3), condition_index2}
= {2, 211, 1} & !{3, (221 | 222), 2}
```
@@ -148,7 +148,7 @@ super_object1 = object1 exclude object2
And then configure the rule.
```bash
rule(rule) = condition1 & condition2
- = {attribute1, super_object1, condition_index1} & {attribute2, object2, condition_index2}
+ = {field1, super_object1, condition_index1} & {field2, object2, condition_index2}
= {2, (210 exclude 211), 1} & {1, 201, 2}
```
@@ -167,7 +167,7 @@ super_object2 = object2 exclude object3
And then configure the rule.
```bash
rule(rule) = condition1 & condition2
- = {attribute1, object1, condition_index1} & {attribute2, super_object2, condition_index2}
+ = {field1, object1, condition_index1} & {field2, super_object2, condition_index2}
= {2, 211, 1} & {1, (202 exclude 201), 2}
```
diff --git a/docs/maat_table.md b/docs/maat_table.md
index 08b6541..15cc6c3 100644
--- a/docs/maat_table.md
+++ b/docs/maat_table.md
@@ -7,7 +7,7 @@ The maat table consists of two parts: `schema` and `runtime`, which is the core
## 1. Table schema
-Maat tables are divided into two categories: physical tables that actually exist in the database and attributes that reference physical tables.
+Maat tables are divided into two categories: physical tables that actually exist in the database and fields that reference physical tables.
The types of physical tables are as follows:
- [item table](#11-item-table)
@@ -22,7 +22,7 @@ The types of physical tables are as follows:
Different physical tables can be combined into one table, see [conjunction table](#110-conjunction-table)
-A attribute can only reference one physical table or conjuntion table, see [attribute](#111-attribute)
+A field can only reference one physical table or conjuntion table, see [field](#111-field)
### 1.1 Item table
@@ -257,7 +257,7 @@ Describe the relationship between object and rule.
| **rule_id** | LONG LONG | rule id |
| **is_valid** | INT | 0(invalid), 1(valid) |
| **negate_option** | INT | logical 'NOT', identify a negate condition, 0(no) 1(yes) |
-| **attribute** | VARCHAR2(256) | attribute name, NOT NULL |
+| **field** | VARCHAR2(256) | field name, NOT NULL |
| **Nth_condition** | INT | the condition seq in (conjunctive normal form)CNF, from 0 to 7. objects with the same condition ID are logical 'OR' |
NOTE: If object_id is invalid in xx_item table, it must be marked as invalid in this table.
@@ -370,11 +370,11 @@ For example: HTTP_REGION is the conjunction of HTTP_URL and HTTP_HOST.
`Note`: Only physical tables support conjunction.
-### 1.11 attribute
+### 1.11 field
-A physical table refers to a table that physically exists in the database. In contrast, there are no attributes in the database. Attributes are merely references to physical tables, where one attribute can only reference one physical table. If you want to reference multiple physical tables of the same type, you need to first combine these physical tables into a conjunction table, and then have the attribute reference it. A physical table can be referenced by multiple attributes.
+A physical table refers to a table that physically exists in the database. In contrast, there are no fields in the database. Fields are merely references to physical tables, where one field can only reference one physical table. If you want to reference multiple physical tables of the same type, you need to first combine these physical tables into a conjunction table, and then have the field reference it. A physical table can be referenced by multiple fields.
-Attributes are often used for different traffic attributes, where different attributes represent different traffic attributes, such as HTTP_HOST, HTTP_URL, and so on.
+Fields are often used for different traffic fields, where different fields represent different traffic fields, such as HTTP_HOST, HTTP_URL, and so on.
### 1.12 Foreign Files
@@ -445,21 +445,21 @@ In addition to the rule table, there is also the object2rule table in the table
1. For expressions without negate-conditions, returning the matched rule_id:
- * rule1 = condition1 & condition2 = {attribute1, g1} & {attribute2, g2}
+ * rule1 = condition1 & condition2 = {field1, g1} & {field2, g2}
- * rule2 = condition1 & condition2 = {attribute1, g2} & {attribute2, g3}
+ * rule2 = condition1 & condition2 = {field1, g2} & {field2, g3}
- Given the matched attribute_id and object_id, all matching rule_ids can be provided. For example, if scanning attribute1 matches g2 and attribute2 matches g3, rule_runtime will return the matched rule_id 2.
+ Given the matched field_id and object_id, all matching rule_ids can be provided. For example, if scanning field1 matches g2 and field2 matches g3, rule_runtime will return the matched rule_id 2.
2. For expressions with negate-conditions, returning the matched rule_id:
- * rule3 = condition1 & !condition2 = {attribute1, g1} & !{attribute2, g2}
+ * rule3 = condition1 & !condition2 = {field1, g1} & !{field2, g2}
- * rule4 = !condition1 & condition2 = !{attribute1, g2} & {attribute2, g3}
+ * rule4 = !condition1 & condition2 = !{field1, g2} & {field2, g3}
- If scanning attribute1 matches g1 and attribute2 matches g3, rule_runtime will return the matched rule_id 4.
+ If scanning field1 matches g1 and field2 matches g3, rule_runtime will return the matched rule_id 4.
-3. If a rule_id is matched, the full hit path can be obtained: **item_id -> object_id ->** {super_object_id} -> condition{**attribute_id, negate_option, condition_index} -> rule_id**. If the matched object is not referenced by a rule, a half hit path can be obtained: **item_id -> object_id** -> {super_object_id}.
+3. If a rule_id is matched, the full hit path can be obtained: **item_id -> object_id ->** {super_object_id} -> condition{**field_id, negate_option, condition_index} -> rule_id**. If the matched object is not referenced by a rule, a half hit path can be obtained: **item_id -> object_id** -> {super_object_id}.
4. Getting the matched object_ids and the count of hit objects.
@@ -473,9 +473,9 @@ Rule runtime loads the rule table and object2rule table configurations into memo
1. All condition_ids under the same rule are used to construct AND expressions, and all rule AND expressions are used to build a bool_matcher.
-2. For negate_option=0 (conditions), a `condition_id hash` is built, key:{object_id, attribute_id, negate_option}, value:condition_id.
+2. For negate_option=0 (conditions), a `condition_id hash` is built, key:{object_id, field_id, negate_option}, value:condition_id.
-3. For negate_option=1 (negate-conditions), a `NOT_condition_id hash` is built, key:{object_id, attribute_id, negate_option}, value:condition_id.
+3. For negate_option=1 (negate-conditions), a `NOT_condition_id hash` is built, key:{object_id, field_id, negate_option}, value:condition_id.
* **Data Plane**
@@ -485,17 +485,17 @@ On the data plane, services are provided externally through the maat API, primar
* The hit item_id and object_id form a half-hit path.
-* The object_id that is hit and the scanned `attribute_id` form the key {object_id, attribute_id, 0}. This key is used to find the `hit condition_ids` in the condition_id hash.
+* The object_id that is hit and the scanned `field_id` form the key {object_id, field_id, 0}. This key is used to find the `hit condition_ids` in the condition_id hash.
-* Use the key {object_id, attribute_id, 1} to search for NOT_condition_ids in the NOT_condition_id hash and cache them as `exclude condition_ids`. These condition_ids need to be removed from all condition_ids that are eventually hit. This is because the scan hit {object_id, attribute_id, 0} => condition_id, leading to the deduction that {object_id, attribute_id, 1} => NOT_condition_id does not hit.
+* Use the key {object_id, field_id, 1} to search for NOT_condition_ids in the NOT_condition_id hash and cache them as `exclude condition_ids`. These condition_ids need to be removed from all condition_ids that are eventually hit. This is because the scan hit {object_id, field_id, 0} => condition_id, leading to the deduction that {object_id, field_id, 1} => NOT_condition_id does not hit.
-* Identify the object_ids in attribute_id table that appear in the NOT_condition and add them to the `NOT_condition_object` set. Ensure that this set does not contain any object_id that was hit during scanning. If any such object_id is present, remove it from the set to form the final `NOT_condition_object` for the attribute_id table.
+* Identify the object_ids in field_id table that appear in the NOT_condition and add them to the `NOT_condition_object` set. Ensure that this set does not contain any object_id that was hit during scanning. If any such object_id is present, remove it from the set to form the final `NOT_condition_object` for the field_id table.
* Use the hit condition_ids to determine if there are any hit rule_ids. If there are, populate the half-hit path which will become full-hit path.
2. **maat_scan_not_logic**: This interface is used to activate negate-condition logic.
-* Traverse the `NOT_condition_object` of `attribute_id`. For each `object_id`, form a key `{object_id, attribute_id, 1}` to obtain the `NOT_condition_id`. If it is in the `exclude condition_ids` set, ignore it; otherwise, add it to the `all hit condition_ids` set as a hit `NOT_condition_id`, and record the half-hit path of the negate-condition.
+* Traverse the `NOT_condition_object` of `field_id`. For each `object_id`, form a key `{object_id, field_id, 1}` to obtain the `NOT_condition_id`. If it is in the `exclude condition_ids` set, ignore it; otherwise, add it to the `all hit condition_ids` set as a hit `NOT_condition_id`, and record the half-hit path of the negate-condition.
* Use the `all hit condition_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the negate-condition which will become full-hit path.
diff --git a/docs/object_hierarchy.md b/docs/object_hierarchy.md
index 8254373..d2e0478 100644
--- a/docs/object_hierarchy.md
+++ b/docs/object_hierarchy.md
@@ -4,7 +4,7 @@ A object can reference other objects, and can also be referenced by other object
## Include
-Include is equivalent to the inclusion semantics in set theory. For example, when object_A is included by object_B, if a traffic attribute satisfies object_A, object_B is satisfied.
+Include is equivalent to the inclusion semantics in set theory. For example, when object_A is included by object_B, if a traffic field satisfies object_A, object_B is satisfied.
## Exclude
@@ -51,7 +51,7 @@ Restrictions:
- A object should include at least one subordinate object. (Exclude only is not allowed)
-- Traffic attribute using stream scan cannot allow use object(object) with exclude, i.e., keywords object on HTTP Response Body, Email attachment.
+- Traffic field using stream scan cannot allow use object(object) with exclude, i.e., keywords object on HTTP Response Body, Email attachment.
Now, let's see a graph of hierarchy example, where the dotted line means exclude. The matched subordinate objects and activated superiors are listed in the following table.
diff --git a/docs/overview.md b/docs/overview.md
index 5253de2..6ba9b90 100644
--- a/docs/overview.md
+++ b/docs/overview.md
@@ -28,7 +28,7 @@ As shown in the diagram below, maat organizes and abstracts configurations using
In addition, objects support nesting. For more detailed information, please refer to [object hierarchy](./object_hierarchy.md).
-If we define literal_id = {attribute_id, object_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same condition have a logical “OR” relationship. The multiple conditions that form the same rule have a logical “AND” relationship, and there can be a maximum of 8 conditions within the same rule. In addition, the condition itself supports logical "NOT".
+If we define literal_id = {field_id, object_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same condition have a logical “OR” relationship. The multiple conditions that form the same rule have a logical “AND” relationship, and there can be a maximum of 8 conditions within the same rule. In addition, the condition itself supports logical "NOT".
diff --git a/docs/terminology.md b/docs/terminology.md
index 2c4e10d..fd47bc8 100644
--- a/docs/terminology.md
+++ b/docs/terminology.md
@@ -6,7 +6,7 @@
* [Condition(Condition)](#condition)
* [Literal](#literal)
* [Physical table](#physical-table)
-* [Attribute](#attribute)
+* [Field](#field)
* [Table schema](#table-schema)
* [Table runtime](#table-runtime)
* [Table rule](#table-ruleconfiguration)
@@ -19,7 +19,7 @@
## Item
-As a filter for network attributes, the smallest unit of a rule
+As a filter for network fields, the smallest unit of a rule
- Eg1: specify that the UserAgent field in the HTTP protocol contains substrings "Chrome" and "11.8.1",
HTTP UserAgent: Chrome & 11.8.1
@@ -48,7 +48,7 @@ The relationship between object and object is stored in the [object_group table]
## Rule(Policy)
-A conjunctive normal form(CNF) consisting of multiple objects and attributes.
+A conjunctive normal form(CNF) consisting of multiple objects and fields.
`Note`: A rule can contain up to 8 conditions and multiple conditions in the same rule can be logical 'AND' and logical 'NOT' relationships.
@@ -64,19 +64,19 @@ Conditions are divided into two categories based on whether they contain the log
## Literal
-A Literal consists of `attribute_id(attribute id)` and `object_id`. During the rules loading process, a unique condition_id will be generated based on the combination of attribute_id and object_id in the same condition.
+A Literal consists of `field_id(field id)` and `object_id`. During the rules loading process, a unique condition_id will be generated based on the combination of field_id and object_id in the same condition.
## Physical table
Different rules are stored in different tables in the actual database, including [item table](./maat_table.md#11-item-table), [rule table](./maat_table.md#12-rule-table), [object2rule table](./maat_table.md#13-object2rule-table), [object_group table](./maat_table.md#14-object_group-table), and [xx_plugin table](./maat_table.md#15-plugin-table), and so on.
-## Attribute
+## Field
-A attribute references a physical table. In practice, network traffic attributes are commonly used as attribute, such as HTTP_HOST, SSL_SNI, etc. The constraints of attributes are as follows:
+A field references a physical table. In practice, network traffic fields are commonly used as field, such as HTTP_HOST, SSL_SNI, etc. The constraints of fields are as follows:
-* A attribute can only reference one physical table. If it need to reference multiple physical tables of the same type, these physical tables can be first joined together into one table and then referenced.
+* A field can only reference one physical table. If it need to reference multiple physical tables of the same type, these physical tables can be first joined together into one table and then referenced.
-* A physical table can be referenced by different attributes. For example, the keyword_table can be referenced by two attributes, http_request_body_virt and http_response_body_virt.
+* A physical table can be referenced by different fields. For example, the keyword_table can be referenced by two fields, http_request_body_virt and http_response_body_virt.
diff --git a/include/maat.h b/include/maat.h
index 2ab1b83..f04f1e1 100644
--- a/include/maat.h
+++ b/include/maat.h
@@ -25,14 +25,14 @@ extern "C"
#include
#include
-#define MAX_ATTR_NAME_LEN 128
+#define MAX_FIELD_NAME_LEN 128
/* maat instance handle */
struct maat;
struct maat_hit_path {
int Nth_scan;
- char attribute_name[MAX_ATTR_NAME_LEN]; // 0 is not a attribute.
+ char field_name[MAX_FIELD_NAME_LEN]; // 0 is not a field.
int negate_option; // 1 means negate condition(condition)
int condition_index; // 0 ~ 7
uuid_t item_uuid;
@@ -247,37 +247,37 @@ struct maat_state;
* MAAT_SCAN_HALF_HIT
* MAAT_SCAN_HIT
*/
-int maat_scan_flag(struct maat *instance, const char *table_name, const char *attribute_name,
+int maat_scan_flag(struct maat *instance, const char *table_name, const char *field_name,
long long flag, struct maat_state *state);
-int maat_scan_integer(struct maat *instance, const char *table_name, const char *attribute_name,
+int maat_scan_integer(struct maat *instance, const char *table_name, const char *field_name,
long long integer, struct maat_state *state);
/**
* @param ip_addr: ipv4 address in network order
* @param port: port in host order. If the port is not specified, use -1. Note that 0 is a valid port.
*/
-int maat_scan_ipv4_port(struct maat *instance, const char *table_name, const char *attribute_name,
+int maat_scan_ipv4_port(struct maat *instance, const char *table_name, const char *field_name,
uint32_t ip_addr, int port, struct maat_state *state);
-int maat_scan_ipv6_port(struct maat *instance, const char *table_name, const char *attribute_name,
+int maat_scan_ipv6_port(struct maat *instance, const char *table_name, const char *field_name,
uint8_t *ip_addr, int port, struct maat_state *state);
-int maat_scan_ipv4(struct maat *instance, const char *table_name, const char *attribute_name,
+int maat_scan_ipv4(struct maat *instance, const char *table_name, const char *field_name,
uint32_t ip_addr, struct maat_state *state);
-int maat_scan_ipv6(struct maat *instance, const char *table_name, const char *attribute_name,
+int maat_scan_ipv6(struct maat *instance, const char *table_name, const char *field_name,
uint8_t *ip_addr, struct maat_state *state);
-int maat_scan_string(struct maat *instance, const char *table_name, const char *attribute_name,
+int maat_scan_string(struct maat *instance, const char *table_name, const char *field_name,
const char *data, size_t data_len, struct maat_state *state);
-int maat_scan_object(struct maat *instance, const char *table_name, const char *attribute_name,
+int maat_scan_object(struct maat *instance, const char *table_name, const char *field_name,
uuid_t object_uuid_array[], uuid_t item_uuid_array[], size_t array_size, struct maat_state *state);
-int maat_scan_not_logic(struct maat *instance, const char *table_name, const char *attribute_name, struct maat_state *state);
+int maat_scan_not_logic(struct maat *instance, const char *table_name, const char *field_name, struct maat_state *state);
struct maat_stream;
-struct maat_stream *maat_stream_new(struct maat *instance, const char *table_name, const char *attribute_name, struct maat_state *state);
+struct maat_stream *maat_stream_new(struct maat *instance, const char *table_name, const char *field_name, struct maat_state *state);
int maat_stream_scan(struct maat_stream *stream, const char *data, int data_len, struct maat_state *state);
@@ -311,36 +311,36 @@ int maat_state_get_hit_paths(struct maat_state *state, struct maat_hit_path *pat
*/
size_t maat_state_get_scan_count(struct maat_state *state);
-size_t maat_state_get_attribute_cnt(struct maat_state *state);
+size_t maat_state_get_field_cnt(struct maat_state *state);
/**
- * @brief return all attribute names
- * NOTE: attribute names are valid until the state is freed or reset
+ * @brief return all field names
+ * NOTE: field names are valid until the state is freed or reset
*/
-size_t maat_state_get_attribute_names(struct maat_state *state, const char *attribute_names[], size_t array_size);
+size_t maat_state_get_field_names(struct maat_state *state, const char *field_names[], size_t array_size);
/**
* @brief return all hit objects
*/
size_t maat_state_get_hit_objects(struct maat_state *state,
- const char *attribute_name,
+ const char *field_name,
uuid_t object_array[],
size_t array_size);
-size_t maat_state_get_hit_object_cnt(struct maat_state *state, const char *attribute_name);
+size_t maat_state_get_hit_object_cnt(struct maat_state *state, const char *field_name);
/**
* @brief return direct hit items and direct hit objects
* NOTE: hit items may be duplicated
*/
size_t maat_state_get_hit_items(struct maat_state *state,
- const char *attribute_name,
+ const char *field_name,
uuid_t item_array[],
uuid_t direct_object_array[],
size_t array_size);
size_t maat_state_get_hit_item_cnt(struct maat_state *state,
- const char *attribute_name);
+ const char *field_name);
/**
* @brief indirect object means superior object
@@ -348,11 +348,11 @@ size_t maat_state_get_hit_item_cnt(struct maat_state *state,
* NOTE: hit objects may be duplicated
*/
size_t maat_state_get_indirect_hit_objects(struct maat_state *state,
- const char *attribute_name,
+ const char *field_name,
uuid_t object_array[],
size_t array_size);
-size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state, const char *attribute_name);
+size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state, const char *field_name);
#ifdef __cplusplus
}
diff --git a/src/inc_internal/maat_expr.h b/src/inc_internal/maat_expr.h
index ed4081b..2cbba06 100644
--- a/src/inc_internal/maat_expr.h
+++ b/src/inc_internal/maat_expr.h
@@ -57,12 +57,12 @@ long long expr_runtime_get_version(void *expr_runtime);
* @retval the num of hit object_id
*/
int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id, const char *data,
- size_t data_len, const char *attribute_name, struct maat_state *state);
+ size_t data_len, const char *field_name, struct maat_state *state);
struct expr_runtime_stream *expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id);
int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream, const char *data,
- size_t data_len, const char *attribute_name, struct maat_state *state);
+ size_t data_len, const char *field_name, struct maat_state *state);
void expr_runtime_stream_close(struct expr_runtime_stream *expr_rt_stream);
diff --git a/src/inc_internal/maat_flag.h b/src/inc_internal/maat_flag.h
index c89d64b..a783374 100644
--- a/src/inc_internal/maat_flag.h
+++ b/src/inc_internal/maat_flag.h
@@ -48,7 +48,7 @@ long long flag_runtime_rule_count(void *flag_runtime);
* @retval the num of hit object_id
*/
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id, long long flag,
- const char *attribute_name, struct maat_state *state);
+ const char *field_name, struct maat_state *state);
void flag_runtime_perf_stat(struct flag_runtime *flag_rt, struct timespec *start,
struct timespec *end, int thread_id);
diff --git a/src/inc_internal/maat_interval.h b/src/inc_internal/maat_interval.h
index a795917..1bb35f8 100644
--- a/src/inc_internal/maat_interval.h
+++ b/src/inc_internal/maat_interval.h
@@ -49,7 +49,7 @@ long long interval_runtime_rule_count(void *interval_runtime);
* @retval the num of hit object_id
*/
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
- long long integer, const char *attribute_name, struct maat_state *state);
+ long long integer, const char *field_name, struct maat_state *state);
void interval_runtime_perf_stat(struct interval_runtime *interval_rt,
struct timespec *start, struct timespec *end,
diff --git a/src/inc_internal/maat_ip.h b/src/inc_internal/maat_ip.h
index 12b337c..653a37a 100644
--- a/src/inc_internal/maat_ip.h
+++ b/src/inc_internal/maat_ip.h
@@ -42,7 +42,7 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime);
/* ip runtime scan API */
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
- uint8_t *ip_addr, int port, const char *attribute_name, struct maat_state *state);
+ uint8_t *ip_addr, int port, const char *field_name, struct maat_state *state);
void ip_runtime_perf_stat(struct ip_runtime *ip_rt, struct timespec *start,
struct timespec *end, int thread_id);
diff --git a/src/inc_internal/maat_rule.h b/src/inc_internal/maat_rule.h
index 0486c42..2acd67b 100644
--- a/src/inc_internal/maat_rule.h
+++ b/src/inc_internal/maat_rule.h
@@ -71,10 +71,10 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
struct maat *maat_instance, int thread_id);
int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst,
- const char *attribute_name, int custom_rule_tbl_id, int Nth_scan,
+ const char *field_name, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item);
-void rule_compile_state_not_logic_update(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name, int Nth_scan);
+void rule_compile_state_not_logic_update(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name, int Nth_scan);
size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule_compile_state,
struct rule_runtime *rule_rt,
@@ -82,24 +82,24 @@ size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule
struct maat_hit_path *hit_path_array,
size_t array_size);
-size_t rule_compile_state_get_direct_hit_items(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name,
+size_t rule_compile_state_get_direct_hit_items(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name,
uuid_t item_array[], uuid_t direct_object_array[], size_t array_size);
-size_t rule_compile_state_get_direct_hit_item_cnt(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name);
+size_t rule_compile_state_get_direct_hit_item_cnt(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name);
size_t rule_compile_state_get_indirect_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state,
- const char *attribute_name, uuid_t object_array[], size_t array_size);
+ const char *field_name, uuid_t object_array[], size_t array_size);
-size_t rule_compile_state_get_indirect_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name);
+size_t rule_compile_state_get_indirect_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name);
-size_t rule_compile_state_get_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name,
+size_t rule_compile_state_get_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name,
uuid_t object_array[], size_t array_size);
-size_t rule_compile_state_get_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name);
+size_t rule_compile_state_get_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name);
-size_t rule_compile_state_get_attribute_names(struct rule_compile_state *rule_compile_state, const char *attribute_name_array[], size_t array_size);
+size_t rule_compile_state_get_field_names(struct rule_compile_state *rule_compile_state, const char *field_name_array[], size_t array_size);
-size_t rule_compile_state_get_attribute_cnt(struct rule_compile_state *rule_compile_state);
+size_t rule_compile_state_get_field_cnt(struct rule_compile_state *rule_compile_state);
#ifdef __cplusplus
}
#endif
diff --git a/src/maat_api.c b/src/maat_api.c
index abe40d1..4683e97 100644
--- a/src/maat_api.c
+++ b/src/maat_api.c
@@ -56,7 +56,7 @@ struct maat_stream {
struct log_handle *logger;
int thread_id;
int table_id;
- char attribute_name[MAX_ATTR_NAME_LEN];
+ char field_name[MAX_FIELD_NAME_LEN];
};
struct maat_options* maat_options_new(void)
@@ -1023,7 +1023,7 @@ int maat_bool_plugin_table_get_ex_data(struct maat *maat_inst, const char *table
static int
flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
- int table_id, const char *attribute_name, struct maat_state *state)
+ int table_id, const char *field_name, struct maat_state *state)
{
enum table_type table_type =
table_manager_get_table_type(tbl_mgr, table_id);
@@ -1040,7 +1040,7 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
flag_runtime_scan_times_inc((struct flag_runtime *)flag_rt, thread_id);
int object_hit_cnt = flag_runtime_scan((struct flag_runtime *)flag_rt,
- thread_id, flag, attribute_name, state);
+ thread_id, flag, field_name, state);
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
@@ -1052,7 +1052,7 @@ flag_scan(struct table_manager *tbl_mgr, int thread_id, long long flag,
static int
interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
- int table_id, const char *attribute_name, struct maat_state *state)
+ int table_id, const char *field_name, struct maat_state *state)
{
enum table_type table_type =
@@ -1070,7 +1070,7 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
interval_runtime_scan_times_inc((struct interval_runtime *)interval_rt, thread_id);
int object_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt,
- thread_id, integer, attribute_name, state);
+ thread_id, integer, field_name, state);
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
@@ -1082,7 +1082,7 @@ interval_scan(struct table_manager *tbl_mgr, int thread_id, long long integer,
static int
ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
- int port, int table_id, const char *attribute_name, struct maat_state *state)
+ int port, int table_id, const char *field_name, struct maat_state *state)
{
enum table_type table_type =
@@ -1099,7 +1099,7 @@ ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
ip_runtime_scan_times_inc(ip_rt, thread_id);
int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv4,
- (uint8_t *)&ip_addr, port, attribute_name, state);
+ (uint8_t *)&ip_addr, port, field_name, state);
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
@@ -1111,7 +1111,7 @@ ipv4_scan(struct table_manager *tbl_mgr, int thread_id, uint32_t ip_addr,
static int
ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
- int port, int table_id, const char *attribute_name, struct maat_state *state)
+ int port, int table_id, const char *field_name, struct maat_state *state)
{
enum table_type table_type =
@@ -1128,7 +1128,7 @@ ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
ip_runtime_scan_times_inc(ip_rt, thread_id);
int object_hit_cnt = ip_runtime_scan((struct ip_runtime *)ip_rt, thread_id, IPv6,
- ip_addr, port, attribute_name, state);
+ ip_addr, port, field_name, state);
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
@@ -1141,7 +1141,7 @@ ipv6_scan(struct table_manager *tbl_mgr, int thread_id, uint8_t *ip_addr,
static int
string_scan(struct table_manager *tbl_mgr, int thread_id,
const char *data, size_t data_len, int table_id,
- const char *attribute_name, struct maat_state *state)
+ const char *field_name, struct maat_state *state)
{
enum table_type table_type =
table_manager_get_table_type(tbl_mgr, table_id);
@@ -1160,7 +1160,7 @@ string_scan(struct table_manager *tbl_mgr, int thread_id,
int object_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt,
thread_id, data, data_len,
- attribute_name, state);
+ field_name, state);
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
@@ -1209,7 +1209,7 @@ int maat_state_need_compile(struct maat_state *state, const char *table_name)
return rule_runtime_need_compile(table_id, (struct rule_runtime *)rule_rt, state->rule_compile_state);
}
-int maat_scan_flag(struct maat *maat_inst, const char *table_name, const char *attribute_name,
+int maat_scan_flag(struct maat *maat_inst, const char *table_name, const char *field_name,
long long flag, struct maat_state *state)
{
if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) {
@@ -1245,7 +1245,7 @@ int maat_scan_flag(struct maat *maat_inst, const char *table_name, const char *a
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = flag_scan(maat_inst->tbl_mgr, state->thread_id, flag,
- table_id, attribute_name, state);
+ table_id, field_name, state);
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
goto ERROR;
@@ -1274,7 +1274,7 @@ ERROR:
return MAAT_SCAN_ERR;
}
-int maat_scan_integer(struct maat *maat_inst, const char *table_name, const char *attribute_name,
+int maat_scan_integer(struct maat *maat_inst, const char *table_name, const char *field_name,
long long integer, struct maat_state *state)
{
if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) {
@@ -1310,7 +1310,7 @@ int maat_scan_integer(struct maat *maat_inst, const char *table_name, const char
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = interval_scan(maat_inst->tbl_mgr, state->thread_id, integer,
- table_id, attribute_name, state);
+ table_id, field_name, state);
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
goto ERROR;
@@ -1339,7 +1339,7 @@ ERROR:
return MAAT_SCAN_ERR;
}
-int maat_scan_ipv4_port(struct maat *maat_inst, const char *table_name, const char *attribute_name,
+int maat_scan_ipv4_port(struct maat *maat_inst, const char *table_name, const char *field_name,
uint32_t ip_addr, int port, struct maat_state *state)
{
if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) {
@@ -1375,7 +1375,7 @@ int maat_scan_ipv4_port(struct maat *maat_inst, const char *table_name, const ch
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = ipv4_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port,
- table_id, attribute_name, state);
+ table_id, field_name, state);
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
goto ERROR;
@@ -1404,7 +1404,7 @@ ERROR:
return MAAT_SCAN_ERR;
}
-int maat_scan_ipv6_port(struct maat *maat_inst, const char *table_name, const char *attribute_name,
+int maat_scan_ipv6_port(struct maat *maat_inst, const char *table_name, const char *field_name,
uint8_t *ip_addr, int port, struct maat_state *state)
{
if ((NULL == maat_inst) || (NULL == ip_addr) || (NULL == state) || (state->thread_id < 0)) {
@@ -1440,7 +1440,7 @@ int maat_scan_ipv6_port(struct maat *maat_inst, const char *table_name, const ch
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = ipv6_scan(maat_inst->tbl_mgr, state->thread_id, ip_addr, port,
- table_id, attribute_name, state);
+ table_id, field_name, state);
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
goto ERROR;
@@ -1470,19 +1470,19 @@ ERROR:
}
#define PORT_IGNORED -1
-inline int maat_scan_ipv6(struct maat *instance, const char *table_name, const char *attribute_name,
+inline int maat_scan_ipv6(struct maat *instance, const char *table_name, const char *field_name,
uint8_t *ip_addr, struct maat_state *state)
{
- return maat_scan_ipv6_port(instance, table_name, attribute_name, ip_addr, PORT_IGNORED, state);
+ return maat_scan_ipv6_port(instance, table_name, field_name, ip_addr, PORT_IGNORED, state);
}
-inline int maat_scan_ipv4(struct maat *instance, const char *table_name, const char *attribute_name,
+inline int maat_scan_ipv4(struct maat *instance, const char *table_name, const char *field_name,
uint32_t ip_addr, struct maat_state *state)
{
- return maat_scan_ipv4_port(instance, table_name, attribute_name, ip_addr, PORT_IGNORED, state);
+ return maat_scan_ipv4_port(instance, table_name, field_name, ip_addr, PORT_IGNORED, state);
}
-int maat_scan_string(struct maat *maat_inst, const char *table_name, const char *attribute_name,
+int maat_scan_string(struct maat *maat_inst, const char *table_name, const char *field_name,
const char *data, size_t data_len, struct maat_state *state)
{
if ((NULL == maat_inst) || (NULL == data) || (0 == data_len) || (NULL == state) ||
@@ -1519,7 +1519,7 @@ int maat_scan_string(struct maat *maat_inst, const char *table_name, const char
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
int hit_object_cnt = string_scan(maat_inst->tbl_mgr, state->thread_id, data,
- data_len, table_id, attribute_name, state);
+ data_len, table_id, field_name, state);
if (hit_object_cnt < 0) {
maat_inst->stat->scan_err_cnt++;
goto ERROR;
@@ -1548,7 +1548,7 @@ ERROR:
return MAAT_SCAN_ERR;
}
-static void maat_state_add_hit_object(struct maat_state *state, const char *attribute_name,
+static void maat_state_add_hit_object(struct maat_state *state, const char *field_name,
uuid_t object_uuid_array[], uuid_t item_uuid_array[], size_t array_size)
{
struct maat *maat_inst = state->maat_inst;
@@ -1570,12 +1570,12 @@ static void maat_state_add_hit_object(struct maat_state *state, const char *attr
uuid_copy(hit_items[i].object_uuid, object_uuid_array[i]);
}
- rule_compile_state_update(state->rule_compile_state, maat_inst, attribute_name,
+ rule_compile_state_update(state->rule_compile_state, maat_inst, field_name,
state->rule_table_id, state->Nth_scan,
hit_items, n_hit_item);
}
-int maat_scan_object(struct maat *maat_inst, const char *table_name, const char *attribute_name,
+int maat_scan_object(struct maat *maat_inst, const char *table_name, const char *field_name,
uuid_t object_uuid_array[], uuid_t item_uuid_array[], size_t array_size, struct maat_state *state)
{
if ((NULL == maat_inst) || (array_size == 0) || (NULL == state) ||
@@ -1600,14 +1600,14 @@ int maat_scan_object(struct maat *maat_inst, const char *table_name, const char
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
- maat_state_add_hit_object(state, attribute_name, object_uuid_array, item_uuid_array, array_size);
+ maat_state_add_hit_object(state, field_name, object_uuid_array, item_uuid_array, array_size);
maat_runtime_ref_dec(maat_inst->maat_rt, state->thread_id);
return MAAT_SCAN_OK;
}
-int maat_scan_not_logic(struct maat *maat_inst, const char *table_name, const char *attribute_name, struct maat_state *state)
+int maat_scan_not_logic(struct maat *maat_inst, const char *table_name, const char *field_name, struct maat_state *state)
{
if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) {
return -1;
@@ -1626,14 +1626,14 @@ int maat_scan_not_logic(struct maat *maat_inst, const char *table_name, const ch
alignment_int64_array_add(maat_inst->stat->thread_call_cnt, state->thread_id, 1);
- rule_compile_state_not_logic_update(maat_inst, state->rule_compile_state, attribute_name, state->Nth_scan);
+ rule_compile_state_not_logic_update(maat_inst, state->rule_compile_state, field_name, state->Nth_scan);
maat_runtime_ref_dec(maat_inst->maat_rt, state->thread_id);
return MAAT_SCAN_OK;
}
-struct maat_stream *maat_stream_new(struct maat *maat_inst, const char *table_name, const char *attribute_name, struct maat_state *state)
+struct maat_stream *maat_stream_new(struct maat *maat_inst, const char *table_name, const char *field_name, struct maat_state *state)
{
if ((NULL == maat_inst) || (NULL == state) || (state->thread_id < 0)) {
return NULL;
@@ -1644,7 +1644,7 @@ struct maat_stream *maat_stream_new(struct maat *maat_inst, const char *table_na
stream->last_full_version = maat_inst->last_full_version;
stream->thread_id = state->thread_id;
stream->table_id = table_manager_get_table_id(maat_inst->tbl_mgr, table_name);
- snprintf(stream->attribute_name, sizeof(stream->attribute_name), "%s", attribute_name);
+ snprintf(stream->field_name, sizeof(stream->field_name), "%s", field_name);
stream->logger = maat_inst->logger;
enum table_type table_type = TABLE_TYPE_INVALID;
@@ -1703,7 +1703,7 @@ static int expr_stream_scan(struct maat_stream *stream, const char *data,
data_len);
int object_hit_cnt = expr_runtime_stream_scan(stream->expr_rt_stream, data,
- data_len, stream->attribute_name, state);
+ data_len, stream->field_name, state);
if (object_hit_cnt <= 0) {
return object_hit_cnt;
}
@@ -1907,7 +1907,7 @@ size_t maat_state_get_scan_count(struct maat_state *state)
return state->Nth_scan;
}
-size_t maat_state_get_hit_items(struct maat_state *state, const char *attribute_name,
+size_t maat_state_get_hit_items(struct maat_state *state, const char *field_name,
uuid_t item_array[], uuid_t direct_object_array[],
size_t array_size)
{
@@ -1919,19 +1919,19 @@ size_t maat_state_get_hit_items(struct maat_state *state, const char *attribute_
return 0;
}
- return rule_compile_state_get_direct_hit_items(state->maat_inst, state->rule_compile_state, attribute_name, item_array, direct_object_array, array_size);
+ return rule_compile_state_get_direct_hit_items(state->maat_inst, state->rule_compile_state, field_name, item_array, direct_object_array, array_size);
}
-size_t maat_state_get_hit_item_cnt(struct maat_state *state, const char *attribute_name)
+size_t maat_state_get_hit_item_cnt(struct maat_state *state, const char *field_name)
{
if (NULL == state || NULL == state->rule_compile_state) {
return 0;
}
- return rule_compile_state_get_direct_hit_item_cnt(state->maat_inst, state->rule_compile_state, attribute_name);
+ return rule_compile_state_get_direct_hit_item_cnt(state->maat_inst, state->rule_compile_state, field_name);
}
-size_t maat_state_get_indirect_hit_objects(struct maat_state *state, const char *attribute_name,
+size_t maat_state_get_indirect_hit_objects(struct maat_state *state, const char *field_name,
uuid_t object_array[], size_t array_size)
{
if (NULL == state || NULL == object_array || 0 == array_size) {
@@ -1942,19 +1942,19 @@ size_t maat_state_get_indirect_hit_objects(struct maat_state *state, const char
return 0;
}
- return rule_compile_state_get_indirect_hit_objects(state->maat_inst, state->rule_compile_state, attribute_name, object_array, array_size);
+ return rule_compile_state_get_indirect_hit_objects(state->maat_inst, state->rule_compile_state, field_name, object_array, array_size);
}
-size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state, const char *attribute_name)
+size_t maat_state_get_indirect_hit_object_cnt(struct maat_state *state, const char *field_name)
{
if (NULL == state || NULL == state->rule_compile_state) {
return 0;
}
- return rule_compile_state_get_indirect_hit_object_cnt(state->maat_inst, state->rule_compile_state, attribute_name);
+ return rule_compile_state_get_indirect_hit_object_cnt(state->maat_inst, state->rule_compile_state, field_name);
}
-size_t maat_state_get_hit_objects(struct maat_state *state, const char *attribute_name, uuid_t object_array[], size_t array_size)
+size_t maat_state_get_hit_objects(struct maat_state *state, const char *field_name, uuid_t object_array[], size_t array_size)
{
if (NULL == state || NULL == object_array || 0 == array_size) {
return 0;
@@ -1964,21 +1964,21 @@ size_t maat_state_get_hit_objects(struct maat_state *state, const char *attribut
return 0;
}
- return rule_compile_state_get_hit_objects(state->maat_inst, state->rule_compile_state, attribute_name, object_array, array_size);
+ return rule_compile_state_get_hit_objects(state->maat_inst, state->rule_compile_state, field_name, object_array, array_size);
}
-size_t maat_state_get_hit_object_cnt(struct maat_state *state, const char *attribute_name)
+size_t maat_state_get_hit_object_cnt(struct maat_state *state, const char *field_name)
{
if (NULL == state || NULL == state->rule_compile_state) {
return 0;
}
- return rule_compile_state_get_hit_object_cnt(state->maat_inst, state->rule_compile_state, attribute_name);
+ return rule_compile_state_get_hit_object_cnt(state->maat_inst, state->rule_compile_state, field_name);
}
-size_t maat_state_get_attribute_names(struct maat_state *state, const char *attribute_names[], size_t array_size)
+size_t maat_state_get_field_names(struct maat_state *state, const char *field_names[], size_t array_size)
{
- if (NULL == state || NULL == attribute_names || 0 == array_size) {
+ if (NULL == state || NULL == field_names || 0 == array_size) {
return 0;
}
@@ -1986,14 +1986,14 @@ size_t maat_state_get_attribute_names(struct maat_state *state, const char *attr
return 0;
}
- return rule_compile_state_get_attribute_names(state->rule_compile_state, attribute_names, array_size);
+ return rule_compile_state_get_field_names(state->rule_compile_state, field_names, array_size);
}
-size_t maat_state_get_attribute_cnt(struct maat_state *state)
+size_t maat_state_get_field_cnt(struct maat_state *state)
{
if (NULL == state || NULL == state->rule_compile_state) {
return 0;
}
- return rule_compile_state_get_attribute_cnt(state->rule_compile_state);
+ return rule_compile_state_get_field_cnt(state->rule_compile_state);
}
\ No newline at end of file
diff --git a/src/maat_config_monitor.c b/src/maat_config_monitor.c
index 53a42d1..a28bfaf 100644
--- a/src/maat_config_monitor.c
+++ b/src/maat_config_monitor.c
@@ -348,10 +348,10 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
/*
"rules": [ "items":[
{ {
- "uuid": "201", "table_name": "ATTR_APP_ID",
+ "uuid": "201", "table_name": "FIELD_APP_ID",
"conditions": [ "table_content": {
{ "uuid": "1",
- "attribute_name": "ATTR_APP_ID", "object_uuid": "1",
+ "field_name": "FIELD_APP_ID", "object_uuid": "1",
"objects": [ "interval": "4001"
{
"items":[ --------------> }
@@ -363,7 +363,7 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
] "uuid": "201",
} "conditions": [
], {
- "misc": "blah, blah" "attribute_name": "ATTR_APP_ID",
+ "misc": "blah, blah" "field_name": "FIELD_APP_ID",
} "object_uuids": ["1"]
] }
]
diff --git a/src/maat_expr.c b/src/maat_expr.c
index 8fedd94..7728569 100644
--- a/src/maat_expr.c
+++ b/src/maat_expr.c
@@ -813,7 +813,7 @@ long long expr_runtime_get_version(void *expr_runtime)
int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
const char *data, size_t data_len,
- const char *attribute_name, struct maat_state *state)
+ const char *field_name, struct maat_state *state)
{
if (0 == expr_rt->rule_num) {
//empty expr table
@@ -872,7 +872,7 @@ next:
state->thread_id, 1);
}
- return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name,
+ return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_num);
}
@@ -898,7 +898,7 @@ expr_runtime_stream_open(struct expr_runtime *expr_rt, int thread_id)
int expr_runtime_stream_scan(struct expr_runtime_stream *expr_rt_stream,
const char *data, size_t data_len,
- const char *attribute_name, struct maat_state *state)
+ const char *field_name, struct maat_state *state)
{
struct expr_runtime *expr_rt = expr_rt_stream->ref_expr_rt;
@@ -960,7 +960,7 @@ next:
state->thread_id, 1);
}
- return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name,
+ return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}
diff --git a/src/maat_flag.c b/src/maat_flag.c
index e347caf..e244a88 100644
--- a/src/maat_flag.c
+++ b/src/maat_flag.c
@@ -401,7 +401,7 @@ long long flag_runtime_rule_count(void *flag_runtime)
}
int flag_runtime_scan(struct flag_runtime *flag_rt, int thread_id,
- long long flag, const char *attribute_name, struct maat_state *state)
+ long long flag, const char *field_name, struct maat_state *state)
{
if (0 == flag_rt->rule_num) {
//empty flag table
@@ -453,7 +453,7 @@ next:
state->thread_id, 1);
}
- return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name,
+ return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}
diff --git a/src/maat_interval.c b/src/maat_interval.c
index f97ccce..0d00153 100644
--- a/src/maat_interval.c
+++ b/src/maat_interval.c
@@ -409,7 +409,7 @@ long long interval_runtime_rule_count(void *interval_runtime)
}
int interval_runtime_scan(struct interval_runtime *interval_rt, int thread_id,
- long long integer, const char *attribute_name, struct maat_state *state)
+ long long integer, const char *field_name, struct maat_state *state)
{
if (0 == interval_rt->rule_num) {
//empty interval table
@@ -461,7 +461,7 @@ next:
state->thread_id, 1);
}
- return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name,
+ return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}
diff --git a/src/maat_ip.c b/src/maat_ip.c
index 43e7d6c..387bdf9 100644
--- a/src/maat_ip.c
+++ b/src/maat_ip.c
@@ -475,7 +475,7 @@ long long ip_runtime_ipv6_rule_count(void *ip_runtime)
}
int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
- uint8_t *ip_addr, int port, const char *attribute_name, struct maat_state *state)
+ uint8_t *ip_addr, int port, const char *field_name, struct maat_state *state)
{
if (0 == ip_rt->rule_num) {
//empty ip table
@@ -548,7 +548,7 @@ next:
state->thread_id, 1);
}
- return rule_compile_state_update(state->rule_compile_state, state->maat_inst, attribute_name,
+ return rule_compile_state_update(state->rule_compile_state, state->maat_inst, field_name,
state->rule_table_id, state->Nth_scan,
hit_maat_items, real_hit_item_cnt);
}
diff --git a/src/maat_rule.c b/src/maat_rule.c
index 14394b2..c5d41c4 100644
--- a/src/maat_rule.c
+++ b/src/maat_rule.c
@@ -50,7 +50,7 @@ struct rule_item {
struct condition_query_key {
uuid_t object_uuid;
- char attribute_name[MAX_ATTR_NAME_LEN];
+ char field_name[MAX_FIELD_NAME_LEN];
int negate_option;
};
@@ -61,15 +61,15 @@ struct condition_id_kv {
};
struct table_condition {
- char attribute_name[MAX_ATTR_NAME_LEN];
+ char field_name[MAX_FIELD_NAME_LEN];
int actual_condition_num;
UT_array *condition_ids;
UT_array *object_ids;
UT_hash_handle hh;
};
-struct attribute_hit_object_collection {
- char attribute_name[MAX_ATTR_NAME_LEN];
+struct field_hit_object_collection {
+ char field_name[MAX_FIELD_NAME_LEN];
UT_array *direct_items;
UT_array *indirect_object_uuids;//TODO: change it to graph?
UT_array *all_object_uuids;
@@ -97,7 +97,7 @@ struct rule_runtime {
struct condition_id_kv *not_condition_id_kv_hash; //store NOT_condition_ids(negate_option == 1)
struct bool_expr_match *expr_match_buff;
struct maat_garbage_bin *ref_garbage_bin;
- struct table_condition *tbl_not_condition_hash; //each attribute's negate condition number <= MAX_NOT_CONDITION_NUM
+ struct table_condition *tbl_not_condition_hash; //each field's negate condition number <= MAX_NOT_CONDITION_NUM
struct log_handle *logger;
time_t version;
@@ -108,7 +108,7 @@ struct rule_runtime {
struct condition_literal {
uuid_t object_uuids[MAX_OBJECT_CNT];
int object_cnt;
- char attribute_name[MAX_ATTR_NAME_LEN];
+ char field_name[MAX_FIELD_NAME_LEN];
};
struct rule_condition {
@@ -139,7 +139,7 @@ struct internal_hit_path {
uuid_t object_uuid;
int Nth_scan;
int negate_option; // 1 means negate condition
- char attribute_name[MAX_ATTR_NAME_LEN];
+ char field_name[MAX_FIELD_NAME_LEN];
};
struct rule_compile_state {
@@ -148,7 +148,7 @@ struct rule_compile_state {
UT_array *internal_hit_paths;
UT_array *all_hit_conditions;
UT_array *exclude_not_conditions;
- struct attribute_hit_object_collection *attr_hit_objects_hashtbl;
+ struct field_hit_object_collection *attr_hit_objects_hashtbl;
struct rule_compile_runtime_state *rule_runtime_state_hash;
};
@@ -195,11 +195,11 @@ static void maat_rule_free(struct maat_rule *rule)
}
static int validate_table_not_condition(struct rule_runtime *rule_rt,
- struct table_manager *tbl_mgr, const char *attribute_name,
+ struct table_manager *tbl_mgr, const char *field_name,
enum maat_operation op, struct log_handle *logger)
{
struct table_condition *not_condition = NULL;
- HASH_FIND_STR(rule_rt->tbl_not_condition_hash, attribute_name, not_condition);
+ HASH_FIND_STR(rule_rt->tbl_not_condition_hash, field_name, not_condition);
if (MAAT_OP_DEL == op) {
//delete
@@ -212,14 +212,14 @@ static int validate_table_not_condition(struct rule_runtime *rule_rt,
//add
if (NULL == not_condition) {
not_condition = ALLOC(struct table_condition, 1);
- snprintf(not_condition->attribute_name, sizeof(not_condition->attribute_name), "%s", attribute_name);
+ snprintf(not_condition->field_name, sizeof(not_condition->field_name), "%s", field_name);
not_condition->actual_condition_num++;
- HASH_ADD_STR(rule_rt->tbl_not_condition_hash, attribute_name, not_condition);
+ HASH_ADD_STR(rule_rt->tbl_not_condition_hash, field_name, not_condition);
} else {
if (not_condition->actual_condition_num >= MAX_NOT_CONDITION_NUM) {
log_fatal(logger, MODULE_RULE,
- "[%s:%d]attribute:<%s> negate condition num exceed maximum:%d",
- __FUNCTION__, __LINE__, attribute_name, MAX_NOT_CONDITION_NUM);
+ "[%s:%d]field:<%s> negate condition num exceed maximum:%d",
+ __FUNCTION__, __LINE__, field_name, MAX_NOT_CONDITION_NUM);
return -1;
}
not_condition->actual_condition_num++;
@@ -297,24 +297,24 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
struct condition_literal tmp_literal;
memset(&tmp_literal, 0, sizeof(tmp_literal));
- tmp_obj = cJSON_GetObjectItem(literal_obj, "attribute_name");
+ tmp_obj = cJSON_GetObjectItem(literal_obj, "field_name");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
log_fatal(rule_rt->logger, MODULE_RULE,
- "[%s:%d] table: <%s> has no attribute_name or not string format",
+ "[%s:%d] table: <%s> has no field_name or not string format",
__FUNCTION__, __LINE__, table_name);
goto error;
}
- if (strlen(tmp_obj->valuestring) >= sizeof(tmp_literal.attribute_name)) {
+ if (strlen(tmp_obj->valuestring) >= sizeof(tmp_literal.field_name)) {
log_fatal(logger, MODULE_RULE,
- "[%s:%d] table: <%s> attribute_name:%s length exceed maximum:%d",
- __FUNCTION__, __LINE__, table_name, tmp_obj->valuestring, sizeof(tmp_literal.attribute_name));
+ "[%s:%d] table: <%s> field_name:%s length exceed maximum:%d",
+ __FUNCTION__, __LINE__, table_name, tmp_obj->valuestring, sizeof(tmp_literal.field_name));
goto error;
}
- snprintf(tmp_literal.attribute_name, sizeof(tmp_literal.attribute_name), "%s", tmp_obj->valuestring);
+ snprintf(tmp_literal.field_name, sizeof(tmp_literal.field_name), "%s", tmp_obj->valuestring);
if (condition->negate_option == CONDITION_NEGATE_OPTION_SET) {
- int ret = validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, tmp_literal.attribute_name, MAAT_OP_ADD, logger);
+ int ret = validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, tmp_literal.field_name, MAAT_OP_ADD, logger);
if (ret < 0) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> validate negate_option failed, line: %s",
@@ -728,7 +728,7 @@ build_condition_id_kv_hash(struct rule_runtime *rule_rt, int negate_option)
memset(&key, 0, sizeof(key));
- memcpy(key.attribute_name, tmp_literal->attribute_name, sizeof(key.attribute_name));
+ memcpy(key.field_name, tmp_literal->field_name, sizeof(key.field_name));
key.negate_option = condition->negate_option;
uuid_copy(key.object_uuid, tmp_literal->object_uuids[k]);
@@ -820,7 +820,7 @@ void rule_compile_state_reset(struct rule_compile_state *rule_compile_state)
utarray_clear(rule_compile_state->all_hit_conditions);
utarray_clear(rule_compile_state->exclude_not_conditions);
- struct attribute_hit_object_collection *attr_hit_obj = NULL, *tmp_hit_attr_obj = NULL;
+ struct field_hit_object_collection *attr_hit_obj = NULL, *tmp_hit_attr_obj = NULL;
HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj, tmp_hit_attr_obj) {
if (attr_hit_obj->direct_items != NULL) {
utarray_clear(attr_hit_obj->direct_items);
@@ -876,7 +876,7 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
rule_compile_state->exclude_not_conditions = NULL;
}
- struct attribute_hit_object_collection *attr_hit_obj = NULL, *tmp_hit_attr_obj = NULL;
+ struct field_hit_object_collection *attr_hit_obj = NULL, *tmp_hit_attr_obj = NULL;
HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj, tmp_hit_attr_obj) {
if (attr_hit_obj->direct_items != NULL) {
free_bytes += utarray_size(attr_hit_obj->direct_items) * sizeof(struct maat_item);
@@ -897,7 +897,7 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
}
HASH_DEL(rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj);
- free_bytes += sizeof(struct attribute_hit_object_collection);
+ free_bytes += sizeof(struct field_hit_object_collection);
FREE(attr_hit_obj);
}
@@ -918,7 +918,7 @@ void rule_compile_state_free(struct rule_compile_state *rule_compile_state,
static void
rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile_state,
uuid_t item_uuid, uuid_t object_uuid,
- const char *attribute_name, int negate_option, int Nth_scan)
+ const char *field_name, int negate_option, int Nth_scan)
{
if (NULL == rule_compile_state) {
return;
@@ -928,7 +928,7 @@ rule_compile_state_add_internal_hit_path(struct rule_compile_state *rule_compile
uuid_copy(new_path.item_uuid, item_uuid);
new_path.Nth_scan = Nth_scan;
uuid_copy(new_path.object_uuid, object_uuid);
- snprintf(new_path.attribute_name, sizeof(new_path.attribute_name), "%s", attribute_name);
+ snprintf(new_path.field_name, sizeof(new_path.field_name), "%s", field_name);
new_path.negate_option = negate_option;
utarray_push_back(rule_compile_state->internal_hit_paths, &new_path);
@@ -947,7 +947,7 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule,
for (size_t j = 0; j < utarray_len(condition->literals); j++) {
tmp_literal = (struct condition_literal *)utarray_eltptr(condition->literals, j);
- if (strcmp(tmp_literal->attribute_name, key->attribute_name) != 0) {
+ if (strcmp(tmp_literal->field_name, key->field_name) != 0) {
continue;
}
@@ -969,7 +969,7 @@ static int maat_rule_has_condition_query_key(struct maat_rule *rule,
static size_t
maat_rule_get_hit_condition_index(struct maat_rule *rule,
- const char *attribute_name, uuid_t *hit_object_uuid,
+ const char *field_name, uuid_t *hit_object_uuid,
int *condition_idx_array, size_t array_size)
{
size_t hit_condition_cnt = 0;
@@ -985,7 +985,7 @@ maat_rule_get_hit_condition_index(struct maat_rule *rule,
for (size_t j = 0; j < utarray_len(tmp_condition->literals); j++) {
tmp_literal = (struct condition_literal *)utarray_eltptr(tmp_condition->literals, j);
- if (strcmp(tmp_literal->attribute_name, attribute_name) != 0) {
+ if (strcmp(tmp_literal->field_name, field_name) != 0) {
continue;
}
@@ -1017,7 +1017,7 @@ maat_rule_is_hit_path_existed(const struct maat_hit_path *hit_paths,
static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
size_t array_idx, size_t n_hit_path,
- size_t *n_new_hit_path, const char *attribute_name,
+ size_t *n_new_hit_path, const char *field_name,
struct maat_rule *rule)
{
size_t i = 0;
@@ -1035,7 +1035,7 @@ static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
uuid_copy(hit_path_array[idx].rule_uuid, rule->rule_uuid);
// find out which condition in rule hit
n_condition_index =
- maat_rule_get_hit_condition_index(rule, attribute_name,
+ maat_rule_get_hit_condition_index(rule, field_name,
&hit_path_array[idx].top_object_uuid,
condition_index_array,
MAX_ITEMS_PER_BOOL_EXPR);
@@ -1056,7 +1056,7 @@ static void populate_hit_path_with_rule(struct maat_hit_path *hit_path_array,
hit_path_array[n_hit_path + new_hit_path_cnt] = tmp_path;
new_hit_path_cnt++;
n_condition_index =
- maat_rule_get_hit_condition_index(rule, attribute_name, &tmp_path.top_object_uuid,
+ maat_rule_get_hit_condition_index(rule, field_name, &tmp_path.top_object_uuid,
condition_index_array, MAX_ITEMS_PER_BOOL_EXPR);
hit_path_array[n_hit_path + new_hit_path_cnt - 1].condition_index = condition_index_array[0];
if (n_condition_index > 1) {
@@ -1106,11 +1106,11 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
uuid_copy(key.object_uuid, hit_path_array[j].top_object_uuid);
}
- memcpy(key.attribute_name, hit_path_array[j].attribute_name, sizeof(key.attribute_name));
+ memcpy(key.field_name, hit_path_array[j].field_name, sizeof(key.field_name));
key.negate_option = hit_path_array[j].negate_option;
if (maat_rule_has_condition_query_key(rule, &key)) {
populate_hit_path_with_rule(hit_path_array, j, n_hit_path,
- &n_new_hit_path, key.attribute_name, rule);
+ &n_new_hit_path, key.field_name, rule);
}
}
}
@@ -1121,7 +1121,7 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
static void
rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compile_state,
struct maat_item *hit_items,
- size_t n_hit_items, struct attribute_hit_object_collection * attr_hit_obj_coll)
+ size_t n_hit_items, struct field_hit_object_collection * attr_hit_obj_coll)
{
if (NULL == rule_compile_state || NULL == hit_items) {
return;
@@ -1135,7 +1135,7 @@ rule_compile_state_add_direct_hit_objects(struct rule_compile_state *rule_compil
static void
rule_compile_state_add_indirect_hit_objects(struct rule_compile_state *rule_compile_state,
uuid_t *object_uuids, size_t n_object_uuids,
- struct attribute_hit_object_collection * attr_hit_obj_coll)
+ struct field_hit_object_collection * attr_hit_obj_coll)
{
if (NULL == rule_compile_state || NULL == object_uuids) {
return;
@@ -1315,7 +1315,7 @@ static void rule_runtime_del_rule(struct rule_runtime *rule_rt,
if (condition->in_use && condition->negate_option == CONDITION_NEGATE_OPTION_SET) {
for (size_t j = 0; j < utarray_len(condition->literals); j++) {
struct condition_literal *literal = (struct condition_literal *)utarray_eltptr(condition->literals, j);
- validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, literal->attribute_name, MAAT_OP_DEL, logger);
+ validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, literal->field_name, MAAT_OP_DEL, logger);
}
}
}
@@ -1534,11 +1534,11 @@ int rule_runtime_match(int table_id, struct rule_runtime *rule_rt, uuid_t *rule_
rule_compile_rt_state->rule_rt_version = rule_rt->version;
}
- struct attribute_hit_object_collection *attr_hit_obj_coll = NULL, *tmp = NULL;
+ struct field_hit_object_collection *attr_hit_obj_coll = NULL, *tmp = NULL;
HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj_coll, tmp) {
struct condition_query_key key;
memset(&key, 0, sizeof(key));
- snprintf(key.attribute_name, sizeof(key.attribute_name), "%s", attr_hit_obj_coll->attribute_name);
+ snprintf(key.field_name, sizeof(key.field_name), "%s", attr_hit_obj_coll->field_name);
for (int i = 0; i < utarray_len(attr_hit_obj_coll->all_object_uuids); i++) {
uuid_t *object_uuid = utarray_eltptr(attr_hit_obj_coll->all_object_uuids, i);
@@ -1568,7 +1568,7 @@ int rule_runtime_match(int table_id, struct rule_runtime *rule_rt, uuid_t *rule_
//not conditions
struct condition_id_kv *condition_id_kv = NULL, *tmp_condition_id_kv = NULL;
HASH_ITER(hh, rule_rt->not_condition_id_kv_hash, condition_id_kv, tmp_condition_id_kv) {
- HASH_FIND_STR(rule_compile_state->attr_hit_objects_hashtbl, condition_id_kv->key.attribute_name, attr_hit_obj_coll);
+ HASH_FIND_STR(rule_compile_state->attr_hit_objects_hashtbl, condition_id_kv->key.field_name, attr_hit_obj_coll);
if (attr_hit_obj_coll == NULL || attr_hit_obj_coll->need_negate_condition == 0) {
continue;
}
@@ -1584,7 +1584,7 @@ int rule_runtime_match(int table_id, struct rule_runtime *rule_rt, uuid_t *rule_
uuid_clear(null_uuid);
rule_compile_state_add_internal_hit_path(rule_compile_state, null_uuid,
condition_id_kv->key.object_uuid,
- condition_id_kv->key.attribute_name, 1,
+ condition_id_kv->key.field_name, 1,
attr_hit_obj_coll->Nth_scan);
}
}
@@ -1635,28 +1635,28 @@ int rule_runtime_need_compile(int table_id, struct rule_runtime *rule_rt, struct
return 0;
}
-static struct attribute_hit_object_collection * rule_compile_state_get_attr_hit_obj_coll(struct maat *maat_inst, struct rule_compile_state *rule_compile_state,
- const char *attribute_name)
+static struct field_hit_object_collection * rule_compile_state_get_attr_hit_obj_coll(struct maat *maat_inst, struct rule_compile_state *rule_compile_state,
+ const char *field_name)
{
- struct attribute_hit_object_collection *attr_hit_obj_coll = NULL;
- HASH_FIND_STR(rule_compile_state->attr_hit_objects_hashtbl, attribute_name, attr_hit_obj_coll);
+ struct field_hit_object_collection *attr_hit_obj_coll = NULL;
+ HASH_FIND_STR(rule_compile_state->attr_hit_objects_hashtbl, field_name, attr_hit_obj_coll);
if (attr_hit_obj_coll == NULL) {
- attr_hit_obj_coll = ALLOC(struct attribute_hit_object_collection, 1);
- snprintf(attr_hit_obj_coll->attribute_name, sizeof(attr_hit_obj_coll->attribute_name), "%s", attribute_name);
+ attr_hit_obj_coll = ALLOC(struct field_hit_object_collection, 1);
+ snprintf(attr_hit_obj_coll->field_name, sizeof(attr_hit_obj_coll->field_name), "%s", field_name);
utarray_new(attr_hit_obj_coll->all_object_uuids, &ut_object_uuid_icd);
if (1 == maat_inst->opts.hit_object_on) {
utarray_new(attr_hit_obj_coll->direct_items, &ut_maat_item_icd);
utarray_new(attr_hit_obj_coll->indirect_object_uuids, &ut_object_uuid_icd);
}
- HASH_ADD_STR(rule_compile_state->attr_hit_objects_hashtbl, attribute_name, attr_hit_obj_coll);
+ HASH_ADD_STR(rule_compile_state->attr_hit_objects_hashtbl, field_name, attr_hit_obj_coll);
}
return attr_hit_obj_coll;
}
static int rule_compile_state_add_hit_objects(struct rule_compile_state *rule_compile_state,
- struct attribute_hit_object_collection * attr_hit_obj_coll,
+ struct field_hit_object_collection * attr_hit_obj_coll,
uuid_t object_uuids[], size_t n_object_uuids)
{
int object_uuid_idx_array[n_object_uuids];
@@ -1686,7 +1686,7 @@ static int rule_compile_state_add_hit_objects(struct rule_compile_state *rule_co
}
int rule_compile_state_update(struct rule_compile_state *rule_compile_state, struct maat *maat_inst,
- const char *attribute_name, int custom_rule_tbl_id, int Nth_scan,
+ const char *field_name, int custom_rule_tbl_id, int Nth_scan,
struct maat_item *hit_items, size_t n_hit_item)
{
size_t i = 0, j = 0;
@@ -1707,13 +1707,13 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
hit_cnt, super_object_uuids,
MAX_HIT_OBJECT_NUM);
- struct attribute_hit_object_collection * attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name);
+ struct field_hit_object_collection * attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL);
if (1 == maat_inst->opts.hit_path_on && hit_cnt > 0) {
for (i = 0; i < hit_cnt; i++) {
rule_compile_state_add_internal_hit_path(rule_compile_state, hit_items[i].item_uuid,
- hit_items[i].object_uuid, attribute_name, 0, Nth_scan);
+ hit_items[i].object_uuid, field_name, 0, Nth_scan);
}
}
@@ -1737,13 +1737,13 @@ int rule_compile_state_update(struct rule_compile_state *rule_compile_state, str
return hit_cnt;
}
-void rule_compile_state_not_logic_update(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name, int Nth_scan)
+void rule_compile_state_not_logic_update(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name, int Nth_scan)
{
if (NULL == maat_inst || NULL == rule_compile_state) {
return;
}
- struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name);
+ struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL);
attr_hit_obj_coll->need_negate_condition = 1;
@@ -1759,9 +1759,9 @@ void rule_compile_state_not_logic_update(struct maat *maat_inst, struct rule_com
}
size_t rule_compile_state_get_indirect_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state,
- const char *attribute_name, uuid_t object_array[], size_t array_size)
+ const char *field_name, uuid_t object_array[], size_t array_size)
{
- struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name);
+ struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL);
size_t i = 0;
@@ -1774,20 +1774,20 @@ size_t rule_compile_state_get_indirect_hit_objects(struct maat *maat_inst, struc
return i;
}
-size_t rule_compile_state_get_indirect_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name)
+size_t rule_compile_state_get_indirect_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name)
{
- struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name);
+ struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL);
return utarray_len(attr_hit_obj_coll->indirect_object_uuids);
}
-size_t rule_compile_state_get_direct_hit_items(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name,
+size_t rule_compile_state_get_direct_hit_items(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name,
uuid_t item_array[], uuid_t direct_object_array[], size_t array_size)
{
size_t i = 0;
- struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name);
+ struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL);
for (i = 0; i < utarray_len(attr_hit_obj_coll->direct_items) && i < array_size; i++) {
@@ -1800,18 +1800,18 @@ size_t rule_compile_state_get_direct_hit_items(struct maat * maat_inst, struct r
return i;
}
-size_t rule_compile_state_get_direct_hit_item_cnt(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name)
+size_t rule_compile_state_get_direct_hit_item_cnt(struct maat * maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name)
{
- struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name);
+ struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL);
return utarray_len(attr_hit_obj_coll->direct_items);
}
-size_t rule_compile_state_get_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name,
+size_t rule_compile_state_get_hit_objects(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name,
uuid_t object_array[], size_t array_size)
{
- struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name);
+ struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL);
size_t i = 0;
@@ -1822,20 +1822,20 @@ size_t rule_compile_state_get_hit_objects(struct maat *maat_inst, struct rule_co
return i;
}
-size_t rule_compile_state_get_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *attribute_name)
+size_t rule_compile_state_get_hit_object_cnt(struct maat *maat_inst, struct rule_compile_state *rule_compile_state, const char *field_name)
{
- struct attribute_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, attribute_name);
+ struct field_hit_object_collection *attr_hit_obj_coll = rule_compile_state_get_attr_hit_obj_coll(maat_inst, rule_compile_state, field_name);
assert(attr_hit_obj_coll != NULL);
return utarray_len(attr_hit_obj_coll->all_object_uuids);
}
-size_t rule_compile_state_get_attribute_names(struct rule_compile_state *rule_compile_state, const char *attribute_name_array[], size_t array_size)
+size_t rule_compile_state_get_field_names(struct rule_compile_state *rule_compile_state, const char *field_name_array[], size_t array_size)
{
size_t i = 0;
- struct attribute_hit_object_collection *attr_hit_obj_coll = NULL, *tmp = NULL;
+ struct field_hit_object_collection *attr_hit_obj_coll = NULL, *tmp = NULL;
HASH_ITER(hh, rule_compile_state->attr_hit_objects_hashtbl, attr_hit_obj_coll, tmp) {
- attribute_name_array[i] = attr_hit_obj_coll->attribute_name;
+ field_name_array[i] = attr_hit_obj_coll->field_name;
i++;
if (i >= array_size) {
break;
@@ -1845,7 +1845,7 @@ size_t rule_compile_state_get_attribute_names(struct rule_compile_state *rule_co
return i;
}
-size_t rule_compile_state_get_attribute_cnt(struct rule_compile_state *rule_compile_state)
+size_t rule_compile_state_get_field_cnt(struct rule_compile_state *rule_compile_state)
{
return HASH_COUNT(rule_compile_state->attr_hit_objects_hashtbl);
}
@@ -1898,7 +1898,7 @@ size_t rule_compile_state_get_internal_hit_paths(struct rule_compile_state *rule
uuid_copy(tmp_path.sub_object_uuid, internal_path->object_uuid);
uuid_copy(tmp_path.top_object_uuid, *p);
- memcpy(tmp_path.attribute_name, internal_path->attribute_name, sizeof(tmp_path.attribute_name));
+ memcpy(tmp_path.field_name, internal_path->field_name, sizeof(tmp_path.field_name));
tmp_path.negate_option = internal_path->negate_option;
tmp_path.condition_index = -1;
uuid_clear(tmp_path.rule_uuid);
diff --git a/src/maat_table.c b/src/maat_table.c
index 54377ee..7cd1997 100644
--- a/src/maat_table.c
+++ b/src/maat_table.c
@@ -42,12 +42,6 @@ struct maat_table {
void *updating_runtime;
};
-struct maat_attribute {
- int table_id;
- int attr_id;
- char attr_name[MAX_NAME_STR_LEN + 1];
-};
-
struct table_manager {
struct maat_table *tbl[MAX_TABLE_NUM];
size_t n_table;
diff --git a/test/benchmark/benchmark_gtest.cpp b/test/benchmark/benchmark_gtest.cpp
index f09ce7a..f835d16 100644
--- a/test/benchmark/benchmark_gtest.cpp
+++ b/test/benchmark/benchmark_gtest.cpp
@@ -136,7 +136,7 @@ void generate_rule_sample(const char *table_name, int sample_count)
fclose(fp);
}
-void generate_object2rule_sample(const char *table_name, const char *attribute_name,
+void generate_object2rule_sample(const char *table_name, const char *field_name,
int sample_count)
{
FILE *fp = fopen(table_name, "w+");
@@ -148,7 +148,7 @@ void generate_object2rule_sample(const char *table_name, const char *attribute_n
fprintf(fp, "%d\n", sample_count);
for (int i = 0; i < sample_count; i++) {
- fprintf(fp, "%d\t%d\t0\t%s\t1\t1\n", i+1, 100+i, attribute_name);
+ fprintf(fp, "%d\t%d\t0\t%s\t1\t1\n", i+1, 100+i, field_name);
}
fclose(fp);
diff --git a/test/benchmark/benchmark_table_info.conf b/test/benchmark/benchmark_table_info.conf
index ad60009..c10226d 100644
--- a/test/benchmark/benchmark_table_info.conf
+++ b/test/benchmark/benchmark_table_info.conf
@@ -573,7 +573,7 @@
"object_id":1,
"rule_id":2,
"negate_option":3,
- "attribute_name":4,
+ "field_name":4,
"condition_index":5
}
},
diff --git a/test/json_update/corrupted.json b/test/json_update/corrupted.json
index dedd097..9ff4224 100644
--- a/test/json_update/corrupted.json
+++ b/test/json_update/corrupted.json
@@ -13,7 +13,7 @@
"and_conditions": [
{
"object_name": "Untitled",
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"items": [
diff --git a/test/json_update/new.json b/test/json_update/new.json
index 38329ab..1be32fc 100644
--- a/test/json_update/new.json
+++ b/test/json_update/new.json
@@ -12,7 +12,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"items": [
diff --git a/test/json_update/old.json b/test/json_update/old.json
index b7d7462..4e06e5e 100644
--- a/test/json_update/old.json
+++ b/test/json_update/old.json
@@ -12,7 +12,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"items": [
diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp
index 41c879d..6d3b26a 100644
--- a/test/maat_framework_gtest.cpp
+++ b/test/maat_framework_gtest.cpp
@@ -47,7 +47,7 @@ static int test_add_expr_command(struct maat *maat_inst, const char *expr_table,
and_condition->or_condition_num = 1;
and_condition->negate_option = 0;
- and_condition->or_conditions[0].attribute_name = attr_name;
+ and_condition->or_conditions[0].field_name = attr_name;
and_condition->or_conditions[0].object_uuids_str[0] = object_uuid_str;
and_condition->or_conditions[0].object_num = 1;
ret = rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_ADD,
@@ -108,7 +108,7 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old)
{
const char *hit_old_data = "Hello world! I'm eve.";
const char *hit_new_data = "Maat was borned in MESA.";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
const char *table_name = "HTTP_URL";
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
@@ -116,7 +116,7 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old)
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, hit_old_data,
+ int ret = maat_scan_string(maat_inst, table_name, field_name, hit_old_data,
strlen(hit_old_data), state);
if (is_old) {
EXPECT_EQ(ret, MAAT_SCAN_HIT);
@@ -124,7 +124,7 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old)
EXPECT_EQ(ret, MAAT_SCAN_OK);
}
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -139,7 +139,7 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old)
}
maat_state_reset(state);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, hit_new_data,
+ ret = maat_scan_string(maat_inst, table_name, field_name, hit_new_data,
strlen(hit_new_data), state);
if (!is_old) {
EXPECT_EQ(ret, MAAT_SCAN_HIT);
@@ -147,7 +147,7 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old)
EXPECT_EQ(ret, MAAT_SCAN_OK);
}
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -232,7 +232,7 @@ struct log_handle *FlagScan::logger;
TEST_F(FlagScan, basic) {
const char *flag_table_name = "FLAG_CONFIG";
- const char *attribute_name = "FLAG_CONFIG";
+ const char *field_name = "FLAG_CONFIG";
struct maat *maat_inst = FlagScan::_shared_maat_inst;
//rule_id:192 flag: 0000 0001 mask: 0000 0011
@@ -245,10 +245,10 @@ TEST_F(FlagScan, basic) {
memset(results, 0, sizeof(results));
- int ret = maat_scan_flag(maat_inst, flag_table_name, attribute_name, scan_data, state);
+ int ret = maat_scan_flag(maat_inst, flag_table_name, field_name, scan_data, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, flag_table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, flag_table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -270,10 +270,10 @@ TEST_F(FlagScan, basic) {
scan_data = 13;
memset(results, 0, sizeof(results));
n_hit_result = 0;
- ret = maat_scan_flag(maat_inst, flag_table_name, attribute_name, scan_data, state);
+ ret = maat_scan_flag(maat_inst, flag_table_name, field_name, scan_data, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, flag_table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, flag_table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -289,10 +289,10 @@ TEST_F(FlagScan, basic) {
scan_data = 6;
memset(results, 0, sizeof(results));
n_hit_result = 0;
- ret = maat_scan_flag(maat_inst, flag_table_name, attribute_name, scan_data, state);
+ ret = maat_scan_flag(maat_inst, flag_table_name, field_name, scan_data, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, flag_table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, flag_table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -304,9 +304,9 @@ TEST_F(FlagScan, basic) {
TEST_F(FlagScan, withExprRegion) {
const char *flag_table_name = "FLAG_CONFIG";
- const char *flag_attribute_name = "FLAG_CONFIG";
+ const char *flag_field_name = "FLAG_CONFIG";
const char *expr_table_name = "HTTP_URL";
- const char *expr_attribute_name = "HTTP_URL";
+ const char *expr_field_name = "HTTP_URL";
struct maat *maat_inst = FlagScan::_shared_maat_inst;
//rule_id:193 flag: 0000 0010 mask: 0000 0011
@@ -319,10 +319,10 @@ TEST_F(FlagScan, withExprRegion) {
memset(results, 0, sizeof(results));
- int ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data, state);
+ int ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -336,11 +336,11 @@ TEST_F(FlagScan, withExprRegion) {
EXPECT_NE(n_read, 0);
const char *expr_scan_data = "hello world";
- ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, expr_scan_data,
+ ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, expr_scan_data,
strlen(expr_scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -355,7 +355,7 @@ TEST_F(FlagScan, withExprRegion) {
TEST_F(FlagScan, hitMultiRule) {
const char *flag_table_name = "FLAG_CONFIG";
- const char *flag_attribute_name = "FLAG_CONFIG";
+ const char *flag_field_name = "FLAG_CONFIG";
struct maat *maat_inst = FlagScan::_shared_maat_inst;
//rule_id:192 flag: 0000 0001 mask: 0000 0011
@@ -369,10 +369,10 @@ TEST_F(FlagScan, hitMultiRule) {
memset(results, 0, sizeof(results));
- int ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data, state);
+ int ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -388,10 +388,10 @@ TEST_F(FlagScan, hitMultiRule) {
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000192");
memset(results, 0, sizeof(results));
- ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data, state);
+ ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -410,7 +410,7 @@ TEST_F(FlagScan, hitMultiRule) {
TEST_F(FlagScan, hitRepeatedRule) {
const char *flag_table_name = "FLAG_CONFIG";
- const char *flag_attribute_name = "FLAG_CONFIG";
+ const char *flag_field_name = "FLAG_CONFIG";
struct maat *maat_inst = FlagScan::_shared_maat_inst;
uuid_t results[ARRAY_SIZE];
@@ -423,10 +423,10 @@ TEST_F(FlagScan, hitRepeatedRule) {
//rule_id:192 flag: 0000 0001 mask: 0000 0011
//scan_data: 0000 1001 or 0000 1101 should hit
long long flag_scan_data1 = 9;
- int ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data1, state);
+ int ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data1, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -442,10 +442,10 @@ TEST_F(FlagScan, hitRepeatedRule) {
//scan_data: 0001 0101 should hit rule192 and rule194
long long flag_scan_data2 = 21;
memset(results, 0, sizeof(results));
- ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data2, state);
+ ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data2, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -458,10 +458,10 @@ TEST_F(FlagScan, hitRepeatedRule) {
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000192");
memset(results, 0, sizeof(results));
- ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data2, state);
+ ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data2, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -553,7 +553,7 @@ const char *StringScan::current_expr_engine = nullptr;
TEST_P(StringScan, ScanDataOnlyOneByte) {
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
struct maat *maat_inst = StringScan::_shared_maat_inst;
uuid_t results[ARRAY_SIZE];
@@ -563,11 +563,11 @@ TEST_P(StringScan, ScanDataOnlyOneByte) {
const char scan_data = 0x20;
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, &scan_data, sizeof(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, &scan_data, sizeof(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
EXPECT_EQ(n_hit_result, 0);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -579,7 +579,7 @@ TEST_P(StringScan, ScanDataOnlyOneByte) {
TEST_P(StringScan, Full) {
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
struct maat *maat_inst = StringScan::_shared_maat_inst;
uuid_t results[ARRAY_SIZE];
@@ -590,10 +590,10 @@ TEST_P(StringScan, Full) {
"?action=search&query=username,abckkk,1234567";
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -613,15 +613,15 @@ TEST_P(StringScan, Regex) {
int thread_id = 0;
const char *scan_data = "Cookie: Txa123aheadBCAxd";
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
struct maat *maat_inst = StringScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -641,15 +641,15 @@ TEST_P(StringScan, RegexUnicode) {
int thread_id = 0;
const char *scan_data = "String contains É";
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
struct maat *maat_inst = StringScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -668,16 +668,16 @@ TEST_P(StringScan, BackslashR_N_Escape) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
const char *payload = "GET / HTTP/1.1\r\nHost: www.baidu.com\r\n\r\n";
struct maat *maat_inst = StringScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, payload, strlen(payload), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -696,16 +696,16 @@ TEST_P(StringScan, BackslashR_N_Escape_IncUpdate) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
const char *payload = "html>\\r\\n";
struct maat *maat_inst = StringScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, payload, strlen(payload), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -740,7 +740,7 @@ TEST_P(StringScan, BackslashR_N_Escape_IncUpdate) {
struct maat_cmd_and_condition and_condition;
and_condition.or_condition_num = 1;
and_condition.negate_option = 0;
- and_condition.or_conditions[0].attribute_name = attribute_name;
+ and_condition.or_conditions[0].field_name = field_name;
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
and_condition.or_conditions[0].object_num = 1;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -749,10 +749,10 @@ TEST_P(StringScan, BackslashR_N_Escape_IncUpdate) {
sleep(WAIT_FOR_EFFECTIVE_S * 3);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, payload, strlen(payload), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -773,16 +773,16 @@ TEST_P(StringScan, BackslashCtrlCharactor)
size_t n_hit_result = 0;
int thread_id = 0;
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
const char *payload = "()abc^$def|";
struct maat *maat_inst = StringScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, payload, strlen(payload), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -798,7 +798,7 @@ TEST_P(StringScan, BackslashCtrlCharactor)
TEST_P(StringScan, Expr8) {
int thread_id = 0;
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
struct maat *maat_inst = StringScan::_shared_maat_inst;
char scan_data[128] = "string1, string2, string3, string4, string5, "
"string6, string7, string8";
@@ -808,10 +808,10 @@ TEST_P(StringScan, Expr8) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -833,7 +833,7 @@ TEST_P(StringScan, Expr8) {
TEST_P(StringScan, HexBinCaseSensitive) {
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
const char *scan_data1 = "String TeST should not hit.";
const char *scan_data2 = "String TEST should hit";
struct maat *maat_inst = StringScan::_shared_maat_inst;
@@ -844,10 +844,10 @@ TEST_P(StringScan, HexBinCaseSensitive) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -855,10 +855,10 @@ TEST_P(StringScan, HexBinCaseSensitive) {
maat_state_reset(state);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data2, strlen(scan_data2), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data2, strlen(scan_data2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -875,7 +875,7 @@ TEST_P(StringScan, HexBinCaseSensitive) {
TEST_P(StringScan, HexbinCombineString)
{
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
const char *scan_data1 = "abcd ABCD";
const char *scan_data2 = "abcd abCD";
struct maat *maat_inst = StringScan::_shared_maat_inst;
@@ -886,10 +886,10 @@ TEST_P(StringScan, HexbinCombineString)
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -897,10 +897,10 @@ TEST_P(StringScan, HexbinCombineString)
maat_state_reset(state);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data2, strlen(scan_data2), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data2, strlen(scan_data2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -932,7 +932,7 @@ TEST_P(StringScan, BugReport20190325) {
0x00, 0x31, 0x3a, 0x47, 0x32, 0x2e, 0x34, 0x30,
0x00};
const char *table_name = "TROJAN_PAYLOAD";
- const char *attribute_name = "TROJAN_PAYLOAD";
+ const char *field_name = "TROJAN_PAYLOAD";
struct maat *maat_inst = StringScan::_shared_maat_inst;
int thread_id = 0;
@@ -941,11 +941,11 @@ TEST_P(StringScan, BugReport20190325) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, (char *)scan_data,
+ int ret = maat_scan_string(maat_inst, table_name, field_name, (char *)scan_data,
sizeof(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -963,9 +963,9 @@ TEST_P(StringScan, PrefixAndSuffix) {
const char *hit_suffix = "11111111111ceshi3@mailhost.cn";
const char *hit_prefix = "ceshi3@mailhost.cn11111111111";
const char *cont_sz_table_name = "CONTENT_SIZE";
- const char *cont_sz_attribute_name = "CONTENT_SIZE";
+ const char *cont_sz_field_name = "CONTENT_SIZE";
const char *mail_addr_table_name = "MAIL_ADDR";
- const char *mail_addr_attribute_name = "MAIL_ADDR";
+ const char *mail_addr_field_name = "MAIL_ADDR";
struct maat *maat_inst = StringScan::_shared_maat_inst;
int thread_id = 0;
@@ -974,17 +974,17 @@ TEST_P(StringScan, PrefixAndSuffix) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- int ret = maat_scan_integer(maat_inst, cont_sz_table_name, cont_sz_attribute_name, 2015, state);
+ int ret = maat_scan_integer(maat_inst, cont_sz_table_name, cont_sz_field_name, 2015, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, cont_sz_table_name, cont_sz_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, cont_sz_table_name, cont_sz_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_attribute_name, hit_twice,
+ ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_field_name, hit_twice,
strlen(hit_twice), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -996,10 +996,10 @@ TEST_P(StringScan, PrefixAndSuffix) {
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000152");
maat_state_reset(state);
- ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_attribute_name, hit_suffix,
+ ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_field_name, hit_suffix,
strlen(hit_suffix), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1007,17 +1007,17 @@ TEST_P(StringScan, PrefixAndSuffix) {
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151");
- ret = maat_scan_integer(maat_inst, cont_sz_table_name, cont_sz_attribute_name, 2015, state);
+ ret = maat_scan_integer(maat_inst, cont_sz_table_name, cont_sz_field_name, 2015, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, cont_sz_table_name, cont_sz_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, cont_sz_table_name, cont_sz_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_attribute_name, hit_prefix,
+ ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_field_name, hit_prefix,
strlen(hit_prefix), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1034,7 +1034,7 @@ TEST_P(StringScan, PrefixAndSuffix) {
TEST_P(StringScan, MaatUnescape) {
const char *scan_data = "Batman\\:Take me Home.Superman/:Fine,stay with me.";
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
struct maat *maat_inst = StringScan::_shared_maat_inst;
int thread_id = 0;
@@ -1043,10 +1043,10 @@ TEST_P(StringScan, MaatUnescape) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1061,7 +1061,7 @@ TEST_P(StringScan, MaatUnescape) {
TEST_P(StringScan, OffsetChunk64) {
const char *table_name = "IMAGE_FP";
- const char *attribute_name = "IMAGE_FP";
+ const char *field_name = "IMAGE_FP";
const char *file_name = "./testdata/mesa_logo.jpg";
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
@@ -1076,7 +1076,7 @@ TEST_P(StringScan, OffsetChunk64) {
memset(results, 0, sizeof(results));
- struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state);
+ struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state);
ASSERT_TRUE(sp != NULL);
int ret = 0;
@@ -1090,7 +1090,7 @@ TEST_P(StringScan, OffsetChunk64) {
break;
}
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
if (ret > 0) {
pass_flag = 1;
break;
@@ -1111,7 +1111,7 @@ TEST_P(StringScan, OffsetChunk64) {
TEST_P(StringScan, OffsetChunk1460) {
const char *table_name = "IMAGE_FP";
- const char *attribute_name = "IMAGE_FP";
+ const char *field_name = "IMAGE_FP";
const char *file_name = "./testdata/mesa_logo.jpg";
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
@@ -1126,7 +1126,7 @@ TEST_P(StringScan, OffsetChunk1460) {
memset(results, 0, sizeof(results));
- struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state);
+ struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state);
ASSERT_TRUE(sp != NULL);
int ret = 0;
@@ -1140,7 +1140,7 @@ TEST_P(StringScan, OffsetChunk1460) {
break;
}
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
if (ret > 0) {
pass_flag = 1;
break;
@@ -1161,7 +1161,7 @@ TEST_P(StringScan, OffsetChunk1460) {
TEST_P(StringScan, StreamScanUTF8) {
const char *table_name = "TROJAN_PAYLOAD";
- const char *attribute_name = "TROJAN_PAYLOAD";
+ const char *field_name = "TROJAN_PAYLOAD";
const char* file_name = "./testdata/jd.com.html";
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
@@ -1174,7 +1174,7 @@ TEST_P(StringScan, StreamScanUTF8) {
ASSERT_FALSE(fp == NULL);
memset(results, 0, sizeof(results));
- struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state);
+ struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state);
ASSERT_FALSE(sp == NULL);
int pass_flag = 0;
@@ -1186,7 +1186,7 @@ TEST_P(StringScan, StreamScanUTF8) {
break;
}
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
if (ret == MAAT_SCAN_HIT) {
pass_flag = 1;
break;
@@ -1211,7 +1211,7 @@ TEST_P(StringScan, StreamScanUTF8) {
TEST_P(StringScan, InvisibleCharactor) {
const char *hex_data = "00A12B3CEEFF";
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
struct maat *maat_inst = StringScan::_shared_maat_inst;
int thread_id = 0;
@@ -1228,10 +1228,10 @@ TEST_P(StringScan, InvisibleCharactor) {
}
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, (char*)binary_data, binary_data_length, state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, (char*)binary_data, binary_data_length, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1251,27 +1251,27 @@ TEST_P(StringScan, StreamInput) {
struct maat *maat_inst = StringScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
const char *scan_data1 = "www.cyberessays.com";
const char *scan_data2 = "http://www.cyberessays.com/search_results.php?"
"action=search&query=yulingjing,abckkk,1234567";
memset(results, 0, sizeof(results));
- struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state);
+ struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state);
ASSERT_TRUE(sp != NULL);
int ret = maat_stream_scan(sp, scan_data1, strlen(scan_data1), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
ret = maat_stream_scan(sp, scan_data2, strlen(scan_data2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
maat_stream_free(sp);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1293,19 +1293,19 @@ TEST_P(StringScan, StreamHitDirectObject) {
struct maat *maat_inst = StringScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
const char *table_name_url = "HTTP_URL";
- const char *attribute_name_url = "HTTP_URL";
+ const char *field_name_url = "HTTP_URL";
const char *scan_data1 = "www.3300av.com";
const char *scan_data2 = "sdadhuadhasdgufgh;sdfhjaufhiwebfiusdafhaos;dhfaluhjweh";
memset(results, 0, sizeof(results));
- struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, attribute_name_url, state);
+ struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, field_name_url, state);
ASSERT_TRUE(sp != NULL);
ret = maat_stream_scan(sp, scan_data1, strlen(scan_data1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name_url, attribute_name_url, state);
+ ret = maat_scan_not_logic(maat_inst, table_name_url, field_name_url, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1316,24 +1316,24 @@ TEST_P(StringScan, StreamHitDirectObject) {
uuid_t object_uuid_array[ARRAY_SIZE];
uuid_t item_uuid_array[ARRAY_SIZE];
- ret = maat_state_get_hit_items(state, attribute_name_url, item_uuid_array, object_uuid_array, ARRAY_SIZE);
+ ret = maat_state_get_hit_items(state, field_name_url, item_uuid_array, object_uuid_array, ARRAY_SIZE);
EXPECT_EQ(ret, 1);
uuid_unparse(object_uuid_array[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000112");
ret = maat_stream_scan(sp, scan_data2, strlen(scan_data2), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_state_get_hit_item_cnt(state, attribute_name_url);
+ ret = maat_state_get_hit_item_cnt(state, field_name_url);
EXPECT_EQ(ret, 0);
maat_stream_free(sp);
maat_state_reset(state);
- const char *attribute_name_sig = "HTTP_SIGNATURE";
+ const char *field_name_sig = "HTTP_SIGNATURE";
const char *table_name_sig = "HTTP_SIGNATURE";
const char *scan_data3 = "abckkk";
const char *scan_data4 = "123";
- sp = maat_stream_new(maat_inst, table_name_sig, attribute_name_sig, state);
+ sp = maat_stream_new(maat_inst, table_name_sig, field_name_sig, state);
ASSERT_TRUE(sp != NULL);
ret = maat_stream_scan(sp, scan_data3, strlen(scan_data3), state);
@@ -1342,7 +1342,7 @@ TEST_P(StringScan, StreamHitDirectObject) {
ret = maat_stream_scan(sp, scan_data4, strlen(scan_data4), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name_sig, attribute_name_sig, state);
+ ret = maat_scan_not_logic(maat_inst, table_name_sig, field_name_sig, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1350,7 +1350,7 @@ TEST_P(StringScan, StreamHitDirectObject) {
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000128");
- ret = maat_state_get_hit_items(state, attribute_name_sig, item_uuid_array, object_uuid_array, ARRAY_SIZE);
+ ret = maat_state_get_hit_items(state, field_name_sig, item_uuid_array, object_uuid_array, ARRAY_SIZE);
EXPECT_EQ(ret, 1);
uuid_unparse(object_uuid_array[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000107");
@@ -1359,7 +1359,7 @@ TEST_P(StringScan, StreamHitDirectObject) {
ret = maat_stream_scan(sp, scan_data4, strlen(scan_data4), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_state_get_hit_items(state, attribute_name_sig, item_uuid_array, object_uuid_array, ARRAY_SIZE);
+ ret = maat_state_get_hit_items(state, field_name_sig, item_uuid_array, object_uuid_array, ARRAY_SIZE);
EXPECT_EQ(ret, 1);
uuid_unparse(object_uuid_array[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000107");
@@ -1378,17 +1378,17 @@ TEST_P(StringScan, StreamLiteralPrefix)
struct maat *maat_inst = StringScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
const char *table_name_url = "KEYWORDS_TABLE";
- const char *attribute_name_url = "KEYWORDS_TABLE";
+ const char *field_name_url = "KEYWORDS_TABLE";
const char *scan_data = "test-literal-prefix abcd";
memset(results, 0, sizeof(results));
- struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, attribute_name_url, state);
+ struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, field_name_url, state);
ASSERT_TRUE(sp != NULL);
ret = maat_stream_scan(sp, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name_url, attribute_name_url, state);
+ ret = maat_scan_not_logic(maat_inst, table_name_url, field_name_url, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1411,17 +1411,17 @@ TEST_P(StringScan, StreamLiteralSuffix)
struct maat *maat_inst = StringScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
const char *table_name_url = "KEYWORDS_TABLE";
- const char *attribute_name_url = "KEYWORDS_TABLE";
+ const char *field_name_url = "KEYWORDS_TABLE";
const char *scan_data = "abcd test-literal-suffix";
memset(results, 0, sizeof(results));
- struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, attribute_name_url, state);
+ struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, field_name_url, state);
ASSERT_TRUE(sp != NULL);
ret = maat_stream_scan(sp, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name_url, attribute_name_url, state);
+ ret = maat_scan_not_logic(maat_inst, table_name_url, field_name_url, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1444,17 +1444,17 @@ TEST_P(StringScan, StreamRegexPrefix)
struct maat *maat_inst = StringScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
const char *table_name_url = "KEYWORDS_TABLE";
- const char *attribute_name_url = "KEYWORDS_TABLE";
+ const char *field_name_url = "KEYWORDS_TABLE";
const char *scan_data = "test-regex-prefix abcd";
memset(results, 0, sizeof(results));
- struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, attribute_name_url, state);
+ struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, field_name_url, state);
ASSERT_TRUE(sp != NULL);
ret = maat_stream_scan(sp, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name_url, attribute_name_url, state);
+ ret = maat_scan_not_logic(maat_inst, table_name_url, field_name_url, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1477,17 +1477,17 @@ TEST_P(StringScan, StreamRegexSuffix)
struct maat *maat_inst = StringScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
const char *table_name_url = "KEYWORDS_TABLE";
- const char *attribute_name_url = "KEYWORDS_TABLE";
+ const char *field_name_url = "KEYWORDS_TABLE";
const char *scan_data = "abcd test-regex-suffix";
memset(results, 0, sizeof(results));
- struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, attribute_name_url, state);
+ struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, field_name_url, state);
ASSERT_TRUE(sp != NULL);
ret = maat_stream_scan(sp, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name_url, attribute_name_url, state);
+ ret = maat_scan_not_logic(maat_inst, table_name_url, field_name_url, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1504,7 +1504,7 @@ TEST_P(StringScan, StreamRegexSuffix)
TEST_P(StringScan, LiteralPrefix)
{
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
struct maat *maat_inst = StringScan::_shared_maat_inst;
uuid_t results[ARRAY_SIZE];
@@ -1514,9 +1514,9 @@ TEST_P(StringScan, LiteralPrefix)
const char *scan_data = "test-literal-prefix abcde";
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1532,7 +1532,7 @@ TEST_P(StringScan, LiteralPrefix)
TEST_P(StringScan, LiteralSuffix)
{
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
struct maat *maat_inst = StringScan::_shared_maat_inst;
uuid_t results[ARRAY_SIZE];
@@ -1542,9 +1542,9 @@ TEST_P(StringScan, LiteralSuffix)
const char *scan_data = "abcd test-literal-suffix";
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1560,7 +1560,7 @@ TEST_P(StringScan, LiteralSuffix)
TEST_P(StringScan, RegexPrefix)
{
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
struct maat *maat_inst = StringScan::_shared_maat_inst;
uuid_t results[ARRAY_SIZE];
@@ -1570,9 +1570,9 @@ TEST_P(StringScan, RegexPrefix)
const char *scan_data = "test-regex-prefix abcde";
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1588,7 +1588,7 @@ TEST_P(StringScan, RegexPrefix)
TEST_P(StringScan, RegexSuffix)
{
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
struct maat *maat_inst = StringScan::_shared_maat_inst;
uuid_t results[ARRAY_SIZE];
@@ -1598,9 +1598,9 @@ TEST_P(StringScan, RegexSuffix)
const char *scan_data = "abcd test-regex-suffix";
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1615,7 +1615,7 @@ TEST_P(StringScan, RegexSuffix)
TEST_P(StringScan, dynamic_config) {
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
char data[128] = "hello world, welcome to maat version4, it's funny.";
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
@@ -1625,10 +1625,10 @@ TEST_P(StringScan, dynamic_config) {
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, data, strlen(data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, data, strlen(data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1659,7 +1659,7 @@ TEST_P(StringScan, dynamic_config) {
struct maat_cmd_and_condition and_condition;
and_condition.negate_option = 0;
and_condition.or_condition_num = 1;
- and_condition.or_conditions[0].attribute_name = attribute_name;
+ and_condition.or_conditions[0].field_name = field_name;
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -1668,9 +1668,9 @@ TEST_P(StringScan, dynamic_config) {
sleep(WAIT_FOR_EFFECTIVE_S * 3);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, data, strlen(data), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, data, strlen(data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1693,9 +1693,9 @@ TEST_P(StringScan, dynamic_config) {
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, data, strlen(data), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, data, strlen(data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1761,7 +1761,7 @@ struct maat *StreamScan::_shared_maat_inst;
TEST_P(StreamScan, dynamic_config) {
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
const char *keywords1 = "hello";
char keyword_buf[128];
uuid_t results[ARRAY_SIZE];
@@ -1778,14 +1778,14 @@ TEST_P(StreamScan, dynamic_config) {
char rule1_uuid_str[UUID_STR_LEN] = {0};
snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id);
struct maat_cmd_and_condition and_condition;
- int ret = test_add_expr_command(maat_inst, table_name, attribute_name, rule1_uuid_str, 0, keywords1, &and_condition);
+ int ret = test_add_expr_command(maat_inst, table_name, field_name, rule1_uuid_str, 0, keywords1, &and_condition);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
memset(results, 0, sizeof(results));
- struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state);
+ struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state);
ASSERT_TRUE(sp != NULL);
ret = maat_stream_scan(sp, scan_data1, strlen(scan_data1), state);
@@ -1794,7 +1794,7 @@ TEST_P(StreamScan, dynamic_config) {
ret = maat_stream_scan(sp, scan_data2, strlen(scan_data2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1810,7 +1810,7 @@ TEST_P(StreamScan, dynamic_config) {
long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
char rule2_uuid_str[UUID_STR_LEN] = {0};
snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id);
- ret = test_add_expr_command(maat_inst, table_name, attribute_name, rule2_uuid_str, 0, keyword_buf, &and_condition);
+ ret = test_add_expr_command(maat_inst, table_name, field_name, rule2_uuid_str, 0, keyword_buf, &and_condition);
EXPECT_EQ(ret, 1);
// Inc config has not yet taken effect, stream scan can hit rule
@@ -1830,7 +1830,7 @@ TEST_P(StreamScan, dynamic_config) {
ret = maat_stream_scan(sp, scan_data2, strlen(scan_data2), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1895,7 +1895,7 @@ struct log_handle *IPScan::logger;
TEST_F(IPScan, IPv4Unspecified) {
const char *table_name = "IP_PLUS_CONFIG";
- const char *attribute_name = "IP_PLUS_CONFIG";
+ const char *field_name = "IP_PLUS_CONFIG";
struct maat *maat_inst = IPScan::_shared_maat_inst;
int thread_id = 0;
@@ -1909,9 +1909,9 @@ TEST_F(IPScan, IPv4Unspecified) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip1, state);
+ ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip1, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1923,7 +1923,7 @@ TEST_F(IPScan, IPv4Unspecified) {
TEST_F(IPScan, IPv4Broadcast) {
const char *table_name = "IP_PLUS_CONFIG";
- const char *attribute_name = "IP_PLUS_CONFIG";
+ const char *field_name = "IP_PLUS_CONFIG";
struct maat *maat_inst = IPScan::_shared_maat_inst;
int thread_id = 0;
@@ -1937,9 +1937,9 @@ TEST_F(IPScan, IPv4Broadcast) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip1, state);
+ ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip1, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1951,7 +1951,7 @@ TEST_F(IPScan, IPv4Broadcast) {
TEST_F(IPScan, MatchSingleIPv4) {
const char *table_name = "IP_PLUS_CONFIG";
- const char *attribute_name = "IP_PLUS_CONFIG";
+ const char *field_name = "IP_PLUS_CONFIG";
struct maat *maat_inst = IPScan::_shared_maat_inst;
int thread_id = 0;
@@ -1965,9 +1965,9 @@ TEST_F(IPScan, MatchSingleIPv4) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, state);
+ ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -1982,7 +1982,7 @@ TEST_F(IPScan, MatchSingleIPv4) {
TEST_F(IPScan, IPv6Unspecified) {
const char *table_name = "IP_PLUS_CONFIG";
- const char *attribute_name = "IP_PLUS_CONFIG";
+ const char *field_name = "IP_PLUS_CONFIG";
struct maat *maat_inst = IPScan::_shared_maat_inst;
int thread_id = 0;
@@ -1996,9 +1996,9 @@ TEST_F(IPScan, IPv6Unspecified) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, state);
+ ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2012,7 +2012,7 @@ TEST_F(IPScan, IPv6Unspecified) {
TEST_F(IPScan, IPv6Broadcast) {
const char *table_name = "IP_PLUS_CONFIG";
- const char *attribute_name = "IP_PLUS_CONFIG";
+ const char *field_name = "IP_PLUS_CONFIG";
struct maat *maat_inst = IPScan::_shared_maat_inst;
int thread_id = 0;
@@ -2026,9 +2026,9 @@ TEST_F(IPScan, IPv6Broadcast) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, state);
+ ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2039,7 +2039,7 @@ TEST_F(IPScan, IPv6Broadcast) {
TEST_F(IPScan, MatchSingleIPv6) {
const char *table_name = "IP_PLUS_CONFIG";
- const char *attribute_name = "IP_PLUS_CONFIG";
+ const char *field_name = "IP_PLUS_CONFIG";
struct maat *maat_inst = IPScan::_shared_maat_inst;
int thread_id = 0;
@@ -2053,9 +2053,9 @@ TEST_F(IPScan, MatchSingleIPv6) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, state);
+ ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2070,7 +2070,7 @@ TEST_F(IPScan, MatchSingleIPv6) {
TEST_F(IPScan, MatchIPv4Range) {
const char *table_name = "IP_PLUS_CONFIG";
- const char *attribute_name = "IP_PLUS_CONFIG";
+ const char *field_name = "IP_PLUS_CONFIG";
struct maat *maat_inst = IPScan::_shared_maat_inst;
int thread_id = 0;
@@ -2084,9 +2084,9 @@ TEST_F(IPScan, MatchIPv4Range) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, state);
+ ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2103,7 +2103,7 @@ TEST_F(IPScan, MatchIPv4Range) {
}
TEST_F(IPScan, MatchIPv4Port) {
const char *table_name = "IP_PLUS_CONFIG";
- const char *attribute_name = "IP_PLUS_CONFIG";
+ const char *field_name = "IP_PLUS_CONFIG";
struct maat *maat_inst = IPScan::_shared_maat_inst;
int thread_id = 0;
@@ -2117,11 +2117,11 @@ TEST_F(IPScan, MatchIPv4Port) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_ipv4_port(maat_inst, table_name, attribute_name, sip, 443, state);
+ ret = maat_scan_ipv4_port(maat_inst, table_name, field_name, sip, 443, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
EXPECT_EQ(n_hit_result, 0);
- ret = maat_scan_ipv4_port(maat_inst, table_name, attribute_name, sip, 80, state);
+ ret = maat_scan_ipv4_port(maat_inst, table_name, field_name, sip, 80, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2135,7 +2135,7 @@ TEST_F(IPScan, MatchIPv4Port) {
}
TEST_F(IPScan, MatchIPv6Range) {
const char *table_name = "IP_PLUS_CONFIG";
- const char *attribute_name = "IP_PLUS_CONFIG";
+ const char *field_name = "IP_PLUS_CONFIG";
struct maat *maat_inst = IPScan::_shared_maat_inst;
int thread_id = 0;
@@ -2149,9 +2149,9 @@ TEST_F(IPScan, MatchIPv6Range) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, state);
+ ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2168,7 +2168,7 @@ TEST_F(IPScan, MatchIPv6Range) {
}
TEST_F(IPScan, MatchIPv6Port) {
const char *table_name = "IP_PLUS_CONFIG";
- const char *attribute_name = "IP_PLUS_CONFIG";
+ const char *field_name = "IP_PLUS_CONFIG";
struct maat *maat_inst = IPScan::_shared_maat_inst;
int thread_id = 0;
@@ -2183,7 +2183,7 @@ TEST_F(IPScan, MatchIPv6Port) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_ipv6_port(maat_inst, table_name, attribute_name, sip, port, state);
+ ret = maat_scan_ipv6_port(maat_inst, table_name, field_name, sip, port, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2197,7 +2197,7 @@ TEST_F(IPScan, MatchIPv6Port) {
maat_state_reset(state);
//If the port is not present, should not match rules with port range. In this case, only rule 210 "::/0" should match.
- ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, state);
+ ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2211,7 +2211,7 @@ TEST_F(IPScan, MatchIPv6Port) {
TEST_F(IPScan, BugReport20210515) {
const char *table_name = "IP_CONFIG";
- const char *attribute_name = "IP_CONFIG";
+ const char *field_name = "IP_CONFIG";
struct maat *maat_inst = IPScan::_shared_maat_inst;
int thread_id = 0;
@@ -2225,10 +2225,10 @@ TEST_F(IPScan, BugReport20210515) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
memset(results, 0, sizeof(results));
- ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, ip_addr, state);
+ ret = maat_scan_ipv6(maat_inst, table_name, field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2240,7 +2240,7 @@ TEST_F(IPScan, BugReport20210515) {
TEST_F(IPScan, RuleUpdates) {
const char *table_name = "IP_PLUS_CONFIG";
- const char *attribute_name = "IP_PLUS_CONFIG";
+ const char *field_name = "IP_PLUS_CONFIG";
struct maat *maat_inst = IPScan::_shared_maat_inst;
int thread_id = 0;
@@ -2252,9 +2252,9 @@ TEST_F(IPScan, RuleUpdates) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, state);
+ ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2284,16 +2284,16 @@ TEST_F(IPScan, RuleUpdates) {
and_condition.or_condition_num = 1;
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
- and_condition.or_conditions[0].attribute_name = attribute_name;
+ and_condition.or_conditions[0].field_name = field_name;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule_uuid_str, &and_condition, 1, NULL, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, state);
+ ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2316,10 +2316,10 @@ TEST_F(IPScan, RuleUpdates) {
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, state);
+ ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2379,24 +2379,24 @@ TEST_F(IntervalScan, IntegerRange) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *table_name = "CONTENT_SIZE";
- const char *attribute_name = "CONTENT_SIZE";
+ const char *field_name = "CONTENT_SIZE";
struct maat *maat_inst = IntervalScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
unsigned int scan_data1 = 2015;
- int ret = maat_scan_integer(maat_inst, table_name, attribute_name, scan_data1, state);
+ int ret = maat_scan_integer(maat_inst, table_name, field_name, scan_data1, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
maat_state_reset(state);
unsigned int scan_data2 = 300;
- ret = maat_scan_integer(maat_inst, table_name, attribute_name, scan_data2, state);
+ ret = maat_scan_integer(maat_inst, table_name, field_name, scan_data2, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2411,15 +2411,15 @@ TEST_F(IntervalScan, SingleInteger) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *table_name = "CONTENT_SIZE";
- const char *attribute_name = "CONTENT_SIZE";
+ const char *field_name = "CONTENT_SIZE";
struct maat *maat_inst = IntervalScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
unsigned int scan_data1 = 3000;
- int ret = maat_scan_integer(maat_inst, table_name, attribute_name, scan_data1, state);
+ int ret = maat_scan_integer(maat_inst, table_name, field_name, scan_data1, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2482,7 +2482,7 @@ TEST_F(ObjectScan, PhysicalTable) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
struct maat *maat_inst = ObjectScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -2491,7 +2491,7 @@ TEST_F(ObjectScan, PhysicalTable) {
uuid_parse("00000000-0000-0000-0000-000000000247", object_uuid);
uuid_clear(item_uuid);
- int ret = maat_scan_object(maat_inst, table_name, attribute_name, &object_uuid, &item_uuid, 1, state);
+ int ret = maat_scan_object(maat_inst, table_name, field_name, &object_uuid, &item_uuid, 1, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2505,11 +2505,11 @@ TEST_F(ObjectScan, PhysicalTable) {
sleep(2);
}
-TEST_F(ObjectScan, Attribute) {
+TEST_F(ObjectScan, Field) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
int thread_id = 0;
- const char *attribute_name = "HTTP_RESPONSE_KEYWORDS";
+ const char *field_name = "HTTP_RESPONSE_KEYWORDS";
const char *table_name = "KEYWORDS_TABLE";
struct maat *maat_inst = ObjectScan::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -2519,7 +2519,7 @@ TEST_F(ObjectScan, Attribute) {
uuid_parse("00000000-0000-0000-0000-000000000259", object_uuid);
uuid_clear(item_uuid);
- int ret = maat_scan_object(maat_inst, table_name, attribute_name, &object_uuid, &item_uuid, 1, state);
+ int ret = maat_scan_object(maat_inst, table_name, field_name, &object_uuid, &item_uuid, 1, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2586,16 +2586,16 @@ TEST_F(NOTLogic, OneRegion) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
int thread_id = 0;
- const char *attribute_name = "HTTP_URL_FILTER";
+ const char *field_name = "HTTP_URL_FILTER";
const char *table_name = "HTTP_URL";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_hit,
+ int ret = maat_scan_string(maat_inst, table_name, field_name, string_should_hit,
strlen(string_should_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2606,11 +2606,11 @@ TEST_F(NOTLogic, OneRegion) {
maat_state_reset(state);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_not_hit,
+ ret = maat_scan_string(maat_inst, table_name, field_name, string_should_not_hit,
strlen(string_should_not_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2628,27 +2628,27 @@ TEST_F(NOTLogic, ScanNotAtLast) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
int thread_id = 0;
- const char *hit_attribute_name = "HTTP_URL_FILTER";
+ const char *hit_field_name = "HTTP_URL_FILTER";
const char *hit_table_name = "HTTP_URL";
- const char *not_hit_attribute_name = "HTTP_RESPONSE_KEYWORDS";
+ const char *not_hit_field_name = "HTTP_RESPONSE_KEYWORDS";
const char *not_hit_table_name = "KEYWORDS_TABLE";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
// scan string_should_hit(HTTP_URL_FILTER) & string_should_not_hit(HTTP_RESPONSE_KEYWORDS) => not hit rule
- int ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit,
+ int ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit,
strlen(string_should_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_should_not_hit,
+ ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_should_not_hit,
strlen(string_should_not_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_contain_nothing,
+ ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_contain_nothing,
strlen(string_contain_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2657,15 +2657,15 @@ TEST_F(NOTLogic, ScanNotAtLast) {
maat_state_reset(state);
//scan string_should_hit(HTTP_URL_FILTER) & nothing(HTTP_RESPONSE_KEYWORDS) => hit rule144
- ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit,
+ ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit,
strlen(string_should_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_contain_nothing,
+ ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_contain_nothing,
strlen(string_contain_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2684,25 +2684,25 @@ TEST_F(NOTLogic, ScanIrrelavantAtLast) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
int thread_id = 0;
- const char *hit_attribute_name = "HTTP_URL_FILTER";
+ const char *hit_field_name = "HTTP_URL_FILTER";
const char *hit_table_name = "HTTP_URL";
- const char *not_hit_attribute_name = "HTTP_RESPONSE_KEYWORDS";
+ const char *not_hit_field_name = "HTTP_RESPONSE_KEYWORDS";
const char *not_hit_table_name = "KEYWORDS_TABLE";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit,
+ int ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit,
strlen(string_should_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_irrelevant,
+ ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_irrelevant,
strlen(string_irrelevant), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2721,29 +2721,29 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyExpr) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
int thread_id = 0;
- const char *not_hit_attribute_name = "HTTP_URL_FILTER";
+ const char *not_hit_field_name = "HTTP_URL_FILTER";
const char *not_hit_table_name = "HTTP_URL";
- const char *hit_attribute_name = "IP_PLUS_CONFIG";
+ const char *hit_field_name = "IP_PLUS_CONFIG";
const char *hit_table_name = "IP_PLUS_CONFIG";
- const char *empty_attribute_name = "EMPTY_KEYWORD";
+ const char *empty_field_name = "EMPTY_KEYWORD";
const char *empty_table_name = "EMPTY_KEYWORD";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_should_not_hit,
+ int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_should_not_hit,
strlen(string_should_not_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
uint32_t sip;
inet_pton(AF_INET, "10.0.8.186", &sip);
- ret = maat_scan_ipv4(maat_inst, hit_table_name, hit_attribute_name, sip, state);
+ ret = maat_scan_ipv4(maat_inst, hit_table_name, hit_field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2752,11 +2752,11 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyExpr) {
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000186");
- ret = maat_scan_string(maat_inst, empty_table_name, empty_attribute_name, string_match_no_region,
+ ret = maat_scan_string(maat_inst, empty_table_name, empty_field_name, string_match_no_region,
strlen(string_match_no_region), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, empty_table_name, empty_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, empty_table_name, empty_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2771,29 +2771,29 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyInteger) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
int thread_id = 0;
- const char *not_hit_attribute_name = "HTTP_URL_FILTER";
+ const char *not_hit_field_name = "HTTP_URL_FILTER";
const char *not_hit_table_name = "HTTP_URL";
- const char *hit_attribute_name = "IP_PLUS_CONFIG";
+ const char *hit_field_name = "IP_PLUS_CONFIG";
const char *hit_table_name = "IP_PLUS_CONFIG";
- const char *empty_attribute_name = "EMPTY_INTERGER";
+ const char *empty_field_name = "EMPTY_INTERGER";
const char *empty_table_name = "EMPTY_INTERGER";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_should_not_hit,
+ int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_should_not_hit,
strlen(string_should_not_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
uint32_t sip;
inet_pton(AF_INET, "10.0.8.187", &sip);
- ret = maat_scan_ipv4(maat_inst, hit_table_name, hit_attribute_name, sip, state);
+ ret = maat_scan_ipv4(maat_inst, hit_table_name, hit_field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2805,10 +2805,10 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyInteger) {
int empty_table_id = maat_get_table_id(maat_inst, empty_table_name);
ASSERT_GT(empty_table_id, 0);
- ret = maat_scan_integer(maat_inst, empty_table_name, empty_attribute_name, 2015, state);
+ ret = maat_scan_integer(maat_inst, empty_table_name, empty_field_name, 2015, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, empty_table_name, empty_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, empty_table_name, empty_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2824,27 +2824,27 @@ TEST_F(NOTLogic, ScanNotIP) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *hit_table_name = "HTTP_URL";
- const char *hit_attribute_name = "HTTP_URL";
- const char *not_hit_attribute_name = "ATTRIBUTE_IP_CONFIG";
+ const char *hit_field_name = "HTTP_URL";
+ const char *not_hit_field_name = "FIELD_IP_CONFIG";
const char *not_hit_table_name = "IP_CONFIG";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- // scan string_should_hit(HTTP_URL) & hit ip(ATTRIBUTE_IP_CONFIG) => not hit rule
- int ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit,
+ // scan string_should_hit(HTTP_URL) & hit ip(FIELD_IP_CONFIG) => not hit rule
+ int ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit,
strlen(string_should_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
uint32_t sip;
inet_pton(AF_INET, "10.0.6.205", &sip);
- ret = maat_scan_ipv4(maat_inst, not_hit_table_name, not_hit_attribute_name, sip, state);
+ ret = maat_scan_ipv4(maat_inst, not_hit_table_name, not_hit_field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2855,16 +2855,16 @@ TEST_F(NOTLogic, ScanNotIP) {
maat_state_reset(state);
- // scan string_should_hit(HTTP_URL) & not hit ip(ATTRIBUTE_IP_CONFIG) => hit rule145
- ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit,
+ // scan string_should_hit(HTTP_URL) & not hit ip(FIELD_IP_CONFIG) => hit rule145
+ ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit,
strlen(string_should_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
inet_pton(AF_INET, "10.0.6.201", &sip);
- ret = maat_scan_ipv4(maat_inst, not_hit_table_name, not_hit_attribute_name, sip, state);
+ ret = maat_scan_ipv4(maat_inst, not_hit_table_name, not_hit_field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2882,30 +2882,30 @@ TEST_F(NOTLogic, NotUrlAndNotIp) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
int thread_id = 0;
- const char *url_attribute_name = "HTTP_URL_FILTER";
+ const char *url_field_name = "HTTP_URL_FILTER";
const char *url_table_name = "HTTP_URL";
- const char *ip_attribute_name = "ATTRIBUTE_IP_CONFIG";
+ const char *ip_field_name = "FIELD_IP_CONFIG";
const char *ip_table_name = "IP_CONFIG";
- const char *http_attribute_name = "HTTP_RESPONSE_KEYWORDS";
+ const char *http_field_name = "HTTP_RESPONSE_KEYWORDS";
const char *http_table_name = "KEYWORDS_TABLE";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- //scan string_should_half_hit(HTTP_URL_FILTER) & hit ip(ATTRIBUTE_IP_CONFIG) => not hit rule
- int ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string_should_half_hit,
+ //scan string_should_half_hit(HTTP_URL_FILTER) & hit ip(FIELD_IP_CONFIG) => not hit rule
+ int ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string_should_half_hit,
strlen(string_should_half_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
uint32_t sip;
inet_pton(AF_INET, "10.0.6.201", &sip);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, sip, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2913,20 +2913,20 @@ TEST_F(NOTLogic, NotUrlAndNotIp) {
maat_state_reset(state);
- // scan string_should_half_hit(HTTP_RESPONSE_KEYWORDS) & not hit ip(ATTRIBUTE_IP_CONFIG) => not hit rule
+ // scan string_should_half_hit(HTTP_RESPONSE_KEYWORDS) & not hit ip(FIELD_IP_CONFIG) => not hit rule
- ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_should_not_hit,
+ ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_should_not_hit,
strlen(string_should_not_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
inet_pton(AF_INET, "10.1.0.0", &sip);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, sip, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2934,23 +2934,23 @@ TEST_F(NOTLogic, NotUrlAndNotIp) {
maat_state_reset(state);
- // scan scan string_should_half_hit(HTTP_URL_FILTER) & not hit ip(ATTRIBUTE_IP_CONFIG) => hit rule146
- ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string_should_half_hit,
+ // scan scan string_should_half_hit(HTTP_URL_FILTER) & not hit ip(FIELD_IP_CONFIG) => hit rule146
+ ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string_should_half_hit,
strlen(string_should_half_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_nothing,
+ ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_nothing,
strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
inet_pton(AF_INET, "10.1.0.0", &sip);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, sip, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2971,7 +2971,7 @@ TEST_F(NOTLogic, NotPhysicalTable) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "HTTP_RESPONSE_KEYWORDS";
+ const char *field_name = "HTTP_RESPONSE_KEYWORDS";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -2983,7 +2983,7 @@ TEST_F(NOTLogic, NotPhysicalTable) {
ret = maat_scan_not_logic(maat_inst, table_name, table_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, string2, strlen(string2), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, string2, strlen(string2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -2998,7 +2998,7 @@ TEST_F(NOTLogic, NotPhysicalTable) {
ret = maat_scan_not_logic(maat_inst, table_name, table_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, string2, strlen(string2), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, string2, strlen(string2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3016,72 +3016,72 @@ TEST_F(NOTLogic, EightNotCondition) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
int thread_id = 0;
- const char *attribute_name1 = "HTTP_RESPONSE_KEYWORDS_1";
- const char *attribute_name2 = "HTTP_RESPONSE_KEYWORDS_2";
- const char *attribute_name3 = "HTTP_RESPONSE_KEYWORDS_3";
- const char *attribute_name4 = "HTTP_RESPONSE_KEYWORDS_4";
- const char *attribute_name5 = "HTTP_RESPONSE_KEYWORDS_5";
- const char *attribute_name6 = "HTTP_RESPONSE_KEYWORDS_6";
- const char *attribute_name7 = "HTTP_RESPONSE_KEYWORDS_7";
- const char *attribute_name8 = "HTTP_RESPONSE_KEYWORDS_8";
+ const char *field_name1 = "HTTP_RESPONSE_KEYWORDS_1";
+ const char *field_name2 = "HTTP_RESPONSE_KEYWORDS_2";
+ const char *field_name3 = "HTTP_RESPONSE_KEYWORDS_3";
+ const char *field_name4 = "HTTP_RESPONSE_KEYWORDS_4";
+ const char *field_name5 = "HTTP_RESPONSE_KEYWORDS_5";
+ const char *field_name6 = "HTTP_RESPONSE_KEYWORDS_6";
+ const char *field_name7 = "HTTP_RESPONSE_KEYWORDS_7";
+ const char *field_name8 = "HTTP_RESPONSE_KEYWORDS_8";
const char *table_name = "KEYWORDS_TABLE";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, table_name, attribute_name1, string_nothing,
+ int ret = maat_scan_string(maat_inst, table_name, field_name1, string_nothing,
strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name1, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name1, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, attribute_name2, string_nothing,
+ ret = maat_scan_string(maat_inst, table_name, field_name2, string_nothing,
strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name2, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name2, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, attribute_name3, string_nothing,
+ ret = maat_scan_string(maat_inst, table_name, field_name3, string_nothing,
strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name3, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name3, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, attribute_name4, string_nothing,
+ ret = maat_scan_string(maat_inst, table_name, field_name4, string_nothing,
strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name4, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name4, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, attribute_name5, string_nothing,
+ ret = maat_scan_string(maat_inst, table_name, field_name5, string_nothing,
strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name5, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name5, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, attribute_name6, string_nothing,
+ ret = maat_scan_string(maat_inst, table_name, field_name6, string_nothing,
strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name6, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name6, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, attribute_name7, string_nothing,
+ ret = maat_scan_string(maat_inst, table_name, field_name7, string_nothing,
strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name7, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name7, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, attribute_name8, string_nothing,
+ ret = maat_scan_string(maat_inst, table_name, field_name8, string_nothing,
strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name8, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name8, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3102,32 +3102,32 @@ TEST_F(NOTLogic, NotConditionAndExcludeObject1) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
int thread_id = 0;
- const char *url_attribute_name = "HTTP_URL_FILTER";
+ const char *url_field_name = "HTTP_URL_FILTER";
const char *url_table_name = "HTTP_URL";
- const char *http_attribute_name = "HTTP_RESPONSE_KEYWORDS";
+ const char *http_field_name = "HTTP_RESPONSE_KEYWORDS";
const char *http_table_name = "KEYWORDS_TABLE";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string_should_not_hit,
+ int ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string_should_not_hit,
strlen(string_should_not_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string_should_half_hit,
+ ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string_should_half_hit,
strlen(string_should_half_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_nothing,
+ ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_nothing,
strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3147,24 +3147,24 @@ TEST_F(NOTLogic, NotConditionAndExcludeObject2) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
int thread_id = 0;
- const char *url_attribute_name = "HTTP_URL_FILTER";
+ const char *url_field_name = "HTTP_URL_FILTER";
const char *url_table_name = "HTTP_URL";
- const char *http_attribute_name = "HTTP_RESPONSE_KEYWORDS";
+ const char *http_field_name = "HTTP_RESPONSE_KEYWORDS";
const char *http_table_name = "KEYWORDS_TABLE";
struct maat *maat_inst = NOTLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_keywords,
+ int ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_keywords,
strlen(string_keywords), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string1, strlen(string1), state);
+ ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string1, strlen(string1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3172,17 +3172,17 @@ TEST_F(NOTLogic, NotConditionAndExcludeObject2) {
maat_state_reset(state);
- ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_keywords,
+ ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_keywords,
strlen(string_keywords), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string2, strlen(string2), state);
+ ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string2, strlen(string2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3198,7 +3198,7 @@ TEST_F(NOTLogic, NotConditionAndExcludeObject2) {
TEST_F(NOTLogic, SingleNotCondition) {
const char *string_nothing = "nothing string";
const char *string_should_hit = "string has not_logic_keywords_222";
- const char *attribute_name = "HTTP_NOT_LOGIC_1";
+ const char *field_name = "HTTP_NOT_LOGIC_1";
const char *table_name = "KEYWORDS_TABLE";
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
@@ -3207,11 +3207,11 @@ TEST_F(NOTLogic, SingleNotCondition) {
struct maat_state *state = maat_state_new(maat_inst, thread_id);
//string_should_hit(HTTP_NOT_LOGIC_1) => not hit rule
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_hit,
+ int ret = maat_scan_string(maat_inst, table_name, field_name, string_should_hit,
strlen(string_should_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3220,10 +3220,10 @@ TEST_F(NOTLogic, SingleNotCondition) {
maat_state_reset(state);
//string nothing(HTTP_NOT_LOGIC_1) => hit rule222
- ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3241,7 +3241,7 @@ TEST_F(NOTLogic, MultiNotConditions) {
const char *string1 = "string has not_logic_rule_223_1";
const char *string2 = "string has not_logic_rule_223_1";
const char *string3 = "string has not_logic_rule_223_1";
- const char *attribute_name = "HTTP_NOT_LOGIC";
+ const char *field_name = "HTTP_NOT_LOGIC";
const char *table_name = "KEYWORDS_TABLE";
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
@@ -3251,13 +3251,13 @@ TEST_F(NOTLogic, MultiNotConditions) {
// rule223 = !string1 & !string2 & !string3
//Case1: scan string1 & !string2 & !string3
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, string1, strlen(string1), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, string1, strlen(string1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3266,13 +3266,13 @@ TEST_F(NOTLogic, MultiNotConditions) {
maat_state_reset(state);
//Case2: scan !string1 & string2 & !string3
- ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, string2, strlen(string2), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, string2, strlen(string2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3281,13 +3281,13 @@ TEST_F(NOTLogic, MultiNotConditions) {
maat_state_reset(state);
//Case3: scan !string1 & !string2 & string3
- ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, string3, strlen(string3), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, string3, strlen(string3), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3296,10 +3296,10 @@ TEST_F(NOTLogic, MultiNotConditions) {
maat_state_reset(state);
//Case4: scan !string1 & !string2 & !string3
- ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3318,8 +3318,8 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) {
const char *src_asn3 = "AS9001";
const char *src_asn_nothing = "nothing string";
const char *dst_asn = "AS2345";
- const char *src_asn_attribute_name = "ASN_NOT_LOGIC";
- const char *dst_asn_attribute_name = "DESTINATION_IP_ASN";
+ const char *src_asn_field_name = "ASN_NOT_LOGIC";
+ const char *dst_asn_field_name = "DESTINATION_IP_ASN";
const char *table_name = "AS_NUMBER";
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
@@ -3330,13 +3330,13 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) {
//--------------------------------------
// Source ASN1 & Dest ASN => not hit rule
//--------------------------------------
- int ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn1, strlen(src_asn1), state);
+ int ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn1, strlen(src_asn1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, dst_asn_attribute_name, dst_asn, strlen(dst_asn), state);
+ ret = maat_scan_string(maat_inst, table_name, dst_asn_field_name, dst_asn, strlen(dst_asn), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3347,13 +3347,13 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) {
//--------------------------------------
// Source ASN2 & Dest ASN => not hit rule
//--------------------------------------
- ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn2, strlen(src_asn2), state);
+ ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn2, strlen(src_asn2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, dst_asn_attribute_name, dst_asn, strlen(dst_asn), state);
+ ret = maat_scan_string(maat_inst, table_name, dst_asn_field_name, dst_asn, strlen(dst_asn), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3364,13 +3364,13 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) {
//--------------------------------------
// Source ASN3 & Dest ASN => not hit rule
//--------------------------------------
- ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn3, strlen(src_asn3), state);
+ ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn3, strlen(src_asn3), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, dst_asn_attribute_name, dst_asn, strlen(dst_asn), state);
+ ret = maat_scan_string(maat_inst, table_name, dst_asn_field_name, dst_asn, strlen(dst_asn), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3379,14 +3379,14 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) {
maat_state_reset(state);
// Source nothing & Dest ASN => hit rule177
- ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn_nothing,
+ ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn_nothing,
strlen(src_asn_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, dst_asn_attribute_name, dst_asn, strlen(dst_asn), state);
+ ret = maat_scan_string(maat_inst, table_name, dst_asn_field_name, dst_asn, strlen(dst_asn), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3404,11 +3404,11 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) {
const char *src_asn2 = "AS6789";
const char *src_nothing = "nothing";
const char *my_county = "Greece.Sparta";
- const char *ip_attribute_name = "IP_PLUS_CONFIG";
+ const char *ip_field_name = "IP_PLUS_CONFIG";
const char *ip_table_name = "IP_PLUS_CONFIG";
- const char *src_asn_attribute_name = "SOURCE_IP_ASN";
+ const char *src_asn_field_name = "SOURCE_IP_ASN";
const char *src_asn_table_name = "AS_NUMBER";
- const char *ip_geo_attribute_name = "SOURCE_IP_GEO";
+ const char *ip_geo_field_name = "SOURCE_IP_GEO";
const char *ip_geo_table_name = "GeoLocation";
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
@@ -3419,13 +3419,13 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) {
//-------------------------------------------
// Source ASN1 & IP Geo
//-------------------------------------------
- int ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_asn1, strlen(src_asn1), state);
+ int ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_asn1, strlen(src_asn1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), state);
+ ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3436,13 +3436,13 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) {
//-------------------------------------------
// Source nothing & IP Geo
//-------------------------------------------
- ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_nothing, strlen(src_nothing), state);
+ ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_nothing, strlen(src_nothing), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), state);
+ ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3456,13 +3456,13 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) {
//-------------------------------------------
// Source ASN2 & IP Geo
//-------------------------------------------
- ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_asn2, strlen(src_asn2), state);
+ ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_asn2, strlen(src_asn2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), state);
+ ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3475,13 +3475,13 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) {
//--------------------------------------
uint32_t ip_addr;
inet_pton(AF_INET, "192.168.40.88", &ip_addr);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), state);
+ ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3494,13 +3494,13 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) {
//--------------------------------------
inet_pton(AF_INET, "192.168.40.89", &ip_addr);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), state);
+ ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3512,16 +3512,16 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) {
state = NULL;
}
-TEST_F(NOTLogic, SameAttributeInMultiCondition) {
+TEST_F(NOTLogic, SameFieldInMultiCondition) {
const char *src_asn1 = "AS1234";
const char *src_asn2 = "AS9002";
const char *src_asn3 = "AS9003";
const char *my_county = "Greece.Sparta";
const char *ip_table_name = "IP_PLUS_CONFIG";
- const char *ip_attribute_name = "IP_PLUS_CONFIG";
- const char *dst_asn_attribute_name = "DESTINATION_IP_ASN";
+ const char *ip_field_name = "IP_PLUS_CONFIG";
+ const char *dst_asn_field_name = "DESTINATION_IP_ASN";
const char *dst_asn_table_name = "AS_NUMBER";
- const char *ip_geo_attribute_name = "SOURCE_IP_GEO";
+ const char *ip_geo_field_name = "SOURCE_IP_GEO";
const char *ip_geo_table_name = "GeoLocation";
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
@@ -3534,16 +3534,16 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) {
//-------------------------------------------
// Dest ASN1 & Dest ASN3 & IP Config
//-------------------------------------------
- int ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn1, strlen(src_asn1), state);
+ int ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn1, strlen(src_asn1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), state);
+ ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3554,16 +3554,16 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) {
//-------------------------------------------
// Dest ASN2 & Dest ASN3 & IP Config
//-------------------------------------------
- ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn2, strlen(src_asn2), state);
+ ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn2, strlen(src_asn2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), state);
+ ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3574,19 +3574,19 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) {
//-------------------------------------------
// Dest IP Geo & Dest ASN3 & IP Config
//-------------------------------------------
- ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), state);
+ ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_geo_table_name, ip_geo_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_geo_table_name, ip_geo_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), state);
+ ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3597,13 +3597,13 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) {
//-------------------------------------------
// Dest ASN3 & IP Geo
//-------------------------------------------
- ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), state);
+ ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3617,14 +3617,14 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) {
//--------------------------------------
// IP Config & IP Geo
//--------------------------------------
- ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), state);
+ ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
inet_pton(AF_INET, "192.168.40.89", &ip_addr);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3687,24 +3687,24 @@ TEST_F(ExcludeLogic, ScanExcludeAtFirst) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *not_hit_table_name = "KEYWORDS_TABLE";
- const char *not_hit_attribute_name = "KEYWORDS_TABLE";
+ const char *not_hit_field_name = "KEYWORDS_TABLE";
const char *hit_table_name = "HTTP_URL";
- const char *hit_attribute_name = "HTTP_URL";
+ const char *hit_field_name = "HTTP_URL";
struct maat *maat_inst = ExcludeLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_should_not_hit,
+ int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_should_not_hit,
strlen(string_should_not_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit,
+ ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit,
strlen(string_should_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3725,15 +3725,15 @@ TEST_F(ExcludeLogic, ScanExcludeAtLast) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
struct maat *maat_inst = ExcludeLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_not_hit,
+ int ret = maat_scan_string(maat_inst, table_name, field_name, string_should_not_hit,
strlen(string_should_not_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3741,11 +3741,11 @@ TEST_F(ExcludeLogic, ScanExcludeAtLast) {
maat_state_reset(state);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_hit,
+ ret = maat_scan_string(maat_inst, table_name, field_name, string_should_hit,
strlen(string_should_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3765,16 +3765,16 @@ TEST_F(ExcludeLogic, ScanIrrelavantAtLast) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *hit_table_name = "HTTP_URL";
- const char *hit_attribute_name = "HTTP_URL";
+ const char *hit_field_name = "HTTP_URL";
const char *not_hit_table_name = "KEYWORDS_TABLE";
- const char *not_hit_attribute_name = "KEYWORDS_TABLE";
+ const char *not_hit_field_name = "KEYWORDS_TABLE";
struct maat *maat_inst = ExcludeLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit,
+ int ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit,
strlen(string_should_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3783,11 +3783,11 @@ TEST_F(ExcludeLogic, ScanIrrelavantAtLast) {
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000200");
- ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_irrelevant,
+ ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_irrelevant,
strlen(string_irrelevant), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3799,22 +3799,22 @@ TEST_F(ExcludeLogic, ScanIrrelavantAtLast) {
state = NULL;
}
-TEST_F(ExcludeLogic, ScanAttribute) {
+TEST_F(ExcludeLogic, ScanField) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
int thread_id = 0;
struct maat *maat_inst = ExcludeLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- const char *attribute_name = "ATTRIBUTE_IP_PLUS_TABLE";
+ const char *field_name = "FIELD_IP_PLUS_TABLE";
const char *table_name = "IP_PLUS_CONFIG";
uint32_t should_hit_ip;
uint32_t should_not_hit_ip;
inet_pton(AF_INET, "100.64.1.1", &should_hit_ip);
- int ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, should_hit_ip, state);
+ int ret = maat_scan_ipv4(maat_inst, table_name, field_name, should_hit_ip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3826,9 +3826,9 @@ TEST_F(ExcludeLogic, ScanAttribute) {
maat_state_reset(state);
inet_pton(AF_INET, "100.64.1.5", &should_hit_ip);
- ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, should_hit_ip, state);
+ ret = maat_scan_ipv4(maat_inst, table_name, field_name, should_hit_ip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3839,10 +3839,10 @@ TEST_F(ExcludeLogic, ScanAttribute) {
maat_state_reset(state);
inet_pton(AF_INET, "100.64.1.6", &should_not_hit_ip);
- ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, should_not_hit_ip, state);
+ ret = maat_scan_ipv4(maat_inst, table_name, field_name, should_not_hit_ip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3851,10 +3851,10 @@ TEST_F(ExcludeLogic, ScanAttribute) {
maat_state_reset(state);
inet_pton(AF_INET, "100.64.1.11", &should_not_hit_ip);
- ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, should_not_hit_ip, state);
+ ret = maat_scan_ipv4(maat_inst, table_name, field_name, should_not_hit_ip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3869,8 +3869,8 @@ TEST_F(ExcludeLogic, ScanWithMultiCondition) {
int thread_id = 0;
struct maat *maat_inst = ExcludeLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- const char *src_ip_attribute_name = "ATTRIBUTE_IP_PLUS_SOURCE";
- const char *dst_ip_attribute_name = "ATTRIBUTE_IP_PLUS_DESTINATION";
+ const char *src_ip_field_name = "FIELD_IP_PLUS_SOURCE";
+ const char *dst_ip_field_name = "FIELD_IP_PLUS_DESTINATION";
const char *ip_table_name = "IP_PLUS_CONFIG";
int ip_table_id = maat_get_table_id(maat_inst, ip_table_name);
@@ -3879,42 +3879,42 @@ TEST_F(ExcludeLogic, ScanWithMultiCondition) {
uint32_t ip_addr;
inet_pton(AF_INET, "192.168.50.43", &ip_addr);
- int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_attribute_name, ip_addr, state);
+ int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
inet_pton(AF_INET, "47.92.108.93", &ip_addr);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
EXPECT_EQ(n_hit_result, 0);
- const char *expr_attribute_name = "HTTP_RESPONSE_KEYWORDS";
+ const char *expr_field_name = "HTTP_RESPONSE_KEYWORDS";
const char *expr_table_name = "KEYWORDS_TABLE";
const char *should_not_hit_expr = "www.jianshu.com";
- ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_not_hit_expr,
+ ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_not_hit_expr,
strlen(should_not_hit_expr), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
EXPECT_EQ(n_hit_result, 0);
const char *should_hit_expr = "mail.jianshu.com";
- ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_hit_expr,
+ ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_hit_expr,
strlen(should_hit_expr), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3933,17 +3933,17 @@ TEST_F(ExcludeLogic, ExcludeInDifferentLevel) {
int thread_id = 0;
struct maat *maat_inst = ExcludeLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- const char *src_ip_attribute_name = "ATTRIBUTE_IP_PLUS_SOURCE";
- const char *dst_ip_attribute_name = "ATTRIBUTE_IP_PLUS_DESTINATION";
+ const char *src_ip_field_name = "FIELD_IP_PLUS_SOURCE";
+ const char *dst_ip_field_name = "FIELD_IP_PLUS_DESTINATION";
const char *ip_table_name = "IP_PLUS_CONFIG";
uint32_t ip_addr;
inet_pton(AF_INET, "100.64.2.1", &ip_addr);
- int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_attribute_name, ip_addr, state);
+ int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -3951,46 +3951,46 @@ TEST_F(ExcludeLogic, ExcludeInDifferentLevel) {
inet_pton(AF_INET, "100.64.2.6", &ip_addr);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
EXPECT_EQ(n_hit_result, 0);
- const char *expr_attribute_name = "HTTP_RESPONSE_KEYWORDS";
+ const char *expr_field_name = "HTTP_RESPONSE_KEYWORDS";
const char *expr_table_name = "KEYWORDS_TABLE";
const char *should_not_hit_expr1 = "www.baidu.com";
- ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_not_hit_expr1,
+ ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_not_hit_expr1,
strlen(should_not_hit_expr1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
EXPECT_EQ(n_hit_result, 0);
const char *should_not_hit_expr2 = "mail.baidu.com";
- ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_not_hit_expr2,
+ ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_not_hit_expr2,
strlen(should_not_hit_expr2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
EXPECT_EQ(n_hit_result, 0);
const char *should_hit_expr = "hit.baidu.com";
- ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_hit_expr,
+ ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_hit_expr,
strlen(should_hit_expr), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -4894,7 +4894,7 @@ TEST_F(BoolPluginTable, EX_DATA) {
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000305");
}
-class Attribute : public testing::Test
+class Field : public testing::Test
{
protected:
static void SetUpTestCase() {
@@ -4923,7 +4923,7 @@ protected:
maat_options_free(opts);
if (NULL == _shared_maat_inst) {
log_fatal(logger, MODULE_FRAMEWORK_GTEST,
- "[%s:%d] create maat instance in Attribute failed.",
+ "[%s:%d] create maat instance in Field failed.",
__FUNCTION__, __LINE__);
}
}
@@ -4937,23 +4937,23 @@ protected:
static struct maat *_shared_maat_inst;
};
-struct maat *Attribute::_shared_maat_inst;
-struct log_handle *Attribute::logger;
+struct maat *Field::_shared_maat_inst;
+struct log_handle *Field::logger;
-TEST_F(Attribute, basic) {
+TEST_F(Field, basic) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
int thread_id = 0;
- const char *attribute_name = "HTTP_RESPONSE_KEYWORDS";
+ const char *field_name = "HTTP_RESPONSE_KEYWORDS";
const char *table_name = "KEYWORDS_TABLE";
- struct maat *maat_inst = Attribute::_shared_maat_inst;
+ struct maat *maat_inst = Field::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
char scan_data[128] = "string1, string2, string3, string4, string5,"
" string6, string7, string8";
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5150,13 +5150,13 @@ TEST_F(RuleTable, Conjunction1) {
const char *scan_data = "i.ytimg.com/vi/OtCNcustg_I/hqdefault.jpg?sqp=-oaymwEZCNAC"
"ELwBSFXyq4qpAwsIARUAAIhCGAFwAQ==&rs=AOn4CLDOp_5fHMaCA9XZuJdCRv4DNDorMg";
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
struct maat *maat_inst = RuleTable::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5183,13 +5183,13 @@ TEST_F(RuleTable, Conjunction2) {
const char *scan_data = "i.ytimg.com/vi/OtCNcustg_I/hqdefault.jpg?sqp=-oaymwEZCNACELw"
"BSFXyq4qpAwsIARUAAIhCGAFwAQ==&rs=AOn4CLDOp_5fHMaCA9XZuJdCRv4DNDorMg";
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
struct maat *maat_inst = RuleTable::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5206,10 +5206,10 @@ TEST_F(RuleTable, Conjunction2) {
int n_read = maat_state_get_hit_paths(state, hit_path, HIT_PATH_SIZE);
EXPECT_EQ(n_read, 2);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5327,23 +5327,23 @@ TEST_F(Policy, RuleRuleTags) {
const char *should_hit = "string bbb should hit";
const char *should_not_hit = "string aaa should not hit";
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
struct maat *maat_inst = Policy::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, should_not_hit,
+ int ret = maat_scan_string(maat_inst, table_name, field_name, should_not_hit,
strlen(should_not_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, should_hit,
+ ret = maat_scan_string(maat_inst, table_name, field_name, should_hit,
strlen(should_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5360,7 +5360,7 @@ TEST_F(Policy, RuleEXData) {
const char *url = "firewall should hit";
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
const char *plugin_table_name = "RULE_FIREWALL_PLUGIN";
const char *conj_rule_table_name = "RULE_FIREWALL_CONJUNCTION";
const char *expect_name = "I have a name";
@@ -5379,9 +5379,9 @@ TEST_F(Policy, RuleEXData) {
ASSERT_TRUE(ret == 0);
EXPECT_EQ(ex_data_counter, 1);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, url, strlen(url), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, url, strlen(url), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, conj_rule_table_name, results, ARRAY_SIZE);
@@ -5412,24 +5412,24 @@ TEST_F(Policy, SubObject) {
uint32_t ip_addr;
inet_pton(AF_INET,"10.0.6.201", &ip_addr);
- const char *attribute_name = "MAIL_ADDR";
+ const char *field_name = "MAIL_ADDR";
const char *table_name = "MAIL_ADDR";
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
EXPECT_EQ(n_hit_result, 0);
const char *ip_table_name = "IP_CONFIG";
- const char *ip_attribute_name = "IP_CONFIG";
+ const char *ip_field_name = "IP_CONFIG";
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5449,12 +5449,12 @@ TEST_F(Policy, EvaluationOrder) {
struct maat *maat_inst = Policy::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, url, strlen(url), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, url, strlen(url), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5474,7 +5474,7 @@ TEST_F(Policy, EvaluationOrder) {
size_t n_hit_path = maat_state_get_hit_paths(state, hit_path, 128);
EXPECT_EQ(n_hit_path, 6);
- EXPECT_STREQ(hit_path[0].attribute_name, attribute_name);
+ EXPECT_STREQ(hit_path[0].field_name, field_name);
uuid_unparse(hit_path[0].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000157");
uuid_unparse(hit_path[0].top_object_uuid, uuid_str);
@@ -5483,7 +5483,7 @@ TEST_F(Policy, EvaluationOrder) {
uuid_unparse(hit_path[0].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000166");
- EXPECT_STREQ(hit_path[1].attribute_name, attribute_name);
+ EXPECT_STREQ(hit_path[1].field_name, field_name);
uuid_unparse(hit_path[1].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000155");
EXPECT_EQ(uuid_is_null(hit_path[1].top_object_uuid), 1);
@@ -5491,7 +5491,7 @@ TEST_F(Policy, EvaluationOrder) {
EXPECT_EQ(uuid_is_null(hit_path[1].rule_uuid), 1);
- EXPECT_STREQ(hit_path[2].attribute_name, attribute_name);
+ EXPECT_STREQ(hit_path[2].field_name, field_name);
uuid_unparse(hit_path[2].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158");
uuid_unparse(hit_path[2].top_object_uuid, uuid_str);
@@ -5501,7 +5501,7 @@ TEST_F(Policy, EvaluationOrder) {
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000168");
- EXPECT_STREQ(hit_path[3].attribute_name, attribute_name);
+ EXPECT_STREQ(hit_path[3].field_name, field_name);
uuid_unparse(hit_path[3].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158");
uuid_unparse(hit_path[3].top_object_uuid, uuid_str);
@@ -5511,7 +5511,7 @@ TEST_F(Policy, EvaluationOrder) {
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000168");
- EXPECT_STREQ(hit_path[4].attribute_name, attribute_name);
+ EXPECT_STREQ(hit_path[4].field_name, field_name);
uuid_unparse(hit_path[4].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158");
uuid_unparse(hit_path[4].top_object_uuid, uuid_str);
@@ -5521,7 +5521,7 @@ TEST_F(Policy, EvaluationOrder) {
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000167");
- EXPECT_STREQ(hit_path[5].attribute_name, attribute_name);
+ EXPECT_STREQ(hit_path[5].field_name, field_name);
uuid_unparse(hit_path[5].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158");
uuid_unparse(hit_path[5].top_object_uuid, uuid_str);
@@ -5534,12 +5534,12 @@ TEST_F(Policy, EvaluationOrder) {
inet_pton(AF_INET, "192.168.23.23", &ip_addr);
const char *ip_plus_table_name = "IP_PLUS_CONFIG";
- const char *ip_plus_attribute_name = "IP_PLUS_CONFIG";
+ const char *ip_plus_field_name = "IP_PLUS_CONFIG";
memset(results, 0, sizeof(results));
- ret = maat_scan_ipv4(maat_inst, ip_plus_table_name, ip_plus_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_plus_table_name, ip_plus_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_plus_table_name, ip_plus_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_plus_table_name, ip_plus_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5552,9 +5552,9 @@ TEST_F(Policy, EvaluationOrder) {
TEST_F(Policy, NotConditionHitPath) {
const char *url_table_name = "HTTP_URL";
- const char *url_attribute_name = "HTTP_URL";
+ const char *url_field_name = "HTTP_URL";
const char *ip_table_name = "IP_CONFIG";
- const char *ip_attribute_name = "ATTRIBUTE_IP_CONFIG";
+ const char *ip_field_name = "FIELD_IP_CONFIG";
const char *url = "www.youtube.com";
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
@@ -5562,7 +5562,7 @@ TEST_F(Policy, NotConditionHitPath) {
struct maat *maat_inst = Policy::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, url, strlen(url), state);
+ int ret = maat_scan_string(maat_inst, url_table_name, url_field_name, url, strlen(url), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5571,10 +5571,10 @@ TEST_F(Policy, NotConditionHitPath) {
uint32_t ip_addr;
inet_pton(AF_INET, "192.168.101.101", &ip_addr);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5589,7 +5589,7 @@ TEST_F(Policy, NotConditionHitPath) {
EXPECT_EQ(n_hit_path, 4);
EXPECT_EQ(hit_path[0].Nth_scan, 1);
- EXPECT_STREQ(hit_path[0].attribute_name, url_attribute_name);
+ EXPECT_STREQ(hit_path[0].field_name, url_field_name);
EXPECT_EQ(hit_path[0].negate_option, 0);
EXPECT_EQ(hit_path[0].condition_index, 0);
uuid_unparse(hit_path[0].sub_object_uuid, uuid_str);
@@ -5601,7 +5601,7 @@ TEST_F(Policy, NotConditionHitPath) {
EXPECT_EQ(hit_path[1].Nth_scan, 2);
- EXPECT_STREQ(hit_path[1].attribute_name, ip_attribute_name);
+ EXPECT_STREQ(hit_path[1].field_name, ip_field_name);
EXPECT_EQ(hit_path[1].negate_option, 1);
EXPECT_EQ(hit_path[1].condition_index, -1);
uuid_unparse(hit_path[1].sub_object_uuid, uuid_str);
@@ -5611,7 +5611,7 @@ TEST_F(Policy, NotConditionHitPath) {
EXPECT_EQ(uuid_is_null(hit_path[1].rule_uuid), 1);
EXPECT_EQ(hit_path[2].Nth_scan, 2);
- EXPECT_STREQ(hit_path[2].attribute_name, ip_attribute_name);
+ EXPECT_STREQ(hit_path[2].field_name, ip_field_name);
EXPECT_EQ(hit_path[2].negate_option, 1);
EXPECT_EQ(hit_path[2].condition_index, -1);
uuid_unparse(hit_path[2].sub_object_uuid, uuid_str);
@@ -5621,7 +5621,7 @@ TEST_F(Policy, NotConditionHitPath) {
EXPECT_EQ(hit_path[3].Nth_scan, 2);
- EXPECT_STREQ(hit_path[3].attribute_name, ip_attribute_name);
+ EXPECT_STREQ(hit_path[3].field_name, ip_field_name);
EXPECT_EQ(hit_path[3].negate_option, 1);
EXPECT_EQ(hit_path[3].condition_index, 1);
uuid_unparse(hit_path[3].sub_object_uuid, uuid_str);
@@ -5687,14 +5687,14 @@ TEST_F(TableInfo, Conjunction) {
const char *scan_data = "soq is using table conjunction function."
"http://www.3300av.com/novel/27122.txt";
const char *conj_table_name = "HTTP_HOST";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
struct maat *maat_inst = TableInfo::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, conj_table_name, attribute_name, scan_data,
+ int ret = maat_scan_string(maat_inst, conj_table_name, field_name, scan_data,
strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, conj_table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, conj_table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5757,7 +5757,7 @@ struct log_handle *FileTest::logger;
TEST_F(FileTest, StreamFiles) {
const char test_data_dir[64] = "./test_streamfiles";
const char *keywords_table_name = "KEYWORDS_TABLE";
- const char *keywords_attribute_name = "KEYWORDS_TABLE";
+ const char *keywords_field_name = "KEYWORDS_TABLE";
int thread_id = 0;
struct maat *maat_inst = FileTest::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -5766,7 +5766,7 @@ TEST_F(FileTest, StreamFiles) {
int n = my_scandir(test_data_dir, &name_list, NULL,
(int (*)(const void*, const void*))alphasort);
ASSERT_GT(n, 0);
- struct maat_stream *stream = maat_stream_new(maat_inst, keywords_table_name, keywords_attribute_name, state);
+ struct maat_stream *stream = maat_stream_new(maat_inst, keywords_table_name, keywords_field_name, state);
ASSERT_FALSE(stream == NULL);
struct stat file_info;
@@ -5861,13 +5861,13 @@ protected:
struct maat *ObjectHierarchy::_shared_maat_inst;
struct log_handle *ObjectHierarchy::logger;
-TEST_F(ObjectHierarchy, AttributeOfOnePhysical)
+TEST_F(ObjectHierarchy, FieldOfOnePhysical)
{
const char *http_content = "Batman\\:Take me Home.Superman/:Fine,stay with me.";
const char *http_url = "https://blog.csdn.net/littlefang/article/details/8213058";
- const char *url_attribute_name = "HTTP_URL";
+ const char *url_field_name = "HTTP_URL";
const char *url_table_name = "HTTP_URL";
- const char *keywords_attribute_name = "HTTP_RESPONSE_KEYWORDS";
+ const char *keywords_field_name = "HTTP_RESPONSE_KEYWORDS";
const char *keywords_table_name = "KEYWORDS_TABLE";
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
@@ -5875,16 +5875,16 @@ TEST_F(ObjectHierarchy, AttributeOfOnePhysical)
struct maat *maat_inst = ObjectHierarchy::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- int ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, http_url, strlen(http_url), state);
+ int ret = maat_scan_string(maat_inst, url_table_name, url_field_name, http_url, strlen(http_url), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, keywords_table_name, keywords_attribute_name, http_content, strlen(http_content), state);
+ ret = maat_scan_string(maat_inst, keywords_table_name, keywords_field_name, http_content, strlen(http_content), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5897,11 +5897,11 @@ TEST_F(ObjectHierarchy, AttributeOfOnePhysical)
const char *should_not_hit = "2018-10-05 is a keywords of table "
"KEYWORDS_TABLE. Should not hit.";
- ret = maat_scan_string(maat_inst, keywords_table_name, keywords_attribute_name, should_not_hit,
+ ret = maat_scan_string(maat_inst, keywords_table_name, keywords_field_name, should_not_hit,
strlen(should_not_hit), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5911,10 +5911,10 @@ TEST_F(ObjectHierarchy, AttributeOfOnePhysical)
state = NULL;
}
-TEST_F(ObjectHierarchy, OneObjectInTwoAttribute) {
+TEST_F(ObjectHierarchy, OneObjectInTwoField) {
const char *http_resp_hdr_cookie = "sessionid=888888;BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; sugstore=1;";
- const char *req_attribute_name = "HTTP_REQUEST_HEADER";
- const char *res_attribute_name = "HTTP_RESPONSE_HEADER";
+ const char *req_field_name = "HTTP_REQUEST_HEADER";
+ const char *res_field_name = "HTTP_RESPONSE_HEADER";
const char *table_name = "HTTP_SIGNATURE";
uuid_t results[ARRAY_SIZE];
@@ -5924,18 +5924,18 @@ TEST_F(ObjectHierarchy, OneObjectInTwoAttribute) {
struct maat *maat_inst = ObjectHierarchy::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
- ret = maat_scan_string(maat_inst, table_name, req_attribute_name, http_resp_hdr_cookie,
+ ret = maat_scan_string(maat_inst, table_name, req_field_name, http_resp_hdr_cookie,
strlen(http_resp_hdr_cookie), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, req_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, req_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, res_attribute_name, http_resp_hdr_cookie,
+ ret = maat_scan_string(maat_inst, table_name, res_field_name, http_resp_hdr_cookie,
strlen(http_resp_hdr_cookie), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, res_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, res_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -5953,7 +5953,7 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) {
const char *src_asn2 = "AS6789";
const char *src_asn3 = "AS9001";
const char *dst_asn = "AS2345";
- const char *src_asn_attribute_name = "SOURCE_IP_ASN";
+ const char *src_asn_field_name = "SOURCE_IP_ASN";
const char *dst_asn_sttribute_name = "DESTINATION_IP_ASN";
const char *table_name = "AS_NUMBER";
uuid_t results[ARRAY_SIZE];
@@ -5965,10 +5965,10 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) {
//--------------------------------------
// Source ASN1 & Dest ASN
//--------------------------------------
- int ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn1, strlen(src_asn1), state);
+ int ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn1, strlen(src_asn1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
ret = maat_scan_string(maat_inst, table_name, dst_asn_sttribute_name, dst_asn, strlen(dst_asn), state);
@@ -5987,10 +5987,10 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) {
//--------------------------------------
// Source ASN2 & Dest ASN
//--------------------------------------
- ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn2, strlen(src_asn2), state);
+ ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn2, strlen(src_asn2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
ret = maat_scan_string(maat_inst, table_name, dst_asn_sttribute_name, dst_asn, strlen(dst_asn), state);
@@ -6009,10 +6009,10 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) {
//--------------------------------------
// Source ASN3 & Dest ASN
//--------------------------------------
- ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn3, strlen(src_asn3), state);
+ ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn3, strlen(src_asn3), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
ret = maat_scan_string(maat_inst, table_name, dst_asn_sttribute_name, dst_asn, strlen(dst_asn), state);
@@ -6035,10 +6035,10 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) {
const char *src_asn2 = "AS6789";
const char *my_county = "Greece.Sparta";
const char *ip_table_name = "IP_CONFIG";
- const char *ip_attribute_name = "IP_CONFIG";
- const char *src_asn_attribute_name = "SOURCE_IP_ASN";
+ const char *ip_field_name = "IP_CONFIG";
+ const char *src_asn_field_name = "SOURCE_IP_ASN";
const char *src_asn_table_name = "AS_NUMBER";
- const char *ip_geo_attribute_name = "SOURCE_IP_GEO";
+ const char *ip_geo_field_name = "SOURCE_IP_GEO";
const char *ip_geo_table_name = "GeoLocation";
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
@@ -6050,13 +6050,13 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) {
// Source ASN1 & IP
//--------------------------------------
- int ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_asn1, strlen(src_asn1), state);
+ int ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_asn1, strlen(src_asn1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
uint32_t ip_addr;
inet_pton(AF_INET, "192.168.40.88", &ip_addr);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6070,10 +6070,10 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) {
//--------------------------------------
// IP Geo & IP
//--------------------------------------
- ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), state);
+ ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6086,13 +6086,13 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) {
//--------------------------------------
// (Source ASN2 | IP Geo) & IP
//--------------------------------------
- ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_asn2, strlen(src_asn2), state);
+ ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_asn2, strlen(src_asn2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), state);
+ ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6150,7 +6150,7 @@ TEST_F(MaatCmd, SetIP) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *ip_table_name = "IP_CONFIG";
- const char *ip_attribute_name = "IP_CONFIG";
+ const char *ip_field_name = "IP_CONFIG";
const char *rule_table_name = "RULE_DEFAULT";
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -6175,7 +6175,7 @@ TEST_F(MaatCmd, SetIP) {
struct maat_cmd_and_condition and_condition;
and_condition.negate_option = 0;
and_condition.or_condition_num = 1;
- and_condition.or_conditions[0].attribute_name = ip_attribute_name;
+ and_condition.or_conditions[0].field_name = ip_field_name;
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -6191,10 +6191,10 @@ TEST_F(MaatCmd, SetIP) {
int table_id = maat_get_table_id(maat_inst, ip_table_name);
ASSERT_GE(table_id, 0);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, sip, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, sip, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6211,7 +6211,7 @@ TEST_F(MaatCmd, SetExpr) {
const char *scan_data = "Hiredis is a minimalistic C client library"
" for the Redis database.\r\n";
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
const char *keywords1 = "Hiredis";
const char *keywords2 = "C Client";
@@ -6232,16 +6232,16 @@ TEST_F(MaatCmd, SetExpr) {
snprintf(rule_uuid_str2, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id);
struct maat_cmd_and_condition and_condition1, and_condition2;
- test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str1, 0, keywords, &and_condition1);
- test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str2, 0, keywords, &and_condition2);
+ test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str1, 0, keywords, &and_condition1);
+ test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str2, 0, keywords, &and_condition2);
sleep(WAIT_FOR_EFFECTIVE_S);
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6262,10 +6262,10 @@ TEST_F(MaatCmd, SetExpr) {
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6278,12 +6278,12 @@ TEST_F(MaatCmd, SetExpr) {
char rule_uuid_str[UUID_STR_LEN] = {0};
snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id);
struct maat_cmd_and_condition and_condition;
- test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str, timeout, keywords, &and_condition);
+ test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str, timeout, keywords, &and_condition);
sleep(timeout + 1);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6299,7 +6299,7 @@ TEST_F(MaatCmd, SetExpr8) {
const char *rule_table_name = "RULE_DEFAULT";
const char *table_name = "KEYWORDS_TABLE";
- const char *attribute_name = "KEYWORDS_TABLE";
+ const char *field_name = "KEYWORDS_TABLE";
const char *keywords8 = "string1&string2&string3&string4&string5&string6&string7&string8";
const char *keywords7 = "string1&string2&string3&string4&string5&string6&string7";
@@ -6328,7 +6328,7 @@ TEST_F(MaatCmd, SetExpr8) {
struct maat_cmd_and_condition and_condition;
and_condition.negate_option = 0;
and_condition.or_condition_num = 1;
- and_condition.or_conditions[0].attribute_name = attribute_name;
+ and_condition.or_conditions[0].field_name = field_name;
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -6337,10 +6337,10 @@ TEST_F(MaatCmd, SetExpr8) {
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data8, strlen(scan_data8), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data8, strlen(scan_data8), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6361,10 +6361,10 @@ TEST_F(MaatCmd, SetExpr8) {
sleep(WAIT_FOR_EFFECTIVE_S);
memset(&results, 0, sizeof(results));
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data7, strlen(scan_data7), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data7, strlen(scan_data7), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6381,7 +6381,7 @@ TEST_F(MaatCmd, ObjectScan) {
size_t n_hit_result = 0;
int thread_id = 0;
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
const char *rule_table_name = "RULE_DEFAULT";
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -6396,7 +6396,7 @@ TEST_F(MaatCmd, ObjectScan) {
struct maat_cmd_and_condition and_condition;
and_condition.negate_option = 0;
and_condition.or_condition_num = 1;
- and_condition.or_conditions[0].attribute_name = attribute_name;
+ and_condition.or_conditions[0].field_name = field_name;
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -6410,7 +6410,7 @@ TEST_F(MaatCmd, ObjectScan) {
uuid_parse(object_uuid_str, object_uuid);
uuid_clear(item_uuid);
- ret = maat_scan_object(maat_inst, table_name, attribute_name, &object_uuid, &item_uuid, 1, state);
+ ret = maat_scan_object(maat_inst, table_name, field_name, &object_uuid, &item_uuid, 1, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6424,11 +6424,11 @@ TEST_F(MaatCmd, ObjectScan) {
}
/**
- * Filter such as URL: http://filtermenot.com => {attribute_id, object_id}
+ * Filter such as URL: http://filtermenot.com => {field_id, object_id}
One rule reference this filter twice, the rule should be hit.
*/
TEST_F(MaatCmd, SameFilterRefByOneRule) {
- const char *attribute_name = "HTTP_URL_FILTER";
+ const char *field_name = "HTTP_URL_FILTER";
const char *table_name = "HTTP_URL";
const char *scan_data = "http://filtermenot.com";
const char *keywords = "menot.com";
@@ -6456,13 +6456,13 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) {
struct maat_cmd_and_condition and_condition[2];
and_condition[0].negate_option = 0;
and_condition[0].or_condition_num = 1;
- and_condition[0].or_conditions[0].attribute_name = attribute_name;
+ and_condition[0].or_conditions[0].field_name = field_name;
and_condition[0].or_conditions[0].object_num = 1;
and_condition[0].or_conditions[0].object_uuids_str[0] = object_uuid_str;
- //condition1 & condition2 has same filter => {attribute_name, object_uuid}
+ //condition1 & condition2 has same filter => {field_name, object_uuid}
and_condition[1].negate_option = 0;
and_condition[1].or_condition_num = 1;
- and_condition[1].or_conditions[0].attribute_name = attribute_name;
+ and_condition[1].or_conditions[0].field_name = field_name;
and_condition[1].or_conditions[0].object_num = 1;
and_condition[1].or_conditions[0].object_uuids_str[0] = object_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -6471,10 +6471,10 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) {
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6489,7 +6489,7 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) {
TEST_F(MaatCmd, RuleIDRecycle) {
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
const char *scan_data = "Reuse rule ID is allowed.";
const char *keywords = "Reuse&rule";
uuid_t results[ARRAY_SIZE];
@@ -6502,14 +6502,14 @@ TEST_F(MaatCmd, RuleIDRecycle) {
char rule_uuid_str[UUID_STR_LEN] = {0};
snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id);
struct maat_cmd_and_condition and_condition;
- test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str, 0, keywords, &and_condition);
+ test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str, 0, keywords, &and_condition);
sleep(WAIT_FOR_EFFECTIVE_S);
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data,
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data,
strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6523,10 +6523,10 @@ TEST_F(MaatCmd, RuleIDRecycle) {
rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_DEL, rule_uuid_str, &and_condition, 1, NULL, 0);
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6534,14 +6534,14 @@ TEST_F(MaatCmd, RuleIDRecycle) {
maat_state_reset(state);
- test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str, 0, keywords, &and_condition);
+ test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str, 0, keywords, &and_condition);
sleep(WAIT_FOR_EFFECTIVE_S);
memset(results, 0, sizeof(results));
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6555,7 +6555,7 @@ TEST_F(MaatCmd, RuleIDRecycle) {
TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) {
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
const char *scan_data = "This string will hit mulptiple rules.";
const char *keywords = "string will hit";
uuid_t results[ARRAY_SIZE];
@@ -6575,15 +6575,15 @@ TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) {
struct maat_cmd_and_condition and_condition;
expect_rule_id[i] = rule_id + 1 - repeat_times + i;
snprintf(rule_uuid_str_array[i], UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", expect_rule_id[i]);
- test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str_array[i], 0, keywords, &and_condition);
+ test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str_array[i], 0, keywords, &and_condition);
}
sleep(WAIT_FOR_EFFECTIVE_S);
memset(results, 0, sizeof(results));
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6599,7 +6599,7 @@ TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) {
TEST_F(MaatCmd, SubObject) {
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
const char *rule_table_name = "RULE_DEFAULT";
const char *object_group_table_name = "OBJECT_GROUP";
const char *scan_data1 = "www.v2ex.com/t/573028#程序员的核心竞争力是什么";
@@ -6643,7 +6643,7 @@ TEST_F(MaatCmd, SubObject) {
struct maat_cmd_and_condition and_condition;
and_condition.negate_option = 0;
and_condition.or_condition_num = 1;
- and_condition.or_conditions[0].attribute_name = attribute_name;
+ and_condition.or_conditions[0].field_name = field_name;
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -6663,10 +6663,10 @@ TEST_F(MaatCmd, SubObject) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6688,10 +6688,10 @@ TEST_F(MaatCmd, SubObject) {
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6715,10 +6715,10 @@ TEST_F(MaatCmd, SubObject) {
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6746,10 +6746,10 @@ TEST_F(MaatCmd, SubObject) {
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_uuid_str,
object3_uuid_str, keyword2, EXPR_TYPE_AND, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */
sleep(2);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data2, strlen(scan_data2), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data2, strlen(scan_data2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6772,10 +6772,10 @@ TEST_F(MaatCmd, SubObject) {
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6789,7 +6789,7 @@ TEST_F(MaatCmd, SubObject) {
TEST_F(MaatCmd, RefObject) {
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
const char* rule_table_name = "RULE_DEFAULT";
const char* scan_data1 = "m.facebook.com/help/2297503110373101?helpref=hc_nav&refid=69";
const char* keyword1 = "something-should-not-hit";
@@ -6817,7 +6817,7 @@ TEST_F(MaatCmd, RefObject) {
struct maat_cmd_and_condition and_condition;
and_condition.negate_option = 0;
and_condition.or_condition_num = 1;
- and_condition.or_conditions[0].attribute_name = attribute_name;
+ and_condition.or_conditions[0].field_name = field_name;
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -6850,10 +6850,10 @@ TEST_F(MaatCmd, RefObject) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6866,11 +6866,11 @@ TEST_F(MaatCmd, RefObject) {
state = NULL;
}
-TEST_F(MaatCmd, Attribute) {
+TEST_F(MaatCmd, Field) {
const char* rule_table_name = "RULE_DEFAULT";
const char* table_name="HTTP_SIGNATURE";
- const char *attribute_req_name = "HTTP_REQUEST_HEADER";
- const char *attribute_resp_name = "HTTP_RESPONSE_HEADER";
+ const char *field_req_name = "HTTP_REQUEST_HEADER";
+ const char *field_resp_name = "HTTP_RESPONSE_HEADER";
int thread_id = 0, ret = 0;
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -6908,12 +6908,12 @@ TEST_F(MaatCmd, Attribute) {
struct maat_cmd_and_condition and_conditions[2];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = attribute_req_name;
+ and_conditions[0].or_conditions[0].field_name = field_req_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
and_conditions[1].negate_option = 0;
and_conditions[1].or_condition_num = 1;
- and_conditions[1].or_conditions[0].attribute_name = attribute_resp_name;
+ and_conditions[1].or_conditions[0].field_name = field_resp_name;
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -6928,18 +6928,18 @@ TEST_F(MaatCmd, Attribute) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
- ret = maat_scan_string(maat_inst, table_name, attribute_req_name, http_req_hdr_ua,
+ ret = maat_scan_string(maat_inst, table_name, field_req_name, http_req_hdr_ua,
strlen(http_req_hdr_ua), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_req_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_req_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_string(maat_inst, table_name, attribute_resp_name, http_resp_hdr_cookie,
+ ret = maat_scan_string(maat_inst, table_name, field_resp_name, http_resp_hdr_cookie,
strlen(http_resp_hdr_cookie), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_resp_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_resp_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -6955,7 +6955,7 @@ TEST_F(MaatCmd, Attribute) {
rule1_uuid_str, and_conditions, 2, NULL, 0);
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = attribute_resp_name;
+ and_conditions[0].or_conditions[0].field_name = field_resp_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -6964,11 +6964,11 @@ TEST_F(MaatCmd, Attribute) {
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_string(maat_inst, table_name, attribute_resp_name, http_resp_hdr_cookie,
+ ret = maat_scan_string(maat_inst, table_name, field_resp_name, http_resp_hdr_cookie,
strlen(http_resp_hdr_cookie), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_resp_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_resp_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -7257,7 +7257,7 @@ TEST_F(MaatCmd, RuleEXData) {
struct maat_cmd_and_condition and_condition;
and_condition.negate_option = 0;
and_condition.or_condition_num = 1;
- and_condition.or_conditions[0].attribute_name = "HTTP_URL";
+ and_condition.or_conditions[0].field_name = "HTTP_URL";
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -7671,9 +7671,9 @@ TEST_F(MaatCmd, UpdateBoolPlugin) {
TEST_F(MaatCmd, ObjectInMassRules) {
const char* rule_table_name = "RULE_DEFAULT";
const char* url_table_name = "HTTP_URL";
- const char* url_attribute_anme = "HTTP_URL";
+ const char* url_field_anme = "HTTP_URL";
const char* appid_table_name = "APP_ID";
- const char* appid_attribute_name = "APP_ID";
+ const char* appid_field_name = "APP_ID";
int thread_id = 0;
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -7720,12 +7720,12 @@ TEST_F(MaatCmd, ObjectInMassRules) {
struct maat_cmd_and_condition and_conditions[2];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = url_attribute_anme;
+ and_conditions[0].or_conditions[0].field_name = url_field_anme;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
and_conditions[1].negate_option = 0;
and_conditions[1].or_condition_num = 1;
- and_conditions[1].or_conditions[0].attribute_name = appid_attribute_name;
+ and_conditions[1].or_conditions[0].field_name = appid_field_name;
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str;
for (i = 0; i < RULE_ID_NUMS; i++) {
@@ -7747,12 +7747,12 @@ TEST_F(MaatCmd, ObjectInMassRules) {
struct maat_cmd_and_condition target_and_conditions[2];
target_and_conditions[0].negate_option = 0;
target_and_conditions[0].or_condition_num = 1;
- target_and_conditions[0].or_conditions[0].attribute_name = url_attribute_anme;
+ target_and_conditions[0].or_conditions[0].field_name = url_field_anme;
target_and_conditions[0].or_conditions[0].object_num = 1;
target_and_conditions[0].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
target_and_conditions[1].negate_option = 0;
target_and_conditions[1].or_condition_num = 1;
- target_and_conditions[1].or_conditions[0].attribute_name = appid_attribute_name;
+ target_and_conditions[1].or_conditions[0].field_name = appid_field_name;
target_and_conditions[1].or_conditions[0].object_num = 1;
target_and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -7767,16 +7767,16 @@ TEST_F(MaatCmd, ObjectInMassRules) {
uuid_t results[4];
size_t n_hit_result = 0;
- ret = maat_scan_string(maat_inst, url_table_name, url_attribute_anme, http_url2, strlen(http_url2), state);
+ ret = maat_scan_string(maat_inst, url_table_name, url_field_anme, http_url2, strlen(http_url2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_anme, state);
+ ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_anme, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_integer(maat_inst, appid_table_name, appid_attribute_name, 100, state);
+ ret = maat_scan_integer(maat_inst, appid_table_name, appid_field_name, 100, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, 4);
@@ -7787,16 +7787,16 @@ TEST_F(MaatCmd, ObjectInMassRules) {
maat_state_reset(state);
- ret = maat_scan_string(maat_inst, url_table_name, url_attribute_anme, http_url1, strlen(http_url1), state);
+ ret = maat_scan_string(maat_inst, url_table_name, url_field_anme, http_url1, strlen(http_url1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_anme, state);
+ ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_anme, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_integer(maat_inst, appid_table_name, appid_attribute_name, 100, state);
+ ret = maat_scan_integer(maat_inst, appid_table_name, appid_field_name, 100, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, 4);
@@ -7813,7 +7813,7 @@ TEST_F(MaatCmd, HitObject) {
const char *http_req_attr_name = "HTTP_REQUEST_HEADER";
const char *http_resp_attr_name = "HTTP_RESPONSE_HEADER";
const char *ip_table_name = "IP_CONFIG";
- const char *ip_attribute_name = "IP_CONFIG";
+ const char *ip_field_name = "IP_CONFIG";
const char *keywords_table_name = "KEYWORDS_TABLE";
const char *keywords_attr_name = "KEYWORDS";
int thread_id = 0, ret = 0;
@@ -7851,12 +7851,12 @@ TEST_F(MaatCmd, HitObject) {
struct maat_cmd_and_condition and_conditions[2];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = http_req_attr_name;
+ and_conditions[0].or_conditions[0].field_name = http_req_attr_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
and_conditions[1].negate_option = 0;
and_conditions[1].or_condition_num = 1;
- and_conditions[1].or_conditions[0].attribute_name = http_resp_attr_name;
+ and_conditions[1].or_conditions[0].field_name = http_resp_attr_name;
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -8026,7 +8026,7 @@ TEST_F(MaatCmd, HitObject) {
uint32_t ip_addr;
inet_pton(AF_INET, "220.181.38.150", &ip_addr);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
scan_times = maat_state_get_scan_count(state);
@@ -8039,7 +8039,7 @@ TEST_F(MaatCmd, HitObject) {
uuid_unparse(object_uuids[0], uuid_str);
EXPECT_STREQ(uuid_str, object4_uuid_str);
- n_hit_cnt = maat_state_get_hit_items(state, ip_attribute_name, item_uuids, object_uuids, 128);
+ n_hit_cnt = maat_state_get_hit_items(state, ip_field_name, item_uuids, object_uuids, 128);
EXPECT_EQ(n_hit_cnt, 1);
uuid_unparse(item_uuids[0], uuid_str);
EXPECT_STREQ(uuid_str, item3_uuid_str);
@@ -8060,12 +8060,12 @@ TEST_F(MaatCmd, HitObject) {
EXPECT_STREQ(uuid_str, object1_uuid_str);
const char *attr_names[10];
- size_t attr_cnt = maat_state_get_attribute_names(state, attr_names, 10);
+ size_t attr_cnt = maat_state_get_field_names(state, attr_names, 10);
EXPECT_EQ(attr_cnt, 4);
EXPECT_STREQ(attr_names[0], http_req_attr_name);
EXPECT_STREQ(attr_names[1], http_resp_attr_name);
EXPECT_STREQ(attr_names[2], keywords_attr_name);
- EXPECT_STREQ(attr_names[3], ip_attribute_name);
+ EXPECT_STREQ(attr_names[3], ip_field_name);
maat_stream_free(stream);
maat_state_free(state);
@@ -8079,7 +8079,7 @@ TEST_F(MaatCmd, HitPathBasic) {
const char *http_req_attr_name = "HTTP_REQUEST_HEADER";
const char *http_resp_attr_name = "HTTP_RESPONSE_HEADER";
const char *ip_table_name = "IP_CONFIG";
- const char *ip_attribute_name = "IP_CONFIG";
+ const char *ip_field_name = "IP_CONFIG";
const char *keywords_table_name = "KEYWORDS_TABLE";
const char *keywords_attr_name = "KEYWORDS";
int thread_id = 0, ret = 0;
@@ -8114,12 +8114,12 @@ TEST_F(MaatCmd, HitPathBasic) {
struct maat_cmd_and_condition and_conditions[2];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = http_req_attr_name;
+ and_conditions[0].or_conditions[0].field_name = http_req_attr_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
and_conditions[1].negate_option = 0;
and_conditions[1].or_condition_num = 1;
- and_conditions[1].or_conditions[0].attribute_name = http_resp_attr_name;
+ and_conditions[1].or_conditions[0].field_name = http_resp_attr_name;
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id);
@@ -8225,7 +8225,7 @@ TEST_F(MaatCmd, HitPathBasic) {
EXPECT_STREQ(uuid_str, object1_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object11_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, http_req_attr_name);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
path_idx++;
@@ -8235,7 +8235,7 @@ TEST_F(MaatCmd, HitPathBasic) {
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object1_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, http_req_attr_name);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
Nth_scan++;
@@ -8288,7 +8288,7 @@ TEST_F(MaatCmd, HitPathBasic) {
EXPECT_STREQ(uuid_str, object2_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object21_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, http_resp_attr_name);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule1_uuid_str);
@@ -8300,7 +8300,7 @@ TEST_F(MaatCmd, HitPathBasic) {
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object2_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, http_resp_attr_name);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
const char* keywords1="In graph theory, a path in a graph is a finite or infinite \
@@ -8335,17 +8335,17 @@ that the edges be all directed in the same direction.";
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object4_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
Nth_scan++;
uint32_t ip_addr;
inet_pton(AF_INET, "220.181.38.148", &ip_addr);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -8365,7 +8365,7 @@ that the edges be all directed in the same direction.";
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object3_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
Nth_scan++;
@@ -8392,7 +8392,7 @@ that the edges be all directed in the same direction.";
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object4_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
maat_stream_free(stream);
@@ -8418,7 +8418,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
const char *object_group_table_name = "OBJECT_GROUP";
const char *rule_table_name = "RULE_DEFAULT";
const char *ip_table_name = "IP_CONFIG";
- const char *ip_attribute_name = "IP_CONFIG";
+ const char *ip_field_name = "IP_CONFIG";
const char *keywords_table_name = "KEYWORDS_TABLE";
const char *keywords_attr_name = "KEYWORDS";
int thread_id = 0, ret = 0;
@@ -8454,12 +8454,12 @@ TEST_F(MaatCmd, HitPathAdvanced) {
struct maat_cmd_and_condition and_conditions[2];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = keywords_attr_name;
+ and_conditions[0].or_conditions[0].field_name = keywords_attr_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
and_conditions[1].negate_option = 0;
and_conditions[1].or_condition_num = 1;
- and_conditions[1].or_conditions[0].attribute_name = keywords_attr_name;
+ and_conditions[1].or_conditions[0].field_name = keywords_attr_name;
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -8513,12 +8513,12 @@ TEST_F(MaatCmd, HitPathAdvanced) {
snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id);
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = keywords_attr_name;
+ and_conditions[0].or_conditions[0].field_name = keywords_attr_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
and_conditions[1].negate_option = 0;
and_conditions[1].or_condition_num = 1;
- and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name;
+ and_conditions[1].or_conditions[0].field_name = ip_field_name;
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -8558,12 +8558,12 @@ TEST_F(MaatCmd, HitPathAdvanced) {
snprintf(rule3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule3_id);
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = ip_attribute_name;
+ and_conditions[0].or_conditions[0].field_name = ip_field_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object3_uuid_str;
and_conditions[1].negate_option = 0;
and_conditions[1].or_condition_num = 1;
- and_conditions[1].or_conditions[0].attribute_name = keywords_attr_name;
+ and_conditions[1].or_conditions[0].field_name = keywords_attr_name;
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object4_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -8600,7 +8600,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object1_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].condition_index, -1);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
@@ -8624,7 +8624,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, object1_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object1_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].condition_index, 0);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule1_uuid_str);
@@ -8638,7 +8638,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, object2_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object21_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].condition_index, 1);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule1_uuid_str);
@@ -8651,14 +8651,14 @@ TEST_F(MaatCmd, HitPathAdvanced) {
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object2_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].condition_index, -1);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
uint32_t ip_addr;
inet_pton(AF_INET, "220.181.38.168", &ip_addr);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -8678,7 +8678,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, object1_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object1_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].condition_index, 0);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule1_uuid_str);
@@ -8692,7 +8692,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, object2_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object21_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].condition_index, 0);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule2_uuid_str);
@@ -8705,7 +8705,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object2_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].condition_index, -1);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
@@ -8718,7 +8718,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, object3_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object3_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name);
EXPECT_EQ(hit_path[path_idx].condition_index, 1);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule2_uuid_str);
@@ -8732,7 +8732,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, object2_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object21_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].condition_index, 1);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule1_uuid_str);
@@ -8759,7 +8759,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, object1_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object1_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].condition_index, 0);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule1_uuid_str);
@@ -8773,7 +8773,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, object2_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object21_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].condition_index, 0);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule2_uuid_str);
@@ -8786,7 +8786,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object2_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].condition_index, -1);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
@@ -8799,7 +8799,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, object3_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object3_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name);
EXPECT_EQ(hit_path[path_idx].condition_index, 0);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule3_uuid_str);
@@ -8813,7 +8813,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, object4_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object4_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].condition_index, 1);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule3_uuid_str);
@@ -8827,7 +8827,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, object3_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object3_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name);
EXPECT_EQ(hit_path[path_idx].condition_index, 1);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule2_uuid_str);
@@ -8841,7 +8841,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_STREQ(uuid_str, object2_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object21_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].condition_index, 1);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule1_uuid_str);
@@ -8857,7 +8857,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
const char *http_req_attr_name = "HTTP_REQUEST_HEADER";
const char *http_resp_attr_name = "HTTP_RESPONSE_HEADER";
const char *ip_table_name = "IP_CONFIG";
- const char *ip_attribute_name = "IP_CONFIG";
+ const char *ip_field_name = "IP_CONFIG";
const char *keywords_table_name = "KEYWORDS_TABLE";
const char *keywords_attr_name = "KEYWORDS";
int thread_id = 0, ret = 0;
@@ -8892,12 +8892,12 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
struct maat_cmd_and_condition and_conditions[2];
and_conditions[0].negate_option = 1;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = http_req_attr_name;
+ and_conditions[0].or_conditions[0].field_name = http_req_attr_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
and_conditions[1].negate_option = 0;
and_conditions[1].or_condition_num = 1;
- and_conditions[1].or_conditions[0].attribute_name = http_resp_attr_name;
+ and_conditions[1].or_conditions[0].field_name = http_resp_attr_name;
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -9001,7 +9001,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
EXPECT_STREQ(uuid_str, object1_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object11_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, http_req_attr_name);
EXPECT_EQ(hit_path[path_idx].negate_option, 1);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
@@ -9011,7 +9011,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object1_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, http_req_attr_name);
EXPECT_EQ(hit_path[path_idx].negate_option, 1);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
@@ -9066,7 +9066,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
EXPECT_STREQ(uuid_str, object2_uuid_str);
uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object21_uuid_str);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, http_resp_attr_name);
EXPECT_EQ(hit_path[path_idx].negate_option, 0);
uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, rule1_uuid_str);
@@ -9079,7 +9079,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object2_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, http_resp_attr_name);
EXPECT_EQ(hit_path[path_idx].negate_option, 0);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
@@ -9114,17 +9114,17 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object4_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].negate_option, 0);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
Nth_scan++;
uint32_t ip_addr;
inet_pton(AF_INET, "220.181.38.158", &ip_addr);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -9144,7 +9144,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object3_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name);
EXPECT_EQ(hit_path[path_idx].negate_option, 0);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
@@ -9172,7 +9172,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str);
EXPECT_STREQ(uuid_str, object4_uuid_str);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1);
- EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name);
+ EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name);
EXPECT_EQ(hit_path[path_idx].negate_option, 0);
EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1);
@@ -9218,7 +9218,7 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) {
struct maat_cmd_and_condition and_condition;
and_condition.negate_option = 0;
and_condition.or_condition_num = 1;
- and_condition.or_conditions[0].attribute_name = http_resp_attr_name;
+ and_condition.or_conditions[0].field_name = http_resp_attr_name;
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object52_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -9298,9 +9298,9 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) {
TEST_F(MaatCmd, ObjectEdit) {
const char *rule_table_name = "RULE_DEFAULT";
const char *ip_table_name = "IP_PLUS_CONFIG";
- const char *ip_attribute_name = "IP_PLUS_CONFIG";
+ const char *ip_field_name = "IP_PLUS_CONFIG";
const char *app_id_table_name = "APP_ID";
- const char *app_id_attribute_name = "APP_ID";
+ const char *app_id_field_name = "APP_ID";
int thread_id = 0, ret = 0;
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -9336,12 +9336,12 @@ TEST_F(MaatCmd, ObjectEdit) {
struct maat_cmd_and_condition and_conditions[2];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = ip_attribute_name;
+ and_conditions[0].or_conditions[0].field_name = ip_field_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object11_uuid_str;
and_conditions[1].negate_option = 0;
and_conditions[1].or_condition_num = 1;
- and_conditions[1].or_conditions[0].attribute_name = app_id_attribute_name;
+ and_conditions[1].or_conditions[0].field_name = app_id_field_name;
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -9356,20 +9356,20 @@ TEST_F(MaatCmd, ObjectEdit) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
EXPECT_EQ(n_hit_result, 0);
int scan_app_id = 42;
- ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, state);
+ ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_field_name, scan_app_id, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
maat_state_reset(state);
@@ -9389,14 +9389,14 @@ TEST_F(MaatCmd, ObjectEdit) {
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, state);
+ ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_field_name, scan_app_id, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -9422,16 +9422,16 @@ TEST_F(MaatCmd, ObjectEdit) {
sleep(WAIT_FOR_EFFECTIVE_S);
memset(results, 0, sizeof(results));
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, state);
+ ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_field_name, scan_app_id, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -9444,7 +9444,7 @@ TEST_F(MaatCmd, ObjectEdit) {
TEST_F(MaatCmd, RuleDelete_TSG6548) {
const char* rule_table_name = "RULE_DEFAULT";
const char* ip_table_name = "IP_PLUS_CONFIG";
- const char *ip_attribute_name = "IP_PLUS_CONFIG";
+ const char *ip_field_name = "IP_PLUS_CONFIG";
int thread_id = 0, ret = 0;
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -9467,7 +9467,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) {
struct maat_cmd_and_condition and_conditions[1];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = ip_attribute_name;
+ and_conditions[0].or_conditions[0].field_name = ip_field_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object11_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -9485,10 +9485,10 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) {
int table_id = maat_get_table_id(maat_inst, ip_table_name);
ASSERT_GT(table_id, 0);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -9506,7 +9506,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) {
time_t update_time = time(NULL);
time_t now = update_time;
while (now - update_time < 3) {
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
if (ret == MAAT_SCAN_HIT) {
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
if (n_hit_result > 0) {
@@ -9528,7 +9528,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) {
TEST_F(MaatCmd, UpdateDeadLockDetection) {
const char* rule_table_name = "RULE_DEFAULT";
const char* table_http_url = "HTTP_URL";
- const char *attribute_http_url = "HTTP_URL";
+ const char *field_http_url = "HTTP_URL";
int thread_id = 0, ret = 0;
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -9552,7 +9552,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
struct maat_cmd_and_condition and_conditions[1];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = attribute_http_url;
+ and_conditions[0].or_conditions[0].field_name = field_http_url;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -9567,10 +9567,10 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
- ret = maat_scan_string(maat_inst, table_http_url, attribute_http_url, scan_data1, strlen(scan_data1), state);
+ ret = maat_scan_string(maat_inst, table_http_url, field_http_url, scan_data1, strlen(scan_data1), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_http_url, attribute_http_url, state);
+ ret = maat_scan_not_logic(maat_inst, table_http_url, field_http_url, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -9609,11 +9609,11 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
sleep(10);
memset(results, 0, sizeof(results));
- ret = maat_scan_string(maat_inst, table_http_url, attribute_http_url, scan_data2, strlen(scan_data2), state);
+ ret = maat_scan_string(maat_inst, table_http_url, field_http_url, scan_data2, strlen(scan_data2), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_http_url, attribute_http_url, state);
+ ret = maat_scan_not_logic(maat_inst, table_http_url, field_http_url, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -9630,7 +9630,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) {
const char* rule_table_name = "RULE_DEFAULT";
const char* scan_table_name = "KEYWORDS_TABLE";
- const char *scan_attribute_name = "KEYWORDS_TABLE";
+ const char *scan_field_name = "KEYWORDS_TABLE";
int thread_id = 0, ret = 0;
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -9646,7 +9646,7 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) {
struct maat_cmd_and_condition and_conditions[1];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = scan_attribute_name;
+ and_conditions[0].or_conditions[0].field_name = scan_field_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -9659,11 +9659,11 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
- struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_attribute_name, state);
+ struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_field_name, state);
ret = maat_stream_scan(stream, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
//item1 -> object1 -> rule1
@@ -9683,16 +9683,16 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) {
ret = maat_stream_scan(stream, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
maat_stream_free(stream);
- stream = maat_stream_new(maat_inst, scan_table_name, scan_attribute_name, state);
+ stream = maat_stream_new(maat_inst, scan_table_name, scan_field_name, state);
ret = maat_stream_scan(stream, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -9709,7 +9709,7 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) {
TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
const char* rule_table_name = "RULE_DEFAULT";
const char* scan_table_name = "KEYWORDS_TABLE";
- const char *scan_attribute_name = "KEYWORDS_TABLE";
+ const char *scan_field_name = "KEYWORDS_TABLE";
int thread_id = 0, ret = 0;
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -9733,7 +9733,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
struct maat_cmd_and_condition and_conditions[1];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = scan_attribute_name;
+ and_conditions[0].or_conditions[0].field_name = scan_field_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -9746,11 +9746,11 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
uuid_t results[ARRAY_SIZE];
size_t n_hit_result = 0;
- struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_attribute_name, state);
+ struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_field_name, state);
ret = maat_stream_scan(stream, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -9771,7 +9771,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
ret = maat_stream_scan(stream, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_OK); //Scan was interupted after full update.
- ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
maat_stream_free(stream);
@@ -9782,9 +9782,9 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
const char *rule_table_name = "RULE_DEFAULT";
const char *expr_table_name = "KEYWORDS_TABLE";
- const char *expr_attribute_name = "KEYWORDS_TABLE";
+ const char *expr_field_name = "KEYWORDS_TABLE";
const char *ip_table_name = "IP_PLUS_CONFIG";
- const char *ip_attribute_name = "IP_PLUS_CONFIG";
+ const char *ip_field_name = "IP_PLUS_CONFIG";
int thread_id = 0, ret = 0;
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -9822,12 +9822,12 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
struct maat_cmd_and_condition and_conditions[2];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name;
+ and_conditions[0].or_conditions[0].field_name = expr_field_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
and_conditions[1].negate_option = 0;
and_conditions[1].or_condition_num = 1;
- and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name;
+ and_conditions[1].or_conditions[0].field_name = ip_field_name;
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -9846,10 +9846,10 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
int table_id = maat_get_table_id(maat_inst, ip_table_name);
ASSERT_GT(table_id, 0);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -9867,11 +9867,11 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
const char *scan_data = "Here is a stream-keywords-003, this should hit.";
- struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_attribute_name, state);
+ struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_field_name, state);
ret = maat_stream_scan(stream, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -9890,9 +9890,9 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) {
const char *rule_table_name = "RULE_DEFAULT";
const char *ip_table_name = "IP_PLUS_CONFIG";
- const char *ip_attribute_name = "IP_PLUS_CONFIG";
+ const char *ip_field_name = "IP_PLUS_CONFIG";
const char *expr_table_name = "KEYWORDS_TABLE";
- const char *expr_attribute_name = "KEYWORDS_TABLE";
+ const char *expr_field_name = "KEYWORDS_TABLE";
int thread_id = 0, ret = 0;
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -9931,12 +9931,12 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) {
struct maat_cmd_and_condition and_conditions[2];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name;
+ and_conditions[0].or_conditions[0].field_name = expr_field_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
and_conditions[1].negate_option = 0;
and_conditions[1].or_condition_num = 1;
- and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name;
+ and_conditions[1].or_conditions[0].field_name = ip_field_name;
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -9952,10 +9952,10 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) {
ret = inet_pton(AF_INET, ip_str, &ip_addr);
EXPECT_EQ(ret, 1);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -9970,17 +9970,17 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) {
const char *scan_data = "Here is a stream-keywords-004, this should hit.";
- struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_attribute_name, state);
+ struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_field_name, state);
ret = maat_stream_scan(stream, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -9997,9 +9997,9 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) {
TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
const char *rule_table_name = "RULE_DEFAULT";
const char *expr_table_name = "HTTP_URL";
- const char *expr_attribute_name = "HTTP_URL";
+ const char *expr_field_name = "HTTP_URL";
const char *ip_table_name = "IP_PLUS_CONFIG";
- const char *ip_attribute_name = "IP_PLUS_CONFIG";
+ const char *ip_field_name = "IP_PLUS_CONFIG";
const char *keywords = "IP&stringinc";
int thread_id = 0, ret = 0;
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
@@ -10038,12 +10038,12 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
struct maat_cmd_and_condition and_conditions[2];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name;
+ and_conditions[0].or_conditions[0].field_name = expr_field_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
and_conditions[1].negate_option = 0;
and_conditions[1].or_condition_num = 1;
- and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name;
+ and_conditions[1].or_conditions[0].field_name = ip_field_name;
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -10059,10 +10059,10 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
ret = inet_pton(AF_INET, ip_str, &ip_addr);
EXPECT_EQ(ret, 1);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -10080,10 +10080,10 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
const char *scan_data = "Here is a IP and stringinc, this should hit.";
- ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, scan_data, strlen(scan_data), state);
+ ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -10101,9 +10101,9 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) {
const char *rule_table_name = "RULE_DEFAULT";
const char *ip_table_name = "IP_PLUS_CONFIG";
- const char *ip_attribute_name = "IP_PLUS_CONFIG";
+ const char *ip_field_name = "IP_PLUS_CONFIG";
const char *expr_table_name = "HTTP_URL";
- const char *expr_attribute_name = "HTTP_URL";
+ const char *expr_field_name = "HTTP_URL";
const char *keywords = "IP&string";
int thread_id = 0, ret = 0;
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
@@ -10142,12 +10142,12 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) {
struct maat_cmd_and_condition and_conditions[2];
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
- and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name;
+ and_conditions[0].or_conditions[0].field_name = expr_field_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
and_conditions[1].negate_option = 0;
and_conditions[1].or_condition_num = 1;
- and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name;
+ and_conditions[1].or_conditions[0].field_name = ip_field_name;
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
@@ -10163,10 +10163,10 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) {
ret = inet_pton(AF_INET, ip_str, &ip_addr);
EXPECT_EQ(ret, 1);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr,state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr,state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -10181,10 +10181,10 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) {
const char *scan_data = "scan IP and string, this should hit.";
- ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, scan_data, strlen(scan_data), state);
+ ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -10193,10 +10193,10 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) {
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, rule1_uuid_str);
- ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, state);
+ ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -10345,7 +10345,7 @@ rollback_redis_version(redisContext *c, struct log_handle *logger)
TEST_F(MaatRollback, FullConfigRollback) {
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
struct maat *maat_inst = MaatRollback::_shared_maat_inst;
struct log_handle *logger = MaatRollback::logger;
@@ -10356,10 +10356,10 @@ TEST_F(MaatRollback, FullConfigRollback) {
const char *scan_data = "http://www.cyberessays.com/search_results.php?"
"action=search&query=username,abckkk,1234567";
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -10389,10 +10389,10 @@ TEST_F(MaatRollback, FullConfigRollback) {
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -10406,7 +10406,7 @@ TEST_F(MaatRollback, FullConfigRollback) {
TEST_F(MaatRollback, FullConfigRollbackWhenScanUnfinished) {
const char *table_name = "HTTP_URL";
- const char *attribute_name = "HTTP_URL";
+ const char *field_name = "HTTP_URL";
struct maat *maat_inst = MaatRollback::_shared_maat_inst;
struct log_handle *logger = MaatRollback::logger;
@@ -10417,10 +10417,10 @@ TEST_F(MaatRollback, FullConfigRollbackWhenScanUnfinished) {
const char *scan_data = "http://www.cyberessays.com/search_results.php?"
"action=search&query=username,abckkk,1234567";
- int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
@@ -10450,10 +10450,10 @@ TEST_F(MaatRollback, FullConfigRollbackWhenScanUnfinished) {
sleep(WAIT_FOR_EFFECTIVE_S);
- ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), state);
+ ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
- ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, state);
+ ret = maat_scan_not_logic(maat_inst, table_name, field_name, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
n_hit_result = maat_state_compile(state, default_rule_table_name, results, ARRAY_SIZE);
diff --git a/test/maat_json.json b/test/maat_json.json
index 6a89a53..9206392 100644
--- a/test/maat_json.json
+++ b/test/maat_json.json
@@ -623,13 +623,13 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IP_CONFIG",
+ "field_name": "IP_CONFIG",
"object_uuids": [
"00000000-0000-0000-0000-000000000100"
]
},
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "123_url_object",
@@ -659,13 +659,13 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IP_CONFIG",
+ "field_name": "IP_CONFIG",
"object_uuids": [
"00000000-0000-0000-0000-000000000100"
]
},
{
- "attribute_name": "CONTENT_SIZE",
+ "field_name": "CONTENT_SIZE",
"objects": [
{
"object_name": "124_interval_object",
@@ -694,7 +694,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "125_url_object",
@@ -724,7 +724,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "126_url_object",
@@ -743,7 +743,7 @@
]
},
{
- "attribute_name": "CONTENT_SIZE",
+ "field_name": "CONTENT_SIZE",
"object_uuids": [
"00000000-0000-0000-0000-000000000106"
]
@@ -760,7 +760,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_SIGNATURE",
+ "field_name": "HTTP_SIGNATURE",
"objects": [
{
"object_name": "128_expr_object",
@@ -791,7 +791,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "129_url_object",
@@ -821,7 +821,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "130_keywords_object",
@@ -851,7 +851,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "131_keywords_object",
@@ -881,7 +881,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"object_name": "TakeMeHome",
"object_uuid": "00000000-0000-0000-0000-000000000111"
}
@@ -897,7 +897,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "133_host_object",
@@ -927,7 +927,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "134_url_object",
@@ -958,7 +958,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IMAGE_FP",
+ "field_name": "IMAGE_FP",
"objects": [
{
"object_name": "136_expr_object",
@@ -989,7 +989,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IMAGE_FP",
+ "field_name": "IMAGE_FP",
"objects": [
{
"object_name": "137_expr_object",
@@ -1020,7 +1020,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "138_url_object",
@@ -1051,7 +1051,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "139_url_object",
@@ -1081,7 +1081,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "140_keywords_object",
@@ -1113,7 +1113,7 @@
"and_conditions": [
{
"o2r_table_name": "OBJECT2RULE_ALIAS",
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "141_url_object",
@@ -1143,7 +1143,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "142_url_object",
@@ -1173,7 +1173,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL_FILTER",
+ "field_name": "HTTP_URL_FILTER",
"negate_option": false,
"objects": [
{
@@ -1193,7 +1193,7 @@
]
},
{
- "attribute_name": "HTTP_URL_FILTER",
+ "field_name": "HTTP_URL_FILTER",
"negate_option": true,
"objects": [
{
@@ -1224,7 +1224,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL_FILTER",
+ "field_name": "HTTP_URL_FILTER",
"negate_option": false,
"objects": [
{
@@ -1244,7 +1244,7 @@
]
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS",
+ "field_name": "HTTP_RESPONSE_KEYWORDS",
"negate_option": true,
"objects": [
{
@@ -1275,7 +1275,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"negate_option": false,
"objects": [
{
@@ -1295,7 +1295,7 @@
]
},
{
- "attribute_name": "ATTRIBUTE_IP_CONFIG",
+ "field_name": "FIELD_IP_CONFIG",
"negate_option": true,
"object_uuids": [
"00000000-0000-0000-0000-000000000100"
@@ -1313,7 +1313,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL_FILTER",
+ "field_name": "HTTP_URL_FILTER",
"negate_option": false,
"condition_index": 0,
"objects": [
@@ -1334,7 +1334,7 @@
]
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS",
+ "field_name": "HTTP_RESPONSE_KEYWORDS",
"negate_option": true,
"condition_index": 1,
"objects": [
@@ -1355,7 +1355,7 @@
]
},
{
- "attribute_name": "ATTRIBUTE_IP_CONFIG",
+ "field_name": "FIELD_IP_CONFIG",
"negate_option": true,
"condition_index": 2,
"object_uuids": [
@@ -1374,7 +1374,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS_1",
+ "field_name": "HTTP_RESPONSE_KEYWORDS_1",
"negate_option": true,
"condition_index": 0,
"objects": [
@@ -1395,7 +1395,7 @@
]
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS_2",
+ "field_name": "HTTP_RESPONSE_KEYWORDS_2",
"negate_option": true,
"condition_index": 1,
"objects": [
@@ -1416,7 +1416,7 @@
]
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS_3",
+ "field_name": "HTTP_RESPONSE_KEYWORDS_3",
"negate_option": true,
"condition_index": 2,
"objects": [
@@ -1437,7 +1437,7 @@
]
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS_4",
+ "field_name": "HTTP_RESPONSE_KEYWORDS_4",
"negate_option": true,
"condition_index": 3,
"objects": [
@@ -1458,7 +1458,7 @@
]
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS_5",
+ "field_name": "HTTP_RESPONSE_KEYWORDS_5",
"negate_option": true,
"condition_index": 4,
"objects": [
@@ -1479,7 +1479,7 @@
]
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS_6",
+ "field_name": "HTTP_RESPONSE_KEYWORDS_6",
"negate_option": true,
"condition_index": 5,
"objects": [
@@ -1500,7 +1500,7 @@
]
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS_7",
+ "field_name": "HTTP_RESPONSE_KEYWORDS_7",
"negate_option": true,
"condition_index": 6,
"objects": [
@@ -1521,7 +1521,7 @@
]
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS_8",
+ "field_name": "HTTP_RESPONSE_KEYWORDS_8",
"negate_option": true,
"condition_index": 7,
"objects": [
@@ -1553,7 +1553,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "148_url_object",
@@ -1583,7 +1583,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "TROJAN_PAYLOAD",
+ "field_name": "TROJAN_PAYLOAD",
"objects": [
{
"object_name": "billgates_regist1",
@@ -1602,7 +1602,7 @@
]
},
{
- "attribute_name": "TROJAN_PAYLOAD",
+ "field_name": "TROJAN_PAYLOAD",
"objects": [
{
"object_name": "billgates_regist2",
@@ -1632,7 +1632,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "MAIL_ADDR",
+ "field_name": "MAIL_ADDR",
"objects": [
{
"object_name": "151_expr_object",
@@ -1662,13 +1662,13 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "MAIL_ADDR",
+ "field_name": "MAIL_ADDR",
"object_uuids": [
"00000000-0000-0000-0000-000000000141"
]
},
{
- "attribute_name": "CONTENT_SIZE",
+ "field_name": "CONTENT_SIZE",
"object_uuids": [
"00000000-0000-0000-0000-000000000500"
]
@@ -1685,7 +1685,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "MAIL_ADDR",
+ "field_name": "MAIL_ADDR",
"negate_option": false,
"object_uuids": [
"00000000-0000-0000-0000-000000000143",
@@ -1693,7 +1693,7 @@
]
},
{
- "attribute_name": "IP_CONFIG",
+ "field_name": "IP_CONFIG",
"object_uuids": [
"00000000-0000-0000-0000-000000000502"
]
@@ -1710,7 +1710,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"negate_option": false,
"objects": [
{
@@ -1740,7 +1740,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"negate_option": false,
"objects": [
{
@@ -1770,7 +1770,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "TROJAN_PAYLOAD",
+ "field_name": "TROJAN_PAYLOAD",
"objects": [
{
"object_name": "157_expr_object",
@@ -1800,7 +1800,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"objects": [
{
"object_name": "158_IP_object",
@@ -1829,7 +1829,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"objects": [
{
"object_name": "159_IP_object",
@@ -1854,18 +1854,18 @@
"action": 0,
"do_blacklist": 0,
"do_log": 0,
- "action_parameter": "AttributeWithOnePhysical",
+ "action_parameter": "FieldWithOnePhysical",
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS",
+ "field_name": "HTTP_RESPONSE_KEYWORDS",
"negate_option": false,
"object_uuids":[
"00000000-0000-0000-0000-000000000111"
]
},
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"negate_option": false,
"objects": [
{
@@ -1892,11 +1892,11 @@
"action": 0,
"do_blacklist": 0,
"do_log": 0,
- "action_parameter": "OneObjectInTwoAttribute",
+ "action_parameter": "OneObjectInTwoField",
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_REQUEST_HEADER",
+ "field_name": "HTTP_REQUEST_HEADER",
"negate_option": false,
"objects": [
{
@@ -1926,7 +1926,7 @@
]
},
{
- "attribute_name": "HTTP_RESPONSE_HEADER",
+ "field_name": "HTTP_RESPONSE_HEADER",
"negate_option": false,
"object_name": "vt_grp_http_sig2"
}
@@ -1942,7 +1942,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "164_keywords_object",
@@ -1973,7 +1973,7 @@
"evaluation_order": "2.111",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "165_url_object",
@@ -1992,7 +1992,7 @@
]
},
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"negate_option": false,
"objects": [
{
@@ -2023,7 +2023,7 @@
"evaluation_order": "100.233",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "166_url_object",
@@ -2054,14 +2054,14 @@
"evaluation_order": "300.999",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"condition_index": 1,
"object_uuids": [
"00000000-0000-0000-0000-000000000158"
]
},
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"object_uuids": [
"00000000-0000-0000-0000-000000000158"
],
@@ -2080,14 +2080,14 @@
"evaluation_order": "0",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"object_uuids": [
"00000000-0000-0000-0000-000000000158"
],
"condition_index": 2
},
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"object_uuids": [
"00000000-0000-0000-0000-000000000158"
],
@@ -2105,7 +2105,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"condition_index": 0,
"negate_option": false,
"objects": [
@@ -2132,15 +2132,15 @@
"action": 0,
"do_blacklist": 0,
"do_log": 0,
- "action_parameter": "IPScan.IPv4_attribute_name.source",
+ "action_parameter": "IPScan.IPv4_field_name.source",
"is_valid": "no",
"and_conditions": [
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"negate_option": false,
"objects": [
{
- "object_name": "ipv4_attribute_name.source",
+ "object_name": "ipv4_field_name.source",
"uuid": "00000000-0000-0000-0000-000000000161",
"items": [
{
@@ -2162,15 +2162,15 @@
"action": 0,
"do_blacklist": 0,
"do_log": 0,
- "action_parameter": "IPScan.IPv4_attribute_name.destination",
+ "action_parameter": "IPScan.IPv4_field_name.destination",
"is_valid": "no",
"and_conditions": [
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"negate_option": false,
"objects": [
{
- "object_name": "ipv4_attribute_name.destination",
+ "object_name": "ipv4_field_name.destination",
"uuid": "00000000-0000-0000-0000-000000000162",
"items": [
{
@@ -2196,7 +2196,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "ASN_NOT_LOGIC",
+ "field_name": "ASN_NOT_LOGIC",
"negate_option": true,
"object_uuids": [
"00000000-0000-0000-0000-000000000001",
@@ -2206,7 +2206,7 @@
"condition_index": 0
},
{
- "attribute_name": "DESTINATION_IP_ASN",
+ "field_name": "DESTINATION_IP_ASN",
"negate_option": false,
"object_uuids": [
"00000000-0000-0000-0000-000000000002"
@@ -2225,7 +2225,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "SOURCE_IP_ASN",
+ "field_name": "SOURCE_IP_ASN",
"object_uuids": [
"00000000-0000-0000-0000-000000000001",
"00000000-0000-0000-0000-000000000003",
@@ -2235,7 +2235,7 @@
"condition_index": 0
},
{
- "attribute_name": "DESTINATION_IP_ASN",
+ "field_name": "DESTINATION_IP_ASN",
"negate_option": false,
"object_uuids": [
"00000000-0000-0000-0000-000000000002"
@@ -2257,7 +2257,7 @@
"negate_option": false,
"or_conditions":[
{
- "attribute_name": "SOURCE_IP_ASN",
+ "field_name": "SOURCE_IP_ASN",
"object_uuids": [
"00000000-0000-0000-0000-000000000001",
"00000000-0000-0000-0000-000000000003",
@@ -2265,7 +2265,7 @@
]
},
{
- "attribute_name": "SOURCE_IP_GEO",
+ "field_name": "SOURCE_IP_GEO",
"object_uuids": [
"00000000-0000-0000-0000-000000000015"
]
@@ -2273,7 +2273,7 @@
]
},
{
- "attribute_name": "IP_CONFIG",
+ "field_name": "IP_CONFIG",
"negate_option": false,
"object_uuids": [
"00000000-0000-0000-0000-000000000012"
@@ -2295,7 +2295,7 @@
"negate_option": true,
"or_conditions": [
{
- "attribute_name": "SOURCE_IP_ASN",
+ "field_name": "SOURCE_IP_ASN",
"object_uuids": [
"00000000-0000-0000-0000-000000000001",
"00000000-0000-0000-0000-000000000003",
@@ -2303,7 +2303,7 @@
]
},
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"object_uuids": [
"00000000-0000-0000-0000-000000000014"
]
@@ -2311,7 +2311,7 @@
]
},
{
- "attribute_name": "SOURCE_IP_GEO",
+ "field_name": "SOURCE_IP_GEO",
"negate_option": false,
"object_uuids": [
"00000000-0000-0000-0000-000000000015"
@@ -2329,7 +2329,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "182_keywords_object",
@@ -2360,7 +2360,7 @@
"service": 0,
"and_conditions": [
{
- "attribute_name": "IP_CONFIG",
+ "field_name": "IP_CONFIG",
"objects": [
{
"object_name": "184_IP_object",
@@ -2385,14 +2385,14 @@
"action": 1,
"do_blacklist": 1,
"do_log": 1,
- "action_parameter": "NOTLogic.SameAttributeInMultiCondition",
+ "action_parameter": "NOTLogic.SameFieldInMultiCondition",
"is_valid": "yes",
"and_conditions": [
{
"negate_option": true,
"or_conditions": [
{
- "attribute_name": "DESTINATION_IP_ASN",
+ "field_name": "DESTINATION_IP_ASN",
"object_uuids": [
"00000000-0000-0000-0000-000000000001",
"00000000-0000-0000-0000-000000000003",
@@ -2400,7 +2400,7 @@
]
},
{
- "attribute_name": "SOURCE_IP_GEO",
+ "field_name": "SOURCE_IP_GEO",
"object_uuids": [
"00000000-0000-0000-0000-000000000015"
]
@@ -2408,7 +2408,7 @@
]
},
{
- "attribute_name": "DESTINATION_IP_ASN",
+ "field_name": "DESTINATION_IP_ASN",
"negate_option": true,
"object_uuids": [
"00000000-0000-0000-0000-000000000005"
@@ -2416,7 +2416,7 @@
"condition_index": 1
},
{
- "attribute_name": "DESTINATION_IP_ASN",
+ "field_name": "DESTINATION_IP_ASN",
"negate_option": false,
"object_uuids": [
"00000000-0000-0000-0000-000000000006"
@@ -2424,7 +2424,7 @@
"condition_index": 2
},
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"negate_option": false,
"object_uuids": [
"00000000-0000-0000-0000-000000000013"
@@ -2443,7 +2443,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL_FILTER",
+ "field_name": "HTTP_URL_FILTER",
"negate_option": true,
"objects": [
{
@@ -2463,7 +2463,7 @@
]
},
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"negate_option": false,
"objects": [
{
@@ -2493,7 +2493,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL_FILTER",
+ "field_name": "HTTP_URL_FILTER",
"negate_option": true,
"objects": [
{
@@ -2513,7 +2513,7 @@
]
},
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"negate_option": false,
"objects": [
{
@@ -2543,7 +2543,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL_FILTER",
+ "field_name": "HTTP_URL_FILTER",
"negate_option": true,
"objects": [
{
@@ -2563,7 +2563,7 @@
]
},
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"negate_option": false,
"objects": [
{
@@ -2593,7 +2593,7 @@
"action_parameter": "StringScan.ShouldNotHitExprPlus",
"and_conditions": [
{
- "attribute_name": "APP_PAYLOAD",
+ "field_name": "APP_PAYLOAD",
"objects": [
{
"object_name": "189_app_object",
@@ -2624,7 +2624,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "191_keywords_object",
@@ -2654,7 +2654,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "FLAG_CONFIG",
+ "field_name": "FLAG_CONFIG",
"objects": [
{
"object_name": "192_flag_object",
@@ -2684,7 +2684,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "FLAG_CONFIG",
+ "field_name": "FLAG_CONFIG",
"objects": [
{
"object_name": "193_flag_object",
@@ -2703,7 +2703,7 @@
]
},
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "193_url_object",
@@ -2733,7 +2733,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "FLAG_CONFIG",
+ "field_name": "FLAG_CONFIG",
"objects": [
{
"object_name": "194_flag_object",
@@ -2763,7 +2763,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "197_url_object",
@@ -2795,7 +2795,7 @@
"and_conditions": [
{
"o2r_table_name": "OBJECT2RULE_FIREWALL",
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "198_url_object",
@@ -2825,7 +2825,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"object_name": "ExcludeLogicObject199",
"object_uuids": [
"00000000-0000-0000-0000-000000000503"
@@ -2843,7 +2843,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"object_uuids": [
"00000000-0000-0000-0000-000000000504"
]
@@ -2860,7 +2860,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "ATTRIBUTE_IP_PLUS_TABLE",
+ "field_name": "FIELD_IP_PLUS_TABLE",
"object_name": "ExcludeLogicObject202",
"object_uuids": [
"00000000-0000-0000-0000-000000000505"
@@ -2879,7 +2879,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "ATTRIBUTE_IP_PLUS_SOURCE",
+ "field_name": "FIELD_IP_PLUS_SOURCE",
"objects": [
{
"object_name": "ExcludeLogicObject203_1",
@@ -2897,7 +2897,7 @@
]
},
{
- "attribute_name": "ATTRIBUTE_IP_PLUS_DESTINATION",
+ "field_name": "FIELD_IP_PLUS_DESTINATION",
"objects": [
{
"object_name": "ExcludeLogicObject203_2",
@@ -2915,7 +2915,7 @@
]
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS",
+ "field_name": "HTTP_RESPONSE_KEYWORDS",
"object_name": "ExcludeLogicObject203_3",
"object_uuids": [
"00000000-0000-0000-0000-000000000506"
@@ -2933,7 +2933,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "ATTRIBUTE_IP_PLUS_SOURCE",
+ "field_name": "FIELD_IP_PLUS_SOURCE",
"objects": [
{
"object_name": "ExcludeLogicObject204_1",
@@ -2951,7 +2951,7 @@
]
},
{
- "attribute_name": "ATTRIBUTE_IP_PLUS_DESTINATION",
+ "field_name": "FIELD_IP_PLUS_DESTINATION",
"objects": [
{
"object_name": "ExcludeLogicObject204_2",
@@ -2969,7 +2969,7 @@
]
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS",
+ "field_name": "HTTP_RESPONSE_KEYWORDS",
"object_uuids": [
"00000000-0000-0000-0000-000000000508"
]
@@ -2986,7 +2986,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "205_keywords_object",
@@ -3016,7 +3016,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "206_keywords_object",
@@ -3046,7 +3046,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "FLAG_CONFIG",
+ "field_name": "FLAG_CONFIG",
"objects": [
{
"object_name": "207_flag_object",
@@ -3076,7 +3076,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"negate_option": false,
"objects": [
{
@@ -3106,7 +3106,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"objects": [
{
"object_name": "210_IP_object",
@@ -3135,7 +3135,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IP_PERF_CONFIG",
+ "field_name": "IP_PERF_CONFIG",
"negate_option": false,
"objects": [
{
@@ -3165,7 +3165,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "INTEGER_PERF_CONFIG",
+ "field_name": "INTEGER_PERF_CONFIG",
"objects": [
{
"object_name": "212_interval_object",
@@ -3194,7 +3194,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "EXPR_LITERAL_PERF_CONFIG",
+ "field_name": "EXPR_LITERAL_PERF_CONFIG",
"objects": [
{
"object_name": "213_expr_object",
@@ -3224,7 +3224,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "FLAG_PERF_CONFIG",
+ "field_name": "FLAG_PERF_CONFIG",
"objects": [
{
"object_name": "214_flag_object",
@@ -3254,7 +3254,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "EXPR_REGEX_PERF_CONFIG",
+ "field_name": "EXPR_REGEX_PERF_CONFIG",
"objects": [
{
"object_name": "215_expr_object",
@@ -3284,7 +3284,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL_FILTER",
+ "field_name": "HTTP_URL_FILTER",
"negate_option": false,
"object_uuids": [
"00000000-0000-0000-0000-000000000504"
@@ -3292,7 +3292,7 @@
"condition_index": 0
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS",
+ "field_name": "HTTP_RESPONSE_KEYWORDS",
"negate_option": true,
"condition_index": 1,
"objects": [
@@ -3324,7 +3324,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL_FILTER",
+ "field_name": "HTTP_URL_FILTER",
"negate_option": true,
"object_uuids": [
"00000000-0000-0000-0000-000000000509"
@@ -3332,7 +3332,7 @@
"condition_index": 0
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS",
+ "field_name": "HTTP_RESPONSE_KEYWORDS",
"negate_option": false,
"condition_index": 1,
"objects": [
@@ -3364,7 +3364,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "CONTENT_SIZE",
+ "field_name": "CONTENT_SIZE",
"objects": [
{
"object_name": "218_interval_object",
@@ -3393,7 +3393,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_DUMMY",
+ "field_name": "HTTP_DUMMY",
"negate_option": false,
"condition_index": 0,
"objects": [
@@ -3414,7 +3414,7 @@
]
},
{
- "attribute_name": "HTTP_DUMMY",
+ "field_name": "HTTP_DUMMY",
"negate_option": true,
"condition_index": 1,
"objects": [
@@ -3435,7 +3435,7 @@
]
},
{
- "attribute_name": "HTTP_DUMMY",
+ "field_name": "HTTP_DUMMY",
"negate_option": true,
"condition_index": 2,
"objects": [
@@ -3456,7 +3456,7 @@
]
},
{
- "attribute_name": "HTTP_DUMMY",
+ "field_name": "HTTP_DUMMY",
"negate_option": true,
"condition_index": 3,
"objects": [
@@ -3477,7 +3477,7 @@
]
},
{
- "attribute_name": "HTTP_DUMMY",
+ "field_name": "HTTP_DUMMY",
"negate_option": true,
"condition_index": 4,
"objects": [
@@ -3498,7 +3498,7 @@
]
},
{
- "attribute_name": "HTTP_DUMMY",
+ "field_name": "HTTP_DUMMY",
"negate_option": true,
"condition_index": 5,
"objects": [
@@ -3519,7 +3519,7 @@
]
},
{
- "attribute_name": "HTTP_DUMMY",
+ "field_name": "HTTP_DUMMY",
"negate_option": true,
"condition_index": 6,
"objects": [
@@ -3540,7 +3540,7 @@
]
},
{
- "attribute_name": "HTTP_DUMMY",
+ "field_name": "HTTP_DUMMY",
"negate_option": true,
"condition_index": 7,
"objects": [
@@ -3572,7 +3572,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_DUMMY",
+ "field_name": "HTTP_DUMMY",
"negate_option": false,
"condition_index": 0,
"objects": [
@@ -3593,7 +3593,7 @@
]
},
{
- "attribute_name": "HTTP_DUMMY",
+ "field_name": "HTTP_DUMMY",
"negate_option": true,
"condition_index": 1,
"objects": [
@@ -3614,7 +3614,7 @@
]
},
{
- "attribute_name": "HTTP_DUMMY",
+ "field_name": "HTTP_DUMMY",
"negate_option": true,
"condition_index": 2,
"objects": [
@@ -3646,7 +3646,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_NOT_LOGIC_1",
+ "field_name": "HTTP_NOT_LOGIC_1",
"negate_option": true,
"condition_index": 0,
"objects": [
@@ -3678,7 +3678,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_NOT_LOGIC",
+ "field_name": "HTTP_NOT_LOGIC",
"negate_option": true,
"condition_index": 0,
"objects": [
@@ -3699,7 +3699,7 @@
]
},
{
- "attribute_name": "HTTP_NOT_LOGIC",
+ "field_name": "HTTP_NOT_LOGIC",
"negate_option": true,
"condition_index": 1,
"objects": [
@@ -3720,7 +3720,7 @@
]
},
{
- "attribute_name": "HTTP_NOT_LOGIC",
+ "field_name": "HTTP_NOT_LOGIC",
"negate_option": true,
"condition_index": 2,
"objects": [
@@ -3752,7 +3752,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"negate_option": true,
"condition_index": 0,
"objects": [
@@ -3773,7 +3773,7 @@
]
},
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS",
+ "field_name": "HTTP_RESPONSE_KEYWORDS",
"negate_option": false,
"condition_index": 1,
"objects": [
@@ -3805,7 +3805,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"negate_option": false,
"condition_index": 0,
"objects": [
@@ -3837,7 +3837,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"object_name": "226_url_object",
"object_uuids": [
"00000000-0000-0000-0000-000000000247"
@@ -3855,7 +3855,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"negate_option": false,
"condition_index": 1,
"objects": [
@@ -3876,7 +3876,7 @@
]
},
{
- "attribute_name": "ATTRIBUTE_IP_CONFIG",
+ "field_name": "FIELD_IP_CONFIG",
"negate_option": true,
"condition_index": 2,
"objects": [
@@ -3907,7 +3907,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_URL",
+ "field_name": "HTTP_URL",
"objects": [
{
"object_name": "229_url_object",
@@ -3937,7 +3937,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"objects": [
{
"object_name": "230_IP_object",
@@ -3967,7 +3967,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"objects": [
{
"object_name": "231_IP_object",
@@ -3997,7 +3997,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "IP_PLUS_CONFIG",
+ "field_name": "IP_PLUS_CONFIG",
"objects": [
{
"object_name": "232_IP_object",
@@ -4027,7 +4027,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "HTTP_RESPONSE_KEYWORDS",
+ "field_name": "HTTP_RESPONSE_KEYWORDS",
"object_name": "233_url_object",
"object_uuids": [
"00000000-0000-0000-0000-000000000259"
@@ -4045,7 +4045,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"negate_option": false,
"condition_index": 0,
"objects": [
@@ -4077,7 +4077,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"negate_option": false,
"condition_index": 0,
"objects": [
@@ -4109,7 +4109,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "236_keywords_object",
@@ -4139,7 +4139,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "237_keywords_object",
@@ -4193,7 +4193,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "238_keywords_object",
@@ -4223,7 +4223,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "239_keywords_object",
@@ -4253,7 +4253,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "240_keywords_object",
@@ -4283,7 +4283,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "241_keywords_object",
@@ -4313,7 +4313,7 @@
"is_valid": "yes",
"and_conditions": [
{
- "attribute_name": "KEYWORDS_TABLE",
+ "field_name": "KEYWORDS_TABLE",
"objects": [
{
"object_name": "242_keywords_object",
diff --git a/test/table_info.json b/test/table_info.json
index c038366..16efd66 100644
--- a/test/table_info.json
+++ b/test/table_info.json
@@ -68,7 +68,7 @@
"table_id":11,
"table_name":"KEYWORDS_TABLE",
"table_type":"expr",
- "schema_tag": "{\"http_response_keywords\": \"attribute\"}"
+ "schema_tag": "{\"http_response_keywords\": \"field\"}"
},
{
"table_id":12,
@@ -155,7 +155,7 @@
"table_id":24,
"table_name":"IP_PLUS_CONFIG",
"table_type":"ip",
- "schema_tag": "{\"attribute_ip_plus_table\": \"attribute\"}"
+ "schema_tag": "{\"field_ip_plus_table\": \"field\"}"
},
{
"table_id":29,
diff --git a/test/test_utils.cpp b/test/test_utils.cpp
index 946935c..63cbb87 100644
--- a/test/test_utils.cpp
+++ b/test/test_utils.cpp
@@ -155,7 +155,7 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
cJSON_AddItemToArray(object_uuids_array, cJSON_CreateString(and_conditions[i].or_conditions[j].object_uuids_str[k]));
}
cJSON_AddItemToObject(or_condition, "object_uuids", object_uuids_array);
- cJSON_AddStringToObject(or_condition, "attribute_name", and_conditions[i].or_conditions[j].attribute_name);
+ cJSON_AddStringToObject(or_condition, "field_name", and_conditions[i].or_conditions[j].field_name);
cJSON_AddItemToArray(or_conditions_array, or_condition);
}
diff --git a/test/test_utils.h b/test/test_utils.h
index bf35708..1711fe5 100644
--- a/test/test_utils.h
+++ b/test/test_utils.h
@@ -8,7 +8,7 @@
struct maat_cmd_or_condition {
const char *object_uuids_str[8];
int object_num;
- const char *attribute_name;
+ const char *field_name;
};
struct maat_cmd_and_condition {