summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/adapter_hs_gtest.cpp42
-rw-r--r--test/maat_json.json27
-rw-r--r--test/regex_expr.conf51
3 files changed, 115 insertions, 5 deletions
diff --git a/test/adapter_hs_gtest.cpp b/test/adapter_hs_gtest.cpp
index 55a5f2f..d1e8825 100644
--- a/test/adapter_hs_gtest.cpp
+++ b/test/adapter_hs_gtest.cpp
@@ -79,6 +79,21 @@ static size_t hex2bin(char *hex, int hex_len, char *binary, size_t size)
return resultlen;
}
+enum hs_pattern_type pattern_type_str_to_enum(const char *str)
+{
+ enum hs_pattern_type pattern_type = HS_PATTERN_TYPE_MAX;
+
+ if (strcmp(str, "regex") == 0) {
+ pattern_type = HS_PATTERN_TYPE_REG;
+ } else if (strcmp(str, "literal") == 0) {
+ pattern_type = HS_PATTERN_TYPE_STR;
+ } else {
+ assert(0);
+ }
+
+ return pattern_type;
+}
+
int parse_config_file(const char *filename, struct expr_rule exprs[], size_t *n_expr)
{
unsigned char *json_buff = NULL;
@@ -129,7 +144,13 @@ int parse_config_file(const char *filename, struct expr_rule exprs[], size_t *n_
size_t pattern_cnt = cJSON_GetArraySize(tmp_item);
for (size_t j = 0; j < pattern_cnt; j++) {
cJSON *pat_item = cJSON_GetArrayItem(tmp_item, j);
- cJSON *item = cJSON_GetObjectItem(pat_item, "match_method");
+
+ cJSON *item = cJSON_GetObjectItem(pat_item, "pattern_type");
+ if (item != NULL && item->type == cJSON_String) {
+ exprs[i].patterns[j].pattern_type = pattern_type_str_to_enum(item->valuestring);
+ }
+
+ item = cJSON_GetObjectItem(pat_item, "match_method");
if (item != NULL && item->type == cJSON_String) {
exprs[i].patterns[j].match_mode = match_method_to_match_mode(item->valuestring);
}
@@ -146,7 +167,7 @@ int parse_config_file(const char *filename, struct expr_rule exprs[], size_t *n_
item = cJSON_GetObjectItem(pat_item, "pattern");
if (item != NULL && item->type == cJSON_String) {
- exprs[i].patterns[j].pat = ALLOC(char, strlen(item->valuestring));
+ exprs[i].patterns[j].pat = ALLOC(char, strlen(item->valuestring) + 1);
if (exprs[i].patterns[j].is_hexbin == 1) {
size_t pat_str_len = strlen(item->valuestring) + 1;
@@ -678,6 +699,23 @@ that the edges be all directed in the same direction.";
hs_instance = NULL;
}
+TEST(adapter_hs_scan, regex_expression_check)
+{
+ struct expr_rule rules[64] = {0};
+ size_t n_rule = 0;
+
+ int ret = parse_config_file("./regex_expr.conf", rules, &n_rule);
+ EXPECT_EQ(ret, 0);
+
+ for (size_t i = 0; i < n_rule; i++) {
+ for (size_t j = 0; j < rules[i].n_patterns; j++) {
+ adapter_hs_verify_regex_expression(rules[i].patterns[j].pat, g_logger);
+ }
+ }
+
+ expr_array_free(rules, n_rule);
+}
+
int main(int argc, char **argv)
{
int ret = 0;
diff --git a/test/maat_json.json b/test/maat_json.json
index 425019f..9575c27 100644
--- a/test/maat_json.json
+++ b/test/maat_json.json
@@ -2809,6 +2809,33 @@
]
}
]
+ },
+ {
+ "compile_id": 205,
+ "service": 0,
+ "action": 0,
+ "do_blacklist": 0,
+ "do_log": 0,
+ "effective_rage": 0,
+ "user_region": "StringScan.RegexExpressionIllegal",
+ "is_valid": "yes",
+ "groups": [
+ {
+ "regions": [
+ {
+ "table_type": "expr",
+ "table_name": "KEYWORDS_TABLE",
+ "table_content": {
+ "keywords": "123^456",
+ "expr_type": "regex",
+ "format": "uncase plain",
+ "match_method": "sub"
+ }
+ }
+ ],
+ "group_name": "Untitled"
+ }
+ ]
}
],
"plugin_table": [
diff --git a/test/regex_expr.conf b/test/regex_expr.conf
index 2fcc7ef..325e89e 100644
--- a/test/regex_expr.conf
+++ b/test/regex_expr.conf
@@ -1,10 +1,11 @@
{
"expr_rules": [
{
- "expr_id": 301,
+ "rule_id": 301,
"pattern_num": 1,
"patterns": [
{
+ "pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -13,16 +14,18 @@
]
},
{
- "expr_id": 302,
+ "rule_id": 302,
"pattern_num": 2,
"patterns": [
{
+ "pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "[0-9]today"
},
{
+ "pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -31,16 +34,18 @@
]
},
{
- "expr_id": 303,
+ "rule_id": 303,
"pattern_num": 2,
"patterns": [
{
+ "pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
"pattern": "Cookie:\\s"
},
{
+ "pattern_type": "regex",
"match_method": "sub",
"case_sensitive": "yes",
"is_hexbin": "no",
@@ -48,5 +53,45 @@
}
]
},
+ {
+ "rule_id": 304,
+ "pattern_num": 2,
+ "patterns": [
+ {
+ "pattern_type": "regex",
+ "match_method": "sub",
+ "case_sensitive": "no",
+ "is_hexbin": "no",
+ "pattern": "123^abc"
+ },
+ {
+ "pattern_type": "regex",
+ "match_method": "sub",
+ "case_sensitive": "no",
+ "is_hexbin": "no",
+ "pattern": "^123"
+ }
+ ]
+ },
+ {
+ "rule_id": 305,
+ "pattern_num": 2,
+ "patterns": [
+ {
+ "pattern_type": "regex",
+ "match_method": "sub",
+ "case_sensitive": "no",
+ "is_hexbin": "no",
+ "pattern": "^123"
+ },
+ {
+ "pattern_type": "regex",
+ "match_method": "sub",
+ "case_sensitive": "no",
+ "is_hexbin": "no",
+ "pattern": "123^abc"
+ }
+ ]
+ }
]
} \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 17:43:24 +0000