/*
* Unit tests for bytecode functions.
*
* Copyright (C) 2009 Sourcefire, Inc.
*
* Authors: Török Edvin
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*/
#if HAVE_CONFIG_H
#include "clamav-config.h"
#endif
#include <stdio.h>
#include <stdlib.h>
#include <limits.h>
#include <string.h>
#include <check.h>
#include <fcntl.h>
#include "../libclamav/clamav.h"
#include "../libclamav/others.h"
#include "../libclamav/bytecode.h"
#include "checks.h"
#include "../libclamav/dconf.h"
#include "../libclamav/bytecode_priv.h"
#include "../libclamav/pe.h"
static void runtest(const char *file, uint64_t expected, int fail, int nojit,
const char *infile, struct cli_pe_hook_data *pedata,
struct cli_exe_section *sections, const char *expectedvirname)
{
fmap_t *map = NULL;
int rc;
int fd = open_testfile(file);
FILE *f;
struct cli_bc bc;
cli_ctx cctx;
struct cli_bc_ctx *ctx;
struct cli_all_bc bcs;
uint64_t v;
memset(&cctx, 0, sizeof(cctx));
fail_unless(fd >= 0, "retmagic open failed");
f = fdopen(fd, "r");
fail_unless(!!f, "retmagic fdopen failed");
cl_debug();
if (!nojit) {
rc = cli_bytecode_init(&bcs, BYTECODE_ENGINE_MASK);
fail_unless(rc == CL_SUCCESS, "cli_bytecode_init failed");
} else {
bcs.engine = NULL;
}
bcs.all_bcs = &bc;
bcs.count = 1;
rc = cli_bytecode_load(&bc, f, NULL, 1);
fail_unless(rc == CL_SUCCESS, "cli_bytecode_load failed");
fclose(f);
rc = cli_bytecode_prepare(&bcs, BYTECODE_ENGINE_MASK);
fail_unless(rc == CL_SUCCESS, "cli_bytecode_prepare failed");
if (have_clamjit && !nojit && nojit != -1) {
fail_unless(bc.state == bc_jit, "preparing for JIT failed");
}
ctx = cli_bytecode_context_alloc();
/* small timeout, these bytecodes are fast! */
ctx->bytecode_timeout = 10;
fail_unless(!!ctx, "cli_bytecode_context_alloc failed");
if (infile) {
int fdin = open(infile, O_RDONLY);
fail_unless(fdin >= 0, "failed to open infile");
map = fmap(fdin, 0, 0);
fail_unless(!!map, "unable to fmap infile");
ctx->ctx = &cctx;
if (pedata)
ctx->hooks.pedata = pedata;
ctx->sections = sections;
cli_bytecode_context_setfile(ctx, map);
}
cli_bytecode_context_setfuncid(ctx, &bc, 0);
rc = cli_bytecode_run(&bcs, &bc, ctx);
fail_unless_fmt(rc == fail, "cli_bytecode_run failed, expected: %u, have: %u\n",
fail, rc);
if (rc == CL_SUCCESS) {
v = cli_bytecode_context_getresult_int(ctx);
fail_unless_fmt(v == expected, "Invalid return value from bytecode run, expected: %llx, have: %llx\n",
expected, v);
}
if (infile && expectedvirname) {
fail_unless(ctx->virname &&
!strcmp(ctx->virname, expectedvirname),
"Invalid virname, expected: %s\n", expectedvirname);
}
cli_bytecode_context_destroy(ctx);
if (map)
funmap(map);
cli_bytecode_destroy(&bc);
cli_bytecode_done(&bcs);
}
START_TEST (test_retmagic)
{
cl_init(CL_INIT_DEFAULT);
runtest("input/retmagic.cbc", 0x1234f00d, CL_SUCCESS, 0, NULL, NULL, NULL, NULL);
runtest("input/retmagic.cbc", 0x1234f00d, CL_SUCCESS, 1, NULL, NULL, NULL, NULL);
}
END_TEST
START_TEST (test_arith)
{
cl_init(CL_INIT_DEFAULT);
runtest("input/arith.cbc", 0xd5555555, CL_SUCCESS, 0, NULL, NULL, NULL, NULL);
runtest("input/arith.cbc", 0xd5555555, CL_SUCCESS, 1, NULL, NULL, NULL, NULL);
}
END_TEST
START_TEST (test_apicalls)
{
cl_init(CL_INIT_DEFAULT);
runtest("input/apicalls.cbc", 0xf00d, CL_SUCCESS, 0, NULL, NULL, NULL, NULL);
runtest("input/apicalls.cbc", 0xf00d, CL_SUCCESS, 1, NULL, NULL, NULL, NULL);
}
END_TEST
START_TEST (test_apicalls2)
{
cl_init(CL_INIT_DEFAULT);
runtest("input/apicalls2.cbc", 0xf00d, CL_SUCCESS, 0, NULL, NULL, NULL, NULL);
runtest("input/apicalls2.cbc", 0xf00d, CL_SUCCESS, 1, NULL, NULL, NULL, NULL);
}
END_TEST
START_TEST (test_div0)
{
cl_init(CL_INIT_DEFAULT);
/* must not crash on div#0 but catch it */
runtest("input/div0.cbc", 0, CL_EBYTECODE, 0, NULL, NULL, NULL, NULL);
runtest("input/div0.cbc", 0, CL_EBYTECODE, 1, NULL, NULL, NULL, NULL);
}
END_TEST
START_TEST (test_lsig)
{
cl_init(CL_INIT_DEFAULT);
runtest("input/lsig.cbc", 0, 0, 0, NULL, NULL, NULL, NULL);
runtest("input/lsig.cbc", 0, 0, 1, NULL, NULL, NULL, NULL);
}
END_TEST
START_TEST (test_inf)
{
cl_init(CL_INIT_DEFAULT);
runtest("input/inf.cbc", 0, CL_ETIMEOUT, 0, NULL, NULL, NULL, NULL);
runtest("input/inf.cbc", 0, CL_ETIMEOUT, 1, NULL, NULL, NULL, NULL);
}
END_TEST
START_TEST (test_matchwithread)
{
struct cli_exe_section sect;
struct cli_pe_hook_data pedata;
cl_init(CL_INIT_DEFAULT);
memset(&pedata, 0, sizeof(pedata));
pedata.ep = 64;
pedata.opt32.ImageBase = 0x400000;
pedata.hdr_size = 0x400;
pedata.nsections = 1;
sect.rva = 4096;
sect.vsz = 4096;
sect.raw = 0;
sect.rsz = 512;
sect.urva = 4096;
sect.uvsz = 4096;
sect.uraw = 1;
sect.ursz = 512;
runtest("input/matchwithread.cbc", 0, 0, 0, "../test/clam.exe", &pedata,
§, "ClamAV-Test-File-detected-via-bytecode");
runtest("input/matchwithread.cbc", 0, 0, 1, "../test/clam.exe", &pedata,
§, "ClamAV-Test-File-detected-via-bytecode");
}
END_TEST
Suite *test_bytecode_suite(void)
{
Suite *s = suite_create("bytecode");
TCase *tc_cli_arith = tcase_create("arithmetic");
suite_add_tcase(s, tc_cli_arith);
tcase_add_test(tc_cli_arith, test_retmagic);
tcase_add_test(tc_cli_arith, test_arith);
tcase_add_test(tc_cli_arith, test_apicalls);
tcase_add_test(tc_cli_arith, test_apicalls2);
tcase_add_test(tc_cli_arith, test_div0);
tcase_add_test(tc_cli_arith, test_lsig);
tcase_add_test(tc_cli_arith, test_inf);
tcase_add_test(tc_cli_arith, test_matchwithread);
return s;
}