diff options
Diffstat (limited to 'demo1/main.c')
| -rw-r--r-- | demo1/main.c | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/demo1/main.c b/demo1/main.c new file mode 100644 index 0000000..266edf1 --- /dev/null +++ b/demo1/main.c @@ -0,0 +1,57 @@ +#include "maat.h" +#include "stdio.h" +#include <assert.h> +#include <stddef.h> +#include <string.h> + +#define ARRAY_SIZE 16 + +const char *json_filename = "/root/Git/demo/demo1/maat_json.json"; +const char *table_info_path = "/root/Git/demo/demo1/table_info.conf"; + +int main() +{ + // 输出 pwd + // char pwd[1024] = {0}; + // getcwd(pwd, sizeof(pwd)); + // printf("pwd: %s\n", pwd); + + /* initialize maat options which will be used by maat_new() */ + struct maat_options *opts = maat_options_new(); + maat_options_set_json_file(opts, json_filename); + maat_options_set_logger(opts, "/root/Git/demo/demo1/sample_test.log", LOG_LEVEL_TRACE); + + /* create maat instance, rules in table_info.conf will be loaded. */ + struct maat *maat_instance = maat_new(opts, table_info_path); + assert(maat_instance != NULL); + maat_options_free(opts); + + const char *table_name = "HTTP_URL"; /* maat_json.json has HTTP_URL rule */ + int table_id = maat_get_table_id(maat_instance, table_name); + assert(table_id == 3); /* defined in table_info.conf */ + + int thread_id = 0; + long long results[ARRAY_SIZE] = {0}; + size_t n_hit_result = 0; + + /* store scanning intermediate state */ + struct maat_state *state = maat_state_new(maat_instance, thread_id); + assert(state != NULL); + + // const char *scan_data = "Hello Maat, nice to meet you"; + const char *scan_data = "Hello Maat, nice to meet you"; + + /** + * Becase maat instance has loaded rule in table_info.conf which keywords is "Hello Maat", + so maat_scan_string should return hit flag and rule's compile_id stored in results array. + */ + int ret = maat_scan_string(maat_instance, table_id, scan_data, strlen(scan_data), results, ARRAY_SIZE, + &n_hit_result, state); + assert(ret == MAAT_SCAN_HIT); + assert(n_hit_result == 1); + assert(results[0] == 123); + + maat_state_free(state); + + return 0; +} |