From 5d91db3ff16a78e774f27d9cf2414d5e34a0345d Mon Sep 17 00:00:00 2001 From: fengweihao Date: Wed, 7 Aug 2024 14:50:30 +0800 Subject: [PATCH] =?UTF-8?q?VerifyPolicy=E5=A2=9E=E5=8A=A0RegexExpression?= =?UTF-8?q?=E7=9B=B8=E5=85=B3=E6=B5=8B=E8=AF=95=E7=94=A8=E4=BE=8B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- platform/src/verify_matcher.cpp | 20 ++++++++++--- test/verify_policy_test.cpp | 53 ++++++++++++++++++++++++++++++++- 2 files changed, 68 insertions(+), 5 deletions(-) diff --git a/platform/src/verify_matcher.cpp b/platform/src/verify_matcher.cpp index 460f31c..b4b61bd 100644 --- a/platform/src/verify_matcher.cpp +++ b/platform/src/verify_matcher.cpp @@ -27,6 +27,7 @@ #define MAX_EX_DATA_LEN 16 #define HIT_PATH_SIZE 4096 #define MAX_SCAN_RESULT 16 +#define MAX_REGEX_EXPRESS_NUM 32 #define MODULE_VERIFY_MATCHER "verify-policy.matcher" @@ -2617,8 +2618,8 @@ enum verify_type get_verify_type(cJSON* http_respone) static int get_query_result_regex(cJSON *verifylist_array_item, cJSON *http_body) { - int cur_id=0, i=0, is_valid[32]={0}; - cJSON *regexstr_obj[32],*attributes=NULL; + int cur_id=0, i=0, is_valid[MAX_REGEX_EXPRESS_NUM]={0}; + cJSON *regexstr_obj[MAX_REGEX_EXPRESS_NUM],*attributes=NULL; cJSON *item = NULL, *subchild = NULL; attributes = cJSON_GetObjectItem(verifylist_array_item, "verify_regex"); @@ -2629,6 +2630,11 @@ static int get_query_result_regex(cJSON *verifylist_array_item, cJSON *http_body for (subchild = attributes->child; subchild != NULL; subchild = subchild->next) { + if(cur_id > MAX_REGEX_EXPRESS_NUM) + { + log_error(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "Supports up to %d regular expression validations", MAX_REGEX_EXPRESS_NUM); + break; + } item = cJSON_GetObjectItem(subchild, "regex_str"); if(item && item->type==cJSON_String) { @@ -2649,6 +2655,12 @@ static int get_query_result_regex(cJSON *verifylist_array_item, cJSON *http_body cJSON_AddNumberToObject(verify_regex_obj, "is_valid", is_valid[i]); cJSON_AddItemToArray(verifyRegex, verify_regex_obj); } + + if(cur_id == 0) + { + log_error(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "validated regular expression is empty"); + } + return 1; } @@ -2700,6 +2712,7 @@ int get_query_result_policy(cJSON *verifylist_array_item, cJSON *http_body, int item = cJSON_GetObjectItem(verifylist_array_item,"verify_session"); if(item == NULL || item->type!=cJSON_Object) { + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "get verify_session attribute failed:%s", item->valuestring); goto free; } @@ -3118,8 +3131,7 @@ void verify_policy_table_free(const char* profile_path) { if(g_policy_rt->feather[vsys_id]) { - /*Deleting maat handles can be problematic*/ - //maat_free(g_policy_rt->feather[vsys_id]); + maat_free(g_policy_rt->feather[vsys_id]); } } FREE(&g_policy_rt); diff --git a/test/verify_policy_test.cpp b/test/verify_policy_test.cpp index 032dffb..a83b09c 100644 --- a/test/verify_policy_test.cpp +++ b/test/verify_policy_test.cpp @@ -183,6 +183,57 @@ TEST(LibrarySearch, HitIpEntry) FREE(&hit_policy_list); } +TEST(VerifyPolicy, CheckRegexExpression) +{ + const char *hit_policy_request = "{\"verify_list\":[{\"vsys_id\":null,\"verify_regex\":[]}],\"verify_type\":\"regex\"}"; + const char *hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"verify_regex\":[]},\"success\":true}"; + + cJSON *result_json = get_verify_policy_query(hit_policy_request, strlen(hit_policy_request), 1); + ASSERT_TRUE(result_json != NULL); + + char *hit_policy_query = cJSON_PrintUnformatted(result_json); + ASSERT_TRUE(hit_policy_query != NULL); + + int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); + EXPECT_EQ(equal, 0); + + cJSON_Delete(result_json); + FREE(&hit_policy_query); + + hit_policy_request = "{\"verify_list\":[{\"vsys_id\":null,\"verify_regex\":[{\"regex_str\":\"asdfasf\",\"is_valid\":null}]}],\"verify_type\":\"regex\"}"; + hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"verify_regex\":[{\"regex_str\":\"asdfasf\",\"is_valid\":1}]},\"success\":true}"; + + result_json = get_verify_policy_query(hit_policy_request, strlen(hit_policy_request), 1); + ASSERT_TRUE(result_json != NULL); + + hit_policy_query = cJSON_PrintUnformatted(result_json); + ASSERT_TRUE(hit_policy_query != NULL); + + equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); + EXPECT_EQ(equal, 0); + + cJSON_Delete(result_json); + FREE(&hit_policy_query); + + hit_policy_request = "{\"verify_list\":[{\"vsys_id\":null,\"verify_regex\":[{\"regex_str\":\"RegexExpress\",\"is_valid\":null},\ +{\"regex_str\":\"*RegexExpress\",\"is_valid\":null},{\"regex_str\":\"^\\\\w+([-+.]\\\\w+)*@\\\\w+([-.]\\\\w+)*\\\\.\\\\w+([-.]\\\\w+)*$\",\"is_valid\":null}]}],\"verify_type\":\"regex\"}"; + hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"verify_regex\":[{\"regex_str\":\"RegexExpress\",\"is_valid\":1},{\"regex_str\":\"*RegexExpress\",\"is_valid\":0},\ +{\"regex_str\":\"^\\\\w+([-+.]\\\\w+)*@\\\\w+([-.]\\\\w+)*\\\\.\\\\w+([-.]\\\\w+)*$\",\"is_valid\":1}]},\"success\":true}"; + + result_json = get_verify_policy_query(hit_policy_request, strlen(hit_policy_request), 1); + ASSERT_TRUE(result_json != NULL); + + hit_policy_query = cJSON_PrintUnformatted(result_json); + ASSERT_TRUE(hit_policy_query != NULL); + + equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); + EXPECT_EQ(equal, 0); + + cJSON_Delete(result_json); + FREE(&hit_policy_query); + +} + TEST(VerifyPolicy, HitIpPolicy) { char *hit_policy_request = select_hit_policy_request_item(0); @@ -365,7 +416,7 @@ int main(int argc, char ** argv) g_verify_proxy->logger = log_handle_create(log_path, log_level); CHECK_OR_EXIT(g_verify_proxy->logger != NULL, "Failed at init log module. Exit."); - g_verify_proxy->nr_work_threads=1; + g_verify_proxy->nr_work_threads=4; ret = verify_policy_table_init(g_verify_proxy, main_profile); CHECK_OR_EXIT(ret == 0, "Failed at init maat module, Exit.");