TSG-13934: 扫描APP命中monitor策略后，扫描IP+APP命中intercept策略，未正常执行intercept动作v5.10.6

1 files changed, 94 insertions, 0 deletions

diff --git a/test/src/gtest_master.cpp b/test/src/gtest_master.cpp
index 0a0a38c..8ed6731 100644
--- a/test/src/gtest_master.cpp
+++ b/test/src/gtest_master.cpp
@@ -344,6 +344,100 @@ TEST(TSGMaster, SecurityDuplicatePolicyMultipleNotify)
 	EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id));
 }
 
+extern void set_security_result_to_project(const struct streaminfo *a_stream, struct Maat_rule_t *p_result, int p_result_num, PULL_RESULT_TYPE result_type, int thread_seq);
+
+TEST(TSGMaster, SecurityPolicyIntercept)
+{
+	const struct streaminfo a_stream={0};
+	struct Maat_rule_t security_result[MAX_RESULT_NUM]={0};
+	struct identify_info identify_info;
+
+	security_result[1].action=TSG_ACTION_INTERCEPT;
+	security_result[1].config_id=TSG_ACTION_INTERCEPT;
+
+	// Set Intercept
+	set_security_result_to_project((struct streaminfo *)&a_stream, &security_result[1], 1, PULL_KNI_RESULT, 0);
+
+	int ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_FW_RESULT, &(security_result[2]), 1, &identify_info);
+	EXPECT_EQ(0, ret);
+
+	ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_KNI_RESULT, &(security_result[2]), 1, &identify_info);
+	EXPECT_EQ(1, ret);
+	EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].action);
+	EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].config_id);
+	
+	ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_ALL_RESULT, &(security_result[2]), 1, &identify_info);
+	EXPECT_EQ(1, ret);
+	EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].action);
+	EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].config_id);
+
+	struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
+	EXPECT_NE(nullptr, priority_label);	
+	EXPECT_EQ(1, priority_label->security_result_num);
+	EXPECT_EQ(TSG_ACTION_INTERCEPT, priority_label->security_result[0].action);
+	EXPECT_EQ(TSG_ACTION_INTERCEPT, priority_label->security_result[0].config_id);
+
+	free_policy_label(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label);
+	stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, NULL);
+	EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id));
+}
+
+
+TEST(TSGMaster, SecurityMultiplePolicyMonitorToIntercept)
+{
+	const struct streaminfo a_stream={0};
+	struct Maat_rule_t security_result[MAX_RESULT_NUM]={0};
+	struct identify_info identify_info;
+
+	security_result[0].action=TSG_ACTION_MONITOR;
+	security_result[0].config_id=TSG_ACTION_MONITOR;
+
+	security_result[1].action=TSG_ACTION_INTERCEPT;
+	security_result[1].config_id=TSG_ACTION_INTERCEPT;
+
+	// First Monitor, second Intercpt
+	tsg_notify_hited_security_result(&a_stream, &security_result[0], 1, 0);
+
+	int ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_KNI_RESULT, &(security_result[2]), 1, &identify_info);
+	EXPECT_EQ(0, ret);
+	
+	ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_FW_RESULT, &(security_result[2]), 1, &identify_info);
+	EXPECT_EQ(1, ret);
+	EXPECT_EQ(TSG_ACTION_MONITOR, security_result[2].action);
+	EXPECT_EQ(TSG_ACTION_MONITOR, security_result[2].config_id);
+
+	ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_ALL_RESULT, &(security_result[2]), 1, &identify_info);
+	EXPECT_EQ(1, ret);
+	EXPECT_EQ(TSG_ACTION_MONITOR, security_result[2].action);
+	EXPECT_EQ(TSG_ACTION_MONITOR, security_result[2].config_id);
+
+	// Set Intercept
+	set_security_result_to_project((struct streaminfo *)&a_stream, &security_result[1], 1, PULL_KNI_RESULT, 0);
+
+	ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_FW_RESULT, &(security_result[2]), 1, &identify_info);
+	EXPECT_EQ(0, ret);
+
+	ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_KNI_RESULT, &(security_result[2]), 1, &identify_info);
+	EXPECT_EQ(1, ret);
+	EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].action);
+	EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].config_id);
+	
+	ret=tsg_pull_policy_result((struct streaminfo *)&a_stream, PULL_ALL_RESULT, &(security_result[2]), 1, &identify_info);
+	EXPECT_EQ(1, ret);
+	EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].action);
+	EXPECT_EQ(TSG_ACTION_INTERCEPT, security_result[2].config_id);
+
+	struct policy_priority_label *priority_label=(struct policy_priority_label *)tsg_get_xxx_from_bridge(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id);
+	EXPECT_NE(nullptr, priority_label);	
+	EXPECT_EQ(1, priority_label->security_result_num);
+	EXPECT_EQ(TSG_ACTION_INTERCEPT, priority_label->security_result[0].action);
+	EXPECT_EQ(TSG_ACTION_INTERCEPT, priority_label->security_result[0].config_id);
+
+	free_policy_label(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, (void *)priority_label);
+	stream_bridge_async_data_put(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id, NULL);
+	EXPECT_EQ(nullptr, stream_bridge_async_data_get(&a_stream, g_tsg_para.bridge[BRIDGE_TYPE_POLICY_PRIORITY].id));
+}
+
 int main(int argc, char *argv[])
 {
 	TSG_MASTER_INIT();