diff options
| author | liuchang <[email protected]> | 2024-04-23 02:33:49 +0000 |
|---|---|---|
| committer | 杨威 <[email protected]> | 2024-04-23 10:15:33 +0000 |
| commit | 56238be7018c22a5c5f48a9274b1e30e7df7ed57 (patch) | |
| tree | 51d605cc3bb8ab06bd18606728d285a47762ee53 /test | |
| parent | 5c93f409003c2fdde3c1dd3f4c8929d19b83cb5b (diff) | |
TSG-20076: 存储转义之前的字符串,避免增量更新时对已转义的规则再次转义
Diffstat (limited to 'test')
| -rw-r--r-- | test/maat_framework_gtest.cpp | 124 | ||||
| -rw-r--r-- | test/maat_json.json | 30 |
2 files changed, 154 insertions, 0 deletions
diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index 46a8073..8671caf 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -650,6 +650,68 @@ TEST_F(HsStringScan, BackslashR_N_Escape) { state = NULL; } +TEST_F(HsStringScan, BackslashR_N_Escape_IncUpdate) { + int ret = 0; + long long results[ARRAY_SIZE] = {0}; + size_t n_hit_result = 0; + int thread_id = 0; + const char *table_name = "KEYWORDS_TABLE"; + const char *payload = "html>\\r\\n"; + struct maat *maat_inst = HsStringScan::_shared_maat_inst; + struct maat_state *state = maat_state_new(maat_inst, thread_id); + + int table_id = maat_get_table_id(maat_inst, table_name); + ret = maat_scan_string(maat_inst, table_id, payload, strlen(payload), + results, ARRAY_SIZE, &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(results[0], 234); + + ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_OK); + maat_state_reset(state); + + const char *compile_table_name = "COMPILE_DEFAULT"; + const char *g2c_table_name = "GROUP2COMPILE_DEFAULT"; + + /* compile table add line */ + long long compile_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + ret = compile_table_set_line(maat_inst, compile_table_name, MAAT_OP_ADD, + compile_id, "null", 1, 0); + EXPECT_EQ(ret, 1); + + /* group2compile table add line */ + long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); + ret = group2compile_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, + group_id, compile_id, 0, table_name, 1, 0); + EXPECT_EQ(ret, 1); + + /* expr table add line */ + long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + const char *keywords = "html>\\\\r\\\\n"; + + /* EXPR_TYPE_AND MATCH_METHOD_SUB */ + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, + group_id, keywords, NULL, 1, 0, 0, 0); + EXPECT_EQ(ret, 1); + + sleep(WAIT_FOR_EFFECTIVE_S * 3); + + ret = maat_scan_string(maat_inst, table_id, payload, strlen(payload), + results, ARRAY_SIZE, &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(n_hit_result, 2); + EXPECT_EQ(results[0], 234); + EXPECT_EQ(results[1], compile_id); + + ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_OK); + + maat_state_free(state); + state = NULL; +} + TEST_F(HsStringScan, ExprPlus) { long long results[ARRAY_SIZE] = {0}; size_t n_hit_result = 0; @@ -1564,6 +1626,68 @@ TEST_F(RsStringScan, BackslashR_N_Escape) { state = NULL; } +TEST_F(RsStringScan, BackslashR_N_Escape_IncUpdate) { + int ret = 0; + long long results[ARRAY_SIZE] = {0}; + size_t n_hit_result = 0; + int thread_id = 0; + const char *table_name = "KEYWORDS_TABLE"; + const char *payload = "html>\\r\\n"; + struct maat *maat_inst = RsStringScan::_shared_maat_inst; + struct maat_state *state = maat_state_new(maat_inst, thread_id); + + int table_id = maat_get_table_id(maat_inst, table_name); + ret = maat_scan_string(maat_inst, table_id, payload, strlen(payload), + results, ARRAY_SIZE, &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(results[0], 234); + + ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_OK); + maat_state_reset(state); + + const char *compile_table_name = "COMPILE_DEFAULT"; + const char *g2c_table_name = "GROUP2COMPILE_DEFAULT"; + + /* compile table add line */ + long long compile_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); + ret = compile_table_set_line(maat_inst, compile_table_name, MAAT_OP_ADD, + compile_id, "null", 1, 0); + EXPECT_EQ(ret, 1); + + /* group2compile table add line */ + long long group_id = maat_cmd_incrby(maat_inst, "SEQUENCE_GROUP", 1); + ret = group2compile_table_set_line(maat_inst, g2c_table_name, MAAT_OP_ADD, + group_id, compile_id, 0, table_name, 1, 0); + EXPECT_EQ(ret, 1); + + /* expr table add line */ + long long item_id = maat_cmd_incrby(maat_inst, "SEQUENCE_REGION", 1); + const char *keywords = "html>\\\\r\\\\n"; + + /* EXPR_TYPE_AND MATCH_METHOD_SUB */ + ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item_id, + group_id, keywords, NULL, 1, 0, 0, 0); + EXPECT_EQ(ret, 1); + + sleep(WAIT_FOR_EFFECTIVE_S * 3); + + ret = maat_scan_string(maat_inst, table_id, payload, strlen(payload), + results, ARRAY_SIZE, &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_HIT); + EXPECT_EQ(n_hit_result, 2); + EXPECT_EQ(results[0], 234); + EXPECT_EQ(results[1], compile_id); + + ret = maat_scan_not_logic(maat_inst, table_id, results, ARRAY_SIZE, + &n_hit_result, state); + EXPECT_EQ(ret, MAAT_SCAN_OK); + + maat_state_free(state); + state = NULL; +} + TEST_F(RsStringScan, ExprPlus) { long long results[ARRAY_SIZE] = {0}; size_t n_hit_result = 0; diff --git a/test/maat_json.json b/test/maat_json.json index 0ba5e71..6d068dc 100644 --- a/test/maat_json.json +++ b/test/maat_json.json @@ -4100,6 +4100,36 @@ "group_id": 259 } ] + }, + { + "compile_id": 234, + "service": 0, + "action": 0, + "do_blacklist": 0, + "do_log": 0, + "user_region": "Payload escape", + "is_valid": "yes", + "groups": [ + { + "virtual_table": "KEYWORDS_TABLE", + "group_name": "EscapeGroup_234_1", + "group_id": 260, + "not_flag": 0, + "clause_index": 0, + "regions": [ + { + "table_name": "KEYWORDS_TABLE", + "table_type": "expr", + "table_content": { + "keywords": "html>\\\\r\\\\n", + "expr_type": "none", + "match_method": "sub", + "format": "uncase plain" + } + } + ] + } + ] } ], "plugin_table": [ |