END_TEST START_TEST(test_strhowclosedmatch) { int i; /* * Please note that all strings are \ escaped */ const char *tests[][3] = { { "test", "test1234", "4" }, { "test1234", "test", "4" }, { "test", "test", "4" }, { "test", "", "0" }, { "", "test", "0" }, {NULL,NULL,NULL}, }; for(i=0; tests[i][0] != NULL ; i++) { ck_assert_uint_eq(OS_StrHowClosedMatch(tests[i][0],tests[i][1]) , (unsigned) atoi(tests[i][2])); } }
/* FTS v0.1 * Check if the word "msg" is present on the "queue". * If it is not, write it there. */ int FTS(Eventinfo *lf) { int number_of_matches = 0; char _line[OS_FLSIZE + 1]; char *line_for_list = NULL; OSListNode *fts_node; _line[OS_FLSIZE] = '\0'; /* Assigning the values to the FTS */ snprintf(_line, OS_FLSIZE, "%s %s %s %s %s %s %s %s %s", lf->decoder_info->name, (lf->id && (lf->decoder_info->fts & FTS_ID))?lf->id:"", (lf->dstuser && (lf->decoder_info->fts & FTS_DSTUSER))?lf->dstuser:"", (lf->srcuser && (lf->decoder_info->fts & FTS_SRCUSER))?lf->srcuser:"", (lf->srcip && (lf->decoder_info->fts & FTS_SRCIP))?lf->srcip:"", (lf->dstip && (lf->decoder_info->fts & FTS_DSTIP))?lf->dstip:"", (lf->data && (lf->decoder_info->fts & FTS_DATA))?lf->data:"", (lf->systemname && (lf->decoder_info->fts & FTS_SYSTEMNAME))?lf->systemname:"", (lf->decoder_info->fts & FTS_LOCATION)?lf->location:""); /** Checking if FTS is already present **/ if(OSHash_Get(fts_store, _line)) { return(0); } /* Checking if from the last FTS events, we had * at least 3 "similars" before. If yes, we just * ignore it. */ if(lf->decoder_info->type == IDS) { fts_node = OSList_GetLastNode(fts_list); while(fts_node) { if(OS_StrHowClosedMatch((char *)fts_node->data, _line) > fts_minsize_for_str) { number_of_matches++; /* We go and add this new entry to the list */ if(number_of_matches > 2) { _line[fts_minsize_for_str] = '\0'; break; } } fts_node = OSList_GetPrevNode(fts_list); } os_strdup(_line, line_for_list); OSList_AddData(fts_list, line_for_list); } /* Storing new entry */ if(line_for_list == NULL) { os_strdup(_line, line_for_list); } if(OSHash_Add(fts_store, line_for_list, line_for_list) <= 1) { return(0); } #ifdef TESTRULE return(1); #endif /* Saving to fts fp */ fseek(fp_list, 0, SEEK_END); fprintf(fp_list,"%s\n", _line); fflush(fp_list); return(1); }