diff options
| -rw-r--r-- | src/bindings.rs | 13 | ||||
| -rw-r--r-- | src/lib.rs | 16 | ||||
| -rw-r--r-- | src/main.rs | 55 | ||||
| -rw-r--r-- | table_info.conf | 636 |
4 files changed, 695 insertions, 25 deletions
diff --git a/src/bindings.rs b/src/bindings.rs index 515caf0..6a5a03f 100644 --- a/src/bindings.rs +++ b/src/bindings.rs @@ -31,10 +31,11 @@ impl<T> ::std::fmt::Debug for __IncompleteArrayField<T> { } } -pub type UChar = ::std::os::raw::c_uchar; -pub type UShort = ::std::os::raw::c_ushort; -pub type UInt = ::std::os::raw::c_uint; -pub type ULong = ::std::os::raw::c_ulong; +pub type CUchar = ::std::os::raw::c_uchar; +pub type CUShort = ::std::os::raw::c_ushort; +pub type CUInt = ::std::os::raw::c_uint; +pub type CULong = ::std::os::raw::c_ulong; +pub type CLongLong = ::std::os::raw::c_longlong; extern "C" { pub fn ntohl(__netlong: u32) -> u32; @@ -79,7 +80,7 @@ fn bindgen_test_layout_maat_hit_path() { concat!("Alignment of ", stringify!(maat_hit_path)) ); assert_eq!( - unsafe { ::std::ptr::addr_of!((*ptr).Nth_scan) as usize - ptr as usize }, + unsafe { ::std::ptr::addr_of!((*ptr).nth_scan) as usize - ptr as usize }, 0usize, concat!( "Offset of field: ", @@ -683,4 +684,4 @@ extern "C" { instance: *mut maat, group: *mut maat_hit_group, ) -> ::std::os::raw::c_int; -}
\ No newline at end of file +} diff --git a/src/lib.rs b/src/lib.rs deleted file mode 100644 index 84f3eb8..0000000 --- a/src/lib.rs +++ /dev/null @@ -1,16 +0,0 @@ -pub mod bindings; - -pub fn add(left: usize, right: usize) -> usize { - left + right -} - -#[cfg(test)] -mod tests { - use super::*; - - #[test] - fn it_works() { - let result = add(2, 2); - assert_eq!(result, 4); - } -} diff --git a/src/main.rs b/src/main.rs index ed9ff0a..5cba62d 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,7 +1,56 @@ -use maat_rust_binding::bindings; +pub mod bindings; + +use crate::bindings::MAAT_SCAN_HIT; +use std::ffi::CString; + +const ARRAY_SIZE: usize = 10; + +pub fn maat_hs_string_scan() { + let redis_ip = CString::new("127.0.0.1").unwrap(); + let redis_port = 6379; + let redis_db = 0; + let log_path = CString::new("./maat_framework_gtest.log").unwrap(); + let log_level = bindings::LOG_LEVEL_INFO; + let table_info_path = CString::new("./table_info.conf").unwrap(); -fn main() { unsafe { - let _opts = bindings::maat_options_new(); + let opts = bindings::maat_options_new(); + bindings::maat_options_set_redis(opts, redis_ip.as_ptr(), redis_port, redis_db); + bindings::maat_options_set_logger(opts, log_path.as_ptr(), log_level); + + let maat_inst = bindings::maat_new(opts, table_info_path.as_ptr()); + bindings::maat_options_free(opts); + + let table_name = CString::new("HTTP_URL").unwrap(); + let table_id = bindings::maat_get_table_id(maat_inst, table_name.as_ptr()); + assert_ne!(table_id, 0); + + let mut results: [bindings::CLongLong; ARRAY_SIZE] = [-1; ARRAY_SIZE]; + let mut n_hit_result: usize = 0; + let thread_id = 0; + let state = bindings::maat_state_new(maat_inst, thread_id); + let scan_data = CString::new("http://www.cyberessays.com/search_results.php?action=search&query=username,abckkk,1234567").unwrap(); + + let n_hit_result_ptr = &mut n_hit_result as *mut usize; + + let ret = bindings::maat_scan_string( + maat_inst, + table_id, + scan_data.as_ptr(), + scan_data.as_bytes().len(), + results.as_mut_ptr(), + ARRAY_SIZE, + n_hit_result_ptr, + state, + ); + + assert_eq!(ret, MAAT_SCAN_HIT); + assert_eq!(n_hit_result, 1); + assert_eq!(results[0], 125); + bindings::maat_state_free(state); + println!("hit compile_id:{}", results[0]); } } +fn main() { + crate::maat_hs_string_scan(); +} diff --git a/table_info.conf b/table_info.conf new file mode 100644 index 0000000..1219396 --- /dev/null +++ b/table_info.conf @@ -0,0 +1,636 @@ +[ + { + "table_id":0, + "table_name":"COMPILE_DEFAULT", + "table_type":"compile", + "valid_column":8, + "custom": { + "compile_id":1, + "tags":6, + "clause_num":9 + } + }, + { + "table_id":1, + "table_name":"COMPILE_ALIAS", + "table_type":"compile", + "valid_column":8, + "custom": { + "compile_id":1, + "tags":6, + "clause_num":9 + } + }, + { + "table_id":2, + "table_name":"COMPILE_CONJUNCTION", + "db_tables":["COMPILE_DEFAULT", "COMPILE_ALIAS"], + "default_compile_table":1, + "table_type":"compile", + "valid_column":8, + "custom": { + "compile_id":1, + "tags":6, + "clause_num":9 + } + }, + { + "table_id":3, + "table_name":"GROUP2COMPILE", + "db_tables":["GROUP2COMPILE_DEFAULT", "GROUP2COMPILE_ALIAS"], + "table_type":"group2compile", + "associated_compile_table_id":2, + "valid_column":3, + "custom": { + "group_id":1, + "compile_id":2, + "not_flag":4, + "virtual_table_name":5, + "clause_index":6 + } + }, + { + "table_id":4, + "table_name":"COMPILE_FIREWALL_DEFAULT", + "table_type":"compile", + "valid_column":8, + "custom": { + "compile_id":1, + "tags":6, + "clause_num":9 + } + }, + { + "table_id":5, + "table_name":"COMPILE_FIREWALL_CONJUNCTION", + "db_tables":["COMPILE_FIREWALL_DEFAULT"], + "table_type":"compile", + "valid_column":8, + "custom": { + "compile_id":1, + "tags":6, + "clause_num":9 + } + }, + { + "table_id":6, + "table_name":"GROUP2COMPILE_FIREWALL", + "table_type":"group2compile", + "associated_compile_table_id":5, + "valid_column":3, + "custom": { + "group_id":1, + "compile_id":2, + "not_flag":4, + "virtual_table_name":5, + "clause_index":6 + } + }, + { + "table_id":7, + "table_name":"GROUP2GROUP", + "table_type":"group2group", + "valid_column":4, + "custom": { + "group_id":1, + "super_group_id":2, + "is_exclude":3 + } + }, + { + "table_id":8, + "table_name":"COMPILE_PLUGIN", + "db_tables":["COMPILE_DEFAULT", "COMPILE_ALIAS"], + "table_type":"plugin", + "valid_column":8, + "custom": { + "gc_timeout_s":3, + "key_type":"integer", + "key_len":8, + "key":1 + } + }, + { + "table_id":9, + "table_name":"COMPILE_FIREWALL_PLUGIN", + "db_tables":["COMPILE_FIREWALL_DEFAULT"], + "table_type":"plugin", + "valid_column":8, + "custom": { + "gc_timeout_s":3, + "key_type":"integer", + "key_len":8, + "key":1 + } + }, + { + "table_id":10, + "table_name":"HTTP_REGION", + "db_tables":["HTTP_URL", "HTTP_HOST"], + "table_type":"expr", + "valid_column":7, + "custom": { + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":11, + "table_name":"KEYWORDS_TABLE", + "table_type":"expr", + "valid_column":7, + "custom": { + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":12, + "table_name":"IP_CONFIG", + "table_type":"ip_plus", + "valid_column":11, + "custom": { + "item_id":1, + "group_id":2, + "addr_type":3, + "addr_format":4, + "ip1":5, + "ip2":6, + "port_format":7, + "port1":8, + "port2":9, + "protocol":10 + } + }, + { + "table_id":13, + "table_name":"CONTENT_SIZE", + "table_type":"intval", + "valid_column":5, + "custom": { + "item_id":1, + "group_id":2, + "low_bound":3, + "up_bound":4 + } + }, + { + "table_id":14, + "table_name":"QD_ENTRY_INFO", + "table_type":"plugin", + "valid_column":4, + "custom": { + "gc_timeout_s":3, + "key_type":"integer", + "key_len":8, + "key":1 + } + }, + { + "table_id":15, + "table_name":"HTTP_SIGNATURE", + "table_type":"expr_plus", + "valid_column":8, + "custom": { + "item_id":1, + "group_id":2, + "district":3, + "keywords":4, + "expr_type":5, + "match_method":6, + "is_hexbin":7 + } + }, + { + "table_id":16, + "table_name":"IMAGE_FP", + "table_type":"expr", + "valid_column":7, + "custom": { + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":17, + "table_name":"TEST_EFFECTIVE_RANGE_TABLE", + "table_type":"plugin", + "valid_column":4, + "custom": { + "gc_timeout_s":3, + "key_type":"integer", + "key_len":8, + "key":1, + "tag":5 + } + }, + { + "table_id":18, + "table_name":"TEST_FOREIGN_KEY", + "table_type":"plugin", + "valid_column":4, + "custom": { + "gc_timeout_s":3, + "key_type":"pointer", + "key":2, + "tag":3, + "foreign": [6,8] + } + }, + { + "table_id":19, + "table_name":"TEST_PLUGIN_EXDATA_TABLE", + "table_type":"plugin", + "valid_column":4, + "custom": { + "gc_timeout_s":3, + "key_type":"pointer", + "key":2, + "tag":5 + } + }, + { + "table_id":20, + "table_name":"IR_INTERCEPT_IP", + "table_type":"plugin", + "valid_column":14, + "custom": { + "gc_timeout_s":3, + "key_type":"pointer", + "key":2, + "tag":18 + } + }, + { + "table_id":21, + "table_name":"APP_PAYLOAD", + "table_type":"expr_plus", + "valid_column":8, + "custom": { + "item_id":1, + "group_id":2, + "district":3, + "keywords":4, + "expr_type":5, + "match_method":6, + "is_hexbin":7 + } + }, + { + "table_id":22, + "table_name":"TROJAN_PAYLOAD", + "table_type":"expr", + "valid_column":7, + "custom": { + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + + } + }, + { + "table_id":23, + "table_name":"MAIL_ADDR", + "table_type":"expr", + "valid_column":7, + "custom": { + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":24, + "table_name":"IP_PLUS_CONFIG", + "table_type":"ip_plus", + "valid_column":11, + "custom": { + "item_id":1, + "group_id":2, + "addr_type":3, + "addr_format":4, + "ip1":5, + "ip2":6, + "port_format":7, + "port1":8, + "port2":9, + "protocol":10 + } + }, + { + "table_id":25, + "table_name":"HTTP_RESPONSE_KEYWORDS", + "table_type":"virtual", + "physical_table": "KEYWORDS_TABLE" + }, + { + "table_id":26, + "table_name":"HTTP_REQUEST_HEADER", + "table_type":"virtual", + "physical_table": "HTTP_SIGNATURE" + }, + { + "table_id":27, + "table_name":"HTTP_RESPONSE_HEADER", + "table_type":"virtual", + "physical_table": "HTTP_SIGNATURE" + }, + { + "table_id":28, + "table_name":"VIRTUAL_IP_PLUS_TABLE", + "db_tables":["VIRTUAL_IP_PLUS_SOURCE", "VIRTUAL_IP_PLUS_DESTINATION"], + "table_type":"virtual", + "physical_table": "IP_PLUS_CONFIG" + }, + { + "table_id":29, + "table_name":"TEST_IP_PLUGIN_WITH_EXDATA", + "table_type":"ip_plugin", + "valid_column":6, + "custom": { + "gc_timeout_s": 3, + "item_id":1, + "ip_type":2, + "start_ip":3, + "end_ip":4, + "addr_format":7 + } + }, + { + "table_id":30, + "table_name":"AS_NUMBER", + "table_type":"expr", + "valid_column":7, + "custom": { + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":31, + "table_name":"SOURCE_IP_ASN", + "table_type":"virtual", + "physical_table":"AS_NUMBER" + }, + { + "table_id":32, + "table_name":"DESTINATION_IP_ASN", + "table_type":"virtual", + "physical_table":"AS_NUMBER" + }, + { + "table_id":33, + "table_name":"GeoLocation", + "table_type":"expr", + "valid_column":7, + "custom": { + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":34, + "table_name":"SOURCE_IP_GEO", + "table_type":"virtual", + "physical_table":"GeoLocation" + }, + { + "table_id":35, + "table_name":"INTERGER_PLUS", + "table_type":"intval_plus", + "valid_column":6, + "custom": { + "item_id":1, + "group_id":2, + "district":3, + "low_bound":4, + "up_bound":5 + } + }, + { + "table_id":36, + "table_name":"TEST_FQDN_PLUGIN_WITH_EXDATA", + "table_type":"fqdn_plugin", + "valid_column":5, + "custom": { + "gc_timeout_s": 3, + "item_id":1, + "suffix_match_method":2, + "fqdn":3 + } + }, + { + "table_id":37, + "table_name":"APP_ID", + "table_type":"intval", + "valid_column":5, + "custom": { + "item_id":1, + "group_id":2, + "low_bound":3, + "up_bound":4 + } + }, + { + "table_id":38, + "table_name":"EMPTY_KEYWORD", + "table_type":"expr", + "valid_column":7, + "custom": { + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":39, + "table_name":"EMPTY_INTERGER", + "table_type":"intval", + "valid_column":5, + "custom": { + "item_id":1, + "group_id":2, + "low_bound":3, + "up_bound":4 + } + }, + { + "table_id":40, + "table_name":"TEST_BOOL_PLUGIN_WITH_EXDATA", + "table_type":"bool_plugin", + "valid_column":4, + "custom": { + "gc_timeout_s": 3, + "item_id":1, + "bool_expr":2 + } + }, + { + "table_id":41, + "table_name":"FLAG_CONFIG", + "table_type":"flag", + "valid_column":5, + "custom": { + "item_id":1, + "group_id":2, + "flag":3, + "flag_mask":4 + } + }, + { + "table_id":42, + "table_name":"FLAG_PLUS_CONFIG", + "table_type":"flag_plus", + "valid_column":6, + "custom": { + "item_id":1, + "group_id":2, + "district":3, + "flag":4, + "flag_mask":5 + } + }, + { + "table_id":43, + "table_name":"TEST_PLUGIN_LONG_KEY_TYPE_TABLE", + "table_type":"plugin", + "valid_column":4, + "custom": { + "gc_timeout_s":3, + "key_type":"integer", + "key_len":8, + "key":2, + "tag":5 + } + }, + { + "table_id":44, + "table_name":"TEST_PLUGIN_INT_KEY_TYPE_TABLE", + "table_type":"plugin", + "valid_column":4, + "custom": { + "gc_timeout_s":3, + "key_type":"integer", + "key_len":4, + "key":2, + "tag":5 + } + }, + { + "table_id":45, + "table_name":"TEST_PLUGIN_IP_KEY_TYPE_TABLE", + "table_type":"plugin", + "valid_column":4, + "custom": { + "gc_timeout_s":3, + "key_type":"ip_addr", + "addr_type":1, + "key":2 + } + }, + { + "table_id":46, + "table_name":"HTTP_URL_FILTER", + "table_type":"virtual", + "physical_table": "HTTP_URL" + }, + { + "table_id":47, + "table_name":"IP_PERF_CONFIG", + "table_type":"ip_plus", + "valid_column":11, + "custom": { + "item_id":1, + "group_id":2, + "addr_type":3, + "addr_format":4, + "ip1":5, + "ip2":6, + "port_format":7, + "port1":8, + "port2":9, + "protocol":10 + } + }, + { + "table_id":48, + "table_name":"INTEGER_PERF_CONFIG", + "table_type":"intval", + "valid_column":5, + "custom": { + "item_id":1, + "group_id":2, + "low_bound":3, + "up_bound":4 + } + }, + { + "table_id":49, + "table_name":"EXPR_LITERAL_PERF_CONFIG", + "table_type":"expr", + "valid_column":7, + "custom": { + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":50, + "table_name":"EXPR_REGEX_PERF_CONFIG", + "table_type":"expr", + "valid_column":7, + "custom": { + "item_id":1, + "group_id":2, + "keywords":3, + "expr_type":4, + "match_method":5, + "is_hexbin":6 + } + }, + { + "table_id":51, + "table_name":"FLAG_PERF_CONFIG", + "table_type":"flag", + "valid_column":5, + "custom": { + "item_id":1, + "group_id":2, + "flag":3, + "flag_mask":4 + } + } +]
\ No newline at end of file |