策略中的district与扫描时设置的district不一致时命中了策略

2021-10-11 14:57:18 +08:00
parent c84fb97aae
commit a2f2adc82a
2 changed files with 64 additions and 0 deletions
--- a/test/maat_json.json
+++ b/test/maat_json.json
@@ -2262,6 +2262,34 @@
                    "not_flag": 0
                }
            ]
+        },
+        {
+            "is_valid": "yes",
+            "do_log": 0,
+            "effective_rage": 0,
+            "action": 0,
+            "compile_id": 189,
+            "service": 0,
+            "do_blacklist": 0,
+            "user_region": "StringScan.ShouldNotHitExprPlus",
+            "groups": [
+                {
+                    "regions": [
+                        {
+                            "table_name": "APP_PAYLOAD",
+                            "table_content": {
+                                "format": "hexbin",
+                                "match_method": "sub",
+                                "district": "tcp.payload.c2s_first_data",
+                                "keywords": "ab00",
+                                "expr_type": "none"
+                            },
+                            "table_type": "expr_plus"
+                        }
+                    ],
+                    "group_name": "Untitled"
+                }
+            ]
        }
    ],
    "plugin_table": [
--- a/test/test_maatframe.cpp
+++ b/test/test_maatframe.cpp
@@ -646,6 +646,42 @@ TEST(StringScan, ExprPlusWithOffset)
 	return;
 }

+TEST(StringScan, ShouldNotHitExprPlus)
+{
+	int ret=0, table_id=0;
+	struct Maat_rule_t result[4];
+	scan_status_t mid=NULL;
+	const char* region_name="tcp.payload";
+	unsigned char udp_payload_not_hit[] = { /* Stun packet */
+							0x00, 0x03, 0x00, 0x4a, 0x21, 0x12, 0xa4, 0x42, 
+							0x4f, 0xc2, 0xc2, 0x70, 0xb3, 0xa8, 0x4e, 0x22, 
+							0xf5, 0x22, 0x87, 0x4c, 0x40, 0x00, 0x00, 0x46, 
+							0x03, 0x02, 0xab, 0x39, 0xbb, 0x97, 0xe5, 0x01, 
+							0x3a, 0x46, 0x1c, 0x28, 0x5b, 0xab, 0xfa, 0x9a, 
+							0xab, 0x2e, 0x71, 0x39, 0x66, 0xa0, 0xd7, 0xb9, 
+							0xd8, 0x41, 0xa7, 0xa0, 0x84, 0xa9, 0xf3, 0x1b, 
+							0x03, 0x7f, 0xa8, 0x28, 0xa2, 0xd3, 0x64, 0xc2, 
+							0x3d, 0x20, 0xe0, 0xb1, 0x41, 0x12, 0x6c, 0x2f, 
+							0xc5, 0xbb, 0xc3, 0xba, 0x69, 0x73, 0x52, 0x64, 
+							0xf6, 0x30, 0x81, 0xf4, 0x3f, 0xc2, 0x19, 0x6a, 
+							0x68, 0x61, 0x93, 0x08, 0xc0, 0x0a, 0xab, 0x00 };
+
+	memset(&result, 0, sizeof(result));
+	table_id=Maat_table_register(g_feather, "APP_PAYLOAD");
+	ASSERT_GT(table_id, 0);
+	ret=Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_DISTRICT, region_name, strlen(region_name));
+	EXPECT_EQ(ret, 0);
+
+	ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, (char*)udp_payload_not_hit, sizeof(udp_payload_not_hit), 
+						result, NULL, 4,
+						&mid, 0);
+	EXPECT_EQ(ret, 0);
+	
+	Maat_clean_status(&mid);
+	return;
+}
+
+
 TEST(StringScan, ExprPlusWithHex)
 {
 	int table_id=0,ret=0;