diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index c1c9283..fa01ec8 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -6471,6 +6471,80 @@ TEST_F(Policy, EvaluationOrder) { maat_state_free(state); } +TEST_F(Policy, NotClauseHitPath) { + const char *url_table_name = "HTTP_URL"; + const char *ip_table_name = "VIRTUAL_IP_CONFIG"; + const char *url = "www.youtube.com"; + long long results[ARRAY_SIZE] = {0}; + size_t n_hit_result = 0; + int thread_id = 0; + struct maat *maat_inst = Policy::_shared_maat_inst; + struct maat_state *state = maat_state_new(maat_inst, thread_id); + + int url_table_id = maat_get_table_id(maat_inst, url_table_name); + ASSERT_GT(url_table_id, 0); + + int ret = maat_scan_string(maat_inst, url_table_id, url, strlen(url), + results, ARRAY_SIZE, &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); + + int ip_table_id = maat_get_table_id(maat_inst, ip_table_name); + ASSERT_GT(ip_table_id, 0); + + uint32_t ip_addr; + inet_pton(AF_INET, "192.168.101.101", &ip_addr); + uint16_t port = htons(65530); + + ret = maat_scan_ipv4(maat_inst, ip_table_id, ip_addr, port, 6, results, + ARRAY_SIZE, &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_OK); + + ret = maat_scan_not_logic(maat_inst, ip_table_id, results, ARRAY_SIZE, + &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(n_hit_result, 1); + EXPECT_EQ(results[0], 228); + + struct maat_hit_path hit_path[128]; + memset(hit_path, 0, sizeof(hit_path)); + size_t n_hit_path = maat_state_get_hit_paths(state, hit_path, 128); + EXPECT_EQ(n_hit_path, 4); + + EXPECT_EQ(hit_path[0].Nth_scan, 1); + EXPECT_EQ(hit_path[0].vtable_id, url_table_id); + EXPECT_EQ(hit_path[0].NOT_flag, 0); + EXPECT_EQ(hit_path[0].clause_index, 1); + EXPECT_EQ(hit_path[0].sub_group_id, 249); + EXPECT_EQ(hit_path[0].top_group_id, 249); + EXPECT_EQ(hit_path[0].compile_id, 228); + + EXPECT_EQ(hit_path[1].Nth_scan, 2); + EXPECT_EQ(hit_path[1].vtable_id, ip_table_id); + EXPECT_EQ(hit_path[1].NOT_flag, 1); + EXPECT_EQ(hit_path[1].clause_index, -1); + EXPECT_EQ(hit_path[1].sub_group_id, 100); + EXPECT_EQ(hit_path[1].top_group_id, 144); + EXPECT_EQ(hit_path[1].compile_id, -1); + + EXPECT_EQ(hit_path[2].Nth_scan, 2); + EXPECT_EQ(hit_path[2].vtable_id, ip_table_id); + EXPECT_EQ(hit_path[2].NOT_flag, 1); + EXPECT_EQ(hit_path[2].clause_index, -1); + EXPECT_EQ(hit_path[2].sub_group_id, 100); + EXPECT_EQ(hit_path[2].top_group_id, -1); + EXPECT_EQ(hit_path[2].compile_id, -1); + + EXPECT_EQ(hit_path[3].Nth_scan, 2); + EXPECT_EQ(hit_path[3].vtable_id, ip_table_id); + EXPECT_EQ(hit_path[3].NOT_flag, 1); + EXPECT_EQ(hit_path[3].clause_index, 2); + EXPECT_EQ(hit_path[3].sub_group_id, 250); + EXPECT_EQ(hit_path[3].top_group_id, 250); + EXPECT_EQ(hit_path[3].compile_id, 228); + + maat_state_free(state); +} + TEST_F(Policy, ReadColumn) { const char *ip = "192.168.0.1"; const char *tmp = "something"; diff --git a/test/maat_json.json b/test/maat_json.json index a3c7f4e..30c6872 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -4164,6 +4164,59 @@ "g2c_table_name": "GROUP2COMPILE_FIREWALL" } ] + }, + { + "compile_id": 228, + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NotClauseHitPath", + "is_valid": "yes", + "groups": [ + { + "virtual_table": "HTTP_URL", + "group_name": "228_url_group", + "group_id": 249, + "not_flag": 0, + "clause_index": 1, + "regions": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "youtube.com", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + }, + { + "virtual_table": "VIRTUAL_IP_CONFIG", + "group_name": "228_IP_group", + "group_id": 250, + "not_flag": 1, + "clause_index": 2, + "regions": [ + { + "table_name": "IP_CONFIG", + "table_type": "ip_plus", + "table_content": { + "addr_type": "ipv4", + "addr_format": "mask", + "ip1": "192.168.101.102", + "ip2": "255.255.255.255", + "port_format": "range", + "port1": "0", + "port2": "65535", + "protocol": 6 + } + } + ] + } + ] } ], "plugin_table": [