gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modify expr table and fix corresponding test case

Browse Source
This commit is contained in:
root
2024-08-19 11:04:17 +00:00
parent 7dd54ad0ec
commit d16a5d3b92
10 changed files with 383 additions and 746 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/inc_internal/maat_utils.h
View File

@@ -70,7 +70,6 @@ enum ip_format {
IP_FORMAT_UNKNOWN
};
enum ip_format ip_format_str2int(const char *format);
int ip_format2range(const char *ip_str, int ip_type, uint32_t range_begin[], uint32_t range_end[]);
#define UNUSED __attribute__((unused))
@@ -88,6 +87,7 @@ long long get_column_value(const char *line, int column_seq);
int load_file_to_memory(const char *file_name, unsigned char **pp_out, size_t *out_sz);
char *strchr_esc(char *s, const char delim);
char *strtok_r_esc(char *s, const char delim, char **save_ptr);
char *str_escape(char *dst, int size, const char *src);

12
src/json2iris.c
View File

@@ -483,23 +483,13 @@ write_expr_line(cJSON *region_json, struct iris_description *p_iris,
cmd_cnt++;
}
json_cmd[cmd_cnt].json_string = "keywords";
json_cmd[cmd_cnt].json_type = cJSON_String;
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "expr_type";
json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].str2int_flag = 1;
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "match_method";
json_cmd[cmd_cnt].json_string = "keywords";
json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].str2int_flag = 1;
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "format";
json_cmd[cmd_cnt].json_type = cJSON_String;
json_cmd[cmd_cnt].str2int_flag = 1;
cmd_cnt++;
json_cmd[cmd_cnt].json_string = "is_valid";

381
src/maat_expr.c
View File

@@ -38,9 +38,7 @@ struct expr_schema {
int group_id_column;
int district_column;
int keywords_column;
int expr_type_column;
int match_method_column;
int is_hexbin_column;
int expr_type_column;
int table_id;
enum maat_expr_engine engine_type;
struct table_manager *ref_tbl_mgr;
@@ -68,9 +66,6 @@ struct expr_item {
long long group_id;
char keywords[MAX_KEYWORDS_STR_LEN + 1];
enum expr_type expr_type;
enum expr_match_mode match_mode;
int is_hexbin;
int is_case_sensitive;
void *user_data;
int district_id;
};
@@ -113,17 +108,13 @@ static enum expr_type int_to_expr_type(int expr_type) {
switch (expr_type) {
case 0:
type = EXPR_TYPE_STRING;
break;
case 1:
case 3:
type = EXPR_TYPE_AND;
break;
case 2:
type = EXPR_TYPE_REGEX;
break;
case 3:
type = EXPR_TYPE_OFFSET;
break;
default:
break;
}
@@ -131,30 +122,6 @@ static enum expr_type int_to_expr_type(int expr_type) {
return type;
}
static enum expr_match_mode int_to_match_mode(int match_method)
{
enum expr_match_mode mode = EXPR_MATCH_MODE_INVALID;
switch (match_method) {
case 0:
mode = EXPR_MATCH_MODE_SUB;
break;
case 1:
mode = EXPR_MATCH_MODE_SUFFIX;
break;
case 2:
mode = EXPR_MATCH_MODE_PREFIX;
break;
case 3:
mode = EXPR_MATCH_MODE_EXACTLY;
break;
default:
break;
}
return mode;
}
static int expr_runtime_get_district_id(struct expr_runtime *expr_rt,
const char *district)
{
@@ -194,9 +161,7 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
{
size_t column_offset = 0;
size_t column_len = 0;
int db_hexbin = -1;
int expr_type = -1;
int match_method_type = -1;
enum table_type table_type = TABLE_TYPE_INVALID;
struct expr_item *expr_item = ALLOC(struct expr_item, 1);
@@ -238,23 +203,23 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
ret = get_column_pos(line, expr_schema->expr_type_column, &column_offset, &column_len);
if (ret < 0) {
log_fatal(expr_rt->logger, MODULE_EXPR,
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no expr_type in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto error;
}
expr_type = atoi(line + column_offset);
expr_item->expr_type = int_to_expr_type(expr_type);
if (expr_item->expr_type == EXPR_TYPE_INVALID) {
log_fatal(expr_rt->logger, MODULE_EXPR,
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has invalid expr_type in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto error;
} else if (expr_item->expr_type == EXPR_TYPE_REGEX) {
ret = expr_matcher_verify_regex_expression(expr_item->keywords, expr_rt->logger);
if (0 == ret) {
log_fatal(expr_rt->logger, MODULE_EXPR,
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> regex expression(item_id:%lld):%s illegal,"
" will be dropped", __FUNCTION__, __LINE__, table_name,
expr_item->item_id, expr_item->keywords);
@@ -286,52 +251,6 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
expr_item->district_id = DISTRICT_ANY;
}
ret = get_column_pos(line, expr_schema->match_method_column, &column_offset, &column_len);
if (ret < 0) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no match_method in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto error;
}
match_method_type = atoi(line + column_offset);
expr_item->match_mode = int_to_match_mode(match_method_type);
if (expr_item->match_mode == EXPR_MATCH_MODE_INVALID) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has invalid match_method in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto error;
}
ret = get_column_pos(line, expr_schema->is_hexbin_column, &column_offset, &column_len);
if (ret < 0) {
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has no is_hexbin in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto error;
}
db_hexbin = atoi(line + column_offset);
switch (db_hexbin) {
case 0:
expr_item->is_hexbin = FALSE;
expr_item->is_case_sensitive = FALSE;
break;
case 1:
expr_item->is_hexbin = TRUE;
expr_item->is_case_sensitive = TRUE;
break;
case 2:
expr_item->is_hexbin = FALSE;
expr_item->is_case_sensitive = TRUE;
break;
default:
log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has invalid hexbin value:%d in line:%s",
__FUNCTION__, __LINE__, table_name, db_hexbin, line);
goto error;
}
return expr_item;
error:
FREE(expr_item);
@@ -429,28 +348,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr,
if (custom_item != NULL && custom_item->type == cJSON_Number) {
expr_schema->expr_type_column = custom_item->valueint;
} else {
log_fatal(logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> schema has no expr_type column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
custom_item = cJSON_GetObjectItem(item, "match_method");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
expr_schema->match_method_column = custom_item->valueint;
} else {
log_fatal(logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> schema has no match_method column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
custom_item = cJSON_GetObjectItem(item, "is_hexbin");
if (custom_item != NULL && custom_item->type == cJSON_Number) {
expr_schema->is_hexbin_column = custom_item->valueint;
} else {
log_fatal(logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> schema has no is_hexbin column",
log_fatal(logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> schema has no expr_type column",
__FUNCTION__, __LINE__, table_name);
goto error;
}
@@ -611,26 +510,6 @@ static int expr_runtime_update_row(struct expr_runtime *expr_rt, char *key,
return 0;
}
static enum expr_pattern_type expr_type2pattern_type(enum expr_type expr_type)
{
enum expr_pattern_type pattern_type = EXPR_PATTERN_TYPE_STR;
switch (expr_type) {
case EXPR_TYPE_STRING:
case EXPR_TYPE_AND:
case EXPR_TYPE_OFFSET:
pattern_type = EXPR_PATTERN_TYPE_STR;
break;
case EXPR_TYPE_REGEX:
pattern_type = EXPR_PATTERN_TYPE_REG;
break;
default:
break;
}
return pattern_type;
}
static int convertHextoint(char srctmp)
{
if (isdigit(srctmp)) {
@@ -658,6 +537,128 @@ static size_t hex2bin(char *hex, int hex_len, char *binary, size_t size)
return resultlen;
}
static int expr_keywords_to_expr_pattern(char *keywords, struct expr_pattern *pattern, struct log_handle *logger)
{
char *ctrl_str = NULL;
char *expr_str = NULL;
int case_ctrl_flag = 0;
pattern->match_mode = EXPR_MATCH_MODE_SUB;
pattern->case_sensitive = EXPR_CASE_INSENSITIVE;
/* -1 means offset no limit, As long as the pattern appears in the scan data, it will hit */
pattern->start_offset = -1;
pattern->end_offset = -1;
if (keywords[0] == '(') {
ctrl_str = keywords + 1;
char *ctrl_str_end = strchr(ctrl_str, ')');
if (NULL == ctrl_str_end) {
return -1;
}
ctrl_str_end[0] = '\0';
expr_str = ctrl_str_end + 1;
} else {
expr_str = keywords;
}
if (ctrl_str != NULL) {
char case_switch[8] = {0};
char *nocase_str = strstr(ctrl_str, "nocase");
if (nocase_str) {
case_ctrl_flag = 1;
sscanf(nocase_str, "nocase=%s", case_switch);
if (strcmp(case_switch, "off") == 0) {
pattern->case_sensitive = EXPR_CASE_SENSITIVE;
} else {
pattern->case_sensitive = EXPR_CASE_INSENSITIVE;
}
}
char *offset_str = strstr(ctrl_str, "offset");
char *depth_str = strstr(ctrl_str, "depth");
if (offset_str && depth_str) {
sscanf(offset_str, "offset=%d", &pattern->start_offset);
sscanf(depth_str, "depth=%d", &pattern->end_offset);
pattern->match_mode = EXPR_MATCH_MODE_SUB;
if (pattern->start_offset < 0 || pattern->end_offset <= 0 || (pattern->start_offset > pattern->end_offset)) {
return -1;
}
}
}
if (expr_str[0] == '^') {
pattern->match_mode = EXPR_MATCH_MODE_PREFIX;
expr_str++;
}
char *expr_suffix = strchr_esc(expr_str, '$');
if (expr_suffix != NULL) {
expr_suffix[0] = '\0';
if (pattern->match_mode == EXPR_MATCH_MODE_PREFIX) {
pattern->match_mode = EXPR_MATCH_MODE_EXACTLY;
} else {
pattern->match_mode = EXPR_MATCH_MODE_SUFFIX;
}
}
char *hex_str_start = strchr_esc(expr_str, '|');
char *tmp_start_str = expr_str;
char *tmp_end_str = NULL;
char tmp_keywords[MAX_KEYWORDS_STR_LEN + 1] = {0};
size_t pattern_len = 0;
if (hex_str_start && !case_ctrl_flag) {
pattern->case_sensitive = EXPR_CASE_SENSITIVE;
}
while (hex_str_start != NULL) {
hex_str_start[0] = '\0';
hex_str_start++;
tmp_end_str = strchr_esc(hex_str_start, '|');
if (tmp_end_str == NULL) {
return -1;
}
tmp_end_str[0] = '\0';
tmp_end_str++;
size_t region_str_len = strlen(hex_str_start) * 8;
char *region_string = ALLOC(char, region_str_len + 1);
region_str_len = hex2bin(hex_str_start, strlen(hex_str_start), region_string, region_str_len);
tmp_start_str = str_unescape(tmp_start_str);
snprintf(tmp_keywords + pattern_len, MAX_KEYWORDS_STR_LEN - pattern_len, "%s%s", tmp_start_str, region_string);
pattern_len = strlen(tmp_keywords);
if (region_string != NULL) {
FREE(region_string);
}
tmp_start_str = tmp_end_str;
hex_str_start = strchr_esc(tmp_start_str, '|');
}
if (tmp_end_str != NULL && tmp_end_str[0] != '\0') {
tmp_end_str = str_unescape(tmp_end_str);
snprintf(tmp_keywords + pattern_len, MAX_KEYWORDS_STR_LEN - pattern_len, "%s%s", tmp_start_str, tmp_end_str);
pattern_len = strlen(tmp_keywords);
}
if (pattern_len == 0) {
expr_str = str_unescape(expr_str);
pattern->pat_len = strlen(expr_str);
pattern->pat = ALLOC(char, pattern->pat_len + 1);
memcpy(pattern->pat, expr_str, pattern->pat_len);
} else {
pattern->pat = ALLOC(char, pattern_len + 1);
memcpy(pattern->pat, tmp_keywords, pattern_len);
pattern->pat_len = pattern_len;
}
return 0;
}
#define MAAT_MAX_EXPR_ITEM_NUM 8
static int expr_item_to_expr_rule(struct expr_item *expr_item,
struct expr_rule *expr_rule,
@@ -668,15 +669,8 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item,
char *pos = NULL;
char *tmp = NULL;
char *saveptr = NULL;
char *sub_key_array[MAAT_MAX_EXPR_ITEM_NUM];
int key_left_offset[MAAT_MAX_EXPR_ITEM_NUM];
int key_right_offset[MAAT_MAX_EXPR_ITEM_NUM];
char tmp_keywords[MAX_KEYWORDS_STR_LEN + 1];
/* -1 means offset no limit, As long as the pattern appears in the scan data, it will hit */
memset(key_left_offset, -1, sizeof(key_left_offset));
memset(key_right_offset, -1, sizeof(key_right_offset));
memcpy(tmp_keywords, expr_item->keywords, MAX_KEYWORDS_STR_LEN + 1);
switch (expr_item->expr_type) {
@@ -689,116 +683,43 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item,
if (i >= MAAT_MAX_EXPR_ITEM_NUM) {
log_fatal(logger, MODULE_EXPR,
"[%s:%d]abandon config expr_item(item_id:%d) "
"too many patterns", __FUNCTION__, __LINE__,
expr_item->item_id);
"[%s:%d]abandon config expr_item(item_id:%d) "
"too many patterns", __FUNCTION__, __LINE__,
expr_item->item_id);
return -1;
}
sub_key_array[i] = tmp;
sub_key_array[i] = str_unescape(sub_key_array[i]);
}
sub_expr_cnt = i;
break;
case EXPR_TYPE_OFFSET:
for (i = 0, pos = tmp_keywords; ; i++, pos = NULL) {
tmp = strtok_r_esc(pos, '&', &saveptr);
if (NULL == tmp) {
break;
}
if (i >= MAAT_MAX_EXPR_ITEM_NUM) {
if (expr_keywords_to_expr_pattern(tmp, &expr_rule->patterns[i], logger) < 0) {
log_fatal(logger, MODULE_EXPR,
"[%s:%d]abandon config expr_item(item_id:%d) "
"too many patterns", __FUNCTION__, __LINE__,
expr_item->item_id);
"[%s:%d]abandon config expr_item(item_id:%d) "
"has invalid pattern %s", __FUNCTION__, __LINE__,
expr_item->item_id, tmp);
return -1;
}
sub_key_array[i] = tmp;
sscanf(sub_key_array[i], "%d-%d:", &(key_left_offset[i]),
&(key_right_offset[i]));
if (!(key_left_offset[i] >= 0 && key_right_offset[i] > 0
&& key_left_offset[i] <= key_right_offset[i])) {
log_fatal(logger, MODULE_EXPR,
"[%s:%d]abandon config expr_item(item_id:%d) "
"has invalid offset.", __FUNCTION__, __LINE__,
expr_item->item_id);
return -1;
}
sub_key_array[i] = (char *)memchr(sub_key_array[i], ':',
strlen(sub_key_array[i]));
if (NULL == sub_key_array[i]) {
log_fatal(logger, MODULE_EXPR,
"[%s:%d]abandon config expr_item(item_id:%d) "
"has invalid offset keyword format.",
__FUNCTION__, __LINE__, expr_item->item_id);
return -1;
}
sub_key_array[i]++;//jump over ':'
sub_key_array[i] = str_unescape(sub_key_array[i]);
expr_rule->patterns[i].type = EXPR_PATTERN_TYPE_STR;
}
sub_expr_cnt = i;
break;
case EXPR_TYPE_STRING: //AND/OFFSET/STRING type expression use \b to represent blank(' ')
case EXPR_TYPE_REGEX:
sub_expr_cnt = 1;
sub_key_array[0] = tmp_keywords;
sub_key_array[0] = str_unescape(sub_key_array[0]);
break;
case EXPR_TYPE_REGEX: //only regex type expression use \s to represent blank(' ')
sub_expr_cnt = 1;
sub_key_array[0] = tmp_keywords;
size_t pat_len = strlen(tmp_keywords);
expr_rule->patterns[0].pat = ALLOC(char, pat_len + 1);
memcpy(expr_rule->patterns[0].pat, tmp_keywords, pat_len);
expr_rule->patterns[0].pat_len = pat_len;
expr_rule->patterns[0].type = EXPR_PATTERN_TYPE_REG;
expr_rule->patterns[0].match_mode = EXPR_MATCH_MODE_SUB;
expr_rule->patterns[0].case_sensitive = EXPR_CASE_INSENSITIVE;
expr_rule->patterns[0].start_offset = -1;
expr_rule->patterns[0].end_offset = -1;
break;
default:
log_fatal(logger, MODULE_EXPR,
"[%s:%d]abandon config expr_item(item_id:%lld) has "
"invalid expr type=%d", __FUNCTION__, __LINE__,
expr_item->item_id, expr_item->expr_type);
"[%s:%d]abandon config expr_item(item_id:%lld) has "
"invalid expr type=%d", __FUNCTION__, __LINE__,
expr_item->item_id, expr_item->expr_type);
return -1;
}
for (i = 0; i < sub_expr_cnt; i++) {
size_t region_str_len = 0;
char *region_string = NULL;
size_t sub_key_len = 0;
if (TRUE == expr_item->is_case_sensitive) {
// insensitive
expr_rule->patterns[i].case_sensitive = EXPR_CASE_SENSITIVE;
} else {
expr_rule->patterns[i].case_sensitive = EXPR_CASE_INSENSITIVE;
}
expr_rule->patterns[i].type = expr_type2pattern_type(expr_item->expr_type);
if (TRUE == expr_item->is_hexbin &&
expr_rule->patterns[i].type != EXPR_PATTERN_TYPE_REG) {
region_str_len = strlen(sub_key_array[i]) * 8;
region_string = ALLOC(char, region_str_len + 1);
region_str_len = hex2bin(sub_key_array[i], strlen(sub_key_array[i]),
region_string, region_str_len);
}
if (region_string != NULL) {
expr_rule->patterns[i].pat = ALLOC(char, region_str_len + 1);
memcpy(expr_rule->patterns[i].pat, region_string, region_str_len);
expr_rule->patterns[i].pat_len = region_str_len;
FREE(region_string);
} else {
sub_key_len = strlen(sub_key_array[i]);
expr_rule->patterns[i].pat = ALLOC(char, sub_key_len + 1);
memcpy(expr_rule->patterns[i].pat, sub_key_array[i], sub_key_len);
expr_rule->patterns[i].pat_len = sub_key_len;
}
expr_rule->patterns[i].match_mode = expr_item->match_mode;
if (expr_rule->patterns[i].match_mode == EXPR_MATCH_MODE_SUB) {
expr_rule->patterns[i].start_offset = key_left_offset[i];
expr_rule->patterns[i].end_offset = key_right_offset[i];
}
}
expr_rule->expr_id = expr_item->item_id;
expr_rule->tag = expr_item->user_data;
expr_rule->n_patterns = sub_expr_cnt;

18
src/maat_utils.c
View File

@@ -120,7 +120,7 @@ int load_file_to_memory(const char *file_name, unsigned char **pp_out, size_t *o
return 0;
}
static char *strchr_esc(char *s, const char delim)
char *strchr_esc(char *s, const char delim)
{
char *token = NULL;
@@ -453,22 +453,6 @@ size_t memcat(void **dest, size_t offset, size_t *n_dest, const void *src, size_
return n_src;
}
enum ip_format ip_format_str2int(const char *format)//TODO: need to delete?
{
if (0 == strcasecmp(format, "single")) {
return IP_FORMAT_SINGLE;
}else if (0 == strcasecmp(format, "range")) {
return IP_FORMAT_RANGE;
} else if (0 == strcasecmp(format, "CIDR")) {
return IP_FORMAT_CIDR;
} else if (0 == strcasecmp(format, "mask")) {
return IP_FORMAT_MASK;
} else {
assert(0);
}
return IP_FORMAT_UNKNOWN;
}
int ip_format2range(const char *ip_str, int ip_type, uint32_t range_begin[], uint32_t range_end[])
{
int ret = 0;

103
test/maat_framework_gtest.cpp
View File

@@ -46,7 +46,7 @@ int test_add_expr_command(struct maat *maat_inst, const char *expr_table,
long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, expr_table, MAAT_OP_ADD, item_id,
group_id, keywords, "null", 1, 0, 0, 0);
group_id, keywords, "null", 1, 0);
EXPECT_EQ(ret, 1);
return ret;
@@ -692,7 +692,7 @@ TEST_F(HsStringScan, BackslashR_N_Escape_IncUpdate) {
/* EXPR_TYPE_AND MATCH_METHOD_SUB */
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id,
group_id, keywords, NULL, 1, 0, 0, 0);
group_id, keywords, NULL, 1, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 3);
@@ -1403,7 +1403,7 @@ TEST_F(HsStringScan, dynamic_config) {
/* EXPR_TYPE_AND MATCH_METHOD_SUB */
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id,
group_id, keywords, NULL, 1, 0, 0, 0);
group_id, keywords, NULL, 1, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 3);
@@ -1422,7 +1422,7 @@ TEST_F(HsStringScan, dynamic_config) {
/* EXPR_TYPE_AND MATCH_METHOD_SUB */
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_id,
group_id, keywords, NULL, 1, 0, 0, 0);
group_id, keywords, NULL, 1, 0);
EXPECT_EQ(ret, 1);
/* group2compile table del line */
@@ -1668,7 +1668,7 @@ TEST_F(RsStringScan, BackslashR_N_Escape_IncUpdate) {
/* EXPR_TYPE_AND MATCH_METHOD_SUB */
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id,
group_id, keywords, NULL, 1, 0, 0, 0);
group_id, keywords, NULL, 1, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 3);
@@ -2386,7 +2386,7 @@ TEST_F(RsStringScan, dynamic_config) {
/* EXPR_TYPE_AND MATCH_METHOD_SUB */
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id,
group_id, keywords, NULL, 1, 0, 0, 0);
group_id, keywords, NULL, 1, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -2405,7 +2405,7 @@ TEST_F(RsStringScan, dynamic_config) {
/* EXPR_TYPE_AND MATCH_METHOD_SUB*/
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_id,
group_id, keywords, NULL, 1, 0, 0, 0);
group_id, keywords, NULL, 1, 0);
EXPECT_EQ(ret, 1);
/* group2compile table del line */
@@ -7415,7 +7415,6 @@ TEST_F(MaatCmd, SetExpr) {
const char *keywords1 = "Hiredis";
const char *keywords2 = "C Client";
const char *compile_table_name = "COMPILE_DEFAULT";
char escape_buff1[256], escape_buff2[256];
char keywords[512];
long long results[ARRAY_SIZE] = {0};
@@ -7424,9 +7423,7 @@ TEST_F(MaatCmd, SetExpr) {
struct maat *maat_inst = MaatCmd::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id);
str_escape(escape_buff1, sizeof(escape_buff1), keywords1);
str_escape(escape_buff2, sizeof(escape_buff2), keywords2);
snprintf(keywords, sizeof(keywords), "%s&%s", escape_buff1, escape_buff2);
snprintf(keywords, sizeof(keywords), "%s&%s", keywords1, keywords2);
long long compile_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 2);
test_add_expr_command(maat_inst, table_name, compile_id - 1, 0, keywords);
@@ -7515,7 +7512,7 @@ TEST_F(MaatCmd, SetExpr8) {
/* EXPR_TYPE_AND MATCH_METHOD_SUB */
long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id,
group_id, keywords8, NULL, 1, 0, 0, 0);
group_id, keywords8, NULL, 1, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -7536,11 +7533,11 @@ TEST_F(MaatCmd, SetExpr8) {
maat_state_reset(state);
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_id,
group_id, keywords8, NULL, 1, 0, 0, 0);
group_id, keywords8, NULL, 1, 0);
EXPECT_EQ(ret, 1);
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id,
group_id, keywords7, NULL, 1, 0, 0, 0);
group_id, keywords7, NULL, 1, 0);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -7635,7 +7632,7 @@ TEST_F(MaatCmd, SameFilterRefByOneCompile) {
long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, "HTTP_URL", MAAT_OP_ADD, item_id, group_id,
keywords, "null", 1, 0, 0, 0);
keywords, "null", 1, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -7812,7 +7809,7 @@ TEST_F(MaatCmd, SubGroup) {
*/
long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id,
group2_id, keyword1, NULL, 1, 0, 0, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */
group2_id, keyword1, NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -7892,7 +7889,7 @@ TEST_F(MaatCmd, SubGroup) {
long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_id,
group3_id, keyword2, NULL, 1, 0, 0, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */
group3_id, keyword2, NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */
sleep(2);
ret = maat_scan_string(maat_inst, table_id, scan_data2, strlen(scan_data2),
results, ARRAY_SIZE, &n_hit_result, state);
@@ -7967,7 +7964,7 @@ TEST_F(MaatCmd, RefGroup) {
//item1 -> group1 -> compile1
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item1_id,
group1_id, keyword1, NULL, 1, 0, 0, 0); /* EXPR_TYPE_AND MATCH_METHOD_SUB */
group1_id, keyword1, NULL, 1, 0); /* EXPR_TYPE_AND MATCH_METHOD_SUB */
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -7984,7 +7981,7 @@ TEST_F(MaatCmd, RefGroup) {
long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_id,
group2_id, keyword2, NULL, 1, 0, 0, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */
group2_id, keyword2, NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */
EXPECT_EQ(ret, 1);
ret = compile_table_set_line(maat_inst, compile_table_name, MAAT_OP_DEL,
@@ -8041,7 +8038,7 @@ TEST_F(MaatCmd, VirtualTable) {
//item1 -> group1 -> compile1
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item1_id,
group1_id, "AppleWebKit", "User-Agent", 0, 0, 0, 0);/*EXPR_TYPE_STRING MATCH_METHOD_SUB */
group1_id, "AppleWebKit", "User-Agent", 0, 0);/*EXPR_TYPE_STRING MATCH_METHOD_SUB */
EXPECT_EQ(ret, 1);
/* item1 -> group1 -> compile1
@@ -8060,7 +8057,7 @@ TEST_F(MaatCmd, VirtualTable) {
*/
long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_id,
group2_id, "uid=12345678;", "Cookie", 0, 0, 0, 0);/*EXPR_TYPE_STRING MATCH_METHOD_SUB */
group2_id, "uid=12345678;", "Cookie", 0, 0);/*EXPR_TYPE_STRING MATCH_METHOD_SUB */
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -8827,14 +8824,14 @@ TEST_F(MaatCmd, GroupInMassCompiles) {
long long group1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
int ret = expr_table_set_line(maat_inst, table_url, MAAT_OP_ADD, item1_id,
group1_id, "baidu.com&tsg", NULL, 1, 0, 0, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */
group1_id, "baidu.com&tsg", NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */
EXPECT_EQ(ret, 1);
//item_url2 -> group2
long long group2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, table_url, MAAT_OP_ADD, item2_id,
group2_id, "baidu.com&zhengzhou", NULL, 1, 0, 0, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */
group2_id, "baidu.com&zhengzhou", NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */
EXPECT_EQ(ret, 1);
//item_appid -> group3
@@ -8965,7 +8962,7 @@ TEST_F(MaatCmd, HitGroup) {
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD,
item1_id, group1_id, "hit group item first",
"URL", 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
"URL", 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
/* item1 -> group1 -> compile1
@@ -8994,7 +8991,7 @@ TEST_F(MaatCmd, HitGroup) {
long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD,
item2_id, group2_id, "hit group item second",
"Cookie", 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
"Cookie", 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
/*
@@ -9016,13 +9013,11 @@ TEST_F(MaatCmd, HitGroup) {
group3_id, "220.181.38.150-220.181.38.151", 0);
EXPECT_EQ(ret, 1);
char temp[1024]={0};
//item4 -> group4, group4 is not referenced by any compile.
long long item4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
long long group4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD,
item4_id, group4_id, str_escape(temp, sizeof(temp),
"hit group item forth"), NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
item4_id, group4_id, "hit group item forth", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
/*
@@ -9036,8 +9031,8 @@ TEST_F(MaatCmd, HitGroup) {
long long item5_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD,
item5_id, group1_id,
str_escape(temp, sizeof(temp), "hit group item fifth"),
NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
"hit group item fifth",
NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9246,7 +9241,7 @@ TEST_F(MaatCmd, HitPathBasic) {
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD,
item1_id, group1_id, "graph_theory", "URL",
0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
/* item1 -> group1 -> compile1
@@ -9275,7 +9270,7 @@ TEST_F(MaatCmd, HitPathBasic) {
long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD,
item2_id, group2_id, "time=2020-02-11", "Cookie",
0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
/*
@@ -9297,14 +9292,13 @@ TEST_F(MaatCmd, HitPathBasic) {
group3_id, "220.181.38.148-220.181.38.149", 0);
EXPECT_EQ(ret, 1);
char temp[1024]={0};
//item4 -> group4, group4 is not referenced by any compile.
long long item4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
long long group4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD,
item4_id, group4_id,
str_escape(temp, sizeof(temp), "a finite or infinite"),
NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
"a finite or infinite",
NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9547,7 +9541,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD,
item1_id, group1_id, "computer_theory", NULL,
0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
/* item1 -> group1 -> compile1
@@ -9576,7 +9570,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD,
item2_id, group2_id, "social_theory", NULL,
0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
//compile2
@@ -9648,13 +9642,12 @@ TEST_F(MaatCmd, HitPathAdvanced) {
/
item4 -> group4
*/
char temp[1024]={0};
long long item4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
long long group4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD,
item4_id, group4_id,
str_escape(temp, sizeof(temp), "basic and advanced"),
NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
"basic and advanced",
NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
ret = group2compile_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
@@ -9907,7 +9900,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
// !(item1 -> group1) -> compile1
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD,
item1_id, group1_id, "math_theory", "URL", 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
item1_id, group1_id, "math_theory", "URL", 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
/* !(item1 -> group1) -> compile1
@@ -9936,7 +9929,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD,
item2_id, group2_id, "time=2020-02-12", "Cookie",
0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
/*
@@ -9958,14 +9951,13 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
group3_id, "220.181.38.158-220.181.38.159", 0);
EXPECT_EQ(ret, 1);
char temp[1024]={0};
//item4 -> group4, group4 is not referenced by any compile.
long long item4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
long long group4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD,
item4_id, group4_id,
str_escape(temp, sizeof(temp), "a finite and infinite"),
NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
"a finite and infinite",
NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -10174,7 +10166,6 @@ TEST_F(MaatCmd, HitPathHasNotGroup) {
}
TEST_F(MaatCmd, SameSuperGroupRefByMultiCompile) {
char temp[1024]={0};
int thread_id = 0;
const char *g2g_table_name = "GROUP2GROUP";
const char *g2c_table_name = "GROUP2COMPILE_DEFAULT";
@@ -10190,8 +10181,8 @@ TEST_F(MaatCmd, SameSuperGroupRefByMultiCompile) {
long long group5_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
int ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD,
item5_id, group5_id,
str_escape(temp, sizeof(temp), "same supergroup referenced by multi compile"),
"KEY", 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
"same supergroup referenced by multi compile",
"KEY", 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
long long group52_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
@@ -10623,7 +10614,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
//item1 -> group1 -> compile1
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, table_http_url, MAAT_OP_ADD, item1_id,
group1_id, "part-1", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
group1_id, "part-1", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -10661,7 +10652,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
//item2 -> group2 -> compile2
long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, table_http_url, MAAT_OP_ADD, item2_id,
group2_id, "part-2", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
group2_id, "part-2", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
//DON'T DO THIS!!!
@@ -10727,7 +10718,7 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) {
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, scan_table_name, MAAT_OP_ADD,
item1_id, group1_id, "stream-keywords-001-inc-update",
NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -10783,7 +10774,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
//item1 -> group1 -> compile1
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, scan_table_name, MAAT_OP_ADD, item1_id,
group1_id, "stream-keywords-002", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
group1_id, "stream-keywords-002", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -10851,7 +10842,7 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
//item1 -> group1 -> compile1
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, item1_id,
group1_id, "stream-keywords-003", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
group1_id, "stream-keywords-003", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
/* item1 -> group1 -> compile1
@@ -10953,7 +10944,7 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) {
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD,
item1_id, group1_id, "stream-keywords-004",
NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
/* item1 -> group1 -> compile1
@@ -11053,7 +11044,7 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
//item1 -> group1 -> compile1
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, item1_id,
group1_id, keywords, NULL, 1, 0, 0, 0); /*EXPR_TYPE_AND MATCH_METHOD_SUB*/
group1_id, keywords, NULL, 1, 0); /*EXPR_TYPE_AND MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
/* item1 -> group1 -> compile1
@@ -11153,7 +11144,7 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) {
//item1 -> group1 -> compile1
long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, item1_id,
group1_id, keywords, "null", 1, 0, 0, 0); /*EXPR_TYPE_AND MATCH_METHOD_SUB*/
group1_id, keywords, "null", 1, 0); /*EXPR_TYPE_AND MATCH_METHOD_SUB*/
EXPECT_EQ(ret, 1);
/* item1 -> group1 -> compile1

2
test/maat_framework_perf_gtest.cpp
View File

@@ -48,7 +48,7 @@ test_add_expr_command(struct maat *maat_inst, const char *table_name,
long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id,
group_id, keywords, "null", 1, 0, 0, 0);
group_id, keywords, "null", 1, 0);
EXPECT_EQ(ret, 1);
}

498
test/maat_json.json
View File

File diff suppressed because it is too large Load Diff

97
test/table_info.conf
View File

@@ -133,29 +133,25 @@
"db_tables":["HTTP_URL", "HTTP_HOST"],
"table_type":"expr",
"expr_engine":"rulescan",
"valid_column":7,
"valid_column":5,
"schema_tag": "{\"http_region\": \"expr\"}",
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
"expr_type":3,
"keywords":4
}
},
{
"table_id":11,
"table_name":"KEYWORDS_TABLE",
"table_type":"expr",
"valid_column":7,
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
"expr_type":3,
"keywords":4
}
},
{
@@ -197,29 +193,25 @@
"table_id":15,
"table_name":"HTTP_SIGNATURE",
"table_type":"expr_plus",
"valid_column":8,
"valid_column":6,
"custom": {
"item_id":1,
"group_id":2,
"district":3,
"keywords":4,
"expr_type":5,
"match_method":6,
"is_hexbin":7
"expr_type":4,
"keywords":5
}
},
{
"table_id":16,
"table_name":"IMAGE_FP",
"table_type":"expr",
"valid_column":7,
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
"expr_type":3,
"keywords":4
}
},
{
@@ -276,44 +268,37 @@
"table_id":21,
"table_name":"APP_PAYLOAD",
"table_type":"expr_plus",
"valid_column":8,
"valid_column":6,
"custom": {
"item_id":1,
"group_id":2,
"district":3,
"keywords":4,
"expr_type":5,
"match_method":6,
"is_hexbin":7
"expr_type":4,
"keywords":5
}
},
{
"table_id":22,
"table_name":"TROJAN_PAYLOAD",
"table_type":"expr",
"valid_column":7,
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
"expr_type":3,
"keywords":4
}
},
{
"table_id":23,
"table_name":"MAIL_ADDR",
"table_type":"expr",
"valid_column":7,
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
"expr_type":3,
"keywords":4
}
},
{
@@ -370,14 +355,12 @@
"table_id":30,
"table_name":"AS_NUMBER",
"table_type":"expr",
"valid_column":7,
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
"expr_type":3,
"keywords":4
}
},
{
@@ -396,14 +379,12 @@
"table_id":33,
"table_name":"GeoLocation",
"table_type":"expr",
"valid_column":7,
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
"expr_type":3,
"keywords":4
}
},
{
@@ -450,14 +431,12 @@
"table_id":38,
"table_name":"EMPTY_KEYWORD",
"table_type":"expr",
"valid_column":7,
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
"expr_type":3,
"keywords":4
}
},
{
@@ -578,28 +557,24 @@
"table_id":49,
"table_name":"EXPR_LITERAL_PERF_CONFIG",
"table_type":"expr",
"valid_column":7,
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
"expr_type":3,
"keywords":4
}
},
{
"table_id":50,
"table_name":"EXPR_REGEX_PERF_CONFIG",
"table_type":"expr",
"valid_column":7,
"valid_column":5,
"custom": {
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
"expr_type":3,
"keywords":4
}
},
{

13
test/test_utils.cpp
View File

@@ -207,8 +207,7 @@ int group2group_table_set_line(struct maat *maat_inst, const char *table_name,
int expr_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long item_id,
long long group_id, const char *keywords,
const char *district, int expr_type,
int match_method, int is_hexbin, int expire_after)
const char *district, int expr_type, int expire_after)
{
char table_line[1024] = {0};
int table_id = maat_get_table_id(maat_inst, table_name);
@@ -222,13 +221,11 @@ int expr_table_set_line(struct maat *maat_inst, const char *table_name,
table_type == TABLE_TYPE_EXPR_PLUS);
if (table_type == TABLE_TYPE_EXPR_PLUS) {
sprintf(table_line, "%lld\t%lld\t%s\t%s\t%d\t%d\t%d\t%d",
item_id, group_id, district, keywords, expr_type,
match_method, is_hexbin, op);
sprintf(table_line, "%lld\t%lld\t%s\t%d\t%s\t%d",
item_id, group_id, district, expr_type, keywords, op);
} else {
sprintf(table_line, "%lld\t%lld\t%s\t%d\t%d\t%d\t%d",
item_id, group_id, keywords, expr_type,
match_method, is_hexbin, op);
sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d",
item_id, group_id, expr_type, keywords, op);
}
struct maat_cmd_line line_rule;

3
test/test_utils.h
View File

@@ -31,8 +31,7 @@ int group2group_table_set_line(struct maat *maat_inst, const char *table_name,
int expr_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long item_id,
long long group_id, const char *keywords,
const char *district, int expr_type,
int match_method, int is_hexbin, int expire_after);
const char *district, int expr_type, int expire_after);
int interval_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long item_id,