From c84fb97aaeed8feca0c6abed850a5a59b47daa4e Mon Sep 17 00:00:00 2001 From: liuxueli Date: Fri, 20 Aug 2021 14:44:09 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A6=82=E6=9E=9C=E6=89=AB=E6=8F=8F=E6=97=A0?= =?UTF-8?q?=E8=A7=84=E5=88=99=E6=95=B0=E5=80=BC=E7=B1=BB=E5=9E=8B=E7=9A=84?= =?UTF-8?q?table=E6=97=B6=E7=9B=B4=E6=8E=A5=E8=BF=94=E5=9B=9E=EF=BC=8C?= =?UTF-8?q?=E5=AF=BC=E8=87=B4=E6=9C=AA=E8=BF=9B=E8=A1=8C=E9=9D=9E=E8=A1=A8?= =?UTF-8?q?=E8=BE=BE=E5=BC=8F=E7=9A=84=E8=BF=90=E7=AE=97=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/entry/Maat_api.cpp | 58 +++++++-------- test/maat_json.json | 160 +++++++++++++++++++++++++++++++++------- test/table_info.conf | 4 +- test/test_maatframe.cpp | 96 +++++++++++++++++++++++- 4 files changed, 257 insertions(+), 61 deletions(-) diff --git a/src/entry/Maat_api.cpp b/src/entry/Maat_api.cpp index c940a7b..142e059 100644 --- a/src/entry/Maat_api.cpp +++ b/src/entry/Maat_api.cpp @@ -1544,39 +1544,37 @@ int Maat_scan_intval(Maat_feather_t feather,int table_id return 0; } struct Maat_table_runtime* table_rt=Maat_table_runtime_get(my_scanner->table_rt_mgr, p_table->table_id); + if(table_rt->origin_rule_num>0) // Even no rule in table, we still need to search for NOT compile. + { + if(p_table->table_type==TABLE_TYPE_INTERVAL_PLUS&&(_mid==NULL||_mid->is_set_district!=1)) + { + _feather->scan_err_cnt++; + return -1; + } + + intval_scan_data.rule_type=RULETYPE_INT; + intval_scan_data.sub_type=make_sub_type(p_table->table_id, CHARSET_NONE, 0); + intval_scan_data.int_data=intval; -// Even no rule in table, we still need to search for NOT compile. -// if(table_rt->origin_rule_num==0) -// { -// return 0; -// } - if(p_table->table_type==TABLE_TYPE_INTERVAL_PLUS&&(_mid==NULL||_mid->is_set_district!=1)) - { - _feather->scan_err_cnt++; - return -1; - } - - intval_scan_data.rule_type=RULETYPE_INT; - intval_scan_data.sub_type=make_sub_type(p_table->table_id, CHARSET_NONE, 0); - intval_scan_data.int_data=intval; + alignment_int64_array_add(_feather->thread_call_cnt, thread_num, 1); - alignment_int64_array_add(_feather->thread_call_cnt, thread_num, 1); + region_result=my_scanner->region_rslt_buff+MAX_SCANNER_HIT_NUM*thread_num; + + INC_SCANNER_REF(my_scanner,thread_num); + region_ret=rulescan_search(my_scanner->region, thread_num, &intval_scan_data, region_result, MAX_SCANNER_HIT_NUM); + if(region_ret>0&&p_table->table_type==TABLE_TYPE_INTERVAL_PLUS) + { + district_id=_mid->district_id; + } + if(region_ret<0) + { + DEC_SCANNER_REF(my_scanner, thread_num); + _feather->scan_err_cnt++; + return -1; + } + } - region_result=my_scanner->region_rslt_buff+MAX_SCANNER_HIT_NUM*thread_num; - - INC_SCANNER_REF(my_scanner,thread_num); - region_ret=rulescan_search(my_scanner->region, thread_num, &intval_scan_data, region_result, MAX_SCANNER_HIT_NUM); - if(region_ret>0&&p_table->table_type==TABLE_TYPE_INTERVAL_PLUS) - { - district_id=_mid->district_id; - } - if(region_ret<0) - { - DEC_SCANNER_REF(my_scanner, thread_num); - _feather->scan_err_cnt++; - return -1; - } - else if(region_ret>0 || scan_status_should_compile_NOT(_mid)) + if(region_ret>0 || scan_status_should_compile_NOT(_mid)) { if(region_ret>0) { diff --git a/test/maat_json.json b/test/maat_json.json index 036947a..59b37da 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -2085,28 +2085,28 @@ } ] }, - { - "compile_id": 185, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "ipv4_composition.NOT_match", - "is_valid": "yes", - "groups": [ - { - "group_name":"IPv4-composition-NOT-client-ip", - "virtual_table":"COMPOSITION_IP_SOURCE", - "not_flag":0 - }, - { - "group_name":"IPv4-composition-NOT-server-ip", - "virtual_table":"COMPOSITION_IP_DESTINATION", - "not_flag":1 - } - ] - }, + { + "compile_id": 185, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "ipv4_composition.NOT_match", + "is_valid": "yes", + "groups": [ + { + "group_name":"IPv4-composition-NOT-client-ip", + "virtual_table":"COMPOSITION_IP_SOURCE", + "not_flag":0 + }, + { + "group_name":"IPv4-composition-NOT-server-ip", + "virtual_table":"COMPOSITION_IP_DESTINATION", + "not_flag":1 + } + ] + }, { "compile_id": 186, "service": 1, @@ -2117,7 +2117,7 @@ "is_valid": "yes", "groups": [ { - "not_flag":1, + "not_flag": 1, "regions": [ { "table_name": "HTTP_URL", @@ -2138,9 +2138,9 @@ "table_name": "IP_PLUS_CONFIG", "table_content": { "addr_type": "ipv4", - "saddr_format": "CIDR", - "src_ip1": "10.0.8.18", - "src_ip2": "10.0.8.18", + "saddr_format": "range", + "src_ip1": "10.0.8.186", + "src_ip2": "10.0.8.186", "sport_format": "range", "src_port1": "18611", "src_port2": "18611", @@ -2153,9 +2153,113 @@ "protocol": 6, "direction": "single" } - } + } ], - "not_flag" : 0 + "not_flag": 0 + } + ] + }, + { + "compile_id": 187, + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.ScanHitAtLast", + "is_valid": "yes", + "groups": [ + { + "not_flag": 1, + "regions": [ + { + "table_name": "HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "must-not-contained-string-of-rule-187", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + }, + { + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "saddr_format": "range", + "src_ip1": "10.0.8.187", + "src_ip2": "10.0.8.187", + "sport_format": "range", + "src_port1": "18611", + "src_port2": "18611", + "daddr_format": "range", + "dst_ip1": "10.0.8.20", + "dst_ip2": "10.0.8.20", + "dport_format": "range", + "dst_port1": "80", + "dst_port2": "80", + "protocol": 6, + "direction": "single" + } + } + ], + "not_flag": 0 + } + ] + }, + { + "compile_id": 188, + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.ScanHitAtLast", + "is_valid": "yes", + "groups": [ + { + "not_flag": 1, + "regions": [ + { + "table_name": "HTTP_URL", + "table_type": "string", + "table_content": { + "keywords": "must-not-contained-string-of-rule-188", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + }, + { + "regions": [ + { + "table_type": "ip_plus", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "addr_type": "ipv4", + "saddr_format": "range", + "src_ip1": "10.0.8.188", + "src_ip2": "10.0.8.188", + "sport_format": "range", + "src_port1": "18611", + "src_port2": "18611", + "daddr_format": "range", + "dst_ip1": "10.0.8.20", + "dst_ip2": "10.0.8.20", + "dport_format": "range", + "dst_port1": "80", + "dst_port2": "80", + "protocol": 6, + "direction": "single" + } + } + ], + "not_flag": 0 } ] } diff --git a/test/table_info.conf b/test/table_info.conf index b24b08f..d7f5553 100644 --- a/test/table_info.conf +++ b/test/table_info.conf @@ -59,4 +59,6 @@ 36 TEST_FQDN_PLUGIN_WITH_EXDATA fqdn_plugin {"row_id":1,"is_suffix_match":2,"fqdn":3,"valid":5} -- 37 VIRTUAL_SSL_SNI virtual ["KEYWORDS_TABLE","INTERGER_PLUS"] -- 38 APP_ID intval -- -39 EMPTY_KEYWORD expr UTF8 UTF8 yes 0 \ No newline at end of file +39 EMPTY_KEYWORD expr UTF8 UTF8 yes 0 +40 EMPTY_INTERGER intval UTF8 UTF8 yes 0 +10 EMPTY_SIMILAR similar -- \ No newline at end of file diff --git a/test/test_maatframe.cpp b/test/test_maatframe.cpp index fda68aa..4edb699 100644 --- a/test/test_maatframe.cpp +++ b/test/test_maatframe.cpp @@ -1114,7 +1114,7 @@ TEST(NOTLogic, ScanIrrelavantAtLast) Maat_clean_status(&mid); } -TEST(NOTLogic, ScanHitAtLast) +TEST(NOTLogic, ScanHitAtLastEmptyExpr) { const char* string_should_not_hit="This string should not hit."; const char* string_match_no_region="This string is matched against a empty table."; @@ -1134,7 +1134,7 @@ TEST(NOTLogic, ScanHitAtLast) struct ipaddr ipv4_addr; struct stream_tuple4_v4 v4_addr; ipv4_addr.addrtype=ADDR_TYPE_IPV4; - inet_pton(AF_INET,"10.0.8.18",&(v4_addr.saddr)); + inet_pton(AF_INET,"10.0.8.186",&(v4_addr.saddr)); v4_addr.source=htons(18611); inet_pton(AF_INET,"10.0.8.20",&(v4_addr.daddr)); v4_addr.dest=htons(80); @@ -1161,6 +1161,98 @@ TEST(NOTLogic, ScanHitAtLast) } +TEST(NOTLogic, ScanHitAtLastEmptyInteger) +{ + const char* string_should_not_hit="This string should not hit."; + const char* string_match_no_region="This string is matched against a empty table."; + int ret=0; + int table_id=0; + struct Maat_rule_t result[4]; + int found_pos[4]; + const char* not_hit_table_name="HTTP_URL", *hit_table_name1="IP_PLUS_CONFIG", *empty_table_name="EMPTY_INTERGER"; + scan_status_t mid=NULL; + table_id=Maat_table_register(g_feather, not_hit_table_name); + ASSERT_GT(table_id, 0); + + ret=Maat_full_scan_string(g_feather, table_id, CHARSET_GBK, string_should_not_hit, strlen(string_should_not_hit), + result, found_pos, 4, &mid, 0); + EXPECT_GE(ret, 0); + + struct ipaddr ipv4_addr; + struct stream_tuple4_v4 v4_addr; + ipv4_addr.addrtype=ADDR_TYPE_IPV4; + inet_pton(AF_INET,"10.0.8.187",&(v4_addr.saddr)); + v4_addr.source=htons(18611); + inet_pton(AF_INET,"10.0.8.20",&(v4_addr.daddr)); + v4_addr.dest=htons(80); + ipv4_addr.v4=&v4_addr; + + table_id=Maat_table_register(g_feather, hit_table_name1); + ASSERT_GT(table_id, 0); + + ret=Maat_scan_proto_addr(g_feather, table_id, &ipv4_addr, 6, result, 4, &mid,0); + + + EXPECT_EQ(ret, -2); + + table_id=Maat_table_register(g_feather, empty_table_name); + ASSERT_GT(table_id, 0); + + Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_LAST_REGION, NULL, 0); + + ret=Maat_scan_intval(g_feather, table_id, 2015, result, 4, &mid, 0); + EXPECT_EQ(ret, 1); + EXPECT_EQ(result[0].config_id, 187); + Maat_clean_status(&mid); + +} + +TEST(NOTLogic, ScanHitAtLastEmptySimilar) +{ + const char* string_should_not_hit="This string should not hit."; + const char* string_match_no_region="This string is matched against a empty table."; + int ret=0; + int table_id=0; + struct Maat_rule_t result[4]; + int found_pos[4]; + const char* not_hit_table_name="HTTP_URL", *hit_table_name1="IP_PLUS_CONFIG", *empty_table_name="EMPTY_SIMILAR"; + scan_status_t mid=NULL; + table_id=Maat_table_register(g_feather, not_hit_table_name); + ASSERT_GT(table_id, 0); + + ret=Maat_full_scan_string(g_feather, table_id, CHARSET_GBK, string_should_not_hit, strlen(string_should_not_hit), + result, found_pos, 4, &mid, 0); + EXPECT_GE(ret, 0); + + struct ipaddr ipv4_addr; + struct stream_tuple4_v4 v4_addr; + ipv4_addr.addrtype=ADDR_TYPE_IPV4; + inet_pton(AF_INET,"10.0.8.188",&(v4_addr.saddr)); + v4_addr.source=htons(18611); + inet_pton(AF_INET,"10.0.8.20",&(v4_addr.daddr)); + v4_addr.dest=htons(80); + ipv4_addr.v4=&v4_addr; + + table_id=Maat_table_register(g_feather, hit_table_name1); + ASSERT_GT(table_id, 0); + + ret=Maat_scan_proto_addr(g_feather, table_id, &ipv4_addr, 6, result, 4, &mid,0); + + + EXPECT_EQ(ret, -2); + + table_id=Maat_table_register(g_feather, empty_table_name); + ASSERT_GT(table_id, 0); + + Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_LAST_REGION, NULL, 0); + + ret=Maat_similar_scan_string(g_feather, table_id, string_match_no_region, strlen(string_match_no_region), result, 4,&mid, 0); + EXPECT_EQ(ret, 1); + EXPECT_EQ(result[0].config_id, 188); + Maat_clean_status(&mid); + +} + TEST(NOTLogic, ScanNotIP) { const char* string_should_hit="This string ONLY contains must-contained-string-of-rule-145.";