diff --git a/src/entry/Maat_hierarchy.cpp b/src/entry/Maat_hierarchy.cpp index 7d36579..c3c8997 100644 --- a/src/entry/Maat_hierarchy.cpp +++ b/src/entry/Maat_hierarchy.cpp @@ -913,7 +913,10 @@ static struct bool_matcher* Maat_hierarchy_build_bool_matcher(struct Maat_hierar if(bm!=NULL) { MESA_handle_runtime_log(hier->logger, RLOG_LV_INFO, module_maat_hierarchy, - "Build bool matcher with %zu expression use %zu bytes memory", expr_cnt, mem_size); + "Build bool matcher of %zu expressions and %llu clauses, use %zu bytes memory.", + expr_cnt, + HASH_COUNT(clause_dedup_hash), + mem_size); } else { @@ -1056,6 +1059,10 @@ struct Maat_hierarchy_literal* Maat_hierarchy_build_literal_hash(struct Maat_hie } } + MESA_handle_runtime_log(hier->logger, RLOG_LV_INFO, module_maat_hierarchy, + "Build literal hash with %llu literals.", + HASH_COUNT(literal_hash)); + return literal_hash; } diff --git a/src/entry/Maat_rule.cpp b/src/entry/Maat_rule.cpp index e55121a..c7a0ae3 100644 --- a/src/entry/Maat_rule.cpp +++ b/src/entry/Maat_rule.cpp @@ -56,7 +56,7 @@ extern "C" } #endif -int MAAT_FRAME_VERSION_3_1_5_20201205=1; +int MAAT_FRAME_VERSION_3_1_5_20201216=1; int is_valid_table_name(const char* str) { @@ -1089,7 +1089,7 @@ int add_expr_rule(struct Maat_table_schema* table,struct db_str_rule_t* db_rule, scan_rule_t*p_rule=NULL; enum MAAT_CHARSET dst_charset=CHARSET_NONE; - char *sub_key_array[MAAT_MAX_EXPR_ITEM_NUM]; + char *sub_key_array[MAAT_MAX_EXPR_ITEM_NUM], *tmp=NULL; int key_left_offset[MAAT_MAX_EXPR_ITEM_NUM]={-1},key_right_offset[MAAT_MAX_EXPR_ITEM_NUM]={-1}; for(i=0;ikeywords;;i++,p=NULL) { - if(i>=MAAT_MAX_EXPR_ITEM_NUM) - { - MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module , - "Table %s region cfg %d too many expr.",table->table_name[table->updating_name],db_rule->region_id); - return -1; - } - sub_key_array[i]=strtok_r_esc(p,'&',&saveptr); - if(sub_key_array[i]==NULL) + tmp=strtok_r_esc(p, '&', &saveptr); + if(tmp==NULL) { break; } + if(i>=MAAT_MAX_EXPR_ITEM_NUM) + { + MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module , + "Table %s region cfg %d too many expr.", table->table_name[table->updating_name], db_rule->region_id); + return -1; + } + sub_key_array[i]=tmp; if(db_rule->expr_type==EXPR_TYPE_REGEX) { - sub_key_array[i]=str_unescape_and(sub_key_array[i]);//regex remain use str_unescape_and + sub_key_array[i]=str_unescape_and(sub_key_array[i]);//regex should use str_unescape_and } else { @@ -1140,29 +1141,30 @@ int add_expr_rule(struct Maat_table_schema* table,struct db_str_rule_t* db_rule, case EXPR_TYPE_OFFSET: for(i=0,p=db_rule->keywords;;i++,p=NULL) { - if(i>=MAAT_MAX_EXPR_ITEM_NUM) - { - MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module , - "Table %s region cfg %d too many expr.",table->table_name[table->updating_name],db_rule->region_id); - return -1; - } - sub_key_array[i]=strtok_r_esc(p,'&',&saveptr); - if(sub_key_array[i]==NULL) + tmp=strtok_r_esc(p, '&', &saveptr); + if(tmp==NULL) { break; } - sscanf(sub_key_array[i],"%d-%d:",&(key_left_offset[i]),&(key_right_offset[i])); + if(i>=MAAT_MAX_EXPR_ITEM_NUM) + { + MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module , + "Table %s region cfg %d too many expr.", table->table_name[table->updating_name], db_rule->region_id); + return -1; + } + sub_key_array[i]=tmp; + sscanf(sub_key_array[i], "%d-%d:", &(key_left_offset[i]),&(key_right_offset[i])); if(!(key_left_offset[i]>=0&&key_right_offset[i]>0&&key_left_offset[i]<=key_right_offset[i])) { MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module , - "Table %s region cfg %d invalid offset.",table->table_name[table->updating_name],db_rule->region_id); + "Table %s region cfg %d invalid offset.", table->table_name[table->updating_name], db_rule->region_id); return -1; } - sub_key_array[i]=(char*)memchr(sub_key_array[i],':',strlen(sub_key_array[i])); + sub_key_array[i]=(char*)memchr(sub_key_array[i], ':', strlen(sub_key_array[i])); if(sub_key_array[i]==NULL) { MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module , - "Table %s region cfg %d invalid offset keyword format.",table->table_name[table->updating_name],db_rule->region_id); + "Table %s region cfg %d invalid offset keyword format.", table->table_name[table->updating_name], db_rule->region_id); return -1; } sub_key_array[i]++;//jump over ':' diff --git a/test/maat_json.json b/test/maat_json.json index 7fcc610..cb55de9 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -1906,47 +1906,72 @@ } ] }, - { - "compile_id": 180, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "Hierarchy_VirtualWithTwoPhysical", - "is_valid": "yes", - "groups": [ - { - "group_name":"FQDN_OBJ1", - "virtual_table":"VIRTUAL_SSL_SNI", - "not_flag" : 0, - "clause_index":0 - }, - { - "group_name":"FQDN_CAT1", - "virtual_table":"VIRTUAL_SSL_SNI", - "not_flag" : 0, - "clause_index":0 - } - ] - }, - { - "compile_id": 181, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "ipv4_composition.match", - "is_valid": "yes", - "groups": [ - { - "group_name":"IPv4-composition-source-only", - "virtual_table":"COMPOSITION_IP_SOURCE", - "not_flag":0 - } - ] - } + { + "compile_id": 180, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "Hierarchy_VirtualWithTwoPhysical", + "is_valid": "yes", + "groups": [ + { + "group_name":"FQDN_OBJ1", + "virtual_table":"VIRTUAL_SSL_SNI", + "not_flag" : 0, + "clause_index":0 + }, + { + "group_name":"FQDN_CAT1", + "virtual_table":"VIRTUAL_SSL_SNI", + "not_flag" : 0, + "clause_index":0 + } + ] + }, + { + "compile_id": 181, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "ipv4_composition.match", + "is_valid": "yes", + "groups": [ + { + "group_name":"IPv4-composition-source-only", + "virtual_table":"COMPOSITION_IP_SOURCE", + "not_flag":0 + } + ] + }, + { + "compile_id": 182, + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "8-expr", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "string", + "table_content": { + "keywords": "string1&string2&string3&string4&string5&string6&string7&string8", + "expr_type": "and", + "match_method": "expr", + "format": "uncase plain" + } + } + ] + } + ] + } ], "plugin_table": [ { diff --git a/test/test_maatframe.cpp b/test/test_maatframe.cpp index 8a94efa..dbd43e1 100644 --- a/test/test_maatframe.cpp +++ b/test/test_maatframe.cpp @@ -1305,6 +1305,28 @@ TEST(StringScan, MaatUnescape) return; } +TEST(StringScan, Expr8) +{ + int ret=0; + int table_id=0; + struct Maat_rule_t result[4]; + const char* scan_data="string1, string2, string3, string4, string5, string6, string7, string8"; + const char* table_name="KEYWORDS_TABLE"; + scan_status_t mid=NULL; + + table_id=Maat_table_register(g_feather,table_name); + ASSERT_GT(table_id, 0); + + ret=Maat_full_scan_string(g_feather, table_id, CHARSET_GBK, scan_data, strlen(scan_data), + result, NULL, 4, + &mid, 0); + EXPECT_EQ(ret, 1); + EXPECT_EQ(result[0].config_id, 182); + Maat_clean_status(&mid); + + return; +} + TEST(StringScan, StreamInput) { int table_id=0,ret=0;