gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rename terminology "clause" to "condition"

Browse Source
This commit is contained in:
root
2024-08-22 07:35:53 +00:00
parent f660e6b2ac
commit e538f5bb52
20 changed files with 682 additions and 682 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/api_reference.md
View File

@@ -861,9 +861,9 @@ int maat_scan_not_logic(struct maat *instance, int table_id,
size_t *n_hit_result, struct maat_state *state);
```
If the rule configuration contains NOT-clauses, this interface needs to be called to activate the calculation of rule_id involving NOT-clauses. This means that other scanning interfaces will not activate NOT-clauses except for calling this interface. When to call this interface is determined by the caller. For example, on a session, four packets were scanned with maat_scan_string and three rule_id were hit. The NOT-clause was expected to be activated, so this interface was called and two new rule_id were hit.
If the rule configuration contains NOT-conditions, this interface needs to be called to activate the calculation of rule_id involving NOT-conditions. This means that other scanning interfaces will not activate NOT-conditions except for calling this interface. When to call this interface is determined by the caller. For example, on a session, four packets were scanned with maat_scan_string and three rule_id were hit. The NOT-condition was expected to be activated, so this interface was called and two new rule_id were hit.
Since this interface only activates non-clauses and does not call the underlying scanning engine to perform actual scanning tasks, there is no data to be scanned.
Since this interface only activates non-conditions and does not call the underlying scanning engine to perform actual scanning tasks, there is no data to be scanned.
### maat_stream_new

4
docs/getting_started.md
View File

@@ -48,7 +48,7 @@ Table schema is stored in a json file(such as table_info.conf), which is loaded
"custom": {
"rule_id":1,
"tags":6,
"clause_num":9
"condition_num":9
}
},
{
@@ -62,7 +62,7 @@ Table schema is stored in a json file(such as table_info.conf), which is loaded
"rule_id":2,
"not_flag":4,
"attribute_name":5,
"clause_index":6
"condition_index":6
}
},
{

2
docs/history.md
View File

@@ -11,7 +11,7 @@
| v3.1.1 | 2020-9-27 | Add explanation for creating attributes on multiple different types of physical tables | Zheng Chao |
| v3.1.0 | 2020-9-18 | Add FQDN callback table | Zheng Chao |
| v3.0.4 | 2020-8-17 | Add extended numerical domain configuration interval_plus | Zheng Chao |
| v3.0 | 2020-6-29 | Maat 3.0, support clauses, original grouping table split into grouping relationship table and grouping compilation table | Zheng Chao |
| v3.0 | 2020-6-29 | Maat 3.0, support conditions, original grouping table split into grouping relationship table and grouping compilation table | Zheng Chao |
| v2.8 | 2020-3-13 | Support composite tables | Zheng Chao |
| v2.8 | 2020-2-11 | Support Hit Path | Zheng Chao |
| v2.8 | 2020-2-4 | Support sorting strategies by Evaluation Order | Zheng Chao |

42
docs/logical_combinations.md
View File

@@ -33,7 +33,7 @@ Before showing how to configure the specific rules, we need some raw materials (
## AND logic
`Note`: Each rule supports a maximum of 8 clauses, which are connected by the logical 'AND' relationship, with clause index ranging from 0 to 7.
`Note`: Each rule supports a maximum of 8 conditions, which are connected by the logical 'AND' relationship, with condition index ranging from 0 to 7.
* case1: Deny hosts with source IP addresses in the range of 192.168.1.11 to 192.168.1.20 from accessing the website www.baidu.com.
@@ -41,8 +41,8 @@ Before showing how to configure the specific rules, we need some raw materials (
* www.baidu.com => group_id(201)
```bash
rule(rule) = clause1 & clause2
= {attribute1, group1, clause_index1} & {attribute2, group2, clause_index2}
rule(rule) = condition1 & condition2
= {attribute1, group1, condition_index1} & {attribute2, group2, condition_index2}
= {2, 211, 1} & {1, 201, 2}
```
@@ -52,19 +52,19 @@ rule(rule) = clause1 & clause2
* 端口80 ~ 80 => group_id(221)
```bash
rule(rule) = clause1 & clause2
= {attribute1, group1, clause_index1} & {attribute2, group2, clause_index2}
rule(rule) = condition1 & condition2
= {attribute1, group1, condition_index1} & {attribute2, group2, condition_index2}
= {2, 211, 1} & {3, 221, 2}
```
The JSON configuration for the logical `AND` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=152.
group_name: "152_mail_addr" and group_name: "interval_group_refered" are two clauses of this rule, with a logical `AND` relationship between them.
group_name: "152_mail_addr" and group_name: "interval_group_refered" are two conditions of this rule, with a logical `AND` relationship between them.
## OR logic
`Note`: Multiple groups under the same clause have a logical 'OR' relationship.
`Note`: Multiple groups under the same condition have a logical 'OR' relationship.
* case1 Deny hosts with source IP addresses in the range of 192.168.1.11 to 192.168.1.30 from accessing the website www.baidu.com.
@@ -73,8 +73,8 @@ group_name: "152_mail_addr" and group_name: "interval_group_refered" are two cla
* www.baidu.com => group_id(201)
```bash
rule(rule) = clause1 & clause2
= {attribute1, (group1 | group2), clause_index1} & {attribute2, group3, clause_index2}
rule(rule) = condition1 & condition2
= {attribute1, (group1 | group2), condition_index1} & {attribute2, group3, condition_index2}
= {2, (211 | 212), 1} & {1, 201, 2}
```
@@ -85,8 +85,8 @@ rule(rule) = clause1 & clause2
* port 443 ~ 443 => group_id(222)
```bash
rule(rule) = clause1 & clause2
= {attribute1, group1, clause_index1} & {attribute2, (group2 | group3), clause_index2}
rule(rule) = condition1 & condition2
= {attribute1, group1, condition_index1} & {attribute2, (group2 | group3), condition_index2}
= {2, 211, 1} & {3, (221 | 222), 2}
```
@@ -97,7 +97,7 @@ group_name: "152_mail_addr" contains two regions(items) with a logical `OR` rela
## NOT logic
`Note`: Only clauses can support NOT-logic.
`Note`: Only conditions can support NOT-logic.
* case1: Hosts with source ip addresses ranging from 192.168.1.11 to 192.168.1.20 are allowed to access websites other than www.baidu.com.
@@ -105,8 +105,8 @@ group_name: "152_mail_addr" contains two regions(items) with a logical `OR` rela
* www.baidu.com => group_id(201)
```bash
rule(rule) = clause1 & !clause2
= {attribute1, group1, clause_index1} & !{attribute2, group2, clause_index2}
rule(rule) = condition1 & !condition2
= {attribute1, group1, condition_index1} & !{attribute2, group2, condition_index2}
= {2, 211, 1} & !{1, 201, 2}
```
@@ -117,14 +117,14 @@ rule(rule) = clause1 & !clause2
* port 443 ~ 443 => group_id(222)
```bash
rule(rule) = clause1 & !clause2
= {attribute1, group1, clause_index1} & !{attribute2, (group2 | group3), clause_index2}
rule(rule) = condition1 & !condition2
= {attribute1, group1, condition_index1} & !{attribute2, (group2 | group3), condition_index2}
= {2, 211, 1} & !{3, (221 | 222), 2}
```
The JSON configuration for the logical `OR` can be referenced at [unit_test Json configuration](../test/maat_json.json) with rule_id=145.
The group_name: "123_IP_group" is a NOT clause of this rule.
The group_name: "123_IP_group" is a NOT condition of this rule.
## Group exclude
@@ -147,8 +147,8 @@ super_group1 = group1 exclude group2
And then configure the rule.
```bash
rule(rule) = clause1 & clause2
= {attribute1, super_group1, clause_index1} & {attribute2, group2, clause_index2}
rule(rule) = condition1 & condition2
= {attribute1, super_group1, condition_index1} & {attribute2, group2, condition_index2}
= {2, (210 exclude 211), 1} & {1, 201, 2}
```
@@ -166,8 +166,8 @@ super_group2 = group2 exclude group3
And then configure the rule.
```bash
rule(rule) = clause1 & clause2
= {attribute1, group1, clause_index1} & {attribute2, super_group2, clause_index2}
rule(rule) = condition1 & condition2
= {attribute1, group1, condition_index1} & {attribute2, super_group2, condition_index2}
= {2, 211, 1} & {1, (202 exclude 201), 2}
```

44
docs/maat_table.md
View File

@@ -245,7 +245,7 @@ Describe the specific policy, one maat instance can has multiple rule tables wit
| **rule_id** | LONG LONG | primary key, rule id |
| **tags** | VARCHAR2(1024) | default 0means no tag |
| **is_valid** | INT | 0(invalid)1(valid) |
| **clause_num** | INT | no more than 8 clauses |
| **condition_num** | INT | no more than 8 conditions |
### 1.3 <a name='Group2RuleTable'></a> group2rule table
@@ -256,9 +256,9 @@ Describe the relationship between group and rule.
| **group_ids** | VARCHAR(256) | group ids are separated by commas(g1,g2,g3) |
| **rule_id** | LONG LONG | rule id |
| **is_valid** | INT | 0(invalid), 1(valid) |
| **not_flag** | INT | logical 'NOT', identify a NOT clause, 0(no) 1(yes) |
| **not_flag** | INT | logical 'NOT', identify a NOT condition, 0(no) 1(yes) |
| **attribute** | VARCHAR2(256) | attribute name, NOT NULL |
| **Nth_clause** | INT | the clause seq in (conjunctive normal form)CNF, from 0 to 7. groups with the same clause ID are logical 'OR' |
| **Nth_condition** | INT | the condition seq in (conjunctive normal form)CNF, from 0 to 7. groups with the same condition ID are logical 'OR' |
NOTE: If group_id is invalid in xx_item table, it must be marked as invalid in this table.
@@ -441,25 +441,25 @@ The `group2group_runtime` is a runtime that is built based on the reference rela
In addition to the rule table, there is also the group2rule table in the table schema. However, from a runtime perspective, the configurations of these two tables together constitute rule_runtime. This means that there is no standalone group2rule_runtime. Rule_runtime is the most complex among all runtime types because it serves multiple functions.
**Note:** This will involve the terminology of [clause](./terminology.md#clause).
**Note:** This will involve the terminology of [condition](./terminology.md#condition).
1. For expressions without NOT-clauses, returning the matched rule_id:
1. For expressions without NOT-conditions, returning the matched rule_id:
* rule1 = clause1 & clause2 = {attribute1, g1} & {attribute2, g2}
* rule1 = condition1 & condition2 = {attribute1, g1} & {attribute2, g2}
* rule2 = clause1 & clause2 = {attribute1, g2} & {attribute2, g3}
* rule2 = condition1 & condition2 = {attribute1, g2} & {attribute2, g3}
Given the matched attribute_id and group_id, all matching rule_ids can be provided. For example, if scanning attribute1 matches g2 and attribute2 matches g3, rule_runtime will return the matched rule_id 2.
2. For expressions with NOT-clauses, returning the matched rule_id:
2. For expressions with NOT-conditions, returning the matched rule_id:
* rule3 = clause1 & !clause2 = {attribute1, g1} & !{attribute2, g2}
* rule3 = condition1 & !condition2 = {attribute1, g1} & !{attribute2, g2}
* rule4 = !clause1 & clause2 = !{attribute1, g2} & {attribute2, g3}
* rule4 = !condition1 & condition2 = !{attribute1, g2} & {attribute2, g3}
If scanning attribute1 matches g1 and attribute2 matches g3, rule_runtime will return the matched rule_id 4.
3. If a rule_id is matched, the full hit path can be obtained: **item_id -> group_id ->** {super_group_id} -> clause{**attribute_id, not_flag, clause_index} -> rule_id**. If the matched group is not referenced by a rule, a half hit path can be obtained: **item_id -> group_id** -> {super_group_id}.
3. If a rule_id is matched, the full hit path can be obtained: **item_id -> group_id ->** {super_group_id} -> condition{**attribute_id, not_flag, condition_index} -> rule_id**. If the matched group is not referenced by a rule, a half hit path can be obtained: **item_id -> group_id** -> {super_group_id}.
4. Getting the matched group_ids and the count of hit groups.
@@ -469,13 +469,13 @@ The internal structure of rule_runtime is as follows, including the control plan
* **Control plane**
Rule runtime loads the rule table and group2rule table configurations into memory, assigning a unique clause_id to all clauses of each rule. The following three parts are constructed based on the clause_id:
Rule runtime loads the rule table and group2rule table configurations into memory, assigning a unique condition_id to all conditions of each rule. The following three parts are constructed based on the condition_id:
1. All clause_ids under the same rule are used to construct AND expressions, and all rule AND expressions are used to build a bool_matcher.
1. All condition_ids under the same rule are used to construct AND expressions, and all rule AND expressions are used to build a bool_matcher.
2. For not_flag=0 (clauses), a `clause_id hash` is built, key:{group_id, attribute_id, not_flag}, value:clause_id.
2. For not_flag=0 (conditions), a `condition_id hash` is built, key:{group_id, attribute_id, not_flag}, value:condition_id.
3. For not_flag=1 (NOT-clauses), a `NOT_clause_id hash` is built, key:{group_id, attribute_id, not_flag}, value:clause_id.
3. For not_flag=1 (NOT-conditions), a `NOT_condition_id hash` is built, key:{group_id, attribute_id, not_flag}, value:condition_id.
* **Data Plane**
@@ -485,18 +485,18 @@ On the data plane, services are provided externally through the maat API, primar
* The hit item_id and group_id form a half-hit path.
* The group_id that is hit and the scanned `attribute_id` form the key {group_id, attribute_id, 0}. This key is used to find the `hit clause_ids` in the clause_id hash.
* The group_id that is hit and the scanned `attribute_id` form the key {group_id, attribute_id, 0}. This key is used to find the `hit condition_ids` in the condition_id hash.
* Use the key {group_id, attribute_id, 1} to search for NOT_clause_ids in the NOT_clause_id hash and cache them as `exclude clause_ids`. These clause_ids need to be removed from all clause_ids that are eventually hit. This is because the scan hit {group_id, attribute_id, 0} => clause_id, leading to the deduction that {group_id, attribute_id, 1} => NOT_clause_id does not hit.
* Use the key {group_id, attribute_id, 1} to search for NOT_condition_ids in the NOT_condition_id hash and cache them as `exclude condition_ids`. These condition_ids need to be removed from all condition_ids that are eventually hit. This is because the scan hit {group_id, attribute_id, 0} => condition_id, leading to the deduction that {group_id, attribute_id, 1} => NOT_condition_id does not hit.
* Identify the group_ids in attribute_id table that appear in the NOT_clause and add them to the `NOT_clause_group` set. Ensure that this set does not contain any group_id that was hit during scanning. If any such group_id is present, remove it from the set to form the final `NOT_clause_group` for the attribute_id table.
* Identify the group_ids in attribute_id table that appear in the NOT_condition and add them to the `NOT_condition_group` set. Ensure that this set does not contain any group_id that was hit during scanning. If any such group_id is present, remove it from the set to form the final `NOT_condition_group` for the attribute_id table.
* Use the hit clause_ids to determine if there are any hit rule_ids. If there are, populate the half-hit path which will become full-hit path.
* Use the hit condition_ids to determine if there are any hit rule_ids. If there are, populate the half-hit path which will become full-hit path.
2. **maat_scan_not_logic**: This interface is used to activate NOT-clause logic.
2. **maat_scan_not_logic**: This interface is used to activate NOT-condition logic.
* Traverse the `NOT_clause_group` of `attribute_id`. For each `group_id`, form a key `{group_id, attribute_id, 1}` to obtain the `NOT_clause_id`. If it is in the `exclude clause_ids` set, ignore it; otherwise, add it to the `all hit clause_ids` set as a hit `NOT_clause_id`, and record the half-hit path of the NOT-clause.
* Traverse the `NOT_condition_group` of `attribute_id`. For each `group_id`, form a key `{group_id, attribute_id, 1}` to obtain the `NOT_condition_id`. If it is in the `exclude condition_ids` set, ignore it; otherwise, add it to the `all hit condition_ids` set as a hit `NOT_condition_id`, and record the half-hit path of the NOT-condition.
* Use the `all hit clause_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the NOT-clause which will become full-hit path.
* Use the `all hit condition_ids` to calculate if there are any newly hit rule_ids. If there are, populate the half-hit path of the NOT-condition which will become full-hit path.
3. **xx_get_hit_path**: This interface is used to retrieve the hit path.

2
docs/monitor_tools.md
View File

@@ -22,7 +22,7 @@ The statistical information in the above figure is divided into two parts, part1
- plug_acc_num: total number of configurations for plugin tables
- NOT_clause_num: total number of NOT-clauses
- NOT_condition_num: total number of NOT-conditions
- excl_grp_num: total number of exclude groups

4
docs/overview.md
View File

@@ -24,11 +24,11 @@ The physical tables are mainly divided into three categories: the item table, gr
### 1.2 Configuration relationship
As shown in the diagram below, maat organizes and abstracts configurations using terms such as item, group, literal, clause, rule, etc., allowing users to flexibly configure various policies. The term "literal" is an internal concept in maat and is not visible to external users.
As shown in the diagram below, maat organizes and abstracts configurations using terms such as item, group, literal, condition, rule, etc., allowing users to flexibly configure various policies. The term "literal" is an internal concept in maat and is not visible to external users.
In addition, groups support nesting. For more detailed information, please refer to [group hierarchy](./group_hierarchy.md).
If we define literal_id = {attribute_id, group_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same clause have a logical “OR” relationship. The multiple clauses that form the same rule have a logical “AND” relationship, and there can be a maximum of 8 clauses within the same rule. In addition, the clause itself supports logical "NOT".
If we define literal_id = {attribute_id, group_id}, then a literal is composed of one or more literal_ids. The multiple literal_ids that form the same condition have a logical “OR” relationship. The multiple conditions that form the same rule have a logical “AND” relationship, and there can be a maximum of 8 conditions within the same rule. In addition, the condition itself supports logical "NOT".
<img src="./imgs/rule_diagram.png" width="800" height="450" >

12
docs/terminology.md
View File

@@ -3,7 +3,7 @@
* [Item](#item)
* [Group(Object)](#groupobject)
* [Rule(Policy)](#rulepolicy)
* [Clause(Condition)](#clause)
* [Condition(Condition)](#condition)
* [Literal](#literal)
* [Physical table](#physical-table)
* [Attribute](#attribute)
@@ -50,21 +50,21 @@ The relationship between group and group is stored in the [group2group table](./
A conjunctive normal form(CNF) consisting of multiple groups and attributes.
`Note`: A rule can contain up to 8 clauses and multiple clauses in the same rule can be logical 'AND' and logical 'NOT' relationships.
`Note`: A rule can contain up to 8 conditions and multiple conditions in the same rule can be logical 'AND' and logical 'NOT' relationships.
The relationship between group and rule is stored in the [group2rule table](./maat_table.md#13-group2rule-table).
<img src="./imgs/CNF.jpg" alt="exclude" style="zoom:80%" />
## Clause
## Condition
A clause consists of several Literals and the relationship between them is a `logical 'OR'`.
A condition consists of several Literals and the relationship between them is a `logical 'OR'`.
Clauses are divided into two categories based on whether they contain the logical "NOT" operation: `clause` and `NOT-clause`. In Maat, the logical "NOT" only appears in the clause, which means that if you want to use the logical "NOT", you need to configure clauses for the rules.
Conditions are divided into two categories based on whether they contain the logical "NOT" operation: `condition` and `NOT-condition`. In Maat, the logical "NOT" only appears in the condition, which means that if you want to use the logical "NOT", you need to configure conditions for the rules.
## Literal
A Literal consists of `attribute_id(attribute id)` and `group_id`. During the rules loading process, a unique clause_id will be generated based on the combination of attribute_id and group_id in the same clause.
A Literal consists of `attribute_id(attribute id)` and `group_id`. During the rules loading process, a unique condition_id will be generated based on the combination of attribute_id and group_id in the same condition.
## Physical table

4
include/maat.h
View File

@@ -30,8 +30,8 @@ struct maat;
struct maat_hit_path {
int Nth_scan;
int attribute_id; // 0 is not a attribute.
int NOT_flag; // 1 means NOT clause(condition)
int clause_index; // 0 ~ 7
int NOT_flag; // 1 means NOT condition(condition)
int condition_index; // 0 ~ 7
long long item_id;
long long sub_group_id;
long long top_group_id;

2
src/inc_internal/maat_rule.h
View File

@@ -77,7 +77,7 @@ int group2rule_runtime_update(void *g2c_runtime, void *g2c_schema,
const char *table_name, const char *line,
int valid_column);
long long group2rule_runtime_not_clause_count(void *g2c_runtime);
long long group2rule_runtime_not_condition_count(void *g2c_runtime);
long long group2rule_runtime_rule_count(void *g2c_runtime);

46
src/json2iris.c
View File

@@ -644,7 +644,7 @@ write_region_rule(cJSON *region_json, int rule_id, int group_id,
static int
write_group2rule_line(int *group_ids, size_t n_group_id,
int rule_id, int group_not_flag,
int clause_index, const char *attribute,
int condition_index, const char *attribute,
struct iris_description *p_iris,
struct iris_table *g2c_table)
{
@@ -670,10 +670,10 @@ write_group2rule_line(int *group_ids, size_t n_group_id,
}
group_id_str[strlen(group_id_str) - 1] = '\0';
snprintf(buff, sizeof(buff), "%s\t%d\t%d\t%s\t%d\t1\n", group_id_str,
rule_id, group_not_flag, attribute, clause_index);
rule_id, group_not_flag, attribute, condition_index);
} else {
snprintf(buff, sizeof(buff), "%d\t%d\t%d\t%s\t%d\t1\n", group_ids[0],
rule_id, group_not_flag, attribute, clause_index);
rule_id, group_not_flag, attribute, condition_index);
}
table->write_pos += memcat(&(table->buff), table->write_pos,
@@ -754,7 +754,7 @@ write_group_rule(cJSON *group_json, int parent_id,
{
int ret = 0;
int group_not_flag = 0;
int clause_index = 0;
int condition_index = 0;
const char *group_name = NULL;
char group_name_array[32][MAX_NAME_STR_LEN];
size_t group_name_cnt = 0;
@@ -804,11 +804,11 @@ write_group_rule(cJSON *group_json, int parent_id,
group_not_flag = item->valueint;
}
item = cJSON_GetObjectItem(group_json, "clause_index");
item = cJSON_GetObjectItem(group_json, "condition_index");
if (NULL == item || item->type != cJSON_Number) {
clause_index = Nth_group;
condition_index = Nth_group;
} else {
clause_index = item->valueint;
condition_index = item->valueint;
}
item = cJSON_GetObjectItem(group_json, "g2c_table_name");
@@ -833,7 +833,7 @@ write_group_rule(cJSON *group_json, int parent_id,
}
assert(parent_type == PARENT_TYPE_RULE);
ret = write_group2rule_line(group_ids, group_name_cnt, parent_id,
group_not_flag, clause_index,
group_not_flag, condition_index,
attribute, p_iris, g2c_table);
} else {
@@ -894,7 +894,7 @@ write_group_rule(cJSON *group_json, int parent_id,
if (parent_type == PARENT_TYPE_RULE) {
ret = write_group2rule_line(&(group_info->group_id), 1, parent_id,
group_not_flag, clause_index,
group_not_flag, condition_index,
attribute, p_iris, g2c_table);
if (ret < 0) {
log_fatal(logger, MODULE_JSON2IRIS,
@@ -923,34 +923,34 @@ write_rule_line(cJSON *rule, struct iris_description *p_iris,
cJSON *group_array = cJSON_GetObjectItem(rule, "groups");
int group_num = cJSON_GetArraySize(group_array);
int *clause_ids = ALLOC(int, group_num);
int clause_num = 0;
int *condition_ids = ALLOC(int, group_num);
int condition_num = 0;
cJSON *group_obj = NULL;
cJSON_ArrayForEach(group_obj, group_array) {
item = cJSON_GetObjectItem(group_obj, "clause_index");
item = cJSON_GetObjectItem(group_obj, "condition_index");
if (item) {
int i = 0;
int clause_index = item->valueint;
for (i = 0; i < clause_num; i++) {
if (clause_ids[i] == clause_index) {
int condition_index = item->valueint;
for (i = 0; i < condition_num; i++) {
if (condition_ids[i] == condition_index) {
break;
}
}
if (i == clause_num) {
clause_ids[clause_num] = clause_index;
clause_num++;
if (i == condition_num) {
condition_ids[condition_num] = condition_index;
condition_num++;
}
}
}
FREE(clause_ids);
FREE(condition_ids);
if (clause_num == 0) {
clause_num = group_num;
if (condition_num == 0) {
condition_num = group_num;
}
cJSON_AddNumberToObject(rule, "clause_num", clause_num);
cJSON_AddNumberToObject(rule, "condition_num", condition_num);
struct translate_command rule_cmd[MAX_COLUMN_NUM];
memset(rule_cmd, 0, sizeof(rule_cmd));
@@ -987,7 +987,7 @@ write_rule_line(cJSON *rule, struct iris_description *p_iris,
rule_cmd[cmd_cnt].json_type = cJSON_String;
cmd_cnt++;
rule_cmd[cmd_cnt].json_string = "clause_num";
rule_cmd[cmd_cnt].json_string = "condition_num";
rule_cmd[cmd_cnt].json_type = cJSON_Number;
cmd_cnt++;

812
src/maat_rule.c
View File

File diff suppressed because it is too large Load Diff

14
src/maat_stat.c
View File

@@ -29,7 +29,7 @@ enum MAAT_FS_STATUS {
STATUS_TABLE_NUM,
STATUS_PLUGIN_CACHE_NUM,
STATUS_PLUGIN_ACC_NUM,
STATUS_CLAUSE_REF_NOT_NUM,
STATUS_CONDITION_REF_NOT_NUM,
STATUS_GROUP_REF_EXCL_NUM, //group reference exclude group num
STATUS_HIT_RULE_NUM,
STATUS_MAAT_STATE_NUM,
@@ -75,8 +75,8 @@ static void fs_global_metric_register(struct maat_stat *stat)
stat->g_metric_id[STATUS_PLUGIN_ACC_NUM] =
fieldstat_easy_register_counter(stat->fs_handle, "plug_acc_num");
stat->g_metric_id[STATUS_CLAUSE_REF_NOT_NUM] =
fieldstat_easy_register_counter(stat->fs_handle, "NOT_clause_num");
stat->g_metric_id[STATUS_CONDITION_REF_NOT_NUM] =
fieldstat_easy_register_counter(stat->fs_handle, "NOT_condition_num");
stat->g_metric_id[STATUS_GROUP_REF_EXCL_NUM] =
fieldstat_easy_register_counter(stat->fs_handle, "excl_grp");
@@ -244,7 +244,7 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
long long total_rule_num = 0, total_scan_bytes = 0, total_update_err = 0;
long long total_scan_times = 0, total_hit_times = 0, total_scan_cpu_time = 0;
long long total_regv6_num = 0, total_hit_item_num = 0, total_hit_pattern_num = 0;
long long g2c_not_clause_num = 0, g2g_excl_rule_num = 0;
long long g2c_not_condition_num = 0, g2g_excl_rule_num = 0;
struct field cell_tag = {
.key = "TBL",
.type = FIELD_VALUE_CSTRING
@@ -273,7 +273,7 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
plugin_rule_num += plugin_runtime_rule_count(runtime);
break;
case TABLE_TYPE_GROUP2RULE:
g2c_not_clause_num += group2rule_runtime_not_clause_count(runtime);
g2c_not_condition_num += group2rule_runtime_not_condition_count(runtime);
break;
case TABLE_TYPE_GROUP2GROUP:
g2g_excl_rule_num += group2group_runtime_exclude_rule_count(runtime);
@@ -415,8 +415,8 @@ static void fs_table_row_refresh(struct maat_stat *stat, int perf_on)
NULL, 0, plugin_rule_num);
fieldstat_easy_counter_set(stat->fs_handle, 0,
stat->g_metric_id[STATUS_CLAUSE_REF_NOT_NUM],
NULL, 0, g2c_not_clause_num);
stat->g_metric_id[STATUS_CONDITION_REF_NOT_NUM],
NULL, 0, g2c_not_condition_num);
fieldstat_easy_counter_set(stat->fs_handle, 0,
stat->g_metric_id[STATUS_GROUP_REF_EXCL_NUM],

4
test/benchmark/benchmark_table_info.conf
View File

@@ -560,7 +560,7 @@
"custom": {
"rule_id":1,
"tags":6,
"clause_num":8
"condition_num":8
}
},
{
@@ -574,7 +574,7 @@
"rule_id":2,
"not_flag":3,
"attribute_name":4,
"clause_index":5
"condition_index":5
}
},
{

8
test/file_test_tableinfo.conf
View File

@@ -7,7 +7,7 @@
"custom": {
"rule_id":1,
"tags":6,
"clause_num":9
"condition_num":9
}
},
{
@@ -18,7 +18,7 @@
"custom": {
"rule_id":1,
"tags":6,
"clause_num":9
"condition_num":9
}
},
{
@@ -31,7 +31,7 @@
"custom": {
"rule_id":1,
"tags":6,
"clause_num":9
"condition_num":9
}
},
{
@@ -56,7 +56,7 @@
"rule_id":2,
"not_flag":4,
"attribute_name":5,
"clause_index":6
"condition_index":6
}
},
{

124
test/maat_framework_gtest.cpp
View File

@@ -3247,7 +3247,7 @@ TEST_F(IPScan, RuleUpdates) {
state = NULL;
}
TEST_F(IPScan, RuleChangeClauseId) {
TEST_F(IPScan, RuleChangeConditionId) {
//This test is a reproduce of bug OMPUB-1343.
const char *src_table_name = "ATTRIBUTE_IP_PLUS_SOURCE";
const char *dst_table_name = "ATTRIBUTE_IP_PLUS_DESTINATION";
@@ -4207,7 +4207,7 @@ TEST_F(NOTLogic, NotPhysicalTable) {
state = NULL;
}
TEST_F(NOTLogic, EightNotClause) {
TEST_F(NOTLogic, EightNotCondition) {
const char *string_nothing = "This string contain nothing";
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
@@ -4325,7 +4325,7 @@ TEST_F(NOTLogic, EightNotClause) {
state = NULL;
}
TEST_F(NOTLogic, NotClauseAndExcludeGroup1) {
TEST_F(NOTLogic, NotConditionAndExcludeGroup1) {
const char *string_should_not_hit = "This string ONLY contains must-contained-string-of-rule-200 and "
"must-not-contained-string-of-rule-200";
const char *string_should_half_hit = "This string ONLY contains must-contained-string-of-rule-200";
@@ -4377,7 +4377,7 @@ TEST_F(NOTLogic, NotClauseAndExcludeGroup1) {
state = NULL;
}
TEST_F(NOTLogic, NotClauseAndExcludeGroup2) {
TEST_F(NOTLogic, NotConditionAndExcludeGroup2) {
const char *string1 = "This string ONLY contains mail.string-of-rule-217.com";
const char *string2= "This string ONLY contains www.string-of-rule-217.com";
const char *string_keywords = "This string contain keywords-for-rule-217";
@@ -4437,7 +4437,7 @@ TEST_F(NOTLogic, NotClauseAndExcludeGroup2) {
state = NULL;
}
TEST_F(NOTLogic, SingleNotClause) {
TEST_F(NOTLogic, SingleNotCondition) {
const char *string_nothing = "nothing string";
const char *string_should_hit = "string has not_logic_keywords_222";
const char *table_name = "HTTP_NOT_LOGIC_1";
@@ -4477,7 +4477,7 @@ TEST_F(NOTLogic, SingleNotClause) {
state = NULL;
}
TEST_F(NOTLogic, MultiNotClauses) {
TEST_F(NOTLogic, MultiNotConditions) {
const char *string_nothing = "nothing string";
const char *string1 = "string has not_logic_rule_223_1";
const char *string2 = "string has not_logic_rule_223_1";
@@ -4553,7 +4553,7 @@ TEST_F(NOTLogic, MultiNotClauses) {
state = NULL;
}
TEST_F(NOTLogic, MultiGroupsInOneNotClause) {
TEST_F(NOTLogic, MultiGroupsInOneNotCondition) {
const char *src_asn1 = "AS1234";
const char *src_asn2 = "AS6789";
const char *src_asn3 = "AS9001";
@@ -4644,7 +4644,7 @@ TEST_F(NOTLogic, MultiGroupsInOneNotClause) {
state = NULL;
}
TEST_F(NOTLogic, MultiLiteralsInOneNotClause) {
TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) {
const char *src_asn1 = "AS1234";
const char *src_asn2 = "AS6789";
const char *src_nothing = "nothing";
@@ -4762,7 +4762,7 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotClause) {
state = NULL;
}
TEST_F(NOTLogic, SameAttributeInMultiClause) {
TEST_F(NOTLogic, SameAttributeInMultiCondition) {
const char *src_asn1 = "AS1234";
const char *src_asn2 = "AS9002";
const char *src_asn3 = "AS9003";
@@ -5124,7 +5124,7 @@ TEST_F(ExcludeLogic, ScanAttribute) {
maat_state_free(state);
}
TEST_F(ExcludeLogic, ScanWithMultiClause) {
TEST_F(ExcludeLogic, ScanWithMultiCondition) {
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
int thread_id = 0;
@@ -6748,37 +6748,37 @@ TEST_F(Policy, EvaluationOrder) {
EXPECT_EQ(hit_path[0].attribute_id, table_id);
EXPECT_EQ(hit_path[0].sub_group_id, 158);
EXPECT_EQ(hit_path[0].top_group_id, 158);
EXPECT_EQ(hit_path[0].clause_index, 2);
EXPECT_EQ(hit_path[0].condition_index, 2);
EXPECT_EQ(hit_path[0].rule_id, 168);
EXPECT_EQ(hit_path[1].attribute_id, table_id);
EXPECT_EQ(hit_path[1].sub_group_id, 157);
EXPECT_EQ(hit_path[1].top_group_id, 157);
EXPECT_EQ(hit_path[1].clause_index, 0);
EXPECT_EQ(hit_path[1].condition_index, 0);
EXPECT_EQ(hit_path[1].rule_id, 166);
EXPECT_EQ(hit_path[2].attribute_id, table_id);
EXPECT_EQ(hit_path[2].sub_group_id, 155);
EXPECT_EQ(hit_path[2].top_group_id, -1);
EXPECT_EQ(hit_path[2].clause_index, -1);
EXPECT_EQ(hit_path[2].condition_index, -1);
EXPECT_EQ(hit_path[2].rule_id, -1);
EXPECT_EQ(hit_path[3].attribute_id, table_id);
EXPECT_EQ(hit_path[3].sub_group_id, 158);
EXPECT_EQ(hit_path[3].top_group_id, 158);
EXPECT_EQ(hit_path[3].clause_index, 6);
EXPECT_EQ(hit_path[3].condition_index, 6);
EXPECT_EQ(hit_path[3].rule_id, 168);
EXPECT_EQ(hit_path[4].attribute_id, table_id);
EXPECT_EQ(hit_path[4].sub_group_id, 158);
EXPECT_EQ(hit_path[4].top_group_id, 158);
EXPECT_EQ(hit_path[4].clause_index, 1);
EXPECT_EQ(hit_path[4].condition_index, 1);
EXPECT_EQ(hit_path[4].rule_id, 167);
EXPECT_EQ(hit_path[5].attribute_id, table_id);
EXPECT_EQ(hit_path[5].sub_group_id, 158);
EXPECT_EQ(hit_path[5].top_group_id, 158);
EXPECT_EQ(hit_path[5].clause_index, 3);
EXPECT_EQ(hit_path[5].condition_index, 3);
EXPECT_EQ(hit_path[5].rule_id, 167);
ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE,
@@ -6805,7 +6805,7 @@ TEST_F(Policy, EvaluationOrder) {
maat_state_free(state);
}
TEST_F(Policy, NotClauseHitPath) {
TEST_F(Policy, NotConditionHitPath) {
const char *url_table_name = "HTTP_URL";
const char *ip_table_name = "ATTRIBUTE_IP_CONFIG";
const char *url = "www.youtube.com";
@@ -6846,7 +6846,7 @@ TEST_F(Policy, NotClauseHitPath) {
EXPECT_EQ(hit_path[0].Nth_scan, 1);
EXPECT_EQ(hit_path[0].attribute_id, url_table_id);
EXPECT_EQ(hit_path[0].NOT_flag, 0);
EXPECT_EQ(hit_path[0].clause_index, 1);
EXPECT_EQ(hit_path[0].condition_index, 1);
EXPECT_EQ(hit_path[0].sub_group_id, 249);
EXPECT_EQ(hit_path[0].top_group_id, 249);
EXPECT_EQ(hit_path[0].rule_id, 228);
@@ -6854,7 +6854,7 @@ TEST_F(Policy, NotClauseHitPath) {
EXPECT_EQ(hit_path[1].Nth_scan, 2);
EXPECT_EQ(hit_path[1].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[1].NOT_flag, 1);
EXPECT_EQ(hit_path[1].clause_index, -1);
EXPECT_EQ(hit_path[1].condition_index, -1);
EXPECT_EQ(hit_path[1].sub_group_id, 100);
EXPECT_EQ(hit_path[1].top_group_id, 144);
EXPECT_EQ(hit_path[1].rule_id, -1);
@@ -6862,7 +6862,7 @@ TEST_F(Policy, NotClauseHitPath) {
EXPECT_EQ(hit_path[2].Nth_scan, 2);
EXPECT_EQ(hit_path[2].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[2].NOT_flag, 1);
EXPECT_EQ(hit_path[2].clause_index, -1);
EXPECT_EQ(hit_path[2].condition_index, -1);
EXPECT_EQ(hit_path[2].sub_group_id, 100);
EXPECT_EQ(hit_path[2].top_group_id, -1);
EXPECT_EQ(hit_path[2].rule_id, -1);
@@ -6870,7 +6870,7 @@ TEST_F(Policy, NotClauseHitPath) {
EXPECT_EQ(hit_path[3].Nth_scan, 2);
EXPECT_EQ(hit_path[3].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[3].NOT_flag, 1);
EXPECT_EQ(hit_path[3].clause_index, 2);
EXPECT_EQ(hit_path[3].condition_index, 2);
EXPECT_EQ(hit_path[3].sub_group_id, 250);
EXPECT_EQ(hit_path[3].top_group_id, 250);
EXPECT_EQ(hit_path[3].rule_id, 228);
@@ -7269,7 +7269,7 @@ TEST_F(GroupHierarchy, OneGroupInTwoAttribute) {
state = NULL;
}
TEST_F(GroupHierarchy, MultiGroupsInOneClause) {
TEST_F(GroupHierarchy, MultiGroupsInOneCondition) {
const char *src_asn1 = "AS1234";
const char *src_asn2 = "AS6789";
const char *src_asn3 = "AS9001";
@@ -7359,7 +7359,7 @@ TEST_F(GroupHierarchy, MultiGroupsInOneClause) {
state = NULL;
}
TEST_F(GroupHierarchy, MultiLiteralsInOneClause) {
TEST_F(GroupHierarchy, MultiLiteralsInOneCondition) {
const char *src_asn1 = "AS1234";
const char *src_asn2 = "AS6789";
const char *my_county = "Greece.Sparta";
@@ -7740,10 +7740,10 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) {
long long rule_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule_id, "null", 2, 0); // rule has two clause
rule_id, "null", 2, 0); // rule has two condition
EXPECT_EQ(ret, 1);
//clause1 & clause2 has same filter => {attribute_id, group_id}
//condition1 & condition2 has same filter => {attribute_id, group_id}
long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
group_id, rule_id, 0, attribute_name, 1, 0);
@@ -9657,7 +9657,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
long long group1_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
group1_id, rule1_id, 0,
"KEYWORDS_TABLE", 1, 0); //clause_index:1
"KEYWORDS_TABLE", 1, 0); //condition_index:1
EXPECT_EQ(ret, 1);
//item1 -> group1 -> rule1
@@ -9674,7 +9674,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
long long group21_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
group21_id, rule1_id, 0,
"KEYWORDS_TABLE", 2, 0); //clause_index:2
"KEYWORDS_TABLE", 2, 0); //condition_index:2
EXPECT_EQ(ret, 1);
/* item1 -> group1 -> rule1
@@ -9711,7 +9711,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
*/
ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
group21_id, rule2_id, 0,
"KEYWORDS_TABLE", 3, 0); //clause_index:3
"KEYWORDS_TABLE", 3, 0); //condition_index:3
EXPECT_EQ(ret, 1);
/* item1 -> group1 -> rule1
@@ -9729,7 +9729,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
group3_id, rule2_id, 0,
"IP_CONFIG", 4, 0); //clause_index:4
"IP_CONFIG", 4, 0); //condition_index:4
EXPECT_EQ(ret, 1);
/* item1 -> group1 -> rule1
@@ -9748,7 +9748,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
group3_id, rule3_id, 0,
"IP_CONFIG", 5, 0); //clause_index:5
"IP_CONFIG", 5, 0); //condition_index:5
EXPECT_EQ(ret, 1);
/* item1 -> group1 -> rule1
@@ -9775,7 +9775,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
group4_id, rule3_id, 0,
"KEYWORDS_TABLE", 6, 0); //clause_index:6
"KEYWORDS_TABLE", 6, 0); //condition_index:6
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9804,7 +9804,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, -1);
EXPECT_EQ(hit_path[path_idx].condition_index, -1);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
ret = maat_scan_string(maat_inst, keywords_table_id, http_url_social,
@@ -9823,7 +9823,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 1);
EXPECT_EQ(hit_path[path_idx].condition_index, 1);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
path_idx++;
@@ -9833,7 +9833,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 2);
EXPECT_EQ(hit_path[path_idx].condition_index, 2);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
path_idx++;
@@ -9843,7 +9843,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, -1);
EXPECT_EQ(hit_path[path_idx].condition_index, -1);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
uint32_t ip_addr;
@@ -9868,7 +9868,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 1);
EXPECT_EQ(hit_path[path_idx].condition_index, 1);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
path_idx++;
@@ -9878,7 +9878,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 3);
EXPECT_EQ(hit_path[path_idx].condition_index, 3);
EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id);
path_idx++;
@@ -9888,7 +9888,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, -1);
EXPECT_EQ(hit_path[path_idx].condition_index, -1);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
path_idx++;
@@ -9898,7 +9898,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 4);
EXPECT_EQ(hit_path[path_idx].condition_index, 4);
EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id);
path_idx++;
@@ -9908,7 +9908,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 2);
EXPECT_EQ(hit_path[path_idx].condition_index, 2);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
const char *keywords1 = "In theory, basic and advanced is common";
@@ -9929,7 +9929,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group1_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 1);
EXPECT_EQ(hit_path[path_idx].condition_index, 1);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
path_idx++;
@@ -9939,7 +9939,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 3);
EXPECT_EQ(hit_path[path_idx].condition_index, 3);
EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id);
path_idx++;
@@ -9949,7 +9949,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, -1);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, -1);
EXPECT_EQ(hit_path[path_idx].condition_index, -1);
EXPECT_EQ(hit_path[path_idx].rule_id, -1);
path_idx++;
@@ -9959,7 +9959,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 5);
EXPECT_EQ(hit_path[path_idx].condition_index, 5);
EXPECT_EQ(hit_path[path_idx].rule_id, rule3_id);
path_idx++;
@@ -9969,7 +9969,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group4_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group4_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 6);
EXPECT_EQ(hit_path[path_idx].condition_index, 6);
EXPECT_EQ(hit_path[path_idx].rule_id, rule3_id);
path_idx++;
@@ -9979,7 +9979,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group3_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, ip_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 4);
EXPECT_EQ(hit_path[path_idx].condition_index, 4);
EXPECT_EQ(hit_path[path_idx].rule_id, rule2_id);
path_idx++;
@@ -9989,7 +9989,7 @@ TEST_F(MaatCmd, HitPathAdvanced) {
EXPECT_EQ(hit_path[path_idx].sub_group_id, group2_id);
EXPECT_EQ(hit_path[path_idx].top_group_id, group21_id);
EXPECT_EQ(hit_path[path_idx].attribute_id, keywords_table_id);
EXPECT_EQ(hit_path[path_idx].clause_index, 2);
EXPECT_EQ(hit_path[path_idx].condition_index, 2);
EXPECT_EQ(hit_path[path_idx].rule_id, rule1_id);
maat_state_free(state);
@@ -10388,7 +10388,7 @@ TEST_F(MaatCmd, SameSuperGroupRefByMultiRule) {
state = NULL;
}
TEST_F(MaatCmd, SameScanStatusWhenClauseUpdate_TSG6419) {
TEST_F(MaatCmd, SameScanStatusWhenConditionUpdate_TSG6419) {
const char *g2c_table_name = "GROUP2RULE_DEFAULT";
const char* rule_table_name = "RULE_DEFAULT";
const char* ip_table_name = "IP_PLUS_CONFIG";
@@ -10402,9 +10402,9 @@ TEST_F(MaatCmd, SameScanStatusWhenClauseUpdate_TSG6419) {
rule1_id, "null", 2, 0);
EXPECT_EQ(ret, 1);
/* item11 -> group11 -> clause1 -> rule1
/* item11 -> group11 -> condition1 -> rule1
/
item21 -> group21 -> clause2 _/
item21 -> group21 -> condition2 _/
*/
long long group11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
@@ -10451,10 +10451,10 @@ TEST_F(MaatCmd, SameScanStatusWhenClauseUpdate_TSG6419) {
&n_hit_result, state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
/* item11 -> group11 -> clause1 -> rule1
/* item11 -> group11 -> condition1 -> rule1
/
item21 -> group21 -> clause2 _/
item22 -> group22 -> clause3 _/
item21 -> group21 -> condition2 _/
item22 -> group22 -> condition3 _/
*/
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
rule1_id, "null", 2, 0);
@@ -10512,8 +10512,8 @@ TEST_F(MaatCmd, GroupEdit) {
rule1_id, "null", 2, 0);
EXPECT_EQ(ret, 1);
/* item11 -> group11 -> clause1 -> rule1
item21 -> group21 -> clause2 _/
/* item11 -> group11 -> condition1 -> rule1
item21 -> group21 -> condition2 _/
*/
long long group11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
@@ -10568,8 +10568,8 @@ TEST_F(MaatCmd, GroupEdit) {
maat_state_reset(state);
/* item11 -> group11 -> clause1 -> rule1
item21 -> group21 -> clause2 _/
/* item11 -> group11 -> condition1 -> rule1
item21 -> group21 -> condition2 _/
item22 -> /
*/
char scan_app_id_str[8] = {0};
@@ -10608,8 +10608,8 @@ TEST_F(MaatCmd, GroupEdit) {
EXPECT_EQ(n_read, 2);
maat_state_reset(state);
/* item11 -> group11 -> clause1 -> rule1
item21 -> group21 -> clause2 _/
/* item11 -> group11 -> condition1 -> rule1
item21 -> group21 -> condition2 _/
*/
ret = interval_table_set_line(maat_inst, app_id_table_name, MAAT_OP_DEL,
item22_id, group21_id, scan_app_id_str, NULL, 0);
@@ -10653,7 +10653,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) {
rule1_id, "null", 1, 0);
EXPECT_EQ(ret, 1);
//item11 -> group11 -> clause1 -> rule1
//item11 -> group11 -> condition1 -> rule1
long long group11_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1);
ret = group2rule_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD,
group11_id, rule1_id, 0, ip_table_name, 1, 0);
@@ -10789,7 +10789,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
memset(results, 0, sizeof(results));
ret = maat_scan_string(maat_inst, table_id, scan_data2, strlen(scan_data2),
results, ARRAY_SIZE, &n_hit_result, state);
//After full update, clause ids are re-orgnized, therefore mid are not compatible to the new scanner (hierarchy).
//After full update, condition ids are re-orgnized, therefore mid are not compatible to the new scanner (hierarchy).
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE,
@@ -10923,7 +10923,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
//DON'T DO THIS!!!
//Roll back version, trigger full update.
//This operation generates FATAL logs in test_maat_redis.log.yyyy-mm-dd.
//For example: Add group 22 vt_id 0 to clause 2 of rule 979 failed, group is already existed
//For example: Add group 22 vt_id 0 to condition 2 of rule 979 failed, group is already existed
maat_cmd_incrby(maat_inst, "MAAT_VERSION", -100);
//Wating for scanner garbage collect expiration.

204
test/maat_json.json
View File

@@ -846,7 +846,7 @@
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.NotExprClauseAndNotIPClause",
"user_region": "NOTLogic.NotExprConditionAndNotIPCondition",
"is_valid": "yes",
"groups": [
{
@@ -854,7 +854,7 @@
"group_name": "146_url_group",
"group_id": 126,
"not_flag": 0,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "HTTP_URL",
@@ -871,7 +871,7 @@
"group_name": "146_keywords_group",
"group_id": 127,
"not_flag": 1,
"clause_index": 1,
"condition_index": 1,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -887,7 +887,7 @@
"attribute": "ATTRIBUTE_IP_CONFIG",
"group_name": "123_IP_group",
"not_flag": 1,
"clause_index": 2
"condition_index": 2
}
]
},
@@ -897,7 +897,7 @@
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.8NotClause",
"user_region": "NOTLogic.8NotCondition",
"is_valid": "yes",
"groups": [
{
@@ -905,13 +905,13 @@
"group_name": "147_keywords_group1",
"group_id": 128,
"not_flag": 1,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "clause0-in-rule-147",
"keywords": "condition0-in-rule-147",
"expr_type": "and"
}
}
@@ -922,13 +922,13 @@
"group_name": "147_keywords_group2",
"group_id": 129,
"not_flag": 1,
"clause_index": 1,
"condition_index": 1,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "clause1-in-rule-147",
"keywords": "condition1-in-rule-147",
"expr_type": "and"
}
}
@@ -939,13 +939,13 @@
"group_name": "147_keywords_group3",
"group_id": 130,
"not_flag": 1,
"clause_index": 2,
"condition_index": 2,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "clause2-in-rule-147",
"keywords": "condition2-in-rule-147",
"expr_type": "and"
}
}
@@ -956,13 +956,13 @@
"group_name": "147_keywords_group4",
"group_id": 131,
"not_flag": 1,
"clause_index": 3,
"condition_index": 3,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "clause3-in-rule-147",
"keywords": "condition3-in-rule-147",
"expr_type": "and"
}
}
@@ -973,13 +973,13 @@
"group_name": "147_keywords_group5",
"group_id": 132,
"not_flag": 1,
"clause_index": 4,
"condition_index": 4,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "clause4-in-rule-147",
"keywords": "condition4-in-rule-147",
"expr_type": "and"
}
}
@@ -990,13 +990,13 @@
"group_name": "147_keywords_group6",
"group_id": 133,
"not_flag": 1,
"clause_index": 5,
"condition_index": 5,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "clause5-in-rule-147",
"keywords": "condition5-in-rule-147",
"expr_type": "and"
}
}
@@ -1007,13 +1007,13 @@
"group_name": "147_keywords_group7",
"group_id": 134,
"not_flag": 1,
"clause_index": 6,
"condition_index": 6,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "clause6-in-rule-147",
"keywords": "condition6-in-rule-147",
"expr_type": "and"
}
}
@@ -1024,13 +1024,13 @@
"group_name": "147_keywords_group8",
"group_id": 135,
"not_flag": 1,
"clause_index": 7,
"condition_index": 7,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
"table_type": "expr",
"table_content": {
"keywords": "clause7-in-rule-147",
"keywords": "condition7-in-rule-147",
"expr_type": "and"
}
}
@@ -1637,7 +1637,7 @@
"attribute": "HTTP_URL",
"group_name": "167_url_group",
"group_id": 158,
"clause_index": 1,
"condition_index": 1,
"regions": [
{
"table_name": "HTTP_URL",
@@ -1653,7 +1653,7 @@
"attribute": "HTTP_URL",
"group_name": "167_url_group",
"group_id": 158,
"clause_index": 3
"condition_index": 3
}
]
},
@@ -1671,13 +1671,13 @@
"attribute": "HTTP_URL",
"group_name": "167_url_group",
"group_id": 158,
"clause_index": 2
"condition_index": 2
},
{
"attribute": "HTTP_URL",
"group_name": "167_url_group",
"group_id": 158,
"clause_index": 6
"condition_index": 6
}
]
},
@@ -1694,7 +1694,7 @@
"attribute": "IP_PLUS_CONFIG",
"group_name": "169_IP_group",
"group_id": 160,
"clause_index": 0,
"condition_index": 0,
"not_flag" : 0,
"regions": [
{
@@ -1766,20 +1766,20 @@
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.MultiGroupsInOneNotClause",
"user_region": "NOTLogic.MultiGroupsInOneNotCondition",
"is_valid": "yes",
"groups": [
{
"attribute": "ASN_NOT_LOGIC",
"group_name": ["ASN1234", "ASN6789", "ASN9001"],
"not_flag": 1,
"clause_index": 0
"condition_index": 0
},
{
"attribute": "DESTINATION_IP_ASN",
"group_name": "ASN2345",
"not_flag": 0,
"clause_index": 1
"condition_index": 1
}
]
},
@@ -1789,20 +1789,20 @@
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "Hierarchy.MultiGroupInOneClause",
"user_region": "Hierarchy.MultiGroupInOneCondition",
"is_valid": "yes",
"groups": [
{
"attribute": "SOURCE_IP_ASN",
"group_name": ["ASN1234", "ASN6789", "ASN9001"],
"not_flag": 0,
"clause_index": 0
"condition_index": 0
},
{
"attribute": "DESTINATION_IP_ASN",
"group_name": "ASN2345",
"not_flag": 0,
"clause_index": 1
"condition_index": 1
}
]
},
@@ -1838,26 +1838,26 @@
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "Hierarchy.MultiGroupInOneClause",
"user_region": "Hierarchy.MultiGroupInOneCondition",
"is_valid": "yes",
"groups": [
{
"attribute": "SOURCE_IP_ASN",
"group_name": ["ASN1234", "ASN6789", "ASN9001"],
"not_flag": 0,
"clause_index": 0
"condition_index": 0
},
{
"attribute": "SOURCE_IP_GEO",
"group_name": "Country-Sparta-IP",
"not_flag": 0,
"clause_index": 0
"condition_index": 0
},
{
"attribute": "IP_CONFIG",
"group_name": "financial-department-ip",
"not_flag": 0,
"clause_index": 1
"condition_index": 1
}
]
},
@@ -1867,26 +1867,26 @@
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.MultiLiteralsInOneNotClause",
"user_region": "NOTLogic.MultiLiteralsInOneNotCondition",
"is_valid": "yes",
"groups": [
{
"attribute": "SOURCE_IP_ASN",
"group_name": ["ASN1234", "ASN6789", "ASN9001"],
"not_flag": 1,
"clause_index": 0
"condition_index": 0
},
{
"attribute": "IP_PLUS_CONFIG",
"group_name": "develop-department-ip",
"not_flag": 1,
"clause_index": 0
"condition_index": 0
},
{
"attribute": "SOURCE_IP_GEO",
"group_name": "Country-Sparta-IP",
"not_flag": 0,
"clause_index": 1
"condition_index": 1
}
]
},
@@ -1948,38 +1948,38 @@
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NOTLogic.SameAttributeInMultiClause",
"user_region": "NOTLogic.SameAttributeInMultiCondition",
"is_valid": "yes",
"groups": [
{
"attribute": "DESTINATION_IP_ASN",
"group_name": ["ASN1234", "ASN6789", "ASN9001"],
"not_flag": 1,
"clause_index": 0
"condition_index": 0
},
{
"attribute": "SOURCE_IP_GEO",
"group_name": "Country-Sparta-IP",
"not_flag": 1,
"clause_index": 0
"condition_index": 0
},
{
"attribute": "DESTINATION_IP_ASN",
"group_name": "ASN9002",
"not_flag": 1,
"clause_index": 1
"condition_index": 1
},
{
"attribute": "DESTINATION_IP_ASN",
"group_name": "ASN9003",
"not_flag": 0,
"clause_index": 2
"condition_index": 2
},
{
"attribute": "IP_PLUS_CONFIG",
"group_name": "security-department-ip",
"not_flag": 0,
"clause_index": 3
"condition_index": 3
}
]
},
@@ -2423,7 +2423,7 @@
"group_name": "ExcludeLogicGroup199_1",
"group_id": 189,
"is_exclude": 0,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "HTTP_URL",
@@ -2439,7 +2439,7 @@
"group_name": "ExcludeLogicGroup199_2",
"group_id": 190,
"is_exclude": 1,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "HTTP_URL",
@@ -2474,7 +2474,7 @@
"group_name": "ExcludeLogicGroup200_1",
"group_id": 192,
"is_exclude": 0,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "HTTP_URL",
@@ -2491,7 +2491,7 @@
"group_name": "ExcludeLogicGroup200_2",
"group_id": 193,
"is_exclude": 1,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "HTTP_URL",
@@ -2520,7 +2520,7 @@
"attribute": "ATTRIBUTE_IP_PLUS_TABLE",
"group_name": "ExcludeLogicGroup202",
"group_id": 194,
"clause_index": 0,
"condition_index": 0,
"sub_groups":[
{
"group_name": "ExcludeLogicGroup202_1",
@@ -2581,7 +2581,7 @@
"attribute": "ATTRIBUTE_IP_PLUS_SOURCE",
"group_name": "ExcludeLogicGroup203_1",
"group_id": 198,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "IP_PLUS_CONFIG",
@@ -2597,7 +2597,7 @@
"attribute": "ATTRIBUTE_IP_PLUS_DESTINATION",
"group_name": "ExcludeLogicGroup203_2",
"group_id": 199,
"clause_index": 1,
"condition_index": 1,
"regions": [
{
"table_name": "IP_PLUS_CONFIG",
@@ -2612,7 +2612,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS",
"group_name": "ExcludeLogicGroup203_3",
"group_id": 200,
"clause_index": 2,
"condition_index": 2,
"sub_groups": [
{
"group_name": "ExcludeLogicGroup203_3_1",
@@ -2661,7 +2661,7 @@
"attribute": "ATTRIBUTE_IP_PLUS_SOURCE",
"group_name": "ExcludeLogicGroup204_1",
"group_id": 203,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "IP_PLUS_CONFIG",
@@ -2677,7 +2677,7 @@
"attribute": "ATTRIBUTE_IP_PLUS_DESTINATION",
"group_name": "ExcludeLogicGroup204_2",
"group_id":204,
"clause_index": 1,
"condition_index": 1,
"regions": [
{
"table_name": "IP_PLUS_CONFIG",
@@ -2692,7 +2692,7 @@
"attribute": "HTTP_RESPONSE_KEYWORDS",
"group_name": "ExcludeLogicGroup204_3",
"group_id": 205,
"clause_index": 2,
"condition_index": 2,
"sub_groups": [
{
"group_name": "ExcludeLogicGroup204_3_1",
@@ -3040,21 +3040,21 @@
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "NOTClause&ExcludeGroup",
"user_region": "NOTCondition&ExcludeGroup",
"is_valid": "yes",
"groups": [
{
"attribute": "HTTP_URL_FILTER",
"group_name": "ExcludeLogicGroup200",
"not_flag": 0,
"clause_index": 0
"condition_index": 0
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS",
"group_name": "NOTClauseAndExcludeGroup216",
"group_name": "NOTConditionAndExcludeGroup216",
"group_id": 221,
"not_flag": 1,
"clause_index": 1,
"condition_index": 1,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3074,15 +3074,15 @@
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "NOTClause&ExcludeGroup",
"user_region": "NOTCondition&ExcludeGroup",
"is_valid": "yes",
"groups": [
{
"attribute": "HTTP_URL_FILTER",
"group_name": "NOTClauseAndExcludeGroup217_1",
"group_name": "NOTConditionAndExcludeGroup217_1",
"group_id": 222,
"not_flag": 1,
"clause_index": 0,
"condition_index": 0,
"sub_groups": [
{
"group_name": "ExcludeLogicGroup217_1_1",
@@ -3118,10 +3118,10 @@
},
{
"attribute": "HTTP_RESPONSE_KEYWORDS",
"group_name": "NOTClauseAndExcludeGroup217_2",
"group_name": "NOTConditionAndExcludeGroup217_2",
"group_id": 225,
"not_flag": 0,
"clause_index": 1,
"condition_index": 1,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3171,10 +3171,10 @@
"groups": [
{
"attribute": "HTTP_DUMMY",
"group_name": "NOTClauseAndExcludeGroup219_1",
"group_name": "NOTConditionAndExcludeGroup219_1",
"group_id": 227,
"not_flag": 0,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3188,10 +3188,10 @@
},
{
"attribute": "HTTP_DUMMY",
"group_name": "NOTClauseAndExcludeGroup219_2",
"group_name": "NOTConditionAndExcludeGroup219_2",
"group_id": 228,
"not_flag": 1,
"clause_index": 1,
"condition_index": 1,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3205,10 +3205,10 @@
},
{
"attribute": "HTTP_DUMMY",
"group_name": "NOTClauseAndExcludeGroup219_3",
"group_name": "NOTConditionAndExcludeGroup219_3",
"group_id": 229,
"not_flag": 1,
"clause_index": 2,
"condition_index": 2,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3222,10 +3222,10 @@
},
{
"attribute": "HTTP_DUMMY",
"group_name": "NOTClauseAndExcludeGroup219_4",
"group_name": "NOTConditionAndExcludeGroup219_4",
"group_id": 230,
"not_flag": 1,
"clause_index": 3,
"condition_index": 3,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3239,10 +3239,10 @@
},
{
"attribute": "HTTP_DUMMY",
"group_name": "NOTClauseAndExcludeGroup219_5",
"group_name": "NOTConditionAndExcludeGroup219_5",
"group_id": 231,
"not_flag": 1,
"clause_index": 4,
"condition_index": 4,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3256,10 +3256,10 @@
},
{
"attribute": "HTTP_DUMMY",
"group_name": "NOTClauseAndExcludeGroup219_6",
"group_name": "NOTConditionAndExcludeGroup219_6",
"group_id": 232,
"not_flag": 1,
"clause_index": 5,
"condition_index": 5,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3273,10 +3273,10 @@
},
{
"attribute": "HTTP_DUMMY",
"group_name": "NOTClauseAndExcludeGroup219_7",
"group_name": "NOTConditionAndExcludeGroup219_7",
"group_id": 233,
"not_flag": 1,
"clause_index": 6,
"condition_index": 6,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3290,10 +3290,10 @@
},
{
"attribute": "HTTP_DUMMY",
"group_name": "NOTClauseAndExcludeGroup219_8",
"group_name": "NOTConditionAndExcludeGroup219_8",
"group_id": 234,
"not_flag": 1,
"clause_index": 7,
"condition_index": 7,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3318,10 +3318,10 @@
"groups": [
{
"attribute": "HTTP_DUMMY",
"group_name": "NOTClauseAndExcludeGroup220_1",
"group_name": "NOTConditionAndExcludeGroup220_1",
"group_id": 235,
"not_flag": 0,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3335,10 +3335,10 @@
},
{
"attribute": "HTTP_DUMMY",
"group_name": "NOTClauseAndExcludeGroup220_2",
"group_name": "NOTConditionAndExcludeGroup220_2",
"group_id": 236,
"not_flag": 1,
"clause_index": 1,
"condition_index": 1,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3352,10 +3352,10 @@
},
{
"attribute": "HTTP_DUMMY",
"group_name": "NOTClauseAndExcludeGroup220_3",
"group_name": "NOTConditionAndExcludeGroup220_3",
"group_id": 237,
"not_flag": 1,
"clause_index": 2,
"condition_index": 2,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3419,7 +3419,7 @@
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "NOTLogic.SingleNotClause",
"user_region": "NOTLogic.SingleNotCondition",
"is_valid": "yes",
"groups": [
{
@@ -3427,7 +3427,7 @@
"group_name": "NOTLogicGroup_222",
"group_id": 240,
"not_flag": 1,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3447,7 +3447,7 @@
"action": 0,
"do_blacklist": 0,
"do_log": 0,
"user_region": "NOTLogic.MultiNotClause",
"user_region": "NOTLogic.MultiNotCondition",
"is_valid": "yes",
"groups": [
{
@@ -3455,7 +3455,7 @@
"group_name": "NOTLogicGroup_223_1",
"group_id": 241,
"not_flag": 1,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3472,7 +3472,7 @@
"group_name": "NOTLogicGroup_223_2",
"group_id": 242,
"not_flag": 1,
"clause_index": 1,
"condition_index": 1,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3489,7 +3489,7 @@
"group_name": "NOTLogicGroup_223_1",
"group_id": 243,
"not_flag": 1,
"clause_index": 2,
"condition_index": 2,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3517,7 +3517,7 @@
"group_name": "NOTLogicGroup_224_1",
"group_id": 244,
"not_flag": 1,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3534,7 +3534,7 @@
"group_name": "NOTLogicGroup_224_2",
"group_id": 245,
"not_flag": 0,
"clause_index": 1,
"condition_index": 1,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3562,7 +3562,7 @@
"group_name": "EscapeGroup_225_1",
"group_id": 246,
"not_flag": 0,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3616,7 +3616,7 @@
"action": 1,
"do_blacklist": 1,
"do_log": 1,
"user_region": "NotClauseHitPath",
"user_region": "NotConditionHitPath",
"is_valid": "yes",
"groups": [
{
@@ -3624,7 +3624,7 @@
"group_name": "228_url_group",
"group_id": 249,
"not_flag": 0,
"clause_index": 1,
"condition_index": 1,
"regions": [
{
"table_name": "HTTP_URL",
@@ -3641,7 +3641,7 @@
"group_name": "228_IP_group",
"group_id": 250,
"not_flag": 1,
"clause_index": 2,
"condition_index": 2,
"regions": [
{
"table_name": "IP_CONFIG",
@@ -3788,7 +3788,7 @@
"group_name": "EscapeGroup_234_1",
"group_id": 260,
"not_flag": 0,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "KEYWORDS_TABLE",
@@ -3816,7 +3816,7 @@
"group_name": "EscapeGroup_235_1",
"group_id": 261,
"not_flag": 0,
"clause_index": 0,
"condition_index": 0,
"regions": [
{
"table_name": "KEYWORDS_TABLE",

14
test/table_info.conf
View File

@@ -7,7 +7,7 @@
"custom": {
"rule_id":1,
"tags":6,
"clause_num":8
"condition_num":8
}
},
{
@@ -19,7 +19,7 @@
"custom": {
"rule_id":1,
"tags":6,
"clause_num":8
"condition_num":8
}
},
{
@@ -33,7 +33,7 @@
"custom": {
"rule_id":1,
"tags":6,
"clause_num":8
"condition_num":8
}
},
{
@@ -49,7 +49,7 @@
"rule_id":2,
"not_flag":3,
"attribute_name":4,
"clause_index":5
"condition_index":5
}
},
{
@@ -60,7 +60,7 @@
"custom": {
"rule_id":1,
"tags":6,
"clause_num":8
"condition_num":8
}
},
{
@@ -72,7 +72,7 @@
"custom": {
"rule_id":1,
"tags":6,
"clause_num":8
"condition_num":8
}
},
{
@@ -86,7 +86,7 @@
"rule_id":2,
"not_flag":3,
"attribute_name":4,
"clause_index":5
"condition_index":5
}
},
{

14
test/test_utils.cpp
View File

@@ -149,12 +149,12 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por
int rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long rule_id,
const char *user_region, int clause_num,
const char *user_region, int condition_num,
int expire_after)
{
char table_line[1024 * 16] = {0};
sprintf(table_line, "%lld\t0\t0\t0\t0\t0\t%s\t%d\t%d\t0.0",
rule_id, user_region, clause_num, op);
rule_id, user_region, condition_num, op);
struct maat_cmd_line line_rule;
line_rule.rule_id = rule_id;
@@ -165,21 +165,21 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
return maat_cmd_set_line(maat_inst, &line_rule);
}
#define TO_GROUP2X_KEY(group_id, parent_id, clause_index) \
(((unsigned long)group_id<<32|parent_id) + clause_index)
#define TO_GROUP2X_KEY(group_id, parent_id, condition_index) \
(((unsigned long)group_id<<32|parent_id) + condition_index)
int group2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long group_id,
long long rule_id, int not_flag,
const char *attribute_name, int clause_index,
const char *attribute_name, int condition_index,
int expire_after)
{
char table_line[128] = {0};
sprintf(table_line, "%lld\t%lld\t%d\t%s\t%d\t%d",
group_id, rule_id, not_flag, attribute_name, clause_index, op);
group_id, rule_id, not_flag, attribute_name, condition_index, op);
struct maat_cmd_line line_rule;
line_rule.rule_id = TO_GROUP2X_KEY(group_id, rule_id, clause_index);
line_rule.rule_id = TO_GROUP2X_KEY(group_id, rule_id, condition_index);
line_rule.table_line = table_line;
line_rule.table_name = table_name;
line_rule.expire_after = expire_after;

4
test/test_utils.h
View File

@@ -15,13 +15,13 @@ int write_json_to_iris(const char* json_fn, char *iris_path, size_t path_sz,
int rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long rule_id,
const char *user_region, int clause_num,
const char *user_region, int condition_num,
int expire_after);
int group2rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, long long group_id,
long long rule_id, int not_flag,
const char *attribute_name, int clause_index,
const char *attribute_name, int condition_index,
int expire_after);
int group2group_table_set_line(struct maat *maat_inst, const char *table_name,