[修复bug]加载带偏移量的字符串规则时，将1字节长度的偏移量误校验为非法，如 1-1:a。

2019-01-27 18:12:41 +06:00
parent 0582e54607
commit cf5f1d0269
4 changed files with 91 additions and 5 deletions
--- a/src/entry/Maat_rule.cpp
+++ b/src/entry/Maat_rule.cpp
@@ -32,7 +32,7 @@
 #include "stream_fuzzy_hash.h"
 #include "gram_index_engine.h"
-int MAAT_FRAME_VERSION_2_6_20190118=1;
+int MAAT_FRAME_VERSION_2_6_20190127=1;
 const char* CHARSET_STRING[]={"NONE","gbk","big5","unicode","utf8","bin",
 							"unicode_ascii_esc","unicode_ascii_aligned","unicode_ncr_dec","unicode_ncr_hex","url_encode_gb2312","url_encode_utf8",""};
@@ -1984,7 +1984,7 @@ int add_expr_rule(struct Maat_table_desc* table,struct db_str_rule_t* db_rule,st
 					break;
 				}
 				sscanf(sub_key_array[i],"%d-%d:",&(key_left_offset[i]),&(key_right_offset[i]));
-				if(!(key_left_offset[i]>=0&&key_right_offset[i]>0&&key_left_offset[i]<key_right_offset[i]))
+				if(!(key_left_offset[i]>=0&&key_right_offset[i]>0&&key_left_offset[i]<=key_right_offset[i]))
 				{
 					MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module ,
 							"Table %s region cfg %d invalid offset.",table->table_name[table->updating_name],db_rule->region_id);
@@ -1994,7 +1994,7 @@ int add_expr_rule(struct Maat_table_desc* table,struct db_str_rule_t* db_rule,st
 				if(sub_key_array[i]==NULL)
 				{
 					MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module ,
-							"Table %s region cfg %d invalid keywords format.",table->table_name[table->updating_name],db_rule->region_id);
+							"Table %s region cfg %d invalid offset keyword format.",table->table_name[table->updating_name],db_rule->region_id);
 					return -1;
 				}
 				sub_key_array[i]++;//jump over ':'
--- a/test/maat_json.json
+++ b/test/maat_json.json
@@ -735,7 +735,35 @@
                    ]
                }
            ]
-        }
+        },
 				{
 				    "service": 0,
 				    "do_blacklist": 0,
 				    "groups": [
 				        {
 				            "regions": [
 				                {
 				                    "table_name": "APP_PAYLOAD",
 				                    "table_content": {
 				                        "format": "hexbin",
 				                        "match_method": "sub",
 				                        "district": "Payload",
 				                        "keywords": "1-1:03&9-10:2d&14-16:2d34&19-21:2d&24-25:2d",
 				                        "expr_type": "offset"
 				                    },
 				                    "table_type": "expr_plus"
 				                }
 				            ],
 				            "group_name": "Untitled"
 				        }
 				    ],
 				    "user_region": "APP_ID=100001;BEHAV_ID=100002",
 				    "is_valid": "yes",
 				    "do_log": 0,
 				    "effective_rage": 0,
 				    "action": 0,
 				    "compile_id": 148
 				}
    ],
    "plugin_table": [
        {
--- a/test/table_info.conf
+++ b/test/table_info.conf
@@ -31,4 +31,5 @@
 12	TEST_FOREIGN_KEY	plugin {"valid":4,"foreign":[6,8],"tag":3}	--
 13	COMPILE_ALIAS	compile	escape	--
 14	TEST_PLUGIN_EXDATA_TABLE	plugin {"key":2,"valid":4,"tag":5,"estimate_size":1024}	--
-15	IR_INTERCEPT_IP plugin  {"valid":14,"tag":18}
+15	IR_INTERCEPT_IP plugin  {"valid":14,"tag":18}
 16	APP_PAYLOAD	expr_plus	UTF8	UTF8	yes	0	quickoff
--- a/test/test_maatframe.cpp
+++ b/test/test_maatframe.cpp
@@ -250,7 +250,64 @@ TEST(StringScan, Regex)
 	EXPECT_EQ(result[0].config_id, 146);
 	Maat_clean_status(&mid);
 }
 TEST(StringScan,   ExprPlus)
 {
 	int ret=0;
 	int table_id=0;
 	struct Maat_rule_t result[4];
 	int found_pos[4];
 	const char* region_name="HTTP URL";
 	const char* scan_data="http://www.cyberessays.com/search_results.php?action=search&query=abckkk,1234567";
 	table_id=Maat_table_register(g_feather, "HTTP_REGION");
 	ASSERT_GT(table_id, 0);
 	scan_status_t mid=NULL;
 	ret=Maat_full_scan_string(g_feather, table_id, CHARSET_GBK, scan_data, strlen(scan_data), 
 						result, found_pos, 4,
 						&mid, 0);
 	EXPECT_EQ(ret, -1);//Should return error for district not setting.
 	ret=Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_DISTRICT, region_name, strlen(region_name));
 	ASSERT_EQ(ret, 0);
 	ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, scan_data, strlen(scan_data), 
 						result, found_pos, 4,
 						&mid, 0);
 	EXPECT_EQ(ret, 1);
 	EXPECT_EQ(result[0].config_id, 128);
 	return;
 }
 TEST(StringScan, ExprPlusWithOffset)
 {
 	int ret=0, table_id=0;
 	struct Maat_rule_t result[4];
 	scan_status_t mid=NULL;
 	const char* region_name="Payload";
 	unsigned char udp_payload[] = { /* Stun packet */
 							0x00, 0x03, 0x00, 0x4a, 0x21, 0x12, 0xa4, 0x42, 
 							0x4f, 0xc2, 0xc2, 0x70, 0xb3, 0xa8, 0x4e, 0x22, 
 							0xf5, 0x22, 0x87, 0x4c, 0x40, 0x00, 0x00, 0x46, 
 							0x03, 0x02, 0xab, 0x39, 0xbb, 0x97, 0xe5, 0x01, 
 							0x3a, 0x46, 0x1c, 0x28, 0x5b, 0xab, 0xfa, 0x9a, 
 							0xab, 0x2e, 0x71, 0x39, 0x66, 0xa0, 0xd7, 0xb9, 
 							0xd8, 0x41, 0xa7, 0xa0, 0x84, 0xa9, 0xf3, 0x1b, 
 							0x03, 0x7f, 0xa8, 0x28, 0xa2, 0xd3, 0x64, 0xc2, 
 							0x3d, 0x20, 0xe0, 0xb1, 0x41, 0x12, 0x6c, 0x2f, 
 							0xc5, 0xbb, 0xc3, 0xba, 0x69, 0x73, 0x52, 0x64, 
 							0xf6, 0x30, 0x81, 0xf4, 0x3f, 0xc2, 0x19, 0x6a, 
 							0x68, 0x61, 0x93, 0x08, 0xc0, 0x0a };
 	memset(&result, 0, sizeof(result));
 	table_id=Maat_table_register(g_feather, "APP_PAYLOAD");
 	ASSERT_GT(table_id, 0);
 	ret=Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_DISTRICT, region_name, strlen(region_name));
 	EXPECT_EQ(ret, 0);
 	ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, (char*)udp_payload, sizeof(udp_payload), 
 						result, NULL, 4,
 						&mid, 0);
 	EXPECT_EQ(ret, 1);
 	EXPECT_EQ(result[0].config_id, 148);
 	return;
 }
 TEST(IPScan, IPv4)
 {
 	int table_id=0,ret=0;