diff options
| author | liuxueli <[email protected]> | 2024-11-19 07:17:07 +0000 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2024-11-27 06:36:57 +0000 |
| commit | 409833b463c7e43eec4b4cb332485d4755d92486 (patch) | |
| tree | ccb82ecef23b17188f13ce344a5ea9f24be584ab | |
| parent | 4e9246ba9bc553446ac76f1bcd5175c07eed964a (diff) | |
Security enforcer maat plugin table
| -rw-r--r-- | enforcer/security/security_maat.c | 14 | ||||
| -rw-r--r-- | enforcer/security/test/gtest_security_maat.cpp | 422 |
2 files changed, 434 insertions, 2 deletions
diff --git a/enforcer/security/security_maat.c b/enforcer/security/security_maat.c index e67cda3..608c8c7 100644 --- a/enforcer/security/security_maat.c +++ b/enforcer/security/security_maat.c @@ -379,6 +379,11 @@ void dns_answer_record_free(UT_array **answer_array, int n_array) for(int i=0; i<n_array; i++) { + if(answer_array[i]==NULL) + { + continue; + } + struct dns_answer_record *a_record=NULL; while((a_record=(struct dns_answer_record *)utarray_next(answer_array[i], a_record))!=NULL) { @@ -709,6 +714,15 @@ static struct dns_setting_details *sub_action_dns_setting_details_parse(yyjson_v dns_answer_record_parse(dns_setting, answer_array, qtype); } + for(int i=0; i<DNS_ANSWER_TYPE_MAX; i++) + { + if(utarray_len(dns_setting->answer_array[i])==0) + { + utarray_free(dns_setting->answer_array[i]); + dns_setting->answer_array[i]=NULL; + } + } + return dns_setting; } diff --git a/enforcer/security/test/gtest_security_maat.cpp b/enforcer/security/test/gtest_security_maat.cpp index 2d163e8..664f091 100644 --- a/enforcer/security/test/gtest_security_maat.cpp +++ b/enforcer/security/test/gtest_security_maat.cpp @@ -475,7 +475,7 @@ TEST(security_maat, security_rule_is_deny_tamper_random) security_rule_free("SECURITY_RULE_PLUGIN", (void **)(&p_rule), 0, NULL); } -TEST(security_maat, security_rule_is_deny_alert_message) +TEST(security_maat, security_rule_is_deny_alert200_message) { const char *table_line="{ \ \"uuid\": \"00000000-0000-0000-0000-000000000129\", \ @@ -511,7 +511,7 @@ TEST(security_maat, security_rule_is_deny_alert_message) security_rule_free("SECURITY_RULE_PLUGIN", (void **)(&p_rule), 0, NULL); } -TEST(security_maat, security_rule_is_deny_alert_profile) +TEST(security_maat, security_rule_is_deny_alert200_profile) { const char *table_line="{ \ \"uuid\": \"00000000-0000-0000-0000-000000000129\", \ @@ -549,6 +549,41 @@ TEST(security_maat, security_rule_is_deny_alert_profile) security_rule_free("SECURITY_RULE_PLUGIN", (void **)(&p_rule), 0, NULL); } +TEST(security_maat, security_rule_is_deny_alert204) +{ + const char *table_line="{ \ + \"uuid\": \"00000000-0000-0000-0000-000000000129\", \ + \"action\": \"deny\", \ + \"log_option\": \"all\", \ + \"action_parameter\": { \ + \"sub_action\": \"alert\", \ + \"code\": 204 \ + } \ + }"; + + struct security_rule *p_rule=NULL; + security_rule_new("SECURITY_RULE_PLUGIN", "00000000-0000-0000-0000-000000000129", table_line, (void **)(&p_rule), 0, NULL); + EXPECT_NE(p_rule, nullptr); + + char rule_uuid_str[UUID_STR_LEN]; + uuid_unparse_lower(p_rule->rule_uuid, rule_uuid_str); + EXPECT_STREQ(rule_uuid_str, "00000000-0000-0000-0000-000000000129"); + EXPECT_EQ(p_rule->log_option, LOG_OPTION_ALL); + + EXPECT_EQ(p_rule->action, SECURITY_RULE_ACTION_DENY); + EXPECT_STREQ(p_rule->action_str, "deny"); + EXPECT_NE(p_rule->deny, nullptr); + EXPECT_EQ(p_rule->deny->origin, origin_override); + EXPECT_NE(p_rule->deny->override_action, nullptr); + EXPECT_EQ(p_rule->deny->override_action->sub_action_type, RULE_SUB_ACTION_ALERT); + EXPECT_NE(p_rule->deny->override_action->http_alert, nullptr); + EXPECT_EQ(p_rule->deny->override_action->http_alert->code, 204); + EXPECT_EQ(p_rule->deny->override_action->http_alert->rtype, RESPONSE_NO_CONTENT); + EXPECT_EQ(p_rule->deny->override_action->http_alert->message, nullptr); + + security_rule_free("SECURITY_RULE_PLUGIN", (void **)(&p_rule), 0, NULL); +} + TEST(security_maat, security_rule_is_deny_http_block403_message) { const char *table_line="{ \ @@ -907,4 +942,387 @@ TEST(security_maat, security_rule_is_deny_http_url_redirect303_variable) EXPECT_STREQ(p_rule->deny->override_action->http_redirect->message, "https://www.redirect303.com/tsg_policy_uuid={{tsg_policy_uuid}}/tsg_subscriber_id={{tsg_subscriber_id}}/tsg_client_ip={{tsg_client_ip}}"); security_rule_free("SECURITY_RULE_PLUGIN", (void **)(&p_rule), 0, NULL); +} + +TEST(security_maat, security_rule_is_deny_dns_redirect_CNAME_AAAA_Profile) +{ + const char *table_line="{ \ + \"uuid\": \"00000000-0000-0000-0000-000000000129\", \ + \"action\": \"deny\", \ + \"log_option\": \"all\", \ + \"action_parameter\": { \ + \"sub_action\": \"redirect\", \ + \"resolution\": [ \ + { \ + \"qtype\": \"AAAA\", \ + \"answer\": [ \ + { \ + \"atype\": \"CNAME\", \ + \"value\": \"www.cname.aaaa.net\", \ + \"ttl\": { \ + \"min\": 60, \ + \"max\": 300 \ + } \ + }, \ + { \ + \"atype\": \"AAAA\", \ + \"record_profile\": \"00000000-0000-0000-0000-000000000102\", \ + \"selected_num\": 2, \ + \"ttl\": { \ + \"min\": 300, \ + \"max\": 300 \ + } \ + } \ + ] \ + } \ + ] \ + } \ + }"; + + struct security_rule *p_rule=NULL; + security_rule_new("SECURITY_RULE_PLUGIN", "00000000-0000-0000-0000-000000000129", table_line, (void **)(&p_rule), 0, NULL); + EXPECT_NE(p_rule, nullptr); + + char rule_uuid_str[UUID_STR_LEN]; + uuid_unparse_lower(p_rule->rule_uuid, rule_uuid_str); + EXPECT_STREQ(rule_uuid_str, "00000000-0000-0000-0000-000000000129"); + EXPECT_EQ(p_rule->log_option, LOG_OPTION_ALL); + + EXPECT_EQ(p_rule->action, SECURITY_RULE_ACTION_DENY); + EXPECT_STREQ(p_rule->action_str, "deny"); + EXPECT_NE(p_rule->deny, nullptr); + EXPECT_EQ(p_rule->deny->origin, origin_override); + EXPECT_NE(p_rule->deny->override_action, nullptr); + EXPECT_EQ(p_rule->deny->override_action->sub_action_type, RULE_SUB_ACTION_DNS_REDIRECT); + EXPECT_NE(p_rule->deny->override_action->dns_redirect, nullptr); + + EXPECT_EQ(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_A], nullptr); + EXPECT_EQ(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_CNAME], nullptr); + + EXPECT_NE(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_AAAA], nullptr); + EXPECT_EQ(utarray_len(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_AAAA]), 1); + struct dns_answer_record *p_record=(struct dns_answer_record *)utarray_front(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_AAAA]); + EXPECT_NE(p_record, nullptr); + EXPECT_EQ(p_record->min_ttl, 300); + EXPECT_EQ(p_record->max_ttl, 300); + EXPECT_EQ(p_record->selected_num, 2); + EXPECT_EQ(p_record->rtype, RESPONSE_PROFILE); + EXPECT_EQ(p_record->qtype, RR_TYPE_AAAA); + EXPECT_EQ(p_record->atype, RR_TYPE_AAAA); + char profile_uuid_str[UUID_STR_LEN]; + uuid_unparse_lower(p_record->record_profile, profile_uuid_str); + EXPECT_STREQ(profile_uuid_str, "00000000-0000-0000-0000-000000000102"); + + EXPECT_NE(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_CNAME], nullptr); + EXPECT_EQ(utarray_len(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_CNAME]), 1); + p_record=(struct dns_answer_record *)utarray_front(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_CNAME]); + EXPECT_NE(p_record, nullptr); + EXPECT_EQ(p_record->min_ttl, 60); + EXPECT_EQ(p_record->max_ttl, 300); + EXPECT_EQ(p_record->selected_num, 1); + EXPECT_EQ(p_record->rtype, RESPONSE_CNAME); + EXPECT_EQ(p_record->qtype, RR_TYPE_AAAA); + EXPECT_EQ(p_record->atype, RR_TYPE_CNAME); + EXPECT_STREQ(p_record->cname, "www.cname.aaaa.net"); + + security_rule_free("SECURITY_RULE_PLUGIN", (void **)(&p_rule), 0, NULL); +} + +TEST(security_maat, security_rule_is_deny_dns_redirect_CNAME_A_Profile) +{ + const char *table_line="{ \ + \"uuid\": \"00000000-0000-0000-0000-000000000129\", \ + \"action\": \"deny\", \ + \"log_option\": \"all\", \ + \"action_parameter\": { \ + \"sub_action\": \"redirect\", \ + \"resolution\": [ \ + { \ + \"qtype\": \"A\", \ + \"answer\": [ \ + { \ + \"atype\": \"CNAME\", \ + \"value\": \"www.cname.a.net\", \ + \"ttl\": { \ + \"min\": 60, \ + \"max\": 300 \ + } \ + }, \ + { \ + \"atype\": \"A\", \ + \"record_profile\": \"00000000-0000-0000-0000-000000000103\", \ + \"selected_num\": 2, \ + \"ttl\": { \ + \"min\": 300, \ + \"max\": 300 \ + } \ + } \ + ] \ + } \ + ] \ + } \ + }"; + + struct security_rule *p_rule=NULL; + security_rule_new("SECURITY_RULE_PLUGIN", "00000000-0000-0000-0000-000000000129", table_line, (void **)(&p_rule), 0, NULL); + EXPECT_NE(p_rule, nullptr); + + char rule_uuid_str[UUID_STR_LEN]; + uuid_unparse_lower(p_rule->rule_uuid, rule_uuid_str); + EXPECT_STREQ(rule_uuid_str, "00000000-0000-0000-0000-000000000129"); + EXPECT_EQ(p_rule->log_option, LOG_OPTION_ALL); + + EXPECT_EQ(p_rule->action, SECURITY_RULE_ACTION_DENY); + EXPECT_STREQ(p_rule->action_str, "deny"); + EXPECT_NE(p_rule->deny, nullptr); + EXPECT_EQ(p_rule->deny->origin, origin_override); + EXPECT_NE(p_rule->deny->override_action, nullptr); + EXPECT_EQ(p_rule->deny->override_action->sub_action_type, RULE_SUB_ACTION_DNS_REDIRECT); + EXPECT_NE(p_rule->deny->override_action->dns_redirect, nullptr); + + EXPECT_NE(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_A], nullptr); + EXPECT_EQ(utarray_len(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_A]), 1); + struct dns_answer_record *p_record=(struct dns_answer_record *)utarray_front(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_A]); + EXPECT_NE(p_record, nullptr); + EXPECT_EQ(p_record->min_ttl, 300); + EXPECT_EQ(p_record->max_ttl, 300); + EXPECT_EQ(p_record->selected_num, 2); + EXPECT_EQ(p_record->rtype, RESPONSE_PROFILE); + EXPECT_EQ(p_record->qtype, RR_TYPE_A); + EXPECT_EQ(p_record->atype, RR_TYPE_A); + char profile_uuid_str[UUID_STR_LEN]; + uuid_unparse_lower(p_record->record_profile, profile_uuid_str); + EXPECT_STREQ(profile_uuid_str, "00000000-0000-0000-0000-000000000103"); + + EXPECT_NE(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_CNAME], nullptr); + EXPECT_EQ(utarray_len(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_CNAME]), 1); + p_record=(struct dns_answer_record *)utarray_front(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_CNAME]); + EXPECT_NE(p_record, nullptr); + EXPECT_EQ(p_record->min_ttl, 60); + EXPECT_EQ(p_record->max_ttl, 300); + EXPECT_EQ(p_record->selected_num, 1); + EXPECT_EQ(p_record->rtype, RESPONSE_CNAME); + EXPECT_EQ(p_record->qtype, RR_TYPE_A); + EXPECT_EQ(p_record->atype, RR_TYPE_CNAME); + EXPECT_STREQ(p_record->cname, "www.cname.a.net"); + + EXPECT_EQ(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_AAAA], nullptr); + EXPECT_EQ(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_CNAME], nullptr); + + security_rule_free("SECURITY_RULE_PLUGIN", (void **)(&p_rule), 0, NULL); + +} + +TEST(security_maat, security_rule_is_deny_dns_redirect_CNAME_Profile_A) +{ + const char *table_line="{ \ + \"uuid\": \"00000000-0000-0000-0000-000000000129\", \ + \"action\": \"deny\", \ + \"log_option\": \"all\", \ + \"action_parameter\": { \ + \"sub_action\": \"redirect\", \ + \"resolution\": [ \ + { \ + \"qtype\": \"A\", \ + \"answer\": [ \ + { \ + \"atype\": \"A\", \ + \"value\": \"192.168.0.3\", \ + \"ttl\": { \ + \"min\": 60, \ + \"max\": 300 \ + } \ + }, \ + { \ + \"atype\": \"CNAME\", \ + \"record_profile\": \"00000000-0000-0000-0000-000000000104\", \ + \"selected_num\": 2, \ + \"ttl\": { \ + \"min\": 300, \ + \"max\": 300 \ + } \ + } \ + ] \ + } \ + ] \ + } \ + }"; + + struct security_rule *p_rule=NULL; + security_rule_new("SECURITY_RULE_PLUGIN", "00000000-0000-0000-0000-000000000129", table_line, (void **)(&p_rule), 0, NULL); + EXPECT_NE(p_rule, nullptr); + + char rule_uuid_str[UUID_STR_LEN]; + uuid_unparse_lower(p_rule->rule_uuid, rule_uuid_str); + EXPECT_STREQ(rule_uuid_str, "00000000-0000-0000-0000-000000000129"); + EXPECT_EQ(p_rule->log_option, LOG_OPTION_ALL); + + EXPECT_EQ(p_rule->action, SECURITY_RULE_ACTION_DENY); + EXPECT_STREQ(p_rule->action_str, "deny"); + EXPECT_NE(p_rule->deny, nullptr); + EXPECT_EQ(p_rule->deny->origin, origin_override); + EXPECT_NE(p_rule->deny->override_action, nullptr); + EXPECT_EQ(p_rule->deny->override_action->sub_action_type, RULE_SUB_ACTION_DNS_REDIRECT); + EXPECT_NE(p_rule->deny->override_action->dns_redirect, nullptr); + + EXPECT_NE(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_A], nullptr); + EXPECT_EQ(utarray_len(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_A]), 1); + struct dns_answer_record *p_record=(struct dns_answer_record *)utarray_front(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_A]); + EXPECT_NE(p_record, nullptr); + EXPECT_EQ(p_record->min_ttl, 60); + EXPECT_EQ(p_record->max_ttl, 300); + EXPECT_EQ(p_record->selected_num, 1); + EXPECT_EQ(p_record->rtype, RESPONSE_IPV4); + EXPECT_EQ(p_record->qtype, RR_TYPE_A); + EXPECT_EQ(p_record->atype, RR_TYPE_A); + char ipv4_addr_str[INET_ADDRSTRLEN]; + inet_ntop(AF_INET, &(p_record->v4_addr), ipv4_addr_str, INET_ADDRSTRLEN); + EXPECT_STREQ(ipv4_addr_str, "192.168.0.3"); + + EXPECT_NE(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_CNAME], nullptr); + EXPECT_EQ(utarray_len(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_CNAME]), 1); + p_record=(struct dns_answer_record *)utarray_front(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_CNAME]); + EXPECT_NE(p_record, nullptr); + EXPECT_EQ(p_record->min_ttl, 300); + EXPECT_EQ(p_record->max_ttl, 300); + EXPECT_EQ(p_record->selected_num, 2); + EXPECT_EQ(p_record->rtype, RESPONSE_PROFILE); + EXPECT_EQ(p_record->qtype, RR_TYPE_A); + EXPECT_EQ(p_record->atype, RR_TYPE_CNAME); + char profile_uuid_str[UUID_STR_LEN]; + uuid_unparse_lower(p_record->record_profile, profile_uuid_str); + EXPECT_STREQ(profile_uuid_str, "00000000-0000-0000-0000-000000000104"); + + EXPECT_EQ(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_AAAA], nullptr); + EXPECT_EQ(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_CNAME], nullptr); + + security_rule_free("SECURITY_RULE_PLUGIN", (void **)(&p_rule), 0, NULL); +} + +TEST(security_maat, security_rule_is_deny_dns_redirect_CNAME_Profile_AAAA) +{ + const char *table_line="{ \ + \"uuid\": \"00000000-0000-0000-0000-000000000129\", \ + \"action\": \"deny\", \ + \"log_option\": \"all\", \ + \"action_parameter\": { \ + \"sub_action\": \"redirect\", \ + \"resolution\": [ \ + { \ + \"qtype\": \"AAAA\", \ + \"answer\": [ \ + { \ + \"atype\": \"CNAME\", \ + \"value\": \"www.cname.aaaa.net\", \ + \"ttl\": { \ + \"min\": 60, \ + \"max\": 300 \ + } \ + }, \ + { \ + \"atype\": \"AAAA\", \ + \"record_profile\": \"00000000-0000-0000-0000-000000000102\", \ + \"selected_num\": 2, \ + \"ttl\": { \ + \"min\": 300, \ + \"max\": 300 \ + } \ + } \ + ] \ + }, \ + { \ + \"qtype\": \"A\", \ + \"answer\": [ \ + { \ + \"atype\": \"CNAME\", \ + \"value\": \"www.cname.a.net\", \ + \"ttl\": { \ + \"min\": 60, \ + \"max\": 300 \ + } \ + }, \ + { \ + \"atype\": \"A\", \ + \"record_profile\": \"00000000-0000-0000-0000-000000000103\", \ + \"selected_num\": 2, \ + \"ttl\": { \ + \"min\": 300, \ + \"max\": 300 \ + } \ + } \ + ] \ + } \ + ] \ + } \ + }"; + + struct security_rule *p_rule=NULL; + security_rule_new("SECURITY_RULE_PLUGIN", "00000000-0000-0000-0000-000000000129", table_line, (void **)(&p_rule), 0, NULL); + EXPECT_NE(p_rule, nullptr); + + char rule_uuid_str[UUID_STR_LEN]; + uuid_unparse_lower(p_rule->rule_uuid, rule_uuid_str); + EXPECT_STREQ(rule_uuid_str, "00000000-0000-0000-0000-000000000129"); + EXPECT_EQ(p_rule->log_option, LOG_OPTION_ALL); + + EXPECT_EQ(p_rule->action, SECURITY_RULE_ACTION_DENY); + EXPECT_STREQ(p_rule->action_str, "deny"); + EXPECT_NE(p_rule->deny, nullptr); + EXPECT_EQ(p_rule->deny->origin, origin_override); + EXPECT_NE(p_rule->deny->override_action, nullptr); + EXPECT_EQ(p_rule->deny->override_action->sub_action_type, RULE_SUB_ACTION_DNS_REDIRECT); + EXPECT_NE(p_rule->deny->override_action->dns_redirect, nullptr); + + EXPECT_NE(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_A], nullptr); + EXPECT_EQ(utarray_len(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_A]), 1); + struct dns_answer_record *p_record=(struct dns_answer_record *)utarray_front(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_A]); + EXPECT_NE(p_record, nullptr); + EXPECT_EQ(p_record->min_ttl, 300); + EXPECT_EQ(p_record->max_ttl, 300); + EXPECT_EQ(p_record->selected_num, 2); + EXPECT_EQ(p_record->rtype, RESPONSE_PROFILE); + EXPECT_EQ(p_record->qtype, RR_TYPE_A); + EXPECT_EQ(p_record->atype, RR_TYPE_A); + char profile_uuid_str[UUID_STR_LEN]; + uuid_unparse_lower(p_record->record_profile, profile_uuid_str); + EXPECT_STREQ(profile_uuid_str, "00000000-0000-0000-0000-000000000103"); + + EXPECT_NE(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_CNAME], nullptr); + EXPECT_EQ(utarray_len(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_CNAME]), 1); + p_record=(struct dns_answer_record *)utarray_front(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_A_CNAME]); + EXPECT_NE(p_record, nullptr); + EXPECT_EQ(p_record->min_ttl, 60); + EXPECT_EQ(p_record->max_ttl, 300); + EXPECT_EQ(p_record->selected_num, 1); + EXPECT_EQ(p_record->rtype, RESPONSE_CNAME); + EXPECT_EQ(p_record->qtype, RR_TYPE_A); + EXPECT_EQ(p_record->atype, RR_TYPE_CNAME); + EXPECT_STREQ(p_record->cname, "www.cname.a.net"); + + EXPECT_NE(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_AAAA], nullptr); + EXPECT_EQ(utarray_len(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_AAAA]), 1); + p_record=(struct dns_answer_record *)utarray_front(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_AAAA]); + EXPECT_NE(p_record, nullptr); + EXPECT_EQ(p_record->min_ttl, 300); + EXPECT_EQ(p_record->max_ttl, 300); + EXPECT_EQ(p_record->selected_num, 2); + EXPECT_EQ(p_record->rtype, RESPONSE_PROFILE); + EXPECT_EQ(p_record->qtype, RR_TYPE_AAAA); + EXPECT_EQ(p_record->atype, RR_TYPE_AAAA); + uuid_unparse_lower(p_record->record_profile, profile_uuid_str); + EXPECT_STREQ(profile_uuid_str, "00000000-0000-0000-0000-000000000102"); + + EXPECT_NE(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_CNAME], nullptr); + EXPECT_EQ(utarray_len(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_CNAME]), 1); + p_record=(struct dns_answer_record *)utarray_front(p_rule->deny->override_action->dns_redirect->answer_array[DNS_ANSWER_TYPE_AAAA_CNAME]); + EXPECT_NE(p_record, nullptr); + EXPECT_EQ(p_record->min_ttl, 60); + EXPECT_EQ(p_record->max_ttl, 300); + EXPECT_EQ(p_record->selected_num, 1); + EXPECT_EQ(p_record->rtype, RESPONSE_CNAME); + EXPECT_EQ(p_record->qtype, RR_TYPE_AAAA); + EXPECT_EQ(p_record->atype, RR_TYPE_CNAME); + EXPECT_STREQ(p_record->cname, "www.cname.aaaa.net"); + + security_rule_free("SECURITY_RULE_PLUGIN", (void **)(&p_rule), 0, NULL); }
\ No newline at end of file |