From f908f2e3ac72389069d5b57186911a4fa804f2f8 Mon Sep 17 00:00:00 2001 From: zhengchao Date: Wed, 16 Dec 2020 10:51:34 +0600 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E5=8A=A0=E8=BD=BD8=E4=B8=AA?= =?UTF-8?q?=E5=AD=97=E7=AC=A6=E4=B8=B2=E4=B8=8E=E8=A1=A8=E8=BE=BE=E5=BC=8F?= =?UTF-8?q?=E6=8A=A5=E9=94=99=E7=9A=84bug=20TSG-4717=EF=BC=9B=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0Hierarchy=E6=97=A5=E5=BF=97=E4=B8=AD=E8=BE=93=E5=87=BA?= =?UTF-8?q?=E5=8E=BB=E9=87=8D=E5=90=8EClause=E7=9A=84=E6=95=B0=E9=87=8F?= =?UTF-8?q?=E3=80=82?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/entry/Maat_hierarchy.cpp | 9 ++- src/entry/Maat_rule.cpp | 48 ++++++++-------- test/maat_json.json | 107 +++++++++++++++++++++-------------- test/test_maatframe.cpp | 22 +++++++ 4 files changed, 121 insertions(+), 65 deletions(-) diff --git a/src/entry/Maat_hierarchy.cpp b/src/entry/Maat_hierarchy.cpp index 7d36579..c3c8997 100644 --- a/src/entry/Maat_hierarchy.cpp +++ b/src/entry/Maat_hierarchy.cpp @@ -913,7 +913,10 @@ static struct bool_matcher* Maat_hierarchy_build_bool_matcher(struct Maat_hierar if(bm!=NULL) { MESA_handle_runtime_log(hier->logger, RLOG_LV_INFO, module_maat_hierarchy, - "Build bool matcher with %zu expression use %zu bytes memory", expr_cnt, mem_size); + "Build bool matcher of %zu expressions and %llu clauses, use %zu bytes memory.", + expr_cnt, + HASH_COUNT(clause_dedup_hash), + mem_size); } else { @@ -1056,6 +1059,10 @@ struct Maat_hierarchy_literal* Maat_hierarchy_build_literal_hash(struct Maat_hie } } + MESA_handle_runtime_log(hier->logger, RLOG_LV_INFO, module_maat_hierarchy, + "Build literal hash with %llu literals.", + HASH_COUNT(literal_hash)); + return literal_hash; } diff --git a/src/entry/Maat_rule.cpp b/src/entry/Maat_rule.cpp index e55121a..c7a0ae3 100644 --- a/src/entry/Maat_rule.cpp +++ b/src/entry/Maat_rule.cpp @@ -56,7 +56,7 @@ extern "C" } #endif -int MAAT_FRAME_VERSION_3_1_5_20201205=1; +int MAAT_FRAME_VERSION_3_1_5_20201216=1; int is_valid_table_name(const char* str) { @@ -1089,7 +1089,7 @@ int add_expr_rule(struct Maat_table_schema* table,struct db_str_rule_t* db_rule, scan_rule_t*p_rule=NULL; enum MAAT_CHARSET dst_charset=CHARSET_NONE; - char *sub_key_array[MAAT_MAX_EXPR_ITEM_NUM]; + char *sub_key_array[MAAT_MAX_EXPR_ITEM_NUM], *tmp=NULL; int key_left_offset[MAAT_MAX_EXPR_ITEM_NUM]={-1},key_right_offset[MAAT_MAX_EXPR_ITEM_NUM]={-1}; for(i=0;ikeywords;;i++,p=NULL) { - if(i>=MAAT_MAX_EXPR_ITEM_NUM) - { - MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module , - "Table %s region cfg %d too many expr.",table->table_name[table->updating_name],db_rule->region_id); - return -1; - } - sub_key_array[i]=strtok_r_esc(p,'&',&saveptr); - if(sub_key_array[i]==NULL) + tmp=strtok_r_esc(p, '&', &saveptr); + if(tmp==NULL) { break; } + if(i>=MAAT_MAX_EXPR_ITEM_NUM) + { + MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module , + "Table %s region cfg %d too many expr.", table->table_name[table->updating_name], db_rule->region_id); + return -1; + } + sub_key_array[i]=tmp; if(db_rule->expr_type==EXPR_TYPE_REGEX) { - sub_key_array[i]=str_unescape_and(sub_key_array[i]);//regex remain use str_unescape_and + sub_key_array[i]=str_unescape_and(sub_key_array[i]);//regex should use str_unescape_and } else { @@ -1140,29 +1141,30 @@ int add_expr_rule(struct Maat_table_schema* table,struct db_str_rule_t* db_rule, case EXPR_TYPE_OFFSET: for(i=0,p=db_rule->keywords;;i++,p=NULL) { - if(i>=MAAT_MAX_EXPR_ITEM_NUM) - { - MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module , - "Table %s region cfg %d too many expr.",table->table_name[table->updating_name],db_rule->region_id); - return -1; - } - sub_key_array[i]=strtok_r_esc(p,'&',&saveptr); - if(sub_key_array[i]==NULL) + tmp=strtok_r_esc(p, '&', &saveptr); + if(tmp==NULL) { break; } - sscanf(sub_key_array[i],"%d-%d:",&(key_left_offset[i]),&(key_right_offset[i])); + if(i>=MAAT_MAX_EXPR_ITEM_NUM) + { + MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module , + "Table %s region cfg %d too many expr.", table->table_name[table->updating_name], db_rule->region_id); + return -1; + } + sub_key_array[i]=tmp; + sscanf(sub_key_array[i], "%d-%d:", &(key_left_offset[i]),&(key_right_offset[i])); if(!(key_left_offset[i]>=0&&key_right_offset[i]>0&&key_left_offset[i]<=key_right_offset[i])) { MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module , - "Table %s region cfg %d invalid offset.",table->table_name[table->updating_name],db_rule->region_id); + "Table %s region cfg %d invalid offset.", table->table_name[table->updating_name], db_rule->region_id); return -1; } - sub_key_array[i]=(char*)memchr(sub_key_array[i],':',strlen(sub_key_array[i])); + sub_key_array[i]=(char*)memchr(sub_key_array[i], ':', strlen(sub_key_array[i])); if(sub_key_array[i]==NULL) { MESA_handle_runtime_log(logger,RLOG_LV_FATAL,maat_module , - "Table %s region cfg %d invalid offset keyword format.",table->table_name[table->updating_name],db_rule->region_id); + "Table %s region cfg %d invalid offset keyword format.", table->table_name[table->updating_name], db_rule->region_id); return -1; } sub_key_array[i]++;//jump over ':' diff --git a/test/maat_json.json b/test/maat_json.json index 7fcc610..cb55de9 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -1906,47 +1906,72 @@ } ] }, - { - "compile_id": 180, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "Hierarchy_VirtualWithTwoPhysical", - "is_valid": "yes", - "groups": [ - { - "group_name":"FQDN_OBJ1", - "virtual_table":"VIRTUAL_SSL_SNI", - "not_flag" : 0, - "clause_index":0 - }, - { - "group_name":"FQDN_CAT1", - "virtual_table":"VIRTUAL_SSL_SNI", - "not_flag" : 0, - "clause_index":0 - } - ] - }, - { - "compile_id": 181, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "effective_rage": 0, - "user_region": "ipv4_composition.match", - "is_valid": "yes", - "groups": [ - { - "group_name":"IPv4-composition-source-only", - "virtual_table":"COMPOSITION_IP_SOURCE", - "not_flag":0 - } - ] - } + { + "compile_id": 180, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "Hierarchy_VirtualWithTwoPhysical", + "is_valid": "yes", + "groups": [ + { + "group_name":"FQDN_OBJ1", + "virtual_table":"VIRTUAL_SSL_SNI", + "not_flag" : 0, + "clause_index":0 + }, + { + "group_name":"FQDN_CAT1", + "virtual_table":"VIRTUAL_SSL_SNI", + "not_flag" : 0, + "clause_index":0 + } + ] + }, + { + "compile_id": 181, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "effective_rage": 0, + "user_region": "ipv4_composition.match", + "is_valid": "yes", + "groups": [ + { + "group_name":"IPv4-composition-source-only", + "virtual_table":"COMPOSITION_IP_SOURCE", + "not_flag":0 + } + ] + }, + { + "compile_id": 182, + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "8-expr", + "is_valid": "yes", + "groups": [ + { + "regions": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "string", + "table_content": { + "keywords": "string1&string2&string3&string4&string5&string6&string7&string8", + "expr_type": "and", + "match_method": "expr", + "format": "uncase plain" + } + } + ] + } + ] + } ], "plugin_table": [ { diff --git a/test/test_maatframe.cpp b/test/test_maatframe.cpp index 8a94efa..dbd43e1 100644 --- a/test/test_maatframe.cpp +++ b/test/test_maatframe.cpp @@ -1305,6 +1305,28 @@ TEST(StringScan, MaatUnescape) return; } +TEST(StringScan, Expr8) +{ + int ret=0; + int table_id=0; + struct Maat_rule_t result[4]; + const char* scan_data="string1, string2, string3, string4, string5, string6, string7, string8"; + const char* table_name="KEYWORDS_TABLE"; + scan_status_t mid=NULL; + + table_id=Maat_table_register(g_feather,table_name); + ASSERT_GT(table_id, 0); + + ret=Maat_full_scan_string(g_feather, table_id, CHARSET_GBK, scan_data, strlen(scan_data), + result, NULL, 4, + &mid, 0); + EXPECT_EQ(ret, 1); + EXPECT_EQ(result[0].config_id, 182); + Maat_clean_status(&mid); + + return; +} + TEST(StringScan, StreamInput) { int table_id=0,ret=0;