0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
1 |
/*
|
2 |
* Unit tests for regular expression processing.
|
|
3 |
*
|
|
4 |
* Copyright (C) 2008 Sourcefire, Inc.
|
|
5 |
*
|
|
6 |
* Authors: Török Edvin
|
|
7 |
*
|
|
8 |
* This program is free software; you can redistribute it and/or modify
|
|
9 |
* it under the terms of the GNU General Public License version 2 as
|
|
10 |
* published by the Free Software Foundation.
|
|
11 |
*
|
|
12 |
* This program is distributed in the hope that it will be useful,
|
|
13 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
14 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
15 |
* GNU General Public License for more details.
|
|
16 |
*
|
|
17 |
* You should have received a copy of the GNU General Public License
|
|
18 |
* along with this program; if not, write to the Free Software
|
|
19 |
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
|
|
20 |
* MA 02110-1301, USA.
|
|
21 |
*/
|
|
22 |
#if HAVE_CONFIG_H
|
|
23 |
#include "clamav-config.h" |
|
24 |
#endif
|
|
25 |
||
26 |
#include <stdio.h> |
|
27 |
#include <stdlib.h> |
|
28 |
#include <limits.h> |
|
29 |
#include <string.h> |
|
30 |
#include <check.h> |
|
31 |
#include "../libclamav/clamav.h" |
|
32 |
#include "../libclamav/others.h" |
|
33 |
#include "../libclamav/mbox.h" |
|
34 |
#include "../libclamav/message.h" |
|
35 |
#include "../libclamav/htmlnorm.h" |
|
36 |
#include "../libclamav/phishcheck.h" |
|
37 |
#include "../libclamav/regex_suffix.h" |
|
38 |
#include "../libclamav/regex_list.h" |
|
39 |
#include "../libclamav/phish_domaincheck_db.h" |
|
40 |
#include "../libclamav/phish_whitelist.h" |
|
41 |
#include "checks.h" |
|
42 |
||
43 |
static size_t cb_called = 0; |
|
44 |
||
45 |
static int cb_fail(void *cbdata, const char *suffix, size_t len, const struct regex_list *regex) |
|
46 |
{
|
|
47 |
fail("this pattern is not supposed to have a suffix"); |
|
48 |
return -1; |
|
49 |
}
|
|
50 |
||
51 |
static int cb_expect_single(void *cbdata, const char *suffix, size_t len, const struct regex_list *regex) |
|
52 |
{
|
|
53 |
const char *expected = cbdata; |
|
54 |
cb_called++; |
|
0.1.2
by Michael Meskes
Import upstream version 0.94.dfsg.2 |
55 |
fail_unless_fmt(suffix && strcmp(suffix, expected) == 0, |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
56 |
"suffix mismatch, was: %s, expected: %s\n", suffix, expected); |
57 |
return 0; |
|
58 |
}
|
|
59 |
||
60 |
static struct regex_list regex; |
|
61 |
START_TEST (empty) |
|
62 |
{
|
|
63 |
const char pattern[] = ""; |
|
64 |
int rc; |
|
65 |
regex_t *preg; |
|
66 |
||
67 |
errmsg_expected(); |
|
68 |
preg = malloc(sizeof(*regex.preg)); |
|
69 |
fail_unless(!!preg, "malloc"); |
|
70 |
rc = cli_regex2suffix(pattern, preg, cb_fail, NULL); |
|
71 |
free(preg); |
|
72 |
fail_unless(rc == REG_EMPTY, "empty pattern"); |
|
73 |
fail_unless(cb_called == 0, "callback shouldn't be called"); |
|
74 |
}
|
|
75 |
END_TEST
|
|
76 |
||
77 |
START_TEST (one) |
|
78 |
{
|
|
79 |
char pattern[] = "a"; |
|
80 |
int rc; |
|
81 |
regex_t *preg; |
|
82 |
||
83 |
preg = malloc(sizeof(*regex.preg)); |
|
84 |
fail_unless(!!preg, "malloc"); |
|
85 |
rc = cli_regex2suffix(pattern, preg, cb_expect_single, pattern); |
|
86 |
fail_unless(rc == 0, "single character pattern"); |
|
87 |
cli_regfree(preg); |
|
88 |
free(preg); |
|
89 |
fail_unless(cb_called == 1, "callback should be called once"); |
|
90 |
}
|
|
91 |
END_TEST
|
|
92 |
||
93 |
||
94 |
static const char *ex1[] = |
|
95 |
{"com|de","moc","ed",NULL}; |
|
96 |
static const char *ex2[] = |
|
97 |
{"xd|(a|e)bc","dx","cba","cbe",NULL}; |
|
98 |
||
99 |
static const char **tests[] = { |
|
100 |
ex1, |
|
101 |
ex2
|
|
102 |
};
|
|
103 |
||
104 |
||
105 |
static int cb_expect_multi(void *cbdata, const char *suffix, size_t len, const struct regex_list *r) |
|
106 |
{
|
|
107 |
const char **exp = cbdata; |
|
108 |
fail_unless(!!exp, "expected data"); |
|
109 |
exp++; |
|
0.1.2
by Michael Meskes
Import upstream version 0.94.dfsg.2 |
110 |
fail_unless_fmt(!!*exp, "expected no suffix, got: %s\n",suffix); |
111 |
fail_unless_fmt(!!exp[cb_called], "expected less suffixes, but already got: %d\n", cb_called); |
|
112 |
fail_unless_fmt(strcmp(exp[cb_called], suffix) == 0, |
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
113 |
"suffix mismatch, was: %s, expected: %s\n",suffix, exp[cb_called]); |
0.1.2
by Michael Meskes
Import upstream version 0.94.dfsg.2 |
114 |
fail_unless_fmt(strlen(suffix) == len, "incorrect suffix len, expected: %d, got: %d\n", strlen(suffix), len); |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
115 |
cb_called++; |
116 |
return 0; |
|
117 |
}
|
|
118 |
||
119 |
#ifdef CHECK_HAVE_LOOPS
|
|
120 |
START_TEST (test_suffix) |
|
121 |
{
|
|
122 |
int rc; |
|
123 |
regex_t *preg; |
|
124 |
const char *pattern = tests[_i][0]; |
|
125 |
size_t n=0; |
|
126 |
const char **p=tests[_i]; |
|
127 |
||
128 |
fail_unless(!!pattern, "test pattern"); |
|
129 |
preg = malloc(sizeof(*regex.preg)); |
|
130 |
fail_unless(!!preg, "malloc"); |
|
131 |
rc = cli_regex2suffix(pattern, preg, cb_expect_multi, tests[_i]); |
|
132 |
fail_unless(rc == 0, "single character pattern"); |
|
133 |
cli_regfree(preg); |
|
134 |
free(preg); |
|
135 |
p++; |
|
136 |
while(*p++) n++; |
|
0.1.2
by Michael Meskes
Import upstream version 0.94.dfsg.2 |
137 |
fail_unless_fmt(cb_called == n, |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
138 |
"suffix number mismatch, expected: %d, was: %d\n", n, cb_called); |
139 |
}
|
|
140 |
END_TEST
|
|
141 |
#endif /* CHECK_HAVE_LOOPS */ |
|
142 |
||
143 |
static void setup(void) |
|
144 |
{
|
|
145 |
cb_called = 0; |
|
146 |
}
|
|
147 |
||
148 |
static void teardown(void) |
|
149 |
{
|
|
150 |
}
|
|
151 |
||
152 |
static struct regex_matcher matcher; |
|
153 |
||
154 |
static void rsetup(void) |
|
155 |
{
|
|
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
156 |
int rc; |
157 |
#ifdef USE_MPOOL
|
|
158 |
matcher.mempool = mpool_create(); |
|
159 |
#endif
|
|
0.35.10
by Stephen Gran, Stephen Gran, Michael Tautschnig
[ Stephen Gran ] |
160 |
rc = init_regex_list(&matcher, 1); |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
161 |
fail_unless(rc == 0, "init_regex_list"); |
162 |
}
|
|
163 |
||
164 |
static void rteardown(void) |
|
165 |
{
|
|
166 |
regex_list_done(&matcher); |
|
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
167 |
#ifdef USE_MPOOL
|
168 |
mpool_destroy(matcher.mempool); |
|
169 |
#endif
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
170 |
}
|
171 |
||
172 |
static const struct rtest { |
|
173 |
const char *pattern;/* NULL if not meant for whitelist testing */ |
|
174 |
const char *realurl; |
|
175 |
const char *displayurl; |
|
176 |
int result;/* 0 - phish, 1 - whitelisted, 2 - clean, |
|
177 |
3 - blacklisted if 2nd db is loaded,
|
|
178 |
4 - invalid regex*/
|
|
179 |
} rtests[] = { |
|
0.35.14
by Michael Tautschnig, Stephen Gran, Alberto WU, Michael Tautschnig
[ Stephen Gran ] |
180 |
{NULL,"http://fake.example.com", "http://foo@key.com/", 0}, |
181 |
{NULL,"http://fake.example.com", "foo.example.com@key.com", 0}, |
|
182 |
{NULL,"http://fake.example.com", "foo@key.com", 2}, |
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
183 |
{NULL,"http://fake.example.com","=====key.com",0}, |
184 |
{NULL,"http://key.com","=====key.com",2}, |
|
0.1.2
by Michael Meskes
Import upstream version 0.94.dfsg.2 |
185 |
{NULL," http://key.com","=====key.com",2}, |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
186 |
{NULL,"http://key.com@fake.example.com","key.com",0}, |
0.1.2
by Michael Meskes
Import upstream version 0.94.dfsg.2 |
187 |
{NULL," http://key.com@fake.example.com","key.com",0}, |
188 |
{NULL," http://key.com@fake.example.com ","key.com",0}, |
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
189 |
/* entry taken from .wdb with a / appended */
|
190 |
{".+\\.ebayrtm\\.com([/?].*)?:.+\\.ebay\\.(de|com|co\\.uk)([/?].*)?/", |
|
191 |
"http://srx.main.ebayrtm.com", |
|
192 |
"pages.ebay.de", |
|
193 |
1 /* should be whitelisted */}, |
|
194 |
{".+\\.ebayrtm\\.com([/?].*)?:.+\\.ebay\\.(de|com|co\\.uk)([/?].*)?/", |
|
195 |
"http://srx.main.ebayrtm.com.evil.example.com", |
|
196 |
"pages.ebay.de", |
|
197 |
0}, |
|
198 |
{".+\\.ebayrtm\\.com([/?].*)?:.+\\.ebay\\.(de|com|co\\.uk)([/?].*)?/", |
|
199 |
"www.www.ebayrtm.com?somecgi", |
|
200 |
"www.ebay.com/something",1}, |
|
201 |
{NULL, |
|
202 |
"http://key.com","go to key.com",2 |
|
203 |
},
|
|
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
204 |
{":.+\\.paypal\\.(com|de|fr|it)([/?].*)?:.+\\.ebay\\.(at|be|ca|ch|co\\.uk|de|es|fr|ie|in|it|nl|ph|pl|com(\\.(au|cn|hk|my|sg))?)([/?].*)?/", |
205 |
"http://www.paypal.com", "pics.ebay.com", 1}, |
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
206 |
{NULL, "http://somefakeurl.example.com","someotherdomain-key.com",2}, |
207 |
{NULL, "http://somefakeurl.example.com","someotherdomain.key.com",0}, |
|
208 |
{NULL, "http://1.test.example.com/something","test",3}, |
|
209 |
{NULL, "http://1.test.example.com/2","test",3}, |
|
210 |
{NULL, "http://user@1.test.example.com/2","test",3}, |
|
211 |
{NULL, "http://user@1.test.example.com/2/test","test",3}, |
|
212 |
{NULL, "http://user@1.test.example.com/","test",3}, |
|
213 |
{NULL, "http://x.exe","http:///x.exe",2}, |
|
214 |
{".+\\.ebayrtm\\.com([/?].*)?:[^.]+\\.ebay\\.(de|com|co\\.uk)/", |
|
215 |
"http://srx.main.ebayrtm.com", |
|
216 |
"pages.ebay.de", |
|
217 |
1 /* should be whitelisted */}, |
|
218 |
{".+\\.ebayrtm\\.com([/?].*)?:.+[r-t]\\.ebay\\.(de|com|co\\.uk)/", |
|
219 |
"http://srx.main.ebayrtm.com", |
|
220 |
"pages.ebay.de", |
|
221 |
1 /* should be whitelisted */}, |
|
222 |
{".+\\.ebayrtm\\.com([/?].*)?:.+[r-t]\\.ebay\\.(de|com|co\\.uk)/", |
|
223 |
"http://srx.main.ebayrtm.com", |
|
224 |
"pages.ebay.de", |
|
225 |
1 /* should be whitelisted */}, |
|
226 |
{"[t-","","",4}, |
|
227 |
{NULL,"http://co.uk","http:// co.uk",2}, |
|
228 |
{NULL,"http://co.uk"," ",2}, |
|
229 |
{NULL,"127.0.0.1","pages.ebay.de",2}, |
|
230 |
{".+\\.ebayrtm\\.com([/?].*)?:.+\\.ebay\\.(de|com|co\\.uk)([/?].*)?/", |
|
231 |
"http://pages.ebay.de@fake.example.com","pages.ebay.de",0}, |
|
232 |
{NULL,"http://key.com","https://key.com",0}, |
|
233 |
{NULL,"http://key.com%00fake.example.com","https://key.com",0}, |
|
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
234 |
{NULL,"http://key.com.example.com","key.com.invalid",0} |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
235 |
};
|
236 |
||
237 |
#ifdef CHECK_HAVE_LOOPS
|
|
238 |
START_TEST (regex_list_match_test) |
|
239 |
{
|
|
240 |
const char *info; |
|
241 |
const struct rtest *rtest = &rtests[_i]; |
|
242 |
char *pattern, *realurl; |
|
243 |
int rc; |
|
244 |
||
245 |
if(!rtest->pattern) { |
|
246 |
fail_unless(rtest->result != 1, |
|
247 |
"whitelist test must have pattern set"); |
|
248 |
/* this test entry is not meant for whitelist testing */
|
|
249 |
return; |
|
250 |
}
|
|
251 |
||
252 |
fail_unless(rtest->result == 0 || rtest->result == 1 || rtest->result==4, |
|
253 |
"whitelist test result must be either 0 or 1 or 4"); |
|
254 |
pattern = cli_strdup(rtest->pattern); |
|
255 |
fail_unless(!!pattern, "cli_strdup"); |
|
256 |
||
257 |
rc = regex_list_add_pattern(&matcher, pattern); |
|
258 |
if(rtest->result == 4) { |
|
259 |
fail_unless(rc, "regex_list_add_pattern should return error"); |
|
260 |
free(pattern); |
|
261 |
return; |
|
262 |
} else |
|
263 |
fail_unless(rc == 0,"regex_list_add_pattern"); |
|
264 |
free(pattern); |
|
265 |
||
266 |
matcher.list_loaded = 1; |
|
267 |
||
268 |
rc = cli_build_regex_list(&matcher); |
|
269 |
fail_unless(rc == 0,"cli_build_regex_list"); |
|
270 |
||
271 |
fail_unless(is_regex_ok(&matcher),"is_regex_ok"); |
|
272 |
||
273 |
realurl = cli_strdup(rtest->realurl); |
|
274 |
rc = regex_list_match(&matcher, realurl, rtest->displayurl, NULL, 1, &info, 1); |
|
275 |
fail_unless(rc == rtest->result,"regex_list_match"); |
|
276 |
/* regex_list_match is not supposed to modify realurl in this case */
|
|
277 |
fail_unless(!strcmp(realurl, rtest->realurl), "realurl altered"); |
|
278 |
free(realurl); |
|
279 |
}
|
|
280 |
END_TEST
|
|
281 |
#endif /* CHECK_HAVE_LOOPS */ |
|
282 |
||
283 |
static struct cl_engine *engine; |
|
284 |
static int loaded_2 = 0; |
|
285 |
||
286 |
static void psetup_impl(int load2) |
|
287 |
{
|
|
288 |
FILE *f; |
|
289 |
int rc; |
|
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
290 |
unsigned signo=0; |
291 |
||
292 |
engine = cl_engine_new(); |
|
293 |
fail_unless(!!engine , "cl_engine_new"); |
|
294 |
||
295 |
phishing_init(engine); |
|
296 |
fail_unless(!!engine->phishcheck, "phishing_init"); |
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
297 |
|
298 |
rc = init_domainlist(engine); |
|
299 |
fail_unless(rc == 0,"init_domainlist"); |
|
300 |
||
301 |
f = fdopen(open_testfile("input/daily.pdb"),"r"); |
|
302 |
fail_unless(!!f, "fopen daily.pdb"); |
|
303 |
||
0.35.14
by Michael Tautschnig, Stephen Gran, Alberto WU, Michael Tautschnig
[ Stephen Gran ] |
304 |
rc = load_regex_matcher(engine, engine->domainlist_matcher, f, &signo, 0, 0, NULL, 1); |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
305 |
fail_unless(rc == 0, "load_regex_matcher"); |
306 |
fclose(f); |
|
307 |
||
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
308 |
fail_unless_fmt(signo == 201, "Incorrect number of signatures: %u, expected %u", signo, 201); |
309 |
||
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
310 |
if(load2) { |
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
311 |
f = fdopen(open_testfile("input/daily.gdb"),"r"); |
312 |
fail_unless(!!f, "fopen daily.gdb"); |
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
313 |
|
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
314 |
signo = 0; |
0.35.14
by Michael Tautschnig, Stephen Gran, Alberto WU, Michael Tautschnig
[ Stephen Gran ] |
315 |
rc = load_regex_matcher(engine, engine->domainlist_matcher, f, &signo, 0, 0, NULL, 1); |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
316 |
fail_unless(rc == 0, "load_regex_matcher"); |
317 |
fclose(f); |
|
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
318 |
|
319 |
fail_unless_fmt(signo == 4, "Incorrect number of signatures: %u, expected %u", signo, 4); |
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
320 |
}
|
321 |
loaded_2 = load2; |
|
322 |
||
323 |
rc = init_whitelist(engine); |
|
324 |
fail_unless(rc == 0,"init_whitelist"); |
|
325 |
||
326 |
f = fdopen(open_testfile("input/daily.wdb"),"r"); |
|
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
327 |
signo = 0; |
0.35.14
by Michael Tautschnig, Stephen Gran, Alberto WU, Michael Tautschnig
[ Stephen Gran ] |
328 |
rc = load_regex_matcher(engine, engine->whitelist_matcher, f, &signo, 0, 1, NULL, 1); |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
329 |
fail_unless(rc == 0,"load_regex_matcher"); |
330 |
fclose(f); |
|
331 |
||
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
332 |
fail_unless_fmt(signo == 31, "Incorrect number of signatures: %u, expected %u", signo, 31); |
333 |
||
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
334 |
rc = cli_build_regex_list(engine->whitelist_matcher); |
335 |
fail_unless(rc == 0,"cli_build_regex_list"); |
|
336 |
||
337 |
rc = cli_build_regex_list(engine->domainlist_matcher); |
|
338 |
fail_unless(rc == 0,"cli_build_regex_list"); |
|
339 |
||
340 |
fail_unless(is_regex_ok(engine->whitelist_matcher),"is_regex_ok"); |
|
341 |
fail_unless(is_regex_ok(engine->domainlist_matcher),"is_regex_ok"); |
|
342 |
}
|
|
343 |
||
344 |
static void psetup(void) |
|
345 |
{
|
|
346 |
psetup_impl(0); |
|
347 |
}
|
|
348 |
||
349 |
static void psetup2(void) |
|
350 |
{
|
|
351 |
psetup_impl(1); |
|
352 |
}
|
|
353 |
||
354 |
||
355 |
static void pteardown(void) |
|
356 |
{
|
|
357 |
if(engine) { |
|
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
358 |
cl_engine_free(engine); |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
359 |
}
|
360 |
engine = NULL; |
|
361 |
}
|
|
362 |
||
363 |
||
364 |
static void do_phishing_test(const struct rtest *rtest) |
|
365 |
{
|
|
366 |
char *realurl; |
|
367 |
cli_ctx ctx; |
|
98
by Scott Kitterman
* Merge from Debian Volatile. Remaining Ubuntu changes: |
368 |
const char *virname = NULL; |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
369 |
tag_arguments_t hrefs; |
370 |
int rc; |
|
371 |
||
372 |
memset(&ctx, 0, sizeof(ctx)); |
|
373 |
||
374 |
realurl = cli_strdup(rtest->realurl); |
|
375 |
fail_unless(!!realurl, "cli_strdup"); |
|
376 |
||
377 |
hrefs.count = 1; |
|
378 |
hrefs.value = cli_malloc(sizeof(*hrefs.value)); |
|
379 |
fail_unless(!!hrefs.value, "cli_malloc"); |
|
380 |
hrefs.value[0] = (unsigned char*)realurl; |
|
381 |
hrefs.contents = cli_malloc(sizeof(*hrefs.contents)); |
|
382 |
fail_unless(!!hrefs.contents, "cli_malloc"); |
|
383 |
hrefs.tag = cli_malloc(sizeof(*hrefs.tag)); |
|
384 |
fail_unless(!!hrefs.tag, "cli_malloc"); |
|
385 |
hrefs.tag[0] = (unsigned char*)cli_strdup("href"); |
|
0.35.11
by Michael Tautschnig, Stephen Gran, Alberto WU, Scott Kitterman, Michael Tautschnig
[ Stephen Gran ] |
386 |
hrefs.contents[0] = (unsigned char*)cli_strdup(rtest->displayurl); |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
387 |
|
388 |
ctx.engine = engine; |
|
389 |
ctx.virname = &virname; |
|
390 |
||
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
391 |
rc = phishingScan(&ctx, &hrefs); |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
392 |
|
393 |
html_tag_arg_free(&hrefs); |
|
394 |
fail_unless(rc == CL_CLEAN,"phishingScan"); |
|
395 |
switch(rtest->result) { |
|
396 |
case 0: |
|
0.1.2
by Michael Meskes
Import upstream version 0.94.dfsg.2 |
397 |
fail_unless_fmt(ctx.found_possibly_unwanted, |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
398 |
"this should be phishing, realURL: %s, displayURL: %s", |
399 |
rtest->realurl, rtest->displayurl); |
|
400 |
break; |
|
401 |
case 1: |
|
0.1.2
by Michael Meskes
Import upstream version 0.94.dfsg.2 |
402 |
fail_unless_fmt(!ctx.found_possibly_unwanted, |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
403 |
"this should be whitelisted, realURL: %s, displayURL: %s", |
404 |
rtest->realurl, rtest->displayurl); |
|
405 |
break; |
|
406 |
case 2: |
|
0.1.2
by Michael Meskes
Import upstream version 0.94.dfsg.2 |
407 |
fail_unless_fmt(!ctx.found_possibly_unwanted, |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
408 |
"this should be clean, realURL: %s, displayURL: %s", |
409 |
rtest->realurl, rtest->displayurl); |
|
410 |
break; |
|
411 |
case 3: |
|
412 |
if(!loaded_2) |
|
0.1.2
by Michael Meskes
Import upstream version 0.94.dfsg.2 |
413 |
fail_unless_fmt(!ctx.found_possibly_unwanted, |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
414 |
"this should be clean, realURL: %s, displayURL: %s", |
415 |
rtest->realurl, rtest->displayurl); |
|
416 |
else { |
|
0.1.2
by Michael Meskes
Import upstream version 0.94.dfsg.2 |
417 |
fail_unless_fmt(ctx.found_possibly_unwanted, |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
418 |
"this should be blacklisted, realURL: %s, displayURL: %s", |
419 |
rtest->realurl, rtest->displayurl); |
|
98
by Scott Kitterman
* Merge from Debian Volatile. Remaining Ubuntu changes: |
420 |
if (*ctx.virname) |
421 |
fail_unless_fmt(!strstr((const char*)*ctx.virname,"Blacklisted"), |
|
422 |
"should be blacklisted, but is: %s\n", ctx.virname); |
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
423 |
}
|
424 |
break; |
|
425 |
}
|
|
426 |
}
|
|
427 |
||
0.47.6
by Scott Kitterman
Import upstream version 0.97.7+dfsg |
428 |
static void do_phishing_test_allscan(const struct rtest *rtest) |
429 |
{
|
|
430 |
char *realurl; |
|
431 |
cli_ctx ctx; |
|
432 |
const char *virname = NULL; |
|
433 |
tag_arguments_t hrefs; |
|
434 |
int rc; |
|
435 |
||
436 |
memset(&ctx, 0, sizeof(ctx)); |
|
437 |
||
438 |
realurl = cli_strdup(rtest->realurl); |
|
439 |
fail_unless(!!realurl, "cli_strdup"); |
|
440 |
||
441 |
hrefs.count = 1; |
|
442 |
hrefs.value = cli_malloc(sizeof(*hrefs.value)); |
|
443 |
fail_unless(!!hrefs.value, "cli_malloc"); |
|
444 |
hrefs.value[0] = (unsigned char*)realurl; |
|
445 |
hrefs.contents = cli_malloc(sizeof(*hrefs.contents)); |
|
446 |
fail_unless(!!hrefs.contents, "cli_malloc"); |
|
447 |
hrefs.tag = cli_malloc(sizeof(*hrefs.tag)); |
|
448 |
fail_unless(!!hrefs.tag, "cli_malloc"); |
|
449 |
hrefs.tag[0] = (unsigned char*)cli_strdup("href"); |
|
450 |
hrefs.contents[0] = (unsigned char*)cli_strdup(rtest->displayurl); |
|
451 |
||
452 |
ctx.engine = engine; |
|
453 |
ctx.virname = &virname; |
|
454 |
ctx.options |= CL_SCAN_ALLMATCHES; |
|
455 |
||
456 |
rc = phishingScan(&ctx, &hrefs); |
|
457 |
||
458 |
html_tag_arg_free(&hrefs); |
|
459 |
fail_unless(rc == CL_CLEAN,"phishingScan"); |
|
460 |
switch(rtest->result) { |
|
461 |
case 0: |
|
462 |
fail_unless_fmt(ctx.found_possibly_unwanted, |
|
463 |
"this should be phishing, realURL: %s, displayURL: %s", |
|
464 |
rtest->realurl, rtest->displayurl); |
|
465 |
break; |
|
466 |
case 1: |
|
467 |
fail_unless_fmt(!ctx.found_possibly_unwanted, |
|
468 |
"this should be whitelisted, realURL: %s, displayURL: %s", |
|
469 |
rtest->realurl, rtest->displayurl); |
|
470 |
break; |
|
471 |
case 2: |
|
472 |
fail_unless_fmt(!ctx.found_possibly_unwanted, |
|
473 |
"this should be clean, realURL: %s, displayURL: %s", |
|
474 |
rtest->realurl, rtest->displayurl); |
|
475 |
break; |
|
476 |
case 3: |
|
477 |
if(!loaded_2) |
|
478 |
fail_unless_fmt(!ctx.found_possibly_unwanted, |
|
479 |
"this should be clean, realURL: %s, displayURL: %s", |
|
480 |
rtest->realurl, rtest->displayurl); |
|
481 |
else { |
|
482 |
fail_unless_fmt(ctx.found_possibly_unwanted, |
|
483 |
"this should be blacklisted, realURL: %s, displayURL: %s", |
|
484 |
rtest->realurl, rtest->displayurl); |
|
485 |
if (*ctx.virname) |
|
486 |
fail_unless_fmt(!strstr((const char*)*ctx.virname,"Blacklisted"), |
|
487 |
"should be blacklisted, but is: %s\n", ctx.virname); |
|
488 |
}
|
|
489 |
break; |
|
490 |
}
|
|
491 |
if (ctx.num_viruses) |
|
492 |
free((void *)ctx.virname); |
|
493 |
}
|
|
494 |
||
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
495 |
#ifdef CHECK_HAVE_LOOPS
|
496 |
START_TEST (phishingScan_test) |
|
497 |
{
|
|
498 |
do_phishing_test(&rtests[_i]); |
|
499 |
}
|
|
500 |
END_TEST
|
|
0.47.6
by Scott Kitterman
Import upstream version 0.97.7+dfsg |
501 |
|
502 |
START_TEST (phishingScan_test_allscan) |
|
503 |
{
|
|
504 |
do_phishing_test_allscan(&rtests[_i]); |
|
505 |
}
|
|
506 |
END_TEST
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
507 |
#endif
|
508 |
||
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
509 |
#ifdef CHECK_HAVE_LOOPS
|
510 |
static struct uc { |
|
511 |
const char *in; |
|
512 |
const char *host; |
|
513 |
const char *path; |
|
514 |
} uc[] = { |
|
515 |
{":example/%25%32%35", "example/", "%25"}, |
|
516 |
{":example/%25%32%35%25%32%35", "example/", "%25%25"}, |
|
517 |
{":example/abc%25%32%35asd", "example/", "abc%25asd"}, |
|
518 |
{":www.example.com/","www.example.com/",""}, |
|
519 |
{":%31%32%37%2e%30%2e%30%2e%31/%2E%73%65%63%75%72%65/%77%77%77%2e%65%78%61%6d%70%6c%65%2e%63%6f%6d/", |
|
520 |
"127.0.0.1/",".secure/www.example.com/"}, |
|
521 |
{":127.0.0.1/uploads/%20%20%20%20/.verify/.blah=abcd-ef=gh/", |
|
522 |
"127.0.0.1/","uploads/%20%20%20%20/.verify/.blah=abcd-ef=gh/"}, |
|
523 |
{"http://example%23.com/%61%40%62%252B", |
|
524 |
"example%23.com/", "a@b+"}, |
|
525 |
{"http://example.com/blah/..","example.com/",""}, |
|
526 |
{"http://example.com/blah/../x","example.com/","x"}, |
|
527 |
{"http://example.com/./a","example.com/","a"} |
|
528 |
};
|
|
529 |
||
530 |
START_TEST (test_url_canon) |
|
531 |
{
|
|
532 |
char urlbuff[1024+3]; |
|
533 |
char *host = NULL; |
|
534 |
const char *path = NULL; |
|
535 |
size_t host_len, path_len; |
|
536 |
struct uc *u = &uc[_i]; |
|
537 |
||
538 |
cli_url_canon(u->in, strlen(u->in), urlbuff, sizeof(urlbuff), &host, &host_len, &path, &path_len); |
|
539 |
fail_unless(!!host && !!path, "null results\n"); |
|
540 |
fail_unless_fmt(!strcmp(u->host, host), "host incorrect: %s\n", host); |
|
541 |
fail_unless_fmt(!strcmp(u->path, path), "path incorrect: %s\n", path); |
|
542 |
}
|
|
543 |
END_TEST
|
|
66
by Scott Kitterman
* Merge from debian unstable, remaining changes (LP: #388111): |
544 |
|
545 |
static struct regex_test { |
|
546 |
const char *regex; |
|
547 |
const char *text; |
|
548 |
int match; |
|
549 |
} rg[] = { |
|
550 |
{"\\.exe$", "test.exe", 1}, |
|
551 |
{"\\.exe$", "test.eXe", 0}, |
|
552 |
{"(?i)\\.exe$", "test.exe", 1}, |
|
553 |
{"(?i)\\.exe$", "test.eXe", 1} |
|
554 |
};
|
|
555 |
||
556 |
START_TEST (test_regexes) |
|
557 |
{
|
|
558 |
regex_t reg; |
|
559 |
struct regex_test *tst = &rg[_i]; |
|
560 |
int match; |
|
561 |
||
562 |
fail_unless(cli_regcomp(®, tst->regex, REG_EXTENDED | REG_NOSUB) == 0, "cli_regcomp"); |
|
563 |
match = (cli_regexec(®, tst->text, 0, NULL, 0) == REG_NOMATCH) ? 0 : 1; |
|
564 |
fail_unless_fmt(match == tst->match, "cli_regexec failed for %s and %s\n", tst->regex, tst->text); |
|
565 |
cli_regfree(®); |
|
566 |
}
|
|
567 |
END_TEST
|
|
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
568 |
#endif
|
569 |
||
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
570 |
START_TEST(phishing_fake_test) |
571 |
{
|
|
572 |
char buf[4096]; |
|
573 |
FILE *f = fdopen(open_testfile("input/daily.pdb"),"r"); |
|
574 |
fail_unless(!!f,"fopen daily.pdb"); |
|
575 |
while(fgets(buf, sizeof(buf), f)) { |
|
576 |
struct rtest rtest; |
|
577 |
const char *pdb = strchr(buf,':'); |
|
578 |
fail_unless(!!pdb, "missing : in pdb"); |
|
579 |
rtest.realurl = pdb; |
|
580 |
rtest.displayurl = pdb; |
|
581 |
rtest.result = 2; |
|
582 |
do_phishing_test(&rtest); |
|
583 |
rtest.realurl = "http://fake.example.com"; |
|
584 |
rtest.result = 0; |
|
585 |
do_phishing_test(&rtest); |
|
586 |
}
|
|
587 |
fclose(f); |
|
588 |
}
|
|
589 |
END_TEST
|
|
590 |
||
0.47.6
by Scott Kitterman
Import upstream version 0.97.7+dfsg |
591 |
START_TEST(phishing_fake_test_allscan) |
592 |
{
|
|
593 |
char buf[4096]; |
|
594 |
FILE *f = fdopen(open_testfile("input/daily.pdb"),"r"); |
|
595 |
fail_unless(!!f,"fopen daily.pdb"); |
|
596 |
while(fgets(buf, sizeof(buf), f)) { |
|
597 |
struct rtest rtest; |
|
598 |
const char *pdb = strchr(buf,':'); |
|
599 |
fail_unless(!!pdb, "missing : in pdb"); |
|
600 |
rtest.realurl = pdb; |
|
601 |
rtest.displayurl = pdb; |
|
602 |
rtest.result = 2; |
|
603 |
do_phishing_test_allscan(&rtest); |
|
604 |
rtest.realurl = "http://fake.example.com"; |
|
605 |
rtest.result = 0; |
|
606 |
do_phishing_test_allscan(&rtest); |
|
607 |
}
|
|
608 |
fclose(f); |
|
609 |
}
|
|
610 |
END_TEST
|
|
611 |
||
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
612 |
Suite *test_regex_suite(void) |
613 |
{
|
|
614 |
Suite *s = suite_create("regex"); |
|
66
by Scott Kitterman
* Merge from debian unstable, remaining changes (LP: #388111): |
615 |
TCase *tc_api, *tc_matching, *tc_phish, *tc_phish2, *tc_regex; |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
616 |
|
617 |
tc_api = tcase_create("cli_regex2suffix"); |
|
618 |
suite_add_tcase(s, tc_api); |
|
619 |
tcase_add_checked_fixture (tc_api, setup, teardown); |
|
620 |
tcase_add_test(tc_api, empty); |
|
621 |
tcase_add_test(tc_api, one); |
|
622 |
#ifdef CHECK_HAVE_LOOPS
|
|
623 |
tcase_add_loop_test(tc_api, test_suffix, 0, sizeof(tests)/sizeof(tests[0])); |
|
624 |
#endif
|
|
625 |
tc_matching = tcase_create("regex_list"); |
|
626 |
suite_add_tcase(s, tc_matching); |
|
627 |
tcase_add_checked_fixture (tc_matching, rsetup, rteardown); |
|
628 |
#ifdef CHECK_HAVE_LOOPS
|
|
629 |
tcase_add_loop_test(tc_matching, regex_list_match_test, 0, sizeof(rtests)/sizeof(rtests[0])); |
|
630 |
#endif
|
|
631 |
tc_phish = tcase_create("phishingScan"); |
|
632 |
suite_add_tcase(s, tc_phish); |
|
0.1.2
by Michael Meskes
Import upstream version 0.94.dfsg.2 |
633 |
tcase_add_unchecked_fixture(tc_phish, psetup, pteardown); |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
634 |
#ifdef CHECK_HAVE_LOOPS
|
635 |
tcase_add_loop_test(tc_phish, phishingScan_test, 0, sizeof(rtests)/sizeof(rtests[0])); |
|
0.47.6
by Scott Kitterman
Import upstream version 0.97.7+dfsg |
636 |
tcase_add_loop_test(tc_phish, phishingScan_test_allscan, 0, sizeof(rtests)/sizeof(rtests[0])); |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
637 |
#endif
|
638 |
tcase_add_test(tc_phish, phishing_fake_test); |
|
0.47.6
by Scott Kitterman
Import upstream version 0.97.7+dfsg |
639 |
tcase_add_test(tc_phish, phishing_fake_test_allscan); |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
640 |
|
641 |
tc_phish2 = tcase_create("phishingScan with 2 dbs"); |
|
642 |
suite_add_tcase(s, tc_phish2); |
|
0.1.2
by Michael Meskes
Import upstream version 0.94.dfsg.2 |
643 |
tcase_add_unchecked_fixture(tc_phish2, psetup2, pteardown); |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
644 |
#ifdef CHECK_HAVE_LOOPS
|
645 |
tcase_add_loop_test(tc_phish2, phishingScan_test, 0, sizeof(rtests)/sizeof(rtests[0])); |
|
0.47.6
by Scott Kitterman
Import upstream version 0.97.7+dfsg |
646 |
tcase_add_loop_test(tc_phish2, phishingScan_test_allscan, 0, sizeof(rtests)/sizeof(rtests[0])); |
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
647 |
#endif
|
648 |
tcase_add_test(tc_phish2, phishing_fake_test); |
|
0.47.6
by Scott Kitterman
Import upstream version 0.97.7+dfsg |
649 |
tcase_add_test(tc_phish2, phishing_fake_test_allscan); |
0.1.3
by Stephen Gran
Import upstream version 0.95.1+dfsg |
650 |
#ifdef CHECK_HAVE_LOOPS
|
651 |
tcase_add_loop_test(tc_phish, test_url_canon, 0, sizeof(uc)/sizeof(uc[0])); |
|
652 |
#endif
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
653 |
|
66
by Scott Kitterman
* Merge from debian unstable, remaining changes (LP: #388111): |
654 |
tc_regex = tcase_create("cli_regcomp/execute"); |
655 |
suite_add_tcase(s, tc_regex); |
|
656 |
#ifdef CHECK_HAVE_LOOPS
|
|
657 |
tcase_add_loop_test(tc_regex, test_regexes, 0, sizeof(rg)/sizeof(rg[0])); |
|
658 |
#endif
|
|
0.1.1
by Stephen Gran
Import upstream version 0.94.dfsg |
659 |
return s; |
660 |
}
|
|
661 |