liuwentan
|
ca1ae3a0de
|
fix compile table update bug
|
2023-02-23 14:50:07 +08:00 |
|
liuwentan
|
d1aee82fe2
|
compile/plugin table callback function normalization
|
2023-02-23 11:37:02 +08:00 |
|
liuwentan
|
9578be5ff3
|
uint64_t -> long long
|
2023-02-22 15:22:41 +08:00 |
|
liuwentan
|
ac51c70426
|
compile_id,group_id,item_id support uint64_t
|
2023-02-22 15:08:52 +08:00 |
|
liuwentan
|
f8543d9f96
|
table_name->table_id and compile table callback
|
2023-02-21 11:27:18 +08:00 |
|
liuwentan
|
24b27429a5
|
change table_id->table_name
|
2023-02-20 11:43:43 +08:00 |
|
liuwentan
|
bbed56db80
|
compile table support conjunction, ip_plugin support cidr
|
2023-02-20 10:57:40 +08:00 |
|
liuwentan
|
be5d157733
|
generate rpm package
|
2023-02-16 17:45:18 +08:00 |
|
liuwentan
|
b5b47837d2
|
fix rule_monitor_loop bug
|
2023-02-16 16:45:06 +08:00 |
|
liuwentan
|
d1b015226e
|
fix cmake bug
|
2023-02-16 11:28:44 +08:00 |
|
liuwentan
|
f688a99bd0
|
add ci config
|
2023-02-16 11:13:23 +08:00 |
|
liuwentan
|
379efcf027
|
cpp->c and expr support configurable generation of literal_db or regex_db
|
2023-02-15 11:53:46 +08:00 |
|
liuwentan
|
d5e6808e1f
|
support expr offset match
|
2023-02-09 22:13:15 +08:00 |
|
liuwentan
|
c1902f8deb
|
fix flag_matcher and interval_matcher compile error
|
2023-02-07 11:25:31 +08:00 |
|
liuwentan
|
4d2f783874
|
add flagMatcher and IntevalMatcher
|
2023-02-06 08:14:25 +08:00 |
|
liuwentan
|
57f0a0581a
|
unfinished work
|
2023-02-03 17:28:14 +08:00 |
|
liuwentan
|
cca7d882e1
|
refactor hierarchy and maat_table
|
2023-01-31 20:39:53 +08:00 |
|
liuwentan
|
25f944a1d1
|
unfinished work
|
2023-01-30 21:59:35 +08:00 |
|
liuwentan
|
3d4b833e48
|
hierarchy refactor unfinished
|
2023-01-06 18:54:59 +08:00 |
|
liuwentan
|
9778267b48
|
add dynamic config unit-test and hierarchy unfinished
|
2022-12-14 15:28:21 +08:00 |
|
liuwentan
|
95b2123b5f
|
add unittest for scan_ip
|
2022-12-12 00:10:30 +08:00 |
|
liuwentan
|
83bdf09dc9
|
support log
|
2022-12-10 00:37:51 +08:00 |
|
liuwentan
|
0536083cbe
|
support scan ip
|
2022-12-09 17:12:18 +08:00 |
|
liuwentan
|
6ba2f6241e
|
add conjunction table
|
2022-12-06 00:35:36 +08:00 |
|
liuwentan
|
6d18cf0f36
|
add input mode unit-test
|
2022-12-05 23:21:18 +08:00 |
|
liuwentan
|
ea4c1ba4c3
|
add json/redis rule parser
|
2022-12-03 22:23:41 +08:00 |
|
liuwentan
|
84a271144b
|
fix memory leak and add framework test
|
2022-11-29 14:12:40 +08:00 |
|
liuwentan
|
7e6d131c9e
|
framework work well
|
2022-11-25 16:32:29 +08:00 |
|
liuwentan
|
2a83517894
|
unfinished work
|
2022-11-17 05:05:35 +08:00 |
|
liuwentan
|
6881611975
|
[SCANNER]add hyperscan libs
|
2022-10-27 17:58:52 +08:00 |
|
zhengchao
|
7e860f2c58
|
Refactor from scratch.
|
2022-10-26 14:41:22 +08:00 |
|
zhengchao
|
10118ffed3
|
Add unit test cases for Boolean Expression Plugin (bool_plug) table.
|
2022-08-23 18:32:03 +08:00 |
|
zhengchao
|
ddd36c2969
|
Refactor table schema and runtime to support boolean expression plugin.
|
2022-08-23 15:04:55 +08:00 |
|
zhengchao
|
d2db95e528
|
Maat_rule_get_ex_data读取compile rule的exdata时,对scanner判空,避免无配置时发生段错误。 修复 TSG-9349
|
2022-01-12 10:43:46 +05:00 |
|
zhengchao
|
9e91bc0973
|
Expr_plus表增加中英文混合district的测试用例
|
2021-10-20 10:54:55 +03:00 |
|
zhengchao
|
d954c5a011
|
expr_plus和interval_plus表的district对英文大小写不敏感。
|
2021-10-20 00:02:43 +03:00 |
|
zhengchao
|
51b26e3a54
|
修复expr_plus和expr混合扫描时,expr漏命中的问题。
|
2021-10-12 09:55:53 +03:00 |
|
zhengchao
|
2eb2a4aca9
|
修复bug:对于已命中编译配置的mid,扫描expr_plus或interval_plus表,命中表达式/区间,但没命中district时,会错误的返回之前已命中的编译配置。
|
2021-10-11 19:16:17 +03:00 |
|
liuxueli
|
42c017467f
|
设置district命中策略后,使用同一个scan_mid再设置不同的district也命中策略
|
2021-10-11 22:13:22 +08:00 |
|
zhengchao
|
593bcfb907
|
修复 TSG-7994 ,避免处理未知district时出现误命中。
|
2021-10-11 12:00:26 +03:00 |
|
liuxueli
|
a2f2adc82a
|
策略中的district与扫描时设置的district不一致时命中了策略
|
2021-10-11 14:57:18 +08:00 |
|
liuxueli
|
c84fb97aae
|
如果扫描无规则数值类型的table时直接返回,导致未进行非表达式的运算。
|
2021-08-20 14:44:09 +08:00 |
|
zhengchao
|
465ad3ca6a
|
如果扫描无规则table时直接返回,导致未进行非表达式的运算。
|
2021-08-19 21:47:38 +08:00 |
|
zhengchao
|
293ad8e21c
|
让非表达式的测试用例更复杂
|
2021-08-19 21:47:38 +08:00 |
|
zhengchao
|
bcba756119
|
增加非表达式测试用例:对于compile {url!=a&ip=b}, 先扫非条件(url不命中),后扫命中条件(ip命中)
|
2021-08-19 21:47:37 +08:00 |
|
zhengchao
|
3cc9c5dcb7
|
增加IP Composition表的非规则测试用例
|
2021-08-19 21:47:37 +08:00 |
|
zhengchao
|
50934de91d
|
Plugin表更新后,不需要进行Hierarchy的重建。
|
2021-08-05 13:51:17 +08:00 |
|
zhengchao
|
0cb6a59d31
|
增加FQDN Plugin多线程扫描和更新的测试用例
|
2021-08-05 11:50:53 +08:00 |
|
zhengchao
|
96abe1d9f4
|
Maat_hierarchy_build_region2clause_hash中,不在对group中的region id排序和去重, 可以提高大Group的加载性能。
|
2021-07-27 15:17:29 +08:00 |
|
zhengchao
|
479eb77369
|
基于Maat_cmd的测试用例增加扫描状态输出。
|
2021-07-21 15:30:30 +08:00 |
|