gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix test case using rule from json file

Browse Source
This commit is contained in:
root
2024-10-10 06:28:40 +00:00
parent 35667246d3
commit e180ce18e0
15 changed files with 776 additions and 739 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
scanner/flag_matcher/flag_matcher.cpp
View File

@@ -72,6 +72,7 @@ int flag_matcher_match(struct flag_matcher *flag_matcher, uint64_t flag, struct
if (!((flag ^ flag_matcher->rule_table[i].flag) & flag_matcher->rule_table[i].mask)) if (!((flag ^ flag_matcher->rule_table[i].flag) & flag_matcher->rule_table[i].mask))
{ {
uuid_copy(result[result_number].rule_uuid, flag_matcher->rule_table[i].rule_uuid); uuid_copy(result[result_number].rule_uuid, flag_matcher->rule_table[i].rule_uuid);
result_number++;
if (result_number >= n_result) if (result_number >= n_result)
{ {

14
src/maat_bool_plugin.c
View File

@@ -260,17 +260,13 @@ bool_plugin_accept_tag_match(struct bool_plugin_schema *schema,
size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr);
cJSON *tmp_obj = NULL; cJSON *tmp_obj = NULL;
tmp_obj = cJSON_GetObjectItem(json, "tag"); tmp_obj = cJSON_GetObjectItem(json, "effective_range");
if (tmp_obj && n_tag > 0) { if (tmp_obj && n_tag > 0) {
if (tmp_obj->type != cJSON_String) { char *tag_str = cJSON_Print(tmp_obj);
log_fatal(logger, MODULE_BOOL_PLUGIN,
"[%s:%d] bool_plugin table:<%s> has invalid tag format" int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
" in line:%s", __FUNCTION__, __LINE__, table_name, FREE(tag_str);
cJSON_Print(json));
return TAG_MATCH_ERR;
}
int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tmp_obj->valuestring);
if (TAG_MATCH_ERR == ret) { if (TAG_MATCH_ERR == ret) {
log_fatal(logger, MODULE_BOOL_PLUGIN, log_fatal(logger, MODULE_BOOL_PLUGIN,
"[%s:%d] bool_plugin table:<%s> has invalid tag" "[%s:%d] bool_plugin table:<%s> has invalid tag"

2
src/maat_config_monitor.c
View File

@@ -219,7 +219,7 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
cJSON *table_name = cJSON_GetObjectItem(tmp_item, "table_name"); cJSON *table_name = cJSON_GetObjectItem(tmp_item, "table_name");
cJSON *table_content = cJSON_GetObjectItem(tmp_item, "table_content"); cJSON *table_content = cJSON_GetObjectItem(tmp_item, "table_content");
cJSON *new_item = cJSON_CreateObject(); cJSON *new_item = cJSON_CreateObject();
cJSON *new_table_content = cJSON_Duplicate(table_content, 0); cJSON *new_table_content = cJSON_Duplicate(table_content, 1);
if (object_id_obj == NULL) { if (object_id_obj == NULL) {
char uuid_str[UUID_STR_LEN]; char uuid_str[UUID_STR_LEN];

34
src/maat_expr.c
View File

@@ -41,10 +41,8 @@ struct expr_schema {
enum expr_type { enum expr_type {
EXPR_TYPE_INVALID = -1, EXPR_TYPE_INVALID = -1,
EXPR_TYPE_STRING = 0, EXPR_TYPE_AND = 0,
EXPR_TYPE_AND,
EXPR_TYPE_REGEX, EXPR_TYPE_REGEX,
EXPR_TYPE_OFFSET,
EXPR_TYPE_MAX EXPR_TYPE_MAX
}; };
@@ -93,30 +91,10 @@ struct expr_runtime_stream {
struct expr_matcher_stream *handle; struct expr_matcher_stream *handle;
}; };
static enum expr_type int_to_expr_type(int expr_type) {
enum expr_type type = EXPR_TYPE_INVALID;
switch (expr_type) {
case 0:
case 1:
case 3:
type = EXPR_TYPE_AND;
break;
case 2:
type = EXPR_TYPE_REGEX;
break;
default:
break;
}
return type;
}
static struct expr_item * static struct expr_item *
expr_item_new(struct expr_schema *expr_schema, const char *table_name, expr_item_new(struct expr_schema *expr_schema, const char *table_name,
const cJSON *json, struct expr_runtime *expr_rt, uuid_t item_uuid) const cJSON *json, struct expr_runtime *expr_rt, uuid_t item_uuid)
{ {
int expr_type = -1;
struct expr_item *expr_item = ALLOC(struct expr_item, 1); struct expr_item *expr_item = ALLOC(struct expr_item, 1);
cJSON *tmp_obj = NULL; cJSON *tmp_obj = NULL;
size_t len = 0; size_t len = 0;
@@ -158,8 +136,14 @@ expr_item_new(struct expr_schema *expr_schema, const char *table_name,
goto error; goto error;
} }
expr_type = atoi(tmp_obj->valuestring); if (strncmp(tmp_obj->valuestring, "and", 3) == 0) {
expr_item->expr_type = int_to_expr_type(expr_type); expr_item->expr_type = EXPR_TYPE_AND;
} else if (strncmp(tmp_obj->valuestring, "regex", 5) == 0) {
expr_item->expr_type = EXPR_TYPE_REGEX;
} else {
expr_item->expr_type = EXPR_TYPE_INVALID;
}
if (expr_item->expr_type == EXPR_TYPE_INVALID) { if (expr_item->expr_type == EXPR_TYPE_INVALID) {
log_fatal(expr_rt->logger, MODULE_EXPR, log_fatal(expr_rt->logger, MODULE_EXPR,
"[%s:%d] expr table:<%s> has invalid expr_type in line:%s", "[%s:%d] expr table:<%s> has invalid expr_type in line:%s",

18
src/maat_fqdn_plugin.c
View File

@@ -211,19 +211,14 @@ fqdn_plugin_accept_tag_match(struct fqdn_plugin_schema *schema,
size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr);
cJSON *tmp_obj = NULL; cJSON *tmp_obj = NULL;
tmp_obj = cJSON_GetObjectItem(json, "tag"); tmp_obj = cJSON_GetObjectItem(json, "effective_range");
if (tmp_obj != NULL && n_tag > 0) { if (tmp_obj != NULL && n_tag > 0) {
if (tmp_obj->type != cJSON_String) {
log_fatal(logger, MODULE_FQDN_PLUGIN,
"[%s:%d] fqdn_plugin table:<%s> has invalid tag format"
" in line:%s", __FUNCTION__, __LINE__, table_name,
cJSON_Print(json));
return TAG_MATCH_ERR;
}
const char *tag = tmp_obj->valuestring; char *tag_str = cJSON_Print(tmp_obj);
if (strlen(tag) > 2) {
int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag); int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
FREE(tag_str);
if (TAG_MATCH_ERR == ret) { if (TAG_MATCH_ERR == ret) {
log_fatal(logger, MODULE_FQDN_PLUGIN, log_fatal(logger, MODULE_FQDN_PLUGIN,
"[%s:%d] fqdn_plugin table:<%s> has invalid tag" "[%s:%d] fqdn_plugin table:<%s> has invalid tag"
@@ -240,7 +235,6 @@ fqdn_plugin_accept_tag_match(struct fqdn_plugin_schema *schema,
return TAG_MATCH_UNMATCHED; return TAG_MATCH_UNMATCHED;
} }
} }
}
return TAG_MATCH_MATCHED; return TAG_MATCH_MATCHED;
} }

13
src/maat_ip_plugin.c
View File

@@ -110,16 +110,13 @@ ip_plugin_accept_tag_match(struct ip_plugin_schema *schema,
cJSON *tmp_obj = NULL; cJSON *tmp_obj = NULL;
size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr);
tmp_obj = cJSON_GetObjectItem(json, "tag"); tmp_obj = cJSON_GetObjectItem(json, "effective_range");
if (tmp_obj && n_tag > 0) { if (tmp_obj && n_tag > 0) {
if (tmp_obj->type != cJSON_String) { char *tag_str = cJSON_Print(tmp_obj);
log_fatal(logger, MODULE_IP_PLUGIN,
"[%s:%d] ip_plugin table:<%s> has invalid tag format" int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
" in line:%s", __FUNCTION__, __LINE__, table_name, cJSON_Print(json)); FREE(tag_str);
return TAG_MATCH_ERR;
}
int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tmp_obj->valuestring);
if (TAG_MATCH_ERR == ret) { if (TAG_MATCH_ERR == ret) {
log_fatal(logger, MODULE_IP_PLUGIN, log_fatal(logger, MODULE_IP_PLUGIN,
"[%s:%d] ip_plugin table:<%s> has invalid tag format" "[%s:%d] ip_plugin table:<%s> has invalid tag format"

12
src/maat_ipport_plugin.c
View File

@@ -602,7 +602,17 @@ int ipport_plugin_runtime_get_ex_data(void *ipport_plugin_runtime,
} }
struct ipport_result results[n_ex_data]; struct ipport_result results[n_ex_data];
int n_hit_item = ipport_matcher_match(ipport_plugin_rt->matcher, ip_addr, struct ip_addr ip_data;
if (ip_addr->ip_type == IPV4) {
ip_data.ip_type = IPV4;
ip_data.ipv4 = ntohl(ip_addr->ipv4);
} else {
ip_data.ip_type = IPV6;
memcpy(ip_data.ipv6, ip_addr->ipv6, sizeof(ip_data.ipv6));
ipv6_ntoh(ip_data.ipv6);
}
int n_hit_item = ipport_matcher_match(ipport_plugin_rt->matcher, &ip_data,
port, results, n_ex_data); port, results, n_ex_data);
if (n_hit_item <= 0) { if (n_hit_item <= 0) {
return n_hit_item; return n_hit_item;

14
src/maat_object.c
View File

@@ -290,16 +290,17 @@ object2object_item_new(const char *line, struct object2object_schema *o2o_schema
tmp_obj = cJSON_GetObjectItem(json, "object_uuid"); tmp_obj = cJSON_GetObjectItem(json, "object_uuid");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { if (tmp_obj == NULL || tmp_obj->type != cJSON_String) {
log_fatal(logger, MODULE_OBJECT, log_fatal(logger, MODULE_OBJECT,
"[%s:%d] o2o table:<%s> has no object_id or format is not string in line:%s", "[%s:%d] o2o table:<%s> has no object_uuid or format is not string in line:%s",
__FUNCTION__, __LINE__, table_name, line); __FUNCTION__, __LINE__, table_name, line);
goto error; goto error;
} }
uuid_parse(tmp_obj->valuestring, o2o_item->object_uuid); uuid_parse(tmp_obj->valuestring, o2o_item->object_uuid);
tmp_obj = cJSON_GetObjectItem(json, "included_sub_object_uuids"); tmp_obj = cJSON_GetObjectItem(json, "included_sub_object_uuids");
if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) { if (tmp_obj) {
if (tmp_obj->type != cJSON_Array) {
log_fatal(logger, MODULE_OBJECT, log_fatal(logger, MODULE_OBJECT,
"[%s:%d] o2o table:<%s> has no included_sub_object_ids or format is not array in line:%s", "[%s:%d] o2o table:<%s> included_sub_object_ids format is not array in line:%s",
__FUNCTION__, __LINE__, table_name, line); __FUNCTION__, __LINE__, table_name, line);
goto error; goto error;
} }
@@ -323,11 +324,13 @@ object2object_item_new(const char *line, struct object2object_schema *o2o_schema
__FUNCTION__, __LINE__, table_name, MAX_OBJECT_CNT, line); __FUNCTION__, __LINE__, table_name, MAX_OBJECT_CNT, line);
goto error; goto error;
} }
}
tmp_obj = cJSON_GetObjectItem(json, "excluded_sub_object_uuids"); tmp_obj = cJSON_GetObjectItem(json, "excluded_sub_object_uuids");
if (tmp_obj == NULL || tmp_obj->type != cJSON_Array) { if (tmp_obj) {
if (tmp_obj->type != cJSON_Array) {
log_fatal(logger, MODULE_OBJECT, log_fatal(logger, MODULE_OBJECT,
"[%s:%d] o2o table:<%s> has no excluded_sub_object_ids or format is not array in line:%s", "[%s:%d] o2o table:<%s> excluded_sub_object_ids format is not array in line:%s",
__FUNCTION__, __LINE__, table_name, line); __FUNCTION__, __LINE__, table_name, line);
goto error; goto error;
} }
@@ -351,6 +354,7 @@ object2object_item_new(const char *line, struct object2object_schema *o2o_schema
__FUNCTION__, __LINE__, table_name, MAX_OBJECT_CNT, line); __FUNCTION__, __LINE__, table_name, MAX_OBJECT_CNT, line);
goto error; goto error;
} }
}
cJSON_Delete(json); cJSON_Delete(json);

23
src/maat_plugin.c
View File

@@ -376,27 +376,15 @@ static int plugin_accept_tag_match(struct plugin_schema *schema,
const char *table_name, const char *line, const char *table_name, const char *line,
struct log_handle *logger) struct log_handle *logger)
{ {
size_t tag_len = 0;
size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr); size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr);
cJSON *tmp_obj = NULL; cJSON *tmp_obj = NULL;
int ret = 0; int ret = 0;
cJSON *json = cJSON_Parse(line); cJSON *json = cJSON_Parse(line);
tmp_obj = cJSON_GetObjectItem(json, "tag"); tmp_obj = cJSON_GetObjectItem(json, "effective_range");
if (tmp_obj != NULL && n_tag > 0) { if (tmp_obj != NULL && n_tag > 0) {
if (tmp_obj->type != cJSON_String) { char *tag_str = cJSON_Print(tmp_obj);
log_fatal(logger, MODULE_PLUGIN,
"[%s:%d] table: <%s> has invalid tag format in json, line %s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json));
return TAG_MATCH_ERR;
}
tag_len = strlen(tmp_obj->valuestring);
if (tag_len > 2) {
char *tag_str = ALLOC(char, tag_len + 1);
memcpy(tag_str, tmp_obj->valuestring, tag_len);
ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str); ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
FREE(tag_str); FREE(tag_str);
if (TAG_MATCH_ERR == ret) { if (TAG_MATCH_ERR == ret) {
@@ -413,7 +401,6 @@ static int plugin_accept_tag_match(struct plugin_schema *schema,
return TAG_MATCH_UNMATCHED; return TAG_MATCH_UNMATCHED;
} }
} }
}
cJSON_Delete(json); cJSON_Delete(json);
@@ -440,9 +427,9 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema,
int ret = 0; int ret = 0;
tmp_obj = cJSON_GetObjectItem(json, "addr_type"); tmp_obj = cJSON_GetObjectItem(json, "addr_type");
if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) {
log_fatal(logger, MODULE_PLUGIN, log_fatal(logger, MODULE_PLUGIN,
"[%s:%d] plugin table:<%s> has no addr_type or not string format in table_line:%s", "[%s:%d] plugin table:<%s> has no addr_type or not number format in table_line:%s",
__FUNCTION__, __LINE__, table_name, cJSON_Print(json)); __FUNCTION__, __LINE__, table_name, cJSON_Print(json));
goto ERROR; goto ERROR;
} }
@@ -451,7 +438,7 @@ static int plugin_table_line_get_ip_key(struct plugin_schema *schema,
// snprintf() write at most (key_len+1) bytes (including the terminating null{'\0}) to ip_key. // snprintf() write at most (key_len+1) bytes (including the terminating null{'\0}) to ip_key.
snprintf(ip_key, src_key_len + 1, "%s", src_key); snprintf(ip_key, src_key_len + 1, "%s", src_key);
int addr_type = atoi(tmp_obj->valuestring); int addr_type = tmp_obj->valueint;
if (IPV4 == addr_type) { if (IPV4 == addr_type) {
uint32_t ipv4_addr; uint32_t ipv4_addr;
ret = inet_pton(AF_INET, ip_key, &ipv4_addr); ret = inet_pton(AF_INET, ip_key, &ipv4_addr);

12
src/maat_rule.c
View File

@@ -348,11 +348,12 @@ static int rule_accept_tag_match(struct rule_schema *schema, const char *line,
cJSON *tmp_obj = NULL; cJSON *tmp_obj = NULL;
cJSON *table_json = cJSON_Parse(line); cJSON *table_json = cJSON_Parse(line);
tmp_obj = cJSON_GetObjectItem(table_json, "tag"); tmp_obj = cJSON_GetObjectItem(table_json, "effective_range");
if (tmp_obj && n_tag > 0) { if (tmp_obj && n_tag > 0) {
char *tag_str = tmp_obj->valuestring; char *tag_str = cJSON_Print(tmp_obj);
int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str); int ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
FREE(tag_str);
if (TAG_MATCH_ERR == ret) { if (TAG_MATCH_ERR == ret) {
log_fatal(logger, MODULE_RULE, log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has invalid tag format in line:%s", "[%s:%d] table: <%s> has invalid tag format in line:%s",
@@ -1627,7 +1628,7 @@ static int rule_sort_para_compare(const struct rule_sort_para *a,
if (a->condition_num != b->condition_num) { if (a->condition_num != b->condition_num) {
return (a->condition_num - b->condition_num); return (a->condition_num - b->condition_num);
} else { } else {
return uuid_compare(a->rule_uuid, b->rule_uuid); return uuid_compare(b->rule_uuid, a->rule_uuid);
} }
} }
@@ -1779,8 +1780,11 @@ void rule_compile_state_not_logic_update(struct rule_compile_state *rule_compile
struct condition_id_kv *condition_id_kv = NULL; struct condition_id_kv *condition_id_kv = NULL;
for (size_t i = 0; i < utarray_len(tbl_object->object_uuids); i++) { for (size_t i = 0; i < utarray_len(tbl_object->object_uuids); i++) {
uuid_t *object_uuid = utarray_eltptr(tbl_object->object_uuids, i);
struct condition_query_key key; struct condition_query_key key;
uuid_t *object_uuid = utarray_eltptr(tbl_object->object_uuids, i);
memset(&key, 0, sizeof(key));
snprintf(key.attribute_name, sizeof(key.attribute_name), "%s", attribute_name); snprintf(key.attribute_name, sizeof(key.attribute_name), "%s", attribute_name);
key.negate_option = 1; key.negate_option = 1;
uuid_copy(key.object_uuid, *object_uuid); uuid_copy(key.object_uuid, *object_uuid);

2
test/json_update/corrupted.json
View File

@@ -22,7 +22,7 @@
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"expression": "hello&world", "expression": "hello&world",
"expr_type": "none" "expr_type": "and"
} }
} }
] ]

298
test/maat_framework_gtest.cpp
View File

@@ -239,12 +239,12 @@ TEST_F(FlagScan, basic) {
ARRAY_SIZE, &n_hit_result, state); ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2); EXPECT_EQ(n_hit_result, 2);
char uuid_str1[UUID_STR_LEN] = {0}; char uuid_str[UUID_STR_LEN] = {0};
char uuid_str2[UUID_STR_LEN] = {0}; uuid_unparse(results[0], uuid_str);
uuid_unparse(results[0], uuid_str1); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000207");
uuid_unparse(results[1], uuid_str2);
EXPECT_TRUE(strcmp(uuid_str1, "00000000-0000-0000-0000-000000000207") == 0); uuid_unparse(results[1], uuid_str);
EXPECT_TRUE(strcmp(uuid_str2, "00000000-0000-0000-0000-000000000192") == 0); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000192");
ret = maat_scan_not_logic(maat_inst, flag_table_name, attribute_name, results, ARRAY_SIZE, ret = maat_scan_not_logic(maat_inst, flag_table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state); &n_hit_result, state);
@@ -264,10 +264,11 @@ TEST_F(FlagScan, basic) {
ARRAY_SIZE, &n_hit_result, state); ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2); EXPECT_EQ(n_hit_result, 2);
uuid_unparse(results[0], uuid_str1); uuid_unparse(results[0], uuid_str);
uuid_unparse(results[1], uuid_str2); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000207");
EXPECT_TRUE(strcmp(uuid_str1, "00000000-0000-0000-0000-000000000207") == 0);
EXPECT_TRUE(strcmp(uuid_str2, "00000000-0000-0000-0000-000000000192") == 0); uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000192");
ret = maat_scan_not_logic(maat_inst, flag_table_name, attribute_name, results, ARRAY_SIZE, ret = maat_scan_not_logic(maat_inst, flag_table_name, attribute_name, results, ARRAY_SIZE,
&n_hit_result, state); &n_hit_result, state);
@@ -3508,12 +3509,12 @@ TEST_F(NOTLogic, NotPhysicalTable) {
struct maat_state *state = maat_state_new(maat_inst, thread_id); struct maat_state *state = maat_state_new(maat_inst, thread_id);
// scan hit string1(KEYWORDS_TABLE) & hit string2(HTTP_RESPONSE_KEYWORDS) => not hit rule // scan hit string1(KEYWORDS_TABLE) & hit string2(HTTP_RESPONSE_KEYWORDS) => not hit rule
int ret = maat_scan_string(maat_inst, table_name, attribute_name, string1, int ret = maat_scan_string(maat_inst, table_name, table_name, string1,
strlen(string1), results, ARRAY_SIZE, strlen(string1), results, ARRAY_SIZE,
&n_hit_result, state); &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, ret = maat_scan_not_logic(maat_inst, table_name, table_name, results, ARRAY_SIZE,
&n_hit_result, state); &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(ret, MAAT_SCAN_OK);
@@ -3524,11 +3525,11 @@ TEST_F(NOTLogic, NotPhysicalTable) {
maat_state_reset(state); maat_state_reset(state);
//scan not hit string1(KEYWORDS_TABLE) & hit string2(HTTP_RESPONSE_KEYWORDS) => hit rule224 //scan not hit string1(KEYWORDS_TABLE) & hit string2(HTTP_RESPONSE_KEYWORDS) => hit rule224
ret = maat_scan_string(maat_inst, table_name, attribute_name, string3, strlen(string3), ret = maat_scan_string(maat_inst, table_name, table_name, string3, strlen(string3),
results, ARRAY_SIZE, &n_hit_result, state); results, ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(ret, MAAT_SCAN_OK);
ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, ret = maat_scan_not_logic(maat_inst, table_name, table_name, results, ARRAY_SIZE,
&n_hit_result, state); &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(ret, MAAT_SCAN_OK);
@@ -4430,7 +4431,8 @@ TEST_F(ExcludeLogic, ScanWithMultiCondition) {
int thread_id = 0; int thread_id = 0;
struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id); struct maat_state *state = maat_state_new(maat_inst, thread_id);
const char *ip_attribute_name = "ATTRIBUTE_IP_PLUS_TABLE"; const char *src_ip_attribute_name = "ATTRIBUTE_IP_PLUS_SOURCE";
const char *dst_ip_attribute_name = "ATTRIBUTE_IP_PLUS_DESTINATION";
const char *ip_table_name = "IP_PLUS_CONFIG"; const char *ip_table_name = "IP_PLUS_CONFIG";
int ip_table_id = maat_get_table_id(maat_inst, ip_table_name); int ip_table_id = maat_get_table_id(maat_inst, ip_table_name);
@@ -4439,20 +4441,20 @@ TEST_F(ExcludeLogic, ScanWithMultiCondition) {
uint32_t ip_addr; uint32_t ip_addr;
inet_pton(AF_INET, "192.168.50.43", &ip_addr); inet_pton(AF_INET, "192.168.50.43", &ip_addr);
int ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_attribute_name, ip_addr, results,
ARRAY_SIZE, &n_hit_result, state); ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state); &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(ret, MAAT_SCAN_OK);
inet_pton(AF_INET, "47.92.108.93", &ip_addr); inet_pton(AF_INET, "47.92.108.93", &ip_addr);
ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_attribute_name, ip_addr, results, ARRAY_SIZE,
&n_hit_result, state); &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state); &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(ret, MAAT_SCAN_OK);
@@ -4493,27 +4495,28 @@ TEST_F(ExcludeLogic, ExcludeInDifferentLevel) {
int thread_id = 0; int thread_id = 0;
struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id); struct maat_state *state = maat_state_new(maat_inst, thread_id);
const char *ip_attribute_name = "ATTRIBUTE_IP_PLUS_TABLE"; const char *src_ip_attribute_name = "ATTRIBUTE_IP_PLUS_SOURCE";
const char *dst_ip_attribute_name = "ATTRIBUTE_IP_PLUS_DESTINATION";
const char *ip_table_name = "IP_PLUS_CONFIG"; const char *ip_table_name = "IP_PLUS_CONFIG";
uint32_t ip_addr; uint32_t ip_addr;
inet_pton(AF_INET, "100.64.2.1", &ip_addr); inet_pton(AF_INET, "100.64.2.1", &ip_addr);
int ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_attribute_name, ip_addr, results,
ARRAY_SIZE, &n_hit_result, state); ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state); &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(ret, MAAT_SCAN_OK);
inet_pton(AF_INET, "100.64.2.6", &ip_addr); inet_pton(AF_INET, "100.64.2.6", &ip_addr);
ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_attribute_name, ip_addr, results,
ARRAY_SIZE, &n_hit_result, state); ARRAY_SIZE, &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_attribute_name, results, ARRAY_SIZE,
&n_hit_result, state); &n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(ret, MAAT_SCAN_OK);
@@ -4564,17 +4567,30 @@ void maat_read_entry_start_cb(int update_type, void *u_para)
void maat_read_entry_cb(const char *table_name, const char *table_line, enum maat_operation op, void *u_para) void maat_read_entry_cb(const char *table_name, const char *table_line, enum maat_operation op, void *u_para)
{ {
char ip_str[16] = {0}; char ip_str[16] = {0};
int entry_id = -1, seq = -1; int entry_id = -1;
unsigned int ip_uint = 0; unsigned int ip_uint = 0;
int is_valid = 0; int is_valid = 0;
unsigned int local_ip_nr = 16820416;//192.168.0.1 unsigned int local_ip_nr = 16820416;//192.168.0.1
cJSON *json = cJSON_Parse(table_line);
sscanf(table_line, "%d\t%s\t%d\t%d", &seq,ip_str, &entry_id, &is_valid); EXPECT_TRUE(json != NULL);
cJSON *tmp_obj = cJSON_GetObjectItem(json, "ip");
EXPECT_TRUE(tmp_obj != NULL);
strcpy(ip_str, tmp_obj->valuestring);
inet_pton(AF_INET, ip_str, &ip_uint); inet_pton(AF_INET, ip_str, &ip_uint);
if (local_ip_nr == ip_uint) { if (local_ip_nr == ip_uint) {
tmp_obj = cJSON_GetObjectItem(json, "is_valid");
EXPECT_TRUE(tmp_obj != NULL);
is_valid = tmp_obj->valueint;
tmp_obj = cJSON_GetObjectItem(json, "entry_id");
EXPECT_TRUE(tmp_obj != NULL);
entry_id = tmp_obj->valueint;
EXPECT_EQ(is_valid, 1); EXPECT_EQ(is_valid, 1);
EXPECT_EQ(entry_id, 101); EXPECT_EQ(entry_id, 101);
} }
cJSON_Delete(json);
} }
void maat_read_entry_finish_cb(void *u_para) void maat_read_entry_finish_cb(void *u_para)
@@ -4643,19 +4659,35 @@ TEST_F(PluginTable, Callback) {
struct plugin_ud { struct plugin_ud {
char key[32]; char key[32];
char value[32]; char value[32];
int id; uuid_t uuid;
}; };
void plugin_EX_new_cb(const char *table_name, const char *key, void plugin_EX_new_cb(const char *table_name, const char *key,
const char *table_line, void **ad, long argl, void *argp) const char *table_line, void **ad, long argl, void *argp)
{ {
int *counter = (int *)argp; int *counter = (int *)argp;
int valid = 0, tag = 0;
struct plugin_ud *ud = ALLOC(struct plugin_ud, 1); struct plugin_ud *ud = ALLOC(struct plugin_ud, 1);
int ret = sscanf(table_line, "%d\t%s\t%s\t%d\t%d", cJSON *json = cJSON_Parse(table_line);
&(ud->id), ud->key, ud->value, &valid, &tag); EXPECT_TRUE(json != NULL);
EXPECT_EQ(ret, 5);
cJSON *tmp_obj = cJSON_GetObjectItem(json, "uuid");
EXPECT_TRUE(tmp_obj != NULL);
uuid_parse(tmp_obj->valuestring, ud->uuid);
tmp_obj = cJSON_GetObjectItem(json, "key");
EXPECT_TRUE(tmp_obj != NULL);
if (tmp_obj->type == cJSON_Number) {
snprintf(ud->key, sizeof(ud->key), "%d", tmp_obj->valueint);
} else {
strncpy(ud->key, tmp_obj->valuestring, sizeof(ud->key));
}
tmp_obj = cJSON_GetObjectItem(json, "city");
EXPECT_TRUE(tmp_obj != NULL);
strncpy(ud->value, tmp_obj->valuestring, sizeof(ud->value));
cJSON_Delete(json);
*ad = ud; *ad = ud;
(*counter)++; (*counter)++;
@@ -4696,14 +4728,17 @@ TEST_F(PluginTable, EX_DATA) {
key1, strlen(key1)); key1, strlen(key1));
ASSERT_TRUE(ud != NULL); ASSERT_TRUE(ud != NULL);
EXPECT_STREQ(ud->value, "Shijiazhuang"); EXPECT_STREQ(ud->value, "Shijiazhuang");
EXPECT_EQ(ud->id, 1); char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(ud->uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000001");
const char *key2 = "ShanDong"; const char *key2 = "ShanDong";
ud = (struct plugin_ud *)maat_plugin_table_get_ex_data(maat_inst, table_name, ud = (struct plugin_ud *)maat_plugin_table_get_ex_data(maat_inst, table_name,
key2, strlen(key2)); key2, strlen(key2));
ASSERT_TRUE(ud != NULL); ASSERT_TRUE(ud != NULL);
EXPECT_STREQ(ud->value, "Jinan"); EXPECT_STREQ(ud->value, "Jinan");
EXPECT_EQ(ud->id, 3); uuid_unparse(ud->uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000003");
} }
TEST_F(PluginTable, LONG_KEY_TYPE) { TEST_F(PluginTable, LONG_KEY_TYPE) {
@@ -4725,14 +4760,17 @@ TEST_F(PluginTable, LONG_KEY_TYPE) {
(char *)&key1, sizeof(long long)); (char *)&key1, sizeof(long long));
ASSERT_TRUE(ud != NULL); ASSERT_TRUE(ud != NULL);
EXPECT_STREQ(ud->value, "Shijiazhuang"); EXPECT_STREQ(ud->value, "Shijiazhuang");
EXPECT_EQ(ud->id, 1); char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(ud->uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000001");
long long key2 = 33333333; long long key2 = 33333333;
ud = (struct plugin_ud *)maat_plugin_table_get_ex_data(maat_inst, table_name, ud = (struct plugin_ud *)maat_plugin_table_get_ex_data(maat_inst, table_name,
(char *)&key2, sizeof(long long)); (char *)&key2, sizeof(long long));
ASSERT_TRUE(ud != NULL); ASSERT_TRUE(ud != NULL);
EXPECT_STREQ(ud->value, "Jinan"); EXPECT_STREQ(ud->value, "Jinan");
EXPECT_EQ(ud->id, 3); uuid_unparse(ud->uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000003");
int key3 = 22222222; int key3 = 22222222;
ud = (struct plugin_ud *)maat_plugin_table_get_ex_data(maat_inst, table_name, ud = (struct plugin_ud *)maat_plugin_table_get_ex_data(maat_inst, table_name,
@@ -4759,14 +4797,17 @@ TEST_F(PluginTable, INT_KEY_TYPE) {
(char *)&key1, sizeof(key1)); (char *)&key1, sizeof(key1));
ASSERT_TRUE(ud != NULL); ASSERT_TRUE(ud != NULL);
EXPECT_STREQ(ud->value, "China"); EXPECT_STREQ(ud->value, "China");
EXPECT_EQ(ud->id, 1); char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(ud->uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000001");
int key2 = 102; int key2 = 102;
ud = (struct plugin_ud *)maat_plugin_table_get_ex_data(maat_inst, table_name, ud = (struct plugin_ud *)maat_plugin_table_get_ex_data(maat_inst, table_name,
(char *)&key2, sizeof(key2)); (char *)&key2, sizeof(key2));
ASSERT_TRUE(ud != NULL); ASSERT_TRUE(ud != NULL);
EXPECT_STREQ(ud->value, "America"); EXPECT_STREQ(ud->value, "America");
EXPECT_EQ(ud->id, 2); uuid_unparse(ud->uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000002");
long long key3 = 103; long long key3 = 103;
ud = (struct plugin_ud *)maat_plugin_table_get_ex_data(maat_inst, table_name, ud = (struct plugin_ud *)maat_plugin_table_get_ex_data(maat_inst, table_name,
@@ -4797,7 +4838,9 @@ TEST_F(PluginTable, IP_KEY_TYPE) {
sizeof(ipv4_addr1)); sizeof(ipv4_addr1));
ASSERT_TRUE(ud != NULL); ASSERT_TRUE(ud != NULL);
EXPECT_STREQ(ud->value, "XiZang"); EXPECT_STREQ(ud->value, "XiZang");
EXPECT_EQ(ud->id, 4); char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(ud->uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000001");
uint32_t ipv4_addr2; uint32_t ipv4_addr2;
ret = inet_pton(AF_INET, "100.64.1.2", &ipv4_addr2); ret = inet_pton(AF_INET, "100.64.1.2", &ipv4_addr2);
@@ -4808,7 +4851,8 @@ TEST_F(PluginTable, IP_KEY_TYPE) {
sizeof(ipv4_addr2)); sizeof(ipv4_addr2));
ASSERT_TRUE(ud != NULL); ASSERT_TRUE(ud != NULL);
EXPECT_STREQ(ud->value, "XinJiang"); EXPECT_STREQ(ud->value, "XinJiang");
EXPECT_EQ(ud->id, 4); uuid_unparse(ud->uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000002");
uint8_t ipv6_addr1[16]; uint8_t ipv6_addr1[16];
ret = inet_pton(AF_INET6, "2001:da8:205:1::101", ipv6_addr1); ret = inet_pton(AF_INET6, "2001:da8:205:1::101", ipv6_addr1);
@@ -4819,7 +4863,8 @@ TEST_F(PluginTable, IP_KEY_TYPE) {
sizeof(ipv6_addr1)); sizeof(ipv6_addr1));
ASSERT_TRUE(ud != NULL); ASSERT_TRUE(ud != NULL);
EXPECT_STREQ(ud->value, "GuiZhou"); EXPECT_STREQ(ud->value, "GuiZhou");
EXPECT_EQ(ud->id, 6); uuid_unparse(ud->uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000003");
uint8_t ipv6_addr2[16]; uint8_t ipv6_addr2[16];
ret = inet_pton(AF_INET6, "1001:da8:205:1::101", ipv6_addr2); ret = inet_pton(AF_INET6, "1001:da8:205:1::101", ipv6_addr2);
@@ -4830,7 +4875,8 @@ TEST_F(PluginTable, IP_KEY_TYPE) {
sizeof(ipv6_addr2)); sizeof(ipv6_addr2));
ASSERT_TRUE(ud != NULL); ASSERT_TRUE(ud != NULL);
EXPECT_STREQ(ud->value, "SiChuan"); EXPECT_STREQ(ud->value, "SiChuan");
EXPECT_EQ(ud->id, 6); uuid_unparse(ud->uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000004");
} }
class IPPluginTable : public testing::Test class IPPluginTable : public testing::Test
@@ -4880,7 +4926,7 @@ struct maat *IPPluginTable::_shared_maat_inst;
struct log_handle *IPPluginTable::logger; struct log_handle *IPPluginTable::logger;
struct ip_plugin_ud { struct ip_plugin_ud {
long long rule_id; uuid_t rule_uuid;
char *buffer; char *buffer;
size_t buf_len; size_t buf_len;
}; };
@@ -4888,21 +4934,23 @@ void ip_plugin_ex_new_cb(const char *table_name, const char *key,
const char *table_line, void **ad, long argl, void *argp) const char *table_line, void **ad, long argl, void *argp)
{ {
int *counter = (int *)argp; int *counter = (int *)argp;
size_t column_offset=0, column_len=0;
struct ip_plugin_ud *ud = ALLOC(struct ip_plugin_ud, 1); struct ip_plugin_ud *ud = ALLOC(struct ip_plugin_ud, 1);
int ret = get_column_pos(table_line, 1, &column_offset, &column_len); cJSON *json = cJSON_Parse(table_line);
EXPECT_EQ(ret, 0); EXPECT_TRUE(json != NULL);
ud->rule_id = atoll(table_line + column_offset); cJSON *tmp_obj = cJSON_GetObjectItem(json, "uuid");
EXPECT_TRUE(tmp_obj != NULL);
uuid_parse(tmp_obj->valuestring, ud->rule_uuid);
ret = get_column_pos(table_line, 4, &column_offset, &column_len); tmp_obj = cJSON_GetObjectItem(json, "buffer");
EXPECT_EQ(ret, 0); EXPECT_TRUE(tmp_obj != NULL);
ud->buf_len = strlen(tmp_obj->valuestring);
ud->buffer = ALLOC(char, ud->buf_len + 1);
strncpy(ud->buffer, tmp_obj->valuestring, ud->buf_len);
ud->buffer = ALLOC(char, column_len + 1); cJSON_Delete(json);
strncpy(ud->buffer, table_line + column_offset, column_len);
ud->buf_len = column_len + 1;
*ad = ud; *ad = ud;
(*counter)++; (*counter)++;
} }
@@ -4911,7 +4959,7 @@ void ip_plugin_ex_free_cb(const char *table_name, void **ad, long argl, void *ar
{ {
struct ip_plugin_ud *ud = (struct ip_plugin_ud *)(*ad); struct ip_plugin_ud *ud = (struct ip_plugin_ud *)(*ad);
ud->rule_id = 0; uuid_clear(ud->rule_uuid);
memset(ud->buffer, 0, ud->buf_len); memset(ud->buffer, 0, ud->buf_len);
ud->buf_len = 0; ud->buf_len = 0;
@@ -4949,8 +4997,12 @@ TEST_F(IPPluginTable, EX_DATA) {
ret = maat_ip_plugin_table_get_ex_data(maat_inst, table_name, &ipv4, ret = maat_ip_plugin_table_get_ex_data(maat_inst, table_name, &ipv4,
(void **)results, ARRAY_SIZE); (void **)results, ARRAY_SIZE);
EXPECT_EQ(ret, 2); EXPECT_EQ(ret, 2);
EXPECT_EQ(results[0]->rule_id, 101); char uuid_str[UUID_STR_LEN] = {0};
EXPECT_EQ(results[1]->rule_id, 102); uuid_unparse(results[0]->rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000101");
uuid_unparse(results[1]->rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000102");
struct ip_addr ipv6; struct ip_addr ipv6;
ipv6.ip_type = IPv6; ipv6.ip_type = IPv6;
@@ -4960,8 +5012,11 @@ TEST_F(IPPluginTable, EX_DATA) {
ret = maat_ip_plugin_table_get_ex_data(maat_inst, table_name, &ipv6, ret = maat_ip_plugin_table_get_ex_data(maat_inst, table_name, &ipv6,
(void**)results, ARRAY_SIZE); (void**)results, ARRAY_SIZE);
EXPECT_EQ(ret, 2); EXPECT_EQ(ret, 2);
EXPECT_EQ(results[0]->rule_id, 104); uuid_unparse(results[0]->rule_uuid, uuid_str);
EXPECT_EQ(results[1]->rule_id, 103); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000104");
uuid_unparse(results[1]->rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000103");
//Reproduce BugReport-Liumengyan-20210515 //Reproduce BugReport-Liumengyan-20210515
inet_pton(AF_INET6, "240e:97c:4010:104::17", &(ipv6.ipv6)); inet_pton(AF_INET6, "240e:97c:4010:104::17", &(ipv6.ipv6));
@@ -5017,7 +5072,7 @@ struct maat *IPPortPluginTable::_shared_maat_inst;
struct log_handle *IPPortPluginTable::logger; struct log_handle *IPPortPluginTable::logger;
struct ipport_plugin_ud { struct ipport_plugin_ud {
long long rule_id; uuid_t rule_uuid;
char *buffer; char *buffer;
size_t buf_len; size_t buf_len;
}; };
@@ -5026,21 +5081,17 @@ void ipport_plugin_ex_new_cb(const char *table_name, const char *key,
const char *table_line, void **ad, long argl, void *argp) const char *table_line, void **ad, long argl, void *argp)
{ {
int *counter = (int *)argp; int *counter = (int *)argp;
size_t column_offset=0, column_len=0;
struct ipport_plugin_ud *ud = ALLOC(struct ipport_plugin_ud, 1); struct ipport_plugin_ud *ud = ALLOC(struct ipport_plugin_ud, 1);
int ret = get_column_pos(table_line, 1, &column_offset, &column_len); cJSON *json = cJSON_Parse(table_line);
EXPECT_EQ(ret, 0); EXPECT_TRUE(json != NULL);
ud->rule_id = atoll(table_line + column_offset); cJSON *tmp_obj = cJSON_GetObjectItem(json, "uuid");
EXPECT_TRUE(tmp_obj != NULL);
uuid_parse(tmp_obj->valuestring, ud->rule_uuid);
ret = get_column_pos(table_line, 5, &column_offset, &column_len); cJSON_Delete(json);
EXPECT_EQ(ret, 0);
ud->buffer = ALLOC(char, column_len + 1);
strncpy(ud->buffer, table_line + column_offset, column_len);
ud->buf_len = column_len + 1;
*ad = ud; *ad = ud;
(*counter)++; (*counter)++;
} }
@@ -5049,11 +5100,13 @@ void ipport_plugin_ex_free_cb(const char *table_name, void **ad, long argl, void
{ {
struct ipport_plugin_ud *ud = (struct ipport_plugin_ud *)(*ad); struct ipport_plugin_ud *ud = (struct ipport_plugin_ud *)(*ad);
ud->rule_id = 0; uuid_clear(ud->rule_uuid);
if (ud->buffer) {
memset(ud->buffer, 0, ud->buf_len); memset(ud->buffer, 0, ud->buf_len);
ud->buf_len = 0; ud->buf_len = 0;
free(ud->buffer); free(ud->buffer);
}
free(ud); free(ud);
*ad = NULL; *ad = NULL;
} }
@@ -5089,7 +5142,9 @@ TEST_F(IPPortPluginTable, EX_DATA) {
ret = maat_ipport_plugin_table_get_ex_data(maat_inst, table_name, &ipv4, port, ret = maat_ipport_plugin_table_get_ex_data(maat_inst, table_name, &ipv4, port,
(void **)results, ARRAY_SIZE); (void **)results, ARRAY_SIZE);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
EXPECT_EQ(results[0]->rule_id, 103); char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0]->rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000103");
struct ip_addr ipv6; struct ip_addr ipv6;
ipv6.ip_type = IPv6; ipv6.ip_type = IPv6;
@@ -5099,7 +5154,8 @@ TEST_F(IPPortPluginTable, EX_DATA) {
ret = maat_ipport_plugin_table_get_ex_data(maat_inst, table_name, &ipv6, port, ret = maat_ipport_plugin_table_get_ex_data(maat_inst, table_name, &ipv6, port,
(void**)results, ARRAY_SIZE); (void**)results, ARRAY_SIZE);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
EXPECT_EQ(results[0]->rule_id, 104); uuid_unparse(results[0]->rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000104");
inet_pton(AF_INET6, "240e:97c:4010:104::17", ipv6.ipv6); inet_pton(AF_INET6, "240e:97c:4010:104::17", ipv6.ipv6);
ret = maat_ipport_plugin_table_get_ex_data(maat_inst, table_name, &ipv6, port, ret = maat_ipport_plugin_table_get_ex_data(maat_inst, table_name, &ipv6, port,
@@ -5156,7 +5212,7 @@ struct log_handle *FQDNPluginTable::logger;
#define FQDN_PLUGIN_EX_DATA #define FQDN_PLUGIN_EX_DATA
struct fqdn_plugin_ud struct fqdn_plugin_ud
{ {
int rule_id; uuid_t rule_uuid;
int catid; int catid;
}; };
@@ -5164,17 +5220,20 @@ void fqdn_plugin_ex_new_cb(const char *table_name, const char *key,
const char *table_line, void **ad, long argl, void *argp) const char *table_line, void **ad, long argl, void *argp)
{ {
int *counter = (int *)argp; int *counter = (int *)argp;
size_t column_offset = 0, column_len = 0;
struct fqdn_plugin_ud *ud = ALLOC(struct fqdn_plugin_ud, 1); struct fqdn_plugin_ud *ud = ALLOC(struct fqdn_plugin_ud, 1);
int ret = get_column_pos(table_line, 1, &column_offset, &column_len); cJSON *json = cJSON_Parse(table_line);
EXPECT_EQ(ret, 0); EXPECT_TRUE(json != NULL);
ud->rule_id = atoi(table_line + column_offset); cJSON *tmp_obj = cJSON_GetObjectItem(json, "uuid");
ret = get_column_pos(table_line, 3, &column_offset, &column_len); EXPECT_TRUE(tmp_obj != NULL);
EXPECT_EQ(ret, 0); uuid_parse(tmp_obj->valuestring, ud->rule_uuid);
sscanf(table_line + column_offset, "catid=%d", &ud->catid); tmp_obj = cJSON_GetObjectItem(json, "buffer");
EXPECT_TRUE(tmp_obj != NULL);
sscanf(tmp_obj->valuestring, "catid=%d", &ud->catid);
cJSON_Delete(json);
*ad = ud; *ad = ud;
(*counter)++; (*counter)++;
@@ -5184,7 +5243,7 @@ void fqdn_plugin_ex_free_cb(const char *table_name, void **ad, long argl, void *
{ {
struct fqdn_plugin_ud *u = (struct fqdn_plugin_ud *)(*ad); struct fqdn_plugin_ud *u = (struct fqdn_plugin_ud *)(*ad);
u->rule_id = 0; uuid_clear(u->rule_uuid);
u->catid = 0; u->catid = 0;
free(u); free(u);
@@ -5216,8 +5275,12 @@ TEST_F(FQDNPluginTable, EX_DATA) {
ret = maat_fqdn_plugin_table_get_ex_data(maat_inst, table_name, "www.example1.com", ret = maat_fqdn_plugin_table_get_ex_data(maat_inst, table_name, "www.example1.com",
(void**)result, 4); (void**)result, 4);
ASSERT_EQ(ret, 2); ASSERT_EQ(ret, 2);
EXPECT_EQ(result[0]->rule_id, 201); char uuid_str[UUID_STR_LEN] = {0};
EXPECT_EQ(result[1]->rule_id, 202); uuid_unparse(result[0]->rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000201");
uuid_unparse(result[1]->rule_uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000202");
ret = maat_fqdn_plugin_table_get_ex_data(maat_inst, table_name, "www.example3.com", ret = maat_fqdn_plugin_table_get_ex_data(maat_inst, table_name, "www.example3.com",
(void**)result, 4); (void**)result, 4);
@@ -5226,11 +5289,13 @@ TEST_F(FQDNPluginTable, EX_DATA) {
ret = maat_fqdn_plugin_table_get_ex_data(maat_inst, table_name, "r3---sn-i3belne6.example2.com", ret = maat_fqdn_plugin_table_get_ex_data(maat_inst, table_name, "r3---sn-i3belne6.example2.com",
(void**)result, 4); (void**)result, 4);
ASSERT_EQ(ret, 2); ASSERT_EQ(ret, 2);
EXPECT_TRUE(result[0]->rule_id == 205 || result[0]->rule_id == 204); uuid_unparse(result[0]->rule_uuid, uuid_str);
EXPECT_TRUE(strcmp(uuid_str, "00000000-0000-0000-0000-000000000204") == 0 ||
strcmp(uuid_str, "00000000-0000-0000-0000-000000000205") == 0);
} }
struct bool_plugin_ud { struct bool_plugin_ud {
int id; uuid_t uuid;
char *name; char *name;
size_t name_len; size_t name_len;
}; };
@@ -5238,19 +5303,22 @@ void bool_plugin_ex_new_cb(const char *table_name, const char *key,
const char *table_line, void **ad, long argl, void *argp) const char *table_line, void **ad, long argl, void *argp)
{ {
int *counter=(int *)argp; int *counter=(int *)argp;
size_t column_offset=0, column_len=0;
struct bool_plugin_ud *ud = ALLOC(struct bool_plugin_ud, 1); struct bool_plugin_ud *ud = ALLOC(struct bool_plugin_ud, 1);
int ret = get_column_pos(table_line, 1, &column_offset, &column_len); cJSON *json = cJSON_Parse(table_line);
EXPECT_EQ(ret, 0); EXPECT_TRUE(json != NULL);
ud->id = atoi(table_line + column_offset); cJSON *tmp_obj = cJSON_GetObjectItem(json, "uuid");
ret = get_column_pos(table_line, 3, &column_offset, &column_len); EXPECT_TRUE(tmp_obj != NULL);
EXPECT_EQ(ret, 0); uuid_parse(tmp_obj->valuestring, ud->uuid);
ud->name = ALLOC(char, column_len + 1); tmp_obj = cJSON_GetObjectItem(json, "buffer");
memcpy(ud->name, table_line+column_offset, column_len); EXPECT_TRUE(tmp_obj != NULL);
ud->name_len = column_len + 1; ud->name_len = strlen(tmp_obj->valuestring);
ud->name = ALLOC(char, ud->name_len + 1);
strncpy(ud->name, tmp_obj->valuestring, ud->name_len);
cJSON_Delete(json);
*ad = ud; *ad = ud;
(*counter)++; (*counter)++;
@@ -5259,7 +5327,7 @@ void bool_plugin_ex_free_cb(const char *table_name, void **ad, long argl, void *
{ {
struct bool_plugin_ud *u = (struct bool_plugin_ud *)(*ad); struct bool_plugin_ud *u = (struct bool_plugin_ud *)(*ad);
u->id = 0; uuid_clear(u->uuid);
memset(u->name, 0, u->name_len); memset(u->name, 0, u->name_len);
u->name_len = 0; u->name_len = 0;
@@ -5344,7 +5412,9 @@ TEST_F(BoolPluginTable, EX_DATA) {
ret = maat_bool_plugin_table_get_ex_data(maat_inst, table_name, items_2, ret = maat_bool_plugin_table_get_ex_data(maat_inst, table_name, items_2,
3, (void**)result, 6); 3, (void**)result, 6);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
EXPECT_EQ(result[0]->id, 301); char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(result[0]->uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000301");
unsigned long long items_3[]={101, 102, 1000}; unsigned long long items_3[]={101, 102, 1000};
ret = maat_bool_plugin_table_get_ex_data(maat_inst, table_name, items_3, ret = maat_bool_plugin_table_get_ex_data(maat_inst, table_name, items_3,
@@ -5356,7 +5426,8 @@ TEST_F(BoolPluginTable, EX_DATA) {
sizeof(items_4)/sizeof(unsigned long long), sizeof(items_4)/sizeof(unsigned long long),
(void**)result, 6); (void**)result, 6);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
EXPECT_EQ(result[0]->id, 305); uuid_unparse(result[0]->uuid, uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000305");
} }
class Attribute : public testing::Test class Attribute : public testing::Test
@@ -5573,18 +5644,15 @@ void rule_ex_param_new(const char *table_name, const char *key,
int *counter = (int *)argp; int *counter = (int *)argp;
*ad = NULL; *ad = NULL;
cJSON *json = cJSON_Parse(table_line);
EXPECT_TRUE(json != NULL);
cJSON *tmp_obj = cJSON_GetObjectItem(json, "action_parameter");
EXPECT_TRUE(tmp_obj != NULL);
struct rule_ex_param *param = ALLOC(struct rule_ex_param, 1); struct rule_ex_param *param = ALLOC(struct rule_ex_param, 1);
int rule_id = 0; sscanf(tmp_obj->valuestring, "%*[^:]:%[^,],%d", param->name, &(param->id));
int service_id = 0;
int action = 0;
int do_blacklist = 0;
int do_log = 0;
char tags[1024] = {0};
sscanf(table_line, "%d\t%d\t%d\t%d\t%d\t%s\t%*[^:]:%[^,],%d",
&rule_id, &service_id, &action, &do_blacklist, &do_log,
tags, param->name, &(param->id));
(*counter)++; (*counter)++;
*ad = param; *ad = param;
@@ -5751,12 +5819,14 @@ struct log_handle *Policy::logger;
void accept_tags_entry_cb(const char *table_name, const char *table_line, enum maat_operation op, void *u_para) void accept_tags_entry_cb(const char *table_name, const char *table_line, enum maat_operation op, void *u_para)
{ {
int* callback_times = (int *)u_para; int* callback_times = (int *)u_para;
char status[32] = {0};
int entry_id = -1, seq = -1;
int is_valid = 0;
sscanf(table_line, "%d\t%s\t%d\t%d", &seq,status, &entry_id, &is_valid); cJSON *json = cJSON_Parse(table_line);
EXPECT_STREQ(status, "SUCCESS"); EXPECT_TRUE(json != NULL);
cJSON *tmp_obj = cJSON_GetObjectItem(json, "status");
EXPECT_TRUE(tmp_obj != NULL);
EXPECT_STREQ(tmp_obj->valuestring, "SUCCESS");
(*callback_times)++; (*callback_times)++;
} }
@@ -5867,7 +5937,7 @@ TEST_F(Policy, RuleEXData) {
EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(ret, MAAT_SCAN_OK);
void *ex_data = maat_plugin_table_get_ex_data(maat_inst, plugin_table_name, void *ex_data = maat_plugin_table_get_ex_data(maat_inst, plugin_table_name,
(char *)&results[0], sizeof(long long)); uuid_str, strlen(uuid_str));
ASSERT_TRUE(ex_data!=NULL); ASSERT_TRUE(ex_data!=NULL);
struct rule_ex_param *param = (struct rule_ex_param *)ex_data; struct rule_ex_param *param = (struct rule_ex_param *)ex_data;
EXPECT_EQ(param->id, 7799); EXPECT_EQ(param->id, 7799);
@@ -6129,7 +6199,7 @@ TEST_F(TableInfo, Conjunction) {
const char *scan_data = "soq is using table conjunction function." const char *scan_data = "soq is using table conjunction function."
"http://www.3300av.com/novel/27122.txt"; "http://www.3300av.com/novel/27122.txt";
const char *conj_table_name = "HTTP_HOST"; const char *conj_table_name = "HTTP_HOST";
const char *attribute_name = "HTTP_HOST"; const char *attribute_name = "HTTP_URL";
struct maat *maat_inst = TableInfo::_shared_maat_inst; struct maat *maat_inst = TableInfo::_shared_maat_inst;
struct maat_state *state = maat_state_new(maat_inst, thread_id); struct maat_state *state = maat_state_new(maat_inst, thread_id);
@@ -6142,7 +6212,7 @@ TEST_F(TableInfo, Conjunction) {
uuid_unparse(results[0], uuid_str); uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000134"); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000134");
uuid_unparse(results[0], uuid_str); uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000133"); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000133");
ret = maat_scan_not_logic(maat_inst, conj_table_name, attribute_name, results, ARRAY_SIZE, ret = maat_scan_not_logic(maat_inst, conj_table_name, attribute_name, results, ARRAY_SIZE,

886
test/maat_json.json
View File

File diff suppressed because one or more lines are too long

41
test/table_info.json
View File

@@ -42,8 +42,7 @@
"schema_tag": "{\"rule_plugin\": \"plugin\"}", "schema_tag": "{\"rule_plugin\": \"plugin\"}",
"custom": { "custom": {
"gc_timeout_s":3, "gc_timeout_s":3,
"key_type":"integer", "key_type":"pointer",
"key_len":8,
"key_name": "uuid" "key_name": "uuid"
} }
}, },
@@ -54,9 +53,8 @@
"table_type":"plugin", "table_type":"plugin",
"custom": { "custom": {
"gc_timeout_s":3, "gc_timeout_s":3,
"key_type":"integer", "key_type":"pointer",
"key_len":8, "key_name":"uuid"
"key_name":"TODO"
} }
}, },
{ {
@@ -89,11 +87,15 @@
"table_type":"plugin", "table_type":"plugin",
"custom": { "custom": {
"gc_timeout_s":3, "gc_timeout_s":3,
"key_type":"integer", "key_type":"pointer",
"key_len":8, "key_name":"uuid"
"key_name":"TODO"
} }
}, },
{
"table_id":15,
"table_name":"HTTP_SIGNATURE",
"table_type":"expr"
},
{ {
"table_id":16, "table_id":16,
"table_name":"IMAGE_FP", "table_name":"IMAGE_FP",
@@ -105,9 +107,8 @@
"table_type":"plugin", "table_type":"plugin",
"custom": { "custom": {
"gc_timeout_s":3, "gc_timeout_s":3,
"key_type":"integer", "key_type":"pointer",
"key_len":8, "key_name":"uuid"
"key_name":"TODO"
} }
}, },
{ {
@@ -128,7 +129,7 @@
"custom": { "custom": {
"gc_timeout_s":3, "gc_timeout_s":3,
"key_type":"pointer", "key_type":"pointer",
"key_name":"TODO" "key_name":"key"
} }
}, },
{ {
@@ -138,7 +139,7 @@
"custom": { "custom": {
"gc_timeout_s":3, "gc_timeout_s":3,
"key_type":"pointer", "key_type":"pointer",
"key_name":"TODO" "key_name":"uuid"
} }
}, },
{ {
@@ -163,7 +164,7 @@
"table_type":"ip_plugin", "table_type":"ip_plugin",
"custom": { "custom": {
"gc_timeout_s": 3, "gc_timeout_s": 3,
"key_name":"TODO" "key_name":"uuid"
} }
}, },
{ {
@@ -182,7 +183,7 @@
"table_type":"fqdn_plugin", "table_type":"fqdn_plugin",
"custom": { "custom": {
"gc_timeout_s": 3, "gc_timeout_s": 3,
"key_name":"TODO" "key_name":"uuid"
} }
}, },
{ {
@@ -206,7 +207,7 @@
"table_type":"bool_plugin", "table_type":"bool_plugin",
"custom": { "custom": {
"gc_timeout_s": 3, "gc_timeout_s": 3,
"key_name":"TODO" "key_name":"uuid"
} }
}, },
{ {
@@ -222,7 +223,7 @@
"gc_timeout_s":3, "gc_timeout_s":3,
"key_type":"integer", "key_type":"integer",
"key_len":8, "key_len":8,
"key_name":"TODO" "key_name":"key"
} }
}, },
{ {
@@ -233,7 +234,7 @@
"gc_timeout_s":3, "gc_timeout_s":3,
"key_type":"integer", "key_type":"integer",
"key_len":4, "key_len":4,
"key_name":"TODO" "key_name":"key"
} }
}, },
{ {
@@ -243,7 +244,7 @@
"custom": { "custom": {
"gc_timeout_s":3, "gc_timeout_s":3,
"key_type":"ip_addr", "key_type":"ip_addr",
"key_name":"TODO" "key_name":"key"
} }
}, },
{ {
@@ -277,7 +278,7 @@
"table_type":"ipport_plugin", "table_type":"ipport_plugin",
"custom": { "custom": {
"gc_timeout_s": 3, "gc_timeout_s": 3,
"key_name":"TODO" "key_name":"uuid"
} }
}, },
{ {

5
test/test_utils.cpp
View File

@@ -37,6 +37,11 @@ make_serial_rule(const char *table_name, const char *line, void *u_para, enum ma
return -1; return -1;
} }
cJSON *rule_uuid = cJSON_GetObjectItem(json, "uuid"); cJSON *rule_uuid = cJSON_GetObjectItem(json, "uuid");
if (NULL == rule_uuid) {
rule_uuid = cJSON_GetObjectItem(json, "object_uuid");//for object2object table
}
if (NULL == rule_uuid || rule_uuid->type != cJSON_String) { if (NULL == rule_uuid || rule_uuid->type != cJSON_String) {
return -1; return -1;
} }