diff options
| author | liuxueli <[email protected]> | 2021-10-11 14:57:18 +0800 |
|---|---|---|
| committer | liuxueli <[email protected]> | 2021-10-11 14:57:18 +0800 |
| commit | a2f2adc82a821f1534318f14726c2262d30e566a (patch) | |
| tree | 71c7195006b1f44daffecbc5c7c445377acb1e67 | |
| parent | c84fb97aaeed8feca0c6abed850a5a59b47daa4e (diff) | |
策略中的district与扫描时设置的district不一致时命中了策略
| -rw-r--r-- | test/maat_json.json | 28 | ||||
| -rw-r--r-- | test/test_maatframe.cpp | 36 |
2 files changed, 64 insertions, 0 deletions
diff --git a/test/maat_json.json b/test/maat_json.json index 59b37da..7b61372 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -2262,6 +2262,34 @@ "not_flag": 0 } ] + }, + { + "is_valid": "yes", + "do_log": 0, + "effective_rage": 0, + "action": 0, + "compile_id": 189, + "service": 0, + "do_blacklist": 0, + "user_region": "StringScan.ShouldNotHitExprPlus", + "groups": [ + { + "regions": [ + { + "table_name": "APP_PAYLOAD", + "table_content": { + "format": "hexbin", + "match_method": "sub", + "district": "tcp.payload.c2s_first_data", + "keywords": "ab00", + "expr_type": "none" + }, + "table_type": "expr_plus" + } + ], + "group_name": "Untitled" + } + ] } ], "plugin_table": [ diff --git a/test/test_maatframe.cpp b/test/test_maatframe.cpp index 4edb699..9147c2f 100644 --- a/test/test_maatframe.cpp +++ b/test/test_maatframe.cpp @@ -646,6 +646,42 @@ TEST(StringScan, ExprPlusWithOffset) return; } +TEST(StringScan, ShouldNotHitExprPlus) +{ + int ret=0, table_id=0; + struct Maat_rule_t result[4]; + scan_status_t mid=NULL; + const char* region_name="tcp.payload"; + unsigned char udp_payload_not_hit[] = { /* Stun packet */ + 0x00, 0x03, 0x00, 0x4a, 0x21, 0x12, 0xa4, 0x42, + 0x4f, 0xc2, 0xc2, 0x70, 0xb3, 0xa8, 0x4e, 0x22, + 0xf5, 0x22, 0x87, 0x4c, 0x40, 0x00, 0x00, 0x46, + 0x03, 0x02, 0xab, 0x39, 0xbb, 0x97, 0xe5, 0x01, + 0x3a, 0x46, 0x1c, 0x28, 0x5b, 0xab, 0xfa, 0x9a, + 0xab, 0x2e, 0x71, 0x39, 0x66, 0xa0, 0xd7, 0xb9, + 0xd8, 0x41, 0xa7, 0xa0, 0x84, 0xa9, 0xf3, 0x1b, + 0x03, 0x7f, 0xa8, 0x28, 0xa2, 0xd3, 0x64, 0xc2, + 0x3d, 0x20, 0xe0, 0xb1, 0x41, 0x12, 0x6c, 0x2f, + 0xc5, 0xbb, 0xc3, 0xba, 0x69, 0x73, 0x52, 0x64, + 0xf6, 0x30, 0x81, 0xf4, 0x3f, 0xc2, 0x19, 0x6a, + 0x68, 0x61, 0x93, 0x08, 0xc0, 0x0a, 0xab, 0x00 }; + + memset(&result, 0, sizeof(result)); + table_id=Maat_table_register(g_feather, "APP_PAYLOAD"); + ASSERT_GT(table_id, 0); + ret=Maat_set_scan_status(g_feather, &mid, MAAT_SET_SCAN_DISTRICT, region_name, strlen(region_name)); + EXPECT_EQ(ret, 0); + + ret=Maat_full_scan_string(g_feather, table_id,CHARSET_GBK, (char*)udp_payload_not_hit, sizeof(udp_payload_not_hit), + result, NULL, 4, + &mid, 0); + EXPECT_EQ(ret, 0); + + Maat_clean_status(&mid); + return; +} + + TEST(StringScan, ExprPlusWithHex) { int table_id=0,ret=0; |