#include "Maat_rule.h" #include "stream_fuzzy_hash.h" #include "Maat_command.h" #include #include #include #include //inet_addr #include //inet_addr #include //inet_addr #include #include //fstat #include #include #include #include #include //fstat #include //fstat #include #include #include #include const char* test_maat_redis_ip="127.0.0.1"; unsigned short test_maat_redis_port=6379; const char* json_path="./maat_json.json"; const char* ful_cfg_dir="./rule/full/index/"; const char* inc_cfg_dir="./rule/inc/index/"; #define WAIT_FOR_EFFECTIVE_US 1*1000*1000 extern int my_scandir(const char *dir, struct dirent ***namelist, int(*filter)(const struct dirent *), int(*compar)(const void *, const void *)); Maat_feather_t g_feather=NULL; void *g_logger=NULL; int g_iThreadNum=4; const char* table_info_path="./table_info.conf"; int scan_interval_ms=1; int effective_interval_ms=0; void Maat_read_entry_start_cb(int update_type,void* u_para) { return; } void Maat_read_entry_cb(int table_id,const char* table_line,void* u_para) { char ip_str[16]={0}; int entry_id=-1,seq=-1; unsigned int ip_uint=0; int is_valid=0; unsigned int local_ip_nr=16820416;//192.168.0.1 sscanf(table_line,"%d\t%s\t%d\t%d",&seq,ip_str,&entry_id,&is_valid); inet_pton(AF_INET,ip_str,&ip_uint); if(local_ip_nr==ip_uint) { if(is_valid==1) { //printf("Load entry id %d success.\n",entry_id); EXPECT_EQ(entry_id, 101); } else { //printf("Offload entry id %d success.\n",entry_id); } } return; } void Maat_read_entry_finish_cb(void* u_para) { Maat_feather_t feather=u_para; long long version=0; int ret=0,is_last_updating_table=0; ret=Maat_read_state(feather,MAAT_STATE_VERSION, &version, sizeof(version)); EXPECT_EQ(ret, 0); ret=Maat_read_state(feather,MAAT_STATE_LAST_UPDATING_TABLE, &is_last_updating_table, sizeof(is_last_updating_table)); EXPECT_EQ(ret, 0); //printf("Maat Version %lld at plugin finish callback, is_last_update=%d.\n",version,is_last_updating_table); return; } void test_plugin_table(Maat_feather_t feather,const char* table_name, Maat_start_callback_t *start,Maat_update_callback_t *update,Maat_finish_callback_t *finish, void *u_para, void* logger) { int table_id=0,ret=0; table_id=Maat_table_register(feather,table_name); ASSERT_GT(table_id, 0); ret=Maat_table_callback_register(feather, table_id, start, update, finish, u_para); ASSERT_GT(ret, 0); } TEST(PluginTable, Callback) { test_plugin_table(g_feather, "QD_ENTRY_INFO", Maat_read_entry_start_cb, Maat_read_entry_cb, Maat_read_entry_finish_cb, g_feather, g_logger); } TEST(StringScan, Full) { int ret=0; int table_id=0; struct Maat_rule_t result[4]; int found_pos[4]; const char* table_name="HTTP_URL"; scan_status_t mid=NULL; const char* scan_data="http://www.cyberessays.com/search_results.php?action=search&query=yulingjing,abckkk,1234567"; table_id=Maat_table_register(g_feather,table_name); ASSERT_GT(table_id, 0); ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, scan_data, strlen(scan_data), result,found_pos, 4, &mid, 0); EXPECT_GE(ret, 1); Maat_clean_status(&mid); } TEST(IPScan, IPv4) { int table_id=0,ret=0; const char* table_name="IP_CONFIG"; struct Maat_rule_t result[4]; scan_status_t mid=NULL; struct ipaddr ipv4_addr; struct stream_tuple4_v4 v4_addr; ipv4_addr.addrtype=ADDR_TYPE_IPV4; inet_pton(AF_INET,"10.0.6.205",&(v4_addr.saddr)); v4_addr.source=htons(50001); inet_pton(AF_INET,"10.0.6.201",&(v4_addr.daddr)); v4_addr.dest=htons(80); ipv4_addr.v4=&v4_addr; const char* scan_data="http://www.cyberessays.com/search_results.php?action=search&query=yulingjing,abckkk,1234567"; table_id=Maat_table_register(g_feather,"HTTP_URL"); ASSERT_GT(table_id, 0); ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, scan_data, strlen(scan_data), result,NULL, 4, &mid, 0); EXPECT_GE(ret, 1); table_id=Maat_table_register(g_feather,table_name); EXPECT_GT(table_id, 0); ret=Maat_scan_proto_addr(g_feather,table_id,&ipv4_addr,6,result,4, &mid,0); EXPECT_GT(ret, 0); Maat_clean_status(&mid); return; } TEST(IPScan, IPv6) { int table_id=0,ret=0; struct Maat_rule_t result[4]; struct ipaddr ipv6_addr; struct stream_tuple4_v6 v6_addr; scan_status_t mid=NULL; ipv6_addr.addrtype=ADDR_TYPE_IPV6; inet_pton(AF_INET6,"2001:da8:205:1::101",&(v6_addr.saddr)); v6_addr.source=htons(50001); inet_pton(AF_INET6,"2001:da8:205:1::102",&(v6_addr.daddr)); v6_addr.dest=htons(80); ipv6_addr.v6=&v6_addr; const char* table_name="IP_CONFIG"; table_id=Maat_table_register(g_feather,table_name); EXPECT_GT(table_id, 0); //for improving performance. Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_LAST_REGION,NULL, 0); ret=Maat_scan_proto_addr(g_feather,table_id,&ipv6_addr,6,result,4, &mid,0); EXPECT_EQ(ret, -2); Maat_clean_status(&mid); return; } TEST(IntervalScan, Pure) { int table_id=0,ret=0; int scan_val=2015; struct Maat_rule_t result[4]; const char* table_name="CONTENT_SIZE"; scan_status_t mid=NULL; table_id=Maat_table_register(g_feather,table_name); ASSERT_GT(table_id, 0); ret=Maat_scan_intval(g_feather, table_id, scan_val, result,4, &mid, 0); EXPECT_EQ(ret, -2); Maat_clean_status(&mid); return; } TEST(DigestScan, Pure) { int table_id=0,ret=0,hit_cnt=0; struct stat digest_fstat; unsigned long long read_size=0,scan_offset=0; char digest_test_buff[4096]={0}; const char* file_name="./testdata/digest_test.data"; const char* table_name="FILE_DIGEST"; struct Maat_rule_t result[4]; stream_para_t sp=NULL; scan_status_t mid=NULL; table_id=Maat_table_register(g_feather, table_name); ASSERT_GT(table_id, 0); ret=stat(file_name,&digest_fstat); ASSERT_EQ(ret, 0); FILE* fp=fopen(file_name,"r"); ASSERT_FALSE(fp==NULL); sp=Maat_stream_scan_digest_start(g_feather, table_id, digest_fstat.st_size, 0); while(0==feof(fp)) { read_size=fread(digest_test_buff,1,sizeof(digest_test_buff),fp); ret=Maat_stream_scan_digest(&sp, digest_test_buff, read_size, scan_offset, result,4, &mid); scan_offset+=read_size; if(ret>0) { hit_cnt++; } } fclose(fp); Maat_stream_scan_string_end(&sp); EXPECT_GE(hit_cnt, 1); Maat_clean_status(&mid); return; } TEST(StringScan, EncodedURL) { const char* url_utf8="www.google.com/?q=C%23%E4%B8%AD%E5%9B%BD"; const char* url_gb2312="www.baidu.com/?wd=C%23%D6%D0%B9%FA"; int table_id=0,ret=0; struct Maat_rule_t result[4]; int found_pos[4]; const char* table_name="HTTP_URL"; scan_status_t mid=NULL; table_id=Maat_table_register(g_feather,table_name); ASSERT_GT(table_id, 0); ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, url_utf8, strlen(url_utf8), result,found_pos, 4, &mid, 0); EXPECT_GE(ret, 1); Maat_clean_status(&mid); ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, url_gb2312, strlen(url_gb2312), result,found_pos, 4, &mid, 0); EXPECT_GE(ret, 1); Maat_clean_status(&mid); return; } TEST(StringScan, UnicodeEscape) { const char* test_data_dir="./testdata_uni2ascii"; struct dirent **namelist; FILE* fp=NULL; char file_path[256]={0}; char buff[4096]; size_t read_len=0; int table_id=0,ret=0; struct Maat_rule_t result[4]; stream_para_t sp=NULL; int n=0,i=0, hit_cnt=0; const char* table_name="KEYWORDS_TABLE"; scan_status_t mid=NULL; table_id=Maat_table_register(g_feather,table_name); ASSERT_GT(table_id, 0); n = my_scandir(test_data_dir, &namelist, NULL, (int (*)(const void*, const void*))alphasort); ASSERT_GT(n, 0); for(i=0;id_name, ".") == 0) || (strcmp(namelist[i]->d_name, "..") == 0)) { continue; } snprintf(file_path,sizeof(file_path),"%s/%s",test_data_dir,namelist[i]->d_name); fp=fopen(file_path,"rb"); if(fp==NULL) { printf("fopen %s error.\n",file_path);; continue; } sp=Maat_stream_scan_string_start(g_feather,table_id,0); ASSERT_FALSE(sp==NULL); read_len=fread(buff,1,sizeof(buff),fp); while(read_len>0) { ret=Maat_stream_scan_string(&sp,CHARSET_NONE,buff,read_len ,result, NULL, 4, &mid); read_len=fread(buff,1,sizeof(buff),fp); if(ret>0) { hit_cnt++; } } Maat_stream_scan_string_end(&sp); fclose(fp); EXPECT_GT(hit_cnt, 0); EXPECT_GE(result[0].config_id, 130);//130, 131 Maat_clean_status(&mid); } for(i=0;i0) { pass_flag=1; break; } } EXPECT_EQ(pass_flag, 1); EXPECT_EQ(result[0].config_id, 136); Maat_stream_scan_string_end(&sp); free(hit_detail); fclose(fp); Maat_clean_status(&mid); return; } TEST(StringScan, OffsetChunk64) { test_offset_str_scan_with_chunk(64); return; } TEST(StringScan, OffsetChunk1460) { test_offset_str_scan_with_chunk(1460); return; } void accept_tags_entry_cb(int table_id,const char* table_line,void* u_para) { char status[32]={0}; int entry_id=-1,seq=-1; int is_valid=0; sscanf(table_line,"%d\t%s\t%d\t%d",&seq,status,&entry_id,&is_valid); EXPECT_STREQ(status ,"SUCCESS"); return; } TEST(RuleTags, Plugin) { int table_id=0,ret=0; const char* table_name="TEST_EFFECTIVE_RANGE_TABLE"; table_id=Maat_table_register(g_feather,table_name); ASSERT_GT(table_id, 0); ret=Maat_table_callback_register(g_feather, table_id, NULL, accept_tags_entry_cb, NULL, NULL); ASSERT_GE(ret, 0); return; } TEST(RuleTags, Compile) { int ret=0; int table_id=0; scan_status_t mid=NULL; struct Maat_rule_t result[4]; const char* should_hit="string bbb should hit"; const char* should_not_hit="string aaa should not hit"; const char* table_name="HTTP_URL"; table_id=Maat_table_register(g_feather,table_name); ASSERT_GT(table_id, 0); ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, should_not_hit, strlen(should_not_hit), result,NULL, 4, &mid, 0); EXPECT_EQ(ret, -2); ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, should_hit, strlen(should_hit), result,NULL, 4, &mid, 0); EXPECT_EQ(ret, 1); Maat_clean_status(&mid); return; } TEST(StreamFuzzyHash, Pure) { const size_t FILE_CHUNK_SIZE=4096; char * file_buff=NULL,*sfh_ordered=NULL,*sfh_unorder=NULL; int read_size=0,ret=0,chunk_num=0,i=0,idx=0; unsigned long long *offset=NULL; unsigned long long file_size=0,tmp=0,hash_length=0; const char* filename="./testdata/digest_test.data"; FILE* fp=fopen(filename,"r"); sfh_instance_t * fhandle = NULL; struct stat file_info; ret=stat(filename, &file_info); ASSERT_TRUE(ret==0); file_size=file_info.st_size; file_buff=(char*)malloc(file_size); ret=fread(file_buff,1,file_size,fp); ASSERT_TRUE((unsigned long long)ret==file_size); chunk_num=file_size/FILE_CHUNK_SIZE; if(file_size%FILE_CHUNK_SIZE==0) { chunk_num=file_size/FILE_CHUNK_SIZE; } else { chunk_num=file_size/FILE_CHUNK_SIZE+1; } offset=(unsigned long long*)malloc(sizeof(unsigned long long)*chunk_num); for(i=0;ifile_size) { read_size=file_size-offset[i]; } else { read_size=FILE_CHUNK_SIZE; } SFH_feed(fhandle,file_buff+offset[i],read_size,offset[i]); } hash_length = SFH_status(fhandle, HASH_LENGTH); sfh_unorder=(char*)malloc(hash_length); SFH_digest(fhandle, sfh_unorder, hash_length); //printf("%s %u %lf %s\n",path,digest_fstat.st_size,file_entropy,digest_result_buff); SFH_release(fhandle); EXPECT_STREQ(sfh_ordered, sfh_unorder); fclose(fp); free(file_buff); free(sfh_ordered); free(sfh_unorder); free(offset); return; } TEST(ScanResult, LongerServiceDefine) { int ret=0; int table_id=0; scan_status_t mid=NULL; struct Maat_rule_t result[4]; const char* scan_data="soq is using table conjunction function.http://www.3300av.com/novel/27122.txt"; const char* table_name="HTTP_URL"; table_id=Maat_table_register(g_feather,table_name); ASSERT_GT(table_id, 0); ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, scan_data, strlen(scan_data), result, NULL, 4, &mid, 0); EXPECT_EQ(ret, 2); EXPECT_EQ(result[1].config_id, 133); EXPECT_GT(result[1].serv_def_len, 128); char* buff=(char*)malloc(sizeof(char)*result[1].serv_def_len); ret=Maat_read_rule(g_feather, result+1, MAAT_RULE_SERV_DEFINE, buff, result[1].serv_def_len); EXPECT_EQ(ret, result[1].serv_def_len); Maat_clean_status(&mid); free(buff); return; } class MaatCmdTest : public testing::Test { protected: static void SetUpTestCase() { void *logger=NULL; logger=MESA_create_runtime_log_handle("test_maat_redis.log",0); _shared_feather=Maat_feather(g_iThreadNum, table_info_path, logger); Maat_set_feather_opt(_shared_feather,MAAT_OPT_INSTANCE_NAME,"redis", strlen("redis")+1); Maat_set_feather_opt(_shared_feather, MAAT_OPT_REDIS_IP, test_maat_redis_ip, strlen(test_maat_redis_ip)+1); Maat_set_feather_opt(_shared_feather, MAAT_OPT_REDIS_PORT, &test_maat_redis_port, sizeof(test_maat_redis_port)); Maat_set_feather_opt(_shared_feather, MAAT_OPT_SCANDIR_INTERVAL_MS,&scan_interval_ms, sizeof(scan_interval_ms)); //Set a short intevral for testing. Maat_set_feather_opt(_shared_feather, MAAT_OPT_EFFECT_INVERVAL_MS,&effective_interval_ms, sizeof(effective_interval_ms)); const char* foregin_dir="./foreign_files/"; Maat_set_feather_opt(_shared_feather, MAAT_OPT_FOREIGN_CONT_DIR,foregin_dir, strlen(foregin_dir)+1); linger_timeout=2; Maat_set_feather_opt(_shared_feather, MAAT_OPT_FOREIGN_CONT_LINGER,&linger_timeout, sizeof(linger_timeout)); Maat_cmd_flushDB(_shared_feather); Maat_initiate_feather(_shared_feather); } static void TearDownTestCase() { Maat_burn_feather(_shared_feather); } // Some expensive resource shared by all tests. static Maat_feather_t _shared_feather; static int linger_timeout; }; Maat_feather_t MaatCmdTest::_shared_feather; int MaatCmdTest::linger_timeout; int test_add_expr_command(Maat_feather_t feather,const char* region_table,int config_id, int timeout,int label_id, const char* keywords) { struct Maat_cmd_t* cmd=NULL; struct Maat_rule_t rule; char huge_serv_def[1024*2]; memset(huge_serv_def,'s',sizeof(huge_serv_def)); struct Maat_region_t region; int group_num=1,ret=0; memset(&rule,0,sizeof(rule)); rule.config_id=config_id; strcpy(rule.service_defined,"maat_command"); //MUST acqire by function, because Maat_cmd_t has some hidden members. cmd=Maat_create_cmd(&rule, group_num); cmd->expire_after=timeout; cmd->label_id=label_id; memset(®ion,0,sizeof(region)); region.region_type=REGION_EXPR; region.table_name=region_table; region.expr_rule.district=NULL; region.expr_rule.keywords=keywords; region.expr_rule.expr_type=EXPR_TYPE_AND; region.expr_rule.match_method=MATCH_METHOD_SUB; region.expr_rule.hex_bin=UNCASE_PLAIN; Maat_cmd_set_opt(cmd, MAAT_RULE_SERV_DEFINE, huge_serv_def, sizeof(huge_serv_def)); Maat_add_region2cmd(cmd, 0, ®ion); //use pipeline model. ret=Maat_cmd_append(feather, cmd, MAAT_OP_ADD); if(ret<0) { printf("Add Maat command %d failed.\n",rule.config_id); Maat_free_cmd(cmd); return 0; } //cmd has been saved in feather, so free cmd before commit is allowed. Maat_free_cmd(cmd); return 0; } int del_command(Maat_feather_t feather,int config_id) { struct Maat_cmd_t* cmd=NULL; struct Maat_rule_t rule; int ret=0; memset(&rule,0,sizeof(rule)); rule.config_id=config_id; cmd=Maat_create_cmd(&rule, 0); ret=Maat_cmd(feather, cmd, MAAT_OP_DEL); if(ret<0) { printf("Delete Maat command %d failed.\n",rule.config_id); } Maat_free_cmd(cmd); return 0; } TEST_F(MaatCmdTest, SetExpr) { const char* scan_data="Hiredis is a minimalistic C client library for the Redis database.\r\n"; const char* table_name="HTTP_URL"; const char* keywords1="Hiredis"; const char* keywords2="C Client"; char escape_buff1[256],escape_buff2[256]; char keywords[256]; scan_status_t mid=NULL; int config_id=-1, table_id=0, ret=0; int output_ids[4]; int output_id_cnt=0; struct Maat_rule_t result; int timeout=0;//seconds int label_id=5210; long long version_before=0,version_after=0; Maat_feather_t feather=MaatCmdTest::_shared_feather; Maat_str_escape(escape_buff1, sizeof(escape_buff1),keywords1); Maat_str_escape(escape_buff2, sizeof(escape_buff2),keywords2); snprintf(keywords,sizeof(keywords),"%s&%s",escape_buff1,escape_buff2); config_id=(int)Maat_cmd_incrby(feather, "TEST_SEQ", 2); ret=Maat_read_state(feather,MAAT_STATE_VERSION, &version_before, sizeof(version_before)); test_add_expr_command(feather,table_name,config_id-1, 0, label_id, keywords); test_add_expr_command(feather,table_name,config_id, 0, label_id, keywords); ret=Maat_cmd_commit(feather); EXPECT_TRUE(ret>=0); usleep(WAIT_FOR_EFFECTIVE_US);//waiting for commands go into effect ret=Maat_read_state(feather,MAAT_STATE_VERSION, &version_after, sizeof(version_after)); EXPECT_EQ(ret, 0); EXPECT_GT(version_after, version_before); table_id=Maat_table_register(feather,table_name); ASSERT_GT(table_id, 0); memset(&result, 0, sizeof(result)); ret=Maat_full_scan_string(feather, table_id,CHARSET_GBK, scan_data, strlen(scan_data), &result,NULL, 1, &mid, 0); EXPECT_GT(ret, 0); EXPECT_TRUE(result.config_id==config_id||result.config_id==config_id-1); Maat_clean_status(&mid); output_id_cnt=Maat_cmd_select(feather,label_id, output_ids, 4); EXPECT_EQ(output_id_cnt, 2); EXPECT_TRUE(output_ids[0]==config_id||output_ids[0]==config_id-1); usleep(WAIT_FOR_EFFECTIVE_US);//waiting for commands go into effect del_command(feather, config_id-1); del_command(feather, config_id); usleep(WAIT_FOR_EFFECTIVE_US);//waiting for commands go into effect ret=Maat_full_scan_string(feather, table_id,CHARSET_GBK, scan_data, strlen(scan_data), &result,NULL, 1, &mid, 0); EXPECT_EQ(ret, 0); Maat_clean_status(&mid); timeout=1; config_id=(int)Maat_cmd_incrby(feather, "TEST_SEQ", 1); test_add_expr_command(feather,table_name,config_id, timeout, label_id, keywords); ret=Maat_cmd_commit(feather); EXPECT_TRUE(ret>=0); usleep(timeout*1000*1000+WAIT_FOR_EFFECTIVE_US); ret=Maat_full_scan_string(feather, table_id,CHARSET_GBK, scan_data, strlen(scan_data), &result,NULL, 1, &mid, 0); EXPECT_EQ(ret, 0); } TEST_F(MaatCmdTest, SetLines) { const int TEST_CMD_LINE_NUM=4; const struct Maat_line_t *p_line[TEST_CMD_LINE_NUM]; struct Maat_line_t line_rule[TEST_CMD_LINE_NUM]; char table_line[TEST_CMD_LINE_NUM][128]; int ret=0,i=0; Maat_feather_t feather=MaatCmdTest::_shared_feather; memset(&line_rule,0,sizeof(line_rule)); for(i=0;i