gfwleak/tango-maat
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add ci config

Browse Source
This commit is contained in:
liuwentan
2023-02-16 11:13:23 +08:00
parent 379efcf027
commit f688a99bd0
23 changed files with 2060 additions and 278 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
# Vscode
.vscode/*

224
.gitlab-ci.yml Normal file
View File

@@ -0,0 +1,224 @@
variables:
GIT_STRATEGY: "clone"
BUILD_IMAGE_CENTOS7: "git.mesalab.cn:7443/mesa_platform/build-env:master"
BUILD_IMAGE_CENTOS8: "git.mesalab.cn:7443/mesa_platform/build-env:rockylinux"
BUILD_PADDING_PREFIX: /tmp/padding_for_CPACK_RPM_BUILD_SOURCE_DIRS_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX_PREFIX/
INSTALL_DEPENDENCY_LIBRARY: framework_env openssl-devel libasan
stages:
- build
.build_before_script:
before_script:
- mkdir -p $BUILD_PADDING_PREFIX/$CI_PROJECT_NAMESPACE/
- ln -s $CI_PROJECT_DIR $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
- cd $BUILD_PADDING_PREFIX/$CI_PROJECT_PATH
- chmod +x ./ci/travis.sh
- yum makecache
- yum install -y elfutils-libelf-devel
.build_by_travis_for_centos7:
stage: build
image: $BUILD_IMAGE_CENTOS7
extends: .build_before_script
script:
- yum install -y libmnl-devel
- yum install -y libnfnetlink-devel
- ./ci/travis.sh
- cd build
tags:
- share
.build_by_travis_for_centos8:
stage: build
image: $BUILD_IMAGE_CENTOS8
extends: .build_before_script
script:
- dnf --enablerepo=powertools install -y libmnl-devel
- dnf --enablerepo=powertools install -y libnfnetlink-devel
- ./ci/travis.sh
tags:
- share
branch_build_debug_for_centos7:
stage: build
extends: .build_by_travis_for_centos7
variables:
BUILD_TYPE: Debug
except:
- /^develop.*$/i
- /^master.*$/i
- tags
branch_build_release_for_centos7:
stage: build
variables:
BUILD_TYPE: RelWithDebInfo
extends: .build_by_travis_for_centos7
except:
- /^develop.*$/i
- /^master.*$/i
- tags
develop_build_debug_for_centos7:
stage: build
extends: .build_by_travis_for_centos7
variables:
BUILD_TYPE: Debug
PACKAGE: 1
UPLOAD: 1
ASAN_OPTION: ADDRESS
TESTING_VERSION_BUILD: 1
PULP3_REPO_NAME: framework-testing-x86_64.el7
PULP3_DIST_NAME: framework-testing-x86_64.el7
artifacts:
name: "maatframe-$CI_COMMIT_REF_NAME-debug"
paths:
- build/*.rpm
only:
- /^develop.*$/i
- /^master.*$/i
develop_build_release_for_centos7:
stage: build
extends: .build_by_travis_for_centos7
variables:
BUILD_TYPE: RelWithDebInfo
PACKAGE: 1
UPLOAD: 1
TESTING_VERSION_BUILD: 1
PULP3_REPO_NAME: framework-testing-x86_64.el7
PULP3_DIST_NAME: framework-testing-x86_64.el7
artifacts:
name: "maatframe-$CI_COMMIT_REF_NAME-release"
paths:
- build/*.rpm
only:
- /^develop.*$/i
- /^master.*$/i
release_build_debug_for_centos7:
stage: build
variables:
BUILD_TYPE: Debug
PACKAGE: 1
UPLOAD: 1
PULP3_REPO_NAME: framework-stable-x86_64.el7
PULP3_DIST_NAME: framework-stable-x86_64.el7
extends: .build_by_travis_for_centos7
artifacts:
name: "maatframe-$CI_COMMIT_REF_NAME-debug"
paths:
- build/*.rpm
only:
- tags
release_build_release_for_centos7:
stage: build
variables:
BUILD_TYPE: RelWithDebInfo
PACKAGE: 1
UPLOAD: 1
UPLOAD_SYMBOL_FILES: 1
SYMBOL_TARGET: libmaatframe
PULP3_REPO_NAME: framework-stable-x86_64.el7
PULP3_DIST_NAME: framework-stable-x86_64.el7
extends: .build_by_travis_for_centos7
artifacts:
name: "maatframe-$CI_COMMIT_REF_NAME-release"
paths:
- build/*.rpm
only:
- tags
branch_build_debug_for_centos8:
stage: build
extends: .build_by_travis_for_centos8
variables:
BUILD_TYPE: Debug
except:
- /^develop.*$/i
- /^master.*$/i
- tags
branch_build_release_for_centos8:
stage: build
variables:
BUILD_TYPE: RelWithDebInfo
extends: .build_by_travis_for_centos8
except:
- /^develop.*$/i
- /^master.*$/i
- tags
develop_build_debug_for_centos8:
stage: build
extends: .build_by_travis_for_centos8
variables:
BUILD_TYPE: Debug
PACKAGE: 1
UPLOAD: 1
ASAN_OPTION: ADDRESS
TESTING_VERSION_BUILD: 1
PULP3_REPO_NAME: framework-testing-x86_64.el8
PULP3_DIST_NAME: framework-testing-x86_64.el8
artifacts:
name: "maatframe-$CI_COMMIT_REF_NAME-debug"
paths:
- build/*.rpm
only:
- /^develop.*$/i
- /^master.*$/i
develop_build_release_for_centos8:
stage: build
extends: .build_by_travis_for_centos8
variables:
BUILD_TYPE: RelWithDebInfo
PACKAGE: 1
UPLOAD: 1
TESTING_VERSION_BUILD: 1
PULP3_REPO_NAME: framework-testing-x86_64.el8
PULP3_DIST_NAME: framework-testing-x86_64.el8
artifacts:
name: "maatframe-$CI_COMMIT_REF_NAME-release"
paths:
- build/*.rpm
only:
- /^develop.*$/i
- /^master.*$/i
release_build_debug_for_centos8:
stage: build
variables:
BUILD_TYPE: Debug
PACKAGE: 1
UPLOAD: 1
PULP3_REPO_NAME: framework-stable-x86_64.el8
PULP3_DIST_NAME: framework-stable-x86_64.el8
extends: .build_by_travis_for_centos8
artifacts:
name: "maatframe-$CI_COMMIT_REF_NAME-debug"
paths:
- build/*.rpm
only:
- tags
release_build_release_for_centos8:
stage: build
variables:
BUILD_TYPE: RelWithDebInfo
PACKAGE: 1
UPLOAD: 1
UPLOAD_SYMBOL_FILES: 1
SYMBOL_TARGET: libmaatframe
PULP3_REPO_NAME: framework-stable-x86_64.el8
PULP3_DIST_NAME: framework-stable-x86_64.el8
extends: .build_by_travis_for_centos8
artifacts:
name: "maatframe-$CI_COMMIT_REF_NAME-release"
paths:
- build/*.rpm
only:
- tags

0
VERSION Normal file
View File

1268
autorevision.sh Normal file
View File

File diff suppressed because it is too large Load Diff

25
readme.md
View File

@@ -0,0 +1,25 @@
# 简介
MAAT是古埃及神话中真理与正义女神她的羽毛feather能够判断离世之人能否前往天堂。
MAAT框架对网络流处理中的配置进行抽象并具有配置写入、多机同步基于Redis、加载、扫描的功能。
maat.h中描述了初始化和配置扫描的API。
maat_command.h中描述了配置写入的API。
# 编译
普通编译
` Make`
带调试符号编译
`Make debug`
安装
`Make install`
生成动态链接库 `./build/src/libmaatframe.so`
生成静态链接库 `./build/src/libmaatframe.a`

53
scanner/adapter_hs.cpp
View File

@@ -465,6 +465,29 @@ int is_real_matched_pattern(struct matched_pattern *matched_pat, enum hs_match_m
return -1; return -1;
} }
int hs_tag_validate(struct hs_tag *hs_tag, struct matched_pattern_container *matched_pat_container,
size_t data_len)
{
/* check if real matched pattern, because pattern match_mode is different */
for (size_t i = 0; i < hs_tag->n_pat_attr; i++) {
struct matched_pattern *tmp_matched_pat = NULL;
int pattern_id = hs_tag->pat_attr[i].pattern_id;
HASH_FIND_INT(matched_pat_container->pat_hash, &pattern_id, tmp_matched_pat);
if (tmp_matched_pat) {
int matched_ret = is_real_matched_pattern(tmp_matched_pat,
hs_tag->pat_attr[i].match_mode,
data_len,
hs_tag->pat_attr[i].l_offset,
hs_tag->pat_attr[i].r_offset);
if (matched_ret < 0) {
return -1;
}
}
}
return 0;
}
int adapter_hs_scan(struct adapter_hs *hs_instance, int thread_id, int adapter_hs_scan(struct adapter_hs *hs_instance, int thread_id,
const char *data, size_t data_len, const char *data, size_t data_len,
struct hs_scan_result *results, struct hs_scan_result *results,
@@ -518,7 +541,6 @@ int adapter_hs_scan(struct adapter_hs *hs_instance, int thread_id,
} }
int ret = 0; int ret = 0;
int matched_index = 0;
int real_matched_index = 0; int real_matched_index = 0;
struct hs_tag *hs_tag = NULL; struct hs_tag *hs_tag = NULL;
struct bool_expr_match *bool_matcher_results = ALLOC(struct bool_expr_match, hs_instance->n_expr); struct bool_expr_match *bool_matcher_results = ALLOC(struct bool_expr_match, hs_instance->n_expr);
@@ -533,29 +555,20 @@ int adapter_hs_scan(struct adapter_hs *hs_instance, int thread_id,
bool_matcher_ret = n_result; bool_matcher_ret = n_result;
} }
for (matched_index = 0; matched_index < bool_matcher_ret; matched_index++) { for (int index = 0; index < bool_matcher_ret; index++) {
hs_tag = (struct hs_tag *)bool_matcher_results[matched_index].user_tag; hs_tag = (struct hs_tag *)bool_matcher_results[index].user_tag;
/* check if real matched pattern, because pattern match_mode is different */ int tag_ret = hs_tag_validate(hs_tag, &matched_pat_container, data_len);
for (i = 0; i < hs_tag->n_pat_attr; i++) { if (tag_ret < 0) {
struct matched_pattern *tmp_matched_pat = NULL; //bool_matcher_results[index] is invalid hit, continue
int pattern_id = hs_tag->pat_attr[i].pattern_id; continue;
HASH_FIND_INT(matched_pat_container.pat_hash, &pattern_id, tmp_matched_pat); }
if (tmp_matched_pat) {
int matched_ret = is_real_matched_pattern(tmp_matched_pat, results[real_matched_index].item_id = bool_matcher_results[index].expr_id;
hs_tag->pat_attr[i].match_mode,
data_len,
hs_tag->pat_attr[i].l_offset,
hs_tag->pat_attr[i].r_offset);
if (0 == matched_ret) {
results[real_matched_index].item_id = bool_matcher_results[matched_index].expr_id;
results[real_matched_index].user_tag = hs_tag->user_tag; results[real_matched_index].user_tag = hs_tag->user_tag;
real_matched_index++; real_matched_index++;
break;
}
}
}
} }
*n_hit_result = real_matched_index; *n_hit_result = real_matched_index;
next: next:
FREE(bool_matcher_results); FREE(bool_matcher_results);

2
scanner/adapter_hs.h
View File

@@ -34,6 +34,7 @@ enum hs_scan_mode {
/* match method */ /* match method */
enum hs_match_mode { enum hs_match_mode {
HS_MATCH_MODE_INVALID = -1,
HS_MATCH_MODE_EXACTLY = 1, /* scan data must match pattern exactly */ HS_MATCH_MODE_EXACTLY = 1, /* scan data must match pattern exactly */
HS_MATCH_MODE_PREFIX, /* pattern must in the head of scan_data */ HS_MATCH_MODE_PREFIX, /* pattern must in the head of scan_data */
HS_MATCH_MODE_SUFFIX, /* pattern must in the end of scan_data */ HS_MATCH_MODE_SUFFIX, /* pattern must in the end of scan_data */
@@ -60,6 +61,7 @@ struct hs_scan_result {
typedef struct { typedef struct {
enum hs_case_sensitive case_sensitive; enum hs_case_sensitive case_sensitive;
enum hs_match_mode match_mode; enum hs_match_mode match_mode;
int is_hexbin; /* 1(yes) 0(no) */
/* /*
* just match in scan_data's range of [l_offset, r_offset], -1 means no limits * just match in scan_data's range of [l_offset, r_offset], -1 means no limits

7
src/maat_api.c
View File

@@ -865,8 +865,7 @@ int maat_scan_integer(struct maat *maat_instance, int table_id, int thread_id,
} }
int group_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt, int group_hit_cnt = interval_runtime_scan((struct interval_runtime *)interval_rt,
thread_id, thread_id, intval, group_ids,
intval, group_ids,
MAX_SCANNER_HIT_GROUP_NUM, MAX_SCANNER_HIT_GROUP_NUM,
vtable_id, mid); vtable_id, mid);
if (group_hit_cnt < 0) { if (group_hit_cnt < 0) {
@@ -1141,8 +1140,8 @@ int maat_scan_string(struct maat *maat_instance, int table_id, int thread_id,
} }
int group_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt, int group_hit_cnt = expr_runtime_scan((struct expr_runtime *)expr_rt,
thread_id, thread_id, data, data_len,
data, data_len, group_ids, group_ids,
MAX_SCANNER_HIT_GROUP_NUM, MAX_SCANNER_HIT_GROUP_NUM,
vtable_id, mid); vtable_id, mid);
if (group_hit_cnt < 0) { if (group_hit_cnt < 0) {

6
src/maat_compile.c
View File

@@ -1065,7 +1065,7 @@ maat_compile_bool_matcher_new(struct maat_compile *compile_hash,
//TODO:mytest need to delete //TODO:mytest need to delete
#if 0 #if 0
printf("bool_matcher_new....................\n"); printf("bool_matcher_new....................expr_cnt:%zu\n", expr_cnt);
for (expr_index = 0; expr_index < expr_cnt; expr_index++) { for (expr_index = 0; expr_index < expr_cnt; expr_index++) {
printf("bool_expr_array[%zu].expr_id:%llu, item_num:%zu\n", expr_index, bool_expr_array[expr_index].expr_id, printf("bool_expr_array[%zu].expr_id:%llu, item_num:%zu\n", expr_index, bool_expr_array[expr_index].expr_id,
bool_expr_array[expr_index].item_num); bool_expr_array[expr_index].item_num);
@@ -1780,9 +1780,9 @@ int maat_compile_state_update(struct maat_item *item_hash, int vtable_id,
for (size_t i = 0; i < hit_item_cnt; i++) { for (size_t i = 0; i < hit_item_cnt; i++) {
HASH_FIND_INT(item_hash, &(hit_item_ids[i]), item); HASH_FIND_INT(item_hash, &(hit_item_ids[i]), item);
assert(item != NULL); //assert(item != NULL);
if (!item) { if (!item) {
// should not come here // item config has been deleted
continue; continue;
} }

31
src/maat_expr.c
View File

@@ -41,6 +41,7 @@ struct expr_schema {
}; };
enum expr_type { enum expr_type {
EXPR_TYPE_INVALID = -1,
EXPR_TYPE_STRING = 0, EXPR_TYPE_STRING = 0,
EXPR_TYPE_AND, EXPR_TYPE_AND,
EXPR_TYPE_REGEX, EXPR_TYPE_REGEX,
@@ -91,7 +92,7 @@ struct expr_runtime {
enum expr_type int_to_expr_type(int expr_type) enum expr_type int_to_expr_type(int expr_type)
{ {
enum expr_type type = EXPR_TYPE_MAX; enum expr_type type = EXPR_TYPE_INVALID;
switch (expr_type) { switch (expr_type) {
case 0: case 0:
@@ -115,7 +116,7 @@ enum expr_type int_to_expr_type(int expr_type)
enum hs_match_mode int_to_match_mode(int match_method) enum hs_match_mode int_to_match_mode(int match_method)
{ {
enum hs_match_mode mode = HS_MATCH_MODE_MAX; enum hs_match_mode mode = HS_MATCH_MODE_INVALID;
switch (match_method) { switch (match_method) {
case 0: case 0:
@@ -197,6 +198,12 @@ struct expr_item *expr_item_new(const char *line, struct expr_schema *expr_schem
expr_type = atoi(line + column_offset); expr_type = atoi(line + column_offset);
expr_item->expr_type = int_to_expr_type(expr_type); expr_item->expr_type = int_to_expr_type(expr_type);
if (expr_item->expr_type == EXPR_TYPE_INVALID) {
log_error(logger, MODULE_EXPR,
"expr table(table_id:%d) line:%s has invalid expr_type",
expr_schema->table_id, line);
goto error;
}
ret = get_column_pos(line, expr_schema->match_method_column, &column_offset, &column_len); ret = get_column_pos(line, expr_schema->match_method_column, &column_offset, &column_len);
if (ret < 0) { if (ret < 0) {
@@ -208,6 +215,12 @@ struct expr_item *expr_item_new(const char *line, struct expr_schema *expr_schem
match_method_type = atoi(line + column_offset); match_method_type = atoi(line + column_offset);
expr_item->match_mode = int_to_match_mode(match_method_type); expr_item->match_mode = int_to_match_mode(match_method_type);
if (expr_item->match_mode == HS_MATCH_MODE_INVALID) {
log_error(logger, MODULE_EXPR,
"expr table(table_id:%d) line:%s has invalid match_method",
expr_schema->table_id, line);
goto error;
}
ret = get_column_pos(line, expr_schema->is_hexbin_column, &column_offset, &column_len); ret = get_column_pos(line, expr_schema->is_hexbin_column, &column_offset, &column_len);
if (ret < 0) { if (ret < 0) {
@@ -522,7 +535,7 @@ enum hs_pattern_type expr_type2pattern_type(enum expr_type expr_type)
return pattern_type; return pattern_type;
} }
int convertHextoint(char srctmp) static int convertHextoint(char srctmp)
{ {
if (isdigit(srctmp)) { if (isdigit(srctmp)) {
return srctmp - '0'; return srctmp - '0';
@@ -533,7 +546,7 @@ int convertHextoint(char srctmp)
} }
} }
size_t hex2bin(char *hex, int hex_len, char *binary, size_t size) static size_t hex2bin(char *hex, int hex_len, char *binary, size_t size)
{ {
size_t resultlen = 0; size_t resultlen = 0;
int high,low; int high,low;
@@ -559,8 +572,13 @@ and_expr_t *expr_item_to_expr_rule(struct expr_item *expr_item, void *user_data,
char *tmp = NULL; char *tmp = NULL;
char *saveptr = NULL; char *saveptr = NULL;
char *sub_key_array[MAAT_MAX_EXPR_ITEM_NUM]; char *sub_key_array[MAAT_MAX_EXPR_ITEM_NUM];
int key_left_offset[MAAT_MAX_EXPR_ITEM_NUM] = {-1}; int key_left_offset[MAAT_MAX_EXPR_ITEM_NUM];
int key_right_offset[MAAT_MAX_EXPR_ITEM_NUM] = {-1}; int key_right_offset[MAAT_MAX_EXPR_ITEM_NUM];
/* -1 means offset no limit, As long as the pattern appears in the scan data, it will hit */
memset(key_left_offset, -1, sizeof(key_left_offset));
memset(key_right_offset, -1, sizeof(key_right_offset));
and_expr_t *expr_rule = ALLOC(and_expr_t, 1); and_expr_t *expr_rule = ALLOC(and_expr_t, 1);
switch (expr_item->expr_type) { switch (expr_item->expr_type) {
@@ -852,6 +870,7 @@ int expr_runtime_scan(struct expr_runtime *expr_rt, int thread_id,
struct maat_item_inner *item = NULL; struct maat_item_inner *item = NULL;
int real_hit_item_cnt = 0; int real_hit_item_cnt = 0;
int district_id = state->district_id; int district_id = state->district_id;
for (size_t i = 0; i < n_hit_item; i++) { for (size_t i = 0; i < n_hit_item; i++) {
item = (struct maat_item_inner *)(hit_results[i].user_tag); item = (struct maat_item_inner *)(hit_results[i].user_tag);
if (item->district_id == district_id || district_id == DISTRICT_ANY) { if (item->district_id == district_id || district_id == DISTRICT_ANY) {

3
src/maat_ip.c
View File

@@ -488,12 +488,13 @@ int ip_runtime_scan(struct ip_runtime *ip_rt, int thread_id, int ip_type,
struct ip_data scan_data; struct ip_data scan_data;
if (ip_type == IPv4) { if (ip_type == IPv4) {
scan_data.type = IPv4; scan_data.type = IPv4;
scan_data.ipv4 = *(uint32_t *)ip_addr; scan_data.ipv4 = ntohl(*(uint32_t *)ip_addr);
} else { } else {
scan_data.type = IPv6; scan_data.type = IPv6;
for (int i = 0; i < 4; i++) { for (int i = 0; i < 4; i++) {
scan_data.ipv6[i] = *((uint32_t *)ip_addr + i); scan_data.ipv6[i] = *((uint32_t *)ip_addr + i);
} }
ipv6_ntoh(scan_data.ipv6);
} }
n_hit_item = ip_matcher_match(ip_rt->ip_matcher, &scan_data, scan_results, MAX_SCANNER_HIT_ITEM_NUM); n_hit_item = ip_matcher_match(ip_rt->ip_matcher, &scan_data, scan_results, MAX_SCANNER_HIT_ITEM_NUM);

2
src/maat_table.c
View File

@@ -696,7 +696,7 @@ int table_manager_set_scan_district(struct table_manager *tbl_mgr, const char *d
int table_manager_get_district_id(struct table_manager *tbl_mgr, const char *district) int table_manager_get_district_id(struct table_manager *tbl_mgr, const char *district)
{ {
int district_id = -1; int district_id = DISTRICT_ANY;
int map_ret = maat_kv_read(tbl_mgr->district_map, district, &district_id); int map_ret = maat_kv_read(tbl_mgr->district_map, district, &district_id);
if (map_ret < 0) { if (map_ret < 0) {

12
src/maat_utils.c
View File

@@ -447,7 +447,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
return -1; return -1;
} }
//ipv4_addr = ntohl(ipv4_addr); ipv4_addr = ntohl(ipv4_addr);
uint32_t ipv4_range_end = 0; uint32_t ipv4_range_end = 0;
uint32_t ipv4_mask = 0; uint32_t ipv4_mask = 0;
switch (format) { switch (format) {
@@ -457,7 +457,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
if (ret <= 0) { if (ret <= 0) {
return -1; return -1;
} }
//ipv4_range_end = ntohl(ipv4_range_end); ipv4_range_end = ntohl(ipv4_range_end);
range_end[0] = ipv4_range_end; range_end[0] = ipv4_range_end;
break; break;
case IP_FORMAT_MASK: case IP_FORMAT_MASK:
@@ -465,7 +465,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
if (ret <= 0) { if (ret <= 0) {
return -1; return -1;
} }
//ipv4_mask = ntohl(ipv4_mask); ipv4_mask = ntohl(ipv4_mask);
range_begin[0] = ipv4_addr & ipv4_mask; range_begin[0] = ipv4_addr & ipv4_mask;
range_end[0] = ipv4_addr | ~ipv4_mask; range_end[0] = ipv4_addr | ~ipv4_mask;
break; break;
@@ -492,7 +492,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
if (ret <= 0) { if (ret <= 0) {
return -1; return -1;
} }
//ipv6_ntoh(ipv6_addr); ipv6_ntoh(ipv6_addr);
switch (format) { switch (format) {
case IP_FORMAT_RANGE: case IP_FORMAT_RANGE:
@@ -500,7 +500,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
if (ret <= 0) { if (ret <= 0) {
return -1; return -1;
} }
//ipv6_ntoh(ipv6_range_end); ipv6_ntoh(ipv6_range_end);
memcpy(range_begin, ipv6_addr, sizeof(ipv6_addr)); memcpy(range_begin, ipv6_addr, sizeof(ipv6_addr));
memcpy(range_end, ipv6_range_end, sizeof(ipv6_range_end)); memcpy(range_end, ipv6_range_end, sizeof(ipv6_range_end));
@@ -510,7 +510,7 @@ int ip_format2range(int ip_type, enum maat_ip_format format, const char *ip1, co
if (ret <= 0) { if (ret <= 0) {
return -1; return -1;
} }
//ipv6_ntoh(ipv6_mask); ipv6_ntoh(ipv6_mask);
for (i = 0; i < 4; i++) { for (i = 0; i < 4; i++) {
range_begin[i]=ipv6_addr[i] & ipv6_mask[i]; range_begin[i]=ipv6_addr[i] & ipv6_mask[i];

157
test/adapter_hs_gtest.cpp
View File

@@ -41,6 +41,44 @@ enum hs_case_sensitive case_sensitive_str_to_enum(const char *str)
return case_sensitive; return case_sensitive;
} }
int is_hexbin_str_to_int(const char *str)
{
int ret = 0;
if (strcmp(str, "yes") == 0) {
ret = 1;
}
return ret;
}
static int convertHextoint(char srctmp)
{
if (isdigit(srctmp)) {
return srctmp - '0';
} else {
char temp = toupper(srctmp);
temp = temp - 'A' + 10;
return temp;
}
}
static size_t hex2bin(char *hex, int hex_len, char *binary, size_t size)
{
size_t resultlen = 0;
int high,low;
for (int i = 0; i < hex_len && size > resultlen; i += 2, resultlen++) {
high = convertHextoint(hex[i]);
low = convertHextoint(hex[i+1]);
binary[resultlen] = high * 16 + low;
}
size = resultlen;
binary[resultlen] = '\0';
return resultlen;
}
int parse_config_file(const char *filename, and_expr_t exprs[], size_t *n_expr) int parse_config_file(const char *filename, and_expr_t exprs[], size_t *n_expr)
{ {
unsigned char *json_buff = NULL; unsigned char *json_buff = NULL;
@@ -101,12 +139,27 @@ int parse_config_file(const char *filename, and_expr_t exprs[], size_t *n_expr)
exprs[i].patterns[j].case_sensitive = case_sensitive_str_to_enum(item->valuestring); exprs[i].patterns[j].case_sensitive = case_sensitive_str_to_enum(item->valuestring);
} }
item = cJSON_GetObjectItem(pat_item, "is_hexbin");
if (item != NULL && item->type == cJSON_String) {
exprs[i].patterns[j].is_hexbin = is_hexbin_str_to_int(item->valuestring);
}
item = cJSON_GetObjectItem(pat_item, "pattern"); item = cJSON_GetObjectItem(pat_item, "pattern");
if (item != NULL && item->type == cJSON_String) { if (item != NULL && item->type == cJSON_String) {
exprs[i].patterns[j].pat = ALLOC(char, strlen(item->valuestring)); exprs[i].patterns[j].pat = ALLOC(char, strlen(item->valuestring));
if (exprs[i].patterns[j].is_hexbin == 1) {
size_t pat_str_len = strlen(item->valuestring) + 1;
char *pat_str = ALLOC(char, pat_str_len);
pat_str_len = hex2bin(item->valuestring, strlen(item->valuestring), pat_str, pat_str_len);
memcpy(exprs[i].patterns[j].pat, pat_str, pat_str_len);
exprs[i].patterns[j].pat_len = pat_str_len;
} else {
memcpy(exprs[i].patterns[j].pat, item->valuestring, strlen(item->valuestring)); memcpy(exprs[i].patterns[j].pat, item->valuestring, strlen(item->valuestring));
exprs[i].patterns[j].pat_len = strlen(item->valuestring); exprs[i].patterns[j].pat_len = strlen(item->valuestring);
} }
}
if (exprs[i].patterns->match_mode == HS_MATCH_MODE_SUB) { if (exprs[i].patterns->match_mode == HS_MATCH_MODE_SUB) {
item = cJSON_GetObjectItem(pat_item, "offset"); item = cJSON_GetObjectItem(pat_item, "offset");
@@ -154,15 +207,15 @@ TEST(block_mode_initialize, invalid_input_parameter)
/* case1: invalid scan_mode parameter */ /* case1: invalid scan_mode parameter */
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_MAX, HS_PATTERN_TYPE_REG, 1, exprs, 1, g_logger); hs_instance = adapter_hs_initialize(HS_SCAN_MODE_MAX, HS_PATTERN_TYPE_REG, 1, exprs, 1, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, NULL);
/* case2: invalid expr parameter */ /* case2: invalid expr parameter */
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, nullptr, 1, g_logger); hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, NULL, 1, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, NULL);
/* case3: invalid expr num */ /* case3: invalid expr num */
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, exprs, 0, g_logger); hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, exprs, 0, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, NULL);
} }
TEST(block_mode_scan, invalid_input_parameter) TEST(block_mode_scan, invalid_input_parameter)
@@ -170,24 +223,24 @@ TEST(block_mode_scan, invalid_input_parameter)
and_expr_t expr_array[64]; and_expr_t expr_array[64];
size_t n_expr_array = 0; size_t n_expr_array = 0;
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, nullptr, 0, g_logger); struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, NULL, 0, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, NULL);
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_MAX, HS_PATTERN_TYPE_REG, 1, expr_array, n_expr_array, g_logger); hs_instance = adapter_hs_initialize(HS_SCAN_MODE_MAX, HS_PATTERN_TYPE_REG, 1, expr_array, n_expr_array, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, NULL);
n_expr_array = 1; n_expr_array = 1;
expr_array[0].expr_id = 101; expr_array[0].expr_id = 101;
expr_array[0].n_patterns = 10; expr_array[0].n_patterns = 10;
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, expr_array, n_expr_array, g_logger); hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, expr_array, n_expr_array, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, NULL);
memset(expr_array, 0, sizeof(expr_array)); memset(expr_array, 0, sizeof(expr_array));
n_expr_array = 1; n_expr_array = 1;
expr_array[0].expr_id = 101; expr_array[0].expr_id = 101;
expr_array[0].n_patterns = 1; expr_array[0].n_patterns = 1;
hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, expr_array, n_expr_array, g_logger); hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_REG, 1, expr_array, n_expr_array, g_logger);
EXPECT_EQ(hs_instance, nullptr); EXPECT_EQ(hs_instance, NULL);
} }
TEST(block_mode_scan, literal_sub_has_normal_offset) TEST(block_mode_scan, literal_sub_has_normal_offset)
@@ -197,10 +250,10 @@ TEST(block_mode_scan, literal_sub_has_normal_offset)
int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array); int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
EXPECT_EQ(n_expr_array, 15); EXPECT_EQ(n_expr_array, 11);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger); struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr); EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array); expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello aaa"; char scan_data1[64] = "hello aaa";
@@ -227,7 +280,7 @@ TEST(block_mode_scan, literal_sub_has_normal_offset)
EXPECT_EQ(n_result, 0); EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance); adapter_hs_destroy(hs_instance);
hs_instance = nullptr; hs_instance = NULL;
} }
TEST(block_mode_scan, literal_sub_has_left_unlimit_offset) TEST(block_mode_scan, literal_sub_has_left_unlimit_offset)
@@ -237,10 +290,9 @@ TEST(block_mode_scan, literal_sub_has_left_unlimit_offset)
int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array); int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
EXPECT_EQ(n_expr_array, 15);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger); struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr); EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array); expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello bbb"; char scan_data1[64] = "hello bbb";
@@ -268,7 +320,7 @@ TEST(block_mode_scan, literal_sub_has_left_unlimit_offset)
EXPECT_EQ(n_result, 0); EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance); adapter_hs_destroy(hs_instance);
hs_instance = nullptr; hs_instance = NULL;
} }
TEST(block_mode_scan, literal_sub_has_right_unlimit_offset) TEST(block_mode_scan, literal_sub_has_right_unlimit_offset)
@@ -278,10 +330,9 @@ TEST(block_mode_scan, literal_sub_has_right_unlimit_offset)
int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array); int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
EXPECT_EQ(n_expr_array, 15);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger); struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr); EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array); expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello ccc"; char scan_data1[64] = "hello ccc";
@@ -324,7 +375,7 @@ TEST(block_mode_scan, literal_sub_has_right_unlimit_offset)
EXPECT_EQ(result[0].item_id, 103); EXPECT_EQ(result[0].item_id, 103);
adapter_hs_destroy(hs_instance); adapter_hs_destroy(hs_instance);
hs_instance = nullptr; hs_instance = NULL;
} }
TEST(block_mode_scan, literal_sub_with_no_offset) TEST(block_mode_scan, literal_sub_with_no_offset)
@@ -336,7 +387,7 @@ TEST(block_mode_scan, literal_sub_with_no_offset)
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger); struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr); EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array); expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello ddd"; char scan_data1[64] = "hello ddd";
@@ -371,7 +422,7 @@ TEST(block_mode_scan, literal_sub_with_no_offset)
EXPECT_EQ(n_result, 0); EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance); adapter_hs_destroy(hs_instance);
hs_instance = nullptr; hs_instance = NULL;
} }
TEST(block_mode_scan, literal_exactly) TEST(block_mode_scan, literal_exactly)
@@ -383,7 +434,7 @@ TEST(block_mode_scan, literal_exactly)
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger); struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr); EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array); expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello eee"; char scan_data1[64] = "hello eee";
@@ -412,7 +463,7 @@ TEST(block_mode_scan, literal_exactly)
EXPECT_EQ(n_result, 0); EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance); adapter_hs_destroy(hs_instance);
hs_instance = nullptr; hs_instance = NULL;
} }
TEST(block_mode_scan, literal_prefix) TEST(block_mode_scan, literal_prefix)
@@ -425,7 +476,7 @@ TEST(block_mode_scan, literal_prefix)
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1,
expr_array, n_expr_array, g_logger); expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr); EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array); expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello fff"; char scan_data1[64] = "hello fff";
@@ -463,7 +514,7 @@ TEST(block_mode_scan, literal_prefix)
EXPECT_EQ(result[0].item_id, 106); EXPECT_EQ(result[0].item_id, 106);
adapter_hs_destroy(hs_instance); adapter_hs_destroy(hs_instance);
hs_instance = nullptr; hs_instance = NULL;
} }
TEST(block_mode_scan, literal_suffix) TEST(block_mode_scan, literal_suffix)
@@ -476,7 +527,7 @@ TEST(block_mode_scan, literal_suffix)
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1,
expr_array, n_expr_array, g_logger); expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr); EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array); expr_array_free(expr_array, n_expr_array);
char scan_data1[64] = "hello ggg"; char scan_data1[64] = "hello ggg";
@@ -514,33 +565,41 @@ TEST(block_mode_scan, literal_suffix)
EXPECT_EQ(n_result, 0); EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance); adapter_hs_destroy(hs_instance);
hs_instance = nullptr; hs_instance = NULL;
} }
// TEST(block_mode_scan, literal_sub_with_hexbin) TEST(block_mode_scan, literal_sub_with_hexbin)
// { {
// and_expr_t expr_array[64] = {0}; and_expr_t expr_array[64] = {0};
// size_t n_expr_array = 0; size_t n_expr_array = 0;
// int ret = parse_config_file("./and_expr.conf", expr_array, &n_expr_array); int ret = parse_config_file("./literal_expr.conf", expr_array, &n_expr_array);
// EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
// struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, 1, struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1,
// expr_array, n_expr_array, g_logger); expr_array, n_expr_array, g_logger);
// EXPECT_NE(hs_instance, nullptr); EXPECT_NE(hs_instance, NULL);
// expr_array_free(expr_array, n_expr_array); expr_array_free(expr_array, n_expr_array);
// char data0[64] = "Cookie: Txa123aheadBCAxd"; char scan_data1[64] = "Content-Type: /html";
// struct hs_scan_result result0[64] = {0}; struct hs_scan_result result[64] = {0};
// size_t n_result0 = 0; size_t n_result = 0;
// ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0); ret = adapter_hs_scan(hs_instance, 0, scan_data1, strlen(scan_data1), result, 64, &n_result);
// EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
// EXPECT_EQ(n_result0, 1); EXPECT_EQ(n_result, 1);
// EXPECT_EQ(result0[0].item_id, 107); EXPECT_EQ(result[0].item_id, 108);
// adapter_hs_destroy(hs_instance); char scan_data2[64] = " html";
// hs_instance = nullptr; memset(result, 0, sizeof(result));
// } n_result = 0;
ret = adapter_hs_scan(hs_instance, 0, scan_data2, strlen(scan_data2), result, 64, &n_result);
EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result, 0);
adapter_hs_destroy(hs_instance);
hs_instance = NULL;
}
TEST(block_mode_scan, literal_with_chinese) TEST(block_mode_scan, literal_with_chinese)
{ {
@@ -552,7 +611,7 @@ TEST(block_mode_scan, literal_with_chinese)
struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1, struct adapter_hs *hs_instance = adapter_hs_initialize(HS_SCAN_MODE_BLOCK, HS_PATTERN_TYPE_STR, 1,
expr_array, n_expr_array, g_logger); expr_array, n_expr_array, g_logger);
EXPECT_NE(hs_instance, nullptr); EXPECT_NE(hs_instance, NULL);
expr_array_free(expr_array, n_expr_array); expr_array_free(expr_array, n_expr_array);
char data0[64] = "#中国 你好"; char data0[64] = "#中国 你好";
@@ -561,10 +620,10 @@ TEST(block_mode_scan, literal_with_chinese)
ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0); ret = adapter_hs_scan(hs_instance, 0, data0, strlen(data0), result0, 64, &n_result0);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
EXPECT_EQ(n_result0, 1); EXPECT_EQ(n_result0, 1);
EXPECT_EQ(result0[0].item_id, 114); EXPECT_EQ(result0[0].item_id, 110);
adapter_hs_destroy(hs_instance); adapter_hs_destroy(hs_instance);
hs_instance = nullptr; hs_instance = NULL;
} }
int main(int argc, char **argv) int main(int argc, char **argv)

364
test/maat_framework_gtest.cpp
View File

@@ -11,6 +11,9 @@
#define MODULE_FRAMEWORK_GTEST module_name_str("maat.framework_gtest") #define MODULE_FRAMEWORK_GTEST module_name_str("maat.framework_gtest")
#define ARRAY_SIZE 10
#define HIT_PATH_SIZE 128
const char *table_info_path = "./table_info.conf"; const char *table_info_path = "./table_info.conf";
const char *json_path="./maat_json.json"; const char *json_path="./maat_json.json";
const char *json_filename = "maat_json.json"; const char *json_filename = "maat_json.json";
@@ -22,38 +25,33 @@ class MaatFlagScan : public testing::Test
{ {
protected: protected:
static void SetUpTestCase() { static void SetUpTestCase() {
flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG");
expr_table_id = maat_table_get_id(g_maat_instance, "HTTP_URL");
} }
static void TearDownTestCase() { static void TearDownTestCase() {
} }
static int flag_table_id;
static int expr_table_id;
}; };
int MaatFlagScan::flag_table_id;
int MaatFlagScan::expr_table_id;
TEST_F(MaatFlagScan, basic) { TEST_F(MaatFlagScan, basic) {
int flag_table_id = MaatFlagScan::flag_table_id; int flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG");
//compile_id:192 flag: 0000 0001 mask: 0000 0011 //compile_id:192 flag: 0000 0001 mask: 0000 0011
//scan_data: 0000 1001 or 0000 1101 should hit //scan_data: 0000 1001 or 0000 1101 should hit
uint64_t scan_data = 9; uint64_t scan_data = 9;
int results[5] = {0}; int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results, int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results,
5, &n_hit_result, &state); ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 192); EXPECT_EQ(results[0], 192);
struct maat_hit_path hit_path[128] = {0}; struct maat_hit_path hit_path[HIT_PATH_SIZE] = {0};
int n_read = 0; int n_read = 0;
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, sizeof(hit_path)); n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, HIT_PATH_SIZE);
EXPECT_NE(n_read, 0); EXPECT_NE(n_read, 0);
maat_state_free(&state); maat_state_free(&state);
@@ -61,7 +59,7 @@ TEST_F(MaatFlagScan, basic) {
memset(results, 0, sizeof(results)); memset(results, 0, sizeof(results));
n_hit_result = 0; n_hit_result = 0;
ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results, ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results,
5, &n_hit_result, &state); ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 192); EXPECT_EQ(results[0], 192);
@@ -71,36 +69,36 @@ TEST_F(MaatFlagScan, basic) {
memset(results, 0, sizeof(results)); memset(results, 0, sizeof(results));
n_hit_result = 0; n_hit_result = 0;
ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results, ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, scan_data, results,
5, &n_hit_result, &state); ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
EXPECT_EQ(n_hit_result, 0); EXPECT_EQ(n_hit_result, 0);
maat_state_free(&state); maat_state_free(&state);
} }
TEST_F(MaatFlagScan, withExprRegion) { TEST_F(MaatFlagScan, withExprRegion) {
int flag_table_id = MaatFlagScan::flag_table_id; int flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG");
int expr_table_id = MaatFlagScan::expr_table_id; int expr_table_id = maat_table_get_id(g_maat_instance, "HTTP_URL_LITERAL");
//compile_id:193 flag: 0000 0010 mask: 0000 0011 //compile_id:193 flag: 0000 0010 mask: 0000 0011
//scan_data: 0000 0010 or 0000 0100 should hit //scan_data: 0000 0010 or 0000 0100 should hit
uint64_t flag_scan_data = 2; uint64_t flag_scan_data = 2;
int results[5] = {0}; int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, flag_scan_data, results, int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, flag_scan_data, results,
5, &n_hit_result, &state); ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
EXPECT_EQ(n_hit_result, 0); EXPECT_EQ(n_hit_result, 0);
struct maat_hit_path hit_path[128] = {0}; struct maat_hit_path hit_path[HIT_PATH_SIZE] = {0};
int n_read = 0; int n_read = 0;
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, sizeof(hit_path)); n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, HIT_PATH_SIZE);
EXPECT_NE(n_read, 0); EXPECT_NE(n_read, 0);
const char *expr_scan_data = "hello world"; const char *expr_scan_data = "hello world";
ret = maat_scan_string(g_maat_instance, expr_table_id, 0, expr_scan_data, strlen(expr_scan_data), ret = maat_scan_string(g_maat_instance, expr_table_id, 0, expr_scan_data, strlen(expr_scan_data),
results, 5, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 193); EXPECT_EQ(results[0], 193);
@@ -108,26 +106,26 @@ TEST_F(MaatFlagScan, withExprRegion) {
} }
TEST_F(MaatFlagScan, hitMultiCompile) { TEST_F(MaatFlagScan, hitMultiCompile) {
int flag_table_id = MaatFlagScan::flag_table_id; int flag_table_id = maat_table_get_id(g_maat_instance, "FLAG_CONFIG");
//compile_id:192 flag: 0000 0001 mask: 0000 0011 //compile_id:192 flag: 0000 0001 mask: 0000 0011
//compile_id:194 flag: 0001 0101 mask: 0001 1111 //compile_id:194 flag: 0001 0101 mask: 0001 1111
//scan_data: 0001 0101 should hit compile192 and compile194 //scan_data: 0001 0101 should hit compile192 and compile194
uint64_t flag_scan_data = 21; uint64_t flag_scan_data = 21;
int results[5] = {0}; int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, flag_scan_data, results, int ret = maat_scan_flag(g_maat_instance, flag_table_id, 0, flag_scan_data, results,
5, &n_hit_result, &state); ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2); EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 194); EXPECT_EQ(results[0], 194);
EXPECT_EQ(results[1], 192); EXPECT_EQ(results[1], 192);
struct maat_hit_path hit_path[128] = {0}; struct maat_hit_path hit_path[HIT_PATH_SIZE] = {0};
int n_read = 0; int n_read = 0;
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, sizeof(hit_path)); n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, HIT_PATH_SIZE);
EXPECT_NE(n_read, 0); EXPECT_NE(n_read, 0);
maat_state_free(&state); maat_state_free(&state);
@@ -137,7 +135,6 @@ class MaatStringScan : public testing::Test
{ {
protected: protected:
static void SetUpTestCase() { static void SetUpTestCase() {
table_id = maat_table_get_id(g_maat_instance, "KEYWORDS_TABLE");
} }
static void TearDownTestCase() { static void TearDownTestCase() {
@@ -149,35 +146,35 @@ protected:
int MaatStringScan::table_id; int MaatStringScan::table_id;
TEST_F(MaatStringScan, Expr8) { TEST_F(MaatStringScan, Expr8) {
int table_id = MaatStringScan::table_id; int table_id = maat_table_get_id(g_maat_instance, "KEYWORDS_TABLE");
char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8"; char scan_data[128] = "string1, string2, string3, string4, string5, string6, string7, string8";
int results[5] = {0}; int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
int ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data, strlen(scan_data), int ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data, strlen(scan_data),
results, 5, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 182); EXPECT_EQ(results[0], 182);
struct maat_hit_path hit_path[128] = {0}; struct maat_hit_path hit_path[HIT_PATH_SIZE] = {0};
int n_read = 0; int n_read = 0;
n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, sizeof(hit_path)); n_read = maat_state_get_hit_paths(g_maat_instance, &state, hit_path, HIT_PATH_SIZE);
EXPECT_NE(n_read, 0); EXPECT_NE(n_read, 0);
maat_state_free(&state); maat_state_free(&state);
} }
TEST_F(MaatStringScan, Regex) { TEST_F(MaatStringScan, Regex) {
int ret = 0; int ret = 0;
int results[5] = {0}; int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
const char *cookie = "Cookie: Txa123aheadBCAxd"; const char *cookie = "Cookie: Txa123aheadBCAxd";
int table_id = maat_table_get_id(g_maat_instance, "HTTP_URL"); int table_id = maat_table_get_id(g_maat_instance, "HTTP_URL_REGEX");
ASSERT_GT(table_id, 0); ASSERT_GT(table_id, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, cookie, strlen(cookie), ret = maat_scan_string(g_maat_instance, table_id, 0, cookie, strlen(cookie),
results, 5, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 146); EXPECT_EQ(results[0], 146);
maat_state_free(&state); maat_state_free(&state);
@@ -206,7 +203,7 @@ TEST_F(MaatStringScan, Regex) {
} }
TEST_F(MaatStringScan, ExprPlus) { TEST_F(MaatStringScan, ExprPlus) {
int results[5] = {0}; int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
const char *region_name1 ="HTTP URL"; const char *region_name1 ="HTTP URL";
@@ -218,13 +215,13 @@ TEST_F(MaatStringScan, ExprPlus) {
ASSERT_GT(table_id, 0); ASSERT_GT(table_id, 0);
int ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1), int ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
results, 5, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_ERR);//Should return error for district not setting. EXPECT_EQ(ret, MAAT_SCAN_ERR);//Should return error for district not setting.
ret = maat_state_set_scan_district(g_maat_instance, &state, region_name1, strlen(region_name1)); ret = maat_state_set_scan_district(g_maat_instance, &state, region_name1, strlen(region_name1));
ASSERT_EQ(ret, 0); ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1), ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
results, 5, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 128); EXPECT_EQ(results[0], 128);
maat_state_free(&state); maat_state_free(&state);
@@ -232,7 +229,7 @@ TEST_F(MaatStringScan, ExprPlus) {
ret = maat_state_set_scan_district(g_maat_instance, &state, region_name2, strlen(region_name2)); ret = maat_state_set_scan_district(g_maat_instance, &state, region_name2, strlen(region_name2));
ASSERT_EQ(ret, 0); ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data2, strlen(scan_data2), ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data2, strlen(scan_data2),
results, 5, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 190); EXPECT_EQ(results[0], 190);
maat_state_free(&state); maat_state_free(&state);
@@ -241,7 +238,7 @@ TEST_F(MaatStringScan, ExprPlus) {
//TODO: //TODO:
#if 0 #if 0
TEST_F(MaatStringScan, ShouldNotHitExprPlus) { TEST_F(MaatStringScan, ShouldNotHitExprPlus) {
int results[5] = {0}; int results[ARRAY] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
const char *region_name = "tcp.payload"; const char *region_name = "tcp.payload";
@@ -266,13 +263,13 @@ TEST_F(MaatStringScan, ShouldNotHitExprPlus) {
ASSERT_EQ(ret, 0); ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, (char *)udp_payload_not_hit, sizeof(udp_payload_not_hit), ret = maat_scan_string(g_maat_instance, table_id, 0, (char *)udp_payload_not_hit, sizeof(udp_payload_not_hit),
results, 5, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
maat_state_free(&state); maat_state_free(&state);
} }
TEST_F(MaatStringScan, ExprPlusWithHex) { TEST_F(MaatStringScan, ExprPlusWithHex) {
int results[5] = {0}; int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
const char *scan_data1 = "text/html; charset=UTF-8"; const char *scan_data1 = "text/html; charset=UTF-8";
@@ -286,19 +283,19 @@ TEST_F(MaatStringScan, ExprPlusWithHex) {
int ret = maat_state_set_scan_district(g_maat_instance, &state, region_name1, strlen(region_name1)); int ret = maat_state_set_scan_district(g_maat_instance, &state, region_name1, strlen(region_name1));
ASSERT_EQ(ret, 0); ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1), ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
results, 5, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 156); EXPECT_EQ(results[0], 156);
ret = maat_state_set_scan_district(g_maat_instance, &state, region_name2, strlen(region_name2)); ret = maat_state_set_scan_district(g_maat_instance, &state, region_name2, strlen(region_name2));
ASSERT_EQ(ret, 0); ASSERT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1), ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data1, strlen(scan_data1),
results, 5, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
table_id = maat_table_get_id(g_maat_instance, "KEYWORDS_TABLE"); table_id = maat_table_get_id(g_maat_instance, "KEYWORDS_TABLE");
ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data2, strlen(scan_data2), ret = maat_scan_string(g_maat_instance, table_id, 0, scan_data2, strlen(scan_data2),
results, 5, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 132); EXPECT_EQ(results[0], 132);
maat_state_free(&state); maat_state_free(&state);
@@ -306,7 +303,7 @@ TEST_F(MaatStringScan, ExprPlusWithHex) {
TEST_F(MaatStringScan, ExprPlusWithOffset) TEST_F(MaatStringScan, ExprPlusWithOffset)
{ {
int results[5] = {0}; int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
const char *region_name = "Payload"; const char *region_name = "Payload";
@@ -344,11 +341,11 @@ TEST_F(MaatStringScan, ExprPlusWithOffset)
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
ret = maat_scan_string(g_maat_instance, table_id, 0, (char*)udp_payload_not_hit, sizeof(udp_payload_not_hit), ret = maat_scan_string(g_maat_instance, table_id, 0, (char*)udp_payload_not_hit, sizeof(udp_payload_not_hit),
results, 5, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(ret, MAAT_SCAN_OK);
ret = maat_scan_string(g_maat_instance, table_id, 0, (char*)udp_payload_hit, sizeof(udp_payload_hit), ret = maat_scan_string(g_maat_instance, table_id, 0, (char*)udp_payload_hit, sizeof(udp_payload_hit),
results, 5, &n_hit_result, &state); results, ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(results[0], 148); EXPECT_EQ(results[0], 148);
@@ -356,32 +353,117 @@ TEST_F(MaatStringScan, ExprPlusWithOffset)
} }
#endif #endif
TEST_F(MaatStringScan, dynamic_config) {
int table_id = maat_table_get_id(g_maat_instance, "HTTP_URL_LITERAL");
char data[128] = "hello world";
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
int ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results,
ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
EXPECT_EQ(n_hit_result, 0);
maat_state_free(&state);
/* add new line in GROUP2COMPILE table */
const char *g2c_table_name = "GROUP2COMPILE";
const char *g2c_table_line_add = "8888\t9999\t1\t0\tnull\t1";
struct maat_cmd_line line_rule;
line_rule.rule_id = 8888;
line_rule.table_line = g2c_table_line_add;
line_rule.table_name = g2c_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* add new line in COMPILE table */
const char *compile_table_name = "COMPILE";
const char *compile_table_line_add = "9999\t0\t0\t0\t0\t0\tanything\t1\t1\t0.0";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9999;
line_rule.table_line = compile_table_line_add;
line_rule.table_name = compile_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* add new line in HTTP_URL_LITERAL table */
const char *table_name = "HTTP_URL_LITERAL";
const char *table_line_add = "9999\t8888\thello world\t0\t0\t0\t1\t";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9999;
line_rule.table_line = table_line_add;
line_rule.table_name = table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
sleep(2);
state = NULL;
ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results,
ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 9999);
maat_state_free(&state);
/* del new line from HTTP_URL_LITERAL table */
const char *table_line_del = "9999\t8888\thello world\t0\t0\t0\t0\t";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9999;
line_rule.table_line = table_line_del;
line_rule.table_name = table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* del new line from COMPILE table */
const char *compile_table_line_del = "9999\t0\t0\t0\t0\t0\tanything\t0\t1\t0.0";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9999;
line_rule.table_line = compile_table_line_del;
line_rule.table_name = compile_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* del new line from GROUP2COMPILE table */
const char *g2c_table_line_del = "8888\t9999\t0\t0\tnull\t1";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 8888;
line_rule.table_line = g2c_table_line_del;
line_rule.table_name = g2c_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
sleep(2);
state = NULL;
ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results,
ARRAY_SIZE, &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
EXPECT_EQ(n_hit_result, 0);
maat_state_free(&state);
}
class MaatIPScan : public testing::Test class MaatIPScan : public testing::Test
{ {
protected: protected:
static void SetUpTestCase() { static void SetUpTestCase() {
table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG");
} }
static void TearDownTestCase() { static void TearDownTestCase() {
} }
static int table_id;
}; };
int MaatIPScan::table_id;
TEST_F(MaatIPScan, IPv4) { TEST_F(MaatIPScan, IPv4) {
int table_id = MaatIPScan::table_id; int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG");
char ip_str[32] = "10.0.7.100"; char ip_str[32] = "10.0.7.100";
uint32_t sip; uint32_t sip;
int ret = inet_pton(AF_INET, ip_str, &sip); int ret = inet_pton(AF_INET, ip_str, &sip);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
int results[3] = {-1}; int results[ARRAY_SIZE] = {-1};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, 3, ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
&n_hit_result, &state); &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2); EXPECT_EQ(n_hit_result, 2);
@@ -391,16 +473,16 @@ TEST_F(MaatIPScan, IPv4) {
} }
TEST_F(MaatIPScan, IPv6) { TEST_F(MaatIPScan, IPv6) {
int table_id = MaatIPScan::table_id; int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG");
char ip_str[32] = "1001:da8:205:1::101"; char ip_str[32] = "1001:da8:205:1::101";
uint8_t sip[16]; uint8_t sip[16];
int ret = inet_pton(AF_INET6, ip_str, &sip); int ret = inet_pton(AF_INET6, ip_str, &sip);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
int results[3] = {-1}; int results[ARRAY_SIZE] = {-1};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
ret = maat_scan_ipv6(g_maat_instance, table_id, 0, sip, results, 3, ret = maat_scan_ipv6(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
&n_hit_result, &state); &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 1);
@@ -409,70 +491,150 @@ TEST_F(MaatIPScan, IPv6) {
maat_state_free(&state); maat_state_free(&state);
} }
TEST_F(MaatStringScan, dynamic_config) {
int table_id = maat_table_get_id(g_maat_instance, "HTTP_URL");
char data[128] = "hello world";
int results[5] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
int ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_OK);
EXPECT_EQ(n_hit_result, 0);
maat_state_free(&state);
const char *table_name = "HTTP_URL";
const char *table_line = "9999\t8888\thello world\t0\t0\t0\t1\t";
struct maat_cmd_line line_rule;
line_rule.rule_id = 101;
line_rule.table_line = table_line;
line_rule.table_name = table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
sleep(2);
state = NULL;
ret = maat_scan_string(g_maat_instance, table_id, 0, data, strlen(data), results, sizeof(results), &n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 9999);
maat_state_free(&state);
}
TEST_F(MaatIPScan, dynamic_config) { TEST_F(MaatIPScan, dynamic_config) {
int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG"); int table_id = maat_table_get_id(g_maat_instance, "IP_PLUS_CONFIG");
char ip_str[32] = "10.0.6.201"; char ip_str[32] = "100.100.100.100";
uint32_t sip; uint32_t sip;
int ret = inet_pton(AF_INET, ip_str, &sip); int ret = inet_pton(AF_INET, ip_str, &sip);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);
int results[3] = {-1}; int results[ARRAY_SIZE] = {-1};
size_t n_hit_result = 0; size_t n_hit_result = 0;
struct maat_state *state = NULL; struct maat_state *state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state); ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
EXPECT_EQ(ret, MAAT_SCAN_OK); &n_hit_result, &state);
EXPECT_EQ(n_hit_result, 0); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 169);
maat_state_free(&state); maat_state_free(&state);
const char *table_name = "IP_PLUS_CONFIG"; /* add new line in GROUP2COMPILE table */
const char *table_line = "9998\t8887\t4\trange\t10.0.6.201\t255.255.0.0\trange\t0\t65535\t6\t0\t1"; const char *g2c_table_name = "GROUP2COMPILE";
const char *g2c_table_line_add = "8887\t9998\t1\t0\tnull\t1";
struct maat_cmd_line line_rule; struct maat_cmd_line line_rule;
line_rule.rule_id = 101; line_rule.rule_id = 8887;
line_rule.table_line = table_line; line_rule.table_line = g2c_table_line_add;
line_rule.table_name = g2c_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* add new line in COMPILE table */
const char *compile_table_name = "COMPILE";
const char *compile_table_line_add = "9998\t0\t0\t0\t0\t0\tanything\t1\t1\t0.0";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9998;
line_rule.table_line = compile_table_line_add;
line_rule.table_name = compile_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* add new line in IP_PLUS_CONFIG */
const char *table_name = "IP_PLUS_CONFIG";
const char *table_line_add = "9998\t8887\t4\trange\t100.100.100.100\t100.100.100.100\trange\t0\t65535\trange\t10.0.6.201\t255.255.0.0\trange\t0\t65535\t6\t0\t1";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9998;
line_rule.table_line = table_line_add;
line_rule.table_name = table_name; line_rule.table_name = table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule); ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 1);
sleep(2); sleep(2);
state = NULL; state = NULL;
ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, sizeof(results), &n_hit_result, &state); ret = maat_scan_ipv4(g_maat_instance, table_id, 0, sip, results, ARRAY_SIZE,
&n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 2);
EXPECT_EQ(results[0], 9998);
EXPECT_EQ(results[1], 169);
maat_state_free(&state);
/* del new line in IP_PLUS_CONFIG */
const char *table_line_del = "9998\t8887\t4\trange\t100.100.100.100\t100.100.100.100\trange\t0\t65535\trange\t10.0.6.201\t255.255.0.0\trange\t0\t65535\t6\t0\t0";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9998;
line_rule.table_line = table_line_del;
line_rule.table_name = table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* del new line in COMPILE table */
const char *compile_table_line_del = "9998\t0\t0\t0\t0\t0\tanything\t0\t1\t0.0";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 9998;
line_rule.table_line = compile_table_line_del;
line_rule.table_name = compile_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
/* del new line in GROUP2COMPILE table */
const char *g2c_table_line_del = "8887\t9998\t0\t0\tnull\t1";
memset(&line_rule, 0, sizeof(line_rule));
line_rule.rule_id = 8887;
line_rule.table_line = g2c_table_line_del;
line_rule.table_name = g2c_table_name;
ret = maat_cmd_set_line(g_maat_instance, &line_rule);
EXPECT_EQ(ret, 1);
}
class MaatIntervalScan : public testing::Test
{
protected:
static void SetUpTestCase() {
}
static void TearDownTestCase() {
}
};
#if 0
TEST_F(MaatIntervalScan, Pure) {
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *table_name = "CONTENT_SIZE";
int table_id = maat_table_get_id(g_maat_instance, table_name);
ASSERT_GT(table_id, 0);
unsigned int scan_data1 = 2015;
int ret = maat_scan_integer(g_maat_instance, table_id, 0, scan_data1, results, ARRAY_SIZE,
&n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT);
maat_state_free(&state);
unsigned int scan_data2 = 300;
int ret = maat_scan_integer(g_maat_instance, table_id, 0, scan_data2, results, ARRAY_SIZE,
&n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1); EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 9998); EXPECT_EQ(results[0], 124);
maat_state_free(&state); maat_state_free(&state);
} }
TEST_F(MaatIntervalScan, IntervalPlus) {
int results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
struct maat_state *state = NULL;
const char *table_name = "INTERGER_PLUS";
int table_id = maat_table_get_id(g_maat_instance, table_name);
ASSERT_GT(table_id, 0);
const char *district_str = "interval.plus";
int ret = maat_state_set_scan_district(g_maat_instance, &state, district_str, strlen(district_str));
ASSERT_GT(ret, 0);
unsigned int scan_data1 = 2020;
ret = maat_scan_integer(g_maat_instance, table_id, 0, scan_data1, results, ARRAY_SIZE,
&n_hit_result, &state);
EXPECT_EQ(ret, MAAT_SCAN_HIT);
EXPECT_EQ(n_hit_result, 1);
EXPECT_EQ(results[0], 179);
maat_state_free(&state);
}
#endif
int count_line_num_cb(const char *table_name, const char *line, void *u_para) int count_line_num_cb(const char *table_name, const char *line, void *u_para)
{ {
(*((unsigned int *)u_para))++; (*((unsigned int *)u_para))++;
@@ -527,12 +689,12 @@ int write_config_to_redis(char *redis_ip, int redis_port, int redis_db,
snprintf(json_iris_path, sizeof(json_iris_path), "./%s_iris_tmp", json_filename); snprintf(json_iris_path, sizeof(json_iris_path), "./%s_iris_tmp", json_filename);
redisContext *c = maat_cmd_connect_redis(redis_ip, redis_port, redis_db, logger); redisContext *c = maat_cmd_connect_redis(redis_ip, redis_port, redis_db, logger);
if (nullptr == c) { if (NULL == c) {
return -1; return -1;
} }
redisReply *reply = maat_cmd_wrap_redis_command(c, "flushdb"); redisReply *reply = maat_cmd_wrap_redis_command(c, "flushdb");
if (nullptr == reply) { if (NULL == reply) {
return -1; return -1;
} }

8
test/maat_input_mode_gtest.cpp
View File

@@ -34,7 +34,7 @@ TEST(json_mode, maat_scan_string) {
maat_options_set_json_file(opts, json_path); maat_options_set_json_file(opts, json_path);
struct maat *maat_instance = maat_new(opts, table_info_path); struct maat *maat_instance = maat_new(opts, table_info_path);
EXPECT_NE(maat_instance, nullptr); EXPECT_NE(maat_instance, NULL);
int table_id = maat_table_get_id(maat_instance, "KEYWORDS_TABLE"); int table_id = maat_table_get_id(maat_instance, "KEYWORDS_TABLE");
@@ -79,7 +79,7 @@ TEST(iris_mode, maat_scan_string) {
maat_options_set_iris(opts, tmp_iris_full_idx_path, tmp_iris_inc_idx_path); maat_options_set_iris(opts, tmp_iris_full_idx_path, tmp_iris_inc_idx_path);
struct maat *maat_instance = maat_new(opts, table_info_path); struct maat *maat_instance = maat_new(opts, table_info_path);
EXPECT_NE(maat_instance, nullptr); EXPECT_NE(maat_instance, NULL);
int table_id = maat_table_get_id(maat_instance, "KEYWORDS_TABLE"); int table_id = maat_table_get_id(maat_instance, "KEYWORDS_TABLE");
@@ -153,10 +153,10 @@ TEST(redis_mode, maat_scan_string) {
snprintf(json_iris_path, sizeof(json_iris_path), "./%s_iris_tmp", json_filename); snprintf(json_iris_path, sizeof(json_iris_path), "./%s_iris_tmp", json_filename);
redisContext *c = maat_cmd_connect_redis(redis_ip, redis_port, redis_db, g_logger); redisContext *c = maat_cmd_connect_redis(redis_ip, redis_port, redis_db, g_logger);
EXPECT_NE(c, nullptr); EXPECT_NE(c, NULL);
redisReply *reply = maat_cmd_wrap_redis_command(c, "flushdb"); redisReply *reply = maat_cmd_wrap_redis_command(c, "flushdb");
EXPECT_NE(reply, nullptr); EXPECT_NE(reply, NULL);
if (access(json_iris_path, F_OK) < 0) { if (access(json_iris_path, F_OK) < 0) {
char tmp_iris_path[128] = {0}; char tmp_iris_path[128] = {0};

48
test/maat_json.json
View File

@@ -231,7 +231,7 @@
"group_name": "Untitled", "group_name": "Untitled",
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "abckkk&123", "keywords": "abckkk&123",
@@ -285,7 +285,7 @@
"group_name": "Untitled", "group_name": "Untitled",
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "should_not_hit_any_rule", "keywords": "should_not_hit_any_rule",
@@ -376,7 +376,7 @@
"group_name": "Untitled", "group_name": "Untitled",
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "C#中国", "keywords": "C#中国",
@@ -506,7 +506,7 @@
"group_name": "Untitled", "group_name": "Untitled",
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "novel&27122.txt", "keywords": "novel&27122.txt",
@@ -609,7 +609,7 @@
{ {
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "should&hit&aaa", "keywords": "should&hit&aaa",
@@ -636,7 +636,7 @@
{ {
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "should&hit&bbb", "keywords": "should&hit&bbb",
@@ -689,7 +689,7 @@
"group_name": "Untitled", "group_name": "Untitled",
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "i.ytimg.com", "keywords": "i.ytimg.com",
@@ -714,7 +714,7 @@
{ {
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": ",IgpwcjA0LnN2bzAzKgkxMjcuMC4wLjE", "keywords": ",IgpwcjA0LnN2bzAzKgkxMjcuMC4wLjE",
@@ -740,7 +740,7 @@
"not_flag":0, "not_flag":0,
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "must-contained-string-of-rule-143", "keywords": "must-contained-string-of-rule-143",
@@ -755,7 +755,7 @@
"not_flag":1, "not_flag":1,
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "must-not-contained-string-of-rule-143", "keywords": "must-not-contained-string-of-rule-143",
@@ -781,7 +781,7 @@
"not_flag":0, "not_flag":0,
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "must-contained-string-of-rule-144", "keywords": "must-contained-string-of-rule-144",
@@ -822,7 +822,7 @@
"not_flag":0, "not_flag":0,
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "must-contained-string-of-rule-145", "keywords": "must-contained-string-of-rule-145",
@@ -851,7 +851,7 @@
{ {
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_REGEX",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "Cookie:\\s&head", "keywords": "Cookie:\\s&head",
@@ -876,7 +876,7 @@
{ {
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "googlevideo.com/videoplayback&mn=sn-35153iuxa-5a56%2Csn-n8v7znz7", "keywords": "googlevideo.com/videoplayback&mn=sn-35153iuxa-5a56%2Csn-n8v7znz7",
@@ -1315,7 +1315,7 @@
"not_flag":0, "not_flag":0,
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "https://blog.csdn.net/littlefang/article/details/8213058", "keywords": "https://blog.csdn.net/littlefang/article/details/8213058",
@@ -1469,7 +1469,7 @@
"group_name": "Untitled", "group_name": "Untitled",
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "cavemancircus.com/", "keywords": "cavemancircus.com/",
@@ -1511,7 +1511,7 @@
"group_name": "Untitled", "group_name": "Untitled",
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "2019/12/27/pretty-girls-6", "keywords": "2019/12/27/pretty-girls-6",
@@ -1538,7 +1538,7 @@
"group_name": "Untitled", "group_name": "Untitled",
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "2019/12/27", "keywords": "2019/12/27",
@@ -1565,7 +1565,7 @@
"group_name": "Untitled", "group_name": "Untitled",
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "2019/12/27", "keywords": "2019/12/27",
@@ -1992,7 +1992,7 @@
"table_content": { "table_content": {
"keywords": "string1&string2&string3&string4&string5&string6&string7&string8", "keywords": "string1&string2&string3&string4&string5&string6&string7&string8",
"expr_type": "and", "expr_type": "and",
"match_method": "expr", "match_method": "sub",
"format": "uncase plain" "format": "uncase plain"
} }
} }
@@ -2096,7 +2096,7 @@
"not_flag": 1, "not_flag": 1,
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "must-not-contained-string-of-rule-186", "keywords": "must-not-contained-string-of-rule-186",
@@ -2148,7 +2148,7 @@
"not_flag": 1, "not_flag": 1,
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "must-not-contained-string-of-rule-187", "keywords": "must-not-contained-string-of-rule-187",
@@ -2200,7 +2200,7 @@
"not_flag": 1, "not_flag": 1,
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "must-not-contained-string-of-rule-188", "keywords": "must-not-contained-string-of-rule-188",
@@ -2368,7 +2368,7 @@
{ {
"regions": [ "regions": [
{ {
"table_name": "HTTP_URL", "table_name": "HTTP_URL_LITERAL",
"table_type": "expr", "table_type": "expr",
"table_content": { "table_content": {
"keywords": "hello", "keywords": "hello",

38
test/rcu_hash_gtest.cpp
View File

@@ -14,14 +14,14 @@ void data_free(void *user_ctx, void *data)
} }
TEST(rcu_hash_new, invalid_input_parameter) { TEST(rcu_hash_new, invalid_input_parameter) {
struct rcu_hash_table *htable = rcu_hash_new(nullptr); struct rcu_hash_table *htable = rcu_hash_new(NULL);
EXPECT_EQ(htable, nullptr); EXPECT_EQ(htable, NULL);
} }
TEST(rcu_hash_add_one_node, single_thread) { TEST(rcu_hash_add_one_node, single_thread) {
/* add one node to hash */ /* add one node to hash */
struct rcu_hash_table *htable = rcu_hash_new(data_free); struct rcu_hash_table *htable = rcu_hash_new(data_free);
EXPECT_NE(htable, nullptr); EXPECT_NE(htable, NULL);
struct user_data *data = ALLOC(struct user_data, 1); struct user_data *data = ALLOC(struct user_data, 1);
data->id = 101; data->id = 101;
@@ -35,7 +35,7 @@ TEST(rcu_hash_add_one_node, single_thread) {
/* find in hash before commit */ /* find in hash before commit */
void *res = rcu_hash_find(htable, key, key_len); void *res = rcu_hash_find(htable, key, key_len);
EXPECT_EQ(res, nullptr); EXPECT_EQ(res, NULL);
int ret = rcu_hash_count(htable); int ret = rcu_hash_count(htable);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
@@ -51,7 +51,7 @@ TEST(rcu_hash_add_one_node, single_thread) {
/* find in hash after commit */ /* find in hash after commit */
res = rcu_hash_find(htable, key, key_len); res = rcu_hash_find(htable, key, key_len);
EXPECT_NE(res, nullptr); EXPECT_NE(res, NULL);
struct user_data *res_data = (struct user_data *)res; struct user_data *res_data = (struct user_data *)res;
EXPECT_EQ(res_data->id, 101); EXPECT_EQ(res_data->id, 101);
@@ -72,7 +72,7 @@ TEST(rcu_hash_add_one_node, single_thread) {
TEST(rcu_hash_add_multi_node, single_thread) { TEST(rcu_hash_add_multi_node, single_thread) {
/* add multi node to hash */ /* add multi node to hash */
struct rcu_hash_table *htable = rcu_hash_new(data_free); struct rcu_hash_table *htable = rcu_hash_new(data_free);
EXPECT_NE(htable, nullptr); EXPECT_NE(htable, NULL);
struct user_data *data0 = ALLOC(struct user_data, 1); struct user_data *data0 = ALLOC(struct user_data, 1);
data0->id = 101; data0->id = 101;
@@ -92,9 +92,9 @@ TEST(rcu_hash_add_multi_node, single_thread) {
/* find in hash before commit */ /* find in hash before commit */
void *res = rcu_hash_find(htable, key0, key0_len); void *res = rcu_hash_find(htable, key0, key0_len);
EXPECT_EQ(res, nullptr); EXPECT_EQ(res, NULL);
res = rcu_hash_find(htable, key1, key1_len); res = rcu_hash_find(htable, key1, key1_len);
EXPECT_EQ(res, nullptr); EXPECT_EQ(res, NULL);
int ret = rcu_hash_count(htable); int ret = rcu_hash_count(htable);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
@@ -110,14 +110,14 @@ TEST(rcu_hash_add_multi_node, single_thread) {
/* find in hash after commit */ /* find in hash after commit */
res = rcu_hash_find(htable, key0, key0_len); res = rcu_hash_find(htable, key0, key0_len);
EXPECT_NE(res, nullptr); EXPECT_NE(res, NULL);
struct user_data *res_data0 = (struct user_data *)res; struct user_data *res_data0 = (struct user_data *)res;
EXPECT_EQ(res_data0->id, 101); EXPECT_EQ(res_data0->id, 101);
EXPECT_STREQ(res_data0->name, "www.baidu.com"); EXPECT_STREQ(res_data0->name, "www.baidu.com");
res = rcu_hash_find(htable, key1, key1_len); res = rcu_hash_find(htable, key1, key1_len);
EXPECT_NE(res, nullptr); EXPECT_NE(res, NULL);
struct user_data *res_data1 = (struct user_data *)res; struct user_data *res_data1 = (struct user_data *)res;
EXPECT_EQ(res_data1->id, 102); EXPECT_EQ(res_data1->id, 102);
@@ -138,7 +138,7 @@ TEST(rcu_hash_add_multi_node, single_thread) {
TEST(rcu_hash_del_one_node, single_thread) { TEST(rcu_hash_del_one_node, single_thread) {
/* case1: add and del before commit */ /* case1: add and del before commit */
struct rcu_hash_table *htable = rcu_hash_new(data_free); struct rcu_hash_table *htable = rcu_hash_new(data_free);
EXPECT_NE(htable, nullptr); EXPECT_NE(htable, NULL);
struct user_data *data = ALLOC(struct user_data, 1); struct user_data *data = ALLOC(struct user_data, 1);
data->id = 101; data->id = 101;
@@ -156,7 +156,7 @@ TEST(rcu_hash_del_one_node, single_thread) {
/* find in hash before commit */ /* find in hash before commit */
void *res = rcu_hash_find(htable, key, key_len); void *res = rcu_hash_find(htable, key, key_len);
EXPECT_EQ(res, nullptr); EXPECT_EQ(res, NULL);
ret = rcu_hash_count(htable); ret = rcu_hash_count(htable);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
@@ -173,7 +173,7 @@ TEST(rcu_hash_del_one_node, single_thread) {
/* find in hash after commit */ /* find in hash after commit */
res = rcu_hash_find(htable, key, key_len); res = rcu_hash_find(htable, key, key_len);
EXPECT_EQ(res, nullptr); EXPECT_EQ(res, NULL);
/* case2: add && commit, and del */ /* case2: add && commit, and del */
struct user_data *data1 = ALLOC(struct user_data, 1); struct user_data *data1 = ALLOC(struct user_data, 1);
@@ -190,7 +190,7 @@ TEST(rcu_hash_del_one_node, single_thread) {
rcu_hash_del(htable, key1, key1_len); rcu_hash_del(htable, key1, key1_len);
res = rcu_hash_find(htable, key1, key1_len); res = rcu_hash_find(htable, key1, key1_len);
EXPECT_NE(res, nullptr); EXPECT_NE(res, NULL);
struct user_data *res_data = (struct user_data *)res; struct user_data *res_data = (struct user_data *)res;
EXPECT_EQ(res_data->id, 102); EXPECT_EQ(res_data->id, 102);
@@ -205,7 +205,7 @@ TEST(rcu_hash_del_one_node, single_thread) {
/* delete commit */ /* delete commit */
rcu_hash_commit(htable); rcu_hash_commit(htable);
res = rcu_hash_find(htable, key1, key1_len); res = rcu_hash_find(htable, key1, key1_len);
EXPECT_EQ(res, nullptr); EXPECT_EQ(res, NULL);
ret = rcu_hash_count(htable); ret = rcu_hash_count(htable);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
@@ -219,7 +219,7 @@ TEST(rcu_hash_del_one_node, single_thread) {
TEST(rcu_hash_del_multi_node, single_thread) { TEST(rcu_hash_del_multi_node, single_thread) {
/* case1: add and del before commit */ /* case1: add and del before commit */
struct rcu_hash_table *htable = rcu_hash_new(data_free); struct rcu_hash_table *htable = rcu_hash_new(data_free);
EXPECT_NE(htable, nullptr); EXPECT_NE(htable, NULL);
struct user_data *data1 = ALLOC(struct user_data, 1); struct user_data *data1 = ALLOC(struct user_data, 1);
data1->id = 101; data1->id = 101;
@@ -239,7 +239,7 @@ TEST(rcu_hash_del_multi_node, single_thread) {
/* find in hash before commit */ /* find in hash before commit */
void *res = rcu_hash_find(htable, key1, key1_len); void *res = rcu_hash_find(htable, key1, key1_len);
EXPECT_EQ(res, nullptr); EXPECT_EQ(res, NULL);
int ret = rcu_hash_count(htable); int ret = rcu_hash_count(htable);
EXPECT_EQ(ret, 0); EXPECT_EQ(ret, 0);
@@ -257,10 +257,10 @@ TEST(rcu_hash_del_multi_node, single_thread) {
/* find in hash after commit */ /* find in hash after commit */
res = rcu_hash_find(htable, key1, key1_len); res = rcu_hash_find(htable, key1, key1_len);
EXPECT_EQ(res, nullptr); EXPECT_EQ(res, NULL);
res = rcu_hash_find(htable, key2, key2_len); res = rcu_hash_find(htable, key2, key2_len);
EXPECT_NE(res, nullptr); EXPECT_NE(res, NULL);
ret = rcu_hash_count(htable); ret = rcu_hash_count(htable);
EXPECT_EQ(ret, 1); EXPECT_EQ(ret, 1);

7
test/rule/full/HTTP_URL.000001
View File

@@ -1,7 +0,0 @@
0000000006
101 1 hello 0 0 0 1
102 2 maat 0 0 0 1
103 3 [W|w]orld 2 0 0 1
104 4 hello&world 1 0 0 1
105 5 [0-9]hello&world 2 0 0 1
106 6 [0-9]hello&[0-9]world 2 0 0 1

1
test/rule/full/index/full_config_index.000001
View File

@@ -1 +0,0 @@
HTTP_URL 6 /home/liuwentan/project/maat-v4/test/rule/full/HTTP_URL.000001

58
test/table_info.conf
View File

@@ -42,23 +42,7 @@
}, },
{ {
"table_id":3, "table_id":3,
"table_name":"HTTP_URL", "table_name":"HTTP_URL_LITERAL",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":3,
"table_name":"HTTP_HOST",
"table_type":"expr", "table_type":"expr",
"valid_column":7, "valid_column":7,
"custom": { "custom": {
@@ -74,7 +58,7 @@
}, },
{ {
"table_id":4, "table_id":4,
"table_name":"KEYWORDS_TABLE", "table_name":"HTTP_URL_REGEX",
"table_type":"expr", "table_type":"expr",
"valid_column":7, "valid_column":7,
"custom": { "custom": {
@@ -90,6 +74,38 @@
}, },
{ {
"table_id":5, "table_id":5,
"table_name":"HTTP_HOST",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":6,
"table_name":"KEYWORDS_TABLE",
"table_type":"expr",
"valid_column":7,
"custom": {
"scan_mode":"block",
"pattern_type":"literal",
"item_id":1,
"group_id":2,
"keywords":3,
"expr_type":4,
"match_method":5,
"is_hexbin":6
}
},
{
"table_id":7,
"table_name":"IP_CONFIG", "table_name":"IP_CONFIG",
"table_type":"ip_plus", "table_type":"ip_plus",
"valid_column":18, "valid_column":18,
@@ -103,7 +119,7 @@
} }
}, },
{ {
"table_id":6, "table_id":8,
"table_name":"CONTENT_SIZE", "table_name":"CONTENT_SIZE",
"table_type":"intval", "table_type":"intval",
"valid_column":5, "valid_column":5,
@@ -115,7 +131,7 @@
} }
}, },
{ {
"table_id":7, "table_id":9,
"table_name":"QD_ENTRY_INFO", "table_name":"QD_ENTRY_INFO",
"table_type":"plugin", "table_type":"plugin",
"valid_column":4, "valid_column":4,
@@ -125,7 +141,7 @@
} }
}, },
{ {
"table_id":9, "table_id":10,
"table_name":"HTTP_SIGNATURE", "table_name":"HTTP_SIGNATURE",
"table_type":"expr_plus", "table_type":"expr_plus",
"valid_column":8, "valid_column":8,

2
vendor/CMakeLists.txt vendored
View File

@@ -84,7 +84,7 @@ file(MAKE_DIRECTORY ${VENDOR_BUILD}/include)
add_library(hiredis-static STATIC IMPORTED GLOBAL) add_library(hiredis-static STATIC IMPORTED GLOBAL)
add_dependencies(hiredis-static hiredis) add_dependencies(hiredis-static hiredis)
set_property(TARGET hiredis-static PROPERTY IMPORTED_LOCATION ${VENDOR_BUILD}/lib64/libhiredis.a) set_property(TARGET hiredis-static PROPERTY IMPORTED_LOCATION ${VENDOR_BUILD}/lib64/libhiredisd.a)
set_property(TARGET hiredis-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${VENDOR_BUILD}/include) set_property(TARGET hiredis-static PROPERTY INTERFACE_INCLUDE_DIRECTORIES ${VENDOR_BUILD}/include)
#igraph-0.7.1 #igraph-0.7.1