diff options
| author | root <[email protected]> | 2024-09-14 11:29:12 +0000 |
|---|---|---|
| committer | root <[email protected]> | 2024-09-14 11:29:12 +0000 |
| commit | 20de47c873c226ffa1717e5d6ad47ac4ce4c8d1b (patch) | |
| tree | 828fa14bb1e28ed44a06df850ae63602ac7121ca | |
| parent | feb1576545e9eb98154d595f5746a2b68144658a (diff) | |
run first test case success
| -rw-r--r-- | src/CMakeLists.txt | 2 | ||||
| -rw-r--r-- | src/inc_internal/maat_attribute.h | 62 | ||||
| -rw-r--r-- | src/inc_internal/maat_config_monitor.h | 4 | ||||
| -rw-r--r-- | src/inc_internal/maat_core.h | 1 | ||||
| -rw-r--r-- | src/maat_api.c | 1 | ||||
| -rw-r--r-- | src/maat_attribute.c | 248 | ||||
| -rw-r--r-- | src/maat_config_monitor.c | 163 | ||||
| -rw-r--r-- | src/maat_core.c | 4 | ||||
| -rw-r--r-- | src/maat_redis_monitor.c | 1 | ||||
| -rw-r--r-- | src/maat_rule.c | 38 | ||||
| -rw-r--r-- | src/maat_table.c | 17 | ||||
| -rw-r--r-- | test/json_update/corrupted.json | 24 | ||||
| -rw-r--r-- | test/json_update/new.json | 25 | ||||
| -rw-r--r-- | test/json_update/old.json | 29 | ||||
| -rw-r--r-- | test/maat_framework_gtest.cpp | 14 | ||||
| -rw-r--r-- | test/maat_json.json | 8284 | ||||
| -rw-r--r-- | test/table_info.json | 482 | ||||
| -rw-r--r-- | test/test_utils.cpp | 2 |
18 files changed, 4721 insertions, 4680 deletions
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 8c2f1a1..867187f 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -14,7 +14,7 @@ add_definitions(-fPIC) set(MAAT_SRC alignment.c maat_api.c rcu_hash.c maat_garbage_collection.c maat_config_monitor.c maat_core.c maat_kv.c maat_ex_data.c maat_utils.c maat_command.c maat_redis_monitor.c maat_table.c maat_rule.c maat_object.c maat_ip.c maat_flag.c maat_interval.c maat_expr.c maat_plugin.c - maat_ip_plugin.c maat_ipport_plugin.c maat_bool_plugin.c maat_fqdn_plugin.c maat_attribute.c maat_stat.c) + maat_ip_plugin.c maat_ipport_plugin.c maat_bool_plugin.c maat_fqdn_plugin.c maat_stat.c) set(LIB_SOURCE_FILES ${PROJECT_SOURCE_DIR}/deps/cJSON/cJSON.c ${PROJECT_SOURCE_DIR}/deps/log/log.c) diff --git a/src/inc_internal/maat_attribute.h b/src/inc_internal/maat_attribute.h deleted file mode 100644 index c437555..0000000 --- a/src/inc_internal/maat_attribute.h +++ /dev/null @@ -1,62 +0,0 @@ -/* -********************************************************************************************** -* File: maat_attribute.h -* Description: -* Authors: Liu WenTan <[email protected]> -* Date: 2022-10-31 -* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved. -*********************************************************************************************** -*/ - -#ifndef _MAAT_ATTRIBUTE_H_ -#define _MAAT_ATTRIBUTE_H_ - -#ifdef __cplusplus -extern "C" -{ -#endif - -#include "cJSON/cJSON.h" -#include "maat_table.h" - -struct attribute_runtime; - -void *attribute_schema_new(cJSON *json, struct table_manager *tbl_mgr, - const char *table_name, struct log_handle *logger); - -void attribute_schema_free(void *attribute_schema); - -void *attribute_runtime_new(void *attribute_schema, size_t max_thread_num, - struct maat_garbage_bin *garbage_bin, - struct log_handle *logger); - -void attribute_runtime_free(void *attribute_runtime); - -void attribute_runtime_scan_times_inc(struct attribute_runtime *virt_rt, - int thread_id); - -void attribute_runtime_scan_bytes_add(struct attribute_runtime *virt_rt, - int thread_id, long long val); - -long long attribute_runtime_scan_bytes(void *virt_rt); - -long long attribute_runtime_scan_times(void *attribute_runtime); - -long long attribute_runtime_scan_cpu_time(void *attribute_runtime); - -void attribute_runtime_hit_times_inc(struct attribute_runtime *virt_rt, - int thread_id); - -long long attribute_runtime_hit_times(void *attribute_runtime); - -void attribute_runtime_hit_item_num_add(struct attribute_runtime *virt_rt, - int thread_id, long long val); - -long long attribute_runtime_hit_item_num(void *attribute_runtime); - - -#ifdef __cplusplus -} -#endif - -#endif
\ No newline at end of file diff --git a/src/inc_internal/maat_config_monitor.h b/src/inc_internal/maat_config_monitor.h index 7ff3a97..15fb7b2 100644 --- a/src/inc_internal/maat_config_monitor.h +++ b/src/inc_internal/maat_config_monitor.h @@ -28,8 +28,8 @@ void config_monitor_traverse(long long version, const cJSON *json_root, const char *dec_key, struct log_handle *logger); int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename, - cJSON *json_root, char *err_str, size_t err_str_sz); -void convert_maat_json_rule(cJSON *json_root, unsigned char *json_buff); + cJSON **json_root, char *err_str, size_t err_str_sz); +void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff); #ifdef __cplusplus } diff --git a/src/inc_internal/maat_core.h b/src/inc_internal/maat_core.h index bb94829..f861ee6 100644 --- a/src/inc_internal/maat_core.h +++ b/src/inc_internal/maat_core.h @@ -31,7 +31,6 @@ extern "C" #include "maat.h" #include "maat_kv.h" #include "maat_table.h" -#include "maat_attribute.h" #include "maat_stat.h" #include "hiredis/hiredis.h" diff --git a/src/maat_api.c b/src/maat_api.c index 4c6507e..04f5be5 100644 --- a/src/maat_api.c +++ b/src/maat_api.c @@ -38,7 +38,6 @@ #include "maat_ipport_plugin.h" #include "maat_fqdn_plugin.h" #include "maat_bool_plugin.h" -#include "maat_attribute.h" #include "maat_stat.h" #include "uthash/utarray.h" diff --git a/src/maat_attribute.c b/src/maat_attribute.c deleted file mode 100644 index fcd033f..0000000 --- a/src/maat_attribute.c +++ /dev/null @@ -1,248 +0,0 @@ -/* -********************************************************************************************** -* File: maat_attribute.c -* Description: -* Authors: Liu WenTan <[email protected]> -* Date: 2022-10-31 -* Copyright: (c) Since 2022 Geedge Networks, Ltd. All rights reserved. -*********************************************************************************************** -*/ - -#include <assert.h> - -#include "maat_kv.h" -#include "maat_utils.h" -#include "log/log.h" -#include "alignment.h" -#include "maat_core.h" -#include "maat_table.h" - -#define MODULE_ATTRIBUTE module_name_str("maat.attribute") - -struct attribute_schema { - int attribute_id; - int physical_table_id; - struct table_manager *ref_tbl_mgr; -}; - -struct attribute_runtime { - size_t n_worker_thread; - long long *scan_times; - long long *scan_bytes; - long long *scan_cpu_time; - long long *hit_times; - long long *hit_item_num; -}; - -void *attribute_schema_new(cJSON *json, struct table_manager *tbl_mgr, - const char *table_name, struct log_handle *logger) -{ - struct attribute_schema *schema = ALLOC(struct attribute_schema, 1); - schema->ref_tbl_mgr = tbl_mgr; - - cJSON *item = cJSON_GetObjectItem(json, "table_id"); - if (NULL == item || item->type != cJSON_Number) { - log_fatal(logger, MODULE_ATTRIBUTE, - "[%s:%d] attribute:<%s> schema has no table_id column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - schema->attribute_id = item->valueint; - - item = cJSON_GetObjectItem(json, "physical_table"); - if (NULL == item || item->type != cJSON_String) { - log_fatal(logger, MODULE_ATTRIBUTE, - "[%s:%d] attribute:<%s> schema has no physical_table column", - __FUNCTION__, __LINE__, table_name); - goto error; - } - - schema->physical_table_id = table_manager_get_table_id(tbl_mgr, item->valuestring); - if (schema->physical_table_id < 0) { - log_fatal(logger, MODULE_ATTRIBUTE, - "[%s:%d] attribute:<%s>'s physical table:<%s> unregistered.", - __FUNCTION__, __LINE__, table_name, item->valuestring); - goto error; - } - - return schema; -error: - FREE(schema); - return NULL; -} - -void attribute_schema_free(void *attribute_schema) -{ - FREE(attribute_schema); -} - -void *attribute_runtime_new(void *attribute_schema, size_t max_thread_num, - struct maat_garbage_bin *garbage_bin, - struct log_handle *logger) -{ - if (NULL == attribute_schema) { - return NULL; - } - - struct attribute_runtime *virt_rt = ALLOC(struct attribute_runtime, 1); - - virt_rt->n_worker_thread = max_thread_num; - virt_rt->scan_times = alignment_int64_array_alloc(max_thread_num); - virt_rt->scan_bytes = alignment_int64_array_alloc(max_thread_num); - virt_rt->scan_cpu_time = alignment_int64_array_alloc(max_thread_num); - virt_rt->hit_times = alignment_int64_array_alloc(max_thread_num); - virt_rt->hit_item_num = alignment_int64_array_alloc(max_thread_num); - - return virt_rt; -} - -void attribute_runtime_free(void *attribute_runtime) -{ - if (NULL == attribute_runtime) { - return; - } - - struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime; - - if (virt_rt->scan_times != NULL) { - alignment_int64_array_free(virt_rt->scan_times); - virt_rt->scan_times = NULL; - } - - if (virt_rt->scan_bytes != NULL) { - alignment_int64_array_free(virt_rt->scan_bytes); - virt_rt->scan_bytes = NULL; - } - - if (virt_rt->scan_cpu_time != NULL) { - alignment_int64_array_free(virt_rt->scan_cpu_time); - virt_rt->scan_cpu_time = NULL; - } - - if (virt_rt->hit_times != NULL) { - alignment_int64_array_free(virt_rt->hit_times); - virt_rt->hit_times = NULL; - } - - if (virt_rt->hit_item_num != NULL) { - alignment_int64_array_free(virt_rt->hit_item_num); - virt_rt->hit_item_num = NULL; - } - - FREE(virt_rt); -} - -void attribute_runtime_scan_bytes_add(struct attribute_runtime *virt_rt, - int thread_id, long long val) -{ - if (NULL == virt_rt || thread_id < 0) { - return; - } - - alignment_int64_array_add(virt_rt->scan_bytes, thread_id, val); -} - -long long attribute_runtime_scan_bytes(void *attribute_runtime) -{ - if (NULL == attribute_runtime) { - return 0; - } - - struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime; - long long sum = alignment_int64_array_sum(virt_rt->scan_bytes, - virt_rt->n_worker_thread); - alignment_int64_array_reset(virt_rt->scan_bytes, - virt_rt->n_worker_thread); - - return sum; -} - -void attribute_runtime_scan_times_inc(struct attribute_runtime *virt_rt, - int thread_id) -{ - if (NULL == virt_rt || thread_id < 0) { - return; - } - - alignment_int64_array_add(virt_rt->scan_times, thread_id, 1); -} - -long long attribute_runtime_scan_times(void *attribute_runtime) -{ - if (NULL == attribute_runtime) { - return 0; - } - - struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime; - long long sum = alignment_int64_array_sum(virt_rt->scan_times, - virt_rt->n_worker_thread); - alignment_int64_array_reset(virt_rt->scan_times, - virt_rt->n_worker_thread); - - return sum; -} - -long long attribute_runtime_scan_cpu_time(void *attribute_runtime) -{ - if (NULL == attribute_runtime) { - return 0; - } - - struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime; - long long sum = alignment_int64_array_sum(virt_rt->scan_cpu_time, - virt_rt->n_worker_thread); - alignment_int64_array_reset(virt_rt->scan_cpu_time, - virt_rt->n_worker_thread); - - return sum; -} - -void attribute_runtime_hit_times_inc(struct attribute_runtime *virt_rt, - int thread_id) -{ - if (NULL == virt_rt || thread_id < 0) { - return; - } - - alignment_int64_array_add(virt_rt->hit_times, thread_id, 1); -} - -long long attribute_runtime_hit_times(void *attribute_runtime) -{ - if (NULL == attribute_runtime) { - return 0; - } - - struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime; - long long sum = alignment_int64_array_sum(virt_rt->hit_times, - virt_rt->n_worker_thread); - alignment_int64_array_reset(virt_rt->hit_times, - virt_rt->n_worker_thread); - - return sum; -} - -void attribute_runtime_hit_item_num_add(struct attribute_runtime *virt_rt, - int thread_id, long long val) -{ - if (NULL == virt_rt || thread_id < 0) { - return; - } - - alignment_int64_array_add(virt_rt->hit_item_num, thread_id, val); -} - -long long attribute_runtime_hit_item_num(void *attribute_runtime) -{ - if (NULL == attribute_runtime) { - return 0; - } - - struct attribute_runtime *virt_rt = (struct attribute_runtime *)attribute_runtime; - long long sum = alignment_int64_array_sum(virt_rt->hit_item_num, - virt_rt->n_worker_thread); - alignment_int64_array_reset(virt_rt->hit_item_num, - virt_rt->n_worker_thread); - - return sum; -} diff --git a/src/maat_config_monitor.c b/src/maat_config_monitor.c index 55aad62..6e091a7 100644 --- a/src/maat_config_monitor.c +++ b/src/maat_config_monitor.c @@ -88,15 +88,13 @@ int my_scandir(const char *dir, struct dirent ***namelist, static void config_load_json_content(const cJSON *json_root, const char *table_name, const char *key, void *u_param, int (*update_fn)(const char *, const char *, void *, enum maat_operation)) { - cJSON *tmp_item = NULL; cJSON *array_item = NULL; int i; - tmp_item = cJSON_GetObjectItem(json_root, table_name); array_item = cJSON_GetObjectItem(json_root, key); if (array_item != NULL) { - for (i = 0; i < cJSON_GetArraySize(tmp_item); i++) { - cJSON *rule = cJSON_GetArrayItem(tmp_item, i); + for (i = 0; i < cJSON_GetArraySize(array_item); i++) { + cJSON *rule = cJSON_GetArrayItem(array_item, i); if (rule == NULL) { continue; } @@ -106,7 +104,7 @@ static void config_load_json_content(const cJSON *json_root, const char *table_n continue; } - update_fn(tmp_item->valuestring, rule_str, u_param, MAAT_OP_ADD); + update_fn(table_name, rule_str, u_param, MAAT_OP_ADD); FREE(rule_str); } } @@ -127,8 +125,10 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root, } cJSON *tmp_obj = NULL; + cJSON *rule_table = cJSON_GetObjectItem(json_root, "rule_table"); + cJSON *object2object_table = cJSON_GetObjectItem(json_root, "object2object_table"); - tmp_obj = cJSON_GetObjectItem(json_root, "objects"); + tmp_obj = cJSON_GetObjectItem(json_root, "items"); if (tmp_obj != NULL) { for (i = 0; i < cJSON_GetArraySize(tmp_obj); i++) { cJSON *object = cJSON_GetArrayItem(tmp_obj, i); @@ -136,11 +136,6 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root, continue; } - cJSON *regions = cJSON_GetObjectItem(object, "regions"); - if (regions == NULL) { - continue; - } - cJSON *table_name = cJSON_GetObjectItem(object, "table_name"); if (table_name == NULL) { continue; @@ -158,25 +153,107 @@ void config_monitor_traverse(long long current_version, const cJSON *json_root, } } - config_load_json_content(json_root, "object2object_table", "object_groups", u_param, update_fn); - config_load_json_content(json_root, "rule_table", "rules", u_param, update_fn); + config_load_json_content(json_root, object2object_table->valuestring, "object_groups", u_param, update_fn); + config_load_json_content(json_root, rule_table->valuestring, "rules", u_param, update_fn); if (finish_fn != NULL) { finish_fn(u_param); } } -void convert_maat_json_rule(cJSON *json_root, unsigned char *json_buff) +void convert_maat_json_rule(cJSON **json_root, unsigned char *json_buff) { - json_root = cJSON_Parse((const char *)json_buff); - cJSON *top_objects = cJSON_GetObjectItem(json_root, "objects"); - //cJSON *object_groups = cJSON_GetObjectItem(json_root, "object_groups");//TODO: object include object in rules - cJSON *rules = cJSON_GetObjectItem(json_root, "rules"); - cJSON *tmp_rule = NULL; + *json_root = cJSON_Parse((const char *)json_buff); + cJSON *top_items = cJSON_GetObjectItem(*json_root, "items"); + cJSON *top_objects = cJSON_GetObjectItem(*json_root, "objects"); + cJSON *rules = cJSON_GetObjectItem(*json_root, "rules"); long long item_id = 1; long long object_id = 1; char str[10]; + if (top_items == NULL) { + top_items = cJSON_CreateArray(); + cJSON_AddItemToObject(*json_root, "items", top_items); + } + + /* + "objects": [ "items": [ + { { + "object_name": "ASN1234", "table_name": "AS_NUMBER", + "object_id": 1, "table_content": { + "items": [ "item_id": "1", + { "object_id": "1", + "table_name": "AS_NUMBER", --------------------> "keywords": "^AS1234$", + "table_type": "expr", "expr_type": "and" + "table_content": { } + "keywords": "^AS1234$", } + "expr_type": "and" ] + } + } + ] + } + ] + */ + cJSON *tmp_node = NULL; + cJSON_ArrayForEach(tmp_node, top_objects) { + cJSON *object_id_obj = cJSON_GetObjectItem(tmp_node, "object_id"); + cJSON *items = cJSON_GetObjectItem(tmp_node, "items"); + cJSON *tmp_item = NULL; + cJSON_ArrayForEach(tmp_item, items) { + cJSON *table_name = cJSON_GetObjectItem(tmp_item, "table_name"); + cJSON *table_content = cJSON_GetObjectItem(tmp_item, "table_content"); + cJSON *new_item = cJSON_CreateObject(); + cJSON *new_table_content = cJSON_Duplicate(table_content, 0); + + if (object_id_obj == NULL) { + memset(str, 0, sizeof(str)); + snprintf(str, sizeof(str), "%lld", object_id); + cJSON_AddStringToObject(new_table_content, "object_id", str); + object_id++; + } else { + cJSON_AddStringToObject(new_table_content, "object_id", object_id_obj->valuestring); + } + + if (cJSON_GetObjectItem(table_content, "item_id") == NULL) { + memset(str, 0, sizeof(str)); + snprintf(str, sizeof(str), "%lld", item_id); + cJSON_AddStringToObject(new_table_content, "item_id", str); + item_id++; + } + + cJSON_AddStringToObject(new_item, "table_name", table_name->valuestring); + cJSON_AddItemToObject(new_item, "table_content", new_table_content); + cJSON_AddItemToArray(top_items, new_item); + } + } + + /* + "rules": [ "items":[ + { { + "rule_id": "201", "table_name": "ATTR_APP_ID", + "conditions": [ "table_content": { + { "item_id": "1", + "attribute_name": "ATTR_APP_ID", "object_id": "1", + "objects": [ "interval": "4001" + { + "items":[ --------------> } + "table_name": "APP_ID_DICT", } + "table_type": "interval", ] + "interval": "4001" + ] + } "rules": [{ + ] "rule_id": "201", + } "conditions": [ + ], { + "misc": "blah, blah" "attribute_name": "ATTR_APP_ID", + } "object_ids": [1] + ] } + ] + "misc": "blah, blah" + } + ] + */ + cJSON *tmp_rule = NULL; cJSON_ArrayForEach(tmp_rule, rules) { cJSON *tmp_condition = NULL; cJSON *condition_array = cJSON_GetObjectItem(tmp_rule, "conditions"); @@ -184,26 +261,42 @@ void convert_maat_json_rule(cJSON *json_root, unsigned char *json_buff) cJSON *tmp_object = NULL; cJSON *object_id_array = cJSON_CreateArray(); cJSON *object_array = cJSON_GetObjectItem(tmp_condition, "objects"); + + if (object_array == NULL) { + continue; + } + cJSON_ArrayForEach(tmp_object, object_array) { //find items, generate item_id and object_id - cJSON *table_name = cJSON_GetObjectItem(tmp_object, "table_name"); - cJSON *tmp_item = cJSON_CreateObject(); - cJSON_AddItemToObject(tmp_item, "table_name", cJSON_CreateString(table_name->valuestring)); - cJSON *dup = cJSON_Duplicate(tmp_object, 0); - if (cJSON_GetObjectItem(dup, "item_id") == NULL) { - memset(str, 0, sizeof(str)); - snprintf(str, sizeof(str), "%lld", item_id); - cJSON_AddItemToObject(dup, "item_id", cJSON_CreateString(str)); - item_id++; - } - if (cJSON_GetObjectItem(dup, "object_id") == NULL) { - memset(str, 0, sizeof(str)); + cJSON *object_id_obj = cJSON_GetObjectItem(tmp_object, "object_id"); + cJSON *items = cJSON_GetObjectItem(tmp_object, "items"); + cJSON *item = NULL; + + memset(str, 0, sizeof(str)); + if (object_id_obj != NULL) { + snprintf(str, sizeof(str), "%s", object_id_obj->valuestring); + } else { snprintf(str, sizeof(str), "%lld", object_id); - cJSON_AddItemToObject(dup, "object_id", cJSON_CreateString(str)); object_id++; } - cJSON_AddItemToObject(tmp_item, "table_content", dup); - cJSON_AddItemToArray(top_objects, tmp_item); + cJSON_ArrayForEach(item, items) { + cJSON *table_name = cJSON_GetObjectItem(item, "table_name"); + cJSON *tmp_item = cJSON_CreateObject(); + cJSON_AddItemToObject(tmp_item, "table_name", cJSON_CreateString(table_name->valuestring)); + + cJSON *dup = cJSON_Duplicate(cJSON_GetObjectItem(item, "table_content"), 1); + + if (cJSON_GetObjectItem(dup, "item_id") == NULL) { + memset(str, 0, sizeof(str)); + snprintf(str, sizeof(str), "%lld", item_id); + cJSON_AddStringToObject(dup, "item_id", str); + item_id++; + } + cJSON_AddStringToObject(dup, "object_id", str); + + cJSON_AddItemToObject(tmp_item, "table_content", dup); + cJSON_AddItemToArray(top_items, tmp_item); + } cJSON_AddItemToArray(object_id_array, cJSON_CreateString(str)); } @@ -216,7 +309,7 @@ void convert_maat_json_rule(cJSON *json_root, unsigned char *json_buff) } int load_maat_json_rule_file(struct maat *maat_inst, const char *json_filename, - cJSON *json_root, char *err_str, size_t err_str_sz) + cJSON **json_root, char *err_str, size_t err_str_sz) { int ret = 0; unsigned char *json_buff = NULL; diff --git a/src/maat_core.c b/src/maat_core.c index fbec874..d6f0288 100644 --- a/src/maat_core.c +++ b/src/maat_core.c @@ -336,7 +336,7 @@ void maat_read_full_config(struct maat *maat_inst) break; case DATA_SOURCE_JSON_FILE: ret = load_maat_json_rule_file(maat_inst, maat_inst->opts.json_ctx.json_file, - json_root, err_str, sizeof(err_str)); + &json_root, err_str, sizeof(err_str)); if (ret < 0) { log_fatal(maat_inst->logger, MODULE_MAAT_RULE, "[%s:%d] Maat re-initiate with JSON file %s failed: %s", @@ -460,7 +460,7 @@ void *rule_monitor_loop(void *arg) md5_file(maat_inst->opts.json_ctx.json_file, md5_tmp); if (0 != strcmp(md5_tmp, maat_inst->opts.json_ctx.effective_json_md5)) { ret = load_maat_json_rule_file(maat_inst, maat_inst->opts.json_ctx.json_file, - json_root, err_str, sizeof(err_str)); + &json_root, err_str, sizeof(err_str)); if (ret < 0) { log_fatal(maat_inst->logger, MODULE_MAAT_RULE, "[%s:%d] Maat re-initiate with JSON file %s (md5=%s)failed: %s\n", diff --git a/src/maat_redis_monitor.c b/src/maat_redis_monitor.c index bc3f2f6..4d29dbe 100644 --- a/src/maat_redis_monitor.c +++ b/src/maat_redis_monitor.c @@ -22,7 +22,6 @@ #include "maat_config_monitor.h" #include "maat_redis_monitor.h" #include "maat_plugin.h" -#include "maat_attribute.h" #define MODULE_REDIS_MONITOR module_name_str("maat.redis_monitor") diff --git a/src/maat_rule.c b/src/maat_rule.c index d28d7df..4409148 100644 --- a/src/maat_rule.c +++ b/src/maat_rule.c @@ -279,23 +279,25 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule } tmp_obj = cJSON_GetObjectItem(condition_obj, "negate_option"); - if (tmp_obj == NULL || tmp_obj->type != cJSON_String) { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> has no negate_option or not string format", - __FUNCTION__, __LINE__, table_name); - goto error; - } + if (tmp_obj) { + if (tmp_obj->type != cJSON_String) { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> has no negate_option or not string format", + __FUNCTION__, __LINE__, table_name); + goto error; + } - if (strncmp(tmp_obj->valuestring, "true", 4) == 0) { - condition->negate_option = CONDITION_NEGATE_OPTION_SET; - } else if (strncmp(tmp_obj->valuestring, "false", 5) == 0) { - condition->negate_option = CONDITION_NEGATE_OPTION_UNSET; - } else { - log_fatal(logger, MODULE_RULE, - "[%s:%d] table: <%s> negate_option:%s is illegal", - __FUNCTION__, __LINE__, table_name, tmp_obj->valuestring); - goto error; - } + if (strncmp(tmp_obj->valuestring, "true", 4) == 0) { + condition->negate_option = CONDITION_NEGATE_OPTION_SET; + } else if (strncmp(tmp_obj->valuestring, "false", 5) == 0) { + condition->negate_option = CONDITION_NEGATE_OPTION_UNSET; + } else { + log_fatal(logger, MODULE_RULE, + "[%s:%d] table: <%s> negate_option:%s is illegal", + __FUNCTION__, __LINE__, table_name, tmp_obj->valuestring); + goto error; + } + } if (condition->negate_option == CONDITION_NEGATE_OPTION_SET) { int ret = validate_table_not_condition(rule_rt, schema->ref_tbl_mgr, condition->attribute_id, MAAT_OP_ADD, logger); @@ -315,8 +317,8 @@ static struct maat_rule *maat_rule_new(struct rule_runtime *rule_rt, struct rule for (int j = 0; j < n_object_ids; j++) { cJSON *object_id_obj = cJSON_GetArrayItem(tmp_obj, j); - if (object_id_obj && object_id_obj->type == cJSON_Number) { - long long object_id = object_id_obj->valueint; + if (object_id_obj && object_id_obj->type == cJSON_String) { + long long object_id = atoll(object_id_obj->valuestring); condition->object_ids[j] = object_id; } } diff --git a/src/maat_table.c b/src/maat_table.c index b52d824..2ecc143 100644 --- a/src/maat_table.c +++ b/src/maat_table.c @@ -27,7 +27,6 @@ #include "maat_bool_plugin.h" #include "maat_fqdn_plugin.h" #include "maat_interval.h" -#include "maat_attribute.h" #include "expr_matcher/expr_matcher.h" #define MODULE_TABLE module_name_str("maat.table") @@ -272,22 +271,6 @@ struct table_operations table_ops[TABLE_TYPE_MAX] = { .rule_count = bool_plugin_runtime_rule_count, .update_err_count = bool_plugin_runtime_update_err_count }, -#if 0 - { - .type = TABLE_TYPE_ATTRIBUTE, - .new_schema = attribute_schema_new, - .free_schema = attribute_schema_free, - .new_runtime = attribute_runtime_new, - .free_runtime = attribute_runtime_free, - .update_runtime = NULL, - .commit_runtime = NULL, - .scan_times = attribute_runtime_scan_times, - .scan_bytes = attribute_runtime_scan_bytes, - .scan_cpu_time = attribute_runtime_scan_cpu_time, - .hit_times = attribute_runtime_hit_times, - .hit_item_num = attribute_runtime_hit_item_num - }, -#endif { .type = TABLE_TYPE_RULE, .new_schema = rule_schema_new, diff --git a/test/json_update/corrupted.json b/test/json_update/corrupted.json index fdc6c7d..623e6b3 100644 --- a/test/json_update/corrupted.json +++ b/test/json_update/corrupted.json @@ -10,23 +10,25 @@ "do_log": 1, "user_region": "anything", "is_valid": "yes", - "objects": [ + "conditions": [ { "object_name": "Untitled", - "regions": [ + "objects": [ { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "hello&world", - "expr_type": "none", - "match_method": "sub", - "format": "uncase plain" - } + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "hello&world", + "expr_type": "none" + } + } + ] } ] } ] } ] -} +}
\ No newline at end of file diff --git a/test/json_update/new.json b/test/json_update/new.json index ba07f69..650bb33 100644 --- a/test/json_update/new.json +++ b/test/json_update/new.json @@ -1,6 +1,5 @@ { "rule_table": "RULE_DEFAULT", - "object2rule_table": "OBJECT2RULE_DEFAULT", "object2object_table": "OBJECT2OBJECT", "rules": [ { @@ -11,23 +10,25 @@ "do_log": 1, "user_region": "anything", "is_valid": "yes", - "objects": [ + "conditions": [ { "attribute": "HTTP_URL", - "regions": [ + "objects": [ { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "MESA&Maat", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" - } + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "MESA&Maat", + "expr_type": "and" + } + } + ] } ] } ] } ] -} +}
\ No newline at end of file diff --git a/test/json_update/old.json b/test/json_update/old.json index c395d6f..e382fa9 100644 --- a/test/json_update/old.json +++ b/test/json_update/old.json @@ -1,34 +1,35 @@ { "rule_table": "RULE_DEFAULT", - "object2rule_table": "OBJECT2RULE_DEFAULT", "object2object_table": "OBJECT2OBJECT", "rules": [ { - "rule_id": 1, + "rule_id": "1", "service": 1, "action": 1, "do_blacklist": 1, "do_log": 1, "user_region": "anything", "is_valid": "yes", - "objects": [ + "conditions": [ { "object_name": "Untitled", - "attribute": "HTTP_URL", - "regions": [ + "attribute_name": "HTTP_URL", + "objects": [ { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "hello&world", - "expr_type": "and", - "match_method": "sub", - "format": "uncase plain" - } + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "hello&world", + "expr_type": "and" + } + } + ] } ] } ] } ] -} +}
\ No newline at end of file diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index c18c19e..0d6ff23 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -108,16 +108,16 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old) { const char *hit_old_data = "Hello world! I'm eve."; const char *hit_new_data = "Maat was borned in MESA."; - const char *table_name = "HTTP_URL"; + const char *attribute_name = "HTTP_URL"; long long results[ARRAY_SIZE] = {0}; size_t n_hit_result = 0; int thread_id = 0; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int table_id = maat_get_table_id(maat_inst, table_name); - ASSERT_GT(table_id, 0); + int attribute_id = maat_get_attribute_id(maat_inst, attribute_name); + ASSERT_GT(attribute_id, 0); - int ret = maat_scan_string(maat_inst, table_id, hit_old_data, + int ret = maat_scan_string(maat_inst, attribute_id, hit_old_data, strlen(hit_old_data), results, ARRAY_SIZE, &n_hit_result, state); if (is_old) { @@ -127,12 +127,12 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old) EXPECT_EQ(ret, MAAT_SCAN_OK); } - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, attribute_id, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, table_id, hit_new_data, + ret = maat_scan_string(maat_inst, attribute_id, hit_new_data, strlen(hit_new_data), results, ARRAY_SIZE, &n_hit_result, state); if (!is_old) { @@ -142,7 +142,7 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old) EXPECT_EQ(ret, MAAT_SCAN_OK); } - ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, attribute_id, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); diff --git a/test/maat_json.json b/test/maat_json.json index adc147a..936a651 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -1,3974 +1,4610 @@ { - "rule_table": "RULE_DEFAULT", - "object2rule_table": "OBJECT2RULE_DEFAULT", - "object2object_table": "OBJECT2OBJECT", - "objects": [ - { - "object_name": "ASN1234", - "object_id": 1, - "regions": [ - { - "table_name": "AS_NUMBER", - "table_type": "expr", + "rule_table": "RULE_DEFAULT", + "object2object_table": "OBJECT2OBJECT", + "objects": [ + { + "object_name": "ASN1234", + "object_id": "1", + "items": [ + { + "table_name": "AS_NUMBER", + "table_type": "expr", + "table_content": { + "keywords": "^AS1234$", + "expr_type": "and" + } + } + ] + }, + { + "object_name": "ASN2345", + "object_id": "2", + "items": [ + { + "table_name": "AS_NUMBER", + "table_type": "expr", + "table_content": { + "keywords": "^AS2345$", + "expr_type": "and" + } + } + ] + }, + { + "object_name": "ASN6789", + "object_id": "3", + "items": [ + { + "table_name": "AS_NUMBER", + "table_type": "expr", + "table_content": { + "keywords": "^AS6789$", + "expr_type": "and" + } + } + ] + }, + { + "object_name": "ASN9001", + "object_id": "4", + "items": [ + { + "table_name": "AS_NUMBER", + "table_type": "expr", + "table_content": { + "keywords": "^AS9001$", + "expr_type": "and" + } + } + ] + }, + { + "object_name": "ASN9002", + "object_id": "5", + "items": [ + { + "table_name": "AS_NUMBER", + "table_type": "expr", + "table_content": { + "keywords": "^AS9002$", + "expr_type": "and" + } + } + ] + }, + { + "object_name": "ASN9003", + "object_id": "6", + "items": [ + { + "table_name": "AS_NUMBER", + "table_type": "expr", + "table_content": { + "keywords": "^AS9003$", + "expr_type": "and" + } + } + ] + }, + { + "object_name": "IPv4-composition-source-only", + "object_id": "7", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "192.168.50.24" + } + } + ] + }, + { + "object_name": "FQDN_OBJ1", + "object_id": "8", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "^sports.example.com$", + "expr_type": "and" + } + } + ] + }, + { + "object_name": "FQDN_CAT1", + "object_id": "9", + "items": [ + { + "table_name": "INTERGER_PLUS", + "table_type": "interval_plus", + "table_content": { + "district": "fqdn_cat_id", + "interval": "1724" + } + } + ] + }, + { + "object_name": "IPv4-composition-NOT-client-ip", + "object_id": "10", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "192.168.58.19" + } + } + ] + }, + { + "object_name": "IPv4-composition-NOT-server-ip", + "object_id": "11", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "10.0.1.20-10.0.1.25" + } + } + ] + }, + { + "object_name": "financial-department-ip", + "object_id": "12", + "items": [ + { + "table_name": "IP_CONFIG", + "table_type": "ip", + "table_content": { + "ip": "192.168.40.88/32" + } + } + ] + }, + { + "object_name": "security-department-ip", + "object_id": "13", + "items": [ + { + "table_name": "IP_PLUS_CONFIG", + "table_type": "ip", + "table_content": { + "ip": "192.168.40.88/32" + } + } + ] + }, + { + "object_name": "develop-department-ip", + "object_id": "14", + "items": [ + { + "table_name": "IP_PLUS_CONFIG", + "table_type": "ip", + "table_content": { + "ip": "192.168.40.88/32" + } + } + ] + }, + { + "object_name": "Country-Sparta-IP", + "object_id": "15", + "items": [ + { + "table_name": "GeoLocation", + "table_type": "expr", + "table_content": { + "keywords": "^Greece.Sparta$", + "expr_type": "and" + } + } + ] + }, + { + "object_name": "123_IP_object", + "object_id": "100", + "items": [ + { + "table_name": "IP_CONFIG", + "table_type": "ip", + "table_content": { + "ip": "10.0.6.201/32" + } + }, + { + "table_name": "IP_CONFIG", + "table_type": "ip", + "table_content": { + "ip": "2001:da8:205:1::101/112" + } + } + ] + }, + { + "object_name": "126_interval_object", + "object_id": "106", + "items": [ + { + "table_name": "CONTENT_SIZE", + "table_type": "interval", "table_content": { - "keywords": "^AS1234$", - "expr_type": "and" + "interval": "2014-2016" } } ] }, - { - "object_name": "ASN2345", - "object_id": 2, - "regions": [ + { + "object_name": "TakeMeHome", + "object_id": "111", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "Take me Home&Batman\\", + "expr_type": "and" + } + } + ] + }, + { + "object_name": "152_mail_addr", + "object_id": "141", + "items": [ { - "table_name": "AS_NUMBER", "table_type": "expr", + "table_name": "MAIL_ADDR", "table_content": { - "keywords": "^AS2345$", + "keywords": "^[email protected]", "expr_type": "and" } - } - ] - }, - { - "object_name": "ASN6789", - "object_id": 3, - "regions": [ + }, { - "table_name": "AS_NUMBER", "table_type": "expr", + "table_name": "MAIL_ADDR", "table_content": { - "keywords": "^AS6789$", + "keywords": "^[email protected]", "expr_type": "and" } } ] }, { - "object_name": "ASN9001", - "object_id": 4, - "regions": [ + "object_name": "153_expr_object", + "object_id": "143", + "items": [ { - "table_name": "AS_NUMBER", "table_type": "expr", + "table_name": "MAIL_ADDR", "table_content": { - "keywords": "^AS9001$", + "keywords": "^[email protected]", "expr_type": "and" } } ] }, { - "object_name": "ASN9002", - "object_id": 5, - "regions": [ + "object_name": "vt_grp_http_sig1", + "object_id": "152", + "items": [ { - "table_name": "AS_NUMBER", - "table_type": "expr", + "table_name": "HTTP_SIGNATURE", + "table_type": "expr_plus", "table_content": { - "keywords": "^AS9002$", + "district": "User-Agent", + "keywords": "Chrome/78.0.3904.108", "expr_type": "and" } } ] }, { - "object_name": "ASN9003", - "object_id": 6, - "regions": [ + "object_name": "vt_grp_http_sig2", + "object_id": "153", + "items": [ { - "table_name": "AS_NUMBER", - "table_type": "expr", + "table_name": "HTTP_SIGNATURE", + "table_type": "expr_plus", "table_content": { - "keywords": "^AS9003$", + "district": "Cookie", + "keywords": "uid=12345678", + "expr_type": "and" + } + }, + { + "table_name": "HTTP_SIGNATURE", + "table_type": "expr_plus", + "table_content": { + "district": "Cookie", + "keywords": "sessionid=888888", "expr_type": "and" } } ] }, { - "object_name": "IPv4-composition-source-only", - "object_id": 7, - "regions": [ + "object_name": "167_url_object", + "object_id": "158", + "items": [ { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", + "table_name": "HTTP_URL", + "table_type": "expr", "table_content": { - "ip": "192.168.50.24" + "keywords": "2019/12/27", + "expr_type": "and" } } ] }, { - "object_name": "FQDN_OBJ1", - "object_id": 8, - "regions": [ + "object_name": "ExcludeLogicObject199_1", + "object_id": 189, + "is_exclude": 0, + "items": [ { - "table_name": "KEYWORDS_TABLE", + "table_name": "HTTP_URL", "table_type": "expr", "table_content": { - "keywords": "^sports.example.com$", + "keywords": "must-contained-string-of-rule-199", "expr_type": "and" } } ] }, { - "object_name": "FQDN_CAT1", - "object_id": 9, - "regions": [ + "object_name": "ExcludeLogicObject199_2", + "object_id": 190, + "is_exclude": 1, + "items": [ { - "table_name": "INTERGER_PLUS", - "table_type": "interval_plus", + "table_name": "HTTP_URL", + "table_type": "expr", "table_content": { - "district": "fqdn_cat_id", - "interval": "1724" + "keywords": "must-not-contained-string-of-rule-199", + "expr_type": "and" } } ] }, { - "object_name": "IPv4-composition-NOT-client-ip", - "object_id": 10, - "regions": [ + "object_name": "ExcludeLogicObject200_1", + "object_id": 192, + "is_exclude": 0, + "items": [ { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", + "table_name": "HTTP_URL", + "table_type": "expr", "table_content": { - "ip": "192.168.58.19" + "keywords": "must-contained-string-of-rule-200", + "expr_type": "and" } } ] }, { - "object_name": "IPv4-composition-NOT-server-ip", - "object_id": 11, - "regions": [ + "object_name": "ExcludeLogicObject200_2", + "object_id": 193, + "is_exclude": 1, + "items": [ { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", + "table_name": "HTTP_URL", + "table_type": "expr", "table_content": { - "ip": "10.0.1.20-10.0.1.25" + "keywords": "must-not-contained-string-of-rule-200", + "expr_type": "and" } } ] }, { - "object_name": "financial-department-ip", - "object_id": 12, - "regions": [ + "object_name": "ExcludeLogicObject202_1", + "object_id": 195, + "is_exclude": 0, + "items": [ { - "table_name": "IP_CONFIG", - "table_type":"ip", + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", "table_content": { - "ip": "192.168.40.88/32" + "ip": "100.64.1.0-100.64.1.20" } } ] }, { - "object_name": "security-department-ip", - "object_id": 13, - "regions": [ + "object_name": "ExcludeLogicObject202_2", + "object_id": 196, + "is_exclude": 1, + "items": [ { + "table_type": "ip", "table_name": "IP_PLUS_CONFIG", - "table_type":"ip", "table_content": { - "ip": "192.168.40.88/32" + "ip": "100.64.1.6-100.64.1.10" } } ] }, { - "object_name": "develop-department-ip", - "object_id": 14, - "regions": [ + "object_name": "ExcludeLogicObject202_3", + "object_id": 197, + "is_exclude": 1, + "items": [ { + "table_type": "ip", "table_name": "IP_PLUS_CONFIG", - "table_type":"ip", "table_content": { - "ip": "192.168.40.88/32" + "ip": "100.64.1.11-100.64.1.20" } } ] }, { - "object_name": "Country-Sparta-IP", - "object_id": 15, - "regions": [ + "object_name": "ExcludeLogicObject203_3_1", + "object_id": 201, + "is_exclude": 0, + "items": [ { - "table_name": "GeoLocation", "table_type": "expr", + "table_name": "KEYWORDS_TABLE", "table_content": { - "keywords": "^Greece.Sparta$", + "keywords": "jianshu.com$", "expr_type": "and" } } ] - } - ], - "rules": [ - { - "rule_id": 123, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "escaped\\bdata:have\\ba\\bspace\\band\\ba\\b\\&\\bsymbol.", - "is_valid": "yes", - "objects": [ - { - "attribute": "IP_CONFIG", - "object_name": "123_IP_object", - "object_id": 100, - "regions": [ - { - "table_name": "IP_CONFIG", - "table_type":"ip", - "table_content": { - "ip": "10.0.6.201/32" - } - }, - { - "table_name": "IP_CONFIG", - "table_type":"ip", - "table_content": { - "ip": "2001:da8:205:1::101/112" - } - } - ] - }, - { - "attribute": "HTTP_URL", - "object_name": "123_url_object", - "object_id": 101, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "abckkk&123", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 124, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "anything", - "is_valid": "yes", - "objects": [ - { - "attribute":"IP_CONFIG", - "object_name": "123_IP_object" - }, - { - "attribute": "CONTENT_SIZE", - "object_name": "124_interval_object", - "object_id": 102, - "regions": [ - { - "table_name": "CONTENT_SIZE", - "table_type": "interval", - "table_content": { - "interval": "100-500" - } - } - ] - } - ] - }, - { - "rule_id": 125, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "anything", - "is_valid": "yes", - "objects": [ - { - "attribute":"HTTP_URL", - "object_name": "125_url_object", - "object_id": 103, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "action=search\\&query=(.*)", - "expr_type": "regex" - } - } - ] - } - ] - }, - { - "rule_id": 126, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "anything", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "126_url_object", - "object_id": 105, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "should_not_hit_any_rule", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "CONTENT_SIZE", - "object_name": "126_interval_object", - "object_id": 106, - "regions": [ - { - "table_name": "CONTENT_SIZE", - "table_type": "interval", - "table_content": { - "interval": "2014-2016" - } - } - ] - } - ] - }, - { - "rule_id": 128, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "StringScan.ExprPlus", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_SIGNATURE", - "object_name": "128_expr_plus_object", - "object_id": 107, - "regions": [ - { - "table_name": "HTTP_SIGNATURE", - "table_type": "expr_plus", - "table_content": { - "district": "HtTP UrL", - "keywords": "abckkk&123", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 129, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "utf8_中文", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "129_url_object", - "object_id": 108, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "C#中国", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 130, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "utf8_维语", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "130_keywords_object", - "object_id": 109, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "2010&يىلىدىكى", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 131, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "utf8_维语2", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "131_keywords_object", - "object_id": 110, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "سىياسىي", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 132, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "string\\bunescape", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "TakeMeHome", - "object_id": 111, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "Take me Home&Batman\\", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 133, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "13018_table_conjunction_test_part1\bnow_its_very_very_long0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_HOST", - "object_name": "133_host_object", - "object_id": 112, - "regions": [ - { - "table_name": "HTTP_HOST", - "table_type": "expr", - "table_content": { - "keywords": "www.3300av.com", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 134, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "table_conjunction_test_part2", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "134_url_object", - "object_id": 113, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "novel&27122.txt", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 136, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "offset_string", - "is_valid": "yes", - "objects": [ - { - "attribute": "IMAGE_FP", - "object_name": "136_expr_object", - "object_id": 114, - "regions": [ - { - "table_name": "IMAGE_FP", - "table_type": "expr", - "table_content": { - "keywords": "(offset=4362,depth=4458)|323031333A30333A30372032333A35363A313000323031333A30333A30372032333A35363A3130000000FFE20C584943435F50524F46494C4500010100000C484C696E6F021000006D6E74725247422058595A2007CE00020009000600310000|", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 137, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "offset_string", - "is_valid": "yes", - "objects": [ - { - "attribute": "IMAGE_FP", - "object_name": "137_expr_object", - "object_id": 115, - "regions": [ - { - "table_name": "IMAGE_FP", - "table_type": "expr", - "table_content": { - "keywords": "(offset=19339,depth=19467)|6CB2CB2F2028474C994991CCFC65CCA5E3B6FF001673985D157358610CACC674EE64CC27B5721CCDABD9CCA7C8E9F7BB1F54A930A6034D50F92711F5B2DACCB0715D2E6873CE5CE431DC701A194C260E9DB78CC89F2C84745869AB88349A3AE0412AB59D9ABA84EDEFFF0057FA4DA66D333698B5AD6F844DA2226D1CADAD5E44|", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 138, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "effective_range": 0, - "tags": "{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}", - "user_region": "Not\\baccepted\\btags", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "138_url_object", - "object_id": 116, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "should&hit&aaa", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 139, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "effective_range": 0, - "tags": "{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}", - "user_region": "Accepted\\btags", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "139_url_object", - "object_id": 117, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "should&hit&bbb", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 140, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "file_streams", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "140_keywords_object", - "object_id": 118, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "2018-10-05", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 141, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "Something:I\\bhave\\ba\\bname,7799", - "rule_table_name": "RULE_ALIAS", - "is_valid": "yes", - "objects": [ - { - "g2c_table_name": "OBJECT2RULE_ALIAS", - "attribute": "HTTP_URL", - "object_name": "141_url_object", - "object_id": 119, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "i.ytimg.com", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 142, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "StringScan.UTF8EncodedURL", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "142_url_object", - "object_id": 120, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": ",IgpwcjA0LnN2bzAzKgkxMjcuMC4wLjE", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 143, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "NOTLogic.OneRegion", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL_FILTER", - "object_name": "143_url_object1", - "object_id": 121, - "negate_option": 0, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "must-contained-string-of-rule-143", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_URL_FILTER", - "object_name": "143_url_object2", - "object_id": 122, - "negate_option": 1, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "must-not-contained-string-of-rule-143", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 144, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "NOTLogic.ScanNotAtLast", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL_FILTER", - "object_name": "144_url_object", - "object_id": 123, - "negate_option": 0, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "must-contained-string-of-rule-144", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS", - "object_name": "144_keywords_object", - "object_id": 124, - "negate_option": 1, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "must-not-contained-string-of-rule-144", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 145, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "NOTLogic.ScanNotIP", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "145_url_object", - "object_id": 125, - "negate_option": 0, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "must-contained-string-of-rule-145", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "ATTRIBUTE_IP_CONFIG", - "object_name": "123_IP_object", - "negate_option": 1 - } - ] - }, - { - "rule_id": 146, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "NOTLogic.NotExprConditionAndNotIPCondition", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL_FILTER", - "object_name": "146_url_object", - "object_id": 126, - "negate_option": 0, - "condition_index": 0, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "must-contained-string-of-rule-146", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS", - "object_name": "146_keywords_object", - "object_id": 127, - "negate_option": 1, - "condition_index": 1, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "must-contained-not-string-of-rule-146", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "ATTRIBUTE_IP_CONFIG", - "object_name": "123_IP_object", - "negate_option": 1, - "condition_index": 2 - } - ] - }, - { - "rule_id": 147, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "NOTLogic.8NotCondition", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_RESPONSE_KEYWORDS_1", - "object_name": "147_keywords_object1", - "object_id": 128, - "negate_option": 1, - "condition_index": 0, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "condition0-in-rule-147", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS_2", - "object_name": "147_keywords_object2", - "object_id": 129, - "negate_option": 1, - "condition_index": 1, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "condition1-in-rule-147", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS_3", - "object_name": "147_keywords_object3", - "object_id": 130, - "negate_option": 1, - "condition_index": 2, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "condition2-in-rule-147", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS_4", - "object_name": "147_keywords_object4", - "object_id": 131, - "negate_option": 1, - "condition_index": 3, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "condition3-in-rule-147", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS_5", - "object_name": "147_keywords_object5", - "object_id": 132, - "negate_option": 1, - "condition_index": 4, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "condition4-in-rule-147", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS_6", - "object_name": "147_keywords_object6", - "object_id": 133, - "negate_option": 1, - "condition_index": 5, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "condition5-in-rule-147", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS_7", - "object_name": "147_keywords_object7", - "object_id": 134, - "negate_option": 1, - "condition_index": 6, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "condition6-in-rule-147", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS_8", - "object_name": "147_keywords_object8", - "object_id": 135, - "negate_option": 1, - "condition_index": 7, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "condition7-in-rule-147", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 148, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "StringScan.Regex", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "148_url_object", - "object_id": 136, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "Cookie:\\s.*head", - "expr_type": "regex" - } - } - ] - } - ] }, { - "rule_id": 149, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "StringScan.ExprPlusWithOffset", - "is_valid": "yes", - "objects": [ + "object_name": "ExcludeLogicObject203_3_2", + "object_id": 202, + "is_exclude": 1, + "items": [ { - "attribute": "APP_PAYLOAD", - "object_name": "149_app_object", - "object_id": 137, - "regions": [ - { - "table_name": "APP_PAYLOAD", - "table_type": "expr_plus", - "table_content": { - "district": "Payload", - "keywords": "(offset=1,depth=1)|03|&(offset=9,depth=10)|2d|&(offset=14,depth=16)|2d34|&(offset=19,depth=21)|2d|&(offset=24,depth=25)|2d|", - "expr_type": "and" - } - } - ] + "table_type": "expr", + "table_name": "KEYWORDS_TABLE", + "table_content": { + "keywords": "^www.jianshu.com$", + "expr_type": "and" + } } ] }, { - "rule_id": 150, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "StringScan.BugReport20190325", - "is_valid": "yes", - "objects": [ + "object_name": "ExcludeLogicObject204_3_1_1", + "object_id": 207, + "is_exclude": 0, + "items": [ { - "attribute": "TROJAN_PAYLOAD", - "object_name": "billgates_regist1", - "object_id": 138, - "regions": [ - { - "table_type": "expr", - "table_name": "TROJAN_PAYLOAD", - "table_content": { - "keywords": "(offset=0,depth=4)|01000000|", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "TROJAN_PAYLOAD", - "object_name": "billgates_regist2", - "object_id": 139, - "regions": [ - { - "table_type": "expr", - "table_name": "TROJAN_PAYLOAD", - "table_content": { - "keywords": "1:G2.40", - "expr_type": "and" - } - } - ] + "table_type": "expr", + "table_name": "KEYWORDS_TABLE", + "table_content": { + "keywords": "baidu.com$", + "expr_type": "and" + } } ] }, { - "rule_id": 151, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "StringScan.PrefixAndSuffix", - "is_valid": "yes", - "objects": [ + "object_name": "ExcludeLogicObject204_3_1_2", + "object_id": 208, + "is_exclude": 1, + "items": [ { - "attribute": "MAIL_ADDR", - "object_name": "151_expr_object", - "object_id": 140, - "regions": [ - { - "table_type": "expr", - "table_name": "MAIL_ADDR", - "table_content": { - "keywords": "[email protected]$", - "expr_type": "and" - } - } - ] + "table_type": "expr", + "table_name": "KEYWORDS_TABLE", + "table_content": { + "keywords": "^www.baidu.com$", + "expr_type": "and" + } } ] }, { - "rule_id": 152, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "StringScan.PrefixAndSuffix", - "is_valid": "yes", - "objects": [ - { - "attribute": "MAIL_ADDR", - "object_name": "152_mail_addr", - "object_id": 141, - "regions": [ - { - "table_type": "expr", - "table_name": "MAIL_ADDR", - "table_content": { - "keywords": "^[email protected]", - "expr_type": "and" - } - }, - { - "table_type": "expr", - "table_name": "MAIL_ADDR", - "table_content": { - "keywords": "^[email protected]", - "expr_type": "and" - } - } - ] - }, + "object_name": "ExcludeLogicObject204_3_2", + "object_id": 209, + "is_exclude": 1, + "items": [ { - "attribute": "CONTENT_SIZE", - "object_name": "interval_object_refered", - "object_id": 142, - "sub_objects": [ - { - "object_name": "126_interval_object" - } - ] + "table_type": "expr", + "table_name": "KEYWORDS_TABLE", + "table_content": { + "keywords": "^mail.baidu.com$", + "expr_type": "and" + } } ] }, - { - "rule_id": 153, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "Policy.SubObject", - "is_valid": "yes", - "objects": [ - { - "attribute": "MAIL_ADDR", - "object_name": "153_expr_object", - "object_id": 143, - "negate_option": 0, - "regions": [ - { - "table_type": "expr", - "table_name": "MAIL_ADDR", - "table_content": { - "keywords": "^[email protected]", - "expr_type": "and" - } - } + { + "object_name": "ExcludeLogicObject217_1_1", + "object_id": 223, + "is_exclude": 0, + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "string-of-rule-217.com$", + "expr_type": "and" + } + } + ] + }, + { + "object_name": "ExcludeLogicObject217_1_2", + "object_id": 224, + "is_exclude": 1, + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "www.string-of-rule-217.com", + "expr_type": "and" + } + } + ] + } + ], + "object_groups": [ + { + "object_id": "500", + "include_object_ids": [ + "106" + ] + }, + { + "object_id": "501", + "include_object_ids": [ + "141" + ] + }, + { + "object_id": "502", + "include_object_ids": [ + "100" + ] + }, + { + "object_id": "503", + "include_object_ids": [ + "189" + ], + "exclude_object_ids": [ + "190" + ] + }, + { + "object_id": "504", + "include_object_ids": [ + "192" + ], + "exclude_object_ids": [ + "193" + ] + }, + { + "object_id": "505", + "include_object_ids": [ + "195" + ], + "exclude_object_ids": [ + "196", + "197" + ] + }, + { + "object_id": "506", + "include_object_ids": [ + "201" + ], + "exclude_object_ids": [ + "202" + ] + }, + { + "object_id": "507", + "object_name": "ExcludeLogicObject204_3_1", + "include_object_ids": [ + "207" + ], + "exclude_object_ids": [ + "208" + ] + }, + { + "object_id": "508", + "object_name": "ExcludeLogicObject204_3", + "include_object_ids": [ + "507" + ], + "exclude_object_ids": [ + "209" + ] + }, + { + "object_id": "509", + "include_object_ids": [ + "223" + ], + "exclude_object_ids": [ + "224" + ] + } + ], + "rules": [ + { + "rule_id": "123", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "escaped\\bdata:have\\ba\\bspace\\band\\ba\\b\\&\\bsymbol.", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IP_CONFIG", + "object_ids": [ + "100" + ] + }, + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "123_url_object", + "object_id": "101", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "abckkk&123", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "124", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "anything", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IP_CONFIG", + "object_ids": [ + "100" + ] + }, + { + "attribute": "CONTENT_SIZE", + "objects": [ + { + "object_name": "124_interval_object", + "object_id": "102", + "items": [ + { + "table_name": "CONTENT_SIZE", + "table_type": "interval", + "table_content": { + "interval": "100-500" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "125", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "anything", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "125_url_object", + "object_id": "103", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "action=search\\&query=(.*)", + "expr_type": "regex" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "126", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "anything", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "126_url_object", + "object_id": "105", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "should_not_hit_any_rule", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "CONTENT_SIZE", + "object_ids": [ + "106" + ] + } + ] + }, + { + "rule_id": "128", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "StringScan.ExprPlus", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_SIGNATURE", + "objects": [ + { + "object_name": "128_expr_plus_object", + "object_id": "107", + "items": [ + { + "table_name": "HTTP_SIGNATURE", + "table_type": "expr_plus", + "table_content": { + "district": "HtTP UrL", + "keywords": "abckkk&123", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "129", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "utf8_中文", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "129_url_object", + "object_id": "108", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "C#中国", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "130", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "utf8_维语", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "objects": [ + { + "object_name": "130_keywords_object", + "object_id": "109", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "2010&يىلىدىكى", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "131", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "utf8_维语2", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "objects": [ + { + "object_name": "131_keywords_object", + "object_id": "110", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "سىياسىي", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "132", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "string\\bunescape", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "object_ids":[ + "111" + ] + } + ] + }, + { + "rule_id": "133", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "13018_table_conjunction_test_part1\bnow_its_very_very_long0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz0123456789abcdefghijklmnopkrstuvwxyz", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_HOST", + "objects": [ + { + "object_name": "133_host_object", + "object_id": "112", + "items": [ + { + "table_name": "HTTP_HOST", + "table_type": "expr", + "table_content": { + "keywords": "www.3300av.com", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "134", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "table_conjunction_test_part2", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "134_url_object", + "object_id": "113", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "novel&27122.txt", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "136", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "offset_string", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IMAGE_FP", + "objects": [ + { + "object_name": "136_expr_object", + "object_id": "114", + "items": [ + { + "table_name": "IMAGE_FP", + "table_type": "expr", + "table_content": { + "keywords": "(offset=4362,depth=4458)|323031333A30333A30372032333A35363A313000323031333A30333A30372032333A35363A3130000000FFE20C584943435F50524F46494C4500010100000C484C696E6F021000006D6E74725247422058595A2007CE00020009000600310000|", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "137", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "offset_string", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IMAGE_FP", + "objects": [ + { + "object_name": "137_expr_object", + "object_id": "115", + "items": [ + { + "table_name": "IMAGE_FP", + "table_type": "expr", + "table_content": { + "keywords": "(offset=19339,depth=19467)|6CB2CB2F2028474C994991CCFC65CCA5E3B6FF001673985D157358610CACC674EE64CC27B5721CCDABD9CCA7C8E9F7BB1F54A930A6034D50F92711F5B2DACCB0715D2E6873CE5CE431DC701A194C260E9DB78CC89F2C84745869AB88349A3AE0412AB59D9ABA84EDEFFF0057FA4DA66D333698B5AD6F844DA2226D1CADAD5E44|", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "138", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "tags": "{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}", + "user_region": "Not\\baccepted\\btags", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "138_url_object", + "object_id": "116", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "should&hit&aaa", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "139", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "effective_range": 0, + "tags": "{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}", + "user_region": "Accepted\\btags", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "139_url_object", + "object_id": "117", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "should&hit&bbb", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "140", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "file_streams", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "objects": [ + { + "object_name": "140_keywords_object", + "object_id": "118", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "2018-10-05", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "141", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "Something:I\\bhave\\ba\\bname,7799", + "rule_table_name": "RULE_ALIAS", + "is_valid": "yes", + "conditions": [ + { + "g2c_table_name": "OBJECT2RULE_ALIAS", + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "141_url_object", + "object_id": "119", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "i.ytimg.com", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "142", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "StringScan.UTF8EncodedURL", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "142_url_object", + "object_id": "120", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": ",IgpwcjA0LnN2bzAzKgkxMjcuMC4wLjE", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "143", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.OneRegion", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL_FILTER", + "negate_option": 0, + "objects": [ + { + "object_name": "143_url_object1", + "object_id": "121", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "must-contained-string-of-rule-143", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_URL_FILTER", + "negate_option": 1, + "objects": [ + { + "object_name": "143_url_object2", + "object_id": "122", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "must-not-contained-string-of-rule-143", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "144", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.ScanNotAtLast", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL_FILTER", + "negate_option": 0, + "objects": [ + { + "object_name": "144_url_object", + "object_id": "123", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "must-contained-string-of-rule-144", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS", + "negate_option": 1, + "objects": [ + { + "object_name": "144_keywords_object", + "object_id": "124", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "must-not-contained-string-of-rule-144", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "145", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.ScanNotIP", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "negate_option": 0, + "objects": [ + { + "object_name": "145_url_object", + "object_id": "125", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "must-contained-string-of-rule-145", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "ATTRIBUTE_IP_CONFIG", + "negate_option": 1, + "object_ids": [ + "100" + ] + } + ] + }, + { + "rule_id": "146", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.NotExprConditionAndNotIPCondition", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL_FILTER", + "negate_option": 0, + "condition_index": 0, + "objects": [ + { + "object_name": "146_url_object", + "object_id": "126", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "must-contained-string-of-rule-146", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS", + "negate_option": 1, + "condition_index": 1, + "objects": [ + { + "object_name": "146_keywords_object", + "object_id": "127", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "must-contained-not-string-of-rule-146", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "ATTRIBUTE_IP_CONFIG", + "negate_option": 1, + "condition_index": 2, + "object_ids": [ + "100" + ] + } + ] + }, + { + "rule_id": "147", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.8NotCondition", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_RESPONSE_KEYWORDS_1", + "negate_option": 1, + "condition_index": 0, + "objects": [ + { + "object_name": "147_keywords_object1", + "object_id": "128", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "condition0-in-rule-147", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS_2", + "negate_option": 1, + "condition_index": 1, + "objects": [ + { + "object_name": "147_keywords_object2", + "object_id": "129", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "condition1-in-rule-147", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS_3", + "negate_option": 1, + "condition_index": 2, + "objects": [ + { + "object_name": "147_keywords_object3", + "object_id": "130", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "condition2-in-rule-147", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS_4", + "negate_option": 1, + "condition_index": 3, + "objects": [ + { + "object_name": "147_keywords_object4", + "object_id": "131", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "condition3-in-rule-147", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS_5", + "negate_option": 1, + "condition_index": 4, + "objects": [ + { + "object_name": "147_keywords_object5", + "object_id": "132", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "condition4-in-rule-147", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS_6", + "negate_option": 1, + "condition_index": 5, + "objects": [ + { + "object_name": "147_keywords_object6", + "object_id": "133", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "condition5-in-rule-147", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS_7", + "negate_option": 1, + "condition_index": 6, + "objects": [ + { + "object_name": "147_keywords_object7", + "object_id": "134", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "condition6-in-rule-147", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS_8", + "negate_option": 1, + "condition_index": 7, + "objects": [ + { + "object_name": "147_keywords_object8", + "object_id": "135", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "condition7-in-rule-147", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "148", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "StringScan.Regex", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "148_url_object", + "object_id": "136", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "Cookie:\\s.*head", + "expr_type": "regex" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "149", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "StringScan.ExprPlusWithOffset", + "is_valid": "yes", + "conditions": [ + { + "attribute": "APP_PAYLOAD", + "objects": [ + { + "object_name": "149_app_object", + "object_id": "137", + "items": [ + { + "table_name": "APP_PAYLOAD", + "table_type": "expr_plus", + "table_content": { + "district": "Payload", + "keywords": "(offset=1,depth=1)|03|&(offset=9,depth=10)|2d|&(offset=14,depth=16)|2d34|&(offset=19,depth=21)|2d|&(offset=24,depth=25)|2d|", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "150", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "StringScan.BugReport20190325", + "is_valid": "yes", + "conditions": [ + { + "attribute": "TROJAN_PAYLOAD", + "objects": [ + { + "object_name": "billgates_regist1", + "object_id": "138", + "items": [ + { + "table_type": "expr", + "table_name": "TROJAN_PAYLOAD", + "table_content": { + "keywords": "(offset=0,depth=4)|01000000|", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "TROJAN_PAYLOAD", + "objects": [ + { + "object_name": "billgates_regist2", + "object_id": "139", + "items": [ + { + "table_type": "expr", + "table_name": "TROJAN_PAYLOAD", + "table_content": { + "keywords": "1:G2.40", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "151", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "StringScan.PrefixAndSuffix", + "is_valid": "yes", + "conditions": [ + { + "attribute": "MAIL_ADDR", + "objects": [ + { + "object_name": "151_expr_object", + "object_id": "140", + "items": [ + { + "table_type": "expr", + "table_name": "MAIL_ADDR", + "table_content": { + "keywords": "[email protected]$", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "152", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "StringScan.PrefixAndSuffix", + "is_valid": "yes", + "conditions": [ + { + "attribute": "MAIL_ADDR", + "object_ids": [ + "141" + ] + }, + { + "attribute": "CONTENT_SIZE", + "object_ids": [ + "500" + ] + } + ] + }, + { + "rule_id": "153", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "Policy.SubObject", + "is_valid": "yes", + "conditions": [ + { + "attribute": "MAIL_ADDR", + "negate_option": 0, + "object_ids": [ + "143", + "501" + ] + }, + { + "attribute": "IP_CONFIG", + "object_ids": [ + "502" + ] + } + ] + }, + { + "rule_id": "154", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "ipv4_plus", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IP_PLUS_CONFIG", + "negate_option": 0, + "objects": [ + { + "object_name": "154_IP_object", + "object_id": "145", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "10.0.7.100-10.0.7.101" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "155", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "ipv6_plus", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IP_PLUS_CONFIG", + "negate_option": 0, + "objects": [ + { + "object_name": "155_IP_object", + "object_id": "146", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "1001:da8:205:1::101-1001:da8:205:1::102" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "156", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "ExprPlusWithHex", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_SIGNATURE", + "objects": [ + { + "object_name": "156_expr_object", + "object_id": "147", + "items": [ + { + "table_name": "HTTP_SIGNATURE", + "table_type": "expr_plus", + "table_content": { + "district": "Content-Type", + "keywords": "|2f68746d6c|", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "157", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "StringScan.StreamScanUTF8", + "is_valid": "yes", + "conditions": [ + { + "attribute": "TROJAN_PAYLOAD", + "objects": [ + { + "object_name": "157_expr_object", + "object_id": "148", + "items": [ + { + "table_type": "expr", + "table_name": "TROJAN_PAYLOAD", + "table_content": { + "keywords": "我的订单", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "158", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "IPScan.IPv4_CIDR", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IP_PLUS_CONFIG", + "objects": [ + { + "object_name": "158_IP_object", + "object_id": "149", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "192.168.0.1/32" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "159", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "IPScan.IPv6_CIDR", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IP_PLUS_CONFIG", + "objects": [ + { + "object_name": "159_IP_object", + "object_id": "150", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "2001:db8::/120" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "160", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "AttributeWithOnePhysical", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_RESPONSE_KEYWORDS", + "negate_option": 0, + "object_ids":[ + "111" + ] + }, + { + "attribute": "HTTP_URL", + "negate_option": 0, + "objects": [ + { + "object_name": "160_url_object", + "object_id": "151", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "https://blog.csdn.net/littlefang/article/details/8213058", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "161", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "attribute_test_temp", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_SIGNATURE", + "negate_option": 0, + "object_ids": [ + "152" + ] + }, + { + "attribute": "HTTP_SIGNATURE", + "negate_option": 0, + "object_ids": [ + "153" + ] + } + ] + }, + { + "rule_id": "162", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "AttributeWithAttribute", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_REQUEST_HEADER", + "negate_option": 0, + "object_ids": [ + "152" + ] + }, + { + "attribute": "HTTP_RESPONSE_HEADER", + "negate_option": 0, + "object_ids": [ + "153" + ] + } + ] + }, + { + "rule_id": "163", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "OneObjectInTwoAttribute", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_REQUEST_HEADER", + "negate_option": 0, + "object_ids": [ + "153" + ] + }, + { + "attribute": "HTTP_RESPONSE_HEADER", + "negate_option": 0, + "object_ids": [ + "153" + ] + } + ] + }, + { + "rule_id": "164", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "CharsetWindows1251", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "objects": [ + { + "object_name": "164_keywords_object", + "object_id": "154", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": ">ЗАО «Севергазвтоматика АйС»<", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "165", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "EvaluationOrder", + "is_valid": "yes", + "evaluation_order": "2.111", + "conditions": [ + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "165_url_object", + "object_id": "155", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "cavemancircus.com/", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "IP_PLUS_CONFIG", + "negate_option": 0, + "objects": [ + { + "object_name": "165_IP_object", + "object_id": "156", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "192.168.23.1/24" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "166", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "EvaluationOrder", + "is_valid": "yes", + "evaluation_order": "100.233", + "conditions": [ + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "166_url_object", + "object_id": "157", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "2019/12/27/pretty-girls-6", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "167", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "EvaluationOrder", + "is_valid": "yes", + "evaluation_order": "300.999", + "conditions": [ + { + "attribute": "HTTP_URL", + "condition_index": 1, + "object_ids": [ + "158" + ] + }, + { + "attribute": "HTTP_URL", + "object_ids": [ + "158" ], - "sub_objects": [ - { - "attribute": "MAIL_ADDR", - "object_name": "152_mail_addr" - } - ] - }, - { - "attribute": "IP_CONFIG", - "object_name": "IP_object_refered", - "object_id": 144, - "sub_objects": [ - { - "object_name": "123_IP_object" - } - ] - } - ] - }, - { - "rule_id": 154, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "ipv4_plus", - "is_valid": "yes", - "objects": [ - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "154_IP_object", - "object_id": 145, - "negate_option": 0, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "10.0.7.100-10.0.7.101" - } - } - ] - } - ] - }, - { - "rule_id": 155, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "ipv6_plus", - "is_valid": "yes", - "objects": [ - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "155_IP_object", - "object_id": 146, - "negate_option": 0, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "1001:da8:205:1::101-1001:da8:205:1::102" - } - } - ] - } - ] - }, - { - "rule_id": 156, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "ExprPlusWithHex", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_SIGNATURE", - "object_name": "156_expr_object", - "object_id": 147, - "regions": [ - { - "table_name": "HTTP_SIGNATURE", - "table_type": "expr_plus", - "table_content": { - "district": "Content-Type", - "keywords": "|2f68746d6c|", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 157, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "StringScan.StreamScanUTF8", - "is_valid": "yes", - "objects": [ - { - "attribute": "TROJAN_PAYLOAD", - "object_name": "157_expr_object", - "object_id": 148, - "regions": [ - { - "table_type": "expr", - "table_name": "TROJAN_PAYLOAD", - "table_content": { - "keywords": "我的订单", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 158, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "IPScan.IPv4_CIDR", - "is_valid": "yes", - "objects": [ - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "158_IP_object", - "object_id": 149, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "192.168.0.1/32" - } - } - ] - } - ] - }, - { - "rule_id": 159, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "IPScan.IPv6_CIDR", - "is_valid": "yes", - "objects": [ - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "159_IP_object", - "object_id": 150, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "2001:db8::/120" - } - } - ] - } - ] - }, - { - "rule_id": 160, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "AttributeWithOnePhysical", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_RESPONSE_KEYWORDS", - "object_name": "TakeMeHome", - "negate_option": 0 - }, - { - "attribute": "HTTP_URL", - "object_name": "160_url_object", - "object_id": 151, - "negate_option": 0, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "https://blog.csdn.net/littlefang/article/details/8213058", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 161, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "attribute_test_temp", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_SIGNATURE", - "object_name": "vt_grp_http_sig1", - "object_id": 152, - "negate_option": 0, - "regions": [ - { - "table_name": "HTTP_SIGNATURE", - "table_type": "expr_plus", - "table_content": { - "district": "User-Agent", - "keywords": "Chrome/78.0.3904.108", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_SIGNATURE", - "object_name": "vt_grp_http_sig2", - "object_id": 153, - "negate_option": 0, - "regions": [ - { - "table_name": "HTTP_SIGNATURE", - "table_type": "expr_plus", - "table_content": { - "district": "Cookie", - "keywords": "uid=12345678", - "expr_type": "and" - } - }, - { - "table_name": "HTTP_SIGNATURE", - "table_type": "expr_plus", - "table_content": { - "district": "Cookie", - "keywords": "sessionid=888888", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 162, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "AttributeWithAttribute", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_REQUEST_HEADER", - "object_name": "vt_grp_http_sig1", - "negate_option": 0 - }, - { - "attribute": "HTTP_RESPONSE_HEADER", - "object_name": "vt_grp_http_sig2", - "negate_option": 0 - } - ] - }, - { - "rule_id": 163, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "OneObjectInTwoAttribute", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_REQUEST_HEADER", - "object_name": "vt_grp_http_sig2", - "negate_option": 0 - }, - { - "attribute": "HTTP_RESPONSE_HEADER", - "object_name": "vt_grp_http_sig2", - "negate_option": 0 - } - ] - }, - { - "rule_id": 164, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "CharsetWindows1251", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "164_keywords_object", - "object_id": 154, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": ">ЗАО «Севергазвтоматика АйС»<", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 165, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "EvaluationOrder", - "is_valid": "yes", - "evaluation_order": "2.111", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "165_url_object", - "object_id": 155, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "cavemancircus.com/", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "165_IP_object", - "object_id": 156, - "negate_option": 0, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "192.168.23.1/24" - } - } - ] - } - ] - }, - { - "rule_id": 166, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "EvaluationOrder", - "is_valid": "yes", - "evaluation_order": "100.233", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "166_url_object", - "object_id": 157, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "2019/12/27/pretty-girls-6", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 167, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "EvaluationOrder", - "is_valid": "yes", - "evaluation_order": "300.999", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "167_url_object", - "object_id": 158, - "condition_index": 1, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "2019/12/27", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_URL", - "object_name": "167_url_object", - "object_id": 158, - "condition_index": 3 - } - ] - }, - { - "rule_id": 168, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "EvaluationOrder", - "is_valid": "yes", - "evaluation_order": "0", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "167_url_object", - "object_id": 158, - "condition_index": 2 - }, - { - "attribute": "HTTP_URL", - "object_name": "167_url_object", - "object_id": 158, - "condition_index": 6 - } - ] - }, - { - "rule_id": 169, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "IPScan.IPv4_Any", - "is_valid": "yes", - "objects": [ - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "169_IP_object", - "object_id": 160, - "condition_index": 0, - "negate_option" : 0, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "100.64.3.1/32" - } - } - ] - } - ] - }, - { - "rule_id": 170, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "IPScan.IPv4_attribute.source", - "is_valid": "no", - "objects": [ - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "ipv4_attribute.source", - "object_id": 161, - "negate_option": 0, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "192.168.40.10/32" - } - } - ] - } - ] - }, - { - "rule_id": 171, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "IPScan.IPv4_attribute.destination", - "is_valid": "no", - "objects": [ - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "ipv4_attribute.destination", - "object_id": 162, - "negate_option": 0, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "192.168.231.46/32" - } - } - ] - } - ] - }, - { - "rule_id": 177, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "NOTLogic.MultiObjectsInOneNotCondition", - "is_valid": "yes", - "objects": [ - { - "attribute": "ASN_NOT_LOGIC", - "object_name": ["ASN1234", "ASN6789", "ASN9001"], - "negate_option": 1, - "condition_index": 0 - }, - { - "attribute": "DESTINATION_IP_ASN", - "object_name": "ASN2345", - "negate_option": 0, - "condition_index": 1 - } - ] - }, - { - "rule_id": 178, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "Hierarchy.MultiObjectInOneCondition", - "is_valid": "yes", - "objects": [ - { - "attribute": "SOURCE_IP_ASN", - "object_name": ["ASN1234", "ASN6789", "ASN9001"], - "negate_option": 0, - "condition_index": 0 - }, - { - "attribute": "DESTINATION_IP_ASN", - "object_name": "ASN2345", - "negate_option": 0, - "condition_index": 1 - } - ] - }, - { - "rule_id": 179, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "anything", - "is_valid": "yes", - "objects": [ - { - "attribute": "INTERGER_PLUS", - "object_name": "179_interval_object", - "object_id": 166, - "regions": [ - { - "table_name": "INTERGER_PLUS", - "table_type": "interval_plus", - "table_content": { - "district": "interval.plus", - "interval": "2020" - } - } - ] - } - ] - }, - { - "rule_id": 180, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "Hierarchy.MultiObjectInOneCondition", - "is_valid": "yes", - "objects": [ - { - "attribute": "SOURCE_IP_ASN", - "object_name": ["ASN1234", "ASN6789", "ASN9001"], - "negate_option": 0, - "condition_index": 0 - }, - { - "attribute": "SOURCE_IP_GEO", - "object_name": "Country-Sparta-IP", - "negate_option": 0, - "condition_index": 0 - }, - { - "attribute": "IP_CONFIG", - "object_name": "financial-department-ip", - "negate_option": 0, - "condition_index": 1 - } - ] - }, - { - "rule_id": 181, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "NOTLogic.MultiLiteralsInOneNotCondition", - "is_valid": "yes", - "objects": [ - { - "attribute": "SOURCE_IP_ASN", - "object_name": ["ASN1234", "ASN6789", "ASN9001"], - "negate_option": 1, - "condition_index": 0 - }, - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "develop-department-ip", - "negate_option": 1, - "condition_index": 0 - }, - { - "attribute": "SOURCE_IP_GEO", - "object_name": "Country-Sparta-IP", - "negate_option": 0, - "condition_index": 1 - } - ] - }, - { - "rule_id": 182, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "8-expr", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "182_keywords_object", - "object_id": 167, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "string1&string2&string3&string4&string5&string6&string7&string8", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 184, - "user_region": "APP_ID=6006740;Liumengyan-Bugreport-20210515", - "description": "Hulu", - "is_valid": "yes", - "do_blacklist": 0, - "do_log": 0, - "action": 0, - "service": 0, - "objects": [ - { - "attribute": "IP_CONFIG", - "object_name": "184_IP_object", - "object_id": 169, - "regions": [ - { - "table_name": "IP_CONFIG", - "table_type":"ip", - "table_content": { - "ip": "::/128" - } - } - ] - } - ] - }, - { - "rule_id": 185, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "NOTLogic.SameAttributeInMultiCondition", - "is_valid": "yes", - "objects": [ - { - "attribute": "DESTINATION_IP_ASN", - "object_name": ["ASN1234", "ASN6789", "ASN9001"], - "negate_option": 1, - "condition_index": 0 - }, - { - "attribute": "SOURCE_IP_GEO", - "object_name": "Country-Sparta-IP", - "negate_option": 1, - "condition_index": 0 - }, - { - "attribute": "DESTINATION_IP_ASN", - "object_name": "ASN9002", - "negate_option": 1, - "condition_index": 1 - }, - { - "attribute": "DESTINATION_IP_ASN", - "object_name": "ASN9003", - "negate_option": 0, - "condition_index": 2 - }, - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "security-department-ip", - "negate_option": 0, - "condition_index": 3 - } - ] - }, - { - "rule_id": 186, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "NOTLogic.ScanHitAtLast", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL_FILTER", - "object_name": "186_expr_object", - "object_id": 170, - "negate_option": 1, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "must-not-contained-string-of-rule-186", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "186_IP_object", - "object_id": 171, - "negate_option": 0, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "10.0.8.186" - } - } - ] - } - ] - }, - { - "rule_id": 187, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "NOTLogic.ScanHitAtLast", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL_FILTER", - "object_name": "187_url_object", - "object_id": 172, - "negate_option": 1, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "must-not-contained-string-of-rule-187", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "187_IP_object", - "object_id": 173, - "negate_option": 0, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "10.0.8.187" - } - } - ] - } - ] - }, - { - "rule_id": 188, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "NOTLogic.ScanHitAtLast", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL_FILTER", - "object_name": "188_url_object", - "object_id": 174, + "condition_index": 3 + } + ] + }, + { + "rule_id": "168", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "EvaluationOrder", + "is_valid": "yes", + "evaluation_order": "0", + "conditions": [ + { + "attribute": "HTTP_URL", + "object_ids": [ + "158" + ], + "condition_index": 2 + }, + { + "attribute": "HTTP_URL", + "object_ids": [ + "158" + ], + "condition_index": 6 + } + ] + }, + { + "rule_id": "169", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "IPScan.IPv4_Any", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IP_PLUS_CONFIG", + "condition_index": 0, + "negate_option": 0, + "objects": [ + { + "object_name": "169_IP_object", + "object_id": "160", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "100.64.3.1/32" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "170", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "IPScan.IPv4_attribute.source", + "is_valid": "no", + "conditions": [ + { + "attribute": "IP_PLUS_CONFIG", + "negate_option": 0, + "objects": [ + { + "object_name": "ipv4_attribute.source", + "object_id": "161", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "192.168.40.10/32" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "171", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "IPScan.IPv4_attribute.destination", + "is_valid": "no", + "conditions": [ + { + "attribute": "IP_PLUS_CONFIG", + "negate_option": 0, + "objects": [ + { + "object_name": "ipv4_attribute.destination", + "object_id": "162", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "192.168.231.46/32" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "177", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.MulticonditionsInOneNotCondition", + "is_valid": "yes", + "conditions": [ + { + "attribute": "ASN_NOT_LOGIC", "negate_option": 1, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "must-not-contained-string-of-rule-188", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "188_IP_object", - "object_id": 175, - "negate_option": 0, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "10.0.8.188" - } - } - ] - } - ] - }, - { - "rule_id": 189, - "is_valid": "yes", - "do_log": 0, - "action": 0, - "service": 0, - "do_blacklist": 0, - "user_region": "StringScan.ShouldNotHitExprPlus", - "objects": [ - { - "attribute": "APP_PAYLOAD", - "object_name": "189_app_object", - "object_id": 176, - "regions": [ - { - "table_name": "APP_PAYLOAD", - "table_type": "expr_plus", - "table_content": { - "district": "tcp.payload.c2s_first_data", - "keywords": "|ab00|", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 190, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "StringScan.ExprPlus", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_SIGNATURE", - "object_name": "190_expr_object", - "object_id": 177, - "regions": [ - { - "table_name": "HTTP_SIGNATURE", - "table_type": "expr_plus", - "table_content": { - "district": "我的DistrIct", - "keywords": "addis&sapphire", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 191, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "StringScan.HexBinCaseSensitive", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "191_keywords_object", - "object_id": 178, - "regions": [ - { - "table_type": "expr", - "table_name": "KEYWORDS_TABLE", - "table_content": { - "keywords": "|54455354|", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 192, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "anything", - "is_valid": "yes", - "objects": [ - { - "attribute": "FLAG_CONFIG", - "object_name": "192_flag_object", - "object_id": 179, - "regions": [ - { - "table_type": "flag", - "table_name": "FLAG_CONFIG", - "table_content": { - "flag": 1, - "flag_mask": 3 - } - } - ] - } - ] - }, - { - "rule_id": 193, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "anything", - "is_valid": "yes", - "objects": [ - { - "attribute": "FLAG_CONFIG", - "object_name": "193_flag_object", - "object_id": 180, - "regions": [ - { - "table_type": "flag", - "table_name": "FLAG_CONFIG", - "table_content": { - "flag": 2, - "flag_mask": 3 - } - } - ] - }, - { - "attribute": "HTTP_URL", - "object_name": "193_url_object", - "object_id": 181, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "hello", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 194, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "anything", - "is_valid": "yes", - "objects": [ - { - "attribute": "FLAG_CONFIG", - "object_name": "194_flag_object", - "object_id": 182, - "regions": [ - { - "table_type": "flag", - "table_name": "FLAG_CONFIG", - "table_content": { - "flag": 21, - "flag_mask": 31 - } - } - ] - } - ] - }, - { - "rule_id": 195, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "anything", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_SIGNATURE", - "object_name": "195_signature_object", - "object_id": 183, - "regions": [ - { - "table_name": "HTTP_SIGNATURE", - "table_type": "expr_plus", - "table_content": { - "district": "I love China", - "keywords": "today&yesterday", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_URL", - "object_name": "195_url_object", - "object_id": 184, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "Monday", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 196, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "anything", - "is_valid": "yes", - "objects": [ - { - "attribute": "FLAG_PLUS_CONFIG", - "object_name": "196_flag_object", - "object_id": 185, - "regions": [ - { - "table_type": "flag_plus", - "table_name": "FLAG_PLUS_CONFIG", - "table_content": { - "district": "I love China", - "flag": 30, - "flag_mask": 14 - } - } - ] - } - ] - }, - { - "rule_id": 197, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "Something:I\\bhave\\ba\\bname,8866", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "197_url_object", - "object_id": 186, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "hqdefault.jpg", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 198, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "Something:I have a name,7799", - "rule_table_name": "RULE_FIREWALL_DEFAULT", - "is_valid": "yes", - "objects": [ - { - "g2c_table_name": "OBJECT2RULE_FIREWALL", - "attribute": "HTTP_URL", - "object_name": "198_url_object", - "object_id": 187, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "firewall", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 199, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "ExcludeLogic.ScanNotAtLast", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "ExcludeLogicObject199", - "object_id": 188, - "sub_objects":[ - { - "object_name": "ExcludeLogicObject199_1", - "object_id": 189, - "is_exclude": 0, - "condition_index": 0, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "must-contained-string-of-rule-199", - "expr_type": "and" - } - } - ] - }, - { - "object_name": "ExcludeLogicObject199_2", - "object_id": 190, - "is_exclude": 1, - "condition_index": 0, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "must-not-contained-string-of-rule-199", - "expr_type": "and" - } - } - ] - } - ] - } - ] - }, - { - "rule_id": 200, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "ExcludeLogic.OneRegion", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "ExcludeLogicObject200", - "object_id": 191, - "sub_objects":[ - { - "attribute": "HTTP_URL", - "object_name": "ExcludeLogicObject200_1", - "object_id": 192, - "is_exclude": 0, - "condition_index": 0, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "must-contained-string-of-rule-200", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_URL", - "object_name": "ExcludeLogicObject200_2", - "object_id": 193, - "is_exclude": 1, - "condition_index": 0, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "must-not-contained-string-of-rule-200", - "expr_type": "and" - } - } - ] - } - ] - } - ] - }, - { - "rule_id": 202, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "null", - "is_valid": "yes", - "objects": [ - { - "attribute": "ATTRIBUTE_IP_PLUS_TABLE", - "object_name": "ExcludeLogicObject202", - "object_id": 194, - "condition_index": 0, - "sub_objects":[ - { - "object_name": "ExcludeLogicObject202_1", - "object_id": 195, - "is_exclude": 0, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "100.64.1.0-100.64.1.20" - } - } - ] - }, - { - "object_name": "ExcludeLogicObject202_2", - "object_id": 196, - "is_exclude": 1, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "100.64.1.6-100.64.1.10" - } - } - ] - }, - { - "object_name": "ExcludeLogicObject202_3", - "object_id": 197, - "is_exclude": 1, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "100.64.1.11-100.64.1.20" - } - } - ] - } - ] - } - ] - }, - { - "rule_id": 203, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "null", - "is_valid": "yes", - "objects": [ - { - "attribute": "ATTRIBUTE_IP_PLUS_SOURCE", - "object_name": "ExcludeLogicObject203_1", - "object_id": 198, - "condition_index": 0, - "regions": [ - { - "table_name": "IP_PLUS_CONFIG", - "table_type":"ip", - "table_content": { - "ip": "192.168.50.43-192.168.50.43" - } - - } - ] - }, - { - "attribute": "ATTRIBUTE_IP_PLUS_DESTINATION", - "object_name": "ExcludeLogicObject203_2", - "object_id": 199, - "condition_index": 1, - "regions": [ - { - "table_name": "IP_PLUS_CONFIG", - "table_type":"ip", - "table_content": { - "ip": "47.92.108.93-47.92.108.93" - } - } - ] - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS", - "object_name": "ExcludeLogicObject203_3", - "object_id": 200, - "condition_index": 2, - "sub_objects": [ - { - "object_name": "ExcludeLogicObject203_3_1", - "object_id": 201, - "is_exclude": 0, - "regions": [ - { - "table_type":"expr", - "table_name":"KEYWORDS_TABLE", - "table_content":{ - "keywords":"jianshu.com$", - "expr_type":"and" - } - } - ] - }, - { - "object_name": "ExcludeLogicObject203_3_2", - "object_id": 202, - "is_exclude": 1, - "regions": [ - { - "table_type":"expr", - "table_name":"KEYWORDS_TABLE", - "table_content":{ - "keywords":"^www.jianshu.com$", - "expr_type":"and" - } - } - ] - } - ] - } - ] - }, - { - "rule_id": 204, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "null", - "is_valid": "yes", - "objects": [ - { - "attribute": "ATTRIBUTE_IP_PLUS_SOURCE", - "object_name": "ExcludeLogicObject204_1", - "object_id": 203, - "condition_index": 0, - "regions": [ - { - "table_name": "IP_PLUS_CONFIG", - "table_type":"ip", - "table_content": { - "ip": "100.64.2.0-100.64.2.5" - } - - } - ] - }, - { - "attribute": "ATTRIBUTE_IP_PLUS_DESTINATION", - "object_name": "ExcludeLogicObject204_2", - "object_id":204, - "condition_index": 1, - "regions": [ - { - "table_name": "IP_PLUS_CONFIG", - "table_type":"ip", - "table_content": { - "ip": "100.64.2.6-100.64.2.10" - } - } - ] - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS", - "object_name": "ExcludeLogicObject204_3", - "object_id": 205, - "condition_index": 2, - "sub_objects": [ - { - "object_name": "ExcludeLogicObject204_3_1", - "object_id": 206, - "is_exclude": 0, - "sub_objects" : [ - { - "object_name": "ExcludeLogicObject204_3_1_1", - "object_id": 207, - "is_exclude": 0, - "regions": [ - { - "table_type":"expr", - "table_name":"KEYWORDS_TABLE", - "table_content":{ - "keywords":"baidu.com$", - "expr_type":"and" - } - } - ] - }, - { - "object_name": "ExcludeLogicObject204_3_1_2", - "object_id": 208, - "is_exclude": 1, - "regions": [ - { - "table_type":"expr", - "table_name":"KEYWORDS_TABLE", - "table_content":{ - "keywords":"^www.baidu.com$", - "expr_type":"and" - } - } - ] - } - ] - }, - { - "object_name": "ExcludeLogicObject204_3_2", - "object_id": 209, - "is_exclude": 1, - "regions": [ - { - "table_type":"expr", - "table_name":"KEYWORDS_TABLE", - "table_content":{ - "keywords":"^mail.baidu.com$", - "expr_type":"and" - } - } - ] - } - ] - } - ] - }, - { - "rule_id": 205, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "StringScan.RegexExpressionIllegal", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "205_keywords_object", - "object_id": 210, - "regions": [ - { - "table_type": "expr", - "table_name": "KEYWORDS_TABLE", - "table_content": { - "keywords": "123^456", - "expr_type": "regex" - } - } - ] - } - ] - }, - { - "rule_id": 206, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "duplicateRuleFor191", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "206_keywords_object", - "object_id": 211, - "regions": [ - { - "table_type": "expr", - "table_name": "KEYWORDS_TABLE", - "table_content": { - "keywords": "|54455354|", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 207, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "duplicateRuleFor192", - "is_valid": "yes", - "objects": [ - { - "attribute": "FLAG_CONFIG", - "object_name": "207_flag_object", - "object_id": 212, - "regions": [ - { - "table_type": "flag", - "table_name": "FLAG_CONFIG", - "table_content": { - "flag": 1, - "flag_mask": 3 - } - } - ] - } - ] - }, - { - "rule_id": 208, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "duplicateRuleFor154", - "is_valid": "yes", - "objects": [ - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "208_IP_object", - "object_id": 213, + "object_ids": [ + "1", + "3", + "4" + ], + "condition_index": 0 + }, + { + "attribute": "DESTINATION_IP_ASN", "negate_option": 0, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "10.0.7.100-10.0.7.106" - } - } - ] - } - ] - }, - { - "rule_id": 209, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "duplicateRuleFor179", - "is_valid": "yes", - "objects": [ - { - "attribute": "INTERGER_PLUS", - "object_name": "209_interval_object", - "object_id": 214, - "regions": [ - { - "table_name": "INTERGER_PLUS", - "table_type": "interval_plus", - "table_content": { - "district": "interval.plus", - "interval": "2020" - } - } - ] - } - ] - }, - { - "rule_id": 210, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "ipv6_::", - "is_valid": "yes", - "objects": [ - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "210_IP_object", - "object_id": 215, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "::/0" - } - } - ] - } - ] - }, - { - "rule_id": 211, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "ip_perf_test", - "is_valid": "yes", - "objects": [ - { - "attribute": "IP_PERF_CONFIG", - "object_name": "211_IP_object", - "object_id": 216, - "negate_option": 0, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PERF_CONFIG", - "table_content": { - "ip": "10.0.0.1-10.0.0.6" - } - } - ] - } - ] - }, - { - "rule_id": 212, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "integer_perf_test", - "is_valid": "yes", - "objects": [ - { - "attribute": "INTEGER_PERF_CONFIG", - "object_name": "212_interval_object", - "object_id": 217, - "regions": [ - { - "table_name": "INTEGER_PERF_CONFIG", - "table_type": "interval", - "table_content": { - "interval": "3000" - } - } - ] - } - ] - }, - { - "rule_id": 213, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "expr_perf_test", - "is_valid": "yes", - "objects": [ - { - "attribute": "EXPR_LITERAL_PERF_CONFIG", - "object_name": "213_expr_object", - "object_id": 218, - "regions": [ - { - "table_name": "EXPR_LITERAL_PERF_CONFIG", - "table_type": "expr", - "table_content": { - "keywords": "today&yesterday", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 214, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "flag_perf_test", - "is_valid": "yes", - "objects": [ - { - "attribute": "FLAG_PERF_CONFIG", - "object_name": "214_flag_object", - "object_id": 219, - "regions": [ - { - "table_type": "flag", - "table_name": "FLAG_PERF_CONFIG", - "table_content": { - "flag": 15, - "flag_mask": 15 - } - } - ] - } - ] - }, - { - "rule_id": 215, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "expr_perf_test", - "is_valid": "yes", - "objects": [ - { - "attribute": "EXPR_REGEX_PERF_CONFIG", - "object_name": "215_expr_object", - "object_id": 220, - "regions": [ - { - "table_name": "EXPR_REGEX_PERF_CONFIG", - "table_type": "expr", - "table_content": { - "keywords": "action=search\\&query=(.*)", - "expr_type": "regex" - } - } - ] - } - ] - }, - { - "rule_id": 216, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "NOTCondition&ExcludeObject", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL_FILTER", - "object_name": "ExcludeLogicObject200", + "object_ids": [ + "2" + ], + "condition_index": 1 + } + ] + }, + { + "rule_id": "178", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "Hierarchy.MultiObjectInOneCondition", + "is_valid": "yes", + "conditions": [ + { + "attribute": "SOURCE_IP_ASN", + "object_ids": [ + "1", + "3", + "4" + ], + "negate_option": 0, + "condition_index": 0 + }, + { + "attribute": "DESTINATION_IP_ASN", "negate_option": 0, - "condition_index": 0 - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS", - "object_name": "NOTConditionAndExcludeObject216", - "object_id": 221, - "negate_option": 1, - "condition_index": 1, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "keywords-for-rule-211", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 217, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "NOTCondition&ExcludeObject", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL_FILTER", - "object_name": "NOTConditionAndExcludeObject217_1", - "object_id": 222, - "negate_option": 1, - "condition_index": 0, - "sub_objects": [ - { - "object_name": "ExcludeLogicObject217_1_1", - "object_id": 223, - "is_exclude": 0, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "string-of-rule-217.com$", - "expr_type": "and" - } - } - ] - }, - { - "object_name": "ExcludeLogicObject217_1_2", - "object_id": 224, - "is_exclude": 1, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "www.string-of-rule-217.com", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS", - "object_name": "NOTConditionAndExcludeObject217_2", - "object_id": 225, + "object_ids": [ + "2" + ], + "condition_index": 1 + } + ] + }, + { + "rule_id": "179", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "anything", + "is_valid": "yes", + "conditions": [ + { + "attribute": "INTERGER_PLUS", + "objects": [ + { + "object_name": "179_interval_object", + "object_id": "166", + "items": [ + { + "table_name": "INTERGER_PLUS", + "table_type": "interval_plus", + "table_content": { + "district": "interval.plus", + "interval": "2020" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "180", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "Hierarchy.MultiObjectInOneCondition", + "is_valid": "yes", + "conditions": [ + { + "attribute": "SOURCE_IP_ASN", "negate_option": 0, - "condition_index": 1, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "keywords-for-rule-217", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 218, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "anything", - "is_valid": "yes", - "objects": [ - { - "attribute": "CONTENT_SIZE", - "object_name": "218_interval_object", - "object_id": 226, - "regions": [ - { - "table_name": "CONTENT_SIZE", - "table_type": "interval", - "table_content": { - "interval": "3000" - } - } - ] - } - ] - }, - { - "rule_id": 219, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "anything", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_DUMMY", - "object_name": "NOTConditionAndExcludeObject219_1", - "object_id": 227, + "object_ids": [ + "1", + "3", + "4" + ], + "condition_index": 0 + }, + { + "attribute": "SOURCE_IP_GEO", "negate_option": 0, - "condition_index": 0, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "keywords-dummy-219-1", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_DUMMY", - "object_name": "NOTConditionAndExcludeObject219_2", - "object_id": 228, - "negate_option": 1, - "condition_index": 1, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "keywords-dummy-219-2", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_DUMMY", - "object_name": "NOTConditionAndExcludeObject219_3", - "object_id": 229, - "negate_option": 1, - "condition_index": 2, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "keywords-dummy-219-3", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_DUMMY", - "object_name": "NOTConditionAndExcludeObject219_4", - "object_id": 230, - "negate_option": 1, - "condition_index": 3, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "keywords-dummy-219-4", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_DUMMY", - "object_name": "NOTConditionAndExcludeObject219_5", - "object_id": 231, - "negate_option": 1, - "condition_index": 4, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "keywords-dummy-219-5", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_DUMMY", - "object_name": "NOTConditionAndExcludeObject219_6", - "object_id": 232, - "negate_option": 1, - "condition_index": 5, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "keywords-dummy-219-6", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_DUMMY", - "object_name": "NOTConditionAndExcludeObject219_7", - "object_id": 233, - "negate_option": 1, - "condition_index": 6, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "keywords-dummy-219-7", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_DUMMY", - "object_name": "NOTConditionAndExcludeObject219_8", - "object_id": 234, - "negate_option": 1, - "condition_index": 7, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "keywords-dummy-219-8", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 220, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "anything", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_DUMMY", - "object_name": "NOTConditionAndExcludeObject220_1", - "object_id": 235, + "object_ids": [ + "15" + ], + "condition_index": 0 + }, + { + "attribute": "IP_CONFIG", "negate_option": 0, - "condition_index": 0, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "keywords-dummy-220-1", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_DUMMY", - "object_name": "NOTConditionAndExcludeObject220_2", - "object_id": 236, + "object_ids": [ + "12" + ], + "condition_index": 1 + } + ] + }, + { + "rule_id": "181", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.MultiLiteralsInOneNotCondition", + "is_valid": "yes", + "conditions": [ + { + "attribute": "SOURCE_IP_ASN", "negate_option": 1, - "condition_index": 1, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "keywords-dummy-220-2", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_DUMMY", - "object_name": "NOTConditionAndExcludeObject220_3", - "object_id": 237, + "object_ids": [ + "1", + "3", + "4" + ], + "condition_index": 0 + }, + { + "attribute": "IP_PLUS_CONFIG", "negate_option": 1, - "condition_index": 2, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "keywords-dummy-220-3", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 221, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "NOTLogic.ScanWithDistrict", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_REQUEST_HEADER", - "object_name": "NOTLogicObject_221_1", - "object_id": 238, - "negate_option": 1, - "regions": [ - { - "table_name": "HTTP_SIGNATURE", - "table_type": "expr_plus", - "table_content": { - "district": "User-Agent", - "keywords": "Mozilla/5.0", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_URL", - "object_name": "NOTLogicObject_221_2", - "object_id": 239, + "object_ids": [ + "14" + ], + "condition_index": 0 + }, + { + "attribute": "SOURCE_IP_GEO", "negate_option": 0, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "scan_with_district_221", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 222, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "NOTLogic.SingleNotCondition", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_NOT_LOGIC_1", - "object_name": "NOTLogicObject_222", - "object_id": 240, - "negate_option": 1, - "condition_index": 0, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "not_logic_keywords_222", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 223, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "NOTLogic.MultiNotCondition", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_NOT_LOGIC", - "object_name": "NOTLogicObject_223_1", - "object_id": 241, - "negate_option": 1, - "condition_index": 0, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "not_logic_rule_223_1", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_NOT_LOGIC", - "object_name": "NOTLogicObject_223_2", - "object_id": 242, + "object_ids": [ + "15" + ], + "condition_index": 1 + } + ] + }, + { + "rule_id": "182", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "8-expr", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "objects": [ + { + "object_name": "182_keywords_object", + "object_id": "167", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "string1&string2&string3&string4&string5&string6&string7&string8", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "184", + "user_region": "APP_ID=6006740;Liumengyan-Bugreport-20210515", + "description": "Hulu", + "is_valid": "yes", + "do_blacklist": 0, + "do_log": 0, + "action": 0, + "service": 0, + "conditions": [ + { + "attribute": "IP_CONFIG", + "objects": [ + { + "object_name": "184_IP_object", + "object_id": "169", + "items": [ + { + "table_name": "IP_CONFIG", + "table_type": "ip", + "table_content": { + "ip": "::/128" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "185", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.SameAttributeInMultiCondition", + "is_valid": "yes", + "conditions": [ + { + "attribute": "DESTINATION_IP_ASN", "negate_option": 1, - "condition_index": 1, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "not_logic_rule_223_2", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_NOT_LOGIC", - "object_name": "NOTLogicObject_223_1", - "object_id": 243, + "object_ids": [ + "1", + "3", + "4" + ], + "condition_index": 0 + }, + { + "attribute": "SOURCE_IP_GEO", "negate_option": 1, - "condition_index": 2, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "not_logic_rule_223_3", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 224, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "NOTLogic.NotPhysicalTable", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "NOTLogicObject_224_1", - "object_id": 244, + "object_ids": [ + "15" + ], + "condition_index": 0 + }, + { + "attribute": "DESTINATION_IP_ASN", "negate_option": 1, - "condition_index": 0, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "not_logic_rule_224_1", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "HTTP_RESPONSE_KEYWORDS", - "object_name": "NOTLogicObject_224_2", - "object_id": 245, - "negate_option": 0, - "condition_index": 1, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "not_logic_rule_224_2", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 225, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "Payload escape", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "EscapeObject_225_1", - "object_id": 246, - "negate_option": 0, - "condition_index": 0, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "GET / HTTP/1.1\\r\\nHost: www.baidu.com\\r\\n\\r\\n", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 226, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "maat_scan_object", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "226_url_object", - "object_id":247 - } - ] - }, - { - "rule_id": 227, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "maat_scan_object", - "rule_table_name": "RULE_FIREWALL_DEFAULT", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "227_url_object", - "object_id": 248, - "g2c_table_name": "OBJECT2RULE_FIREWALL" - } - ] - }, - { - "rule_id": 228, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "NotConditionHitPath", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "228_url_object", - "object_id": 249, + "object_ids": [ + "5" + ], + "condition_index": 1 + }, + { + "attribute": "DESTINATION_IP_ASN", "negate_option": 0, - "condition_index": 1, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "youtube.com", - "expr_type": "and" - } - } - ] - }, - { - "attribute": "ATTRIBUTE_IP_CONFIG", - "object_name": "228_IP_object", - "object_id": 250, - "negate_option": 1, - "condition_index": 2, - "regions": [ - { - "table_name": "IP_CONFIG", - "table_type":"ip", - "table_content": { - "ip": "192.168.101.102/32" - } - } - ] - } - ] - }, - { - "rule_id": 229, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "StringScan.Regex", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_URL", - "object_name": "229_url_object", - "object_id": 251, - "regions": [ - { - "table_name": "HTTP_URL", - "table_type": "expr", - "table_content": { - "keywords": "\u00C9", - "expr_type": "regex" - } - } - ] - } - ] - }, - { - "rule_id": 230, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "ipv6_::", - "is_valid": "yes", - "objects": [ - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "230_IP_object", - "object_id": 256, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "2607:5d00:2:2::32:28/128", - "port":"80-443" - } - } - ] - } - ] - }, - { - "rule_id": 231, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "should_not_hit", - "is_valid": "yes", - "objects": [ - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "231_IP_object", - "object_id": 257, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "2607:5d00:2:2::32:28/128", - "port":"80" - } - } - ] - } - ] - }, - { - "rule_id": 232, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "should_not_hit", - "is_valid": "yes", - "objects": [ - { - "attribute": "IP_PLUS_CONFIG", - "object_name": "232_IP_object", - "object_id": 258, - "regions": [ - { - "table_type":"ip", - "table_name": "IP_PLUS_CONFIG", - "table_content": { - "ip": "192.168.30.44/32", - "port": "80" - } - } - ] - } - ] - }, - { - "rule_id": 233, - "service": 1, - "action": 1, - "do_blacklist": 1, - "do_log": 1, - "user_region": "maat_scan_object", - "is_valid": "yes", - "objects": [ - { - "attribute": "HTTP_RESPONSE_KEYWORDS", - "object_name": "233_url_object", - "object_id": 259 - } - ] - }, - { - "rule_id": 234, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "Payload escape", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "EscapeObject_234_1", - "object_id": 260, + "object_ids": [ + "6" + ], + "condition_index": 2 + }, + { + "attribute": "IP_PLUS_CONFIG", "negate_option": 0, - "condition_index": 0, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "html>\\\\r\\\\n", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 235, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "Payload escape", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "EscapeObject_235_1", - "object_id": 261, + "object_ids": [ + "13" + ], + "condition_index": 3 + } + ] + }, + { + "rule_id": "186", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.ScanHitAtLast", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL_FILTER", + "negate_option": 1, + "objects": [ + { + "object_name": "186_expr_object", + "object_id": "170", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "must-not-contained-string-of-rule-186", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "IP_PLUS_CONFIG", + "negate_option": 0, + "objects": [ + { + "object_name": "186_IP_object", + "object_id": "171", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "10.0.8.186" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "187", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.ScanHitAtLast", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL_FILTER", + "negate_option": 1, + "objects": [ + { + "object_name": "187_url_object", + "object_id": "172", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "must-not-contained-string-of-rule-187", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "IP_PLUS_CONFIG", + "negate_option": 0, + "objects": [ + { + "object_name": "187_IP_object", + "object_id": "173", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "10.0.8.187" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "188", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NOTLogic.ScanHitAtLast", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL_FILTER", + "negate_option": 1, + "objects": [ + { + "object_name": "188_url_object", + "object_id": "174", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "must-not-contained-string-of-rule-188", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "IP_PLUS_CONFIG", + "negate_option": 0, + "objects": [ + { + "object_name": "188_IP_object", + "object_id": "175", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "10.0.8.188" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "189", + "is_valid": "yes", + "do_log": 0, + "action": 0, + "service": 0, + "do_blacklist": 0, + "user_region": "StringScan.ShouldNotHitExprPlus", + "conditions": [ + { + "attribute": "APP_PAYLOAD", + "objects": [ + { + "object_name": "189_app_object", + "object_id": "176", + "items": [ + { + "table_name": "APP_PAYLOAD", + "table_type": "expr_plus", + "table_content": { + "district": "tcp.payload.c2s_first_data", + "keywords": "|ab00|", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "190", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "StringScan.ExprPlus", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_SIGNATURE", + "objects": [ + { + "object_name": "190_expr_object", + "object_id": "177", + "items": [ + { + "table_name": "HTTP_SIGNATURE", + "table_type": "expr_plus", + "table_content": { + "district": "我的DistrIct", + "keywords": "addis&sapphire", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "191", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "StringScan.HexBinCaseSensitive", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "objects": [ + { + "object_name": "191_keywords_object", + "object_id": "178", + "items": [ + { + "table_type": "expr", + "table_name": "KEYWORDS_TABLE", + "table_content": { + "keywords": "|54455354|", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "192", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "anything", + "is_valid": "yes", + "conditions": [ + { + "attribute": "FLAG_CONFIG", + "objects": [ + { + "object_name": "192_flag_object", + "object_id": "179", + "items": [ + { + "table_type": "flag", + "table_name": "FLAG_CONFIG", + "table_content": { + "flag": 1, + "flag_mask": 3 + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "193", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "anything", + "is_valid": "yes", + "conditions": [ + { + "attribute": "FLAG_CONFIG", + "objects": [ + { + "object_name": "193_flag_object", + "object_id": "180", + "items": [ + { + "table_type": "flag", + "table_name": "FLAG_CONFIG", + "table_content": { + "flag": 2, + "flag_mask": 3 + } + } + ] + } + ] + }, + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "193_url_object", + "object_id": "181", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "hello", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "194", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "anything", + "is_valid": "yes", + "conditions": [ + { + "attribute": "FLAG_CONFIG", + "objects": [ + { + "object_name": "194_flag_object", + "object_id": "182", + "items": [ + { + "table_type": "flag", + "table_name": "FLAG_CONFIG", + "table_content": { + "flag": 21, + "flag_mask": 31 + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "195", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "anything", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_SIGNATURE", + "objects": [ + { + "object_name": "195_signature_object", + "object_id": "183", + "items": [ + { + "table_name": "HTTP_SIGNATURE", + "table_type": "expr_plus", + "table_content": { + "district": "I love China", + "keywords": "today&yesterday", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "195_url_object", + "object_id": "184", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "Monday", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "196", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "anything", + "is_valid": "yes", + "conditions": [ + { + "attribute": "FLAG_PLUS_CONFIG", + "objects": [ + { + "object_name": "196_flag_object", + "object_id": "185", + "items": [ + { + "table_type": "flag_plus", + "table_name": "FLAG_PLUS_CONFIG", + "table_content": { + "district": "I love China", + "flag": 30, + "flag_mask": 14 + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "197", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "Something:I\\bhave\\ba\\bname,8866", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "197_url_object", + "object_id": "186", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "hqdefault.jpg", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "198", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "Something:I have a name,7799", + "rule_table_name": "RULE_FIREWALL_DEFAULT", + "is_valid": "yes", + "conditions": [ + { + "g2c_table_name": "OBJECT2RULE_FIREWALL", + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "198_url_object", + "object_id": "187", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "firewall", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "199", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "ExcludeLogic.ScanNotAtLast", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "object_name": "ExcludeLogicObject199", + "object_ids": [ + "503" + ] + } + ] + }, + { + "rule_id": "200", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "ExcludeLogic.OneRegion", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "object_ids": [ + "504" + ] + } + ] + }, + { + "rule_id": "202", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "null", + "is_valid": "yes", + "conditions": [ + { + "attribute": "ATTRIBUTE_IP_PLUS_TABLE", + "object_name": "ExcludeLogicObject202", + "object_ids": [ + "505" + ], + "condition_index": 0 + } + ] + }, + { + "rule_id": "203", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "null", + "is_valid": "yes", + "conditions": [ + { + "attribute": "ATTRIBUTE_IP_PLUS_SOURCE", + "condition_index": 0, + "objects": [ + { + "object_name": "ExcludeLogicObject203_1", + "object_id": "198", + "items": [ + { + "table_name": "IP_PLUS_CONFIG", + "table_type": "ip", + "table_content": { + "ip": "192.168.50.43-192.168.50.43" + } + } + ] + } + ] + }, + { + "attribute": "ATTRIBUTE_IP_PLUS_DESTINATION", + "condition_index": 1, + "objects": [ + { + "object_name": "ExcludeLogicObject203_2", + "object_id": "199", + "items": [ + { + "table_name": "IP_PLUS_CONFIG", + "table_type": "ip", + "table_content": { + "ip": "47.92.108.93-47.92.108.93" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS", + "object_name": "ExcludeLogicObject203_3", + "object_ids": [ + "506" + ], + "condition_index": 2 + } + ] + }, + { + "rule_id": "204", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "null", + "is_valid": "yes", + "conditions": [ + { + "attribute": "ATTRIBUTE_IP_PLUS_SOURCE", + "condition_index": 0, + "objects": [ + { + "object_name": "ExcludeLogicObject204_1", + "object_id": "203", + "items": [ + { + "table_name": "IP_PLUS_CONFIG", + "table_type": "ip", + "table_content": { + "ip": "100.64.2.0-100.64.2.5" + } + } + ] + } + ] + }, + { + "attribute": "ATTRIBUTE_IP_PLUS_DESTINATION", + "condition_index": 1, + "objects": [ + { + "object_name": "ExcludeLogicObject204_2", + "object_id": "204", + "items": [ + { + "table_name": "IP_PLUS_CONFIG", + "table_type": "ip", + "table_content": { + "ip": "100.64.2.6-100.64.2.10" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS", + "object_ids": [ + "508" + ], + "condition_index": 2 + } + ] + }, + { + "rule_id": "205", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "StringScan.RegexExpressionIllegal", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "objects": [ + { + "object_name": "205_keywords_object", + "object_id": "210", + "items": [ + { + "table_type": "expr", + "table_name": "KEYWORDS_TABLE", + "table_content": { + "keywords": "123^456", + "expr_type": "regex" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "206", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "duplicateRuleFor191", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "objects": [ + { + "object_name": "206_keywords_object", + "object_id": "211", + "items": [ + { + "table_type": "expr", + "table_name": "KEYWORDS_TABLE", + "table_content": { + "keywords": "|54455354|", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "207", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "duplicateRuleFor192", + "is_valid": "yes", + "conditions": [ + { + "attribute": "FLAG_CONFIG", + "objects": [ + { + "object_name": "207_flag_object", + "object_id": "212", + "items": [ + { + "table_type": "flag", + "table_name": "FLAG_CONFIG", + "table_content": { + "flag": 1, + "flag_mask": 3 + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "208", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "duplicateRuleFor154", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IP_PLUS_CONFIG", + "negate_option": 0, + "objects": [ + { + "object_name": "208_IP_object", + "object_id": "213", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "10.0.7.100-10.0.7.106" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "209", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "duplicateRuleFor179", + "is_valid": "yes", + "conditions": [ + { + "attribute": "INTERGER_PLUS", + "objects": [ + { + "object_name": "209_interval_object", + "object_id": "214", + "items": [ + { + "table_name": "INTERGER_PLUS", + "table_type": "interval_plus", + "table_content": { + "district": "interval.plus", + "interval": "2020" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "210", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "ipv6_::", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IP_PLUS_CONFIG", + "objects": [ + { + "object_name": "210_IP_object", + "object_id": "215", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "::/0" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "211", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "ip_perf_test", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IP_PERF_CONFIG", + "negate_option": 0, + "objects": [ + { + "object_name": "211_IP_object", + "object_id": "216", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PERF_CONFIG", + "table_content": { + "ip": "10.0.0.1-10.0.0.6" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "212", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "integer_perf_test", + "is_valid": "yes", + "conditions": [ + { + "attribute": "INTEGER_PERF_CONFIG", + "objects": [ + { + "object_name": "212_interval_object", + "object_id": "217", + "items": [ + { + "table_name": "INTEGER_PERF_CONFIG", + "table_type": "interval", + "table_content": { + "interval": "3000" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "213", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "expr_perf_test", + "is_valid": "yes", + "conditions": [ + { + "attribute": "EXPR_LITERAL_PERF_CONFIG", + "objects": [ + { + "object_name": "213_expr_object", + "object_id": "218", + "items": [ + { + "table_name": "EXPR_LITERAL_PERF_CONFIG", + "table_type": "expr", + "table_content": { + "keywords": "today&yesterday", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "214", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "flag_perf_test", + "is_valid": "yes", + "conditions": [ + { + "attribute": "FLAG_PERF_CONFIG", + "objects": [ + { + "object_name": "214_flag_object", + "object_id": "219", + "items": [ + { + "table_type": "flag", + "table_name": "FLAG_PERF_CONFIG", + "table_content": { + "flag": 15, + "flag_mask": 15 + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "215", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "expr_perf_test", + "is_valid": "yes", + "conditions": [ + { + "attribute": "EXPR_REGEX_PERF_CONFIG", + "objects": [ + { + "object_name": "215_expr_object", + "object_id": "220", + "items": [ + { + "table_name": "EXPR_REGEX_PERF_CONFIG", + "table_type": "expr", + "table_content": { + "keywords": "action=search\\&query=(.*)", + "expr_type": "regex" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "216", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "NOTCondition&ExcludeObject", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL_FILTER", "negate_option": 0, - "condition_index": 0, - "regions": [ - { - "table_name": "KEYWORDS_TABLE", - "table_type": "expr", - "table_content": { - "keywords": "\\(\\)abc\\^\\$def\\|", - "expr_type": "and" - } - } - ] - } - ] - }, - { - "rule_id": 236, - "service": 0, - "action": 0, - "do_blacklist": 0, - "do_log": 0, - "user_region": "StringScan.HexBinCombineString", - "is_valid": "yes", - "objects": [ - { - "attribute": "KEYWORDS_TABLE", - "object_name": "236_keywords_object", - "object_id": 262, - "regions": [ - { - "table_type": "expr", - "table_name": "KEYWORDS_TABLE", - "table_content": { - "keywords": "cd |6162|", - "expr_type": "and" - } - } - ] - } - ] - } - ], - "plugin_table": [ - { - "table_name": "QD_ENTRY_INFO", - "table_content": [ - "1\t192.168.0.1\t101\t1", - "2\t192.168.0.2\t102\t1", - "3\t192.168.1.1\t103\t1" - ] - }, - { - "table_name": "TEST_PLUGIN_TABLE", - "table_content": [ - "1\t3388\t99\t1", - "2\t3355\t66\t1", - "3\tcccc\t11\t1" - ] - }, - { - "table_name": "TEST_PLUGIN_EXDATA_TABLE", - "table_content": [ - "1\tHeBei\tShijiazhuang\t1\t0", - "2\tHeNan\tZhengzhou\t1\t0", - "3\tShanDong\tJinan\t1\t0", - "4\tShanXi\tTaiyuan\t1\t0" - ] - }, - { - "table_name": "TEST_EFFECTIVE_RANGE_TABLE", - "table_content": [ - "1\tSUCCESS\t99\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}\t1111", - "2\tSUCCESS\t66\t1\t0\t222", - "3\tFAILED\t11\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}\t333", - "4\tSUCCESS\t66\t1\t{}\t444", - "5\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京\"]}]]}\t444", - "6\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"weather\",\"value\":[\"hot\"]}]]}\t444" - ] - }, - { - "table_name": "IR_INTERCEPT_IP", - "table_content": [ - "1000000130\t1000000130\t4\t192.168.10.99\t255.255.255.255\t0\t65535\t0.0.0.0\t255.255.255.255\t0\t65535\t0\t1\t1\t96\t1\tuser_region\t{}\t2019/1/24/18:0:34", - "161\t161\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t61.135.169.121\t255.255.255.255\t0\t65535\t0\t0\t1\t96\t832\t0\t0\t2019/1/24/18:48:42" - ] - }, - { - "table_name": "TEST_IP_PLUGIN_WITH_EXDATA", - "table_content": [ - "101\t4\t192.168.30.99-192.168.30.101\tSomething-like-json\t1", - "102\t4\t192.168.30.90-192.168.30.128\tBigger-range-should-in-the-back\t1", - "103\t6\t2001:db8:1234::-2001:db8:1235::\tBigger-range-should-in-the-back\t1", - "104\t6\t2001:db8:1234::1-2001:db8:1234::5210\tSomething-like-json\t1", - "105\t6\t2620:100:3000::-2620:0100:30ff:ffff:ffff:ffff:ffff:ffff\tBugreport-liumengyan-20210517\t1" - ] - }, - { - "table_name": "TEST_IPPORT_PLUGIN_WITH_EXDATA", - "table_content": [ - "101\t4\t192.168.100.1\t0\t255\t1", - "102\t4\t192.168.100.2\t100\t200\t1", - "103\t4\t192.168.100.1\t255\t300\t1", - "104\t6\t2001:db8:1234::5210\t255\t512\t1" - ] - }, - { - "table_name": "TEST_FQDN_PLUGIN_WITH_EXDATA", - "table_content": [ - "201\twww.example1.com\tcatid=1\t1", - "202\t*.example1.com\tcatid=1\t1", - "203\tnews.example1.com\tcatid=2\t1", - "204\tr3---sn-i3belne6.example2.com\tcatid=3\t1", - "205\tr3---sn-i3belne6.example2.com\tcatid=3\t1" - ] - }, - { - "table_name": "TEST_BOOL_PLUGIN_WITH_EXDATA", - "table_content": [ - "301\t1&2&1000\ttunnel1\t1", - "302\t101&102\ttunnel2\t1", - "303\t102\ttunnel3\t1", - "304\t101\ttunnel4\t1", - "305\t0&1&2&3&4&5&6&7\ttunnel5\t1", - "306\t101&101\tinvalid\t1" - ] - }, - { - "table_name": "TEST_PLUGIN_LONG_KEY_TYPE_TABLE", - "table_content": [ - "1\t11111111\tShijiazhuang\t1\t0", - "2\t22222222\tZhengzhou\t1\t0", - "3\t33333333\tJinan\t1\t0", - "4\t44444444\tTaiyuan\t1\t0" - ] - }, - { - "table_name": "TEST_PLUGIN_INT_KEY_TYPE_TABLE", - "table_content": [ - "1\t101\tChina\t1\t0", - "2\t102\tAmerica\t1\t0", - "3\t103\tRussia\t1\t0", - "4\t104\tJapan\t1\t0" - ] - }, - { - "table_name": "TEST_PLUGIN_IP_KEY_TYPE_TABLE", - "table_content": [ - "4\t100.64.1.1\tXiZang\t1\t0", - "4\t100.64.1.2\tXinJiang\t1\t0", - "6\t2001:da8:205:1::101\tGuiZhou\t1\t0", - "6\t1001:da8:205:1::101\tSiChuan\t1\t0", - "7\t100.64.1.3\tQingHai\t1\t0", - "6\t100.64.1.4\tGanSu\t1\t0" - ] - } - ] + "object_ids": [ + "504" + ], + "condition_index": 0 + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS", + "negate_option": 1, + "condition_index": 1, + "objects": [ + { + "object_name": "NOTConditionAndExcludeObject216", + "object_id": "221", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "keywords-for-rule-211", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "217", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "NOTCondition&ExcludeObject", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL_FILTER", + "negate_option": 1, + "object_ids": [ + "509" + ], + "condition_index": 0 + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS", + "negate_option": 0, + "condition_index": 1, + "objects": [ + { + "object_name": "NOTConditionAndExcludeObject217_2", + "object_id": "225", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "keywords-for-rule-217", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "218", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "anything", + "is_valid": "yes", + "conditions": [ + { + "attribute": "CONTENT_SIZE", + "objects": [ + { + "object_name": "218_interval_object", + "object_id": "226", + "items": [ + { + "table_name": "CONTENT_SIZE", + "table_type": "interval", + "table_content": { + "interval": "3000" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "219", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "anything", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_DUMMY", + "negate_option": 0, + "condition_index": 0, + "objects": [ + { + "object_name": "NOTConditionAndExcludeObject219_1", + "object_id": "227", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "keywords-dummy-219-1", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_DUMMY", + "negate_option": 1, + "condition_index": 1, + "objects": [ + { + "object_name": "NOTConditionAndExcludeObject219_2", + "object_id": "228", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "keywords-dummy-219-2", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_DUMMY", + "negate_option": 1, + "condition_index": 2, + "objects": [ + { + "object_name": "NOTConditionAndExcludeObject219_3", + "object_id": "229", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "keywords-dummy-219-3", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_DUMMY", + "negate_option": 1, + "condition_index": 3, + "objects": [ + { + "object_name": "NOTConditionAndExcludeObject219_4", + "object_id": "230", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "keywords-dummy-219-4", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_DUMMY", + "negate_option": 1, + "condition_index": 4, + "objects": [ + { + "object_name": "NOTConditionAndExcludeObject219_5", + "object_id": "231", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "keywords-dummy-219-5", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_DUMMY", + "negate_option": 1, + "condition_index": 5, + "objects": [ + { + "object_name": "NOTConditionAndExcludeObject219_6", + "object_id": "232", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "keywords-dummy-219-6", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_DUMMY", + "negate_option": 1, + "condition_index": 6, + "objects": [ + { + "object_name": "NOTConditionAndExcludeObject219_7", + "object_id": "233", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "keywords-dummy-219-7", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_DUMMY", + "negate_option": 1, + "condition_index": 7, + "objects": [ + { + "object_name": "NOTConditionAndExcludeObject219_8", + "object_id": "234", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "keywords-dummy-219-8", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "220", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "anything", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_DUMMY", + "negate_option": 0, + "condition_index": 0, + "objects": [ + { + "object_name": "NOTConditionAndExcludeObject220_1", + "object_id": "235", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "keywords-dummy-220-1", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_DUMMY", + "negate_option": 1, + "condition_index": 1, + "objects": [ + { + "object_name": "NOTConditionAndExcludeObject220_2", + "object_id": "236", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "keywords-dummy-220-2", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_DUMMY", + "negate_option": 1, + "condition_index": 2, + "objects": [ + { + "object_name": "NOTConditionAndExcludeObject220_3", + "object_id": "237", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "keywords-dummy-220-3", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "221", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "NOTLogic.ScanWithDistrict", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_REQUEST_HEADER", + "negate_option": 1, + "objects": [ + { + "object_name": "NOTLogicObject_221_1", + "object_id": "238", + "items": [ + { + "table_name": "HTTP_SIGNATURE", + "table_type": "expr_plus", + "table_content": { + "district": "User-Agent", + "keywords": "Mozilla/5.0", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_URL", + "negate_option": 0, + "objects": [ + { + "object_name": "NOTLogicObject_221_2", + "object_id": "239", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "scan_with_district_221", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "222", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "NOTLogic.SingleNotCondition", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_NOT_LOGIC_1", + "negate_option": 1, + "condition_index": 0, + "objects": [ + { + "object_name": "NOTLogicObject_222", + "object_id": "240", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "not_logic_keywords_222", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "223", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "NOTLogic.MultiNotCondition", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_NOT_LOGIC", + "negate_option": 1, + "condition_index": 0, + "objects": [ + { + "object_name": "NOTLogicObject_223_1", + "object_id": "241", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "not_logic_rule_223_1", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_NOT_LOGIC", + "negate_option": 1, + "condition_index": 1, + "objects": [ + { + "object_name": "NOTLogicObject_223_2", + "object_id": "242", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "not_logic_rule_223_2", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_NOT_LOGIC", + "negate_option": 1, + "condition_index": 2, + "objects": [ + { + "object_name": "NOTLogicObject_223_1", + "object_id": "243", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "not_logic_rule_223_3", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "224", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "NOTLogic.NotPhysicalTable", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "negate_option": 1, + "condition_index": 0, + "objects": [ + { + "object_name": "NOTLogicObject_224_1", + "object_id": "244", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "not_logic_rule_224_1", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "HTTP_RESPONSE_KEYWORDS", + "negate_option": 0, + "condition_index": 1, + "objects": [ + { + "object_name": "NOTLogicObject_224_2", + "object_id": "245", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "not_logic_rule_224_2", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "225", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "Payload escape", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "negate_option": 0, + "condition_index": 0, + "objects": [ + { + "object_name": "EscapeObject_225_1", + "object_id": "246", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "GET / HTTP/1.1\\r\\nHost: www.baidu.com\\r\\n\\r\\n", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "226", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "maat_scan_object", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "object_name": "226_url_object", + "object_ids": [ + "247" + ] + } + ] + }, + { + "rule_id": "227", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "maat_scan_object", + "rule_table_name": "RULE_FIREWALL_DEFAULT", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "object_name": "227_url_object", + "object_ids": [ + "248" + ] + } + ] + }, + { + "rule_id": "228", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "NotConditionHitPath", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "negate_option": 0, + "condition_index": 1, + "objects": [ + { + "object_name": "228_url_object", + "object_id": "249", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "youtube.com", + "expr_type": "and" + } + } + ] + } + ] + }, + { + "attribute": "ATTRIBUTE_IP_CONFIG", + "negate_option": 1, + "condition_index": 2, + "objects": [ + { + "object_name": "228_IP_object", + "object_id": "250", + "items": [ + { + "table_name": "IP_CONFIG", + "table_type": "ip", + "table_content": { + "ip": "192.168.101.102/32" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "229", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "StringScan.Regex", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_URL", + "objects": [ + { + "object_name": "229_url_object", + "object_id": "251", + "items": [ + { + "table_name": "HTTP_URL", + "table_type": "expr", + "table_content": { + "keywords": "É", + "expr_type": "regex" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "230", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "ipv6_::", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IP_PLUS_CONFIG", + "objects": [ + { + "object_name": "230_IP_object", + "object_id": "256", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "2607:5d00:2:2::32:28/128", + "port": "80-443" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "231", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "should_not_hit", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IP_PLUS_CONFIG", + "objects": [ + { + "object_name": "231_IP_object", + "object_id": "257", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "2607:5d00:2:2::32:28/128", + "port": "80" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "232", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "should_not_hit", + "is_valid": "yes", + "conditions": [ + { + "attribute": "IP_PLUS_CONFIG", + "objects": [ + { + "object_name": "232_IP_object", + "object_id": "258", + "items": [ + { + "table_type": "ip", + "table_name": "IP_PLUS_CONFIG", + "table_content": { + "ip": "192.168.30.44/32", + "port": "80" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "233", + "service": 1, + "action": 1, + "do_blacklist": 1, + "do_log": 1, + "user_region": "maat_scan_object", + "is_valid": "yes", + "conditions": [ + { + "attribute": "HTTP_RESPONSE_KEYWORDS", + "object_name": "233_url_object", + "object_id": [ + "259" + ] + } + ] + }, + { + "rule_id": "234", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "Payload escape", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "negate_option": 0, + "condition_index": 0, + "objects": [ + { + "object_name": "EscapeObject_234_1", + "object_id": "260", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "html>\\\\r\\\\n", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "235", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "Payload escape", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "negate_option": 0, + "condition_index": 0, + "objects": [ + { + "object_name": "EscapeObject_235_1", + "object_id": "261", + "items": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "\\(\\)abc\\^\\$def\\|", + "expr_type": "and" + } + } + ] + } + ] + } + ] + }, + { + "rule_id": "236", + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "StringScan.HexBinCombineString", + "is_valid": "yes", + "conditions": [ + { + "attribute": "KEYWORDS_TABLE", + "objects": [ + { + "object_name": "236_keywords_object", + "object_id": "262", + "items": [ + { + "table_type": "expr", + "table_name": "KEYWORDS_TABLE", + "table_content": { + "keywords": "cd |6162|", + "expr_type": "and" + } + } + ] + } + ] + } + ] + } + ], + "plugin_table": [ + { + "table_name": "QD_ENTRY_INFO", + "table_content": [ + "1\t192.168.0.1\t101\t1", + "2\t192.168.0.2\t102\t1", + "3\t192.168.1.1\t103\t1" + ] + }, + { + "table_name": "TEST_PLUGIN_TABLE", + "table_content": [ + "1\t3388\t99\t1", + "2\t3355\t66\t1", + "3\tcccc\t11\t1" + ] + }, + { + "table_name": "TEST_PLUGIN_EXDATA_TABLE", + "table_content": [ + "1\tHeBei\tShijiazhuang\t1\t0", + "2\tHeNan\tZhengzhou\t1\t0", + "3\tShanDong\tJinan\t1\t0", + "4\tShanXi\tTaiyuan\t1\t0" + ] + }, + { + "table_name": "TEST_EFFECTIVE_RANGE_TABLE", + "table_content": [ + "1\tSUCCESS\t99\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"移动\"]}]]}\t1111", + "2\tSUCCESS\t66\t1\t0\t222", + "3\tFAILED\t11\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京/朝阳/华严北里\",\"上海/浦东/陆家嘴\"]},{\"tag\":\"isp\",\"value\":[\"电信\",\"联通\"]}],[{\"tag\":\"location\",\"value\":[\"北京\"]},{\"tag\":\"isp\",\"value\":[\"联通\"]}]]}\t333", + "4\tSUCCESS\t66\t1\t{}\t444", + "5\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"location\",\"value\":[\"北京\"]}]]}\t444", + "6\tSUCCESS\t66\t1\t{\"tag_sets\":[[{\"tag\":\"weather\",\"value\":[\"hot\"]}]]}\t444" + ] + }, + { + "table_name": "IR_INTERCEPT_IP", + "table_content": [ + "1000000130\t1000000130\t4\t192.168.10.99\t255.255.255.255\t0\t65535\t0.0.0.0\t255.255.255.255\t0\t65535\t0\t1\t1\t96\t1\tuser_region\t{}\t2019/1/24/18:0:34", + "161\t161\t4\t0.0.0.0\t255.255.255.255\t0\t65535\t61.135.169.121\t255.255.255.255\t0\t65535\t0\t0\t1\t96\t832\t0\t0\t2019/1/24/18:48:42" + ] + }, + { + "table_name": "TEST_IP_PLUGIN_WITH_EXDATA", + "table_content": [ + "101\t4\t192.168.30.99-192.168.30.101\tSomething-like-json\t1", + "102\t4\t192.168.30.90-192.168.30.128\tBigger-range-should-in-the-back\t1", + "103\t6\t2001:db8:1234::-2001:db8:1235::\tBigger-range-should-in-the-back\t1", + "104\t6\t2001:db8:1234::1-2001:db8:1234::5210\tSomething-like-json\t1", + "105\t6\t2620:100:3000::-2620:0100:30ff:ffff:ffff:ffff:ffff:ffff\tBugreport-liumengyan-20210517\t1" + ] + }, + { + "table_name": "TEST_IPPORT_PLUGIN_WITH_EXDATA", + "table_content": [ + "101\t4\t192.168.100.1\t0\t255\t1", + "102\t4\t192.168.100.2\t100\t200\t1", + "103\t4\t192.168.100.1\t255\t300\t1", + "104\t6\t2001:db8:1234::5210\t255\t512\t1" + ] + }, + { + "table_name": "TEST_FQDN_PLUGIN_WITH_EXDATA", + "table_content": [ + "201\twww.example1.com\tcatid=1\t1", + "202\t*.example1.com\tcatid=1\t1", + "203\tnews.example1.com\tcatid=2\t1", + "204\tr3---sn-i3belne6.example2.com\tcatid=3\t1", + "205\tr3---sn-i3belne6.example2.com\tcatid=3\t1" + ] + }, + { + "table_name": "TEST_BOOL_PLUGIN_WITH_EXDATA", + "table_content": [ + "301\t1&2&1000\ttunnel1\t1", + "302\t101&102\ttunnel2\t1", + "303\t102\ttunnel3\t1", + "304\t101\ttunnel4\t1", + "305\t0&1&2&3&4&5&6&7\ttunnel5\t1", + "306\t101&101\tinvalid\t1" + ] + }, + { + "table_name": "TEST_PLUGIN_LONG_KEY_TYPE_TABLE", + "table_content": [ + "1\t11111111\tShijiazhuang\t1\t0", + "2\t22222222\tZhengzhou\t1\t0", + "3\t33333333\tJinan\t1\t0", + "4\t44444444\tTaiyuan\t1\t0" + ] + }, + { + "table_name": "TEST_PLUGIN_INT_KEY_TYPE_TABLE", + "table_content": [ + "1\t101\tChina\t1\t0", + "2\t102\tAmerica\t1\t0", + "3\t103\tRussia\t1\t0", + "4\t104\tJapan\t1\t0" + ] + }, + { + "table_name": "TEST_PLUGIN_IP_KEY_TYPE_TABLE", + "table_content": [ + "4\t100.64.1.1\tXiZang\t1\t0", + "4\t100.64.1.2\tXinJiang\t1\t0", + "6\t2001:da8:205:1::101\tGuiZhou\t1\t0", + "6\t1001:da8:205:1::101\tSiChuan\t1\t0", + "7\t100.64.1.3\tQingHai\t1\t0", + "6\t100.64.1.4\tGanSu\t1\t0" + ] + } + ] }
\ No newline at end of file diff --git a/test/table_info.json b/test/table_info.json index 5a6ad84..0c6d15b 100644 --- a/test/table_info.json +++ b/test/table_info.json @@ -2,25 +2,13 @@ { "table_id":0, "table_name":"RULE_DEFAULT", - "table_type":"rule", - "valid_column":9, - "custom": { - "rule_id":1, - "tags":6, - "condition_num":8 - } + "table_type":"rule" }, { "table_id":1, "table_name":"RULE_ALIAS", "table_type":"rule", - "valid_column":9, - "schema_tag": "{\"rule_alias\": \"rule\"}", - "custom": { - "rule_id":1, - "tags":6, - "condition_num":8 - } + "schema_tag": "{\"rule_alias\": \"rule\"}" }, { "table_id":2, @@ -28,90 +16,35 @@ "db_tables":["RULE_DEFAULT", "RULE_ALIAS"], "default_rule_table":2, "table_type":"rule", - "valid_column":9, - "schema_tag": "{\"rule_conjunction\": \"rule\"}", - "custom": { - "rule_id":1, - "tags":6, - "condition_num":8 - } - }, - { - "table_id":3, - "table_name":"OBJECT2RULE", - "db_tables":["OBJECT2RULE_DEFAULT", "OBJECT2RULE_ALIAS"], - "table_type":"object2rule", - "associated_rule_table_id":2, - "valid_column":6, - "schema_tag": "{\"object2rule\": \"object2rule\"}", - "custom": { - "object_id":1, - "rule_id":2, - "negate_option":3, - "attribute_name":4, - "condition_index":5 - } + "schema_tag": "{\"rule_conjunction\": \"rule\"}" }, { "table_id":4, "table_name":"RULE_FIREWALL_DEFAULT", - "table_type":"rule", - "valid_column":9, - "custom": { - "rule_id":1, - "tags":6, - "condition_num":8 - } + "table_type":"rule" }, { "table_id":5, "table_name":"RULE_FIREWALL_CONJUNCTION", "db_tables":["RULE_FIREWALL_DEFAULT"], - "table_type":"rule", - "valid_column":9, - "custom": { - "rule_id":1, - "tags":6, - "condition_num":8 - } - }, - { - "table_id":6, - "table_name":"OBJECT2RULE_FIREWALL", - "table_type":"object2rule", - "associated_rule_table_id":5, - "valid_column":6, - "custom": { - "object_id":1, - "rule_id":2, - "negate_option":3, - "attribute_name":4, - "condition_index":5 - } + "table_type":"rule" }, { "table_id":7, "table_name":"OBJECT2OBJECT", - "table_type":"object2object", - "valid_column":4, - "custom": { - "object_id":1, - "included_sub_object_ids":2, - "excluded_sub_object_ids":3 - } + "table_type":"object2object" }, { "table_id":8, "table_name":"RULE_PLUGIN", "db_tables":["RULE_DEFAULT", "RULE_ALIAS"], "table_type":"plugin", - "valid_column":8, "schema_tag": "{\"rule_plugin\": \"plugin\"}", "custom": { "gc_timeout_s":3, "key_type":"integer", "key_len":8, - "key":1 + "key_name": "rule_id" } }, { @@ -119,12 +52,11 @@ "table_name":"RULE_FIREWALL_PLUGIN", "db_tables":["RULE_FIREWALL_DEFAULT"], "table_type":"plugin", - "valid_column":8, "custom": { "gc_timeout_s":3, "key_type":"integer", "key_len":8, - "key":1 + "key_name":"TODO" } }, { @@ -133,564 +65,268 @@ "db_tables":["HTTP_URL", "HTTP_HOST"], "table_type":"expr", "expr_engine":"rulescan", - "valid_column":5, - "schema_tag": "{\"http_region\": \"expr\"}", - "custom": { - "item_id":1, - "object_id":2, - "expr_type":3, - "keywords":4 - } + "supported_attributes":["HTTP_URL", "HTTP_URL_FILTER"], + "schema_tag": "{\"http_region\": \"expr\"}" }, { "table_id":11, "table_name":"KEYWORDS_TABLE", "table_type":"expr", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "expr_type":3, - "keywords":4 - } + "supported_attributes":[ + "HTTP_RESPONSE_KEYWORDS", + "HTTP_RESPONSE_KEYWORDS_1", + "HTTP_RESPONSE_KEYWORDS_2", + "HTTP_RESPONSE_KEYWORDS_3", + "HTTP_RESPONSE_KEYWORDS_4", + "HTTP_RESPONSE_KEYWORDS_5", + "HTTP_RESPONSE_KEYWORDS_6", + "HTTP_RESPONSE_KEYWORDS_7", + "HTTP_RESPONSE_KEYWORDS_8", + "HTTP_DUMMY", + "HTTP_NOT_LOGIC", + "HTTP_NOT_LOGIC_1"], + "schema_tag": "{\"http_response_keywords\": \"attribute\"}" }, { "table_id":12, "table_name":"IP_CONFIG", "table_type":"ip", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "ip":3, - "port":4 - } + "supported_attributes": ["ATTRIBUTE_IP_CONFIG"] }, { "table_id":13, "table_name":"CONTENT_SIZE", - "table_type":"interval", - "valid_column":4, - "custom": { - "item_id":1, - "object_id":2, - "interval":3 - } + "table_type":"interval" }, { "table_id":14, "table_name":"QD_ENTRY_INFO", "table_type":"plugin", - "valid_column":4, "custom": { "gc_timeout_s":3, "key_type":"integer", "key_len":8, - "key":1 + "key_name":"TODO" } }, { "table_id":15, "table_name":"HTTP_SIGNATURE", "table_type":"expr_plus", - "valid_column":6, - "custom": { - "item_id":1, - "object_id":2, - "district":3, - "expr_type":4, - "keywords":5 - } + "supported_attributes":["HTTP_REQUEST_HEADER", "HTTP_RESPONSE_HEADER"] }, { "table_id":16, "table_name":"IMAGE_FP", - "table_type":"expr", - "valid_column":5, - "supported_attributes":["HTTP_URL", "HTTP_REQ_BODY"], - "custom": { - "item_id":1, - "object_id":2, - "expr_type":3, - "keywords":4 - } + "table_type":"expr" }, { "table_id":17, "table_name":"TEST_EFFECTIVE_RANGE_TABLE", "table_type":"plugin", - "valid_column":4, "custom": { "gc_timeout_s":3, "key_type":"integer", "key_len":8, - "key":1, - "tag":5 + "key_name":"TODO" } }, { "table_id":18, "table_name":"TEST_FOREIGN_KEY", "table_type":"plugin", - "valid_column":4, "custom": { "gc_timeout_s":3, "key_type":"pointer", - "key":2, - "tag":3, - "foreign": [6,8] + "key_name":"TODO", + "foreign_names": ["TODO", "TODO"] } }, { "table_id":19, "table_name":"TEST_PLUGIN_EXDATA_TABLE", "table_type":"plugin", - "valid_column":4, "custom": { "gc_timeout_s":3, "key_type":"pointer", - "key":2, - "tag":5 + "key_name":"TODO" } }, { "table_id":20, "table_name":"IR_INTERCEPT_IP", "table_type":"plugin", - "valid_column":14, "custom": { "gc_timeout_s":3, "key_type":"pointer", - "key":2, - "tag":18 + "key_name":"TODO" } }, { "table_id":21, "table_name":"APP_PAYLOAD", - "table_type":"expr_plus", - "valid_column":6, - "custom": { - "item_id":1, - "object_id":2, - "district":3, - "expr_type":4, - "keywords":5 - } + "table_type":"expr_plus" }, { "table_id":22, "table_name":"TROJAN_PAYLOAD", - "table_type":"expr", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "expr_type":3, - "keywords":4 - } + "table_type":"expr" }, { "table_id":23, "table_name":"MAIL_ADDR", - "table_type":"expr", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "expr_type":3, - "keywords":4 - } + "table_type":"expr" }, { "table_id":24, "table_name":"IP_PLUS_CONFIG", "table_type":"ip", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "ip":3, - "port":4 - } - }, - { - "table_id":25, - "table_name":"HTTP_RESPONSE_KEYWORDS", - "table_type":"attribute", - "physical_table": "KEYWORDS_TABLE", - "schema_tag": "{\"http_response_keywords\": \"attribute\"}" - }, - { - "table_id":26, - "table_name":"HTTP_REQUEST_HEADER", - "table_type":"attribute", - "physical_table": "HTTP_SIGNATURE" - }, - { - "table_id":27, - "table_name":"HTTP_RESPONSE_HEADER", - "table_type":"attribute", - "physical_table": "HTTP_SIGNATURE" - }, - { - "table_id":28, - "table_name":"ATTRIBUTE_IP_PLUS_TABLE", - "db_tables":["ATTRIBUTE_IP_PLUS_SOURCE", "ATTRIBUTE_IP_PLUS_DESTINATION"], - "table_type":"attribute", - "physical_table": "IP_PLUS_CONFIG", + "supported_attributes":["ATTRIBUTE_IP_PLUS_TABLE", "ATTRIBUTE_IP_PLUS_SOURCE", "ATTRIBUTE_IP_PLUS_DESTINATION"], "schema_tag": "{\"attribute_ip_plus_table\": \"attribute\"}" }, { "table_id":29, "table_name":"TEST_IP_PLUGIN_WITH_EXDATA", "table_type":"ip_plugin", - "valid_column":5, "custom": { "gc_timeout_s": 3, - "item_id":1, - "ip":3 + "key_name":"TODO" } }, { "table_id":30, "table_name":"AS_NUMBER", "table_type":"expr", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "expr_type":3, - "keywords":4 - } - }, - { - "table_id":31, - "table_name":"SOURCE_IP_ASN", - "table_type":"attribute", - "physical_table":"AS_NUMBER" - }, - { - "table_id":32, - "table_name":"DESTINATION_IP_ASN", - "table_type":"attribute", - "physical_table":"AS_NUMBER" + "supported_attributes":["SOURCE_IP_ASN", "DESTINATION_IP_ASN", "ASN_NOT_LOGIC"] }, { "table_id":33, "table_name":"GeoLocation", "table_type":"expr", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "expr_type":3, - "keywords":4 - } - }, - { - "table_id":34, - "table_name":"SOURCE_IP_GEO", - "table_type":"attribute", - "physical_table":"GeoLocation" + "supported_attributes":["SOURCE_IP_GEO"] }, { "table_id":35, "table_name":"INTERGER_PLUS", - "table_type":"interval_plus", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "district":3, - "interval":4 - } + "table_type":"interval_plus" }, { "table_id":36, "table_name":"TEST_FQDN_PLUGIN_WITH_EXDATA", "table_type":"fqdn_plugin", - "valid_column":4, "custom": { "gc_timeout_s": 3, - "item_id":1, - "fqdn":2 + "key_name":"TODO" } }, { "table_id":37, "table_name":"APP_ID", - "table_type":"interval", - "valid_column":4, - "custom": { - "item_id":1, - "object_id":2, - "interval":3 - } + "table_type":"interval" }, { "table_id":38, "table_name":"EMPTY_KEYWORD", - "table_type":"expr", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "expr_type":3, - "keywords":4 - } + "table_type":"expr" }, { "table_id":39, "table_name":"EMPTY_INTERGER", - "table_type":"interval", - "valid_column":4, - "custom": { - "item_id":1, - "object_id":2, - "interval":3 - } + "table_type":"interval" }, { "table_id":40, "table_name":"TEST_BOOL_PLUGIN_WITH_EXDATA", "table_type":"bool_plugin", - "valid_column":4, "custom": { "gc_timeout_s": 3, - "item_id":1, - "bool_expr":2 + "key_name":"TODO" } }, { "table_id":41, "table_name":"FLAG_CONFIG", - "table_type":"flag", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "flag":3, - "flag_mask":4 - } + "table_type":"flag" }, { "table_id":42, "table_name":"FLAG_PLUS_CONFIG", - "table_type":"flag_plus", - "valid_column":6, - "custom": { - "item_id":1, - "object_id":2, - "district":3, - "flag":4, - "flag_mask":5 - } + "table_type":"flag_plus" }, { "table_id":43, "table_name":"TEST_PLUGIN_LONG_KEY_TYPE_TABLE", "table_type":"plugin", - "valid_column":4, "custom": { "gc_timeout_s":3, "key_type":"integer", "key_len":8, - "key":2, - "tag":5 + "key_name":"TODO" } }, { "table_id":44, "table_name":"TEST_PLUGIN_INT_KEY_TYPE_TABLE", "table_type":"plugin", - "valid_column":4, "custom": { "gc_timeout_s":3, "key_type":"integer", "key_len":4, - "key":2, - "tag":5 + "key_name":"TODO" } }, { "table_id":45, "table_name":"TEST_PLUGIN_IP_KEY_TYPE_TABLE", "table_type":"plugin", - "valid_column":4, "custom": { "gc_timeout_s":3, "key_type":"ip_addr", - "addr_type":1, - "key":2 + "key_name":"TODO" } }, { - "table_id":46, - "table_name":"HTTP_URL_FILTER", - "table_type":"attribute", - "physical_table": "HTTP_URL" - }, - { "table_id":47, "table_name":"IP_PERF_CONFIG", - "table_type":"ip", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "ip":3, - "port":4 - } + "table_type":"ip" }, { "table_id":48, "table_name":"INTEGER_PERF_CONFIG", - "table_type":"interval", - "valid_column":4, - "custom": { - "item_id":1, - "object_id":2, - "interval":3 - } + "table_type":"interval" }, { "table_id":49, "table_name":"EXPR_LITERAL_PERF_CONFIG", - "table_type":"expr", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "expr_type":3, - "keywords":4 - } + "table_type":"expr" }, { "table_id":50, "table_name":"EXPR_REGEX_PERF_CONFIG", - "table_type":"expr", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "expr_type":3, - "keywords":4 - } + "table_type":"expr" }, { "table_id":51, "table_name":"FLAG_PERF_CONFIG", - "table_type":"flag", - "valid_column":5, - "custom": { - "item_id":1, - "object_id":2, - "flag":3, - "flag_mask":4 - } + "table_type":"flag" }, { "table_id":52, "table_name":"TEST_IPPORT_PLUGIN_WITH_EXDATA", "table_type":"ipport_plugin", - "valid_column":6, "custom": { "gc_timeout_s": 3, - "item_id":1, - "ip_type":2, - "ip_addr":3, - "port1":4, - "port2":5 + "key_name":"TODO" } }, { - "table_id":53, - "table_name":"ATTRIBUTE_IP_CONFIG", - "table_type":"attribute", - "physical_table": "IP_CONFIG" - }, - { - "table_id":54, - "table_name":"HTTP_RESPONSE_KEYWORDS_1", - "table_type":"attribute", - "physical_table": "KEYWORDS_TABLE" - }, - { - "table_id":55, - "table_name":"HTTP_RESPONSE_KEYWORDS_2", - "table_type":"attribute", - "physical_table": "KEYWORDS_TABLE" - }, - { - "table_id":56, - "table_name":"HTTP_RESPONSE_KEYWORDS_3", - "table_type":"attribute", - "physical_table": "KEYWORDS_TABLE" - }, - { - "table_id":57, - "table_name":"HTTP_RESPONSE_KEYWORDS_4", - "table_type":"attribute", - "physical_table": "KEYWORDS_TABLE" - }, - { - "table_id":58, - "table_name":"HTTP_RESPONSE_KEYWORDS_5", - "table_type":"attribute", - "physical_table": "KEYWORDS_TABLE" - }, - { - "table_id":59, - "table_name":"HTTP_RESPONSE_KEYWORDS_6", - "table_type":"attribute", - "physical_table": "KEYWORDS_TABLE" - }, - { - "table_id":60, - "table_name":"HTTP_RESPONSE_KEYWORDS_7", - "table_type":"attribute", - "physical_table": "KEYWORDS_TABLE" - }, - { - "table_id":61, - "table_name":"HTTP_RESPONSE_KEYWORDS_8", - "table_type":"attribute", - "physical_table": "KEYWORDS_TABLE" - }, - { - "table_id":62, - "table_name":"HTTP_DUMMY", - "table_type":"attribute", - "physical_table": "KEYWORDS_TABLE" - }, - { - "table_id":63, - "table_name":"HTTP_NOT_LOGIC", - "table_type":"attribute", - "physical_table": "KEYWORDS_TABLE" - }, - { - "table_id":64, - "table_name":"HTTP_NOT_LOGIC_1", - "table_type":"attribute", - "physical_table": "KEYWORDS_TABLE" - }, - { - "table_id":65, - "table_name":"ASN_NOT_LOGIC", - "table_type":"attribute", - "physical_table":"AS_NUMBER" - }, - { "table_id":66, "table_name":"TEST_IP_PLUGIN_WITH_ADDR_FORMAT", "table_type":"ip_plugin", "valid_column":5, "custom": { "gc_timeout_s": 3, - "item_id":1, - "ip":3 + "key_name":"TODO" } } ]
\ No newline at end of file diff --git a/test/test_utils.cpp b/test/test_utils.cpp index 1cfbfd7..4ba704c 100644 --- a/test/test_utils.cpp +++ b/test/test_utils.cpp @@ -68,7 +68,7 @@ int write_json_to_redis(const char *json_filename, char *redis_ip, int redis_por return -1; } - convert_maat_json_rule(json_root, (unsigned char *)json_buff); + convert_maat_json_rule(&json_root, (unsigned char *)json_buff); redisContext *c = maat_connect_redis(redis_ip, redis_port, redis_db, logger); if (NULL == c) { |