gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add ci config

Browse Source
This commit is contained in:
liuwentan
2023-02-16 11:13:23 +08:00
parent 379efcf027
commit f688a99bd0
23 changed files with 2060 additions and 278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
test/adapter_hs_gtest.cpp
View File

@@ -41,6 +41,44 @@ enum hs_case_sensitive case_sensitive_str_to_enum(const char *str)
return case_sensitive;
}
int is_hexbin_str_to_int(const char *str)
{
int ret = 0;
if (strcmp(str, "yes") == 0) {
ret = 1;
}
return ret;
}
static int convertHextoint(char srctmp)
{
if (isdigit(srctmp)) {
return srctmp - '0';
} else {
char temp = toupper(srctmp);
temp = temp - 'A' + 10;
return temp;
}
}
static size_t hex2bin(char *hex, int hex_len, char *binary, size_t size)
{
size_t resultlen = 0;
int high,low;
for (int i = 0; i < hex_len && size > resultlen; i += 2, resultlen++) {
high = convertHextoint(hex[i]);
low = convertHextoint(hex[i+1]);
binary[resultlen] = high * 16 + low;
}
size = resultlen;
binary[resultlen] = '\0';
return resultlen;
}
int parse_config_file(const char *filename, and_expr_t exprs[], size_t *n_expr)
{
unsigned char *json_buff = NULL;
@@ -101,11 +139,26 @@ int parse_config_file(const char *filename, and_expr_t exprs[], size_t *n_expr)
exprs[i].patterns[j].case_sensitive = case_sensitive_str_to_enum(item->valuestring);
}
item = cJSON_GetObjectItem(pat_item, "is_hexbin");
if (item != NULL && item->type == cJSON_String) {
exprs[i].patterns[j].is_hexbin = is_hexbin_str_to_int(item->valuestring);
}
item = cJSON_GetObjectItem(pat_item, "pattern");
if (item != NULL && item->type == cJSON_String) {
exprs[i].patterns[j].pat = ALLOC(char, strlen(item->valuestring));
memcpy(exprs[i].patterns[j].pat, item->valuestring, strlen(item->valuestring));
exprs[i].patterns[j].pat_len = strlen(item->valuestring);
if (exprs[i].patterns[j].is_hexbin == 1) {
size_t pat_str_len = strlen(item->valuestring) + 1;
char *pat_str = ALLOC(char, pat_str_len);
pat_str_len = hex2bin(item->valuestring, strlen(item->valuestring), pat_str, pat_str_len);
memcpy(exprs[i].patterns[j].pat, pat_str, pat_str_len);
exprs[i].patterns[j].pat_len = pat_str_len;
} else {
memcpy(exprs[i].patterns[j].pat, item->valuestring, strlen(item->valuestring));
exprs[i].patterns[j].pat_len = strlen(item->valuestring);
}
}
if (exprs[i].patterns->match_mode == HS_MATCH_MODE_SUB) {
@@ -154,15 +207,15 @@ TEST(block_mode_initialize, invalid_input_parameter)
/* case1: invalid scan_mode parameter */
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_MAX, HS_PATTERN_TYPE_REG, 1, exprs, 1, g_logger);
EXPECT_EQ(hs_instance, nullptr);
EXPECT_EQ(hs_instance, NULL);
/* case2: invalid expr parameter */
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, nullptr, 1, g_logger);
EXPECT_EQ(hs_instance, nullptr);
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, NULL, 1, g_logger);
EXPECT_EQ(hs_instance, NULL);
/* case3: invalid expr num */
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, exprs, 0, g_logger);
EXPECT_EQ(hs_instance, nullptr);
EXPECT_EQ(hs_instance, NULL);
}
TEST(block_mode_scan, invalid_input_parameter)
@@ -170,24 +223,24 @@ TEST(block_mode_scan, invalid_input_parameter)
and_expr_t expr_array[64];
size_t n_expr_array = 0;
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, nullptr, 0, g_logger);
EXPECT_EQ(hs_instance, nullptr);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, NULL, 0, g_logger);
EXPECT_EQ(hs_instance, NULL);
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_MAX, HS_PATTERN_TYPE_REG, 1, expr_array, n_expr_array, g_logger);
EXPECT_EQ(hs_instance, nullptr);
EXPECT_EQ(hs_instance, NULL);
n_expr_array = 1;
expr_array[0].expr_id = 101;
expr_array[0].n_patterns = 10;
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, expr_array, n_expr_array, g_logger);
EXPECT_EQ(hs_instance, nullptr);
EXPECT_EQ(hs_instance, NULL);
memset(expr_array, 0, sizeof(expr_array));
n_expr_array = 1;
expr_array[0].expr_id = 101;
expr_array[0].n_patterns = 1;
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, expr_array, n_expr_array, g_logger);
EXPECT_EQ(hs_instance, nullptr);
EXPECT_EQ(hs_instance, NULL);
}
TEST(block_mode_scan, literal_sub_has_normal_offset)
@@ -197,10 +250,10 @@ TEST(block_mode_scan, literal_sub_has_normal_offset)
int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_expr_array, 15);
EXPECT_EQ(n_expr_array, 11);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello aaa";
@@ -227,7 +280,7 @@ TEST(block_mode_scan, literal_sub_has_normal_offset)
EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
hs_instance = NULL;
}
TEST(block_mode_scan, literal_sub_has_left_unlimit_offset)
@@ -237,10 +290,9 @@ TEST(block_mode_scan, literal_sub_has_left_unlimit_offset)
int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_expr_array, 15);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello bbb";
@@ -268,7 +320,7 @@ TEST(block_mode_scan, literal_sub_has_left_unlimit_offset)
EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
hs_instance = NULL;
}
TEST(block_mode_scan, literal_sub_has_right_unlimit_offset)
@@ -278,10 +330,9 @@ TEST(block_mode_scan, literal_sub_has_right_unlimit_offset)
int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_expr_array, 15);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello ccc";
@@ -324,7 +375,7 @@ TEST(block_mode_scan, literal_sub_has_right_unlimit_offset)
EXPECT_EQ(result[0].item_id, 103);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
hs_instance = NULL;
}
TEST(block_mode_scan, literal_sub_with_no_offset)
@@ -336,7 +387,7 @@ TEST(block_mode_scan, literal_sub_with_no_offset)
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello ddd";
@@ -371,7 +422,7 @@ TEST(block_mode_scan, literal_sub_with_no_offset)
EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
hs_instance = NULL;
}
TEST(block_mode_scan, literal_exactly)
@@ -383,7 +434,7 @@ TEST(block_mode_scan, literal_exactly)
EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello eee";
@@ -412,7 +463,7 @@ TEST(block_mode_scan, literal_exactly)
EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
hs_instance = NULL;
}
TEST(block_mode_scan, literal_prefix)
@@ -425,7 +476,7 @@ TEST(block_mode_scan, literal_prefix)
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1,
expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello fff";
@@ -463,7 +514,7 @@ TEST(block_mode_scan, literal_prefix)
EXPECT_EQ(result[0].item_id, 106);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
hs_instance = NULL;
}
TEST(block_mode_scan, literal_suffix)
@@ -476,7 +527,7 @@ TEST(block_mode_scan, literal_suffix)
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1,
expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello ggg";
@@ -514,33 +565,41 @@ TEST(block_mode_scan, literal_suffix)
EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
hs_instance = NULL;
}
// TEST(block_mode_scan, literal_sub_with_hexbin)
// {
// and_expr_t expr_array[64] = {0};
// size_t n_expr_array = 0;
TEST(block_mode_scan, literal_sub_with_hexbin)
{
and_expr_t expr_array[64] = {0};
size_t n_expr_array = 0;
// int ret = parse_config_file("./and_expr.conf", expr_array, &n_expr_array);
// EXPECT_EQ(ret, 0);
int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0);
// struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1,
// expr_array, n_expr_array, g_logger);
// EXPECT_NE(hs_instance, nullptr);
// expr_array_free(expr_array, n_expr_array);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1,
expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array);
// char data0[64] = "Cookie: Txa123aheadBCAxd";
// struct hs_scan_result result0[64] = {0};
// size_t n_result0 = 0;
// ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0);
// EXPECT_EQ(ret, 0);
// EXPECT_EQ(n_result0, 1);
// EXPECT_EQ(result0[0].item_id, 107);
char scan_data1[64] = "Content-Type: /html";
struct hs_scan_result result[64] = {0};
size_t n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 1);
EXPECT_EQ(result[0].item_id, 108);
// adapter_hs_destroy(hs_instance);
// hs_instance = nullptr;
// }
char scan_data2[64] = " html";
memset(result, 0, sizeof(result));
n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance);
hs_instance = NULL;
}
TEST(block_mode_scan, literal_with_chinese)
{
@@ -552,7 +611,7 @@ TEST(block_mode_scan, literal_with_chinese)
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1,
expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr);
EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array);
char data0[64] = "#中国 你好";
@@ -561,10 +620,10 @@ TEST(block_mode_scan, literal_with_chinese)
ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result0, 1);
EXPECT_EQ(result0[0].item_id, 114);
EXPECT_EQ(result0[0].item_id, 110);
adapter_hs_destroy(hs_instance);
hs_instance = nullptr;
hs_instance = NULL;
}
int main(int argc, char **argv)

2
test/maat_api_gtest.cpp
View File

@@ -12,4 +12,4 @@ int main(int argc, char ** argv)
::testing::InitGoogleTest(&argc, argv);
ret=RUN_ALL_TESTS();
return ret;
}
}

364
test/maat_framework_gtest.cpp
View File

@@ -11,6 +11,9 @@
#define MODULE_FRAMEWORK_GTEST module_name_str("maat.framework_gtest")
#define ARRAY_SIZE 10
#define HIT_PATH_SIZE 128
const char *table_info_path = "./table_info.conf";
const char *json_path="./maat_json.json";
const char *json_filename = "maat_json.json";
@@ -22,38 +25,33 @@ class MaatFlagScan : public testing::Test
{
protected:
static void SetUpTestCase() {
flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG");
expr_table_id = maat_table_get_id(g_maat_instance, "HTTP_URL");
}
static void TearDownTestCase() {
}
static int flag_table_id;
static int expr_table_id;
};
int MaatFlagScan::flag_table_id;
int MaatFlagScan::expr_table_id;
TEST_F(MaatFlagScan, basic) {
int flag_table_id = MaatFlagScan::flag_table_id;
int flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG");
//compile_id:192 flag: 0000 0001 mask: 0000 0011
//scan_data: 0000 1001 or 0000 1101 should hit
uint64_t scan_data = 9;
int results[5] = {0};
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results,
5, &n_hit_result, &state);
ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 192);
struct maat_hit_path hit_path[128] = {0};
struct maat_hit_path hit_path[HIT_PATH_SIZE] = {0};
int n_read = 0;
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, HIT_PATH_SIZE);
EXPECT_NE(n_read, 0);
maat_state_free(&state);
@@ -61,7 +59,7 @@ TEST_F(MaatFlagScan, basic) {
memset(results, 0, sizeof(results));
n_hit_result = 0;
ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results,
5, &n_hit_result, &state);
ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 192);
@@ -71,36 +69,36 @@ TEST_F(MaatFlagScan, basic) {
memset(results, 0, sizeof(results));
n_hit_result = 0;
ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results,
5, &n_hit_result, &state);
ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
EXPECT_EQ(n_hit_result, 0);
maat_state_free(&state);
}
TEST_F(MaatFlagScan, withExprRegion) {
int flag_table_id = MaatFlagScan::flag_table_id;
int expr_table_id = MaatFlagScan::expr_table_id;
int flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG");
int expr_table_id = maat_table_get_id(g_maat_instance, "HTTP_URL_LITERAL");
//compile_id:193 flag: 0000 0010 mask: 0000 0011
//scan_data: 0000 0010 or 0000 0100 should hit
uint64_t flag_scan_data = 2;
int results[5] = {0};
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, flag_scan_data, results,
5, &n_hit_result, &state);
ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
EXPECT_EQ(n_hit_result, 0);
struct maat_hit_path hit_path[128] = {0};
struct maat_hit_path hit_path[HIT_PATH_SIZE] = {0};
int n_read = 0;
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, HIT_PATH_SIZE);
EXPECT_NE(n_read, 0);
const char *expr_scan_data = "hello world";
ret = maat_scan_string(g_maat_instance, expr_table_id, 0, expr_scan_data, strlen(expr_scan_data),
results, 5, &n_hit_result, &state);
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 193);
@@ -108,26 +106,26 @@ TEST_F(MaatFlagScan, withExprRegion) {
}
TEST_F(MaatFlagScan, hitMultiCompile) {
int flag_table_id = MaatFlagScan::flag_table_id;
int flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG");
//compile_id:192 flag: 0000 0001 mask: 0000 0011
//compile_id:194 flag: 0001 0101 mask: 0001 1111
//scan_data: 0001 0101 should hit compile192 and compile194
uint64_t flag_scan_data = 21;
int results[5] = {0};
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, flag_scan_data, results,
5, &n_hit_result, &state);
ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 194);
EXPECT_EQ(results[1], 192);
struct maat_hit_path hit_path[128] = {0};
struct maat_hit_path hit_path[HIT_PATH_SIZE] = {0};
int n_read = 0;
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, HIT_PATH_SIZE);
EXPECT_NE(n_read, 0);
maat_state_free(&state);
@@ -137,7 +135,6 @@ class MaatStringScan : public testing::Test
{
protected:
static void SetUpTestCase() {
table_id = maat_table_get_id(g_maat_instance, "KEYWORDS_TABLE");
}
static void TearDownTestCase() {
@@ -149,35 +146,35 @@ protected:
int MaatStringScan::table_id;
TEST_F(MaatStringScan, Expr8) {
int table_id = MaatStringScan::table_id;
int table_id = maat_table_get_id(g_maat_instance, "KEYWORDS_TABLE");
char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8";
int results[5] = {0};
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
int ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data, strlen(scan_data),
results, 5, &n_hit_result, &state);
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 182);
struct maat_hit_path hit_path[128] = {0};
struct maat_hit_path hit_path[HIT_PATH_SIZE] = {0};
int n_read = 0;
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, sizeof(hit_path));
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, HIT_PATH_SIZE);
EXPECT_NE(n_read, 0);
maat_state_free(&state);
}
TEST_F(MaatStringScan, Regex) {
int ret = 0;
int results[5] = {0};
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *cookie = "Cookie: Txa123aheadBCAxd";
int table_id = maat_table_get_id(g_maat_instance, "HTTP_URL");
int table_id = maat_table_get_id(g_maat_instance, "HTTP_URL_REGEX");
ASSERT_GT(table_id, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, cookie, strlen(cookie),
results, 5, &n_hit_result, &state);
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 146);
maat_state_free(&state);
@@ -206,7 +203,7 @@ TEST_F(MaatStringScan, Regex) {
}
TEST_F(MaatStringScan, ExprPlus) {
int results[5] = {0};
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *region_name1 ="HTTP URL";
@@ -218,13 +215,13 @@ TEST_F(MaatStringScan, ExprPlus) {
ASSERT_GT(table_id, 0);
int ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
results, 5, &n_hit_result, &state);
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_ERR);//Should return error for district not setting.
ret = maat_state_set_scan_district(g_maat_instance, &state, region_name1, strlen(region_name1));
ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
results, 5, &n_hit_result, &state);
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 128);
maat_state_free(&state);
@@ -232,7 +229,7 @@ TEST_F(MaatStringScan, ExprPlus) {
ret = maat_state_set_scan_district(g_maat_instance, &state, region_name2, strlen(region_name2));
ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data2, strlen(scan_data2),
results, 5, &n_hit_result, &state);
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 190);
maat_state_free(&state);
@@ -241,7 +238,7 @@ TEST_F(MaatStringScan, ExprPlus) {
//TODO:
#if 0
TEST_F(MaatStringScan, ShouldNotHitExprPlus) {
int results[5] = {0};
int results[ARRAY] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *region_name = "tcp.payload";
@@ -266,13 +263,13 @@ TEST_F(MaatStringScan, ShouldNotHitExprPlus) {
ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, (char *)udp_payload_not_hit, sizeof(udp_payload_not_hit),
results, 5, &n_hit_result, &state);
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
maat_state_free(&state);
}
TEST_F(MaatStringScan, ExprPlusWithHex) {
int results[5] = {0};
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *scan_data1 = "text/html; charset=UTF-8";
@@ -286,19 +283,19 @@ TEST_F(MaatStringScan, ExprPlusWithHex) {
int ret = maat_state_set_scan_district(g_maat_instance, &state, region_name1, strlen(region_name1));
ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
results, 5, &n_hit_result, &state);
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 156);
ret = maat_state_set_scan_district(g_maat_instance, &state, region_name2, strlen(region_name2));
ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
results, 5, &n_hit_result, &state);
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
table_id = maat_table_get_id(g_maat_instance, "KEYWORDS_TABLE");
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data2, strlen(scan_data2),
results, 5, &n_hit_result, &state);
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 132);
maat_state_free(&state);
@@ -306,7 +303,7 @@ TEST_F(MaatStringScan, ExprPlusWithHex) {
TEST_F(MaatStringScan, ExprPlusWithOffset)
{
int results[5] = {0};
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *region_name = "Payload";
@@ -344,11 +341,11 @@ TEST_F(MaatStringScan, ExprPlusWithOffset)
EXPECT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, (char*)udp_payload_not_hit, sizeof(udp_payload_not_hit),
results, 5, &n_hit_result, &state);
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
ret = maat_scan_string(g_maat_instance, table_id, 0, (char*)udp_payload_hit, sizeof(udp_payload_hit),
results, 5, &n_hit_result, &state);
results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 148);
@@ -356,32 +353,117 @@ TEST_F(MaatStringScan, ExprPlusWithOffset)
}
#endif
TEST_F(MaatStringScan, dynamic_config) {
int table_id = maat_table_get_id(g_maat_instance, "HTTP_URL_LITERAL");
char data[128] = "hello world";
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
int ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results,
ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
EXPECT_EQ(n_hit_result, 0);
maat_state_free(&state);
/* add new line in GROUP2COMPILE table */
const char *g2c_table_name = "GROUP2COMPILE";
const char *g2c_table_line_add = "8888\t9999\t1\t0\tnull\t1";
struct maat_cmd_line line_rule;
line_rule.rule_id = 8888;
line_rule.table_line = g2c_table_line_add;
line_rule.table_name = g2c_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* add new line in COMPILE table */
const char *compile_table_name = "COMPILE";
const char *compile_table_line_add = "9999\t0\t0\t0\t0\t0\tanything\t1\t1\t0.0";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9999;
line_rule.table_line = compile_table_line_add;
line_rule.table_name = compile_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* add new line in HTTP_URL_LITERAL table */
const char *table_name = "HTTP_URL_LITERAL";
const char *table_line_add = "9999\t8888\thello world\t0\t0\t0\t1\t";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9999;
line_rule.table_line = table_line_add;
line_rule.table_name = table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
sleep(2);
state = NULL;
ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results,
ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 9999);
maat_state_free(&state);
/* del new line from HTTP_URL_LITERAL table */
const char *table_line_del = "9999\t8888\thello world\t0\t0\t0\t0\t";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9999;
line_rule.table_line = table_line_del;
line_rule.table_name = table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* del new line from COMPILE table */
const char *compile_table_line_del = "9999\t0\t0\t0\t0\t0\tanything\t0\t1\t0.0";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9999;
line_rule.table_line = compile_table_line_del;
line_rule.table_name = compile_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* del new line from GROUP2COMPILE table */
const char *g2c_table_line_del = "8888\t9999\t0\t0\tnull\t1";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 8888;
line_rule.table_line = g2c_table_line_del;
line_rule.table_name = g2c_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
sleep(2);
state = NULL;
ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results,
ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
EXPECT_EQ(n_hit_result, 0);
maat_state_free(&state);
}
class MaatIPScan : public testing::Test
{
protected:
static void SetUpTestCase() {
table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG");
}
static void TearDownTestCase() {
}
static int table_id;
};
int MaatIPScan::table_id;
TEST_F(MaatIPScan, IPv4) {
int table_id = MaatIPScan::table_id;
int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG");
char ip_str[32] = "10.0.7.100";
uint32_t sip;
int ret = inet_pton(AF_INET, ip_str, &sip);
EXPECT_EQ(ret, 1);
int results[3] = {-1};
int results[ARRAY_SIZE] = {-1};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, 3,
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
&n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
@@ -391,16 +473,16 @@ TEST_F(MaatIPScan, IPv4) {
}
TEST_F(MaatIPScan, IPv6) {
int table_id = MaatIPScan::table_id;
int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG");
char ip_str[32] = "1001:da8:205:1::101";
uint8_t sip[16];
int ret = inet_pton(AF_INET6, ip_str, &sip);
EXPECT_EQ(ret, 1);
int results[3] = {-1};
int results[ARRAY_SIZE] = {-1};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
ret = maat_scan_ipv6(g_maat_instance, table_id, 0, sip, results, 3,
ret = maat_scan_ipv6(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
&n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
@@ -409,70 +491,150 @@ TEST_F(MaatIPScan, IPv6) {
maat_state_free(&state);
}
TEST_F(MaatStringScan, dynamic_config) {
int table_id = maat_table_get_id(g_maat_instance, "HTTP_URL");
char data[128] = "hello world";
int results[5] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
int ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
EXPECT_EQ(n_hit_result, 0);
maat_state_free(&state);
const char *table_name = "HTTP_URL";
const char *table_line = "9999\t8888\thello world\t0\t0\t0\t1\t";
struct maat_cmd_line line_rule;
line_rule.rule_id = 101;
line_rule.table_line = table_line;
line_rule.table_name = table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
sleep(2);
state = NULL;
ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 9999);
maat_state_free(&state);
}
TEST_F(MaatIPScan, dynamic_config) {
int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG");
char ip_str[32] = "10.0.6.201";
char ip_str[32] = "100.100.100.100";
uint32_t sip;
int ret = inet_pton(AF_INET, ip_str, &sip);
EXPECT_EQ(ret, 1);
int results[3] = {-1};
int results[ARRAY_SIZE] = {-1};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
EXPECT_EQ(n_hit_result, 0);
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
&n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 169);
maat_state_free(&state);
const char *table_name = "IP_PLUS_CONFIG";
const char *table_line = "9998\t8887\t4\trange\t10.0.6.201\t255.255.0.0\trange\t0\t65535\t6\t0\t1";
/* add new line in GROUP2COMPILE table */
const char *g2c_table_name = "GROUP2COMPILE";
const char *g2c_table_line_add = "8887\t9998\t1\t0\tnull\t1";
struct maat_cmd_line line_rule;
line_rule.rule_id = 101;
line_rule.table_line = table_line;
line_rule.rule_id = 8887;
line_rule.table_line = g2c_table_line_add;
line_rule.table_name = g2c_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* add new line in COMPILE table */
const char *compile_table_name = "COMPILE";
const char *compile_table_line_add = "9998\t0\t0\t0\t0\t0\tanything\t1\t1\t0.0";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9998;
line_rule.table_line = compile_table_line_add;
line_rule.table_name = compile_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* add new line in IP_PLUS_CONFIG */
const char *table_name = "IP_PLUS_CONFIG";
const char *table_line_add = "9998\t8887\t4\trange\t100.100.100.100\t100.100.100.100\trange\t0\t65535\trange\t10.0.6.201\t255.255.0.0\trange\t0\t65535\t6\t0\t1";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9998;
line_rule.table_line = table_line_add;
line_rule.table_name = table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 0);
EXPECT_EQ(ret, 1);
sleep(2);
state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state);
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
&n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 9998);
EXPECT_EQ(results[1], 169);
maat_state_free(&state);
/* del new line in IP_PLUS_CONFIG */
const char *table_line_del = "9998\t8887\t4\trange\t100.100.100.100\t100.100.100.100\trange\t0\t65535\trange\t10.0.6.201\t255.255.0.0\trange\t0\t65535\t6\t0\t0";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9998;
line_rule.table_line = table_line_del;
line_rule.table_name = table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* del new line in COMPILE table */
const char *compile_table_line_del = "9998\t0\t0\t0\t0\t0\tanything\t0\t1\t0.0";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9998;
line_rule.table_line = compile_table_line_del;
line_rule.table_name = compile_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* del new line in GROUP2COMPILE table */
const char *g2c_table_line_del = "8887\t9998\t0\t0\tnull\t1";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 8887;
line_rule.table_line = g2c_table_line_del;
line_rule.table_name = g2c_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
}
class MaatIntervalScan : public testing::Test
{
protected:
static void SetUpTestCase() {
}
static void TearDownTestCase() {
}
};
#if 0
TEST_F(MaatIntervalScan, Pure) {
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *table_name = "CONTENT_SIZE";
int table_id = maat_table_get_id(g_maat_instance, table_name);
ASSERT_GT(table_id, 0);
unsigned int scan_data1 = 2015;
int ret = maat_scan_integer(g_maat_instance, table_id, 0, scan_data1, results, ARRAY_SIZE,
&n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
maat_state_free(&state);
unsigned int scan_data2 = 300;
int ret = maat_scan_integer(g_maat_instance, table_id, 0, scan_data2, results, ARRAY_SIZE,
&n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 124);
maat_state_free(&state);
}
TEST_F(MaatIntervalScan, IntervalPlus) {
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *table_name = "INTERGER_PLUS";
int table_id = maat_table_get_id(g_maat_instance, table_name);
ASSERT_GT(table_id, 0);
const char *district_str = "interval.plus";
int ret = maat_state_set_scan_district(g_maat_instance, &state, district_str, strlen(district_str));
ASSERT_GT(ret, 0);
unsigned int scan_data1 = 2020;
ret = maat_scan_integer(g_maat_instance, table_id, 0, scan_data1, results, ARRAY_SIZE,
&n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 179);
maat_state_free(&state);
}
#endif
int count_line_num_cb(const char *table_name, const char *line, void *u_para)
{
(*((unsigned int *)u_para))++;
@@ -527,12 +689,12 @@ int write_config_to_redis(char *redis_ip, int redis_port, int redis_db,
snprintf(json_iris_path, sizeof(json_iris_path), "./%s_iris_tmp", json_filename);
redisContext *c = maat_cmd_connect_redis(redis_ip, redis_port, redis_db, logger);
if (nullptr == c) {
if (NULL == c) {
return -1;
}
redisReply *reply = maat_cmd_wrap_redis_command(c, "flushdb");
if (nullptr == reply) {
if (NULL == reply) {
return -1;
}

8
test/maat_input_mode_gtest.cpp
View File

@@ -34,7 +34,7 @@ TEST(json_mode, maat_scan_string) {
maat_options_set_json_file(opts, json_path);
struct maat *maat_instance = maat_new(opts, table_info_path);
EXPECT_NE(maat_instance, nullptr);
EXPECT_NE(maat_instance, NULL);
int table_id = maat_table_get_id(maat_instance, "KEYWORDS_TABLE");
@@ -79,7 +79,7 @@ TEST(iris_mode, maat_scan_string) {
maat_options_set_iris(opts, tmp_iris_full_idx_path, tmp_iris_inc_idx_path);
struct maat *maat_instance = maat_new(opts, table_info_path);
EXPECT_NE(maat_instance, nullptr);
EXPECT_NE(maat_instance, NULL);
int table_id = maat_table_get_id(maat_instance, "KEYWORDS_TABLE");
@@ -153,10 +153,10 @@ TEST(redis_mode, maat_scan_string) {
snprintf(json_iris_path, sizeof(json_iris_path), "./%s_iris_tmp", json_filename);
redisContext *c = maat_cmd_connect_redis(redis_ip, redis_port, redis_db, g_logger);
EXPECT_NE(c, nullptr);
EXPECT_NE(c, NULL);
redisReply *reply = maat_cmd_wrap_redis_command(c, "flushdb");
EXPECT_NE(reply, nullptr);
EXPECT_NE(reply, NULL);
if (access(json_iris_path, F_OK) < 0) {
char tmp_iris_path[128] = {0};

48
test/maat_json.json
View File

@@ -231,7 +231,7 @@
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "abckkk&123",
@@ -285,7 +285,7 @@
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "should_not_hit_any_rule",
@@ -376,7 +376,7 @@
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "C#中国",
@@ -506,7 +506,7 @@
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "novel&27122.txt",
@@ -609,7 +609,7 @@
{
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "should&hit&aaa",
@@ -636,7 +636,7 @@
{
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "should&hit&bbb",
@@ -689,7 +689,7 @@
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "i.ytimg.com",
@@ -714,7 +714,7 @@
{
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": ",IgpwcjA0LnN2bzAzKgkxMjcuMC4wLjE",
@@ -740,7 +740,7 @@
"not_flag":0,
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-143",
@@ -755,7 +755,7 @@
"not_flag":1,
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-143",
@@ -781,7 +781,7 @@
"not_flag":0,
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-144",
@@ -822,7 +822,7 @@
"not_flag":0,
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "must-contained-string-of-rule-145",
@@ -851,7 +851,7 @@
{
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_REGEX",
"table_type": "expr",
"table_content": {
"keywords": "Cookie:\\s&head",
@@ -876,7 +876,7 @@
{
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "googlevideo.com/videoplayback&mn=sn-35153iuxa-5a56%2Csn-n8v7znz7",
@@ -1315,7 +1315,7 @@
"not_flag":0,
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "https://blog.csdn.net/littlefang/article/details/8213058",
@@ -1469,7 +1469,7 @@
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "cavemancircus.com/",
@@ -1511,7 +1511,7 @@
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "2019/12/27/pretty-girls-6",
@@ -1538,7 +1538,7 @@
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "2019/12/27",
@@ -1565,7 +1565,7 @@
"group_name": "Untitled",
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "2019/12/27",
@@ -1992,7 +1992,7 @@
"table_content": {
"keywords": "string1&string2&string3&string4&string5&string6&string7&string8",
"expr_type": "and",
"match_method": "expr",
"match_method": "sub",
"format": "uncase plain"
}
}
@@ -2096,7 +2096,7 @@
"not_flag": 1,
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-186",
@@ -2148,7 +2148,7 @@
"not_flag": 1,
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-187",
@@ -2200,7 +2200,7 @@
"not_flag": 1,
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "must-not-contained-string-of-rule-188",
@@ -2368,7 +2368,7 @@
{
"regions": [
{
"table_name": "HTTP_URL",
"table_name": "HTTP_URL_LITERAL",
"table_type": "expr",
"table_content": {
"keywords": "hello",

40
test/rcu_hash_gtest.cpp
View File

@@ -14,14 +14,14 @@ void data_free(void *user_ctx, void *data)
}
TEST(rcu_hash_new, invalid_input_parameter) {
struct rcu_hash_table *htable = rcu_hash_new(nullptr);
EXPECT_EQ(htable, nullptr);
struct rcu_hash_table *htable = rcu_hash_new(NULL);
EXPECT_EQ(htable, NULL);
}
TEST(rcu_hash_add_one_node, single_thread) {
/* add one node to hash */
struct rcu_hash_table *htable = rcu_hash_new(data_free);
EXPECT_NE(htable, nullptr);
EXPECT_NE(htable, NULL);
struct user_data *data = ALLOC(struct user_data, 1);
data->id = 101;
@@ -35,7 +35,7 @@ TEST(rcu_hash_add_one_node, single_thread) {
/* find in hash before commit */
void *res = rcu_hash_find(htable, key, key_len);
EXPECT_EQ(res, nullptr);
EXPECT_EQ(res, NULL);
int ret = rcu_hash_count(htable);
EXPECT_EQ(ret, 0);
@@ -51,7 +51,7 @@ TEST(rcu_hash_add_one_node, single_thread) {
/* find in hash after commit */
res = rcu_hash_find(htable, key, key_len);
EXPECT_NE(res, nullptr);
EXPECT_NE(res, NULL);
struct user_data *res_data = (struct user_data *)res;
EXPECT_EQ(res_data->id, 101);
@@ -72,7 +72,7 @@ TEST(rcu_hash_add_one_node, single_thread) {
TEST(rcu_hash_add_multi_node, single_thread) {
/* add multi node to hash */
struct rcu_hash_table *htable = rcu_hash_new(data_free);
EXPECT_NE(htable, nullptr);
EXPECT_NE(htable, NULL);
struct user_data *data0 = ALLOC(struct user_data, 1);
data0->id = 101;
@@ -92,9 +92,9 @@ TEST(rcu_hash_add_multi_node, single_thread) {
/* find in hash before commit */
void *res = rcu_hash_find(htable, key0, key0_len);
EXPECT_EQ(res, nullptr);
EXPECT_EQ(res, NULL);
res = rcu_hash_find(htable, key1, key1_len);
EXPECT_EQ(res, nullptr);
EXPECT_EQ(res, NULL);
int ret = rcu_hash_count(htable);
EXPECT_EQ(ret, 0);
@@ -110,14 +110,14 @@ TEST(rcu_hash_add_multi_node, single_thread) {
/* find in hash after commit */
res = rcu_hash_find(htable, key0, key0_len);
EXPECT_NE(res, nullptr);
EXPECT_NE(res, NULL);
struct user_data *res_data0 = (struct user_data *)res;
EXPECT_EQ(res_data0->id, 101);
EXPECT_STREQ(res_data0->name, "www.baidu.com");
res = rcu_hash_find(htable, key1, key1_len);
EXPECT_NE(res, nullptr);
EXPECT_NE(res, NULL);
struct user_data *res_data1 = (struct user_data *)res;
EXPECT_EQ(res_data1->id, 102);
@@ -138,7 +138,7 @@ TEST(rcu_hash_add_multi_node, single_thread) {
TEST(rcu_hash_del_one_node, single_thread) {
/* case1: add and del before commit */
struct rcu_hash_table *htable = rcu_hash_new(data_free);
EXPECT_NE(htable, nullptr);
EXPECT_NE(htable, NULL);
struct user_data *data = ALLOC(struct user_data, 1);
data->id = 101;
@@ -156,7 +156,7 @@ TEST(rcu_hash_del_one_node, single_thread) {
/* find in hash before commit */
void *res = rcu_hash_find(htable, key, key_len);
EXPECT_EQ(res, nullptr);
EXPECT_EQ(res, NULL);
ret = rcu_hash_count(htable);
EXPECT_EQ(ret, 0);
@@ -173,7 +173,7 @@ TEST(rcu_hash_del_one_node, single_thread) {
/* find in hash after commit */
res = rcu_hash_find(htable, key, key_len);
EXPECT_EQ(res, nullptr);
EXPECT_EQ(res, NULL);
/* case2: add && commit, and del */
struct user_data *data1 = ALLOC(struct user_data, 1);
@@ -190,7 +190,7 @@ TEST(rcu_hash_del_one_node, single_thread) {
rcu_hash_del(htable, key1, key1_len);
res = rcu_hash_find(htable, key1, key1_len);
EXPECT_NE(res, nullptr);
EXPECT_NE(res, NULL);
struct user_data *res_data = (struct user_data *)res;
EXPECT_EQ(res_data->id, 102);
@@ -205,7 +205,7 @@ TEST(rcu_hash_del_one_node, single_thread) {
/* delete commit */
rcu_hash_commit(htable);
res = rcu_hash_find(htable, key1, key1_len);
EXPECT_EQ(res, nullptr);
EXPECT_EQ(res, NULL);
ret = rcu_hash_count(htable);
EXPECT_EQ(ret, 0);
@@ -219,7 +219,7 @@ TEST(rcu_hash_del_one_node, single_thread) {
TEST(rcu_hash_del_multi_node, single_thread) {
/* case1: add and del before commit */
struct rcu_hash_table *htable = rcu_hash_new(data_free);
EXPECT_NE(htable, nullptr);
EXPECT_NE(htable, NULL);
struct user_data *data1 = ALLOC(struct user_data, 1);
data1->id = 101;
@@ -239,7 +239,7 @@ TEST(rcu_hash_del_multi_node, single_thread) {
/* find in hash before commit */
void *res = rcu_hash_find(htable, key1, key1_len);
EXPECT_EQ(res, nullptr);
EXPECT_EQ(res, NULL);
int ret = rcu_hash_count(htable);
EXPECT_EQ(ret, 0);
@@ -257,10 +257,10 @@ TEST(rcu_hash_del_multi_node, single_thread) {
/* find in hash after commit */
res = rcu_hash_find(htable, key1, key1_len);
EXPECT_EQ(res, nullptr);
EXPECT_EQ(res, NULL);
res = rcu_hash_find(htable, key2, key2_len);
EXPECT_NE(res, nullptr);
EXPECT_NE(res, NULL);
ret = rcu_hash_count(htable);
EXPECT_EQ(ret, 1);
@@ -277,4 +277,4 @@ int main(int argc, char ** argv)
::testing::InitGoogleTest(&argc, argv);
ret=RUN_ALL_TESTS();
return ret;
}
}

7
test/rule/full/HTTP_URL.000001
View File

@@ -1,7 +0,0 @@
0000000006
101 1 hello 0 0 0 1
102 2 maat 0 0 0 1
103 3 [W|w]orld 2 0 0 1
104 4 hello&world 1 0 0 1
105 5 [0-9]hello&world 2 0 0 1
106 6 [0-9]hello&[0-9]world 2 0 0 1

1
test/rule/full/index/full_config_index.000001
View File

@@ -1 +0,0 @@
HTTP_URL 6 /home/liuwentan/project/maat-v4/test/rule/full/HTTP_URL.000001

60
test/table_info.conf
View File

@@ -42,7 +42,7 @@
},
{
"table_id":3,
"table_name":"HTTP_URL",
"table_name":"HTTP_URL_LITERAL",
"table_type":"expr",
"valid_column":7,
"custom": {
@@ -55,26 +55,10 @@
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":3,
"table_name":"HTTP_HOST",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
},
{
"table_id":4,
"table_name":"KEYWORDS_TABLE",
"table_name":"HTTP_URL_REGEX",
"table_type":"expr",
"valid_column":7,
"custom": {
@@ -90,6 +74,38 @@
},
{
"table_id":5,
"table_name":"HTTP_HOST",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":6,
"table_name":"KEYWORDS_TABLE",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":7,
"table_name":"IP_CONFIG",
"table_type":"ip_plus",
"valid_column":18,
@@ -103,7 +119,7 @@
}
},
{
"table_id":6,
"table_id":8,
"table_name":"CONTENT_SIZE",
"table_type":"intval",
"valid_column":5,
@@ -115,7 +131,7 @@
}
},
{
"table_id":7,
"table_id":9,
"table_name":"QD_ENTRY_INFO",
"table_type":"plugin",
"valid_column":4,
@@ -125,7 +141,7 @@
}
},
{
"table_id":9,
"table_id":10,
"table_name":"HTTP_SIGNATURE",
"table_type":"expr_plus",
"valid_column":8,