From b62c1037f6efe5836653ced8a93ccce22bdfb79a Mon Sep 17 00:00:00 2001 From: fengweihao Date: Wed, 30 Oct 2024 16:43:49 +0800 Subject: [PATCH] TSG-22949 Distinguish between source and destination when acquiring tag for ip address TSG-23127 Adapt VerifyPolicy to interface structure changes. --- platform/src/verify_matcher.cpp | 301 ++++++++++++-------- platform/src/verify_policy.cpp | 4 +- resource/table_info.conf | 11 +- resource/verify-policy.json | 2 +- test/CMakeLists.txt | 4 +- test/resource/HitPolicyRequest.json | 185 ++++++------ test/resource/HitPolicyResult.json | 207 ++++++++------ test/resource/VerifyPolicyManipulation.json | 41 ++- test/verify_policy_test.cpp | 99 +++++-- 9 files changed, 516 insertions(+), 338 deletions(-) diff --git a/platform/src/verify_matcher.cpp b/platform/src/verify_matcher.cpp index 49ce778..8c89371 100644 --- a/platform/src/verify_matcher.cpp +++ b/platform/src/verify_matcher.cpp @@ -83,56 +83,6 @@ const char * table_name[__TSG_OBJ_MAX] = [TSG_OBJ_TUNNEL_IP_IN_IP_ENDPOINT]="ATTR_TUNNEL_IP_IN_IP_ENDPOINT" }; -const char *scan_table_name[__TSG_OBJ_MAX] = -{ - [TSG_OBJ_SOURCE_ADDR] = "TSG_OBJ_IP_ADDR", - [TSG_OBJ_DESTINATION_ADDR]="TSG_OBJ_IP_ADDR", - [TSG_OBJ_SUBSCRIBE_ID] = "TSG_OBJ_SUBSCRIBER_ID", - [TSG_OBJ_APP_ID] = "APP_ID_DICT", - [TSG_OBJ_HTTP_URL] = "TSG_OBJ_URL", - [TSG_OBJ_HTTP_REQ_HDR] = "TSG_OBJ_KEYWORD", - [TSG_OBJ_HTTP_REQ_BODY] = "TSG_OBJ_KEYWORD", - [TSG_OBJ_HTTP_RES_HDR] = "TSG_OBJ_KEYWORD", - [TSG_OBJ_HTTP_RES_BODY] = "TSG_OBJ_KEYWORD", - [TSG_OBJ_SSL_CN] = "TSG_OBJ_FQDN", - [TSG_OBJ_SSL_SAN] = "TSG_OBJ_FQDN", - [TSG_OBJ_DOH_QNAME]="TSG_OBJ_FQDN", - [TSG_OBJ_DNS_QNAME] = "TSG_OBJ_FQDN", - [TSG_OBJ_MAIL_ACCOUNT] = "TSG_OBJ_ACCOUNT", - [TSG_OBJ_MAIL_FROM] = "TSG_OBJ_ACCOUNT", - [TSG_OBJ_MAIL_TO] = "TSG_OBJ_ACCOUNT", - [TSG_OBJ_MAIL_SUBJECT] = "TSG_OBJ_KEYWORD", - [TSG_OBJ_MAIL_CONTENT] = "TSG_OBJ_KEYWORD", - [TSG_OBJ_MAIL_ATT_NAME] = "TSG_OBJ_KEYWORD", - [TSG_OBJ_MAIL_ATT_CONTENT] = "TSG_OBJ_KEYWORD", - [TSG_OBJ_FTP_URI] = "TSG_OBJ_URL", - [TSG_OBJ_FTP_CONTENT] = "TSG_OBJ_KEYWORD", - [TSG_OBJ_FTP_ACCOUNT] = "TSG_OBJ_ACCOUNT", - [TSG_OBJ_SIP_FROM]="TSG_OBJ_ACCOUNT", - [TSG_OBJ_SIP_TO]="TSG_OBJ_ACCOUNT", - [TSG_OBJ_IMSI]="TSG_OBJ_IMSI", - [TSG_OBJ_PHONE_NUMBER]="TSG_OBJ_PHONE_NUMBER", - [TSG_OBJ_APN]="TSG_OBJ_APN", - [TSG_OBJ_TUNNEL]="TUNNEL_RULE", - [TSG_OBJ_FLAG]="TSG_OBJ_FLAG", - [TSG_OBJ_GTP_IMEI]="TSG_OBJ_IMEI", - [TSG_OBJ_DST_SERVER_FQDN]="TSG_OBJ_FQDN", - [TSG_OBJ_INTERNAL_ADDR]="IP_ADDR_ENTRY", - [TSG_OBJ_EXTERNAL_ADDR]="IP_ADDR_ENTRY", - [TSG_OBJ_SOURCE_PORT]="TSG_OBJ_PORT", - [TSG_OBJ_DESTINATION_PORT]="TSG_OBJ_PORT", - [TSG_OBJ_INTERNAL_PORT]="TSG_OBJ_PORT", - [TSG_OBJ_EXTERNAL_PORT]="TSG_OBJ_PORT", - [TSG_OBJ_IP_PROTOCOL]="TSG_OBJ_IP_PROTOCOL", - [TSG_OBJ_SSL_ECH]="TSG_OBJ_BOOLEAN", - [TSG_OBJ_SSL_ESNI]="TSG_OBJ_BOOLEAN", - [TSG_OBJ_SSL_NO_SNI]="TSG_OBJ_BOOLEAN", - [TSG_OBJ_TUNNEL_LEVEL]="TSG_OBJ_TUNNEL_LEVEL", - [TSG_OBJ_TUNNEL_GTP_ENDPOINT]="ATTR_TUNNEL_GTP_ENDPOINT", - [TSG_OBJ_TUNNEL_GRE_ENDPOINT]="ATTR_TUNNEL_GRE_ENDPOINT", - [TSG_OBJ_TUNNEL_IP_IN_IP_ENDPOINT]="ATTR_TUNNEL_IP_IN_IP_ENDPOINT" -}; - enum policy_action { PG_ACTION_NONE = 0, @@ -166,6 +116,7 @@ enum verify_profile_table PROFILE_FQDN_ENTRY, PROFILE_IP_ADDR_ENTRY, PROFILE_LIBRARY_TAG, + PROFILE_ATTRIBUTE_DICT, PROFILE_TABLE_MAX, }; @@ -262,6 +213,16 @@ struct library_tag_ctx pthread_mutex_t lock; }; +struct attribute_dict_ctx +{ + int ref_cnt; + char *attribute_name; + char *object_table_name; + char *available_object_type; + + pthread_mutex_t lock; +}; + struct policy_scan_ctx { int n_read; @@ -285,7 +246,6 @@ struct request_object_list int numeric; int merge_nth_scan_num; int merge_nth_scan[MERGE_SCAN_NTH]; - const char *table_name; char *string; char *tunnel_type; char *district_value; @@ -331,6 +291,8 @@ struct verify_policy_rt * g_policy_rt; UT_icd ut_ulonglong_id_icd = {sizeof(struct library_hit_path), NULL, NULL, NULL}; +void attribute_dict_free(struct attribute_dict_ctx *dict_ctx); + const char *get_conjunction_table_name(enum policy_rule_type rule_type) { const char *conjunction_table_name_map[] = {"SECURITY_RULE_CONJUNCTION", "PXY_CTRL_RULE_CONJUNCTION", "TRAFFIC_SHAPING_RULE_CONJUNCTION", @@ -379,13 +341,16 @@ int cJSON_AddUuidToObject(cJSON * const object, const char * const name, uuid_t return 1; } -const char *get_scan_table_by_table_id(int table_id) +char *get_table_name(char *attribute_name, int vsys_id) { - if(table_id < 0 || table_id >= __TSG_OBJ_MAX) + char *table_name=NULL; + struct attribute_dict_ctx *dict_ctx =(struct attribute_dict_ctx *)maat_plugin_table_get_ex_data(g_policy_rt->feather[vsys_id], "ATTRIBUTE_DICT", (const char *)attribute_name, strlen(attribute_name)); + if(dict_ctx != NULL) { - return NULL; + table_name = dict_ctx->object_table_name; + attribute_dict_free(dict_ctx); } - return scan_table_name[table_id]; + return table_name; } struct policy_scan_ctx *policy_scan_ctx_new(unsigned int thread_id, int vsys_id, int compile_table_id) @@ -423,8 +388,16 @@ void policy_scan_ctx_free(struct policy_scan_ctx * ctx) { for(int i=0; i < library_entry->entry_num; i++) { - if(library_entry->tag[i].uuid) FREE(&library_entry->tag[i].uuid); - if(library_entry->tag[i].tag_uuid) FREE(&library_entry->tag[i].tag_uuid); + if(library_entry->tag[i].uuid) + { + free(library_entry->tag[i].uuid); + library_entry->tag[i].uuid=NULL; + } + if(library_entry->tag[i].tag_uuid) + { + free(library_entry->tag[i].tag_uuid); + library_entry->tag[i].tag_uuid=NULL; + } } } @@ -499,7 +472,8 @@ const char *table_name_map[PROFILE_TABLE_MAX] = [PROFILE_APP_DI_DICT]="APP_ID_DICT", [PROFILE_FQDN_ENTRY]="FQDN_ENTRY", [PROFILE_IP_ADDR_ENTRY]="IP_ADDR_ENTRY", - [PROFILE_LIBRARY_TAG]="LIBRARY_TAG" + [PROFILE_LIBRARY_TAG]="LIBRARY_TAG", + [PROFILE_ATTRIBUTE_DICT]="ATTRIBUTE_DICT" }; int maat_plugin_table_ex_init(int profile_idx, int vsys_id, @@ -831,6 +805,94 @@ void library_tag_free(struct library_tag_ctx *tag_ctx) library_tag_free_cb(0, (void **)&tag_ctx, 0, NULL); } +void attribute_dict_new_cb(const char *table_name, const char* key, const char* table_line, void **ad, long argl, void* argp) +{ + cJSON* attribute_dict_json = cJSON_Parse(table_line); + if(attribute_dict_json == NULL) + { + log_fatal(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "ATTRIBUTE_DICT parse table_line failed. table_line:%s", table_line); + return; + } + + struct attribute_dict_ctx *dict_ctx= ALLOC(struct attribute_dict_ctx, 1); + cJSON *attribute_name = cJSON_GetObjectItem(attribute_dict_json, "attribute_name"); + if(attribute_name && attribute_name->type==cJSON_String) + { + dict_ctx->attribute_name=strdup(attribute_name->valuestring); + } + + cJSON *object_table_name = cJSON_GetObjectItem(attribute_dict_json, "object_table_name"); + if(object_table_name && object_table_name->type==cJSON_String) + { + dict_ctx->object_table_name=strdup(object_table_name->valuestring); + } + + cJSON *available_object_type = cJSON_GetObjectItem(attribute_dict_json, "available_object_type"); + if(available_object_type && available_object_type->type==cJSON_String) + { + dict_ctx->available_object_type=strdup(available_object_type->valuestring); + } + + dict_ctx->ref_cnt=1; + pthread_mutex_init(&(dict_ctx->lock), NULL); + + cJSON_Delete(attribute_dict_json); + *ad=dict_ctx; + return; +} + +void attribute_dict_dup_cb(const char *table_name, void **to, void **from, long argl, void* argp) +{ + struct attribute_dict_ctx *dict_ctx=(struct attribute_dict_ctx *)(*from); + pthread_mutex_lock(&(dict_ctx->lock)); + dict_ctx->ref_cnt++; + pthread_mutex_unlock(&(dict_ctx->lock)); + *to=dict_ctx; + + return; +} + +void attribute_dict_free_cb(const char *table_name, void **ad, long argl, void* argp) +{ + if(*ad==NULL) + { + return; + } + + struct attribute_dict_ctx *dict_ctx=(struct attribute_dict_ctx *)(*ad); + pthread_mutex_lock(&(dict_ctx->lock)); + dict_ctx->ref_cnt--; + if(dict_ctx->ref_cnt>0) + { + pthread_mutex_unlock(&(dict_ctx->lock)); + return; + } + pthread_mutex_unlock(&(dict_ctx->lock)); + pthread_mutex_destroy(&(dict_ctx->lock)); + + if(dict_ctx->attribute_name) + { + FREE(&dict_ctx->attribute_name); + } + if(dict_ctx->attribute_name) + { + FREE(&dict_ctx->object_table_name); + } + if(dict_ctx->available_object_type) + { + FREE(&dict_ctx->available_object_type); + } + + FREE(&dict_ctx); + *ad=NULL; + return; +} + +void attribute_dict_free(struct attribute_dict_ctx *dict_ctx) +{ + attribute_dict_free_cb(0, (void **)&dict_ctx, 0, NULL); +} + unsigned char action_type_str2idx(const char *action_str) { const char *action_name[__PG_ACTION_MAX]={0}; @@ -1164,8 +1226,7 @@ void http_get_scan_status(struct request_object_list *request_object, int compil if(attributeObj == NULL) { attributeObj = cJSON_CreateObject(); - cJSON_AddStringToObject(attributeObj, "attribute_type", "ip"); - cJSON_AddStringToObject(attributeObj, "table_name", "ATTR_TUNNEL"); + cJSON_AddStringToObject(attributeObj, "attribute_value_type", "ip"); cJSON_AddStringToObject(attributeObj, "attribute_name", "tunnel_endpoint_object"); } } @@ -1272,9 +1333,8 @@ int add_tags_table_name(struct library_scan_path *ip_ctx, int Nth_scan, uuid_t t { char tag_uuid_str[UUID_STR_LEN]={0}; uuid_unparse(top_object_uuid, tag_uuid_str); - //cJSON_AddNumberToObject(topObject, "tag_uuid", (double)uuid_to_int64(top_object_uuid)); cJSON_AddStringToObject(topObject, "tag_uuid", tag_uuid_str); - cJSON_AddStringToObject(topObject, "table_name", get_library_virtual_table_name(ip_entry->table_id)); + cJSON_AddStringToObject(topObject, "attribute_name", get_library_virtual_table_name(ip_entry->table_id)); goto finish; } } @@ -1297,7 +1357,6 @@ int add_object_table_name(UT_array *ut_array_by_object, int Nth_scan, uuid_t top } uuid_unparse(top_object_uuid, object_uuid_str); - //cJSON_AddNumberToObject(topObject, "object_uuid", (double)uuid_to_int64(top_object_uuid)); cJSON_AddStringToObject(topObject, "object_uuid", object_uuid_str); while ((request_object=(struct request_object_list *)utarray_next(ut_array_by_object, request_object)) != NULL) { @@ -1306,10 +1365,10 @@ int add_object_table_name(UT_array *ut_array_by_object, int Nth_scan, uuid_t top if (request_object->merge_nth_scan[j] == Nth_scan) { attributeObj=request_object->attributes; - subchild = cJSON_GetObjectItem(attributeObj, "table_name"); + subchild = cJSON_GetObjectItem(attributeObj, "attribute_name"); if(subchild && subchild->type==cJSON_String) { - cJSON_AddStringToObject(topObject, "table_name", subchild->valuestring); + cJSON_AddStringToObject(topObject, "attribute_name", subchild->valuestring); } goto finish; } @@ -1354,7 +1413,6 @@ int http_hit_policy_list(struct verify_policy_query *verify_policy, size_t hit_c char rule_uuid_str[UUID_STR_LEN]={0}; uuid_unparse(ctx->hit_rules[i].rule_uuid, rule_uuid_str); cJSON_AddStringToObject(policy_obj, "uuid", rule_uuid_str); - //cJSON_AddNumberToObject(policy_obj, "uuid",(double)uuid_to_int64(ctx->hit_rules[i].rule_uuid)); cJSON_AddStringToObject(policy_obj, "policyName", ""); for (rules = 0; rules < ctx->n_enforce; rules++) @@ -1594,8 +1652,15 @@ int ip_entry_scan(struct request_object_list *request, struct policy_scan_ctx *c memset(hit_path, 0, sizeof(struct maat_hit_path)*HIT_PATH_SIZE); - int ret1 = maat_ip_plugin_table_get_ex_data(g_policy_rt->feather[vsys_id], "IP_ADDR_ENTRY", &sip, (void **)&source_ip_entry, MAX_EX_DATA_LEN); - int ret2 = maat_ip_plugin_table_get_ex_data(g_policy_rt->feather[vsys_id], "IP_ADDR_ENTRY", &dip, (void **)&destination_ip_entry, MAX_EX_DATA_LEN); + int ret1=0, ret2=0; + if(request->table_id == TSG_OBJ_SOURCE_ADDR || request->table_id == TSG_OBJ_INTERNAL_ADDR) + { + ret1 = maat_ip_plugin_table_get_ex_data(g_policy_rt->feather[vsys_id], "IP_ADDR_ENTRY", &sip, (void **)&source_ip_entry, MAX_EX_DATA_LEN); + } + if(request->table_id == TSG_OBJ_DESTINATION_ADDR || request->table_id == TSG_OBJ_EXTERNAL_ADDR) + { + ret2 = maat_ip_plugin_table_get_ex_data(g_policy_rt->feather[vsys_id], "IP_ADDR_ENTRY", &dip, (void **)&destination_ip_entry, MAX_EX_DATA_LEN); + } struct library_hit_path ip_entry; memset(&ip_entry, 0, sizeof(ip_entry)); @@ -1611,7 +1676,7 @@ int ip_entry_scan(struct request_object_list *request, struct policy_scan_ctx *c for(int tag_id=0; tag_idn_tag_uuids; tag_id++) { - scan_ret = scan_object(ctx, vsys_id, hit_cnt, source_ip_entry[i]->tag_uuid_array[tag_id], "TSG_OBJ_IP_ADDR", request->table_name); + scan_ret = scan_object(ctx, vsys_id, hit_cnt, source_ip_entry[i]->tag_uuid_array[tag_id], "TSG_OBJ_IP_ADDR", request->attribute_name); if(scan_ret > 0) { hit_cnt_ip+=scan_ret; @@ -1645,7 +1710,7 @@ int ip_entry_scan(struct request_object_list *request, struct policy_scan_ctx *c for(int tag_id=0; tag_idn_tag_uuids; tag_id++) { - scan_ret = scan_object(ctx, vsys_id, hit_cnt, destination_ip_entry[i]->tag_uuid_array[tag_id], "TSG_OBJ_IP_ADDR", request->table_name); + scan_ret = scan_object(ctx, vsys_id, hit_cnt, destination_ip_entry[i]->tag_uuid_array[tag_id], "TSG_OBJ_IP_ADDR", request->attribute_name); if(scan_ret > 0) { hit_cnt_ip+=scan_ret; @@ -1702,7 +1767,7 @@ int get_fqdn_category_id(struct request_object_list *request, struct policy_scan for(int i=0; itable_name); + ret=scan_object(ctx, vsys_id, hit_cnt, uuid, "TSG_OBJ_FQDN", request->attribute_name); if(ret > 0) { hit_cnt_fqdn+=ret; @@ -1726,12 +1791,12 @@ int tunnel_level_scan(struct request_object_list *request, struct policy_scan_ct { int n_read, hit_path_cnt=0; int scan_ret=0, hit_cnt_tunnel=0; - const char *object_uuid_level_array[]={"00000000-0000-0000-0000-000000000050", "00000000-0000-0000-0000-000000000051", "00000000-0000-0000-0000-000000000052", + const char *object_uuid_level_array[]={"00000000-0000-0000-0000-000000000050", "00000000-0000-0000-0000-000000000051", "00000000-0000-0000-0000-000000000052", "00000000-0000-0000-0000-000000000053", "00000000-0000-0000-0000-000000000054", "00000000-0000-0000-0000-000000000055", "00000000-0000-0000-0000-000000000056", "00000000-0000-0000-0000-000000000057"}; const char *object_uuid=object_uuid_level_array[request->numeric]; - scan_ret = scan_object(ctx, vsys_id, hit_cnt, (char *)object_uuid, "TSG_OBJ_TUNNEL_LEVEL", request->table_name); + scan_ret = scan_object(ctx, vsys_id, hit_cnt, (char *)object_uuid, "TSG_OBJ_TUNNEL_LEVEL", request->attribute_name); if(scan_ret > 0) { hit_cnt_tunnel += scan_ret; @@ -1942,7 +2007,6 @@ static int http_hdr_scan(struct request_object_list *request, struct policy_scan int n_read=0; int scan_ret=0, hit_cnt_hdr=0; size_t n_hit_result=0; - const char *scan_table_name=get_scan_table_by_table_id(request->table_id); if(!request->string) { @@ -1950,14 +2014,14 @@ static int http_hdr_scan(struct request_object_list *request, struct policy_scan } const char *value = request->string; - scan_ret = maat_scan_string(g_policy_rt->feather[vsys_id], scan_table_name, request->table_name, + scan_ret = maat_scan_string(g_policy_rt->feather[vsys_id], get_table_name(request->attribute_name, vsys_id), request->attribute_name, value, strlen(value), ctx->result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_hdr += n_hit_result; } - scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], scan_table_name, request->table_name, ctx->result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, + scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], get_table_name(request->attribute_name, vsys_id), request->attribute_name, ctx->result + hit_cnt, MAX_SCAN_RESULT - hit_cnt, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -2003,7 +2067,7 @@ static int protocol_scan(struct request_object_list *request, struct policy_scan const char *object_uuid=get_object_uuid_by_protocol(request->numeric); if(object_uuid != NULL) { - scan_ret = scan_object(ctx, vsys_id, hit_cnt, (char *)object_uuid, "TSG_OBJ_IP_PROTOCOL", request->table_name); + scan_ret = scan_object(ctx, vsys_id, hit_cnt, (char *)object_uuid, "TSG_OBJ_IP_PROTOCOL", request->attribute_name); if(scan_ret > 0) { hit_cnt_protocol+=scan_ret; @@ -2023,30 +2087,30 @@ static int ip_addr_scan(struct request_object_list *request, struct policy_scan_ if (request->ip_addr->addrtype == ADDR_TYPE_IPV4) { - if(0 == strcasecmp(request->attribute_name, "source") || 0 == strcasecmp(request->attribute_name, "internal")) + if(0 == strcasecmp(request->attribute_name, "ATTR_SOURCE_IP") || 0 == strcasecmp(request->attribute_name, "ATTR_INTERNAL_IP")) { - scan_ret = maat_scan_ipv4_port(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->table_name, request->ip_addr->v4->saddr, request->ip_addr->v4->source, + scan_ret = maat_scan_ipv4_port(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->attribute_name, request->ip_addr->v4->saddr, request->ip_addr->v4->source, ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip+=n_hit_result; } - scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->table_name, ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, + scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->attribute_name, ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip+=n_hit_result; } } - if(0 == strcasecmp(request->attribute_name, "destination") || 0 == strcasecmp(request->attribute_name, "external")) + if(0 == strcasecmp(request->attribute_name, "ATTR_DESTINATION_IP") || 0 == strcasecmp(request->attribute_name, "ATTR_EXTERNAL_IP")) { - scan_ret = maat_scan_ipv4_port(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->table_name, request->ip_addr->v4->daddr, request->ip_addr->v4->dest, + scan_ret = maat_scan_ipv4_port(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->attribute_name, request->ip_addr->v4->daddr, request->ip_addr->v4->dest, ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip+=n_hit_result; } - scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->table_name, ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, + scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->attribute_name, ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -2062,30 +2126,30 @@ static int ip_addr_scan(struct request_object_list *request, struct policy_scan_ } if (request->ip_addr->addrtype == ADDR_TYPE_IPV6) { - if(0 == strcasecmp(request->attribute_name, "source") || 0 == strcasecmp(request->attribute_name, "internal")) + if(0 == strcasecmp(request->attribute_name, "ATTR_SOURCE_IP") || 0 == strcasecmp(request->attribute_name, "ATTR_INTERNAL_IP")) { - scan_ret = maat_scan_ipv6_port(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->table_name, request->ip_addr->v6->saddr,request->ip_addr->v6->source, + scan_ret = maat_scan_ipv6_port(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->attribute_name, request->ip_addr->v6->saddr,request->ip_addr->v6->source, ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip+=n_hit_result; } - scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->table_name, ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, + scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->attribute_name, ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip+=n_hit_result; } } - if(0 == strcasecmp(request->attribute_name, "destination") || 0 == strcasecmp(request->attribute_name, "external")) + if(0 == strcasecmp(request->attribute_name, "ATTR_DESTINATION_IP") || 0 == strcasecmp(request->attribute_name, "ATTR_EXTERNAL_IP")) { - scan_ret = maat_scan_ipv6_port(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->table_name, request->ip_addr->v6->daddr, request->ip_addr->v6->dest, + scan_ret = maat_scan_ipv6_port(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->attribute_name, request->ip_addr->v6->daddr, request->ip_addr->v6->dest, ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { hit_cnt_ip+=n_hit_result; } - scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->table_name, ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, + scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], "TSG_OBJ_IP_ADDR", request->attribute_name, ctx->result+hit_cnt+hit_cnt_ip, MAX_SCAN_RESULT-hit_cnt-hit_cnt_ip, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -2108,7 +2172,7 @@ static int ssl_extension_scan(struct request_object_list *request, struct policy int scan_ret=0, hit_cnt_ssl=0; const char *object_uuid=(request->numeric == 1 ? BOOLEAN_TRUE_OBJECT_UUID : BOOLEAN_FLASE_OBJECT_UUID); - scan_ret =scan_object(ctx, vsys_id, hit_cnt, (char *)object_uuid, "TSG_OBJ_BOOLEAN", request->table_name); + scan_ret =scan_object(ctx, vsys_id, hit_cnt, (char *)object_uuid, "TSG_OBJ_BOOLEAN", request->attribute_name); if(scan_ret > 0) { hit_cnt_ssl += scan_ret; @@ -2126,13 +2190,13 @@ static int port_scan(struct request_object_list *request, struct policy_scan_ctx size_t n_hit_result=0; int port = atoi(request->string); - scan_ret=maat_scan_integer(g_policy_rt->feather[vsys_id], "TSG_OBJ_PORT", request->table_name, port, ctx->result+hit_cnt+hit_cnt_port, + scan_ret=maat_scan_integer(g_policy_rt->feather[vsys_id], "TSG_OBJ_PORT", request->attribute_name, port, ctx->result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, ctx->scan_mid); if(scan_ret == MAAT_SCAN_HIT) { hit_cnt_port+=n_hit_result; } - scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], "TSG_OBJ_PORT", request->table_name, ctx->result+hit_cnt+hit_cnt_port, + scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], "TSG_OBJ_PORT", request->attribute_name, ctx->result+hit_cnt+hit_cnt_port, MAX_SCAN_RESULT-hit_cnt-hit_cnt_port, &n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -2251,14 +2315,14 @@ size_t policy_verify_scan(int vsys_id, int compile_table_id, struct request_obje } } - scan_ret = maat_scan_string(g_policy_rt->feather[vsys_id], get_scan_table_by_table_id(request_object->table_id),request_object->table_name, + scan_ret = maat_scan_string(g_policy_rt->feather[vsys_id], get_table_name(request_object->attribute_name, vsys_id),request_object->attribute_name, value, strlen(value), ctx->result+hit_cnt, MAX_SCAN_RESULT-hit_cnt, &n_hit_result, ctx->scan_mid); if(scan_ret==MAAT_SCAN_HIT) { hit_cnt+=n_hit_result; } - scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], get_scan_table_by_table_id(request_object->table_id),request_object->table_name, + scan_ret = maat_scan_not_logic(g_policy_rt->feather[vsys_id], get_table_name(request_object->attribute_name, vsys_id),request_object->attribute_name, ctx->result+hit_cnt, MAX_SCAN_RESULT-hit_cnt,&n_hit_result, ctx->scan_mid); if (scan_ret == MAAT_SCAN_HIT) { @@ -2387,7 +2451,7 @@ cJSON *get_library_search_query(const char *data, ssize_t data_len) cJSON *hit_library=cJSON_CreateArray(); cJSON_AddItemToObject(http_body, "hit_library", hit_library); - int vsys_id = http_get_int_param(http_request, "vsys_id"); + int vsys_id = http_get_int_param(http_request, "vsys"); if(vsys_id < 0) { cJSON_Delete(http_request); @@ -2462,7 +2526,7 @@ int protoco_field_type_str2idx(const char *action_str, char *buff, char **p) int match_ip_attribute_name(char *attri_name) { size_t i = 0; - const char *attribute_name_map[] ={"source", "destination", "tunnel_endpointa", "tunnel_endpointb", "internal", "external"}; + const char *attribute_name_map[] ={"ATTR_SOURCE_IP", "ATTR_DESTINATION_IP", "ATTR_TUNNEL", "ATTR_INTERNAL_IP", "ATTR_EXTERNAL_IP"}; for(i = 0; i < sizeof(attribute_name_map)/sizeof(attribute_name_map[0]); i++) { if(0 == strcasecmp(attri_name, attribute_name_map[i])) @@ -2517,20 +2581,20 @@ static struct ipaddr * get_ip_from_json(cJSON *attributeValue, const char *attri item=cJSON_GetObjectItem(attributeValue,"addr_type"); if(item && item->type==cJSON_Number) addr_type = item->valueint; - if(strcasecmp(attributeName, "ip_protocol") == 0) + if(strcasecmp(attributeName, "ATTR_IP_PROTOCOL") == 0) { log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I] %s, protocol=%d", buff, *protocol); return NULL; } struct ipaddr *ip_addr = NULL; - if(strcasecmp(attributeName, "source") == 0 || strcasecmp(attributeName, "internal") == 0 || - strcasecmp(attributeName, "tunnel_endpointa") == 0 || strcasecmp(attributeName, "tunnel_endpointb") == 0) + if(strcasecmp(attributeName, "ATTR_SOURCE_IP") == 0 || strcasecmp(attributeName, "ATTR_INTERNAL_IP") == 0 || + strcasecmp(attributeName, "ATTR_TUNNEL") == 0) { ip_addr = ip_to_stream_addr(Ip, Port, "0.0.0.0", 0, addr_type, buff, protocol); } - if(strcasecmp(attributeName, "destination") == 0 || strcasecmp(attributeName, "external") == 0) + if(strcasecmp(attributeName, "ATTR_DESTINATION_IP") == 0 || strcasecmp(attributeName, "ATTR_EXTERNAL_IP") == 0) { ip_addr = ip_to_stream_addr("0.0.0.0", 0, Ip, Port, addr_type, buff, protocol); } @@ -2578,7 +2642,7 @@ static int get_attribute_from_json(struct request_object_list *request_object, c cJSON* item = NULL, *attributeValue=NULL, *tunnelType_item=NULL; p = buff; - item = cJSON_GetObjectItem(subchild, "attribute_type"); + item = cJSON_GetObjectItem(subchild, "attribute_value_type"); if(item && item->type==cJSON_String) { attribute_type = item->valuestring; @@ -2590,13 +2654,7 @@ static int get_attribute_from_json(struct request_object_list *request_object, c { request_object->attribute_name = item->valuestring; p += snprintf(p, sizeof(buff) - (p - buff), ", attribute_name = %s",request_object->attribute_name); - } - request_object->attributes=cJSON_Duplicate(subchild, 1); - item = cJSON_GetObjectItem(subchild, "table_name"); - if(item && item->type==cJSON_String) - { - request_object->table_name = item->valuestring; request_object->table_id = protoco_field_type_str2idx(item->valuestring, buff, &p); if(request_object->table_id == __TSG_OBJ_MAX) { @@ -2604,6 +2662,7 @@ static int get_attribute_from_json(struct request_object_list *request_object, c return xret; } } + request_object->attributes=cJSON_Duplicate(subchild, 1); attributeValue = cJSON_GetObjectItem(subchild, "attribute_value"); if(attributeValue == NULL || attributeValue->type!=cJSON_Object) @@ -2739,11 +2798,7 @@ static void get_count_form_attributeName(struct policy_scan_ctx *ctx, cJSON *sub item = cJSON_GetObjectItem(subchild, "attribute_name"); if(item && item->type==cJSON_String) { - if(0 == strcasecmp(item->valuestring, "tunnel_endpointa")) - { - ctx->tunnel_attr_count++; - } - if(0 == strcasecmp(item->valuestring, "tunnel_endpointb")) + if(0 == strcasecmp(item->valuestring, "ATTR_TUNNEL")) { ctx->tunnel_attr_count++; } @@ -2753,7 +2808,7 @@ static void get_count_form_attributeName(struct policy_scan_ctx *ctx, cJSON *sub UT_icd ut_object_id_icd = {sizeof(struct request_object_list), NULL, NULL, NULL}; -int get_query_result_policy(cJSON *verifylist_array_item, cJSON *http_body, int thread_id) +int get_query_result_policy(cJSON *verifylist_array_item, cJSON *http_body, int vsys_id, int thread_id) { int hit_cnt = 0, xret =0; cJSON *item = NULL, *subchild = NULL, *attributes=NULL; @@ -2772,11 +2827,7 @@ int get_query_result_policy(cJSON *verifylist_array_item, cJSON *http_body, int } } - item = cJSON_GetObjectItem(verifylist_array_item, "vsys_id"); - if(item && item->type==cJSON_Number) - { - verify_policy->vsys_id = item->valueint; - } + verify_policy->vsys_id = vsys_id; log_info(g_verify_proxy->logger, MODULE_VERIFY_POLICY, "[I] vsys_id= %d", verify_policy->vsys_id); item = cJSON_GetObjectItem(verifylist_array_item,"verify_session"); @@ -2862,6 +2913,13 @@ cJSON *get_verify_policy_query(const char *data, ssize_t data_len, int thread_id int type=get_verify_type(http_request); cJSON *item = NULL, *subitem = NULL; + int vsys_id=0; + item = cJSON_GetObjectItem(http_request, "vsys"); + if(item && item->type==cJSON_Number) + { + vsys_id = item->valueint; + } + item = cJSON_GetObjectItem(http_request,"verify_list"); if(item && item->type==cJSON_Array) { @@ -2875,7 +2933,7 @@ cJSON *get_verify_policy_query(const char *data, ssize_t data_len, int thread_id if(type == VERIFY_TYPE_POLICY) { - hit_cnt = get_query_result_policy(subitem, http_body, thread_id); + hit_cnt = get_query_result_policy(subitem, http_body, vsys_id, thread_id); } } if (hit_cnt >= 0) @@ -3077,6 +3135,11 @@ int verify_policy_table_init(struct verify_policy * verify, const char* profile_ { goto error_out; } + ret = maat_plugin_table_ex_init(PROFILE_ATTRIBUTE_DICT, vsys_id, attribute_dict_new_cb, attribute_dict_free_cb, attribute_dict_dup_cb); + if(ret<0) + { + goto error_out; + } } ret = 0; error_out: diff --git a/platform/src/verify_policy.cpp b/platform/src/verify_policy.cpp index fad532d..fd34359 100644 --- a/platform/src/verify_policy.cpp +++ b/platform/src/verify_policy.cpp @@ -186,8 +186,8 @@ void * verify_policy_thread_func(void * arg) goto error; } - evhttp_set_cb(thread->http, "/v1/policy/trouble_shooting/policy_verification", verify_policy_request_cb, thread); - evhttp_set_cb(thread->http, "/v1/policy/trouble_shooting/library_search", library_search_request_cb, thread); + evhttp_set_cb(thread->http, "/v1/policies/trouble-shooting/policy-verification", verify_policy_request_cb, thread); + evhttp_set_cb(thread->http, "/v1/policies/trouble-shooting/library-search", library_search_request_cb, thread); bound = evhttp_accept_socket_with_handle(thread->http, thread->accept_fd); if (bound == NULL) diff --git a/resource/table_info.conf b/resource/table_info.conf index c4afbd9..ce75abb 100644 --- a/resource/table_info.conf +++ b/resource/table_info.conf @@ -200,7 +200,7 @@ { "table_id":27, "table_name":"OBJECT_GROUP", - "table_type":"object2object" + "table_type":"object_group" }, { "table_id":28, @@ -331,5 +331,14 @@ "table_id": 48, "table_name": "TSG_OBJ_BOOLEAN", "table_type": "expr" + }, + { + "table_id": 49, + "table_name": "ATTRIBUTE_DICT", + "table_type": "plugin", + "custom": { + "key_name": "attribute_name", + "key_type": "pointer" + } } ] \ No newline at end of file diff --git a/resource/verify-policy.json b/resource/verify-policy.json index abdbe4f..1861b76 100644 --- a/resource/verify-policy.json +++ b/resource/verify-policy.json @@ -1,6 +1,6 @@ { "rule_table": "PXY_CTRL_RULE", - "object2object_table": "OBJECT_GROUP", + "object_group_table": "OBJECT_GROUP", "rules": [ { "uuid": "40c9c6a7-70a9-48ae-9fba-ec7966edd3c6", diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt index 90c98df..e60c03f 100644 --- a/test/CMakeLists.txt +++ b/test/CMakeLists.txt @@ -15,8 +15,8 @@ file(COPY ${CMAKE_SOURCE_DIR}/test/resource/HitPolicyRequest.json DESTINATION ${ add_test(NAME UPDATE_MAAT_MODE COMMAND bash -c "sed -i 's/maat_input_mode=1/maat_input_mode=0/' ${TEST_RUN_DIR}/conf/verify_policy.conf") add_test(NAME UPDATE_LOG_LEVEL COMMAND bash -c "sed -i 's/log_level=5/log_level=1/' ${TEST_RUN_DIR}/conf/verify_policy.conf") -add_test(NAME UPDATE_VSYS_NUM COMMAND bash -c "sed -i '32i load_vsys_num=2' ${TEST_RUN_DIR}/conf/verify_policy.conf") -add_test(NAME UPDATE_START_VSYS COMMAND bash -c "sed -i '33i load_start_vsys=1' ${TEST_RUN_DIR}/conf/verify_policy.conf") +add_test(NAME UPDATE_VSYS_NUM COMMAND bash -c "sed -i '30i load_vsys_num=2' ${TEST_RUN_DIR}/conf/verify_policy.conf") +add_test(NAME UPDATE_START_VSYS COMMAND bash -c "sed -i '31i load_start_vsys=1' ${TEST_RUN_DIR}/conf/verify_policy.conf") add_test(NAME UPDATE_JSON_FILE COMMAND bash -c "sed -i 's/json_cfg_file=\\.\\/resource\\/verify-policy\\.json/json_cfg_file=\\.\\/resource\\/VerifyPolicyManipulation\\.json/' ${TEST_RUN_DIR}/conf/verify_policy.conf") add_test(NAME VERIFY_POLICY_TEST COMMAND verify_policy_test) \ No newline at end of file diff --git a/test/resource/HitPolicyRequest.json b/test/resource/HitPolicyRequest.json index 4085387..8cdbd8b 100644 --- a/test/resource/HitPolicyRequest.json +++ b/test/resource/HitPolicyRequest.json @@ -2,17 +2,15 @@ "Verify_Policy_Request": [ { "__item_id": 0, - "vsys_id": 1, + "vsys": 1, "verify_list": [ { "type": "pxy_manipulation", - "vsys_id": 1, "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_SOURCE_IP", - "attribute_name": "source", + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", "attribute_value": { "ip": "192.168.0.1", "port":"8080", @@ -27,17 +25,15 @@ }, { "__item_id": 1, - "vsys_id": 1, + "vsys": 1, "verify_list": [ { "type": "pxy_manipulation", - "vsys_id": 1, "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_SOURCE_IP", - "attribute_name": "source", + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", "attribute_value": { "ip": "192.168.1.1", "port":"8080", @@ -45,9 +41,8 @@ } }, { - "attribute_type": "ip", - "table_name": "ATTR_INTERNAL_IP", - "attribute_name": "internal", + "attribute_value_type": "ip", + "attribute_name": "ATTR_INTERNAL_IP", "attribute_value": { "ip": "192.168.1.2", "port": "80", @@ -55,9 +50,8 @@ } }, { - "attribute_type": "string", - "table_name": "ATTR_SERVER_FQDN", - "attribute_name": "server_fqdn", + "attribute_value_type": "string", + "attribute_name": "ATTR_SERVER_FQDN", "attribute_value": { "string": "www.126.com" } @@ -70,7 +64,7 @@ }, { "__item_id": 2, - "vsys_id": 1, + "vsys": 1, "verify_list": [ { "type": "security", @@ -78,9 +72,8 @@ "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_TUNNEL", - "attribute_name": "tunnel_endpointa", + "attribute_value_type": "ip", + "attribute_name": "ATTR_TUNNEL", "attribute_value": { "ip": "192.168.0.4", "port":80, @@ -96,17 +89,15 @@ }, { "__item_id": 3, - "vsys_id": 1, + "vsys": 1, "verify_list": [ { "type": "security", - "vsys_id": 1, "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_TUNNEL", - "attribute_name": "tunnel_endpointb", + "attribute_value_type": "ip", + "attribute_name": "ATTR_TUNNEL", "attribute_value": { "ip": "192.168.0.5", "tunnel_type":"gtp", @@ -121,17 +112,15 @@ }, { "__item_id": 4, - "vsys_id": 1, + "vsys": 1, "verify_list": [ { "type": "security", - "vsys_id": 1, "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_TUNNEL", - "attribute_name": "tunnel_endpointa", + "attribute_value_type": "ip", + "attribute_name": "ATTR_TUNNEL", "attribute_value": { "ip": "192.168.0.5", "tunnel_type":"gtp", @@ -139,9 +128,8 @@ } }, { - "attribute_type": "ip", - "table_name": "ATTR_TUNNEL", - "attribute_name": "tunnel_endpointb", + "attribute_value_type": "ip", + "attribute_name": "ATTR_TUNNEL", "attribute_value": { "ip": "192.168.0.6", "tunnel_type":"gtp", @@ -156,17 +144,15 @@ }, { "__item_id": 5, - "vsys_id": 1, + "vsys": 1, "verify_list": [ { "type": "pxy_manipulation", - "vsys_id": 1, "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_SOURCE_IP", - "attribute_name": "source", + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", "attribute_value": { "ip": "192.168.0.2", "port": "80", @@ -174,9 +160,8 @@ } }, { - "attribute_type": "ip", - "table_name": "ATTR_DESTINATION_IP", - "attribute_name": "destination", + "attribute_value_type": "ip", + "attribute_name": "ATTR_DESTINATION_IP", "attribute_value": { "ip": "192.168.0.3", "port": "80", @@ -184,17 +169,15 @@ } }, { - "attribute_type": "string", - "table_name": "ATTR_SERVER_FQDN", - "attribute_name": "server_fqdn", + "attribute_value_type": "string", + "attribute_name": "ATTR_SERVER_FQDN", "attribute_value": { "string": "www.baidu.com" } }, { - "attribute_type": "string", - "table_name": "ATTR_SSL_SAN", - "attribute_name": "ssl_san", + "attribute_value_type": "string", + "attribute_name": "ATTR_SSL_SAN", "attribute_value": { "string": "www.baidu.com" } @@ -207,26 +190,23 @@ }, { "__item_id": 6, - "vsys_id": 1, + "vsys": 1, "verify_list": [ { "type": "pxy_manipulation", - "vsys_id": 1, "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_IP_PROTOCOL", - "attribute_name": "ip_protocol", + "attribute_value_type": "ip", + "attribute_name": "ATTR_IP_PROTOCOL", "attribute_value": { "addr_type": 4, "protocol": 6 } }, { - "attribute_type": "ip", - "table_name": "ATTR_TUNNEL", - "attribute_name": "tunnel_endpointa", + "attribute_value_type": "ip", + "attribute_name": "ATTR_TUNNEL", "attribute_value": { "ip": "192.168.0.5", "tunnel_type":"gtp", @@ -234,9 +214,8 @@ } }, { - "attribute_type": "ip", - "table_name": "ATTR_TUNNEL", - "attribute_name": "tunnel_endpointb", + "attribute_value_type": "ip", + "attribute_name": "ATTR_TUNNEL", "attribute_value": { "ip": "192.168.0.6", "tunnel_type":"gtp", @@ -244,9 +223,8 @@ } }, { - "attribute_type": "ip", - "table_name": "ATTR_SOURCE_IP", - "attribute_name": "source", + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", "attribute_value": { "ip": "192.168.1.1", "port":"8080", @@ -261,26 +239,23 @@ }, { "__item_id": 7, - "vsys_id": 1, + "vsys": 1, "verify_list": [ { "type": "pxy_manipulation", - "vsys_id": 1, "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_IP_PROTOCOL", - "attribute_name": "ip_protocol", + "attribute_value_type": "ip", + "attribute_name": "ATTR_IP_PROTOCOL", "attribute_value": { "addr_type": 4, "protocol": 6 } }, { - "attribute_type": "ip", - "table_name": "ATTR_TUNNEL", - "attribute_name": "tunnel_endpointa", + "attribute_value_type": "ip", + "attribute_name": "ATTR_TUNNEL", "attribute_value": { "ip": "192.168.0.4", "tunnel_type":"gtp", @@ -288,9 +263,8 @@ } }, { - "attribute_type": "ip", - "table_name": "ATTR_TUNNEL", - "attribute_name": "tunnel_endpointb", + "attribute_value_type": "ip", + "attribute_name": "ATTR_TUNNEL", "attribute_value": { "ip": "192.168.0.6", "tunnel_type":"gtp", @@ -305,17 +279,15 @@ }, { "__item_id": 8, - "vsys_id": 1, + "vsys": 1, "verify_list": [ { "type": "pxy_manipulation", - "vsys_id": 1, "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_SOURCE_IP", - "attribute_name": "source", + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", "attribute_value": { "ip": "192.168.55.4", "port": "80", @@ -323,59 +295,52 @@ } }, { - "attribute_type": "ip", - "table_name": "ATTR_IP_PROTOCOL", - "attribute_name": "ip_protocol", + "attribute_value_type": "ip", + "attribute_name": "ATTR_IP_PROTOCOL", "attribute_value": { "addr_type": 4, "protocol": 6 } }, { - "attribute_type": "port", - "table_name": "ATTR_SOURCE_PORT", - "attribute_name": "source", + "attribute_value_type": "port", + "attribute_name": "ATTR_SOURCE_PORT", "attribute_value": { "port": "80" } }, { - "attribute_type": "numeric", - "table_name": "ATTR_APP_ID", - "attribute_name": "app_id", + "attribute_value_type": "numeric", + "attribute_name": "ATTR_APP_ID", "attribute_value": { "numeric": 67 } }, { - "attribute_type": "string", - "table_name": "ATTR_HTTP_REQ_HDR", - "attribute_name": "req_hdr", + "attribute_value_type": "string", + "attribute_name": "ATTR_HTTP_REQ_HDR", "attribute_value": { "district":"User-Agent", "string":"test" } }, { - "attribute_type": "string", - "table_name": "ATTR_TUNNEL_LEVEL", - "attribute_name": "tunnel_level", + "attribute_value_type": "string", + "attribute_name": "ATTR_TUNNEL_LEVEL", "attribute_value": { "numeric": 60 } }, { - "attribute_type": "flag", - "table_name": "ATTR_FLAG", - "attribute_name": "flag", + "attribute_value_type": "flag", + "attribute_name": "ATTR_FLAG", "attribute_value": { "numeric": 15 } }, { - "attribute_type": "boolean", - "table_name": "ATTR_SSL_ECH", - "attribute_name": "esni", + "attribute_value_type": "boolean", + "attribute_name": "ATTR_SSL_ECH", "attribute_value": { "numeric": 1 } @@ -385,6 +350,30 @@ } ], "verify_type": "policy" + }, + { + "__item_id": 9, + "vsys": 1, + "verify_list": [ + { + "type": "pxy_manipulation", + "vsys": 1, + "verify_session": { + "attributes": [ + { + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", + "attribute_value": { + "ip": "192.168.2.1", + "port":"8080", + "addr_type": 4 + } + } + ] + } + } + ], + "verify_type": "policy" } ] } \ No newline at end of file diff --git a/test/resource/HitPolicyResult.json b/test/resource/HitPolicyResult.json index ce6f681..323aa7a 100644 --- a/test/resource/HitPolicyResult.json +++ b/test/resource/HitPolicyResult.json @@ -1,6 +1,7 @@ { "Verify_Policy_Result": [ { + "__item_id": 0, "code": 200, "msg": "Success", "data": { @@ -12,7 +13,7 @@ "top_object_list": [ { "object_uuid": "00005000-0000-0000-0000-000000000000", - "table_name": "ATTR_SOURCE_IP", + "attribute_name": "ATTR_SOURCE_IP", "negate_option": 0, "condition_index": 0 } @@ -22,9 +23,8 @@ "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_SOURCE_IP", - "attribute_name": "source", + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", "attribute_value": { "ip": "192.168.0.1", "port": "8080", @@ -43,6 +43,7 @@ "success": true }, { + "__item_id": 1, "code": 200, "msg": "Success", "data": { @@ -54,19 +55,19 @@ "top_object_list": [ { "tag_uuid": "00000011-0000-0000-0000-000000000000", - "table_name": "ATTR_SOURCE_IP", + "attribute_name": "ATTR_SOURCE_IP", "negate_option": 0, "condition_index": 0 }, { "tag_uuid": "00000012-0000-0000-0000-000000000000", - "table_name": "ATTR_INTERNAL_IP", + "attribute_name": "ATTR_INTERNAL_IP", "negate_option": 0, "condition_index": 1 }, { "tag_uuid": "00000001-0000-0000-0000-000000000000", - "table_name": "ATTR_SERVER_FQDN", + "attribute_name": "ATTR_SERVER_FQDN", "negate_option": 0, "condition_index": 2 } @@ -76,9 +77,8 @@ "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_SOURCE_IP", - "attribute_name": "source", + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", "attribute_value": { "ip": "192.168.1.1", "port": "8080", @@ -92,9 +92,8 @@ ] }, { - "attribute_type": "ip", - "table_name": "ATTR_INTERNAL_IP", - "attribute_name": "internal", + "attribute_value_type": "ip", + "attribute_name": "ATTR_INTERNAL_IP", "attribute_value": { "ip": "192.168.1.2", "port": "80", @@ -112,9 +111,8 @@ ] }, { - "attribute_type": "string", - "table_name": "ATTR_SERVER_FQDN", - "attribute_name": "server_fqdn", + "attribute_value_type": "string", + "attribute_name": "ATTR_SERVER_FQDN", "attribute_value": { "string": "www.126.com" }, @@ -131,13 +129,13 @@ "success": true }, { + "__item_id": 2, "code": 200, "msg": "Success", "data": { "verify_session": { "attributes": [{ - "attribute_type": "ip", - "table_name": "ATTR_TUNNEL", + "attribute_value_type": "ip", "attribute_name": "tunnel_endpoint_object", "hit_paths": [{ "item_uuid": "00000000-0000-0000-0000-000000000000", @@ -149,14 +147,14 @@ "success": true }, { + "__item_id": 3, "code": 200, "msg": "Success", "data": { "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_TUNNEL", + "attribute_value_type": "ip", "attribute_name": "tunnel_endpoint_object", "hit_paths": [ { @@ -171,14 +169,14 @@ "success": true }, { + "__item_id": 4, "code": 200, "msg": "Success", "data": { "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_TUNNEL", + "attribute_value_type": "ip", "attribute_name": "tunnel_endpoint_object", "hit_paths": [ { @@ -197,6 +195,7 @@ "success": true }, { + "__item_id": 5, "code": 200, "msg": "Success", "data": { @@ -208,25 +207,25 @@ "top_object_list": [ { "object_uuid": "00005001-0000-0000-0000-000000000000", - "table_name": "ATTR_SOURCE_IP", + "attribute_name": "ATTR_SOURCE_IP", "negate_option": 0, "condition_index": 0 }, { "object_uuid": "00005002-0000-0000-0000-000000000000", - "table_name": "ATTR_DESTINATION_IP", + "attribute_name": "ATTR_DESTINATION_IP", "negate_option": 0, "condition_index": 1 }, { "object_uuid": "00005003-0000-0000-0000-000000000000", - "table_name": "ATTR_SERVER_FQDN", + "attribute_name": "ATTR_SERVER_FQDN", "negate_option": 0, "condition_index": 2 }, { "object_uuid": "00005004-0000-0000-0000-000000000000", - "table_name": "ATTR_SSL_SAN", + "attribute_name": "ATTR_SSL_SAN", "negate_option": 0, "condition_index": 3 } @@ -239,25 +238,25 @@ "top_object_list": [ { "object_uuid": "00005001-0000-0000-0000-000000000000", - "table_name": "ATTR_SOURCE_IP", + "attribute_name": "ATTR_SOURCE_IP", "negate_option": 0, "condition_index": 0 }, { "object_uuid": "00005002-0000-0000-0000-000000000000", - "table_name": "ATTR_DESTINATION_IP", + "attribute_name": "ATTR_DESTINATION_IP", "negate_option": 0, "condition_index": 1 }, { "object_uuid": "00005003-0000-0000-0000-000000000000", - "table_name": "ATTR_SERVER_FQDN", + "attribute_name": "ATTR_SERVER_FQDN", "negate_option": 0, "condition_index": 2 }, { "object_uuid": "00005004-0000-0000-0000-000000000000", - "table_name": "ATTR_SSL_SAN", + "attribute_name": "ATTR_SSL_SAN", "negate_option": 0, "condition_index": 3 } @@ -267,9 +266,8 @@ "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_SOURCE_IP", - "attribute_name": "source", + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", "attribute_value": { "ip": "192.168.0.2", "port": "80", @@ -283,9 +281,8 @@ ] }, { - "attribute_type": "ip", - "table_name": "ATTR_DESTINATION_IP", - "attribute_name": "destination", + "attribute_value_type": "ip", + "attribute_name": "ATTR_DESTINATION_IP", "attribute_value": { "ip": "192.168.0.3", "port": "80", @@ -299,9 +296,8 @@ ] }, { - "attribute_type": "string", - "table_name": "ATTR_SERVER_FQDN", - "attribute_name": "server_fqdn", + "attribute_value_type": "string", + "attribute_name": "ATTR_SERVER_FQDN", "attribute_value": { "string": "www.baidu.com" }, @@ -325,9 +321,8 @@ ] }, { - "attribute_type": "string", - "table_name": "ATTR_SSL_SAN", - "attribute_name": "ssl_san", + "attribute_value_type": "string", + "attribute_name": "ATTR_SSL_SAN", "attribute_value": { "string": "www.baidu.com" }, @@ -356,6 +351,7 @@ "success": true }, { + "__item_id": 6, "code": 200, "msg": "Success", "data": { @@ -367,7 +363,7 @@ "top_object_list": [ { "object_uuid": "00003022-0000-0000-0000-000000000000", - "table_name": "ATTR_TUNNEL", + "attribute_name": "ATTR_TUNNEL", "negate_option": 0, "condition_index": 0 } @@ -380,7 +376,7 @@ "top_object_list": [ { "object_uuid": "00003023-0000-0000-0000-000000000000", - "table_name": "ATTR_TUNNEL", + "attribute_name": "ATTR_TUNNEL", "negate_option": 0, "condition_index": 0 } @@ -390,9 +386,8 @@ "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_IP_PROTOCOL", - "attribute_name": "ip_protocol", + "attribute_value_type": "ip", + "attribute_name": "ATTR_IP_PROTOCOL", "attribute_value": { "addr_type": 4, "protocol": 6 @@ -405,8 +400,7 @@ ] }, { - "attribute_type": "ip", - "table_name": "ATTR_TUNNEL", + "attribute_value_type": "ip", "attribute_name": "tunnel_endpoint_object", "hit_paths": [ { @@ -420,9 +414,8 @@ ] }, { - "attribute_type": "ip", - "table_name": "ATTR_SOURCE_IP", - "attribute_name": "source", + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", "attribute_value": { "ip": "192.168.1.1", "port": "8080", @@ -441,6 +434,7 @@ "success": true }, { + "__item_id": 7, "code": 200, "msg": "Success", "data": { @@ -452,7 +446,7 @@ "top_object_list": [ { "object_uuid": "00003022-0000-0000-0000-000000000000", - "table_name": "ATTR_TUNNEL", + "attribute_name": "ATTR_TUNNEL", "negate_option": 1, "condition_index": 0 } @@ -462,9 +456,8 @@ "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_IP_PROTOCOL", - "attribute_name": "ip_protocol", + "attribute_value_type": "ip", + "attribute_name": "ATTR_IP_PROTOCOL", "attribute_value": { "addr_type": 4, "protocol": 6 @@ -477,8 +470,7 @@ ] }, { - "attribute_type": "ip", - "table_name": "ATTR_TUNNEL", + "attribute_value_type": "ip", "attribute_name": "tunnel_endpoint_object", "hit_paths": [ { @@ -497,6 +489,7 @@ "success": true }, { + "__item_id": 8, "code": 200, "msg": "Success", "data": { @@ -508,49 +501,49 @@ "top_object_list": [ { "object_uuid": "00500100-0000-0000-0000-000000000000", - "table_name": "ATTR_SOURCE_IP", + "attribute_name": "ATTR_SOURCE_IP", "negate_option": 0, "condition_index": 0 }, { "object_uuid": "00000000-0000-0000-0000-000000000006", - "table_name": "ATTR_IP_PROTOCOL", + "attribute_name": "ATTR_IP_PROTOCOL", "negate_option": 0, "condition_index": 3 }, { "object_uuid": "00500200-0000-0000-0000-000000000000", - "table_name": "ATTR_SOURCE_PORT", + "attribute_name": "ATTR_SOURCE_PORT", "negate_option": 0, "condition_index": 4 }, { "object_uuid": "00000201-0000-0000-0000-000000000000", - "table_name": "ATTR_APP_ID", + "attribute_name": "ATTR_APP_ID", "negate_option": 0, "condition_index": 1 }, { "object_uuid": "00000000-0000-0000-0000-000000001000", - "table_name": "ATTR_HTTP_REQ_HDR", + "attribute_name": "ATTR_HTTP_REQ_HDR", "negate_option": 0, "condition_index": 2 }, { "object_uuid": "00000000-0000-0000-0000-000000000050", - "table_name": "ATTR_TUNNEL_LEVEL", + "attribute_name": "ATTR_TUNNEL_LEVEL", "negate_option": 0, "condition_index": 5 }, { "object_uuid": "00500300-0000-0000-0000-000000000000", - "table_name": "ATTR_FLAG", + "attribute_name": "ATTR_FLAG", "negate_option": 0, "condition_index": 6 }, { "object_uuid": "00000000-0000-0000-0000-000000000002", - "table_name": "ATTR_SSL_ECH", + "attribute_name": "ATTR_SSL_ECH", "negate_option": 0, "condition_index": 7 } @@ -560,9 +553,8 @@ "verify_session": { "attributes": [ { - "attribute_type": "ip", - "table_name": "ATTR_SOURCE_IP", - "attribute_name": "source", + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", "attribute_value": { "ip": "192.168.55.4", "port": "80", @@ -576,9 +568,8 @@ ] }, { - "attribute_type": "ip", - "table_name": "ATTR_IP_PROTOCOL", - "attribute_name": "ip_protocol", + "attribute_value_type": "ip", + "attribute_name": "ATTR_IP_PROTOCOL", "attribute_value": { "addr_type": 4, "protocol": 6 @@ -591,9 +582,8 @@ ] }, { - "attribute_type": "port", - "table_name": "ATTR_SOURCE_PORT", - "attribute_name": "source", + "attribute_value_type": "port", + "attribute_name": "ATTR_SOURCE_PORT", "attribute_value": { "port": "80" }, @@ -605,9 +595,8 @@ ] }, { - "attribute_type": "numeric", - "table_name": "ATTR_APP_ID", - "attribute_name": "app_id", + "attribute_value_type": "numeric", + "attribute_name": "ATTR_APP_ID", "attribute_value": { "numeric": 67 }, @@ -619,9 +608,8 @@ ] }, { - "attribute_type": "string", - "table_name": "ATTR_HTTP_REQ_HDR", - "attribute_name": "req_hdr", + "attribute_value_type": "string", + "attribute_name": "ATTR_HTTP_REQ_HDR", "attribute_value": { "district": "User-Agent", "string": "test" @@ -634,9 +622,8 @@ ] }, { - "attribute_type": "string", - "table_name": "ATTR_TUNNEL_LEVEL", - "attribute_name": "tunnel_level", + "attribute_value_type": "string", + "attribute_name": "ATTR_TUNNEL_LEVEL", "attribute_value": { "numeric": 60 }, @@ -648,9 +635,8 @@ ] }, { - "attribute_type": "flag", - "table_name": "ATTR_FLAG", - "attribute_name": "flag", + "attribute_value_type": "flag", + "attribute_name": "ATTR_FLAG", "attribute_value": { "numeric": 15 }, @@ -662,9 +648,8 @@ ] }, { - "attribute_type": "boolean", - "table_name": "ATTR_SSL_ECH", - "attribute_name": "esni", + "attribute_value_type": "boolean", + "attribute_name": "ATTR_SSL_ECH", "attribute_value": { "numeric": 1 }, @@ -679,6 +664,48 @@ } }, "success": true + }, + { + "__item_id": 9, + "code": 200, + "msg": "Success", + "data": { + "hit_policy_list": [ + { + "uuid": "00002020-0000-0000-0000-000000000000", + "policyName": "", + "is_execute_policy": true, + "top_object_list": [ + { + "object_uuid": "00008000-0000-0000-0000-000000000000", + "attribute_name": "ATTR_SOURCE_IP", + "negate_option": 0, + "condition_index": 0 + } + ] + } + ], + "verify_session": { + "attributes": [ + { + "attribute_value_type": "ip", + "attribute_name": "ATTR_SOURCE_IP", + "attribute_value": { + "ip": "192.168.2.1", + "port": "8080", + "addr_type": 4 + }, + "hit_paths": [ + { + "item_uuid": "00000000-0000-0000-0000-000000001013", + "superior_object_uuid": "00008000-0000-0000-0000-000000000000" + } + ] + } + ] + } + }, + "success": true } ] } \ No newline at end of file diff --git a/test/resource/VerifyPolicyManipulation.json b/test/resource/VerifyPolicyManipulation.json index f201311..c131acc 100644 --- a/test/resource/VerifyPolicyManipulation.json +++ b/test/resource/VerifyPolicyManipulation.json @@ -1,6 +1,6 @@ { "rule_table": "PXY_CTRL_RULE", - "object2object_table": "OBJECT_GROUP", + "object_group_table": "OBJECT_GROUP", "rules": [ { "uuid": "00001021-0000-0000-0000-000000000000", @@ -473,6 +473,37 @@ ] } ] + }, + { + "uuid": "00002020-0000-0000-0000-000000000000", + "service": 1, + "action": "manipulate", + "blacklist_option": 1, + "log_option": "all", + "action_parameter": "anything", + "is_valid": "yes", + "and_conditions": [ + { + "attribute_name": "ATTR_SOURCE_IP", + "negate_option": false, + "objects": [ + { + "object_name": "IPv4TCPSoureVeiryPolicy03", + "uuid": "00008000-0000-0000-0000-000000000000", + "items": [ + { + "table_type": "ip", + "table_name": "TSG_OBJ_IP_ADDR", + "table_content": { + "ip": "192.168.2.1/32", + "port": "8080" + } + } + ] + } + ] + } + ] } ], "plugin_table": [ @@ -515,6 +546,14 @@ {"app_id":67,"object_uuid":"00000201-0000-0000-0000-000000000000","app_name":"http","is_valid":1}, {"app_id":68,"object_uuid":"00068000-0000-0000-0000-000000000000","app_name":"https","is_valid":1} ] + }, + { + "table_name": "ATTRIBUTE_DICT", + "table_content": [ + {"uuid":"4fff0ed4-f02b-17ee-3f74-b66310c5d1e2","is_valid":1,"attribute_name":"ATTR_SERVER_FQDN","available_object_type":"fqdn","object_table_name":"TSG_OBJ_FQDN"}, + {"uuid":"4fff0ed4-f02b-17ee-3f74-b66310c5d1e2","is_valid":1,"attribute_name":"ATTR_SSL_SAN","available_object_type":"fqdn","object_table_name":"TSG_OBJ_FQDN"}, + {"uuid":"ca317931-96f8-1979-ea7c-2bb791858df6","is_valid":1,"attribute_name":"ATTR_HTTP_REQ_HDR","available_object_type":"keyword","object_table_name":"tsg_obj_keyword"} + ] } ] } diff --git a/test/verify_policy_test.cpp b/test/verify_policy_test.cpp index d46c396..adc0d90 100644 --- a/test/verify_policy_test.cpp +++ b/test/verify_policy_test.cpp @@ -89,7 +89,7 @@ static char *select_hit_policy_request_item(int gtest_id) TEST(LibrarySearch, HitFqdnEntry) { - const char *hit_policy_request = "{\"ip\":null,\"fqdn\":\"www.126.com\",\"vsys_id\":1}"; + const char *hit_policy_request = "{\"ip\":null,\"fqdn\":\"www.126.com\",\"vsys\":1}"; const char *hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"tag_uuids\":\"00000001-0000-0000-0000-000000000000\"}]},\"success\":true}"; cJSON *result_json = get_library_search_query(hit_policy_request, strlen(hit_policy_request)); @@ -104,7 +104,7 @@ TEST(LibrarySearch, HitFqdnEntry) cJSON_Delete(result_json); FREE(&hit_policy_list); - hit_policy_request = "{\"ip\":null,\"fqdn\":\"www.baidu.com\",\"vsys_id\":1}"; + hit_policy_request = "{\"ip\":null,\"fqdn\":\"www.baidu.com\",\"vsys\":1}"; hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"tag_uuids\":\"00000002-0000-0000-0000-000000000000,00000003-0000-0000-0000-000000000000\"}]},\"success\":true}"; result_json = get_library_search_query(hit_policy_request, strlen(hit_policy_request)); @@ -119,7 +119,7 @@ TEST(LibrarySearch, HitFqdnEntry) cJSON_Delete(result_json); FREE(&hit_policy_list); - hit_policy_request = "{\"ip\":null,\"fqdn\":\"www.qq.com\",\"vsys_id\":1}"; + hit_policy_request = "{\"ip\":null,\"fqdn\":\"www.qq.com\",\"vsys\":1}"; hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"tag_uuids\":\"00000004-0000-0000-0000-000000000000,00000005-0000-0000-0000-000000000000,00000006-0000-0000-0000-000000000000\"}]},\"success\":true}"; result_json = get_library_search_query(hit_policy_request, strlen(hit_policy_request)); @@ -137,7 +137,7 @@ TEST(LibrarySearch, HitFqdnEntry) TEST(LibrarySearch, HitIpEntry) { - const char *hit_policy_request = "{\"ip\":\"192.168.1.1\",\"fqdn\":null,\"vsys_id\":1}"; + const char *hit_policy_request = "{\"ip\":\"192.168.1.1\",\"fqdn\":null,\"vsys\":1}"; const char *hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"tag_uuids\":\"00000011-0000-0000-0000-000000000000\"}]},\"success\":true}"; cJSON *result_json = get_library_search_query(hit_policy_request, strlen(hit_policy_request)); @@ -153,7 +153,7 @@ TEST(LibrarySearch, HitIpEntry) cJSON_Delete(result_json); FREE(&hit_policy_list); - hit_policy_request ="{\"ip\":\"192.168.1.2\",\"fqdn\":null,\"vsys_id\":1}"; + hit_policy_request ="{\"ip\":\"192.168.1.2\",\"fqdn\":null,\"vsys\":1}"; hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"tag_uuids\":\"00000012-0000-0000-0000-000000000000,00000013-0000-0000-0000-000000000000\"}]},\"success\":true}"; result_json = get_library_search_query(hit_policy_request, strlen(hit_policy_request)); @@ -169,7 +169,7 @@ TEST(LibrarySearch, HitIpEntry) cJSON_Delete(result_json); FREE(&hit_policy_list); - hit_policy_request = "{\"ip\":\"192.168.1.3\",\"fqdn\":null,\"vsys_id\":1}"; + hit_policy_request = "{\"ip\":\"192.168.1.3\",\"fqdn\":null,\"vsys\":1}"; hit_policy_result="{\"code\":200,\"msg\":\"Success\",\"data\":{\"hit_library\":[{\"tag_uuids\":\"00000014-0000-0000-0000-000000000000,00000015-0000-0000-0000-000000000000,00000016-0000-0000-0000-000000000000\"}]},\"success\":true}"; result_json = get_library_search_query(hit_policy_request, strlen(hit_policy_request)); @@ -236,6 +236,57 @@ TEST(VerifyPolicy, CheckRegexExpression) FREE(&hit_policy_query); } +TEST(VerifyPolicy, HitIpAddrPolicy) +{ + char *hit_policy_request = select_hit_policy_request_item(9); + ASSERT_TRUE(hit_policy_request != NULL); + char *hit_policy_result = select_hit_policy_result_item(9); + ASSERT_TRUE(hit_policy_result != NULL); + + cJSON *result_json = get_verify_policy_query(hit_policy_request, strlen(hit_policy_request), 1); + ASSERT_TRUE(result_json != NULL); + + char *hit_policy_query = cJSON_PrintUnformatted(result_json); + ASSERT_TRUE(hit_policy_query != NULL); + + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); + EXPECT_EQ(equal, 0); + + cJSON_Delete(result_json); + FREE(&hit_policy_query); + FREE(&hit_policy_request); + FREE(&hit_policy_result); +} + +TEST(VerifyPolicy, HitNegateIpAddrPolicy) +{ + +} + +TEST(VerifyPolicy, HitIntegerPolicy) +{ + + +} + +TEST(VerifyPolicy, HitStringPolicy) +{ + + +} + +TEST(VerifyPolicy, HitObjectPolicy) +{ + + +} + +TEST(VerifyPolicy, HitGroupPolicy) +{ + + +} + TEST(VerifyPolicy, HitIpPolicy) { char *hit_policy_request = select_hit_policy_request_item(0); @@ -249,10 +300,10 @@ TEST(VerifyPolicy, HitIpPolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - printf("hit_policy_query = %s\n", hit_policy_query); - printf("hit_policy_result = %s\n", hit_policy_result); + printf("hit_policy_query = %s\n", hit_policy_query+2); + printf("hit_policy_result = %s\n", hit_policy_result+16); - int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); cJSON_Delete(result_json); @@ -274,10 +325,10 @@ TEST(VerifyPolicy, HitLibraryPolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - printf("hit_policy_query = %s\n", hit_policy_query); - printf("hit_policy_result = %s\n", hit_policy_result); + //printf("hit_policy_query = %s\n", hit_policy_query); + //printf("hit_policy_result = %s\n", hit_policy_result); - int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); cJSON_Delete(result_json); @@ -299,10 +350,10 @@ TEST(VerifyPolicy, HitMultiplePolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - printf("hit_policy_query = %s\n", hit_policy_query); - printf("hit_policy_result = %s\n", hit_policy_result); + //printf("hit_policy_query = %s\n", hit_policy_query); + //printf("hit_policy_result = %s\n", hit_policy_result); - int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); cJSON_Delete(result_json); @@ -324,7 +375,7 @@ TEST(VerifyPolicy, HitTunnelEndpointaPolicy_1025) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); cJSON_Delete(result_json); @@ -346,7 +397,7 @@ TEST(VerifyPolicy, HitTunnelEndpointaPolicy_1027) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); cJSON_Delete(result_json); @@ -369,7 +420,7 @@ TEST(VerifyPolicy, HitTunnelEndpointaPolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); cJSON_Delete(result_json); @@ -391,7 +442,7 @@ TEST(VerifyPolicy, HitTunnelEndpointbPolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); cJSON_Delete(result_json); @@ -413,7 +464,7 @@ TEST(VerifyPolicy, HitTunnelEndpointPolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); cJSON_Delete(result_json); @@ -435,11 +486,11 @@ TEST(VerifyPolicy, HitAllObjectPolicy) char *hit_policy_query = cJSON_PrintUnformatted(result_json); ASSERT_TRUE(hit_policy_query != NULL); - printf("hit_policy_request = %s\n", hit_policy_request); - printf("hit_policy_query = %s\n", hit_policy_query); - printf("hit_policy_result = %s\n", hit_policy_result); + //printf("hit_policy_request = %s\n", hit_policy_request); + //printf("hit_policy_query = %s\n", hit_policy_query); + //printf("hit_policy_result = %s\n", hit_policy_result); - int equal = strncasecmp(hit_policy_query, hit_policy_result, strlen(hit_policy_result)); + int equal = strncasecmp(hit_policy_query+2, hit_policy_result+16, strlen(hit_policy_result)); EXPECT_EQ(equal, 0); cJSON_Delete(result_json);