diff options
Diffstat (limited to 'test/maat_framework_gtest.cpp')
| -rw-r--r-- | test/maat_framework_gtest.cpp | 1490 |
1 files changed, 745 insertions, 745 deletions
diff --git a/test/maat_framework_gtest.cpp b/test/maat_framework_gtest.cpp index f3622fc..4325835 100644 --- a/test/maat_framework_gtest.cpp +++ b/test/maat_framework_gtest.cpp @@ -47,7 +47,7 @@ static int test_add_expr_command(struct maat *maat_inst, const char *expr_table, and_condition->or_condition_num = 1; and_condition->negate_option = 0; - and_condition->or_conditions[0].attribute_name = attr_name; + and_condition->or_conditions[0].field_name = attr_name; and_condition->or_conditions[0].object_uuids_str[0] = object_uuid_str; and_condition->or_conditions[0].object_num = 1; ret = rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_ADD, @@ -108,7 +108,7 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old) { const char *hit_old_data = "Hello world! I'm eve."; const char *hit_new_data = "Maat was borned in MESA."; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *table_name = "HTTP_URL"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -116,7 +116,7 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old) struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, hit_old_data, + int ret = maat_scan_string(maat_inst, table_name, field_name, hit_old_data, strlen(hit_old_data), results, ARRAY_SIZE, &n_hit_result, state); if (is_old) { @@ -128,12 +128,12 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old) EXPECT_EQ(ret, MAAT_SCAN_OK); } - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, table_name, attribute_name, hit_new_data, + ret = maat_scan_string(maat_inst, table_name, field_name, hit_new_data, strlen(hit_new_data), results, ARRAY_SIZE, &n_hit_result, state); if (!is_old) { @@ -145,7 +145,7 @@ void scan_with_old_or_new_cfg(struct maat *maat_inst, int is_old) EXPECT_EQ(ret, MAAT_SCAN_OK); } - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -220,7 +220,7 @@ struct log_handle *FlagScan::logger; TEST_F(FlagScan, basic) { const char *flag_table_name = "FLAG_CONFIG"; - const char *attribute_name = "FLAG_CONFIG"; + const char *field_name = "FLAG_CONFIG"; struct maat *maat_inst = FlagScan::_shared_maat_inst; //rule_id:192 flag: 0000 0001 mask: 0000 0011 @@ -233,7 +233,7 @@ TEST_F(FlagScan, basic) { memset(results, 0, sizeof(results)); - int ret = maat_scan_flag(maat_inst, flag_table_name, attribute_name, scan_data, results, + int ret = maat_scan_flag(maat_inst, flag_table_name, field_name, scan_data, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -244,7 +244,7 @@ TEST_F(FlagScan, basic) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000192"); - ret = maat_scan_not_logic(maat_inst, flag_table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -258,7 +258,7 @@ TEST_F(FlagScan, basic) { scan_data = 13; memset(results, 0, sizeof(results)); n_hit_result = 0; - ret = maat_scan_flag(maat_inst, flag_table_name, attribute_name, scan_data, results, + ret = maat_scan_flag(maat_inst, flag_table_name, field_name, scan_data, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -268,7 +268,7 @@ TEST_F(FlagScan, basic) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000192"); - ret = maat_scan_not_logic(maat_inst, flag_table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); @@ -276,12 +276,12 @@ TEST_F(FlagScan, basic) { scan_data = 6; memset(results, 0, sizeof(results)); n_hit_result = 0; - ret = maat_scan_flag(maat_inst, flag_table_name, attribute_name, scan_data, results, + ret = maat_scan_flag(maat_inst, flag_table_name, field_name, scan_data, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, flag_table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -291,9 +291,9 @@ TEST_F(FlagScan, basic) { TEST_F(FlagScan, withExprRegion) { const char *flag_table_name = "FLAG_CONFIG"; - const char *flag_attribute_name = "FLAG_CONFIG"; + const char *flag_field_name = "FLAG_CONFIG"; const char *expr_table_name = "HTTP_URL"; - const char *expr_attribute_name = "HTTP_URL"; + const char *expr_field_name = "HTTP_URL"; struct maat *maat_inst = FlagScan::_shared_maat_inst; //rule_id:193 flag: 0000 0010 mask: 0000 0011 @@ -306,12 +306,12 @@ TEST_F(FlagScan, withExprRegion) { memset(results, 0, sizeof(results)); - int ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data, results, + int ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -323,7 +323,7 @@ TEST_F(FlagScan, withExprRegion) { EXPECT_NE(n_read, 0); const char *expr_scan_data = "hello world"; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, expr_scan_data, + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, expr_scan_data, strlen(expr_scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -332,7 +332,7 @@ TEST_F(FlagScan, withExprRegion) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000193"); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -342,7 +342,7 @@ TEST_F(FlagScan, withExprRegion) { TEST_F(FlagScan, hitMultiRule) { const char *flag_table_name = "FLAG_CONFIG"; - const char *flag_attribute_name = "FLAG_CONFIG"; + const char *flag_field_name = "FLAG_CONFIG"; struct maat *maat_inst = FlagScan::_shared_maat_inst; //rule_id:192 flag: 0000 0001 mask: 0000 0011 @@ -356,7 +356,7 @@ TEST_F(FlagScan, hitMultiRule) { memset(results, 0, sizeof(results)); - int ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data, results, + int ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 3); @@ -370,16 +370,16 @@ TEST_F(FlagScan, hitMultiRule) { uuid_unparse(results[2], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000192"); - ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); memset(results, 0, sizeof(results)); - ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data, results, + ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -396,7 +396,7 @@ TEST_F(FlagScan, hitMultiRule) { TEST_F(FlagScan, hitRepeatedRule) { const char *flag_table_name = "FLAG_CONFIG"; - const char *flag_attribute_name = "FLAG_CONFIG"; + const char *flag_field_name = "FLAG_CONFIG"; struct maat *maat_inst = FlagScan::_shared_maat_inst; uuid_t results[ARRAY_SIZE]; @@ -409,7 +409,7 @@ TEST_F(FlagScan, hitRepeatedRule) { //rule_id:192 flag: 0000 0001 mask: 0000 0011 //scan_data: 0000 1001 or 0000 1101 should hit long long flag_scan_data1 = 9; - int ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data1, results, + int ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -419,7 +419,7 @@ TEST_F(FlagScan, hitRepeatedRule) { uuid_unparse(results[1], uuid_str); EXPECT_EQ(strcmp(uuid_str, "00000000-0000-0000-0000-000000000192"), 0); - ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -428,23 +428,23 @@ TEST_F(FlagScan, hitRepeatedRule) { //scan_data: 0001 0101 should hit rule192 and rule194 long long flag_scan_data2 = 21; memset(results, 0, sizeof(results)); - ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data2, results, + ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data2, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000194"); - ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); memset(results, 0, sizeof(results)); - ret = maat_scan_flag(maat_inst, flag_table_name, flag_attribute_name, flag_scan_data2, results, + ret = maat_scan_flag(maat_inst, flag_table_name, flag_field_name, flag_scan_data2, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, flag_table_name, flag_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -522,7 +522,7 @@ struct log_handle *StringScan::logger; TEST_P(StringScan, ScanDataOnlyOneByte) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = StringScan::_shared_maat_inst; uuid_t results[ARRAY_SIZE]; @@ -532,12 +532,12 @@ TEST_P(StringScan, ScanDataOnlyOneByte) { const char scan_data = 0x20; memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, &scan_data, sizeof(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, &scan_data, sizeof(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -547,7 +547,7 @@ TEST_P(StringScan, ScanDataOnlyOneByte) { TEST_P(StringScan, Full) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = StringScan::_shared_maat_inst; uuid_t results[ARRAY_SIZE]; @@ -558,7 +558,7 @@ TEST_P(StringScan, Full) { "?action=search&query=username,abckkk,1234567"; memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -566,7 +566,7 @@ TEST_P(StringScan, Full) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -581,12 +581,12 @@ TEST_P(StringScan, Regex) { int thread_id = 0; const char *scan_data = "Cookie: Txa123aheadBCAxd"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -594,7 +594,7 @@ TEST_P(StringScan, Regex) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000148"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -609,19 +609,19 @@ TEST_P(StringScan, RegexUnicode) { int thread_id = 0; const char *scan_data = "String contains É"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); char uuid_str[UUID_STR_LEN] = {0}; uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000229"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -635,20 +635,20 @@ TEST_P(StringScan, BackslashR_N_Escape) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; const char *payload = "GET / HTTP/1.1\r\nHost: www.baidu.com\r\n\r\n"; struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), + ret = maat_scan_string(maat_inst, table_name, field_name, payload, strlen(payload), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); char uuid_str[UUID_STR_LEN] = {0}; uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000225"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -663,20 +663,20 @@ TEST_P(StringScan, BackslashR_N_Escape_IncUpdate) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; const char *payload = "html>\\r\\n"; struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), + ret = maat_scan_string(maat_inst, table_name, field_name, payload, strlen(payload), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); char uuid_str[UUID_STR_LEN] = {0}; uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000234"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); @@ -705,7 +705,7 @@ TEST_P(StringScan, BackslashR_N_Escape_IncUpdate) { struct maat_cmd_and_condition and_condition; and_condition.or_condition_num = 1; and_condition.negate_option = 0; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; and_condition.or_conditions[0].object_num = 1; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -714,7 +714,7 @@ TEST_P(StringScan, BackslashR_N_Escape_IncUpdate) { sleep(WAIT_FOR_EFFECTIVE_S * 3); - ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), + ret = maat_scan_string(maat_inst, table_name, field_name, payload, strlen(payload), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -723,7 +723,7 @@ TEST_P(StringScan, BackslashR_N_Escape_IncUpdate) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -738,20 +738,20 @@ TEST_P(StringScan, BackslashCtrlCharactor) size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; const char *payload = "()abc^$def|"; struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, payload, strlen(payload), + ret = maat_scan_string(maat_inst, table_name, field_name, payload, strlen(payload), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); char uuid_str[UUID_STR_LEN] = {0}; uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000235"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -762,7 +762,7 @@ TEST_P(StringScan, BackslashCtrlCharactor) TEST_P(StringScan, Expr8) { int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; struct maat *maat_inst = StringScan::_shared_maat_inst; char scan_data[128] = "string1, string2, string3, string4, string5, " "string6, string7, string8"; @@ -772,7 +772,7 @@ TEST_P(StringScan, Expr8) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -780,7 +780,7 @@ TEST_P(StringScan, Expr8) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000182"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -797,7 +797,7 @@ TEST_P(StringScan, Expr8) { TEST_P(StringScan, HexBinCaseSensitive) { const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; const char *scan_data1 = "String TeST should not hit."; const char *scan_data2 = "String TEST should hit"; struct maat *maat_inst = StringScan::_shared_maat_inst; @@ -808,17 +808,17 @@ TEST_P(StringScan, HexBinCaseSensitive) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data2, strlen(scan_data2), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data2, strlen(scan_data2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -828,7 +828,7 @@ TEST_P(StringScan, HexBinCaseSensitive) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000191"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -838,7 +838,7 @@ TEST_P(StringScan, HexBinCaseSensitive) { TEST_P(StringScan, HexbinCombineString) { const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; const char *scan_data1 = "abcd ABCD"; const char *scan_data2 = "abcd abCD"; struct maat *maat_inst = StringScan::_shared_maat_inst; @@ -849,17 +849,17 @@ TEST_P(StringScan, HexbinCombineString) struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data2, strlen(scan_data2), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data2, strlen(scan_data2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -867,7 +867,7 @@ TEST_P(StringScan, HexbinCombineString) uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000236"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -894,7 +894,7 @@ TEST_P(StringScan, BugReport20190325) { 0x00, 0x31, 0x3a, 0x47, 0x32, 0x2e, 0x34, 0x30, 0x00}; const char *table_name = "TROJAN_PAYLOAD"; - const char *attribute_name = "TROJAN_PAYLOAD"; + const char *field_name = "TROJAN_PAYLOAD"; struct maat *maat_inst = StringScan::_shared_maat_inst; int thread_id = 0; @@ -903,7 +903,7 @@ TEST_P(StringScan, BugReport20190325) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, (char *)scan_data, + int ret = maat_scan_string(maat_inst, table_name, field_name, (char *)scan_data, sizeof(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -912,7 +912,7 @@ TEST_P(StringScan, BugReport20190325) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000150"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -925,9 +925,9 @@ TEST_P(StringScan, PrefixAndSuffix) { const char *hit_suffix = "[email protected]"; const char *hit_prefix = "[email protected]"; const char *cont_sz_table_name = "CONTENT_SIZE"; - const char *cont_sz_attribute_name = "CONTENT_SIZE"; + const char *cont_sz_field_name = "CONTENT_SIZE"; const char *mail_addr_table_name = "MAIL_ADDR"; - const char *mail_addr_attribute_name = "MAIL_ADDR"; + const char *mail_addr_field_name = "MAIL_ADDR"; struct maat *maat_inst = StringScan::_shared_maat_inst; int thread_id = 0; @@ -936,14 +936,14 @@ TEST_P(StringScan, PrefixAndSuffix) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_integer(maat_inst, cont_sz_table_name, cont_sz_attribute_name, 2015, results, + int ret = maat_scan_integer(maat_inst, cont_sz_table_name, cont_sz_field_name, 2015, results, ARRAY_SIZE, &n_hit_result, state); - ret = maat_scan_not_logic(maat_inst, cont_sz_table_name, cont_sz_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, cont_sz_table_name, cont_sz_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_attribute_name, hit_twice, + ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_field_name, hit_twice, strlen(hit_twice), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -954,12 +954,12 @@ TEST_P(StringScan, PrefixAndSuffix) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000152"); - ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_attribute_name, hit_suffix, + ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_field_name, hit_suffix, strlen(hit_suffix), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -967,18 +967,18 @@ TEST_P(StringScan, PrefixAndSuffix) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000151"); - ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_integer(maat_inst, cont_sz_table_name, cont_sz_attribute_name, 2015, results, + ret = maat_scan_integer(maat_inst, cont_sz_table_name, cont_sz_field_name, 2015, results, ARRAY_SIZE, &n_hit_result, state); - ret = maat_scan_not_logic(maat_inst, cont_sz_table_name, cont_sz_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, cont_sz_table_name, cont_sz_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_attribute_name, hit_prefix, + ret = maat_scan_string(maat_inst, mail_addr_table_name, mail_addr_field_name, hit_prefix, strlen(hit_prefix), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -986,7 +986,7 @@ TEST_P(StringScan, PrefixAndSuffix) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000152"); - ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, mail_addr_table_name, mail_addr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -997,7 +997,7 @@ TEST_P(StringScan, PrefixAndSuffix) { TEST_P(StringScan, MaatUnescape) { const char *scan_data = "Batman\\:Take me Home.Superman/:Fine,stay with me."; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; struct maat *maat_inst = StringScan::_shared_maat_inst; int thread_id = 0; @@ -1006,7 +1006,7 @@ TEST_P(StringScan, MaatUnescape) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1014,7 +1014,7 @@ TEST_P(StringScan, MaatUnescape) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000132"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1024,7 +1024,7 @@ TEST_P(StringScan, MaatUnescape) { TEST_P(StringScan, OffsetChunk64) { const char *table_name = "IMAGE_FP"; - const char *attribute_name = "IMAGE_FP"; + const char *field_name = "IMAGE_FP"; const char *file_name = "./testdata/mesa_logo.jpg"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -1039,7 +1039,7 @@ TEST_P(StringScan, OffsetChunk64) { memset(results, 0, sizeof(results)); - struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state); + struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state); ASSERT_TRUE(sp != NULL); int ret = 0; @@ -1054,7 +1054,7 @@ TEST_P(StringScan, OffsetChunk64) { break; } - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); if (ret > 0) { pass_flag = 1; @@ -1073,7 +1073,7 @@ TEST_P(StringScan, OffsetChunk64) { TEST_P(StringScan, OffsetChunk1460) { const char *table_name = "IMAGE_FP"; - const char *attribute_name = "IMAGE_FP"; + const char *field_name = "IMAGE_FP"; const char *file_name = "./testdata/mesa_logo.jpg"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -1088,7 +1088,7 @@ TEST_P(StringScan, OffsetChunk1460) { memset(results, 0, sizeof(results)); - struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state); + struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state); ASSERT_TRUE(sp != NULL); int ret = 0; @@ -1103,7 +1103,7 @@ TEST_P(StringScan, OffsetChunk1460) { break; } - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); if (ret > 0) { pass_flag = 1; @@ -1122,7 +1122,7 @@ TEST_P(StringScan, OffsetChunk1460) { TEST_P(StringScan, StreamScanUTF8) { const char *table_name = "TROJAN_PAYLOAD"; - const char *attribute_name = "TROJAN_PAYLOAD"; + const char *field_name = "TROJAN_PAYLOAD"; const char* file_name = "./testdata/jd.com.html"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -1135,7 +1135,7 @@ TEST_P(StringScan, StreamScanUTF8) { ASSERT_FALSE(fp == NULL); memset(results, 0, sizeof(results)); - struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state); + struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state); ASSERT_FALSE(sp == NULL); int pass_flag = 0; @@ -1148,7 +1148,7 @@ TEST_P(StringScan, StreamScanUTF8) { break; } - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); if (ret == MAAT_SCAN_HIT) { pass_flag = 1; @@ -1171,7 +1171,7 @@ TEST_P(StringScan, StreamScanUTF8) { TEST_P(StringScan, InvisibleCharactor) { const char *hex_data = "00A12B3CEEFF"; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; struct maat *maat_inst = StringScan::_shared_maat_inst; int thread_id = 0; @@ -1188,7 +1188,7 @@ TEST_P(StringScan, InvisibleCharactor) { } memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, (char*)binary_data, binary_data_length, + int ret = maat_scan_string(maat_inst, table_name, field_name, (char*)binary_data, binary_data_length, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1196,7 +1196,7 @@ TEST_P(StringScan, InvisibleCharactor) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000238"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1211,21 +1211,21 @@ TEST_P(StringScan, StreamInput) { struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *scan_data1 = "www.cyberessays.com"; const char *scan_data2 = "http://www.cyberessays.com/search_results.php?" "action=search&query=yulingjing,abckkk,1234567"; memset(results, 0, sizeof(results)); - struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state); + struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state); ASSERT_TRUE(sp != NULL); int ret = maat_stream_scan(sp, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1238,7 +1238,7 @@ TEST_P(StringScan, StreamInput) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1255,13 +1255,13 @@ TEST_P(StringScan, StreamHitDirectObject) { struct maat *maat_inst = StringScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); const char *table_name_url = "HTTP_URL"; - const char *attribute_name_url = "HTTP_URL"; + const char *field_name_url = "HTTP_URL"; const char *scan_data1 = "www.3300av.com"; const char *scan_data2 = "sdadhuadhasdgufgh;sdfhjaufhiwebfiusdafhaos;dhfaluhjweh"; memset(results, 0, sizeof(results)); - struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, attribute_name_url, state); + struct maat_stream *sp = maat_stream_new(maat_inst, table_name_url, field_name_url, state); ASSERT_TRUE(sp != NULL); ret = maat_stream_scan(sp, scan_data1, strlen(scan_data1), results, @@ -1278,7 +1278,7 @@ TEST_P(StringScan, StreamHitDirectObject) { uuid_unparse(object_array[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000112"); - ret = maat_scan_not_logic(maat_inst, table_name_url, attribute_name_url, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name_url, field_name_url, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1291,11 +1291,11 @@ TEST_P(StringScan, StreamHitDirectObject) { maat_state_reset(state); - const char *attribute_name_sig = "HTTP_SIGNATURE"; + const char *field_name_sig = "HTTP_SIGNATURE"; const char *table_name_sig = "HTTP_SIGNATURE"; const char *scan_data3 = "abckkk"; const char *scan_data4 = "123"; - sp = maat_stream_new(maat_inst, table_name_sig, attribute_name_sig, state); + sp = maat_stream_new(maat_inst, table_name_sig, field_name_sig, state); ASSERT_TRUE(sp != NULL); ret = maat_stream_scan(sp, scan_data3, strlen(scan_data3), results, @@ -1313,7 +1313,7 @@ TEST_P(StringScan, StreamHitDirectObject) { uuid_unparse(object_array[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000107"); - ret = maat_scan_not_logic(maat_inst, table_name_sig, attribute_name_sig, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name_sig, field_name_sig, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1358,7 +1358,7 @@ TEST_P(StringScan, RegexSuffix) TEST_P(StringScan, dynamic_config) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; char data[128] = "hello world, welcome to maat version4, it's funny."; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -1368,12 +1368,12 @@ TEST_P(StringScan, dynamic_config) { memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, data, strlen(data), + int ret = maat_scan_string(maat_inst, table_name, field_name, data, strlen(data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1402,7 +1402,7 @@ TEST_P(StringScan, dynamic_config) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -1411,7 +1411,7 @@ TEST_P(StringScan, dynamic_config) { sleep(WAIT_FOR_EFFECTIVE_S * 3); - ret = maat_scan_string(maat_inst, table_name, attribute_name, data, strlen(data), results, + ret = maat_scan_string(maat_inst, table_name, field_name, data, strlen(data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1419,7 +1419,7 @@ TEST_P(StringScan, dynamic_config) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1437,12 +1437,12 @@ TEST_P(StringScan, dynamic_config) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, data, strlen(data), results, + ret = maat_scan_string(maat_inst, table_name, field_name, data, strlen(data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1506,7 +1506,7 @@ struct maat *StreamScan::_shared_maat_inst; TEST_P(StreamScan, dynamic_config) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *keywords1 = "hello"; char keyword_buf[128]; uuid_t results[ARRAY_SIZE]; @@ -1523,21 +1523,21 @@ TEST_P(StreamScan, dynamic_config) { char rule1_uuid_str[UUID_STR_LEN] = {0}; snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); struct maat_cmd_and_condition and_condition; - int ret = test_add_expr_command(maat_inst, table_name, attribute_name, rule1_uuid_str, 0, keywords1, &and_condition); + int ret = test_add_expr_command(maat_inst, table_name, field_name, rule1_uuid_str, 0, keywords1, &and_condition); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); memset(results, 0, sizeof(results)); - struct maat_stream *sp = maat_stream_new(maat_inst, table_name, attribute_name, state); + struct maat_stream *sp = maat_stream_new(maat_inst, table_name, field_name, state); ASSERT_TRUE(sp != NULL); ret = maat_stream_scan(sp, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1549,7 +1549,7 @@ TEST_P(StreamScan, dynamic_config) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1560,7 +1560,7 @@ TEST_P(StreamScan, dynamic_config) { long long rule2_id = maat_cmd_incrby(maat_inst, "TEST_SEQ", 1); char rule2_uuid_str[UUID_STR_LEN] = {0}; snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id); - ret = test_add_expr_command(maat_inst, table_name, attribute_name, rule2_uuid_str, 0, keyword_buf, &and_condition); + ret = test_add_expr_command(maat_inst, table_name, field_name, rule2_uuid_str, 0, keyword_buf, &and_condition); EXPECT_EQ(ret, 1); // Inc config has not yet taken effect, stream scan can hit rule @@ -1580,7 +1580,7 @@ TEST_P(StreamScan, dynamic_config) { ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1643,7 +1643,7 @@ struct log_handle *IPScan::logger; TEST_F(IPScan, IPv4Unspecified) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1657,12 +1657,12 @@ TEST_F(IPScan, IPv4Unspecified) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip1, results, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1672,7 +1672,7 @@ TEST_F(IPScan, IPv4Unspecified) { TEST_F(IPScan, IPv4Broadcast) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1686,12 +1686,12 @@ TEST_F(IPScan, IPv4Broadcast) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip1, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1701,7 +1701,7 @@ TEST_F(IPScan, IPv4Broadcast) { TEST_F(IPScan, MatchSingleIPv4) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1715,7 +1715,7 @@ TEST_F(IPScan, MatchSingleIPv4) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1723,7 +1723,7 @@ TEST_F(IPScan, MatchSingleIPv4) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000169"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1733,7 +1733,7 @@ TEST_F(IPScan, MatchSingleIPv4) { TEST_F(IPScan, IPv6Unspecified) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1747,7 +1747,7 @@ TEST_F(IPScan, IPv6Unspecified) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1755,7 +1755,7 @@ TEST_F(IPScan, IPv6Unspecified) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000210"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1764,7 +1764,7 @@ TEST_F(IPScan, IPv6Unspecified) { TEST_F(IPScan, IPv6Broadcast) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1778,12 +1778,12 @@ TEST_F(IPScan, IPv6Broadcast) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1792,7 +1792,7 @@ TEST_F(IPScan, IPv6Broadcast) { TEST_F(IPScan, MatchSingleIPv6) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1806,7 +1806,7 @@ TEST_F(IPScan, MatchSingleIPv6) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1814,7 +1814,7 @@ TEST_F(IPScan, MatchSingleIPv6) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000210"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1824,7 +1824,7 @@ TEST_F(IPScan, MatchSingleIPv6) { TEST_F(IPScan, MatchIPv4Range) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1838,7 +1838,7 @@ TEST_F(IPScan, MatchIPv4Range) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -1849,7 +1849,7 @@ TEST_F(IPScan, MatchIPv4Range) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000154"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1858,7 +1858,7 @@ TEST_F(IPScan, MatchIPv4Range) { } TEST_F(IPScan, MatchIPv4Port) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1872,12 +1872,12 @@ TEST_F(IPScan, MatchIPv4Port) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4_port(maat_inst, table_name, attribute_name, sip, 443, results, ARRAY_SIZE, + ret = maat_scan_ipv4_port(maat_inst, table_name, field_name, sip, 443, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_ipv4_port(maat_inst, table_name, attribute_name, sip, 80, results, ARRAY_SIZE, + ret = maat_scan_ipv4_port(maat_inst, table_name, field_name, sip, 80, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1890,7 +1890,7 @@ TEST_F(IPScan, MatchIPv4Port) { } TEST_F(IPScan, MatchIPv6Range) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1904,7 +1904,7 @@ TEST_F(IPScan, MatchIPv6Range) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -1915,7 +1915,7 @@ TEST_F(IPScan, MatchIPv6Range) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000155"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1924,7 +1924,7 @@ TEST_F(IPScan, MatchIPv6Range) { } TEST_F(IPScan, MatchIPv6Port) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1939,7 +1939,7 @@ TEST_F(IPScan, MatchIPv6Port) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv6_port(maat_inst, table_name, attribute_name, sip, port, results, ARRAY_SIZE, + ret = maat_scan_ipv6_port(maat_inst, table_name, field_name, sip, port, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -1952,7 +1952,7 @@ TEST_F(IPScan, MatchIPv6Port) { maat_state_reset(state); //If the port is not present, should not match rules with port range. In this case, only rule 210 "::/0" should match. - ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv6(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -1965,7 +1965,7 @@ TEST_F(IPScan, MatchIPv6Port) { TEST_F(IPScan, BugReport20210515) { const char *table_name = "IP_CONFIG"; - const char *attribute_name = "IP_CONFIG"; + const char *field_name = "IP_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -1979,11 +1979,11 @@ TEST_F(IPScan, BugReport20210515) { struct maat_state *state = maat_state_new(maat_inst, thread_id); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv6(maat_inst, table_name, attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv6(maat_inst, table_name, field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -1993,7 +1993,7 @@ TEST_F(IPScan, BugReport20210515) { TEST_F(IPScan, RuleUpdates) { const char *table_name = "IP_PLUS_CONFIG"; - const char *attribute_name = "IP_PLUS_CONFIG"; + const char *field_name = "IP_PLUS_CONFIG"; struct maat *maat_inst = IPScan::_shared_maat_inst; int thread_id = 0; @@ -2005,12 +2005,12 @@ TEST_F(IPScan, RuleUpdates) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; struct maat_state *state = maat_state_new(maat_inst, thread_id); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2038,14 +2038,14 @@ TEST_F(IPScan, RuleUpdates) { and_condition.or_condition_num = 1; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, rule_uuid_str, &and_condition, 1, NULL, 0); EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2053,7 +2053,7 @@ TEST_F(IPScan, RuleUpdates) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2071,11 +2071,11 @@ TEST_F(IPScan, RuleUpdates) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2133,29 +2133,29 @@ TEST_F(IntervalScan, IntegerRange) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "CONTENT_SIZE"; - const char *attribute_name = "CONTENT_SIZE"; + const char *field_name = "CONTENT_SIZE"; struct maat *maat_inst = IntervalScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); unsigned int scan_data1 = 2015; - int ret = maat_scan_integer(maat_inst, table_name, attribute_name, scan_data1, results, + int ret = maat_scan_integer(maat_inst, table_name, field_name, scan_data1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); unsigned int scan_data2 = 300; - ret = maat_scan_integer(maat_inst, table_name, attribute_name, scan_data2, results, + ret = maat_scan_integer(maat_inst, table_name, field_name, scan_data2, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2168,13 +2168,13 @@ TEST_F(IntervalScan, SingleInteger) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "CONTENT_SIZE"; - const char *attribute_name = "CONTENT_SIZE"; + const char *field_name = "CONTENT_SIZE"; struct maat *maat_inst = IntervalScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); unsigned int scan_data1 = 3000; - int ret = maat_scan_integer(maat_inst, table_name, attribute_name, scan_data1, results, + int ret = maat_scan_integer(maat_inst, table_name, field_name, scan_data1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2182,7 +2182,7 @@ TEST_F(IntervalScan, SingleInteger) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000218"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2240,14 +2240,14 @@ TEST_F(ObjectScan, PhysicalTable) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; struct maat *maat_inst = ObjectScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); struct maat_hit_object hit_object; uuid_parse("00000000-0000-0000-0000-000000000247", hit_object.object_uuid); - int ret = maat_scan_object(maat_inst, table_name, attribute_name, &hit_object, 1, results, + int ret = maat_scan_object(maat_inst, table_name, field_name, &hit_object, 1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2260,11 +2260,11 @@ TEST_F(ObjectScan, PhysicalTable) { sleep(2); } -TEST_F(ObjectScan, Attribute) { +TEST_F(ObjectScan, Field) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *field_name = "HTTP_RESPONSE_KEYWORDS"; const char *table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = ObjectScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -2272,7 +2272,7 @@ TEST_F(ObjectScan, Attribute) { struct maat_hit_object hit_object; uuid_parse("00000000-0000-0000-0000-000000000259", hit_object.object_uuid); - int ret = maat_scan_object(maat_inst, table_name, attribute_name, &hit_object, 1, results, + int ret = maat_scan_object(maat_inst, table_name, field_name, &hit_object, 1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2290,7 +2290,7 @@ TEST_F(ObjectScan, SetScanRuleTable) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; struct maat *maat_inst = ObjectScan::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -2301,7 +2301,7 @@ TEST_F(ObjectScan, SetScanRuleTable) { struct maat_hit_object hit_object; uuid_parse("00000000-0000-0000-0000-000000000248", hit_object.object_uuid); - ret = maat_scan_object(maat_inst, table_name, attribute_name, &hit_object, 1, results, + ret = maat_scan_object(maat_inst, table_name, field_name, &hit_object, 1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2367,18 +2367,18 @@ TEST_F(NOTLogic, OneRegion) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *attribute_name = "HTTP_URL_FILTER"; + const char *field_name = "HTTP_URL_FILTER"; const char *table_name = "HTTP_URL"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_hit, + int ret = maat_scan_string(maat_inst, table_name, field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2388,12 +2388,12 @@ TEST_F(NOTLogic, OneRegion) { maat_state_reset(state); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_not_hit, + ret = maat_scan_string(maat_inst, table_name, field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2409,47 +2409,47 @@ TEST_F(NOTLogic, ScanNotAtLast) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *hit_attribute_name = "HTTP_URL_FILTER"; + const char *hit_field_name = "HTTP_URL_FILTER"; const char *hit_table_name = "HTTP_URL"; - const char *not_hit_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *not_hit_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *not_hit_table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); // scan string_should_hit(HTTP_URL_FILTER) & string_should_not_hit(HTTP_RESPONSE_KEYWORDS) => not hit rule - int ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + int ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_should_not_hit, + ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_contain_nothing, + ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_contain_nothing, strlen(string_contain_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); //scan string_should_hit(HTTP_URL_FILTER) & nothing(HTTP_RESPONSE_KEYWORDS) => hit rule144 - ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_contain_nothing, + ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_contain_nothing, strlen(string_contain_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2467,28 +2467,28 @@ TEST_F(NOTLogic, ScanIrrelavantAtLast) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *hit_attribute_name = "HTTP_URL_FILTER"; + const char *hit_field_name = "HTTP_URL_FILTER"; const char *hit_table_name = "HTTP_URL"; - const char *not_hit_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *not_hit_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *not_hit_table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + int ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_irrelevant, + ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_irrelevant, strlen(string_irrelevant), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2506,28 +2506,28 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyExpr) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *not_hit_attribute_name = "HTTP_URL_FILTER"; + const char *not_hit_field_name = "HTTP_URL_FILTER"; const char *not_hit_table_name = "HTTP_URL"; - const char *hit_attribute_name = "IP_PLUS_CONFIG"; + const char *hit_field_name = "IP_PLUS_CONFIG"; const char *hit_table_name = "IP_PLUS_CONFIG"; - const char *empty_attribute_name = "EMPTY_KEYWORD"; + const char *empty_field_name = "EMPTY_KEYWORD"; const char *empty_table_name = "EMPTY_KEYWORD"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_should_not_hit, + int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); uint32_t sip; inet_pton(AF_INET, "10.0.8.186", &sip); - ret = maat_scan_ipv4(maat_inst, hit_table_name, hit_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, hit_table_name, hit_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2535,16 +2535,16 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyExpr) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000186"); - ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, empty_table_name, empty_attribute_name, string_match_no_region, + ret = maat_scan_string(maat_inst, empty_table_name, empty_field_name, string_match_no_region, strlen(string_match_no_region), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, empty_table_name, empty_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, empty_table_name, empty_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2557,28 +2557,28 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyInteger) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *not_hit_attribute_name = "HTTP_URL_FILTER"; + const char *not_hit_field_name = "HTTP_URL_FILTER"; const char *not_hit_table_name = "HTTP_URL"; - const char *hit_attribute_name = "IP_PLUS_CONFIG"; + const char *hit_field_name = "IP_PLUS_CONFIG"; const char *hit_table_name = "IP_PLUS_CONFIG"; - const char *empty_attribute_name = "EMPTY_INTERGER"; + const char *empty_field_name = "EMPTY_INTERGER"; const char *empty_table_name = "EMPTY_INTERGER"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_should_not_hit, + int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); uint32_t sip; inet_pton(AF_INET, "10.0.8.187", &sip); - ret = maat_scan_ipv4(maat_inst, hit_table_name, hit_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, hit_table_name, hit_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2586,18 +2586,18 @@ TEST_F(NOTLogic, ScanHitAtLastEmptyInteger) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000187"); - ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); int empty_table_id = maat_get_table_id(maat_inst, empty_table_name); ASSERT_GT(empty_table_id, 0); - ret = maat_scan_integer(maat_inst, empty_table_name, empty_attribute_name, 2015, + ret = maat_scan_integer(maat_inst, empty_table_name, empty_field_name, 2015, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, empty_table_name, empty_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, empty_table_name, empty_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2611,30 +2611,30 @@ TEST_F(NOTLogic, ScanNotIP) { size_t n_hit_result = 0; int thread_id = 0; const char *hit_table_name = "HTTP_URL"; - const char *hit_attribute_name = "HTTP_URL"; - const char *not_hit_attribute_name = "ATTRIBUTE_IP_CONFIG"; + const char *hit_field_name = "HTTP_URL"; + const char *not_hit_field_name = "FIELD_IP_CONFIG"; const char *not_hit_table_name = "IP_CONFIG"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - // scan string_should_hit(HTTP_URL) & hit ip(ATTRIBUTE_IP_CONFIG) => not hit rule - int ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + // scan string_should_hit(HTTP_URL) & hit ip(FIELD_IP_CONFIG) => not hit rule + int ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); uint32_t sip; inet_pton(AF_INET, "10.0.6.205", &sip); - ret = maat_scan_ipv4(maat_inst, not_hit_table_name, not_hit_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, not_hit_table_name, not_hit_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2644,18 +2644,18 @@ TEST_F(NOTLogic, ScanNotIP) { maat_state_reset(state); - // scan string_should_hit(HTTP_URL) & not hit ip(ATTRIBUTE_IP_CONFIG) => hit rule145 - ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + // scan string_should_hit(HTTP_URL) & not hit ip(FIELD_IP_CONFIG) => hit rule145 + ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); inet_pton(AF_INET, "10.0.6.201", &sip); - ret = maat_scan_ipv4(maat_inst, not_hit_table_name, not_hit_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, not_hit_table_name, not_hit_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -2671,81 +2671,81 @@ TEST_F(NOTLogic, NotUrlAndNotIp) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *url_attribute_name = "HTTP_URL_FILTER"; + const char *url_field_name = "HTTP_URL_FILTER"; const char *url_table_name = "HTTP_URL"; - const char *ip_attribute_name = "ATTRIBUTE_IP_CONFIG"; + const char *ip_field_name = "FIELD_IP_CONFIG"; const char *ip_table_name = "IP_CONFIG"; - const char *http_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *http_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *http_table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - //scan string_should_half_hit(HTTP_URL_FILTER) & hit ip(ATTRIBUTE_IP_CONFIG) => not hit rule - int ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string_should_half_hit, + //scan string_should_half_hit(HTTP_URL_FILTER) & hit ip(FIELD_IP_CONFIG) => not hit rule + int ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string_should_half_hit, strlen(string_should_half_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); uint32_t sip; inet_pton(AF_INET, "10.0.6.201", &sip); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - // scan string_should_half_hit(HTTP_RESPONSE_KEYWORDS) & not hit ip(ATTRIBUTE_IP_CONFIG) => not hit rule + // scan string_should_half_hit(HTTP_RESPONSE_KEYWORDS) & not hit ip(FIELD_IP_CONFIG) => not hit rule - ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_should_not_hit, + ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); inet_pton(AF_INET, "10.1.0.0", &sip); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - // scan scan string_should_half_hit(HTTP_URL_FILTER) & not hit ip(ATTRIBUTE_IP_CONFIG) => hit rule146 - ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string_should_half_hit, + // scan scan string_should_half_hit(HTTP_URL_FILTER) & not hit ip(FIELD_IP_CONFIG) => hit rule146 + ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string_should_half_hit, strlen(string_should_half_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_nothing, + ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); inet_pton(AF_INET, "10.1.0.0", &sip); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2765,7 +2765,7 @@ TEST_F(NOTLogic, NotPhysicalTable) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *field_name = "HTTP_RESPONSE_KEYWORDS"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -2779,7 +2779,7 @@ TEST_F(NOTLogic, NotPhysicalTable) { &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string2, strlen(string2), + ret = maat_scan_string(maat_inst, table_name, field_name, string2, strlen(string2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -2794,7 +2794,7 @@ TEST_F(NOTLogic, NotPhysicalTable) { &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string2, strlen(string2), + ret = maat_scan_string(maat_inst, table_name, field_name, string2, strlen(string2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2811,87 +2811,87 @@ TEST_F(NOTLogic, EightNotCondition) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *attribute_name1 = "HTTP_RESPONSE_KEYWORDS_1"; - const char *attribute_name2 = "HTTP_RESPONSE_KEYWORDS_2"; - const char *attribute_name3 = "HTTP_RESPONSE_KEYWORDS_3"; - const char *attribute_name4 = "HTTP_RESPONSE_KEYWORDS_4"; - const char *attribute_name5 = "HTTP_RESPONSE_KEYWORDS_5"; - const char *attribute_name6 = "HTTP_RESPONSE_KEYWORDS_6"; - const char *attribute_name7 = "HTTP_RESPONSE_KEYWORDS_7"; - const char *attribute_name8 = "HTTP_RESPONSE_KEYWORDS_8"; + const char *field_name1 = "HTTP_RESPONSE_KEYWORDS_1"; + const char *field_name2 = "HTTP_RESPONSE_KEYWORDS_2"; + const char *field_name3 = "HTTP_RESPONSE_KEYWORDS_3"; + const char *field_name4 = "HTTP_RESPONSE_KEYWORDS_4"; + const char *field_name5 = "HTTP_RESPONSE_KEYWORDS_5"; + const char *field_name6 = "HTTP_RESPONSE_KEYWORDS_6"; + const char *field_name7 = "HTTP_RESPONSE_KEYWORDS_7"; + const char *field_name8 = "HTTP_RESPONSE_KEYWORDS_8"; const char *table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, table_name, attribute_name1, string_nothing, + int ret = maat_scan_string(maat_inst, table_name, field_name1, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name1, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name2, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name2, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name2, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name2, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name3, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name3, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name3, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name3, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name4, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name4, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name4, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name4, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name5, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name5, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name5, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name5, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name6, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name6, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name6, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name6, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name7, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name7, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name7, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name7, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name8, string_nothing, + ret = maat_scan_string(maat_inst, table_name, field_name8, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name8, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name8, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2911,37 +2911,37 @@ TEST_F(NOTLogic, NotConditionAndExcludeObject1) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *url_attribute_name = "HTTP_URL_FILTER"; + const char *url_field_name = "HTTP_URL_FILTER"; const char *url_table_name = "HTTP_URL"; - const char *http_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *http_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *http_table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string_should_not_hit, + int ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string_should_half_hit, + ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string_should_half_hit, strlen(string_should_half_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_nothing, + ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -2960,46 +2960,46 @@ TEST_F(NOTLogic, NotConditionAndExcludeObject2) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *url_attribute_name = "HTTP_URL_FILTER"; + const char *url_field_name = "HTTP_URL_FILTER"; const char *url_table_name = "HTTP_URL"; - const char *http_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *http_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *http_table_name = "KEYWORDS_TABLE"; struct maat *maat_inst = NOTLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_keywords, + int ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_keywords, strlen(string_keywords), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string1, strlen(string1), + ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string1, strlen(string1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, http_table_name, http_attribute_name, string_keywords, + ret = maat_scan_string(maat_inst, http_table_name, http_field_name, string_keywords, strlen(string_keywords), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, http_table_name, http_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, http_table_name, http_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, string2, strlen(string2), + ret = maat_scan_string(maat_inst, url_table_name, url_field_name, string2, strlen(string2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3014,7 +3014,7 @@ TEST_F(NOTLogic, NotConditionAndExcludeObject2) { TEST_F(NOTLogic, SingleNotCondition) { const char *string_nothing = "nothing string"; const char *string_should_hit = "string has not_logic_keywords_222"; - const char *attribute_name = "HTTP_NOT_LOGIC_1"; + const char *field_name = "HTTP_NOT_LOGIC_1"; const char *table_name = "KEYWORDS_TABLE"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -3023,23 +3023,23 @@ TEST_F(NOTLogic, SingleNotCondition) { struct maat_state *state = maat_state_new(maat_inst, thread_id); //string_should_hit(HTTP_NOT_LOGIC_1) => not hit rule - int ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_hit, + int ret = maat_scan_string(maat_inst, table_name, field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); //string nothing(HTTP_NOT_LOGIC_1) => hit rule222 - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), + ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3056,7 +3056,7 @@ TEST_F(NOTLogic, MultiNotConditions) { const char *string1 = "string has not_logic_rule_223_1"; const char *string2 = "string has not_logic_rule_223_1"; const char *string3 = "string has not_logic_rule_223_1"; - const char *attribute_name = "HTTP_NOT_LOGIC"; + const char *field_name = "HTTP_NOT_LOGIC"; const char *table_name = "KEYWORDS_TABLE"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -3066,56 +3066,56 @@ TEST_F(NOTLogic, MultiNotConditions) { // rule223 = !string1 & !string2 & !string3 //Case1: scan string1 & !string2 & !string3 - int ret = maat_scan_string(maat_inst, table_name, attribute_name, string1, strlen(string1), + int ret = maat_scan_string(maat_inst, table_name, field_name, string1, strlen(string1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), + ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); //Case2: scan !string1 & string2 & !string3 - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), + ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string2, strlen(string2), + ret = maat_scan_string(maat_inst, table_name, field_name, string2, strlen(string2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); //Case3: scan !string1 & !string2 & string3 - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), + ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string3, strlen(string3), + ret = maat_scan_string(maat_inst, table_name, field_name, string3, strlen(string3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); //Case4: scan !string1 & !string2 & !string3 - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_nothing, strlen(string_nothing), + ret = maat_scan_string(maat_inst, table_name, field_name, string_nothing, strlen(string_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3133,8 +3133,8 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) { const char *src_asn3 = "AS9001"; const char *src_asn_nothing = "nothing string"; const char *dst_asn = "AS2345"; - const char *src_asn_attribute_name = "ASN_NOT_LOGIC"; - const char *dst_asn_attribute_name = "DESTINATION_IP_ASN"; + const char *src_asn_field_name = "ASN_NOT_LOGIC"; + const char *dst_asn_field_name = "DESTINATION_IP_ASN"; const char *table_name = "AS_NUMBER"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -3145,15 +3145,15 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) { //-------------------------------------- // Source ASN1 & Dest ASN => not hit rule //-------------------------------------- - int ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn1, strlen(src_asn1), + int ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn1, strlen(src_asn1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, dst_asn_attribute_name, dst_asn, strlen(dst_asn), + ret = maat_scan_string(maat_inst, table_name, dst_asn_field_name, dst_asn, strlen(dst_asn), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -3162,15 +3162,15 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) { //-------------------------------------- // Source ASN2 & Dest ASN => not hit rule //-------------------------------------- - ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn2, strlen(src_asn2), + ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn2, strlen(src_asn2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, dst_asn_attribute_name, dst_asn, strlen(dst_asn), + ret = maat_scan_string(maat_inst, table_name, dst_asn_field_name, dst_asn, strlen(dst_asn), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -3179,31 +3179,31 @@ TEST_F(NOTLogic, MultiObjectsInOneNotCondition) { //-------------------------------------- // Source ASN3 & Dest ASN => not hit rule //-------------------------------------- - ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, dst_asn_attribute_name, dst_asn, strlen(dst_asn), + ret = maat_scan_string(maat_inst, table_name, dst_asn_field_name, dst_asn, strlen(dst_asn), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); maat_state_reset(state); // Source nothing & Dest ASN => hit rule177 - ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn_nothing, + ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn_nothing, strlen(src_asn_nothing),results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, dst_asn_attribute_name, dst_asn, strlen(dst_asn), + ret = maat_scan_string(maat_inst, table_name, dst_asn_field_name, dst_asn, strlen(dst_asn), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3220,11 +3220,11 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { const char *src_asn2 = "AS6789"; const char *src_nothing = "nothing"; const char *my_county = "Greece.Sparta"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *src_asn_attribute_name = "SOURCE_IP_ASN"; + const char *src_asn_field_name = "SOURCE_IP_ASN"; const char *src_asn_table_name = "AS_NUMBER"; - const char *ip_geo_attribute_name = "SOURCE_IP_GEO"; + const char *ip_geo_field_name = "SOURCE_IP_GEO"; const char *ip_geo_table_name = "GeoLocation"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -3235,15 +3235,15 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { //------------------------------------------- // Source ASN1 & IP Geo //------------------------------------------- - int ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_asn1, strlen(src_asn1), + int ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_asn1, strlen(src_asn1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3252,15 +3252,15 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { //------------------------------------------- // Source nothing & IP Geo //------------------------------------------- - ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_nothing, strlen(src_nothing), + ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_nothing, strlen(src_nothing), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3273,15 +3273,15 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { //------------------------------------------- // Source ASN2 & IP Geo //------------------------------------------- - ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_asn2, strlen(src_asn2), + ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_asn2, strlen(src_asn2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, src_asn_table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3292,15 +3292,15 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { //-------------------------------------- uint32_t ip_addr; inet_pton(AF_INET, "192.168.40.88", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3311,15 +3311,15 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { //-------------------------------------- inet_pton(AF_INET, "192.168.40.89", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3330,16 +3330,16 @@ TEST_F(NOTLogic, MultiLiteralsInOneNotCondition) { state = NULL; } -TEST_F(NOTLogic, SameAttributeInMultiCondition) { +TEST_F(NOTLogic, SameFieldInMultiCondition) { const char *src_asn1 = "AS1234"; const char *src_asn2 = "AS9002"; const char *src_asn3 = "AS9003"; const char *my_county = "Greece.Sparta"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; - const char *dst_asn_attribute_name = "DESTINATION_IP_ASN"; + const char *ip_field_name = "IP_PLUS_CONFIG"; + const char *dst_asn_field_name = "DESTINATION_IP_ASN"; const char *dst_asn_table_name = "AS_NUMBER"; - const char *ip_geo_attribute_name = "SOURCE_IP_GEO"; + const char *ip_geo_field_name = "SOURCE_IP_GEO"; const char *ip_geo_table_name = "GeoLocation"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -3352,19 +3352,19 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) { //------------------------------------------- // Dest ASN1 & Dest ASN3 & IP Config //------------------------------------------- - int ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn1, strlen(src_asn1), + int ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn1, strlen(src_asn1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3373,19 +3373,19 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) { //------------------------------------------- // Dest ASN2 & Dest ASN3 & IP Config //------------------------------------------- - ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn2, strlen(src_asn2), + ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn2, strlen(src_asn2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -3394,23 +3394,23 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) { //------------------------------------------- // Dest IP Geo & Dest ASN3 & IP Config //------------------------------------------- - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_geo_table_name, ip_geo_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_geo_table_name, ip_geo_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -3419,15 +3419,15 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) { //------------------------------------------- // Dest ASN3 & IP Geo //------------------------------------------- - ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3440,16 +3440,16 @@ TEST_F(NOTLogic, SameAttributeInMultiCondition) { //-------------------------------------- // IP Config & IP Geo //-------------------------------------- - ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, dst_asn_table_name, dst_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); inet_pton(AF_INET, "192.168.40.89", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, dst_asn_table_name, dst_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3510,22 +3510,22 @@ TEST_F(ExcludeLogic, ScanExcludeAtFirst) { size_t n_hit_result = 0; int thread_id = 0; const char *not_hit_table_name = "KEYWORDS_TABLE"; - const char *not_hit_attribute_name = "KEYWORDS_TABLE"; + const char *not_hit_field_name = "KEYWORDS_TABLE"; const char *hit_table_name = "HTTP_URL"; - const char *hit_attribute_name = "HTTP_URL"; + const char *hit_field_name = "HTTP_URL"; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_should_not_hit, + int ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -3534,7 +3534,7 @@ TEST_F(ExcludeLogic, ScanExcludeAtFirst) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000199"); - ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3550,22 +3550,22 @@ TEST_F(ExcludeLogic, ScanExcludeAtLast) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_not_hit, + int ret = maat_scan_string(maat_inst, table_name, field_name, string_should_not_hit, strlen(string_should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, table_name, attribute_name, string_should_hit, + ret = maat_scan_string(maat_inst, table_name, field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); @@ -3575,7 +3575,7 @@ TEST_F(ExcludeLogic, ScanExcludeAtLast) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000200"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3590,13 +3590,13 @@ TEST_F(ExcludeLogic, ScanIrrelavantAtLast) { size_t n_hit_result = 0; int thread_id = 0; const char *hit_table_name = "HTTP_URL"; - const char *hit_attribute_name = "HTTP_URL"; + const char *hit_field_name = "HTTP_URL"; const char *not_hit_table_name = "KEYWORDS_TABLE"; - const char *not_hit_attribute_name = "KEYWORDS_TABLE"; + const char *not_hit_field_name = "KEYWORDS_TABLE"; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, hit_table_name, hit_attribute_name, string_should_hit, + int ret = maat_scan_string(maat_inst, hit_table_name, hit_field_name, string_should_hit, strlen(string_should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -3605,16 +3605,16 @@ TEST_F(ExcludeLogic, ScanIrrelavantAtLast) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000200"); - ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, hit_table_name, hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_attribute_name, string_irrelevant, + ret = maat_scan_string(maat_inst, not_hit_table_name, not_hit_field_name, string_irrelevant, strlen(string_irrelevant), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, not_hit_table_name, not_hit_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3622,20 +3622,20 @@ TEST_F(ExcludeLogic, ScanIrrelavantAtLast) { state = NULL; } -TEST_F(ExcludeLogic, ScanAttribute) { +TEST_F(ExcludeLogic, ScanField) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - const char *attribute_name = "ATTRIBUTE_IP_PLUS_TABLE"; + const char *field_name = "FIELD_IP_PLUS_TABLE"; const char *table_name = "IP_PLUS_CONFIG"; uint32_t should_hit_ip; uint32_t should_not_hit_ip; inet_pton(AF_INET, "100.64.1.1", &should_hit_ip); - int ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, should_hit_ip, results, + int ret = maat_scan_ipv4(maat_inst, table_name, field_name, should_hit_ip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -3645,41 +3645,41 @@ TEST_F(ExcludeLogic, ScanAttribute) { maat_state_reset(state); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); inet_pton(AF_INET, "100.64.1.5", &should_hit_ip); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, should_hit_ip, results, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, should_hit_ip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000202"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); inet_pton(AF_INET, "100.64.1.6", &should_not_hit_ip); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, should_not_hit_ip, results, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, should_not_hit_ip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); inet_pton(AF_INET, "100.64.1.11", &should_not_hit_ip); - ret = maat_scan_ipv4(maat_inst, table_name, attribute_name, should_not_hit_ip, results, + ret = maat_scan_ipv4(maat_inst, table_name, field_name, should_not_hit_ip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3692,8 +3692,8 @@ TEST_F(ExcludeLogic, ScanWithMultiCondition) { int thread_id = 0; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - const char *src_ip_attribute_name = "ATTRIBUTE_IP_PLUS_SOURCE"; - const char *dst_ip_attribute_name = "ATTRIBUTE_IP_PLUS_DESTINATION"; + const char *src_ip_field_name = "FIELD_IP_PLUS_SOURCE"; + const char *dst_ip_field_name = "FIELD_IP_PLUS_DESTINATION"; const char *ip_table_name = "IP_PLUS_CONFIG"; int ip_table_id = maat_get_table_id(maat_inst, ip_table_name); @@ -3702,38 +3702,38 @@ TEST_F(ExcludeLogic, ScanWithMultiCondition) { uint32_t ip_addr; inet_pton(AF_INET, "192.168.50.43", &ip_addr); - int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_attribute_name, ip_addr, results, + int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); inet_pton(AF_INET, "47.92.108.93", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - const char *expr_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *expr_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *expr_table_name = "KEYWORDS_TABLE"; const char *should_not_hit_expr = "www.jianshu.com"; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_not_hit_expr, + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_not_hit_expr, strlen(should_not_hit_expr), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); const char *should_hit_expr = "mail.jianshu.com"; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_hit_expr, + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_hit_expr, strlen(should_hit_expr), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -3742,7 +3742,7 @@ TEST_F(ExcludeLogic, ScanWithMultiCondition) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000203"); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -3756,56 +3756,56 @@ TEST_F(ExcludeLogic, ExcludeInDifferentLevel) { int thread_id = 0; struct maat *maat_inst = ExcludeLogic::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - const char *src_ip_attribute_name = "ATTRIBUTE_IP_PLUS_SOURCE"; - const char *dst_ip_attribute_name = "ATTRIBUTE_IP_PLUS_DESTINATION"; + const char *src_ip_field_name = "FIELD_IP_PLUS_SOURCE"; + const char *dst_ip_field_name = "FIELD_IP_PLUS_DESTINATION"; const char *ip_table_name = "IP_PLUS_CONFIG"; uint32_t ip_addr; inet_pton(AF_INET, "100.64.2.1", &ip_addr); - int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_attribute_name, ip_addr, results, + int ret = maat_scan_ipv4(maat_inst, ip_table_name, src_ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, src_ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); inet_pton(AF_INET, "100.64.2.6", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, dst_ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, dst_ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - const char *expr_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *expr_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *expr_table_name = "KEYWORDS_TABLE"; const char *should_not_hit_expr1 = "www.baidu.com"; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_not_hit_expr1, + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_not_hit_expr1, strlen(should_not_hit_expr1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); const char *should_not_hit_expr2 = "mail.baidu.com"; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_not_hit_expr2, + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_not_hit_expr2, strlen(should_not_hit_expr2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); const char *should_hit_expr = "hit.baidu.com"; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, should_hit_expr, + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, should_hit_expr, strlen(should_hit_expr), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -3814,7 +3814,7 @@ TEST_F(ExcludeLogic, ExcludeInDifferentLevel) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000204"); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -4713,7 +4713,7 @@ TEST_F(BoolPluginTable, EX_DATA) { EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000305"); } -class Attribute : public testing::Test +class Field : public testing::Test { protected: static void SetUpTestCase() { @@ -4742,7 +4742,7 @@ protected: maat_options_free(opts); if (NULL == _shared_maat_inst) { log_fatal(logger, MODULE_FRAMEWORK_GTEST, - "[%s:%d] create maat instance in Attribute failed.", + "[%s:%d] create maat instance in Field failed.", __FUNCTION__, __LINE__); } } @@ -4756,23 +4756,23 @@ protected: static struct maat *_shared_maat_inst; }; -struct maat *Attribute::_shared_maat_inst; -struct log_handle *Attribute::logger; +struct maat *Field::_shared_maat_inst; +struct log_handle *Field::logger; -TEST_F(Attribute, basic) { +TEST_F(Field, basic) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; int thread_id = 0; - const char *attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *field_name = "HTTP_RESPONSE_KEYWORDS"; const char *table_name = "KEYWORDS_TABLE"; - struct maat *maat_inst = Attribute::_shared_maat_inst; + struct maat *maat_inst = Field::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); char scan_data[128] = "string1, string2, string3, string4, string5," " string6, string7, string8"; - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); EXPECT_EQ(n_hit_result, 0); @@ -4968,11 +4968,11 @@ TEST_F(RuleTable, Conjunction1) { const char *scan_data = "i.ytimg.com/vi/OtCNcustg_I/hqdefault.jpg?sqp=-oaymwEZCNAC" "ELwBSFXyq4qpAwsIARUAAIhCGAFwAQ==&rs=AOn4CLDOp_5fHMaCA9XZuJdCRv4DNDorMg"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = RuleTable::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -4983,7 +4983,7 @@ TEST_F(RuleTable, Conjunction1) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000141"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5002,11 +5002,11 @@ TEST_F(RuleTable, Conjunction2) { const char *scan_data = "i.ytimg.com/vi/OtCNcustg_I/hqdefault.jpg?sqp=-oaymwEZCNACELw" "BSFXyq4qpAwsIARUAAIhCGAFwAQ==&rs=AOn4CLDOp_5fHMaCA9XZuJdCRv4DNDorMg"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = RuleTable::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -5017,7 +5017,7 @@ TEST_F(RuleTable, Conjunction2) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000141"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5025,11 +5025,11 @@ TEST_F(RuleTable, Conjunction2) { int n_read = maat_state_get_hit_paths(state, hit_path, HIT_PATH_SIZE); EXPECT_EQ(n_read, 2); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5145,26 +5145,26 @@ TEST_F(Policy, RuleRuleTags) { const char *should_hit = "string bbb should hit"; const char *should_not_hit = "string aaa should not hit"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = Policy::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, should_not_hit, + int ret = maat_scan_string(maat_inst, table_name, field_name, should_not_hit, strlen(should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_name, should_hit, + ret = maat_scan_string(maat_inst, table_name, field_name, should_hit, strlen(should_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5176,7 +5176,7 @@ TEST_F(Policy, RuleEXData) { const char *url = "firewall should hit"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *plugin_table_name = "RULE_FIREWALL_PLUGIN"; const char *conj_rule_table_name = "RULE_FIREWALL_CONJUNCTION"; const char *expect_name = "I have a name"; @@ -5198,7 +5198,7 @@ TEST_F(Policy, RuleEXData) { ret = maat_state_set_scan_rule_table(state, conj_rule_table_name); EXPECT_EQ(ret, 0); - ret = maat_scan_string(maat_inst, table_name, attribute_name, url, strlen(url), + ret = maat_scan_string(maat_inst, table_name, field_name, url, strlen(url), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -5206,7 +5206,7 @@ TEST_F(Policy, RuleEXData) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000198"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5233,21 +5233,21 @@ TEST_F(Policy, SubObject) { uint32_t ip_addr; inet_pton(AF_INET,"10.0.6.201", &ip_addr); - const char *attribute_name = "MAIL_ADDR"; + const char *field_name = "MAIL_ADDR"; const char *table_name = "MAIL_ADDR"; - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; + const char *ip_field_name = "IP_CONFIG"; - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -5255,7 +5255,7 @@ TEST_F(Policy, SubObject) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000153"); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5270,9 +5270,9 @@ TEST_F(Policy, EvaluationOrder) { struct maat *maat_inst = Policy::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; - int ret = maat_scan_string(maat_inst, table_name, attribute_name, url, strlen(url), + int ret = maat_scan_string(maat_inst, table_name, field_name, url, strlen(url), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 3); @@ -5291,7 +5291,7 @@ TEST_F(Policy, EvaluationOrder) { size_t n_hit_path = maat_state_get_hit_paths(state, hit_path, 128); EXPECT_EQ(n_hit_path, 6); - EXPECT_STREQ(hit_path[0].attribute_name, attribute_name); + EXPECT_STREQ(hit_path[0].field_name, field_name); uuid_unparse(hit_path[0].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000157"); uuid_unparse(hit_path[0].top_object_uuid, uuid_str); @@ -5300,7 +5300,7 @@ TEST_F(Policy, EvaluationOrder) { uuid_unparse(hit_path[0].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000166"); - EXPECT_STREQ(hit_path[1].attribute_name, attribute_name); + EXPECT_STREQ(hit_path[1].field_name, field_name); uuid_unparse(hit_path[1].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000155"); EXPECT_EQ(uuid_is_null(hit_path[1].top_object_uuid), 1); @@ -5308,7 +5308,7 @@ TEST_F(Policy, EvaluationOrder) { EXPECT_EQ(uuid_is_null(hit_path[1].rule_uuid), 1); - EXPECT_STREQ(hit_path[2].attribute_name, attribute_name); + EXPECT_STREQ(hit_path[2].field_name, field_name); uuid_unparse(hit_path[2].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158"); uuid_unparse(hit_path[2].top_object_uuid, uuid_str); @@ -5318,7 +5318,7 @@ TEST_F(Policy, EvaluationOrder) { EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000168"); - EXPECT_STREQ(hit_path[3].attribute_name, attribute_name); + EXPECT_STREQ(hit_path[3].field_name, field_name); uuid_unparse(hit_path[3].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158"); uuid_unparse(hit_path[3].top_object_uuid, uuid_str); @@ -5328,7 +5328,7 @@ TEST_F(Policy, EvaluationOrder) { EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000168"); - EXPECT_STREQ(hit_path[4].attribute_name, attribute_name); + EXPECT_STREQ(hit_path[4].field_name, field_name); uuid_unparse(hit_path[4].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158"); uuid_unparse(hit_path[4].top_object_uuid, uuid_str); @@ -5338,7 +5338,7 @@ TEST_F(Policy, EvaluationOrder) { EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000167"); - EXPECT_STREQ(hit_path[5].attribute_name, attribute_name); + EXPECT_STREQ(hit_path[5].field_name, field_name); uuid_unparse(hit_path[5].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000158"); uuid_unparse(hit_path[5].top_object_uuid, uuid_str); @@ -5347,7 +5347,7 @@ TEST_F(Policy, EvaluationOrder) { uuid_unparse(hit_path[5].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000167"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5355,17 +5355,17 @@ TEST_F(Policy, EvaluationOrder) { inet_pton(AF_INET, "192.168.23.23", &ip_addr); const char *ip_plus_table_name = "IP_PLUS_CONFIG"; - const char *ip_plus_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_plus_field_name = "IP_PLUS_CONFIG"; memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4(maat_inst, ip_plus_table_name, ip_plus_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_plus_table_name, ip_plus_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000165"); - ret = maat_scan_not_logic(maat_inst, ip_plus_table_name, ip_plus_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_plus_table_name, ip_plus_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5374,9 +5374,9 @@ TEST_F(Policy, EvaluationOrder) { TEST_F(Policy, NotConditionHitPath) { const char *url_table_name = "HTTP_URL"; - const char *url_attribute_name = "HTTP_URL"; + const char *url_field_name = "HTTP_URL"; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "ATTRIBUTE_IP_CONFIG"; + const char *ip_field_name = "FIELD_IP_CONFIG"; const char *url = "www.youtube.com"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -5384,18 +5384,18 @@ TEST_F(Policy, NotConditionHitPath) { struct maat *maat_inst = Policy::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, url, strlen(url), + int ret = maat_scan_string(maat_inst, url_table_name, url_field_name, url, strlen(url), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); uint32_t ip_addr; inet_pton(AF_INET, "192.168.101.101", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -5409,7 +5409,7 @@ TEST_F(Policy, NotConditionHitPath) { EXPECT_EQ(n_hit_path, 4); EXPECT_EQ(hit_path[0].Nth_scan, 1); - EXPECT_STREQ(hit_path[0].attribute_name, url_attribute_name); + EXPECT_STREQ(hit_path[0].field_name, url_field_name); EXPECT_EQ(hit_path[0].negate_option, 0); EXPECT_EQ(hit_path[0].condition_index, 0); uuid_unparse(hit_path[0].sub_object_uuid, uuid_str); @@ -5421,7 +5421,7 @@ TEST_F(Policy, NotConditionHitPath) { EXPECT_EQ(hit_path[1].Nth_scan, 2); - EXPECT_STREQ(hit_path[1].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[1].field_name, ip_field_name); EXPECT_EQ(hit_path[1].negate_option, 1); EXPECT_EQ(hit_path[1].condition_index, -1); uuid_unparse(hit_path[1].sub_object_uuid, uuid_str); @@ -5431,7 +5431,7 @@ TEST_F(Policy, NotConditionHitPath) { EXPECT_EQ(uuid_is_null(hit_path[1].rule_uuid), 1); EXPECT_EQ(hit_path[2].Nth_scan, 2); - EXPECT_STREQ(hit_path[2].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[2].field_name, ip_field_name); EXPECT_EQ(hit_path[2].negate_option, 1); EXPECT_EQ(hit_path[2].condition_index, -1); uuid_unparse(hit_path[2].sub_object_uuid, uuid_str); @@ -5441,7 +5441,7 @@ TEST_F(Policy, NotConditionHitPath) { EXPECT_EQ(hit_path[3].Nth_scan, 2); - EXPECT_STREQ(hit_path[3].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[3].field_name, ip_field_name); EXPECT_EQ(hit_path[3].negate_option, 1); EXPECT_EQ(hit_path[3].condition_index, 1); uuid_unparse(hit_path[3].sub_object_uuid, uuid_str); @@ -5507,11 +5507,11 @@ TEST_F(TableInfo, Conjunction) { const char *scan_data = "soq is using table conjunction function." "http://www.3300av.com/novel/27122.txt"; const char *conj_table_name = "HTTP_HOST"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = TableInfo::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, conj_table_name, attribute_name, scan_data, + int ret = maat_scan_string(maat_inst, conj_table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -5523,7 +5523,7 @@ TEST_F(TableInfo, Conjunction) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000133"); - ret = maat_scan_not_logic(maat_inst, conj_table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, conj_table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5578,7 +5578,7 @@ struct log_handle *FileTest::logger; TEST_F(FileTest, StreamFiles) { const char test_data_dir[64] = "./test_streamfiles"; const char *keywords_table_name = "KEYWORDS_TABLE"; - const char *keywords_attribute_name = "KEYWORDS_TABLE"; + const char *keywords_field_name = "KEYWORDS_TABLE"; int thread_id = 0; struct maat *maat_inst = FileTest::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -5587,7 +5587,7 @@ TEST_F(FileTest, StreamFiles) { int n = my_scandir(test_data_dir, &name_list, NULL, (int (*)(const void*, const void*))alphasort); ASSERT_GT(n, 0); - struct maat_stream *stream = maat_stream_new(maat_inst, keywords_table_name, keywords_attribute_name, state); + struct maat_stream *stream = maat_stream_new(maat_inst, keywords_table_name, keywords_field_name, state); ASSERT_FALSE(stream == NULL); struct stat file_info; @@ -5685,13 +5685,13 @@ protected: struct maat *ObjectHierarchy::_shared_maat_inst; struct log_handle *ObjectHierarchy::logger; -TEST_F(ObjectHierarchy, AttributeOfOnePhysical) +TEST_F(ObjectHierarchy, FieldOfOnePhysical) { const char *http_content = "Batman\\:Take me Home.Superman/:Fine,stay with me."; const char *http_url = "https://blog.csdn.net/littlefang/article/details/8213058"; - const char *url_attribute_name = "HTTP_URL"; + const char *url_field_name = "HTTP_URL"; const char *url_table_name = "HTTP_URL"; - const char *keywords_attribute_name = "HTTP_RESPONSE_KEYWORDS"; + const char *keywords_field_name = "HTTP_RESPONSE_KEYWORDS"; const char *keywords_table_name = "KEYWORDS_TABLE"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -5699,15 +5699,15 @@ TEST_F(ObjectHierarchy, AttributeOfOnePhysical) struct maat *maat_inst = ObjectHierarchy::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - int ret = maat_scan_string(maat_inst, url_table_name, url_attribute_name, http_url, strlen(http_url), + int ret = maat_scan_string(maat_inst, url_table_name, url_field_name, http_url, strlen(http_url), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, keywords_table_name, keywords_attribute_name, http_content, strlen(http_content), + ret = maat_scan_string(maat_inst, keywords_table_name, keywords_field_name, http_content, strlen(http_content), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -5715,7 +5715,7 @@ TEST_F(ObjectHierarchy, AttributeOfOnePhysical) uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000160"); - ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5723,12 +5723,12 @@ TEST_F(ObjectHierarchy, AttributeOfOnePhysical) const char *should_not_hit = "2018-10-05 is a keywords of table " "KEYWORDS_TABLE. Should not hit."; - ret = maat_scan_string(maat_inst, keywords_table_name, keywords_attribute_name, should_not_hit, + ret = maat_scan_string(maat_inst, keywords_table_name, keywords_field_name, should_not_hit, strlen(should_not_hit), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, keywords_table_name, keywords_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5736,10 +5736,10 @@ TEST_F(ObjectHierarchy, AttributeOfOnePhysical) state = NULL; } -TEST_F(ObjectHierarchy, OneObjectInTwoAttribute) { +TEST_F(ObjectHierarchy, OneObjectInTwoField) { const char *http_resp_hdr_cookie = "sessionid=888888;BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; sugstore=1;"; - const char *req_attribute_name = "HTTP_REQUEST_HEADER"; - const char *res_attribute_name = "HTTP_RESPONSE_HEADER"; + const char *req_field_name = "HTTP_REQUEST_HEADER"; + const char *res_field_name = "HTTP_RESPONSE_HEADER"; const char *table_name = "HTTP_SIGNATURE"; uuid_t results[ARRAY_SIZE]; @@ -5749,16 +5749,16 @@ TEST_F(ObjectHierarchy, OneObjectInTwoAttribute) { struct maat *maat_inst = ObjectHierarchy::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); - ret = maat_scan_string(maat_inst, table_name, req_attribute_name, http_resp_hdr_cookie, + ret = maat_scan_string(maat_inst, table_name, req_field_name, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, req_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, req_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, res_attribute_name, http_resp_hdr_cookie, + ret = maat_scan_string(maat_inst, table_name, res_field_name, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -5767,7 +5767,7 @@ TEST_F(ObjectHierarchy, OneObjectInTwoAttribute) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000163"); - ret = maat_scan_not_logic(maat_inst, table_name, res_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, res_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5780,7 +5780,7 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) { const char *src_asn2 = "AS6789"; const char *src_asn3 = "AS9001"; const char *dst_asn = "AS2345"; - const char *src_asn_attribute_name = "SOURCE_IP_ASN"; + const char *src_asn_field_name = "SOURCE_IP_ASN"; const char *dst_asn_sttribute_name = "DESTINATION_IP_ASN"; const char *table_name = "AS_NUMBER"; uuid_t results[ARRAY_SIZE]; @@ -5792,11 +5792,11 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) { //-------------------------------------- // Source ASN1 & Dest ASN //-------------------------------------- - int ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn1, strlen(src_asn1), + int ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn1, strlen(src_asn1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5817,11 +5817,11 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) { //-------------------------------------- // Source ASN2 & Dest ASN //-------------------------------------- - ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn2, strlen(src_asn2), + ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn2, strlen(src_asn2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5841,11 +5841,11 @@ TEST_F(ObjectHierarchy, MultiObjectsInOneCondition) { //-------------------------------------- // Source ASN3 & Dest ASN //-------------------------------------- - ret = maat_scan_string(maat_inst, table_name, src_asn_attribute_name, src_asn3, strlen(src_asn3), + ret = maat_scan_string(maat_inst, table_name, src_asn_field_name, src_asn3, strlen(src_asn3), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, src_asn_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, src_asn_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -5869,10 +5869,10 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) { const char *src_asn2 = "AS6789"; const char *my_county = "Greece.Sparta"; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; - const char *src_asn_attribute_name = "SOURCE_IP_ASN"; + const char *ip_field_name = "IP_CONFIG"; + const char *src_asn_field_name = "SOURCE_IP_ASN"; const char *src_asn_table_name = "AS_NUMBER"; - const char *ip_geo_attribute_name = "SOURCE_IP_GEO"; + const char *ip_geo_field_name = "SOURCE_IP_GEO"; const char *ip_geo_table_name = "GeoLocation"; uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; @@ -5884,14 +5884,14 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) { // Source ASN1 & IP //-------------------------------------- - int ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_asn1, strlen(src_asn1), + int ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_asn1, strlen(src_asn1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); uint32_t ip_addr; inet_pton(AF_INET, "192.168.40.88", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -5904,11 +5904,11 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) { //-------------------------------------- // IP Geo & IP //-------------------------------------- - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -5920,15 +5920,15 @@ TEST_F(ObjectHierarchy, MultiLiteralsInOneCondition) { //-------------------------------------- // (Source ASN2 | IP Geo) & IP //-------------------------------------- - ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_attribute_name, src_asn2, strlen(src_asn2), + ret = maat_scan_string(maat_inst, src_asn_table_name, src_asn_field_name, src_asn2, strlen(src_asn2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_attribute_name, my_county, strlen(my_county), + ret = maat_scan_string(maat_inst, ip_geo_table_name, ip_geo_field_name, my_county, strlen(my_county), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -5985,7 +5985,7 @@ TEST_F(MaatCmd, SetIP) { size_t n_hit_result = 0; int thread_id = 0; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; + const char *ip_field_name = "IP_CONFIG"; const char *rule_table_name = "RULE_DEFAULT"; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -6010,7 +6010,7 @@ TEST_F(MaatCmd, SetIP) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = ip_attribute_name; + and_condition.or_conditions[0].field_name = ip_field_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6026,7 +6026,7 @@ TEST_F(MaatCmd, SetIP) { int table_id = maat_get_table_id(maat_inst, ip_table_name); ASSERT_GE(table_id, 0); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, sip, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, sip, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -6034,7 +6034,7 @@ TEST_F(MaatCmd, SetIP) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6046,7 +6046,7 @@ TEST_F(MaatCmd, SetExpr) { const char *scan_data = "Hiredis is a minimalistic C client library" " for the Redis database.\r\n"; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *keywords1 = "Hiredis"; const char *keywords2 = "C Client"; @@ -6067,13 +6067,13 @@ TEST_F(MaatCmd, SetExpr) { snprintf(rule_uuid_str2, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); struct maat_cmd_and_condition and_condition1, and_condition2; - test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str1, 0, keywords, &and_condition1); - test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str2, 0, keywords, &and_condition2); + test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str1, 0, keywords, &and_condition1); + test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str2, 0, keywords, &and_condition2); sleep(WAIT_FOR_EFFECTIVE_S); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -6083,7 +6083,7 @@ TEST_F(MaatCmd, SetExpr) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str1); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6097,11 +6097,11 @@ TEST_F(MaatCmd, SetExpr) { EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6112,13 +6112,13 @@ TEST_F(MaatCmd, SetExpr) { char rule_uuid_str[UUID_STR_LEN] = {0}; snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); struct maat_cmd_and_condition and_condition; - test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str, timeout, keywords, &and_condition); + test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str, timeout, keywords, &and_condition); sleep(timeout + 1); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6132,7 +6132,7 @@ TEST_F(MaatCmd, SetExpr8) { const char *rule_table_name = "RULE_DEFAULT"; const char *table_name = "KEYWORDS_TABLE"; - const char *attribute_name = "KEYWORDS_TABLE"; + const char *field_name = "KEYWORDS_TABLE"; const char *keywords8 = "string1&string2&string3&string4&string5&string6&string7&string8"; const char *keywords7 = "string1&string2&string3&string4&string5&string6&string7"; @@ -6161,7 +6161,7 @@ TEST_F(MaatCmd, SetExpr8) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6170,7 +6170,7 @@ TEST_F(MaatCmd, SetExpr8) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data8, strlen(scan_data8), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data8, strlen(scan_data8), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -6178,7 +6178,7 @@ TEST_F(MaatCmd, SetExpr8) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6194,14 +6194,14 @@ TEST_F(MaatCmd, SetExpr8) { sleep(WAIT_FOR_EFFECTIVE_S); memset(&results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data7, strlen(scan_data7), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data7, strlen(scan_data7), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6214,7 +6214,7 @@ TEST_F(MaatCmd, ObjectScan) { size_t n_hit_result = 0; int thread_id = 0; const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *rule_table_name = "RULE_DEFAULT"; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -6229,7 +6229,7 @@ TEST_F(MaatCmd, ObjectScan) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6240,8 +6240,8 @@ TEST_F(MaatCmd, ObjectScan) { struct maat_hit_object hit_object; uuid_parse(object_uuid_str, hit_object.object_uuid); - strncpy(hit_object.attribute_name, attribute_name, sizeof(hit_object.attribute_name)); - ret = maat_scan_object(maat_inst, table_name, attribute_name, &hit_object, 1, results, ARRAY_SIZE, + strncpy(hit_object.field_name, field_name, sizeof(hit_object.field_name)); + ret = maat_scan_object(maat_inst, table_name, field_name, &hit_object, 1, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -6254,11 +6254,11 @@ TEST_F(MaatCmd, ObjectScan) { } /** - * Filter such as URL: http://filtermenot.com => {attribute_id, object_id} + * Filter such as URL: http://filtermenot.com => {field_id, object_id} One rule reference this filter twice, the rule should be hit. */ TEST_F(MaatCmd, SameFilterRefByOneRule) { - const char *attribute_name = "HTTP_URL_FILTER"; + const char *field_name = "HTTP_URL_FILTER"; const char *table_name = "HTTP_URL"; const char *scan_data = "http://filtermenot.com"; const char *keywords = "menot.com"; @@ -6286,13 +6286,13 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) { struct maat_cmd_and_condition and_condition[2]; and_condition[0].negate_option = 0; and_condition[0].or_condition_num = 1; - and_condition[0].or_conditions[0].attribute_name = attribute_name; + and_condition[0].or_conditions[0].field_name = field_name; and_condition[0].or_conditions[0].object_num = 1; and_condition[0].or_conditions[0].object_uuids_str[0] = object_uuid_str; - //condition1 & condition2 has same filter => {attribute_name, object_uuid} + //condition1 & condition2 has same filter => {field_name, object_uuid} and_condition[1].negate_option = 0; and_condition[1].or_condition_num = 1; - and_condition[1].or_conditions[0].attribute_name = attribute_name; + and_condition[1].or_conditions[0].field_name = field_name; and_condition[1].or_conditions[0].object_num = 1; and_condition[1].or_conditions[0].object_uuids_str[0] = object_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6301,7 +6301,7 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -6309,7 +6309,7 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6319,7 +6319,7 @@ TEST_F(MaatCmd, SameFilterRefByOneRule) { TEST_F(MaatCmd, RuleIDRecycle) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *scan_data = "Reuse rule ID is allowed."; const char *keywords = "Reuse&rule"; uuid_t results[ARRAY_SIZE]; @@ -6332,10 +6332,10 @@ TEST_F(MaatCmd, RuleIDRecycle) { char rule_uuid_str[UUID_STR_LEN] = {0}; snprintf(rule_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule_id); struct maat_cmd_and_condition and_condition; - test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str, 0, keywords, &and_condition); + test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str, 0, keywords, &and_condition); sleep(WAIT_FOR_EFFECTIVE_S); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -6344,7 +6344,7 @@ TEST_F(MaatCmd, RuleIDRecycle) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6353,28 +6353,28 @@ TEST_F(MaatCmd, RuleIDRecycle) { rule_table_set_line(maat_inst, "RULE_DEFAULT", MAAT_OP_DEL, rule_uuid_str, &and_condition, 1, NULL, 0); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str, 0, keywords, &and_condition); + test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str, 0, keywords, &and_condition); sleep(WAIT_FOR_EFFECTIVE_S); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6384,7 +6384,7 @@ TEST_F(MaatCmd, RuleIDRecycle) { TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *scan_data = "This string will hit mulptiple rules."; const char *keywords = "string will hit"; uuid_t results[ARRAY_SIZE]; @@ -6404,13 +6404,13 @@ TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) { struct maat_cmd_and_condition and_condition; expect_rule_id[i] = rule_id + 1 - repeat_times + i; snprintf(rule_uuid_str_array[i], UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", expect_rule_id[i]); - test_add_expr_command(maat_inst, table_name, attribute_name, rule_uuid_str_array[i], 0, keywords, &and_condition); + test_add_expr_command(maat_inst, table_name, field_name, rule_uuid_str_array[i], 0, keywords, &and_condition); } sleep(WAIT_FOR_EFFECTIVE_S); memset(results, 0, sizeof(results)); - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, repeat_times); @@ -6420,7 +6420,7 @@ TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) { EXPECT_STREQ(uuid_str, rule_uuid_str_array[repeat_times - i - 1]); } - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6429,7 +6429,7 @@ TEST_F(MaatCmd, ReturnRuleIDWithDescendingOrder) { TEST_F(MaatCmd, SubObject) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char *rule_table_name = "RULE_DEFAULT"; const char *object_group_table_name = "OBJECT_GROUP"; const char *scan_data1 = "www.v2ex.com/t/573028#程序员的核心竞争力是什么"; @@ -6473,7 +6473,7 @@ TEST_F(MaatCmd, SubObject) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6493,7 +6493,7 @@ TEST_F(MaatCmd, SubObject) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 2); @@ -6503,7 +6503,7 @@ TEST_F(MaatCmd, SubObject) { uuid_unparse(results[1], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6518,14 +6518,14 @@ TEST_F(MaatCmd, SubObject) { EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6545,14 +6545,14 @@ TEST_F(MaatCmd, SubObject) { EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6576,11 +6576,11 @@ TEST_F(MaatCmd, SubObject) { ret = expr_table_set_line(maat_inst, table_name, MAAT_OP_ADD, item2_uuid_str, object3_uuid_str, keyword2, EXPR_TYPE_AND, 0);/* EXPR_TYPE_AND MATCH_METHOD_SUB */ sleep(2); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data2, strlen(scan_data2), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data2, strlen(scan_data2), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6601,14 +6601,14 @@ TEST_F(MaatCmd, SubObject) { EXPECT_EQ(ret, 1); sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6618,7 +6618,7 @@ TEST_F(MaatCmd, SubObject) { TEST_F(MaatCmd, RefObject) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; const char* rule_table_name = "RULE_DEFAULT"; const char* scan_data1 = "m.facebook.com/help/2297503110373101?helpref=hc_nav&refid=69"; const char* keyword1 = "something-should-not-hit"; @@ -6646,7 +6646,7 @@ TEST_F(MaatCmd, RefObject) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = attribute_name; + and_condition.or_conditions[0].field_name = field_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object1_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6679,7 +6679,7 @@ TEST_F(MaatCmd, RefObject) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -6687,7 +6687,7 @@ TEST_F(MaatCmd, RefObject) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6695,11 +6695,11 @@ TEST_F(MaatCmd, RefObject) { state = NULL; } -TEST_F(MaatCmd, Attribute) { +TEST_F(MaatCmd, Field) { const char* rule_table_name = "RULE_DEFAULT"; const char* table_name="HTTP_SIGNATURE"; - const char *attribute_req_name = "HTTP_REQUEST_HEADER"; - const char *attribute_resp_name = "HTTP_RESPONSE_HEADER"; + const char *field_req_name = "HTTP_REQUEST_HEADER"; + const char *field_resp_name = "HTTP_RESPONSE_HEADER"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -6737,12 +6737,12 @@ TEST_F(MaatCmd, Attribute) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = attribute_req_name; + and_conditions[0].or_conditions[0].field_name = field_req_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = attribute_resp_name; + and_conditions[1].or_conditions[0].field_name = field_resp_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6757,16 +6757,16 @@ TEST_F(MaatCmd, Attribute) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, table_name, attribute_req_name, http_req_hdr_ua, + ret = maat_scan_string(maat_inst, table_name, field_req_name, http_req_hdr_ua, strlen(http_req_hdr_ua), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_req_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_req_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_string(maat_inst, table_name, attribute_resp_name, http_resp_hdr_cookie, + ret = maat_scan_string(maat_inst, table_name, field_resp_name, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -6775,7 +6775,7 @@ TEST_F(MaatCmd, Attribute) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_resp_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_resp_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -6786,7 +6786,7 @@ TEST_F(MaatCmd, Attribute) { rule1_uuid_str, and_conditions, 2, NULL, 0); and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = attribute_resp_name; + and_conditions[0].or_conditions[0].field_name = field_resp_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object2_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -6795,7 +6795,7 @@ TEST_F(MaatCmd, Attribute) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_resp_name, http_resp_hdr_cookie, + ret = maat_scan_string(maat_inst, table_name, field_resp_name, http_resp_hdr_cookie, strlen(http_resp_hdr_cookie), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -6803,7 +6803,7 @@ TEST_F(MaatCmd, Attribute) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_resp_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_resp_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7088,7 +7088,7 @@ TEST_F(MaatCmd, RuleEXData) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = "HTTP_URL"; + and_condition.or_conditions[0].field_name = "HTTP_URL"; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object_uuid_str; int ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -7502,9 +7502,9 @@ TEST_F(MaatCmd, UpdateBoolPlugin) { TEST_F(MaatCmd, ObjectInMassRules) { const char* rule_table_name = "RULE_DEFAULT"; const char* url_table_name = "HTTP_URL"; - const char* url_attribute_anme = "HTTP_URL"; + const char* url_field_anme = "HTTP_URL"; const char* appid_table_name = "APP_ID"; - const char* appid_attribute_name = "APP_ID"; + const char* appid_field_name = "APP_ID"; int thread_id = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -7551,12 +7551,12 @@ TEST_F(MaatCmd, ObjectInMassRules) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = url_attribute_anme; + and_conditions[0].or_conditions[0].field_name = url_field_anme; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = appid_attribute_name; + and_conditions[1].or_conditions[0].field_name = appid_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str; for (i = 0; i < RULE_ID_NUMS; i++) { @@ -7578,12 +7578,12 @@ TEST_F(MaatCmd, ObjectInMassRules) { struct maat_cmd_and_condition target_and_conditions[2]; target_and_conditions[0].negate_option = 0; target_and_conditions[0].or_condition_num = 1; - target_and_conditions[0].or_conditions[0].attribute_name = url_attribute_anme; + target_and_conditions[0].or_conditions[0].field_name = url_field_anme; target_and_conditions[0].or_conditions[0].object_num = 1; target_and_conditions[0].or_conditions[0].object_uuids_str[0] = object2_uuid_str; target_and_conditions[1].negate_option = 0; target_and_conditions[1].or_condition_num = 1; - target_and_conditions[1].or_conditions[0].attribute_name = appid_attribute_name; + target_and_conditions[1].or_conditions[0].field_name = appid_field_name; target_and_conditions[1].or_conditions[0].object_num = 1; target_and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -7598,15 +7598,15 @@ TEST_F(MaatCmd, ObjectInMassRules) { uuid_t results[4]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, url_table_name, url_attribute_anme, http_url2, strlen(http_url2), + ret = maat_scan_string(maat_inst, url_table_name, url_field_anme, http_url2, strlen(http_url2), results, 4, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_anme, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_anme, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_integer(maat_inst, appid_table_name, appid_attribute_name, 100, results, 4, + ret = maat_scan_integer(maat_inst, appid_table_name, appid_field_name, 100, results, 4, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -7614,26 +7614,26 @@ TEST_F(MaatCmd, ObjectInMassRules) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, target_rule_uuid_str); - ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_state_reset(state); - ret = maat_scan_string(maat_inst, url_table_name, url_attribute_anme, http_url1, strlen(http_url1), + ret = maat_scan_string(maat_inst, url_table_name, url_field_anme, http_url1, strlen(http_url1), results, 4, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, url_table_name, url_attribute_anme, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, url_table_name, url_field_anme, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_integer(maat_inst, appid_table_name, appid_attribute_name, 100, results, 4, + ret = maat_scan_integer(maat_inst, appid_table_name, appid_field_name, 100, results, 4, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 4); - ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, appid_table_name, appid_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -7648,7 +7648,7 @@ TEST_F(MaatCmd, HitObject) { const char *http_req_attr_name = "HTTP_REQUEST_HEADER"; const char *http_resp_attr_name = "HTTP_RESPONSE_HEADER"; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; + const char *ip_field_name = "IP_CONFIG"; const char *keywords_table_name = "KEYWORDS_TABLE"; const char *keywords_attr_name = "KEYWORDS"; int thread_id = 0, ret = 0; @@ -7686,12 +7686,12 @@ TEST_F(MaatCmd, HitObject) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = http_req_attr_name; + and_conditions[0].or_conditions[0].field_name = http_req_attr_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = http_resp_attr_name; + and_conditions[1].or_conditions[0].field_name = http_resp_attr_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -7800,7 +7800,7 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item1_uuid_str); uuid_unparse(hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(hit_objects[0].attribute_name, http_req_attr_name); + EXPECT_STREQ(hit_objects[0].field_name, http_req_attr_name); memset(hit_objects, 0, sizeof(hit_objects)); n_hit_object = maat_state_get_indirect_hit_object_cnt(state); @@ -7809,7 +7809,7 @@ TEST_F(MaatCmd, HitObject) { EXPECT_TRUE(uuid_is_null(hit_objects[0].item_uuid)); uuid_unparse(hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object11_uuid_str); - EXPECT_STREQ(hit_objects[0].attribute_name, http_req_attr_name); + EXPECT_STREQ(hit_objects[0].field_name, http_req_attr_name); size_t n_last_hit_object = maat_state_get_last_hit_object_cnt(state); struct maat_hit_object last_hit_objects[128]; @@ -7820,12 +7820,12 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item1_uuid_str); uuid_unparse(last_hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(last_hit_objects[0].attribute_name, http_req_attr_name); + EXPECT_STREQ(last_hit_objects[0].field_name, http_req_attr_name); EXPECT_TRUE(uuid_is_null(last_hit_objects[1].item_uuid)); uuid_unparse(last_hit_objects[1].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object11_uuid_str); - EXPECT_STREQ(last_hit_objects[1].attribute_name, http_req_attr_name); + EXPECT_STREQ(last_hit_objects[1].field_name, http_req_attr_name); ret = maat_scan_string(maat_inst, http_sig_table_name, http_resp_attr_name, http_resp_hdr_cookie, @@ -7848,7 +7848,7 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item2_uuid_str); uuid_unparse(hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); - EXPECT_STREQ(hit_objects[0].attribute_name, http_resp_attr_name); + EXPECT_STREQ(hit_objects[0].field_name, http_resp_attr_name); memset(hit_objects, 0, sizeof(hit_objects)); n_hit_object = maat_state_get_indirect_hit_object_cnt(state); @@ -7857,7 +7857,7 @@ TEST_F(MaatCmd, HitObject) { EXPECT_TRUE(uuid_is_null(hit_objects[0].item_uuid)); uuid_unparse(hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_objects[0].attribute_name, http_resp_attr_name); + EXPECT_STREQ(hit_objects[0].field_name, http_resp_attr_name); n_last_hit_object = maat_state_get_last_hit_object_cnt(state); maat_state_get_last_hit_objects(state, last_hit_objects, 128); @@ -7867,12 +7867,12 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item2_uuid_str); uuid_unparse(last_hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); - EXPECT_STREQ(last_hit_objects[0].attribute_name, http_resp_attr_name); + EXPECT_STREQ(last_hit_objects[0].field_name, http_resp_attr_name); EXPECT_TRUE(uuid_is_null(last_hit_objects[1].item_uuid)); uuid_unparse(last_hit_objects[1].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(last_hit_objects[1].attribute_name, http_resp_attr_name); + EXPECT_STREQ(last_hit_objects[1].field_name, http_resp_attr_name); const char* keywords1="In graph theory, hit object item forth"; const char *keywords2="To test one object hit object item fifth"; @@ -7886,7 +7886,7 @@ TEST_F(MaatCmd, HitObject) { uint32_t ip_addr; inet_pton(AF_INET, "220.181.38.150", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); @@ -7902,13 +7902,13 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item4_uuid_str); uuid_unparse(hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object4_uuid_str); - EXPECT_STREQ(hit_objects[0].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_objects[0].field_name, keywords_attr_name); uuid_unparse(hit_objects[1].item_uuid, uuid_str); EXPECT_STREQ(uuid_str, item3_uuid_str); uuid_unparse(hit_objects[1].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object3_uuid_str); - EXPECT_STREQ(hit_objects[1].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_objects[1].field_name, ip_field_name); ret = maat_stream_scan(stream, keywords2, strlen(keywords2), results, ARRAY_SIZE, &n_hit_result, state); @@ -7926,7 +7926,7 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item5_uuid_str); uuid_unparse(hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(hit_objects[0].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_objects[0].field_name, keywords_attr_name); n_last_hit_object = maat_state_get_last_hit_object_cnt(state); maat_state_get_last_hit_objects(state, last_hit_objects, 128); @@ -7936,12 +7936,12 @@ TEST_F(MaatCmd, HitObject) { EXPECT_STREQ(uuid_str, item5_uuid_str); uuid_unparse(last_hit_objects[0].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(last_hit_objects[0].attribute_name, keywords_attr_name); + EXPECT_STREQ(last_hit_objects[0].field_name, keywords_attr_name); EXPECT_TRUE(uuid_is_null(last_hit_objects[1].item_uuid)); uuid_unparse(last_hit_objects[1].object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object11_uuid_str); - EXPECT_STREQ(last_hit_objects[1].attribute_name, keywords_attr_name); + EXPECT_STREQ(last_hit_objects[1].field_name, keywords_attr_name); maat_stream_free(stream); maat_state_free(state); @@ -7955,7 +7955,7 @@ TEST_F(MaatCmd, HitPathBasic) { const char *http_req_attr_name = "HTTP_REQUEST_HEADER"; const char *http_resp_attr_name = "HTTP_RESPONSE_HEADER"; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; + const char *ip_field_name = "IP_CONFIG"; const char *keywords_table_name = "KEYWORDS_TABLE"; const char *keywords_attr_name = "KEYWORDS"; int thread_id = 0, ret = 0; @@ -7990,12 +7990,12 @@ TEST_F(MaatCmd, HitPathBasic) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = http_req_attr_name; + and_conditions[0].or_conditions[0].field_name = http_req_attr_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = http_resp_attr_name; + and_conditions[1].or_conditions[0].field_name = http_resp_attr_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; snprintf(rule1_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule1_id); @@ -8100,7 +8100,7 @@ TEST_F(MaatCmd, HitPathBasic) { EXPECT_STREQ(uuid_str, object1_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object11_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_req_attr_name); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); path_idx++; @@ -8110,7 +8110,7 @@ TEST_F(MaatCmd, HitPathBasic) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_req_attr_name); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); Nth_scan++; @@ -8163,7 +8163,7 @@ TEST_F(MaatCmd, HitPathBasic) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_resp_attr_name); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8175,7 +8175,7 @@ TEST_F(MaatCmd, HitPathBasic) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_resp_attr_name); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); const char* keywords1="In graph theory, a path in a graph is a finite or infinite \ @@ -8209,18 +8209,18 @@ that the edges be all directed in the same direction."; uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object4_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); Nth_scan++; uint32_t ip_addr; inet_pton(AF_INET, "220.181.38.148", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -8238,7 +8238,7 @@ that the edges be all directed in the same direction."; uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object3_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); Nth_scan++; @@ -8264,7 +8264,7 @@ that the edges be all directed in the same direction."; uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object4_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); maat_stream_free(stream); @@ -8290,7 +8290,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { const char *object_group_table_name = "OBJECT_GROUP"; const char *rule_table_name = "RULE_DEFAULT"; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; + const char *ip_field_name = "IP_CONFIG"; const char *keywords_table_name = "KEYWORDS_TABLE"; const char *keywords_attr_name = "KEYWORDS"; int thread_id = 0, ret = 0; @@ -8326,12 +8326,12 @@ TEST_F(MaatCmd, HitPathAdvanced) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = keywords_attr_name; + and_conditions[0].or_conditions[0].field_name = keywords_attr_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = keywords_attr_name; + and_conditions[1].or_conditions[0].field_name = keywords_attr_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -8385,12 +8385,12 @@ TEST_F(MaatCmd, HitPathAdvanced) { snprintf(rule2_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule2_id); and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = keywords_attr_name; + and_conditions[0].or_conditions[0].field_name = keywords_attr_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object21_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].field_name = ip_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object3_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -8430,12 +8430,12 @@ TEST_F(MaatCmd, HitPathAdvanced) { snprintf(rule3_uuid_str, UUID_STR_LEN, "00000000-0000-0000-0000-%012lld", rule3_id); and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[0].or_conditions[0].field_name = ip_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object3_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = keywords_attr_name; + and_conditions[1].or_conditions[0].field_name = keywords_attr_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object4_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -8470,7 +8470,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, -1); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -8493,7 +8493,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object1_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8507,7 +8507,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 1); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8520,14 +8520,14 @@ TEST_F(MaatCmd, HitPathAdvanced) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, -1); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); uint32_t ip_addr; inet_pton(AF_INET, "220.181.38.168", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -8546,7 +8546,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object1_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8560,7 +8560,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); @@ -8573,7 +8573,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, -1); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -8586,7 +8586,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object3_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object3_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name); EXPECT_EQ(hit_path[path_idx].condition_index, 1); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); @@ -8600,7 +8600,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 1); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8626,7 +8626,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object1_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8640,7 +8640,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); @@ -8653,7 +8653,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, -1); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -8666,7 +8666,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object3_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object3_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name); EXPECT_EQ(hit_path[path_idx].condition_index, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule3_uuid_str); @@ -8680,7 +8680,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object4_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object4_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 1); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule3_uuid_str); @@ -8694,7 +8694,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object3_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object3_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name); EXPECT_EQ(hit_path[path_idx].condition_index, 1); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); @@ -8708,7 +8708,7 @@ TEST_F(MaatCmd, HitPathAdvanced) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].condition_index, 1); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8724,7 +8724,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { const char *http_req_attr_name = "HTTP_REQUEST_HEADER"; const char *http_resp_attr_name = "HTTP_RESPONSE_HEADER"; const char *ip_table_name = "IP_CONFIG"; - const char *ip_attribute_name = "IP_CONFIG"; + const char *ip_field_name = "IP_CONFIG"; const char *keywords_table_name = "KEYWORDS_TABLE"; const char *keywords_attr_name = "KEYWORDS"; int thread_id = 0, ret = 0; @@ -8759,12 +8759,12 @@ TEST_F(MaatCmd, HitPathHasNotObject) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 1; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = http_req_attr_name; + and_conditions[0].or_conditions[0].field_name = http_req_attr_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = http_resp_attr_name; + and_conditions[1].or_conditions[0].field_name = http_resp_attr_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -8867,7 +8867,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { EXPECT_STREQ(uuid_str, object1_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object11_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_req_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 1); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -8877,7 +8877,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object1_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_req_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_req_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 1); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -8932,7 +8932,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { EXPECT_STREQ(uuid_str, object2_uuid_str); uuid_unparse(hit_path[path_idx].top_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object21_uuid_str); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_resp_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); uuid_unparse(hit_path[path_idx].rule_uuid, uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); @@ -8945,7 +8945,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object2_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, http_resp_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, http_resp_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -8979,18 +8979,18 @@ TEST_F(MaatCmd, HitPathHasNotObject) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object4_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); Nth_scan++; uint32_t ip_addr; inet_pton(AF_INET, "220.181.38.158", &ip_addr); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9008,7 +9008,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object3_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, ip_attribute_name); + EXPECT_STREQ(hit_path[path_idx].field_name, ip_field_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -9035,7 +9035,7 @@ TEST_F(MaatCmd, HitPathHasNotObject) { uuid_unparse(hit_path[path_idx].sub_object_uuid, uuid_str); EXPECT_STREQ(uuid_str, object4_uuid_str); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].top_object_uuid) == 1); - EXPECT_STREQ(hit_path[path_idx].attribute_name, keywords_attr_name); + EXPECT_STREQ(hit_path[path_idx].field_name, keywords_attr_name); EXPECT_EQ(hit_path[path_idx].negate_option, 0); EXPECT_TRUE(uuid_is_null(hit_path[path_idx].rule_uuid) == 1); @@ -9081,7 +9081,7 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) { struct maat_cmd_and_condition and_condition; and_condition.negate_option = 0; and_condition.or_condition_num = 1; - and_condition.or_conditions[0].attribute_name = http_resp_attr_name; + and_condition.or_conditions[0].field_name = http_resp_attr_name; and_condition.or_conditions[0].object_num = 1; and_condition.or_conditions[0].object_uuids_str[0] = object52_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9161,9 +9161,9 @@ TEST_F(MaatCmd, SameSuperObjectRefByMultiRule) { TEST_F(MaatCmd, ObjectEdit) { const char *rule_table_name = "RULE_DEFAULT"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; const char *app_id_table_name = "APP_ID"; - const char *app_id_attribute_name = "APP_ID"; + const char *app_id_field_name = "APP_ID"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9199,12 +9199,12 @@ TEST_F(MaatCmd, ObjectEdit) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[0].or_conditions[0].field_name = ip_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object11_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = app_id_attribute_name; + and_conditions[1].or_conditions[0].field_name = app_id_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object21_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9219,20 +9219,20 @@ TEST_F(MaatCmd, ObjectEdit) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); int scan_app_id = 42; - ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, results, + ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_field_name, scan_app_id, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9253,12 +9253,12 @@ TEST_F(MaatCmd, ObjectEdit) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, results, + ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_field_name, scan_app_id, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -9266,7 +9266,7 @@ TEST_F(MaatCmd, ObjectEdit) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9287,19 +9287,19 @@ TEST_F(MaatCmd, ObjectEdit) { sleep(WAIT_FOR_EFFECTIVE_S); memset(results, 0, sizeof(results)); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_attribute_name, scan_app_id, results, + ret = maat_scan_integer(maat_inst, app_id_table_name, app_id_field_name, scan_app_id, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, app_id_table_name, app_id_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9310,7 +9310,7 @@ TEST_F(MaatCmd, ObjectEdit) { TEST_F(MaatCmd, RuleDelete_TSG6548) { const char* rule_table_name = "RULE_DEFAULT"; const char* ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9333,7 +9333,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { struct maat_cmd_and_condition and_conditions[1]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[0].or_conditions[0].field_name = ip_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object11_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9351,7 +9351,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { int table_id = maat_get_table_id(maat_inst, ip_table_name); ASSERT_GT(table_id, 0); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -9359,7 +9359,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9372,7 +9372,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { time_t update_time = time(NULL); time_t now = update_time; while (now - update_time < 3) { - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); if (ret == MAAT_SCAN_HIT) { hit_cnt++; @@ -9393,7 +9393,7 @@ TEST_F(MaatCmd, RuleDelete_TSG6548) { TEST_F(MaatCmd, UpdateDeadLockDetection) { const char* rule_table_name = "RULE_DEFAULT"; const char* table_http_url = "HTTP_URL"; - const char *attribute_http_url = "HTTP_URL"; + const char *field_http_url = "HTTP_URL"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9417,7 +9417,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { struct maat_cmd_and_condition and_conditions[1]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = attribute_http_url; + and_conditions[0].or_conditions[0].field_name = field_http_url; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9432,7 +9432,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - ret = maat_scan_string(maat_inst, table_http_url, attribute_http_url, scan_data1, strlen(scan_data1), + ret = maat_scan_string(maat_inst, table_http_url, field_http_url, scan_data1, strlen(scan_data1), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -9440,7 +9440,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, table_http_url, attribute_http_url, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_http_url, field_http_url, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9475,12 +9475,12 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { sleep(10); memset(results, 0, sizeof(results)); - ret = maat_scan_string(maat_inst, table_http_url, attribute_http_url, scan_data2, strlen(scan_data2), + ret = maat_scan_string(maat_inst, table_http_url, field_http_url, scan_data2, strlen(scan_data2), results, ARRAY_SIZE, &n_hit_result, state); //After full update, condition ids are re-orgnized, therefore mid are not compatible to the new scanner (hierarchy). EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, table_http_url, attribute_http_url, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_http_url, field_http_url, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9491,7 +9491,7 @@ TEST_F(MaatCmd, UpdateDeadLockDetection) { TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { const char* rule_table_name = "RULE_DEFAULT"; const char* scan_table_name = "KEYWORDS_TABLE"; - const char *scan_attribute_name = "KEYWORDS_TABLE"; + const char *scan_field_name = "KEYWORDS_TABLE"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9507,7 +9507,7 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { struct maat_cmd_and_condition and_conditions[1]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = scan_attribute_name; + and_conditions[0].or_conditions[0].field_name = scan_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9520,12 +9520,12 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_attribute_name, state); + struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_field_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9547,13 +9547,13 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); - ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); maat_stream_free(stream); - stream = maat_stream_new(maat_inst, scan_table_name, scan_attribute_name, state); + stream = maat_stream_new(maat_inst, scan_table_name, scan_field_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -9562,7 +9562,7 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9574,7 +9574,7 @@ TEST_F(MaatCmd, StreamScanWhenExprTableIncUpdate) { TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { const char* rule_table_name = "RULE_DEFAULT"; const char* scan_table_name = "KEYWORDS_TABLE"; - const char *scan_attribute_name = "KEYWORDS_TABLE"; + const char *scan_field_name = "KEYWORDS_TABLE"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9598,7 +9598,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { struct maat_cmd_and_condition and_conditions[1]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = scan_attribute_name; + and_conditions[0].or_conditions[0].field_name = scan_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9611,7 +9611,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { uuid_t results[ARRAY_SIZE]; size_t n_hit_result = 0; - struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_attribute_name, state); + struct maat_stream *stream = maat_stream_new(maat_inst, scan_table_name, scan_field_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -9620,7 +9620,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9637,7 +9637,7 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); //Scan was interupted after full update. - ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, scan_table_name, scan_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9649,9 +9649,9 @@ TEST_F(MaatCmd, StreamScanSegfaultWhenVersionRollBack_TSG6324) { TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { const char *rule_table_name = "RULE_DEFAULT"; const char *expr_table_name = "KEYWORDS_TABLE"; - const char *expr_attribute_name = "KEYWORDS_TABLE"; + const char *expr_field_name = "KEYWORDS_TABLE"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9689,12 +9689,12 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name; + and_conditions[0].or_conditions[0].field_name = expr_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].field_name = ip_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9713,11 +9713,11 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { int table_id = maat_get_table_id(maat_inst, ip_table_name); ASSERT_GT(table_id, 0); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9733,7 +9733,7 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { const char *scan_data = "Here is a stream-keywords-003, this should hit."; - struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_attribute_name, state); + struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_field_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); @@ -9742,21 +9742,21 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); /* becase rule1_id has been returned, maat_scan_xx will not return duplicate rule_id again */ - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9768,9 +9768,9 @@ TEST_F(MaatCmd, IPAndStreamScanWhenIncUpdate) { TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { const char *rule_table_name = "RULE_DEFAULT"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; const char *expr_table_name = "KEYWORDS_TABLE"; - const char *expr_attribute_name = "KEYWORDS_TABLE"; + const char *expr_field_name = "KEYWORDS_TABLE"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; struct maat_state *state = maat_state_new(maat_inst, thread_id); @@ -9809,12 +9809,12 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name; + and_conditions[0].or_conditions[0].field_name = expr_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].field_name = ip_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9830,11 +9830,11 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { ret = inet_pton(AF_INET, ip_str, &ip_addr); EXPECT_EQ(ret, 1); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9847,12 +9847,12 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { const char *scan_data = "Here is a stream-keywords-004, this should hit."; - struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_attribute_name, state); + struct maat_stream *stream = maat_stream_new(maat_inst, expr_table_name, expr_field_name, state); ret = maat_stream_scan(stream, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9860,11 +9860,11 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { After full updating, new rule_rt version is different from that of maat_state, so MAAT_SCAN_HIT will never happen. */ - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9876,9 +9876,9 @@ TEST_F(MaatCmd, IPAndStreamScanWhenFullUpdate) { TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { const char *rule_table_name = "RULE_DEFAULT"; const char *expr_table_name = "HTTP_URL"; - const char *expr_attribute_name = "HTTP_URL"; + const char *expr_field_name = "HTTP_URL"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; const char *keywords = "IP&stringinc"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; @@ -9917,12 +9917,12 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name; + and_conditions[0].or_conditions[0].field_name = expr_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].field_name = ip_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -9938,11 +9938,11 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { ret = inet_pton(AF_INET, ip_str, &ip_addr); EXPECT_EQ(ret, 1); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, ARRAY_SIZE, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9958,7 +9958,7 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { const char *scan_data = "Here is a IP and stringinc, this should hit."; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -9966,21 +9966,21 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule1_uuid_str); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); /* becase rule1_id has been returned, maat_scan_xx will not return duplicate rule_id again */ - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, rule2_uuid_str); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -9991,9 +9991,9 @@ TEST_F(MaatCmd, IPAndStringScanWhenIncUpdate) { TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { const char *rule_table_name = "RULE_DEFAULT"; const char *ip_table_name = "IP_PLUS_CONFIG"; - const char *ip_attribute_name = "IP_PLUS_CONFIG"; + const char *ip_field_name = "IP_PLUS_CONFIG"; const char *expr_table_name = "HTTP_URL"; - const char *expr_attribute_name = "HTTP_URL"; + const char *expr_field_name = "HTTP_URL"; const char *keywords = "IP&string"; int thread_id = 0, ret = 0; struct maat *maat_inst = MaatCmd::_shared_maat_inst; @@ -10032,12 +10032,12 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { struct maat_cmd_and_condition and_conditions[2]; and_conditions[0].negate_option = 0; and_conditions[0].or_condition_num = 1; - and_conditions[0].or_conditions[0].attribute_name = expr_attribute_name; + and_conditions[0].or_conditions[0].field_name = expr_field_name; and_conditions[0].or_conditions[0].object_num = 1; and_conditions[0].or_conditions[0].object_uuids_str[0] = object1_uuid_str; and_conditions[1].negate_option = 0; and_conditions[1].or_condition_num = 1; - and_conditions[1].or_conditions[0].attribute_name = ip_attribute_name; + and_conditions[1].or_conditions[0].field_name = ip_field_name; and_conditions[1].or_conditions[0].object_num = 1; and_conditions[1].or_conditions[0].object_uuids_str[0] = object2_uuid_str; ret = rule_table_set_line(maat_inst, rule_table_name, MAAT_OP_ADD, @@ -10053,11 +10053,11 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { ret = inet_pton(AF_INET, ip_str, &ip_addr); EXPECT_EQ(ret, 1); - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10070,11 +10070,11 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { const char *scan_data = "scan IP and string, this should hit."; - ret = maat_scan_string(maat_inst, expr_table_name, expr_attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, expr_table_name, expr_field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, expr_table_name, expr_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10082,11 +10082,11 @@ TEST_F(MaatCmd, IPAndStringScanWhenFullupdate) { After full updating, new rule_rt version is different from that of maat_state, so MAAT_SCAN_HIT will never happen. */ - ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_attribute_name, ip_addr, results, + ret = maat_scan_ipv4(maat_inst, ip_table_name, ip_field_name, ip_addr, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HALF_HIT); - ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, ip_table_name, ip_field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10231,7 +10231,7 @@ rollback_redis_version(redisContext *c, struct log_handle *logger) TEST_F(MaatRollback, FullConfigRollback) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = MaatRollback::_shared_maat_inst; struct log_handle *logger = MaatRollback::logger; @@ -10242,7 +10242,7 @@ TEST_F(MaatRollback, FullConfigRollback) { const char *scan_data = "http://www.cyberessays.com/search_results.php?" "action=search&query=username,abckkk,1234567"; - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -10250,7 +10250,7 @@ TEST_F(MaatRollback, FullConfigRollback) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10275,14 +10275,14 @@ TEST_F(MaatRollback, FullConfigRollback) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10292,7 +10292,7 @@ TEST_F(MaatRollback, FullConfigRollback) { TEST_F(MaatRollback, FullConfigRollbackWhenScanUnfinished) { const char *table_name = "HTTP_URL"; - const char *attribute_name = "HTTP_URL"; + const char *field_name = "HTTP_URL"; struct maat *maat_inst = MaatRollback::_shared_maat_inst; struct log_handle *logger = MaatRollback::logger; @@ -10303,7 +10303,7 @@ TEST_F(MaatRollback, FullConfigRollbackWhenScanUnfinished) { const char *scan_data = "http://www.cyberessays.com/search_results.php?" "action=search&query=username,abckkk,1234567"; - int ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + int ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); @@ -10311,7 +10311,7 @@ TEST_F(MaatRollback, FullConfigRollbackWhenScanUnfinished) { uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); @@ -10336,14 +10336,14 @@ TEST_F(MaatRollback, FullConfigRollbackWhenScanUnfinished) { sleep(WAIT_FOR_EFFECTIVE_S); - ret = maat_scan_string(maat_inst, table_name, attribute_name, scan_data, strlen(scan_data), + ret = maat_scan_string(maat_inst, table_name, field_name, scan_data, strlen(scan_data), results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_HIT); EXPECT_EQ(n_hit_result, 1); uuid_unparse(results[0], uuid_str); EXPECT_STREQ(uuid_str, "00000000-0000-0000-0000-000000000125"); - ret = maat_scan_not_logic(maat_inst, table_name, attribute_name, results, ARRAY_SIZE, + ret = maat_scan_not_logic(maat_inst, table_name, field_name, results, ARRAY_SIZE, &n_hit_result, state); EXPECT_EQ(ret, MAAT_SCAN_OK); |