gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

rule sort support priority

Browse Source
This commit is contained in:
liuchang
2024-11-28 02:29:33 +00:00
parent 2ef61c51f9
commit e8b826b754
6 changed files with 209 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/maat_config_monitor.c
View File

@@ -373,6 +373,11 @@ void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff)
*/
cJSON *tmp_rule = NULL;
cJSON_ArrayForEach(tmp_rule, rules) {
cJSON *priority_obj = cJSON_GetObjectItem(tmp_rule, "priority");
if (priority_obj == NULL) {
cJSON_AddNumberToObject(tmp_rule, "priority", 1000);
}
cJSON *tmp_and_condition = NULL;
cJSON *condition_array = cJSON_GetObjectItem(tmp_rule, "and_conditions");
cJSON_ArrayForEach(tmp_and_condition, condition_array) {

235
src/maat_rule.c
View File

@@ -42,13 +42,6 @@ struct rule_schema {
struct log_handle *logger;
};
struct rule_item {
int condition_num;
uuid_t rule_uuid;
char *table_line;
size_t table_line_len;
};
struct condition_query_key {
uuid_t object_uuid;
char field_name[MAX_FIELD_NAME_LEN];
@@ -131,9 +124,9 @@ struct rule_sort_para {
struct maat_rule {
uint32_t magic_num;
int condition_num;
int ptiority;
int table_id;
uuid_t rule_uuid;
void *user_data; // rule_item
struct rule_condition conditions[MAX_ITEMS_PER_BOOL_EXPR];
};
@@ -161,26 +154,10 @@ static UT_icd ut_object_uuid_icd = {sizeof(uuid_t), NULL, NULL, NULL};
static UT_icd ut_maat_item_icd = {sizeof(struct maat_item), NULL, NULL, NULL};
static UT_icd ut_hit_path_icd = {sizeof(struct internal_hit_path), NULL, NULL, NULL};
static void rule_item_free(struct rule_item *item)
{
item->condition_num = 0;
if (item->table_line != NULL) {
FREE(item->table_line);
}
FREE(item);
}
static void maat_rule_free(struct maat_rule *rule)
{
struct rule_condition *condition = NULL;
if (rule->user_data != NULL) {
rule_item_free(rule->user_data);
rule->user_data = NULL;
}
for (int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) {
condition = rule->conditions + i;
@@ -232,9 +209,45 @@ static int validate_table_not_condition(struct rule_runtime *rule_rt,
return 0;
}
static int rule_accept_tag_match(struct rule_schema *schema, const char *line,
const char *table_name, struct log_handle *logger)
{
size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr);
cJSON *tmp_obj = NULL;
cJSON *table_json = cJSON_Parse(line);
int ret = TAG_MATCH_MATCHED;
tmp_obj = cJSON_GetObjectItem(table_json, "effective_range");
if ((tmp_obj && cJSON_GetArraySize(tmp_obj) > 0) && n_tag > 0) {
char *tag_str = cJSON_Print(tmp_obj);
ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
FREE(tag_str);
if (TAG_MATCH_ERR == ret) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has invalid tag format in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto END;
}
if (TAG_MATCH_UNMATCHED == ret) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has unmatched tag in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto END;
}
}
END:
if (table_json) {
cJSON_Delete(table_json);
}
return ret;
}
static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule_schema *schema,
const char *table_name, uuid_t rule_uuid,
const char *table_line, struct rule_item *rule_item)
const char *table_name, uuid_t rule_uuid, const char *table_line)
{
struct maat_rule *rule = ALLOC(struct maat_rule, 1);
struct log_handle *logger = rule_rt->logger;
@@ -250,10 +263,25 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
goto error;
}
int ret = rule_accept_tag_match(schema, table_line, table_name, logger);
if (ret == TAG_MATCH_UNMATCHED) {
goto error;
}
rule->table_id = table_id;
rule->magic_num = MAAT_RULE_MAGIC;
uuid_copy(rule->rule_uuid, rule_uuid);
tmp_obj = cJSON_GetObjectItem(table_json, "priority");
if (tmp_obj == NULL || tmp_obj->type != cJSON_Number) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has no priority or not number format",
__FUNCTION__, __LINE__, table_name);
goto error;
}
rule->ptiority = tmp_obj->valueint;
for(int i = 0; i < MAX_ITEMS_PER_BOOL_EXPR; i++) {
utarray_new(rule->conditions[i].literals, &ut_condition_literal_icd);
rule->conditions[i].in_use = 0;
@@ -346,9 +374,6 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule
condition->in_use = 1;
}
rule_item->condition_num = rule->condition_num;
rule->user_data = rule_item;
if (table_json) {
cJSON_Delete(table_json);
}
@@ -367,78 +392,6 @@ error:
return NULL;
}
static int rule_accept_tag_match(struct rule_schema *schema, const char *line,
const char *table_name, struct log_handle *logger)
{
size_t n_tag = table_manager_accept_tags_count(schema->ref_tbl_mgr);
cJSON *tmp_obj = NULL;
cJSON *table_json = cJSON_Parse(line);
int ret = TAG_MATCH_MATCHED;
tmp_obj = cJSON_GetObjectItem(table_json, "effective_range");
if ((tmp_obj && cJSON_GetArraySize(tmp_obj) > 0) && n_tag > 0) {
char *tag_str = cJSON_Print(tmp_obj);
ret = table_manager_accept_tags_match(schema->ref_tbl_mgr, tag_str);
FREE(tag_str);
if (TAG_MATCH_ERR == ret) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has invalid tag format in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto END;
}
if (TAG_MATCH_UNMATCHED == ret) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has unmatched tag in line:%s",
__FUNCTION__, __LINE__, table_name, line);
goto END;
}
}
END:
if (table_json) {
cJSON_Delete(table_json);
}
return ret;
}
static struct rule_item *rule_item_new(const char *table_line, struct rule_schema *schema,
const char *table_name, struct log_handle *logger)
{
int ret = rule_accept_tag_match(schema, table_line, table_name, logger);
if (ret == TAG_MATCH_UNMATCHED) {
return NULL;
}
cJSON *tmp_obj = NULL;
struct rule_item *rule_item = ALLOC(struct rule_item, 1);
cJSON *table_json = cJSON_Parse(table_line);
tmp_obj = cJSON_GetObjectItem(table_json, "uuid");
if (tmp_obj == NULL && tmp_obj->type != cJSON_String) {
log_fatal(logger, MODULE_RULE,
"[%s:%d] table: <%s> has no rule_id or not string format in line:%s",
__FUNCTION__, __LINE__, table_name, table_line);
goto error;
}
uuid_parse(tmp_obj->valuestring, rule_item->rule_uuid);
rule_item->table_line_len = strlen(table_line);
rule_item->table_line = ALLOC(char, rule_item->table_line_len + 1);
memcpy(rule_item->table_line, table_line, rule_item->table_line_len);
cJSON_Delete(table_json);
return rule_item;
error:
if (table_json) {
cJSON_Delete(table_json);
}
FREE(rule_item);
return NULL;
}
static void rcu_rule_cfg_free(void *user_ctx, void *data)
{
struct maat_rule *rule = (struct maat_rule *)data;
@@ -805,8 +758,8 @@ maat_rule_bool_matcher_match(struct rule_runtime *rule_rt,
continue;
}
if (rule->user_data != NULL) {
user_data_array[ud_result_cnt] = rule->user_data;
if (rule != NULL) {
user_data_array[ud_result_cnt] = rule;
ud_result_cnt++;
}
}
@@ -1106,13 +1059,13 @@ size_t rule_runtime_get_hit_paths(struct rule_runtime *rule_rt, int thread_id,
int bool_match_ret =
bool_matcher_match(rule_rt->bm,
(unsigned long long *)utarray_eltptr(rule_compile_state->all_hit_conditions, 0),
utarray_len(rule_compile_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM);
utarray_len(rule_compile_state->all_hit_conditions), expr_match, MAX_HIT_RULE_NUM);//TODO: maat_state_compile
for (int idx = 0; idx < bool_match_ret; idx++) {
rule = (struct maat_rule *)expr_match[idx].user_tag;
assert(rule->magic_num == MAAT_RULE_MAGIC);
assert(uuid_compare(rule->rule_uuid, expr_match[idx].expr_uuid) == 0);
if (0 == rule->condition_num || NULL == rule->user_data) {
if (0 == rule->condition_num) {
continue;
}
@@ -1263,14 +1216,13 @@ int rule_runtime_update_rule_exdata(struct rule_runtime *rule_rt,
if (NULL == json) {
log_debug(rule_rt->logger, MODULE_RULE,
"[%s:%d]parse row failed when updating rule exdata, row:%s", __FUNCTION__, __LINE__, row);
return -1;
goto ERROR;
}
cJSON *uuid_obj = cJSON_GetObjectItem(json, "uuid");
if (NULL == uuid_obj) {
log_debug(rule_rt->logger, MODULE_RULE,
"[%s:%d]get uuid failed when updating rule exdata, row:%s", __FUNCTION__, __LINE__, row);
cJSON_Delete(json);
return -1;
goto ERROR;
}
uuid_t key;
@@ -1283,7 +1235,7 @@ int rule_runtime_update_rule_exdata(struct rule_runtime *rule_rt,
// delete
ret = ex_data_runtime_del_ex_container(rule_rt->ex_data_rt, (char*)&key, key_len);
if (ret < 0) {
return -1;
goto ERROR;
}
} else {
// add
@@ -1298,7 +1250,8 @@ int rule_runtime_update_rule_exdata(struct rule_runtime *rule_rt,
"key:%s", __FUNCTION__, __LINE__, table_name, key);
ex_container_free(rule_rt->ex_data_rt, ex_container);
//don't return failed, ignore the case of adding duplicate keys
return 0;
ret = 0;
goto ERROR;
}
}
}
@@ -1308,7 +1261,14 @@ int rule_runtime_update_rule_exdata(struct rule_runtime *rule_rt,
rule_rt->exdata_num = ex_data_runtime_cached_row_count(rule_rt->ex_data_rt);
}
cJSON_Delete(json);
return 0;
ERROR:
if (json != NULL) {
cJSON_Delete(json);
}
return ret;
}
int rule_runtime_commit_exdata(void *rule_runtime, const char *table_name,
@@ -1371,11 +1331,6 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
const char *line, struct log_handle *logger)
{
struct maat_rule *rule = NULL;
struct rule_item *rule_item = rule_item_new(line, schema, table_name,
rule_rt->logger);
if (NULL == rule_item) {
goto ERROR;
}
int table_id = table_manager_get_table_id(schema->ref_tbl_mgr, table_name);
if (table_id < 0) {
@@ -1402,7 +1357,7 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
goto ERROR;
}
rule = maat_rule_new(rule_rt, schema, table_name, *rule_uuid, line, rule_item);
rule = maat_rule_new(rule_rt, schema, table_name, *rule_uuid, line);
if (NULL == rule) {
log_fatal(logger, MODULE_RULE,
"[%s:%d]maat_rule_new failed, drop line:%s",
@@ -1415,10 +1370,6 @@ rule_runtime_add_rule(struct rule_runtime *rule_rt,
return 0;
ERROR:
if (rule_item != NULL) {
rule_item_free(rule_item);
}
return -1;
}
@@ -1643,41 +1594,25 @@ long long rule_runtime_update_err_count(void *rule_runtime)
return rule_rt->update_err_cnt;
}
static int rule_sort_para_compare(const struct rule_sort_para *a,
const struct rule_sort_para *b)
static int compare_rule(const void *a, const void *b)
{
//If rule rule's execute sequences are not specified or equal.
if (a->condition_num != b->condition_num) {
return (a->condition_num - b->condition_num);
const struct maat_rule *ra = *(const struct maat_rule **)a;
const struct maat_rule *rb = *(const struct maat_rule **)b;
if (ra->ptiority != rb->ptiority) {
return (ra->ptiority - rb->ptiority);
} else if (ra->condition_num != rb->condition_num) {
return (rb->condition_num - ra->condition_num);
} else {
return uuid_compare(b->rule_uuid, a->rule_uuid);
return uuid_compare(rb->rule_uuid, ra->rule_uuid);
}
}
static void rule_sort_para_set(struct rule_sort_para *para,
const struct rule_item *item)
{
uuid_copy(para->rule_uuid, item->rule_uuid);
para->condition_num = item->condition_num;
}
static int compare_rule_item(const void *a, const void *b)
{
const struct rule_item *ra = *(const struct rule_item **)a;
const struct rule_item *rb = *(const struct rule_item **)b;
struct rule_sort_para sa, sb;
rule_sort_para_set(&sa, ra);
rule_sort_para_set(&sb, rb);
return rule_sort_para_compare(&sa, &sb);
}
int rule_runtime_match(int table_id, struct rule_runtime *rule_rt, uuid_t *rule_uuids,
size_t rule_ids_size, struct maat_state *state)
{
struct rule_compile_state *rule_compile_state = state->rule_compile_state;
struct rule_item *rule_items[rule_ids_size];
struct maat_rule *rules[rule_ids_size];
int clear_scan_not_obj_flag = 0;
utarray_clear(rule_compile_state->all_hit_conditions);
@@ -1765,15 +1700,15 @@ int rule_runtime_match(int table_id, struct rule_runtime *rule_rt, uuid_t *rule_
size_t bool_match_ret =
maat_rule_bool_matcher_match(rule_rt, rule_compile_state,
state->thread_id,
(void **)rule_items,
(void **)rules,
rule_ids_size);
if (bool_match_ret > 0) {
qsort(rule_items, bool_match_ret, sizeof(struct rule_item *),
compare_rule_item);
qsort(rules, bool_match_ret, sizeof(struct maat_rule *),
compare_rule);
}
for (size_t i = 0; i < bool_match_ret; i++) {
uuid_copy(rule_uuids[i], rule_items[i]->rule_uuid);
uuid_copy(rule_uuids[i], rules[i]->rule_uuid);
}
return MIN(bool_match_ret, rule_ids_size);

174
test/maat_framework_gtest.cpp
View File

@@ -18,6 +18,7 @@
#define ARRAY_SIZE 10
#define HIT_PATH_SIZE 128
#define WAIT_FOR_EFFECTIVE_S 2
#define RULE_PRIORITY_DEFAULT 1000
const char *g_table_info_path = "./table_info.json";
const char *g_json_filename = "maat_json.json";
@@ -51,7 +52,8 @@ static int test_add_expr_command(struct maat *maat_inst, const char *expr_table,
and_condition->or_conditions[0].object_uuids_str[0] = object_uuid_str;
and_condition->or_conditions[0].object_num = 1;
ret = rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_ADD,
rule_uuid_str, and_condition, 1, NULL, timeout);
rule_uuid_str, and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, timeout);
EXPECT_EQ(ret, 1);
return ret;
@@ -755,7 +757,8 @@ TEST_P(StringScan, BackslashR_N_Escape_IncUpdate) {
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
and_condition.or_conditions[0].object_num = 1;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule_uuid_str, &and_condition, 1, NULL, 0);
rule_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 3);
@@ -1008,9 +1011,9 @@ TEST_P(StringScan, PrefixAndSuffix) {
EXPECT_EQ(n_hit_result, 2);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000152");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151");
maat_state_reset(state);
ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_field_name, hit_suffix,
@@ -1040,9 +1043,9 @@ TEST_P(StringScan, PrefixAndSuffix) {
n_hit_result = maat_state_compile(state, default_rule_table_name, results, exdata_array, ARRAY_SIZE);
EXPECT_EQ(n_hit_result, 2);
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000152");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151");
maat_state_free(state);
state = NULL;
@@ -1696,7 +1699,8 @@ TEST_P(StringScan, dynamic_config) {
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule_uuid_str, &and_condition, 1, NULL, 0);
rule_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 3);
@@ -1721,7 +1725,8 @@ TEST_P(StringScan, dynamic_config) {
/* rule table del line */
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
rule_uuid_str, &and_condition, 1, NULL, 0);
rule_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -2332,7 +2337,8 @@ TEST_F(IPScan, RuleUpdates) {
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
and_condition.or_conditions[0].field_name = field_name;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule_uuid_str, &and_condition, 1, NULL, 0);
rule_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -2357,7 +2363,8 @@ TEST_F(IPScan, RuleUpdates) {
/* rule table del line */
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
rule_uuid_str, &and_condition, 1, NULL, 0);
rule_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -5537,14 +5544,14 @@ TEST_F(Policy, EvaluationOrder) {
EXPECT_EQ(n_hit_result, 3);
char uuid_str[UUID_STR_LEN] = {0};
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000166");
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000168");
uuid_unparse(results[2], uuid_str);
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000167");
uuid_unparse(results[2], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000166");
struct maat_hit_path hit_path[128];
memset(hit_path, 0, sizeof(hit_path));
size_t n_hit_path = maat_state_get_hit_paths(state, hit_path, 128);
@@ -5620,8 +5627,8 @@ TEST_F(Policy, EvaluationOrder) {
n_hit_result = maat_state_compile(state, default_rule_table_name, results, exdata_array, ARRAY_SIZE);
EXPECT_EQ(n_hit_result, 4);
uuid_unparse(results[3], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000165");
uuid_unparse(results[0], uuid_str);
EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000165");//higher priority
maat_state_free(state);
}
@@ -6262,7 +6269,8 @@ TEST_F(MaatCmd, SetIP) {
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule_uuid_str, &and_condition, 1, NULL, 0);
rule_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6339,10 +6347,10 @@ TEST_F(MaatCmd, SetExpr) {
maat_state_reset(state);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule_uuid_str1,
&and_condition1, 1, NULL, 0);
&and_condition1, 1, NULL, RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule_uuid_str2,
&and_condition2, 1, NULL, 0);
&and_condition2, 1, NULL, RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6417,7 +6425,8 @@ TEST_F(MaatCmd, SetExpr8) {
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule_uuid_str, &and_condition, 1, NULL, 0);
rule_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6486,7 +6495,8 @@ TEST_F(MaatCmd, ObjectScan) {
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule_uuid_str, &and_condition, 1, NULL, 0);
rule_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6553,7 +6563,8 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) {
and_condition[1].or_conditions[0].object_num = 1;
and_condition[1].or_conditions[0].object_uuids_str[0] = object_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule_uuid_str, and_condition, 2, NULL, 0); // rule has two condition
rule_uuid_str, and_condition, 2, NULL,
RULE_PRIORITY_DEFAULT, 0); // rule has two condition
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6608,7 +6619,7 @@ TEST_F(MaatCmd, RuleIDRecycle) {
maat_state_reset(state);
rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_DEL, rule_uuid_str, &and_condition, 1, NULL, 0);
rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_DEL, rule_uuid_str, &and_condition, 1, NULL, RULE_PRIORITY_DEFAULT, 0);
sleep(WAIT_FOR_EFFECTIVE_S);
ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), state);
@@ -6736,7 +6747,8 @@ TEST_F(MaatCmd, SubObject) {
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, &and_condition, 1, NULL, 0);
rule1_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
//rule2
@@ -6745,7 +6757,8 @@ TEST_F(MaatCmd, SubObject) {
char rule2_uuid_str[UUID_STR_LEN] = {0};
snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule2_uuid_str, &and_condition, 1, NULL, 0);
rule2_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -6774,7 +6787,8 @@ TEST_F(MaatCmd, SubObject) {
\_ X -> rule2
*/
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
rule2_uuid_str, &and_condition, 1, NULL, 0);
rule2_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6796,12 +6810,14 @@ TEST_F(MaatCmd, SubObject) {
\_ -> rule2
*/
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
rule1_uuid_str, &and_condition, 1, NULL, 0);
rule1_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
and_condition.or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule2_uuid_str, &and_condition, 1, NULL, 0);
rule2_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6854,11 +6870,13 @@ TEST_F(MaatCmd, SubObject) {
*/
and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, &and_condition, 1, NULL, 0);
rule1_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
rule1_uuid_str, &and_condition, 1, NULL, 0);
rule1_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6911,7 +6929,8 @@ TEST_F(MaatCmd, RefObject) {
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, &and_condition, 1, NULL, 0);
rule1_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -6919,14 +6938,15 @@ TEST_F(MaatCmd, RefObject) {
/* item1 -> object1 -> X
item2 -> object2 -> rule1
*/
rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule1_uuid_str, &and_condition, 1, NULL, 0);
rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL, rule1_uuid_str, &and_condition, 1, NULL, RULE_PRIORITY_DEFAULT, 0);
long long object2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_OBJECT", 1);
char object2_uuid_str[UUID_STR_LEN] = {0};
snprintf(object2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", object2_id);
and_condition.or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, &and_condition, 1, NULL, 0);
rule1_uuid_str, &and_condition, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
long long item2_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1);
@@ -7008,7 +7028,8 @@ TEST_F(MaatCmd, Field) {
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 2, NULL, 0);
rule1_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -7044,14 +7065,16 @@ TEST_F(MaatCmd, Field) {
//delete object1
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
rule1_uuid_str, and_conditions, 2, NULL, 0);
rule1_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
and_conditions[0].negate_option = 0;
and_conditions[0].or_condition_num = 1;
and_conditions[0].or_conditions[0].field_name = field_resp_name;
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 1, NULL, 0);
rule1_uuid_str, and_conditions, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -7353,14 +7376,16 @@ TEST_F(MaatCmd, RuleEXData) {
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str;
int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, &and_condition, 1, "test:rule1,1111", 0);
rule1_uuid_str, &and_condition, 1, "test:rule1,1111",
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
char rule2_uuid_str[UUID_STR_LEN] = {0};
snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule2_uuid_str, &and_condition, 1, "test:rule2,2222", 0);
rule2_uuid_str, &and_condition, 1, "test:rule2,2222",
RULE_PRIORITY_DEFAULT, 0);
sleep(WAIT_FOR_EFFECTIVE_S);
*ex_data_counter = 0;
@@ -7389,6 +7414,7 @@ TEST_F(MaatCmd, RuleEXData) {
uuid_unparse(results[1], uuid_str);
EXPECT_STREQ(uuid_str, rule1_uuid_str);
maat_state_free(state);
ASSERT_TRUE(exdata_array[0] != NULL);
struct rule_ex_param *param = (struct rule_ex_param *)exdata_array[0];
@@ -7399,7 +7425,8 @@ TEST_F(MaatCmd, RuleEXData) {
EXPECT_EQ(param->id, 1111);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
rule2_uuid_str, &and_condition, 1, "test:rule2,2222", 0);
rule2_uuid_str, &and_condition, 1, "test:rule2,2222",
RULE_PRIORITY_DEFAULT, 0);
sleep(WAIT_FOR_EFFECTIVE_S);
EXPECT_EQ(param->id, 1111);
sleep(2);
@@ -7837,7 +7864,8 @@ TEST_F(MaatCmd, ObjectInMassRules) {
rule_id[i] = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id[i]);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule_uuid_str, and_conditions, 2, "mass_rule", 0);
rule_uuid_str, and_conditions, 2, "mass_rule",
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
}
@@ -7860,7 +7888,8 @@ TEST_F(MaatCmd, ObjectInMassRules) {
target_and_conditions[1].or_conditions[0].object_num = 1;
target_and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
target_rule_uuid_str, target_and_conditions, 2, "null", 0);
target_rule_uuid_str, target_and_conditions, 2, "null",
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -7965,7 +7994,8 @@ TEST_F(MaatCmd, HitObject) {
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 2, NULL, 0);
rule1_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
/* item1 -> object1 -> rule1
@@ -8230,7 +8260,8 @@ TEST_F(MaatCmd, HitPathBasic) {
and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 2, NULL, 0);
rule1_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
/* item1 -> object1 -> rule1
@@ -8570,7 +8601,8 @@ TEST_F(MaatCmd, HitPathAdvanced) {
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 2, NULL, 0);
rule1_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
/* item1 -> object1 -> rule1
@@ -8629,7 +8661,8 @@ TEST_F(MaatCmd, HitPathAdvanced) {
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule2_uuid_str, and_conditions, 2, NULL, 0);
rule2_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
@@ -8674,7 +8707,8 @@ TEST_F(MaatCmd, HitPathAdvanced) {
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object4_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule3_uuid_str, and_conditions, 2, NULL, 0);
rule3_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9009,7 +9043,8 @@ TEST_F(MaatCmd, HitPathHasNotObject) {
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 2, NULL, 0);
rule1_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
/* !(item1 -> object1) -> rule1
@@ -9331,14 +9366,16 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) {
and_condition.or_conditions[0].object_num = 1;
and_condition.or_conditions[0].object_uuids_str[0] = object52_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule2_uuid_str, &and_condition, 1, "HTTP_RESPONSE_HEADER", 0);
rule2_uuid_str, &and_condition, 1, "HTTP_RESPONSE_HEADER",
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
long long rule3_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1);
char rule3_uuid_str[UUID_STR_LEN] = {0};
snprintf(rule3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule3_id);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule3_uuid_str, &and_condition, 1, "HTTP_RESPONSE_HEADER", 0);
rule3_uuid_str, &and_condition, 1, "HTTP_RESPONSE_HEADER",
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9455,7 +9492,8 @@ TEST_F(MaatCmd, ObjectEdit) {
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 2, NULL, 0);
rule1_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9582,7 +9620,8 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) {
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object11_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 1, NULL, 0);
rule1_uuid_str, and_conditions, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9610,7 +9649,8 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) {
EXPECT_STREQ(uuid_str, rule1_uuid_str);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_DEL,
rule1_uuid_str, and_conditions, 1, NULL, 0);
rule1_uuid_str, and_conditions, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
int hit_cnt = 0;
@@ -9668,7 +9708,8 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 1, NULL, 0);
rule1_uuid_str, and_conditions, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9710,7 +9751,8 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) {
snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id);
and_conditions[0].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule2_uuid_str, and_conditions, 1, NULL, 0);
rule2_uuid_str, and_conditions, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
//DON'T DO THIS!!!
@@ -9763,7 +9805,8 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) {
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 1, NULL, 0);
rule1_uuid_str, and_conditions, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S);
@@ -9851,7 +9894,8 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) {
and_conditions[0].or_conditions[0].object_num = 1;
and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 1, NULL, 0);
rule1_uuid_str, and_conditions, 1, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9946,7 +9990,8 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 2, NULL, 0);
rule1_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -9976,7 +10021,8 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) {
char rule2_uuid_str[UUID_STR_LEN] = {0};
snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule2_uuid_str, and_conditions, 2, NULL, 0);
rule2_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -10056,7 +10102,8 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) {
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 2, NULL, 0);
rule1_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -10164,7 +10211,8 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 2, NULL, 0);
rule1_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -10191,7 +10239,8 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) {
char rule2_uuid_str[UUID_STR_LEN] = {0};
snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id);
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule2_uuid_str, and_conditions, 2, NULL, 0);
rule2_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);
@@ -10269,7 +10318,8 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) {
and_conditions[1].or_conditions[0].object_num = 1;
and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str;
ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD,
rule1_uuid_str, and_conditions, 2, NULL, 0);
rule1_uuid_str, and_conditions, 2, NULL,
RULE_PRIORITY_DEFAULT, 0);
EXPECT_EQ(ret, 1);
sleep(WAIT_FOR_EFFECTIVE_S * 2);

2
test/maat_json.json
View File

@@ -1970,7 +1970,7 @@
"do_log": 1,
"action_parameter": "EvaluationOrder",
"is_valid": "yes",
"evaluation_order": "2.111",
"priority": 1,
"and_conditions": [
{
"field_name": "HTTP_URL",

5
test/test_utils.cpp
View File

@@ -138,7 +138,8 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por
int rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, const char *rule_uuid_str,
struct maat_cmd_and_condition and_conditions[],
int condition_num, const char *action_para_str, int expire_after)
int condition_num, const char *action_para_str,
int priority, int expire_after)
{
cJSON *json_root = cJSON_CreateObject();
@@ -177,6 +178,8 @@ int rule_table_set_line(struct maat *maat_inst, const char *table_name,
cJSON_AddStringToObject(json_root, "action_parameter", action_para_str);
}
cJSON_AddNumberToObject(json_root, "priority", priority);
char *json_str = cJSON_PrintUnformatted(json_root);
struct maat_cmd_line line_rule;

3
test/test_utils.h
View File

@@ -23,7 +23,8 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por
int rule_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, const char *rule_uuid_str,
struct maat_cmd_and_condition and_conditions[],
int condition_num, const char *action_para_str, int expire_after);
int condition_num, const char *action_para_str,
int priority, int expire_after);
int object_group_table_set_line(struct maat *maat_inst, const char *table_name,
enum maat_operation op, const char *object_uuid_str,