diff --git a/test/maat_json.json b/test/maat_json.json index 59423b3..036947a 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -2106,7 +2106,59 @@ "not_flag":1 } ] - } + }, + { + "compile_id": 186, + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.ScanHitAtLast", + "is_valid": "yes", + "groups": [ + { + "not_flag":1, + "regions": [ + { + "table_name": "HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "must-not-contained-string-of-rule-186", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + }, + { + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "saddr_format": "CIDR", + "src_ip1": "10.0.8.18", + "src_ip2": "10.0.8.18", + "sport_format": "range", + "src_port1": "18611", + "src_port2": "18611", + "daddr_format": "range", + "dst_ip1": "10.0.8.20", + "dst_ip2": "10.0.8.20", + "dport_format": "range", + "dst_port1": "80", + "dst_port2": "80", + "protocol": 6, + "direction": "single" + } + } + ], + "not_flag" : 0 + } + ] + } ], "plugin_table": [ { diff --git a/test/test_maatframe.cpp b/test/test_maatframe.cpp index a1f9dbe..da3449d 100644 --- a/test/test_maatframe.cpp +++ b/test/test_maatframe.cpp @@ -762,8 +762,7 @@ TEST(IPScan, IPv6_mask) table_id=Maat_table_register(g_feather,table_name); EXPECT_GT(table_id, 0); - //for improving performance. - Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_LAST_REGION,NULL, 0); + Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_LAST_REGION, NULL, 0); ret=Maat_scan_proto_addr(g_feather,table_id,&ipv6_addr,6,result,4, &mid,0); EXPECT_EQ(ret, -2); Maat_clean_status(&mid); @@ -1111,9 +1110,48 @@ TEST(NOTLogic, ScanIrrelavantAtLast) result,found_pos, 4, &mid, 0); EXPECT_EQ(ret, 1); + EXPECT_EQ(result[0].config_id, 144); Maat_clean_status(&mid); } +TEST(NOTLogic, ScanHitAtLast) +{ + const char* string_should_not_hit="This string should not hit."; + int ret=0; + int table_id=0; + struct Maat_rule_t result[4]; + int found_pos[4]; + const char* not_hit_table_name="HTTP_URL", *hit_table_name="IP_PLUS_CONFIG"; + scan_status_t mid=NULL; + table_id=Maat_table_register(g_feather, not_hit_table_name); + ASSERT_GT(table_id, 0); + + ret=Maat_full_scan_string(g_feather, table_id, CHARSET_GBK, string_should_not_hit, strlen(string_should_not_hit), + result, found_pos, 4, &mid, 0); + EXPECT_GE(ret, 0); + + struct ipaddr ipv4_addr; + struct stream_tuple4_v4 v4_addr; + ipv4_addr.addrtype=ADDR_TYPE_IPV4; + inet_pton(AF_INET,"10.0.8.18",&(v4_addr.saddr)); + v4_addr.source=htons(18611); + inet_pton(AF_INET,"10.0.8.20",&(v4_addr.daddr)); + v4_addr.dest=htons(80); + ipv4_addr.v4=&v4_addr; + + table_id=Maat_table_register(g_feather, hit_table_name); + ASSERT_GT(table_id, 0); + + Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_LAST_REGION, NULL, 0); + ret=Maat_scan_proto_addr(g_feather, table_id, &ipv4_addr, 6, result, 4, &mid,0); + + + EXPECT_EQ(ret, 1); + EXPECT_EQ(result[0].config_id, 186); + Maat_clean_status(&mid); + +} + TEST(NOTLogic, ScanNotIP) { const char* string_should_hit="This string ONLY contains must-contained-string-of-rule-145.";