1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
#include "maat.h"
#include "stdio.h"
#include <assert.h>
#include <stddef.h>
#include <string.h>
#define ARRAY_SIZE 16
const char *json_filename = "/root/Git/demo/demo3/maat_json.json";
const char *table_info_path = "/root/Git/demo/demo3/table_info.conf";
int main()
{
// 输出 pwd
// char pwd[1024] = {0};
// getcwd(pwd, sizeof(pwd));
// printf("pwd: %s\n", pwd);
/* initialize maat options which will be used by maat_new() */
struct maat_options *opts = maat_options_new();
maat_options_set_json_file(opts, json_filename);
maat_options_set_logger(opts, "/root/Git/demo/demo3/sample_test.log", LOG_LEVEL_TRACE);
/* create maat instance, rules in table_info.conf will be loaded. */
struct maat *maat_instance = maat_new(opts, table_info_path);
assert(maat_instance != NULL);
maat_options_free(opts);
const char *table_name = "AS_NUMBER"; /* maat_json.json has HTTP_URL rule */
int table_id = maat_get_table_id(maat_instance, table_name);
assert(table_id == 3); /* defined in table_info.conf */
int thread_id = 0;
long long results[ARRAY_SIZE] = {0};
size_t n_hit_result = 0;
/* store scanning intermediate state */
struct maat_state *state = maat_state_new(maat_instance, thread_id);
assert(state != NULL);
const char *src_asn1 = "AS1234";
/**
* Becase maat instance has loaded rule in table_info.conf which keywords is "Hello Maat",
so maat_scan_string should return hit flag and rule's compile_id stored in results array.
*/
int ret = maat_scan_string(maat_instance, table_id, src_asn1, strlen(src_asn1), results, ARRAY_SIZE,
&n_hit_result, state);
assert(ret == MAAT_SCAN_HIT);
assert(n_hit_result == 1);
assert(results[0] == 123);
maat_state_free(state);
return 0;
}
|
