diff --git a/src/inc_internal/maat_utils.h b/src/inc_internal/maat_utils.h index 6f61fe4..aaa3227 100644 --- a/src/inc_internal/maat_utils.h +++ b/src/inc_internal/maat_utils.h @@ -70,7 +70,6 @@ enum ip_format { IP_FORMAT_UNKNOWN }; -enum ip_format ip_format_str2int(const char *format); int ip_format2range(const char *ip_str, int ip_type, uint32_t range_begin[], uint32_t range_end[]); #define UNUSED __attribute__((unused)) @@ -88,6 +87,7 @@ long long get_column_value(const char *line, int column_seq); int load_file_to_memory(const char *file_name, unsigned char **pp_out, size_t *out_sz); +char *strchr_esc(char *s, const char delim); char *strtok_r_esc(char *s, const char delim, char **save_ptr); char *str_escape(char *dst, int size, const char *src); diff --git a/src/json2iris.c b/src/json2iris.c index 6335ef1..f711c1d 100644 --- a/src/json2iris.c +++ b/src/json2iris.c @@ -483,23 +483,13 @@ write_expr_line(cJSON *region_json, struct iris_description *p_iris, cmd_cnt++; } - json_cmd[cmd_cnt].json_string = "keywords"; - json_cmd[cmd_cnt].json_type = cJSON_String; - cmd_cnt++; - json_cmd[cmd_cnt].json_string = "expr_type"; json_cmd[cmd_cnt].json_type = cJSON_String; json_cmd[cmd_cnt].str2int_flag = 1; cmd_cnt++; - json_cmd[cmd_cnt].json_string = "match_method"; + json_cmd[cmd_cnt].json_string = "keywords"; json_cmd[cmd_cnt].json_type = cJSON_String; - json_cmd[cmd_cnt].str2int_flag = 1; - cmd_cnt++; - - json_cmd[cmd_cnt].json_string = "format"; - json_cmd[cmd_cnt].json_type = cJSON_String; - json_cmd[cmd_cnt].str2int_flag = 1; cmd_cnt++; json_cmd[cmd_cnt].json_string = "is_valid"; diff --git a/src/maat_expr.c b/src/maat_expr.c index 51ffb84..486cb82 100644 --- a/src/maat_expr.c +++ b/src/maat_expr.c @@ -38,9 +38,7 @@ struct expr_schema { int group_id_column; int district_column; int keywords_column; - int expr_type_column; - int match_method_column; - int is_hexbin_column; + int expr_type_column; int table_id; enum maat_expr_engine engine_type; struct table_manager *ref_tbl_mgr; @@ -68,9 +66,6 @@ struct expr_item { long long group_id; char keywords[MAX_KEYWORDS_STR_LEN + 1]; enum expr_type expr_type; - enum expr_match_mode match_mode; - int is_hexbin; - int is_case_sensitive; void *user_data; int district_id; }; @@ -113,17 +108,13 @@ static enum expr_type int_to_expr_type(int expr_type) { switch (expr_type) { case 0: - type = EXPR_TYPE_STRING; - break; case 1: + case 3: type = EXPR_TYPE_AND; break; case 2: type = EXPR_TYPE_REGEX; break; - case 3: - type = EXPR_TYPE_OFFSET; - break; default: break; } @@ -131,30 +122,6 @@ static enum expr_type int_to_expr_type(int expr_type) { return type; } -static enum expr_match_mode int_to_match_mode(int match_method) -{ - enum expr_match_mode mode = EXPR_MATCH_MODE_INVALID; - - switch (match_method) { - case 0: - mode = EXPR_MATCH_MODE_SUB; - break; - case 1: - mode = EXPR_MATCH_MODE_SUFFIX; - break; - case 2: - mode = EXPR_MATCH_MODE_PREFIX; - break; - case 3: - mode = EXPR_MATCH_MODE_EXACTLY; - break; - default: - break; - } - - return mode; -} - static int expr_runtime_get_district_id(struct expr_runtime *expr_rt, const char *district) { @@ -194,9 +161,7 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name, { size_t column_offset = 0; size_t column_len = 0; - int db_hexbin = -1; int expr_type = -1; - int match_method_type = -1; enum table_type table_type = TABLE_TYPE_INVALID; struct expr_item *expr_item = ALLOC(struct expr_item, 1); @@ -238,23 +203,23 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name, ret = get_column_pos(line, expr_schema->expr_type_column, &column_offset, &column_len); if (ret < 0) { - log_fatal(expr_rt->logger, MODULE_EXPR, + log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has no expr_type in line:%s", __FUNCTION__, __LINE__, table_name, line); goto error; } - + expr_type = atoi(line + column_offset); expr_item->expr_type = int_to_expr_type(expr_type); if (expr_item->expr_type == EXPR_TYPE_INVALID) { - log_fatal(expr_rt->logger, MODULE_EXPR, + log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> has invalid expr_type in line:%s", __FUNCTION__, __LINE__, table_name, line); goto error; } else if (expr_item->expr_type == EXPR_TYPE_REGEX) { ret = expr_matcher_verify_regex_expression(expr_item->keywords, expr_rt->logger); if (0 == ret) { - log_fatal(expr_rt->logger, MODULE_EXPR, + log_fatal(expr_rt->logger, MODULE_EXPR, "[%s:%d] expr table:<%s> regex expression(item_id:%lld):%s illegal," " will be dropped", __FUNCTION__, __LINE__, table_name, expr_item->item_id, expr_item->keywords); @@ -286,52 +251,6 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name, expr_item->district_id = DISTRICT_ANY; } - ret = get_column_pos(line, expr_schema->match_method_column, &column_offset, &column_len); - if (ret < 0) { - log_fatal(expr_rt->logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> has no match_method in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - - match_method_type = atoi(line + column_offset); - expr_item->match_mode = int_to_match_mode(match_method_type); - if (expr_item->match_mode == EXPR_MATCH_MODE_INVALID) { - log_fatal(expr_rt->logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> has invalid match_method in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - - ret = get_column_pos(line, expr_schema->is_hexbin_column, &column_offset, &column_len); - if (ret < 0) { - log_fatal(expr_rt->logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> has no is_hexbin in line:%s", - __FUNCTION__, __LINE__, table_name, line); - goto error; - } - db_hexbin = atoi(line + column_offset); - - switch (db_hexbin) { - case 0: - expr_item->is_hexbin = FALSE; - expr_item->is_case_sensitive = FALSE; - break; - case 1: - expr_item->is_hexbin = TRUE; - expr_item->is_case_sensitive = TRUE; - break; - case 2: - expr_item->is_hexbin = FALSE; - expr_item->is_case_sensitive = TRUE; - break; - default: - log_fatal(expr_rt->logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> has invalid hexbin value:%d in line:%s", - __FUNCTION__, __LINE__, table_name, db_hexbin, line); - goto error; - } - return expr_item; error: FREE(expr_item); @@ -429,28 +348,8 @@ void *expr_schema_new(cJSON *json, struct table_manager *tbl_mgr, if (custom_item != NULL && custom_item->type == cJSON_Number) { expr_schema->expr_type_column = custom_item->valueint; } else { - log_fatal(logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> schema has no expr_type column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "match_method"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - expr_schema->match_method_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> schema has no match_method column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - custom_item = cJSON_GetObjectItem(item, "is_hexbin"); - if (custom_item != NULL && custom_item->type == cJSON_Number) { - expr_schema->is_hexbin_column = custom_item->valueint; - } else { - log_fatal(logger, MODULE_EXPR, - "[%s:%d] expr table:<%s> schema has no is_hexbin column", + log_fatal(logger, MODULE_EXPR, + "[%s:%d] expr table:<%s> schema has no expr_type column", __FUNCTION__, __LINE__, table_name); goto error; } @@ -611,26 +510,6 @@ static int expr_runtime_update_row(struct expr_runtime *expr_rt, char *key, return 0; } -static enum expr_pattern_type expr_type2pattern_type(enum expr_type expr_type) -{ - enum expr_pattern_type pattern_type = EXPR_PATTERN_TYPE_STR; - - switch (expr_type) { - case EXPR_TYPE_STRING: - case EXPR_TYPE_AND: - case EXPR_TYPE_OFFSET: - pattern_type = EXPR_PATTERN_TYPE_STR; - break; - case EXPR_TYPE_REGEX: - pattern_type = EXPR_PATTERN_TYPE_REG; - break; - default: - break; - } - - return pattern_type; -} - static int convertHextoint(char srctmp) { if (isdigit(srctmp)) { @@ -658,6 +537,128 @@ static size_t hex2bin(char *hex, int hex_len, char *binary, size_t size) return resultlen; } +static int expr_keywords_to_expr_pattern(char *keywords, struct expr_pattern *pattern, struct log_handle *logger) +{ + char *ctrl_str = NULL; + char *expr_str = NULL; + int case_ctrl_flag = 0; + + pattern->match_mode = EXPR_MATCH_MODE_SUB; + pattern->case_sensitive = EXPR_CASE_INSENSITIVE; + /* -1 means offset no limit, As long as the pattern appears in the scan data, it will hit */ + pattern->start_offset = -1; + pattern->end_offset = -1; + + if (keywords[0] == '(') { + ctrl_str = keywords + 1; + char *ctrl_str_end = strchr(ctrl_str, ')'); + if (NULL == ctrl_str_end) { + return -1; + } + ctrl_str_end[0] = '\0'; + expr_str = ctrl_str_end + 1; + } else { + expr_str = keywords; + } + + if (ctrl_str != NULL) { + char case_switch[8] = {0}; + char *nocase_str = strstr(ctrl_str, "nocase"); + if (nocase_str) { + case_ctrl_flag = 1; + sscanf(nocase_str, "nocase=%s", case_switch); + if (strcmp(case_switch, "off") == 0) { + pattern->case_sensitive = EXPR_CASE_SENSITIVE; + } else { + pattern->case_sensitive = EXPR_CASE_INSENSITIVE; + } + } + + char *offset_str = strstr(ctrl_str, "offset"); + char *depth_str = strstr(ctrl_str, "depth"); + if (offset_str && depth_str) { + sscanf(offset_str, "offset=%d", &pattern->start_offset); + sscanf(depth_str, "depth=%d", &pattern->end_offset); + pattern->match_mode = EXPR_MATCH_MODE_SUB; + + if (pattern->start_offset < 0 || pattern->end_offset <= 0 || (pattern->start_offset > pattern->end_offset)) { + return -1; + } + } + } + + if (expr_str[0] == '^') { + pattern->match_mode = EXPR_MATCH_MODE_PREFIX; + expr_str++; + } + + char *expr_suffix = strchr_esc(expr_str, '$'); + if (expr_suffix != NULL) { + expr_suffix[0] = '\0'; + if (pattern->match_mode == EXPR_MATCH_MODE_PREFIX) { + pattern->match_mode = EXPR_MATCH_MODE_EXACTLY; + } else { + pattern->match_mode = EXPR_MATCH_MODE_SUFFIX; + } + } + + char *hex_str_start = strchr_esc(expr_str, '|'); + char *tmp_start_str = expr_str; + char *tmp_end_str = NULL; + char tmp_keywords[MAX_KEYWORDS_STR_LEN + 1] = {0}; + size_t pattern_len = 0; + + if (hex_str_start && !case_ctrl_flag) { + pattern->case_sensitive = EXPR_CASE_SENSITIVE; + } + + while (hex_str_start != NULL) { + hex_str_start[0] = '\0'; + hex_str_start++; + + tmp_end_str = strchr_esc(hex_str_start, '|'); + if (tmp_end_str == NULL) { + return -1; + } + tmp_end_str[0] = '\0'; + tmp_end_str++; + + size_t region_str_len = strlen(hex_str_start) * 8; + char *region_string = ALLOC(char, region_str_len + 1); + region_str_len = hex2bin(hex_str_start, strlen(hex_str_start), region_string, region_str_len); + + tmp_start_str = str_unescape(tmp_start_str); + snprintf(tmp_keywords + pattern_len, MAX_KEYWORDS_STR_LEN - pattern_len, "%s%s", tmp_start_str, region_string); + pattern_len = strlen(tmp_keywords); + + if (region_string != NULL) { + FREE(region_string); + } + + tmp_start_str = tmp_end_str; + hex_str_start = strchr_esc(tmp_start_str, '|'); + } + if (tmp_end_str != NULL && tmp_end_str[0] != '\0') { + tmp_end_str = str_unescape(tmp_end_str); + snprintf(tmp_keywords + pattern_len, MAX_KEYWORDS_STR_LEN - pattern_len, "%s%s", tmp_start_str, tmp_end_str); + pattern_len = strlen(tmp_keywords); + } + + if (pattern_len == 0) { + expr_str = str_unescape(expr_str); + pattern->pat_len = strlen(expr_str); + pattern->pat = ALLOC(char, pattern->pat_len + 1); + memcpy(pattern->pat, expr_str, pattern->pat_len); + + } else { + pattern->pat = ALLOC(char, pattern_len + 1); + memcpy(pattern->pat, tmp_keywords, pattern_len); + pattern->pat_len = pattern_len; + } + + return 0; +} + #define MAAT_MAX_EXPR_ITEM_NUM 8 static int expr_item_to_expr_rule(struct expr_item *expr_item, struct expr_rule *expr_rule, @@ -668,15 +669,8 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item, char *pos = NULL; char *tmp = NULL; char *saveptr = NULL; - char *sub_key_array[MAAT_MAX_EXPR_ITEM_NUM]; - int key_left_offset[MAAT_MAX_EXPR_ITEM_NUM]; - int key_right_offset[MAAT_MAX_EXPR_ITEM_NUM]; char tmp_keywords[MAX_KEYWORDS_STR_LEN + 1]; - /* -1 means offset no limit, As long as the pattern appears in the scan data, it will hit */ - memset(key_left_offset, -1, sizeof(key_left_offset)); - memset(key_right_offset, -1, sizeof(key_right_offset)); - memcpy(tmp_keywords, expr_item->keywords, MAX_KEYWORDS_STR_LEN + 1); switch (expr_item->expr_type) { @@ -689,116 +683,43 @@ static int expr_item_to_expr_rule(struct expr_item *expr_item, if (i >= MAAT_MAX_EXPR_ITEM_NUM) { log_fatal(logger, MODULE_EXPR, - "[%s:%d]abandon config expr_item(item_id:%d) " - "too many patterns", __FUNCTION__, __LINE__, - expr_item->item_id); + "[%s:%d]abandon config expr_item(item_id:%d) " + "too many patterns", __FUNCTION__, __LINE__, + expr_item->item_id); return -1; } - sub_key_array[i] = tmp; - sub_key_array[i] = str_unescape(sub_key_array[i]); - } - sub_expr_cnt = i; - break; - case EXPR_TYPE_OFFSET: - for (i = 0, pos = tmp_keywords; ; i++, pos = NULL) { - tmp = strtok_r_esc(pos, '&', &saveptr); - if (NULL == tmp) { - break; - } - - if (i >= MAAT_MAX_EXPR_ITEM_NUM) { + if (expr_keywords_to_expr_pattern(tmp, &expr_rule->patterns[i], logger) < 0) { log_fatal(logger, MODULE_EXPR, - "[%s:%d]abandon config expr_item(item_id:%d) " - "too many patterns", __FUNCTION__, __LINE__, - expr_item->item_id); + "[%s:%d]abandon config expr_item(item_id:%d) " + "has invalid pattern %s", __FUNCTION__, __LINE__, + expr_item->item_id, tmp); return -1; } - - sub_key_array[i] = tmp; - sscanf(sub_key_array[i], "%d-%d:", &(key_left_offset[i]), - &(key_right_offset[i])); - if (!(key_left_offset[i] >= 0 && key_right_offset[i] > 0 - && key_left_offset[i] <= key_right_offset[i])) { - log_fatal(logger, MODULE_EXPR, - "[%s:%d]abandon config expr_item(item_id:%d) " - "has invalid offset.", __FUNCTION__, __LINE__, - expr_item->item_id); - return -1; - } - - sub_key_array[i] = (char *)memchr(sub_key_array[i], ':', - strlen(sub_key_array[i])); - if (NULL == sub_key_array[i]) { - log_fatal(logger, MODULE_EXPR, - "[%s:%d]abandon config expr_item(item_id:%d) " - "has invalid offset keyword format.", - __FUNCTION__, __LINE__, expr_item->item_id); - return -1; - } - - sub_key_array[i]++;//jump over ':' - sub_key_array[i] = str_unescape(sub_key_array[i]); + expr_rule->patterns[i].type = EXPR_PATTERN_TYPE_STR; } sub_expr_cnt = i; break; - case EXPR_TYPE_STRING: //AND/OFFSET/STRING type expression use \b to represent blank(' ') + case EXPR_TYPE_REGEX: sub_expr_cnt = 1; - sub_key_array[0] = tmp_keywords; - sub_key_array[0] = str_unescape(sub_key_array[0]); - break; - case EXPR_TYPE_REGEX: //only regex type expression use \s to represent blank(' ') - sub_expr_cnt = 1; - sub_key_array[0] = tmp_keywords; + size_t pat_len = strlen(tmp_keywords); + expr_rule->patterns[0].pat = ALLOC(char, pat_len + 1); + memcpy(expr_rule->patterns[0].pat, tmp_keywords, pat_len); + expr_rule->patterns[0].pat_len = pat_len; + expr_rule->patterns[0].type = EXPR_PATTERN_TYPE_REG; + expr_rule->patterns[0].match_mode = EXPR_MATCH_MODE_SUB; + expr_rule->patterns[0].case_sensitive = EXPR_CASE_INSENSITIVE; + expr_rule->patterns[0].start_offset = -1; + expr_rule->patterns[0].end_offset = -1; break; default: log_fatal(logger, MODULE_EXPR, - "[%s:%d]abandon config expr_item(item_id:%lld) has " - "invalid expr type=%d", __FUNCTION__, __LINE__, - expr_item->item_id, expr_item->expr_type); + "[%s:%d]abandon config expr_item(item_id:%lld) has " + "invalid expr type=%d", __FUNCTION__, __LINE__, + expr_item->item_id, expr_item->expr_type); return -1; } - for (i = 0; i < sub_expr_cnt; i++) { - size_t region_str_len = 0; - char *region_string = NULL; - size_t sub_key_len = 0; - - if (TRUE == expr_item->is_case_sensitive) { - // insensitive - expr_rule->patterns[i].case_sensitive = EXPR_CASE_SENSITIVE; - } else { - expr_rule->patterns[i].case_sensitive = EXPR_CASE_INSENSITIVE; - } - - expr_rule->patterns[i].type = expr_type2pattern_type(expr_item->expr_type); - - if (TRUE == expr_item->is_hexbin && - expr_rule->patterns[i].type != EXPR_PATTERN_TYPE_REG) { - region_str_len = strlen(sub_key_array[i]) * 8; - region_string = ALLOC(char, region_str_len + 1); - region_str_len = hex2bin(sub_key_array[i], strlen(sub_key_array[i]), - region_string, region_str_len); - } - - if (region_string != NULL) { - expr_rule->patterns[i].pat = ALLOC(char, region_str_len + 1); - memcpy(expr_rule->patterns[i].pat, region_string, region_str_len); - expr_rule->patterns[i].pat_len = region_str_len; - FREE(region_string); - } else { - sub_key_len = strlen(sub_key_array[i]); - expr_rule->patterns[i].pat = ALLOC(char, sub_key_len + 1); - memcpy(expr_rule->patterns[i].pat, sub_key_array[i], sub_key_len); - expr_rule->patterns[i].pat_len = sub_key_len; - } - - expr_rule->patterns[i].match_mode = expr_item->match_mode; - if (expr_rule->patterns[i].match_mode == EXPR_MATCH_MODE_SUB) { - expr_rule->patterns[i].start_offset = key_left_offset[i]; - expr_rule->patterns[i].end_offset = key_right_offset[i]; - } - } expr_rule->expr_id = expr_item->item_id; expr_rule->tag = expr_item->user_data; expr_rule->n_patterns = sub_expr_cnt; diff --git a/src/maat_utils.c b/src/maat_utils.c index a3efd51..cdc31e3 100644 --- a/src/maat_utils.c +++ b/src/maat_utils.c @@ -120,7 +120,7 @@ int load_file_to_memory(const char *file_name, unsigned char **pp_out, size_t *o return 0; } -static char *strchr_esc(char *s, const char delim) +char *strchr_esc(char *s, const char delim) { char *token = NULL; @@ -453,22 +453,6 @@ size_t memcat(void **dest, size_t offset, size_t *n_dest, const void *src, size_ return n_src; } -enum ip_format ip_format_str2int(const char *format)//TODO: need to delete? -{ - if (0 == strcasecmp(format, "single")) { - return IP_FORMAT_SINGLE; - }else if (0 == strcasecmp(format, "range")) { - return IP_FORMAT_RANGE; - } else if (0 == strcasecmp(format, "CIDR")) { - return IP_FORMAT_CIDR; - } else if (0 == strcasecmp(format, "mask")) { - return IP_FORMAT_MASK; - } else { - assert(0); - } - return IP_FORMAT_UNKNOWN; -} - int ip_format2range(const char *ip_str, int ip_type, uint32_t range_begin[], uint32_t range_end[]) { int ret = 0; diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index 25f039f..da84bb1 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -46,7 +46,7 @@ int test_add_expr_command(struct maat *maat_inst, const char *expr_table, long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, expr_table, MAAT_OP_ADD, item_id, - group_id, keywords, "null", 1, 0, 0, 0); + group_id, keywords, "null", 1, 0); EXPECT_EQ(ret, 1); return ret; @@ -692,7 +692,7 @@ TEST_F(HsStringScan, BackslashR_N_Escape_IncUpdate) { /* EXPR_TYPE_AND MATCH_METHOD_SUB */ ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - group_id, keywords, NULL, 1, 0, 0, 0); + group_id, keywords, NULL, 1, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 3); @@ -1403,7 +1403,7 @@ TEST_F(HsStringScan, dynamic_config) { /* EXPR_TYPE_AND MATCH_METHOD_SUB */ ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - group_id, keywords, NULL, 1, 0, 0, 0); + group_id, keywords, NULL, 1, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 3); @@ -1422,7 +1422,7 @@ TEST_F(HsStringScan, dynamic_config) { /* EXPR_TYPE_AND MATCH_METHOD_SUB */ ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_id, - group_id, keywords, NULL, 1, 0, 0, 0); + group_id, keywords, NULL, 1, 0); EXPECT_EQ(ret, 1); /* group2compile table del line */ @@ -1668,7 +1668,7 @@ TEST_F(RsStringScan, BackslashR_N_Escape_IncUpdate) { /* EXPR_TYPE_AND MATCH_METHOD_SUB */ ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - group_id, keywords, NULL, 1, 0, 0, 0); + group_id, keywords, NULL, 1, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 3); @@ -2386,7 +2386,7 @@ TEST_F(RsStringScan, dynamic_config) { /* EXPR_TYPE_AND MATCH_METHOD_SUB */ ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - group_id, keywords, NULL, 1, 0, 0, 0); + group_id, keywords, NULL, 1, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -2405,7 +2405,7 @@ TEST_F(RsStringScan, dynamic_config) { /* EXPR_TYPE_AND MATCH_METHOD_SUB*/ ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_id, - group_id, keywords, NULL, 1, 0, 0, 0); + group_id, keywords, NULL, 1, 0); EXPECT_EQ(ret, 1); /* group2compile table del line */ @@ -7415,7 +7415,6 @@ TEST_F(MaatCmd, SetExpr) { const char *keywords1 = "Hiredis"; const char *keywords2 = "C Client"; const char *compile_table_name = "COMPILE_DEFAULT"; - char escape_buff1[256], escape_buff2[256]; char keywords[512]; long long results[ARRAY_SIZE] = {0}; @@ -7424,9 +7423,7 @@ TEST_F(MaatCmd, SetExpr) { struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - str_escape(escape_buff1, sizeof(escape_buff1), keywords1); - str_escape(escape_buff2, sizeof(escape_buff2), keywords2); - snprintf(keywords, sizeof(keywords), "%s&%s", escape_buff1, escape_buff2); + snprintf(keywords, sizeof(keywords), "%s&%s", keywords1, keywords2); long long compile_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 2); test_add_expr_command(maat_inst, table_name, compile_id - 1, 0, keywords); @@ -7515,7 +7512,7 @@ TEST_F(MaatCmd, SetExpr8) { /* EXPR_TYPE_AND MATCH_METHOD_SUB */ long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - group_id, keywords8, NULL, 1, 0, 0, 0); + group_id, keywords8, NULL, 1, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -7536,11 +7533,11 @@ TEST_F(MaatCmd, SetExpr8) { maat_state_reset(state); ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_DEL, item_id, - group_id, keywords8, NULL, 1, 0, 0, 0); + group_id, keywords8, NULL, 1, 0); EXPECT_EQ(ret, 1); ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - group_id, keywords7, NULL, 1, 0, 0, 0); + group_id, keywords7, NULL, 1, 0); sleep(WAIT_FOR_EFFECTIVE_S); @@ -7635,7 +7632,7 @@ TEST_F(MaatCmd, SameFilterRefByOneCompile) { long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, "HTTP_URL", MAAT_OP_ADD, item_id, group_id, - keywords, "null", 1, 0, 0, 0); + keywords, "null", 1, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -7812,7 +7809,7 @@ TEST_F(MaatCmd, SubGroup) { */ long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - group2_id, keyword1, NULL, 1, 0, 0, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ + group2_id, keyword1, NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -7892,7 +7889,7 @@ TEST_F(MaatCmd, SubGroup) { long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_id, - group3_id, keyword2, NULL, 1, 0, 0, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ + group3_id, keyword2, NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ sleep(2); ret = maat_scan_string(maat_inst, table_id, scan_data2, strlen(scan_data2), results, ARRAY_SIZE, &n_hit_result, state); @@ -7967,7 +7964,7 @@ TEST_F(MaatCmd, RefGroup) { //item1 -> group1 -> compile1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item1_id, - group1_id, keyword1, NULL, 1, 0, 0, 0); /* EXPR_TYPE_AND MATCH_METHOD_SUB */ + group1_id, keyword1, NULL, 1, 0); /* EXPR_TYPE_AND MATCH_METHOD_SUB */ EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -7984,7 +7981,7 @@ TEST_F(MaatCmd, RefGroup) { long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_id, - group2_id, keyword2, NULL, 1, 0, 0, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ + group2_id, keyword2, NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ EXPECT_EQ(ret, 1); ret = compile_table_set_line(maat_inst, compile_table_name, MAAT_OP_DEL, @@ -8041,7 +8038,7 @@ TEST_F(MaatCmd, VirtualTable) { //item1 -> group1 -> compile1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item1_id, - group1_id, "AppleWebKit", "User-Agent", 0, 0, 0, 0);/*EXPR_TYPE_STRING MATCH_METHOD_SUB */ + group1_id, "AppleWebKit", "User-Agent", 0, 0);/*EXPR_TYPE_STRING MATCH_METHOD_SUB */ EXPECT_EQ(ret, 1); /* item1 -> group1 -> compile1 @@ -8060,7 +8057,7 @@ TEST_F(MaatCmd, VirtualTable) { */ long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_id, - group2_id, "uid=12345678;", "Cookie", 0, 0, 0, 0);/*EXPR_TYPE_STRING MATCH_METHOD_SUB */ + group2_id, "uid=12345678;", "Cookie", 0, 0);/*EXPR_TYPE_STRING MATCH_METHOD_SUB */ EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); @@ -8827,14 +8824,14 @@ TEST_F(MaatCmd, GroupInMassCompiles) { long long group1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); int ret = expr_table_set_line(maat_inst, table_url, MAAT_OP_ADD, item1_id, - group1_id, "baidu.com&tsg", NULL, 1, 0, 0, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ + group1_id, "baidu.com&tsg", NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ EXPECT_EQ(ret, 1); //item_url2 -> group2 long long group2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, table_url, MAAT_OP_ADD, item2_id, - group2_id, "baidu.com&zhengzhou", NULL, 1, 0, 0, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ + group2_id, "baidu.com&zhengzhou", NULL, 1, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ EXPECT_EQ(ret, 1); //item_appid -> group3 @@ -8965,7 +8962,7 @@ TEST_F(MaatCmd, HitGroup) { long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, item1_id, group1_id, "hit group item first", - "URL", 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + "URL", 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* item1 -> group1 -> compile1 @@ -8994,7 +8991,7 @@ TEST_F(MaatCmd, HitGroup) { long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, item2_id, group2_id, "hit group item second", - "Cookie", 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + "Cookie", 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* @@ -9016,13 +9013,11 @@ TEST_F(MaatCmd, HitGroup) { group3_id, "220.181.38.150-220.181.38.151", 0); EXPECT_EQ(ret, 1); - char temp[1024]={0}; //item4 -> group4, group4 is not referenced by any compile. long long item4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long group4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, - item4_id, group4_id, str_escape(temp, sizeof(temp), - "hit group item forth"), NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + item4_id, group4_id, "hit group item forth", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* @@ -9036,8 +9031,8 @@ TEST_F(MaatCmd, HitGroup) { long long item5_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, item5_id, group1_id, - str_escape(temp, sizeof(temp), "hit group item fifth"), - NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + "hit group item fifth", + NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -9246,7 +9241,7 @@ TEST_F(MaatCmd, HitPathBasic) { long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, item1_id, group1_id, "graph_theory", "URL", - 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* item1 -> group1 -> compile1 @@ -9275,7 +9270,7 @@ TEST_F(MaatCmd, HitPathBasic) { long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, item2_id, group2_id, "time=2020-02-11", "Cookie", - 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* @@ -9297,14 +9292,13 @@ TEST_F(MaatCmd, HitPathBasic) { group3_id, "220.181.38.148-220.181.38.149", 0); EXPECT_EQ(ret, 1); - char temp[1024]={0}; //item4 -> group4, group4 is not referenced by any compile. long long item4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long group4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, item4_id, group4_id, - str_escape(temp, sizeof(temp), "a finite or infinite"), - NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + "a finite or infinite", + NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -9547,7 +9541,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, item1_id, group1_id, "computer_theory", NULL, - 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* item1 -> group1 -> compile1 @@ -9576,7 +9570,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, item2_id, group2_id, "social_theory", NULL, - 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); //compile2 @@ -9648,13 +9642,12 @@ TEST_F(MaatCmd, HitPathAdvanced) { / item4 -> group4 */ - char temp[1024]={0}; long long item4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long group4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, item4_id, group4_id, - str_escape(temp, sizeof(temp), "basic and advanced"), - NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + "basic and advanced", + NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); ret = group2compile_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, @@ -9907,7 +9900,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) { // !(item1 -> group1) -> compile1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, - item1_id, group1_id, "math_theory", "URL", 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + item1_id, group1_id, "math_theory", "URL", 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* !(item1 -> group1) -> compile1 @@ -9936,7 +9929,7 @@ TEST_F(MaatCmd, HitPathHasNotGroup) { long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, item2_id, group2_id, "time=2020-02-12", "Cookie", - 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* @@ -9958,14 +9951,13 @@ TEST_F(MaatCmd, HitPathHasNotGroup) { group3_id, "220.181.38.158-220.181.38.159", 0); EXPECT_EQ(ret, 1); - char temp[1024]={0}; //item4 -> group4, group4 is not referenced by any compile. long long item4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); long long group4_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); ret = expr_table_set_line(maat_inst, keywords_table_name, MAAT_OP_ADD, item4_id, group4_id, - str_escape(temp, sizeof(temp), "a finite and infinite"), - NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + "a finite and infinite", + NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -10174,7 +10166,6 @@ TEST_F(MaatCmd, HitPathHasNotGroup) { } TEST_F(MaatCmd, SameSuperGroupRefByMultiCompile) { - char temp[1024]={0}; int thread_id = 0; const char *g2g_table_name = "GROUP2GROUP"; const char *g2c_table_name = "GROUP2COMPILE_DEFAULT"; @@ -10190,8 +10181,8 @@ TEST_F(MaatCmd, SameSuperGroupRefByMultiCompile) { long long group5_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); int ret = expr_table_set_line(maat_inst, http_sig_table_name, MAAT_OP_ADD, item5_id, group5_id, - str_escape(temp, sizeof(temp), "same supergroup referenced by multi compile"), - "KEY", 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + "same supergroup referenced by multi compile", + "KEY", 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); long long group52_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); @@ -10623,7 +10614,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { //item1 -> group1 -> compile1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, table_http_url, MAAT_OP_ADD, item1_id, - group1_id, "part-1", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + group1_id, "part-1", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -10661,7 +10652,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { //item2 -> group2 -> compile2 long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, table_http_url, MAAT_OP_ADD, item2_id, - group2_id, "part-2", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + group2_id, "part-2", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); //DON'T DO THIS!!! @@ -10727,7 +10718,7 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, scan_table_name, MAAT_OP_ADD, item1_id, group1_id, "stream-keywords-001-inc-update", - NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -10783,7 +10774,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { //item1 -> group1 -> compile1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, scan_table_name, MAAT_OP_ADD, item1_id, - group1_id, "stream-keywords-002", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + group1_id, "stream-keywords-002", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S * 2); @@ -10851,7 +10842,7 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { //item1 -> group1 -> compile1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, item1_id, - group1_id, "stream-keywords-003", NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + group1_id, "stream-keywords-003", NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* item1 -> group1 -> compile1 @@ -10953,7 +10944,7 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, item1_id, group1_id, "stream-keywords-004", - NULL, 0, 0, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ + NULL, 0, 0); /*EXPR_TYPE_STRING MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* item1 -> group1 -> compile1 @@ -11053,7 +11044,7 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { //item1 -> group1 -> compile1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, item1_id, - group1_id, keywords, NULL, 1, 0, 0, 0); /*EXPR_TYPE_AND MATCH_METHOD_SUB*/ + group1_id, keywords, NULL, 1, 0); /*EXPR_TYPE_AND MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* item1 -> group1 -> compile1 @@ -11153,7 +11144,7 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { //item1 -> group1 -> compile1 long long item1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, expr_table_name, MAAT_OP_ADD, item1_id, - group1_id, keywords, "null", 1, 0, 0, 0); /*EXPR_TYPE_AND MATCH_METHOD_SUB*/ + group1_id, keywords, "null", 1, 0); /*EXPR_TYPE_AND MATCH_METHOD_SUB*/ EXPECT_EQ(ret, 1); /* item1 -> group1 -> compile1 diff --git a/test/maat_framework_perf_gtest.cpp b/test/maat_framework_perf_gtest.cpp index b50791d..01ec464 100644 --- a/test/maat_framework_perf_gtest.cpp +++ b/test/maat_framework_perf_gtest.cpp @@ -48,7 +48,7 @@ test_add_expr_command(struct maat *maat_inst, const char *table_name, long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, - group_id, keywords, "null", 1, 0, 0, 0); + group_id, keywords, "null", 1, 0); EXPECT_EQ(ret, 1); } diff --git a/test/maat_json.json b/test/maat_json.json index 6b8dfb5..de8227e 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -11,10 +11,8 @@ "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { - "keywords": "AS1234", - "expr_type": "none", - "match_method": "exact", - "format": "uncase plain" + "keywords": "^AS1234$", + "expr_type": "and" } } ] @@ -27,10 +25,8 @@ "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { - "keywords": "AS2345", - "expr_type": "none", - "match_method": "exact", - "format": "uncase plain" + "keywords": "^AS2345$", + "expr_type": "and" } } ] @@ -43,10 +39,8 @@ "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { - "keywords": "AS6789", - "expr_type": "none", - "match_method": "exact", - "format": "uncase plain" + "keywords": "^AS6789$", + "expr_type": "and" } } ] @@ -59,10 +53,8 @@ "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { - "keywords": "AS9001", - "expr_type": "none", - "match_method": "exact", - "format": "uncase plain" + "keywords": "^AS9001$", + "expr_type": "and" } } ] @@ -75,10 +67,8 @@ "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { - "keywords": "AS9002", - "expr_type": "none", - "match_method": "exact", - "format": "uncase plain" + "keywords": "^AS9002$", + "expr_type": "and" } } ] @@ -91,10 +81,8 @@ "table_name": "AS_NUMBER", "table_type": "expr", "table_content": { - "keywords": "AS9003", - "expr_type": "none", - "match_method": "exact", - "format": "uncase plain" + "keywords": "^AS9003$", + "expr_type": "and" } } ] @@ -120,10 +108,8 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "sports.example.com", - "expr_type": "none", - "match_method": "exact", - "format": "uncase plain" + "keywords": "^sports.example.com$", + "expr_type": "and" } } ] @@ -215,10 +201,8 @@ "table_name": "GeoLocation", "table_type": "expr", "table_content": { - "keywords": "Greece.Sparta", - "expr_type": "none", - "match_method": "exact", - "format": "uncase plain" + "keywords": "^Greece.Sparta$", + "expr_type": "and" } } ] @@ -265,9 +249,7 @@ "table_type": "expr", "table_content": { "keywords": "abckkk&123", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -322,9 +304,7 @@ "table_type": "expr", "table_content": { "keywords": "action=search\\&query=(.*)", - "expr_type": "regex", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "regex" } } ] @@ -350,9 +330,7 @@ "table_type": "expr", "table_content": { "keywords": "should_not_hit_any_rule", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -393,9 +371,7 @@ "table_content": { "district": "HtTP\\bUrL", "keywords": "abckkk&123", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -421,9 +397,7 @@ "table_type": "expr", "table_content": { "keywords": "C#中国", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -449,9 +423,7 @@ "table_type": "expr", "table_content": { "keywords": "2010&يىلىدىكى", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -477,9 +449,7 @@ "table_type": "expr", "table_content": { "keywords": "سىياسىي", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -504,10 +474,8 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "Take\\bme\\bHome&Batman\\", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" + "keywords": "Take me Home&Batman\\", + "expr_type": "and" } } ] @@ -533,9 +501,7 @@ "table_type": "expr", "table_content": { "keywords": "www.3300av.com", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -561,9 +527,7 @@ "table_type": "expr", "table_content": { "keywords": "novel&27122.txt", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -588,10 +552,8 @@ "table_name": "IMAGE_FP", "table_type": "expr", "table_content": { - "keywords": "4362-4458:323031333A30333A30372032333A35363A313000323031333A30333A30372032333A35363A3130000000FFE20C584943435F50524F46494C4500010100000C484C696E6F021000006D6E74725247422058595A2007CE00020009000600310000", - "expr_type": "offset", - "match_method": "none", - "format": "hexbin" + "keywords": "(offset=4362,depth=4458)|323031333A30333A30372032333A35363A313000323031333A30333A30372032333A35363A3130000000FFE20C584943435F50524F46494C4500010100000C484C696E6F021000006D6E74725247422058595A2007CE00020009000600310000|", + "expr_type": "and" } } ] @@ -616,10 +578,8 @@ "table_name": "IMAGE_FP", "table_type": "expr", "table_content": { - "keywords": "19339-19467:6CB2CB2F2028474C994991CCFC65CCA5E3B6FF001673985D157358610CACC674EE64CC27B5721CCDABD9CCA7C8E9F7BB1F54A930A6034D50F92711F5B2DACCB0715D2E6873CE5CE431DC701A194C260E9DB78CC89F2C84745869AB88349A3AE0412AB59D9ABA84EDEFFF0057FA4DA66D333698B5AD6F844DA2226D1CADAD5E44", - "expr_type": "offset", - "match_method": "none", - "format": "hexbin" + "keywords": "(offset=19339,depth=19467)|6CB2CB2F2028474C994991CCFC65CCA5E3B6FF001673985D157358610CACC674EE64CC27B5721CCDABD9CCA7C8E9F7BB1F54A930A6034D50F92711F5B2DACCB0715D2E6873CE5CE431DC701A194C260E9DB78CC89F2C84745869AB88349A3AE0412AB59D9ABA84EDEFFF0057FA4DA66D333698B5AD6F844DA2226D1CADAD5E44|", + "expr_type": "and" } } ] @@ -647,9 +607,7 @@ "table_type": "expr", "table_content": { "keywords": "should&hit&aaa", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -677,9 +635,7 @@ "table_type": "expr", "table_content": { "keywords": "should&hit&bbb", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -705,9 +661,7 @@ "table_type": "expr", "table_content": { "keywords": "2018-10-05", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -735,9 +689,7 @@ "table_type": "expr", "table_content": { "keywords": "i.ytimg.com", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -763,9 +715,7 @@ "table_type": "expr", "table_content": { "keywords": ",IgpwcjA0LnN2bzAzKgkxMjcuMC4wLjE", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -792,9 +742,7 @@ "table_type": "expr", "table_content": { "keywords": "must-contained-string-of-rule-143", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -810,9 +758,7 @@ "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-143", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -839,9 +785,7 @@ "table_type": "expr", "table_content": { "keywords": "must-contained-string-of-rule-144", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -857,9 +801,7 @@ "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-144", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -886,9 +828,7 @@ "table_type": "expr", "table_content": { "keywords": "must-contained-string-of-rule-145", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -921,9 +861,7 @@ "table_type": "expr", "table_content": { "keywords": "must-contained-string-of-rule-146", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -940,9 +878,7 @@ "table_type": "expr", "table_content": { "keywords": "must-contained-not-string-of-rule-146", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -976,9 +912,7 @@ "table_type": "expr", "table_content": { "keywords": "clause0-in-compile-147", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -995,9 +929,7 @@ "table_type": "expr", "table_content": { "keywords": "clause1-in-compile-147", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -1014,9 +946,7 @@ "table_type": "expr", "table_content": { "keywords": "clause2-in-compile-147", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -1033,9 +963,7 @@ "table_type": "expr", "table_content": { "keywords": "clause3-in-compile-147", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -1052,9 +980,7 @@ "table_type": "expr", "table_content": { "keywords": "clause4-in-compile-147", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -1071,9 +997,7 @@ "table_type": "expr", "table_content": { "keywords": "clause5-in-compile-147", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -1090,9 +1014,7 @@ "table_type": "expr", "table_content": { "keywords": "clause6-in-compile-147", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -1109,9 +1031,7 @@ "table_type": "expr", "table_content": { "keywords": "clause7-in-compile-147", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -1137,9 +1057,7 @@ "table_type": "expr", "table_content": { "keywords": "Cookie:\\s.*head", - "expr_type": "regex", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "regex" } } ] @@ -1164,11 +1082,9 @@ "table_name": "APP_PAYLOAD", "table_type": "expr_plus", "table_content": { - "format": "hexbin", - "match_method": "sub", "district": "Payload", - "keywords": "1-1:03&9-10:2d&14-16:2d34&19-21:2d&24-25:2d", - "expr_type": "offset" + "keywords": "(offset=1,depth=1)|03|&(offset=9,depth=10)|2d|&(offset=14,depth=16)|2d34|&(offset=19,depth=21)|2d|&(offset=24,depth=25)|2d|", + "expr_type": "and" } } ] @@ -1193,10 +1109,8 @@ "table_type": "expr", "table_name": "TROJAN_PAYLOAD", "table_content": { - "keywords": "0-4:01000000", - "expr_type": "offset", - "format": "hexbin", - "match_method": "sub" + "keywords": "(offset=0,depth=4)|01000000|", + "expr_type": "and" } } ] @@ -1211,9 +1125,7 @@ "table_name": "TROJAN_PAYLOAD", "table_content": { "keywords": "1:G2.40", - "expr_type": "none", - "format": "uncase plain", - "match_method": "sub" + "expr_type": "and" } } ] @@ -1238,10 +1150,8 @@ "table_type": "expr", "table_name": "MAIL_ADDR", "table_content": { - "keywords": "ceshi3@mailhost.cn", - "expr_type": "none", - "format": "uncase plain", - "match_method": "suffix" + "keywords": "ceshi3@mailhost.cn$", + "expr_type": "and" } } ] @@ -1266,20 +1176,16 @@ "table_type": "expr", "table_name": "MAIL_ADDR", "table_content": { - "keywords": "ceshi3@mailhost.cn", - "expr_type": "none", - "format": "uncase plain", - "match_method": "prefix" + "keywords": "^ceshi3@mailhost.cn", + "expr_type": "and" } }, { "table_type": "expr", "table_name": "MAIL_ADDR", "table_content": { - "keywords": "ceshi6@mailhost.cn", - "expr_type": "none", - "format": "uncase plain", - "match_method": "prefix" + "keywords": "^ceshi6@mailhost.cn", + "expr_type": "and" } } ] @@ -1315,10 +1221,8 @@ "table_type": "expr", "table_name": "MAIL_ADDR", "table_content": { - "keywords": "ceshi4@mailhost.cn", - "expr_type": "none", - "format": "uncase plain", - "match_method": "prefix" + "keywords": "^ceshi4@mailhost.cn", + "expr_type": "and" } } ], @@ -1412,10 +1316,8 @@ "table_type": "expr_plus", "table_content": { "district": "Content-Type", - "keywords": "2f68746d6c", - "expr_type": "none", - "match_method": "sub", - "format": "hexbin" + "keywords": "|2f68746d6c|", + "expr_type": "and" } } ] @@ -1441,9 +1343,7 @@ "table_name": "TROJAN_PAYLOAD", "table_content": { "keywords": "我的订单", - "expr_type": "none", - "format": "none", - "match_method": "sub" + "expr_type": "and" } } ] @@ -1525,9 +1425,7 @@ "table_type": "expr", "table_content": { "keywords": "https://blog.csdn.net/littlefang/article/details/8213058", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -1555,9 +1453,7 @@ "table_content": { "district": "User-Agent", "keywords": "Chrome/78.0.3904.108", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -1574,9 +1470,7 @@ "table_content": { "district": "Cookie", "keywords": "uid=12345678", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } }, { @@ -1585,9 +1479,7 @@ "table_content": { "district": "Cookie", "keywords": "sessionid=888888", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -1654,10 +1546,8 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": ">ЗАО\\b«Севергазвтоматика\\bАйС»<", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "keywords": ">ЗАО «Севергазвтоматика АйС»<", + "expr_type": "and" } } ] @@ -1684,9 +1574,7 @@ "table_type": "expr", "table_content": { "keywords": "cavemancircus.com/", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -1728,9 +1616,7 @@ "table_type": "expr", "table_content": { "keywords": "2019/12/27/pretty-girls-6", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -1758,9 +1644,7 @@ "table_type": "expr", "table_content": { "keywords": "2019/12/27", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2025,9 +1909,7 @@ "table_type": "expr", "table_content": { "keywords": "string1&string2&string3&string4&string5&string6&string7&string8", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2121,9 +2003,7 @@ "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-186", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2165,9 +2045,7 @@ "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-187", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2209,9 +2087,7 @@ "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-188", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2251,11 +2127,9 @@ "table_name": "APP_PAYLOAD", "table_type": "expr_plus", "table_content": { - "format": "hexbin", - "match_method": "sub", "district": "tcp.payload.c2s_first_data", - "keywords": "ab00", - "expr_type": "none" + "keywords": "|ab00|", + "expr_type": "and" } } ] @@ -2282,9 +2156,7 @@ "table_content": { "district": "我的DistrIct", "keywords": "addis&sapphire", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2309,10 +2181,8 @@ "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { - "keywords": "54455354", - "expr_type": "none", - "format": "hexbin", - "match_method": "sub" + "keywords": "|54455354|", + "expr_type": "and" } } ] @@ -2379,9 +2249,7 @@ "table_type": "expr", "table_content": { "keywords": "hello", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2434,9 +2302,7 @@ "table_content": { "district": "I love China", "keywords": "today&yesterday", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2451,9 +2317,7 @@ "table_type": "expr", "table_content": { "keywords": "Monday", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2506,9 +2370,7 @@ "table_type": "expr", "table_content": { "keywords": "hqdefault.jpg", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2536,9 +2398,7 @@ "table_type": "expr", "table_content": { "keywords": "firewall", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2570,9 +2430,7 @@ "table_type": "expr", "table_content": { "keywords": "must-contained-string-of-rule-199", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2588,9 +2446,7 @@ "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-199", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2625,9 +2481,7 @@ "table_type": "expr", "table_content": { "keywords": "must-contained-string-of-rule-200", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2644,9 +2498,7 @@ "table_type": "expr", "table_content": { "keywords": "must-not-contained-string-of-rule-200", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -2771,10 +2623,8 @@ "table_type":"expr", "table_name":"KEYWORDS_TABLE", "table_content":{ - "format":"uncase plain", - "match_method":"suffix", - "keywords":"jianshu.com", - "expr_type":"none" + "keywords":"jianshu.com$", + "expr_type":"and" } } ] @@ -2788,10 +2638,8 @@ "table_type":"expr", "table_name":"KEYWORDS_TABLE", "table_content":{ - "format":"uncase plain", - "match_method":"complete", - "keywords":"www.jianshu.com", - "expr_type":"none" + "keywords":"^www.jianshu.com$", + "expr_type":"and" } } ] @@ -2860,10 +2708,8 @@ "table_type":"expr", "table_name":"KEYWORDS_TABLE", "table_content":{ - "format":"uncase plain", - "match_method":"suffix", - "keywords":"baidu.com", - "expr_type":"none" + "keywords":"baidu.com$", + "expr_type":"and" } } ] @@ -2877,10 +2723,8 @@ "table_type":"expr", "table_name":"KEYWORDS_TABLE", "table_content":{ - "format":"uncase plain", - "match_method":"complete", - "keywords":"www.baidu.com", - "expr_type":"none" + "keywords":"^www.baidu.com$", + "expr_type":"and" } } ] @@ -2896,10 +2740,8 @@ "table_type":"expr", "table_name":"KEYWORDS_TABLE", "table_content":{ - "format":"uncase plain", - "match_method":"complete", - "keywords":"mail.baidu.com", - "expr_type":"none" + "keywords":"^mail.baidu.com$", + "expr_type":"and" } } ] @@ -2927,9 +2769,7 @@ "table_name": "KEYWORDS_TABLE", "table_content": { "keywords": "123^456", - "expr_type": "regex", - "format": "uncase plain", - "match_method": "sub" + "expr_type": "regex" } } ] @@ -2954,10 +2794,8 @@ "table_type": "expr", "table_name": "KEYWORDS_TABLE", "table_content": { - "keywords": "54455354", - "expr_type": "none", - "format": "hexbin", - "match_method": "sub" + "keywords": "|54455354|", + "expr_type": "and" } } ] @@ -3137,9 +2975,7 @@ "table_type": "expr", "table_content": { "keywords": "today&yesterday", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3191,9 +3027,7 @@ "table_type": "expr", "table_content": { "keywords": "action=search\\&query=(.*)", - "expr_type": "regex", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "regex" } } ] @@ -3227,9 +3061,7 @@ "table_type": "expr", "table_content": { "keywords": "keywords-for-compile-211", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3261,10 +3093,8 @@ "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "string-of-rule-217.com", - "expr_type": "none", - "match_method": "suffix", - "format": "uncase plain" + "keywords": "string-of-rule-217.com$", + "expr_type": "and" } } ] @@ -3279,9 +3109,7 @@ "table_type": "expr", "table_content": { "keywords": "www.string-of-rule-217.com", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3300,9 +3128,7 @@ "table_type": "expr", "table_content": { "keywords": "keywords-for-compile-217", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3355,9 +3181,7 @@ "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-1", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3374,9 +3198,7 @@ "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-2", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3393,9 +3215,7 @@ "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-3", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3412,9 +3232,7 @@ "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-4", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3431,9 +3249,7 @@ "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-5", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3450,9 +3266,7 @@ "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-6", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3469,9 +3283,7 @@ "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-7", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3488,9 +3300,7 @@ "table_type": "expr", "table_content": { "keywords": "keywords-dummy-219-8", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3518,9 +3328,7 @@ "table_type": "expr", "table_content": { "keywords": "keywords-dummy-220-1", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3537,9 +3345,7 @@ "table_type": "expr", "table_content": { "keywords": "keywords-dummy-220-2", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3556,9 +3362,7 @@ "table_type": "expr", "table_content": { "keywords": "keywords-dummy-220-3", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3586,9 +3390,7 @@ "table_content": { "district": "User-Agent", "keywords": "Mozilla/5.0", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3604,9 +3406,7 @@ "table_type": "expr", "table_content": { "keywords": "scan_with_district_221", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3634,9 +3434,7 @@ "table_type": "expr", "table_content": { "keywords": "not_logic_keywords_222", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3664,9 +3462,7 @@ "table_type": "expr", "table_content": { "keywords": "not_logic_compile_223_1", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3683,9 +3479,7 @@ "table_type": "expr", "table_content": { "keywords": "not_logic_compile_223_2", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3702,9 +3496,7 @@ "table_type": "expr", "table_content": { "keywords": "not_logic_compile_223_3", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3732,9 +3524,7 @@ "table_type": "expr", "table_content": { "keywords": "not_logic_compile_224_1", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3751,9 +3541,7 @@ "table_type": "expr", "table_content": { "keywords": "not_logic_compile_224_2", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3780,10 +3568,8 @@ "table_name": "KEYWORDS_TABLE", "table_type": "expr", "table_content": { - "keywords": "GET\\b/\\bHTTP/1.1\\r\\nHost:\\bwww.baidu.com\\r\\n\\r\\n", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "keywords": "GET / HTTP/1.1\\r\\nHost: www.baidu.com\\r\\n\\r\\n", + "expr_type": "and" } } ] @@ -3845,9 +3631,7 @@ "table_type": "expr", "table_content": { "keywords": "youtube.com", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] @@ -3889,9 +3673,7 @@ "table_type": "expr", "table_content": { "keywords": "\u00C9", - "expr_type": "regex", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "regex" } } ] @@ -4013,9 +3795,7 @@ "table_type": "expr", "table_content": { "keywords": "html>\\\\r\\\\n", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" + "expr_type": "and" } } ] diff --git a/test/table_info.conf b/test/table_info.conf index 9519e85..b2d522b 100644 --- a/test/table_info.conf +++ b/test/table_info.conf @@ -133,29 +133,25 @@ "db_tables":["HTTP_URL", "HTTP_HOST"], "table_type":"expr", "expr_engine":"rulescan", - "valid_column":7, + "valid_column":5, "schema_tag": "{\"http_region\": \"expr\"}", "custom": { "item_id":1, "group_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 + "expr_type":3, + "keywords":4 } }, { "table_id":11, "table_name":"KEYWORDS_TABLE", "table_type":"expr", - "valid_column":7, + "valid_column":5, "custom": { "item_id":1, "group_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 + "expr_type":3, + "keywords":4 } }, { @@ -197,29 +193,25 @@ "table_id":15, "table_name":"HTTP_SIGNATURE", "table_type":"expr_plus", - "valid_column":8, + "valid_column":6, "custom": { "item_id":1, "group_id":2, "district":3, - "keywords":4, - "expr_type":5, - "match_method":6, - "is_hexbin":7 + "expr_type":4, + "keywords":5 } }, { "table_id":16, "table_name":"IMAGE_FP", "table_type":"expr", - "valid_column":7, + "valid_column":5, "custom": { "item_id":1, "group_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 + "expr_type":3, + "keywords":4 } }, { @@ -276,44 +268,37 @@ "table_id":21, "table_name":"APP_PAYLOAD", "table_type":"expr_plus", - "valid_column":8, + "valid_column":6, "custom": { "item_id":1, "group_id":2, "district":3, - "keywords":4, - "expr_type":5, - "match_method":6, - "is_hexbin":7 + "expr_type":4, + "keywords":5 } }, { "table_id":22, "table_name":"TROJAN_PAYLOAD", "table_type":"expr", - "valid_column":7, + "valid_column":5, "custom": { "item_id":1, "group_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 - + "expr_type":3, + "keywords":4 } }, { "table_id":23, "table_name":"MAIL_ADDR", "table_type":"expr", - "valid_column":7, + "valid_column":5, "custom": { "item_id":1, "group_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 + "expr_type":3, + "keywords":4 } }, { @@ -370,14 +355,12 @@ "table_id":30, "table_name":"AS_NUMBER", "table_type":"expr", - "valid_column":7, + "valid_column":5, "custom": { "item_id":1, "group_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 + "expr_type":3, + "keywords":4 } }, { @@ -396,14 +379,12 @@ "table_id":33, "table_name":"GeoLocation", "table_type":"expr", - "valid_column":7, + "valid_column":5, "custom": { "item_id":1, "group_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 + "expr_type":3, + "keywords":4 } }, { @@ -450,14 +431,12 @@ "table_id":38, "table_name":"EMPTY_KEYWORD", "table_type":"expr", - "valid_column":7, + "valid_column":5, "custom": { "item_id":1, "group_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 + "expr_type":3, + "keywords":4 } }, { @@ -578,28 +557,24 @@ "table_id":49, "table_name":"EXPR_LITERAL_PERF_CONFIG", "table_type":"expr", - "valid_column":7, + "valid_column":5, "custom": { "item_id":1, "group_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 + "expr_type":3, + "keywords":4 } }, { "table_id":50, "table_name":"EXPR_REGEX_PERF_CONFIG", "table_type":"expr", - "valid_column":7, + "valid_column":5, "custom": { "item_id":1, "group_id":2, - "keywords":3, - "expr_type":4, - "match_method":5, - "is_hexbin":6 + "expr_type":3, + "keywords":4 } }, { diff --git a/test/test_utils.cpp b/test/test_utils.cpp index 21729f7..06224cf 100644 --- a/test/test_utils.cpp +++ b/test/test_utils.cpp @@ -207,8 +207,7 @@ int group2group_table_set_line(struct maat *maat_inst, const char *table_name, int expr_table_set_line(struct maat *maat_inst, const char *table_name, enum maat_operation op, long long item_id, long long group_id, const char *keywords, - const char *district, int expr_type, - int match_method, int is_hexbin, int expire_after) + const char *district, int expr_type, int expire_after) { char table_line[1024] = {0}; int table_id = maat_get_table_id(maat_inst, table_name); @@ -222,13 +221,11 @@ int expr_table_set_line(struct maat *maat_inst, const char *table_name, table_type == TABLE_TYPE_EXPR_PLUS); if (table_type == TABLE_TYPE_EXPR_PLUS) { - sprintf(table_line, "%lld\t%lld\t%s\t%s\t%d\t%d\t%d\t%d", - item_id, group_id, district, keywords, expr_type, - match_method, is_hexbin, op); + sprintf(table_line, "%lld\t%lld\t%s\t%d\t%s\t%d", + item_id, group_id, district, expr_type, keywords, op); } else { - sprintf(table_line, "%lld\t%lld\t%s\t%d\t%d\t%d\t%d", - item_id, group_id, keywords, expr_type, - match_method, is_hexbin, op); + sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d", + item_id, group_id, expr_type, keywords, op); } struct maat_cmd_line line_rule; diff --git a/test/test_utils.h b/test/test_utils.h index 07cdc74..920e0f4 100644 --- a/test/test_utils.h +++ b/test/test_utils.h @@ -31,8 +31,7 @@ int group2group_table_set_line(struct maat *maat_inst, const char *table_name, int expr_table_set_line(struct maat *maat_inst, const char *table_name, enum maat_operation op, long long item_id, long long group_id, const char *keywords, - const char *district, int expr_type, - int match_method, int is_hexbin, int expire_after); + const char *district, int expr_type, int expire_after); int interval_table_set_line(struct maat *maat_inst, const char *table_name, enum maat_operation op, long long item_id,