git-svn: trunk@3949
Török Edvin authored on 2008/07/15 04:31:56... | ... |
@@ -13287,7 +13287,7 @@ fi |
13287 | 13287 |
|
13288 | 13288 |
fi |
13289 | 13289 |
|
13290 |
-if test "$LCHECK" = "no" -a "$enable_check_ut"="yes"; then |
|
13290 |
+if test "$LCHECK" = "no" -a "$enable_check_ut" = "yes"; then |
|
13291 | 13291 |
echo |
13292 | 13292 |
echo " ERROR! Check was configured, but not found. Get it from http://check.sf.net/" |
13293 | 13293 |
exit 1 |
... | ... |
@@ -339,7 +339,7 @@ if test "$enable_check_ut" != "no" ; then |
339 | 339 |
],[LCHECK="no"]) |
340 | 340 |
fi |
341 | 341 |
|
342 |
-if test "$LCHECK" = "no" -a "$enable_check_ut"="yes"; then |
|
342 |
+if test "$LCHECK" = "no" -a "$enable_check_ut" = "yes"; then |
|
343 | 343 |
echo |
344 | 344 |
echo " ERROR! Check was configured, but not found. Get it from http://check.sf.net/" |
345 | 345 |
exit 1 |
... | ... |
@@ -608,7 +608,7 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag |
608 | 608 |
const int dconf_js = dirname && dconf && dconf->doc&DOC_CONF_JSNORM; /* TODO */ |
609 | 609 |
/* dconf for phishing engine sets scanContents, so no need for a flag here */ |
610 | 610 |
struct parser_state *js_state = NULL; |
611 |
- const unsigned char *js_begin, *js_end = NULL; |
|
611 |
+ const unsigned char *js_begin = NULL, *js_end = NULL; |
|
612 | 612 |
|
613 | 613 |
tag_args.scanContents=0;/* do we need to store the contents of <a></a>?*/ |
614 | 614 |
if (!m_area) { |
... | ... |
@@ -1022,7 +1022,8 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag |
1022 | 1022 |
next_state = HTML_NORM; |
1023 | 1023 |
if (strcmp(tag, "/script") == 0) { |
1024 | 1024 |
in_script = FALSE; |
1025 |
- js_end = ptr; |
|
1025 |
+ if(js_state) |
|
1026 |
+ js_end = ptr; |
|
1026 | 1027 |
/*don't output newlines in nocomment.html |
1027 | 1028 |
* html_output_c(file_buff_o2, '\n');*/ |
1028 | 1029 |
} |
... | ... |
@@ -1584,8 +1585,12 @@ static int cli_html_normalise(int fd, m_area_t *m_area, const char *dirname, tag |
1584 | 1584 |
js_begin = line; |
1585 | 1585 |
if(!js_end) |
1586 | 1586 |
js_end = ptr; |
1587 |
- if(js_end > js_begin) |
|
1587 |
+ if(js_end > js_begin && |
|
1588 |
+ CLI_ISCONTAINED(line, 8192, js_begin, 1) && |
|
1589 |
+ CLI_ISCONTAINED(line, 8192, js_end, 1)) { |
|
1590 |
+ |
|
1588 | 1591 |
cli_js_process_buffer(js_state, js_begin, js_end - js_begin); |
1592 |
+ } |
|
1589 | 1593 |
js_begin = js_end = NULL; |
1590 | 1594 |
if(!in_script) { |
1591 | 1595 |
/* we found a /script, normalize script now */ |
... | ... |
@@ -11,6 +11,8 @@ |
11 | 11 |
#include <check.h> |
12 | 12 |
#include "../libclamav/clamav.h" |
13 | 13 |
#include "../libclamav/others.h" |
14 |
+#include "../libclamav/dconf.h" |
|
15 |
+#include "../libclamav/htmlnorm.h" |
|
14 | 16 |
#include "../libclamav/jsparse/js-norm.h" |
15 | 17 |
#include "../libclamav/jsparse/lexglobal.h" |
16 | 18 |
#include "../libclamav/jsparse/textbuf.h" |
... | ... |
@@ -149,10 +151,41 @@ START_TEST (test_init_parse_destroy) |
149 | 149 |
} |
150 | 150 |
END_TEST |
151 | 151 |
|
152 |
+START_TEST (js_begin_end) |
|
153 |
+{ |
|
154 |
+ char buf[16384] = "</script>"; |
|
155 |
+ size_t p; |
|
156 |
+ struct cli_dconf *dconf = cli_dconf_init(); |
|
157 |
+ |
|
158 |
+ fail_unless(!!dconf, "failed to init dconf"); |
|
159 |
+ for(p=strlen(buf); p < 8191; p++) { |
|
160 |
+ buf[p++] = 'a'; |
|
161 |
+ buf[p] = ' '; |
|
162 |
+ } |
|
163 |
+ strncpy(buf + 8192, " stuff stuff <script language='javascript'> function () {}", 8192); |
|
164 |
+ fail_unless(html_normalise_mem(buf, sizeof(buf), NULL, NULL, dconf) == 1, "normalise"); |
|
165 |
+} |
|
166 |
+END_TEST |
|
167 |
+ |
|
168 |
+START_TEST (multiple_scripts) |
|
169 |
+{ |
|
170 |
+ const char buf[] = "</script> stuff"\ |
|
171 |
+ "<script language='Javascript'> function foo() {} </script>"\ |
|
172 |
+ "<script language='Javascript'> function bar() {} </script>"; |
|
173 |
+ m_area_t m_area; |
|
174 |
+ size_t p; |
|
175 |
+ struct cli_dconf *dconf = cli_dconf_init(); |
|
176 |
+ |
|
177 |
+ fail_unless(!!dconf, "failed to init dconf"); |
|
178 |
+ fail_unless(html_normalise_mem(buf, sizeof(buf), NULL, NULL, dconf) == 1, "normalise"); |
|
179 |
+ /* TODO: test that both had been normalized */ |
|
180 |
+} |
|
181 |
+END_TEST |
|
182 |
+ |
|
152 | 183 |
Suite *test_jsnorm_suite(void) |
153 | 184 |
{ |
154 | 185 |
Suite *s = suite_create("jsnorm"); |
155 |
- TCase *tc_jsnorm_gperf, *tc_jsnorm_token, *tc_jsnorm_api; |
|
186 |
+ TCase *tc_jsnorm_gperf, *tc_jsnorm_token, *tc_jsnorm_api, *tc_jsnorm_tokenizer, *tc_jsnorm_bugs; |
|
156 | 187 |
tc_jsnorm_gperf = tcase_create("jsnorm gperf"); |
157 | 188 |
suite_add_tcase (s, tc_jsnorm_gperf); |
158 | 189 |
tcase_add_loop_test(tc_jsnorm_gperf, test_keywords, 0, sizeof(kw_test)/sizeof(kw_test[0])); |
... | ... |
@@ -171,6 +204,14 @@ Suite *test_jsnorm_suite(void) |
171 | 171 |
tcase_add_test(tc_jsnorm_api, test_init_destroy); |
172 | 172 |
tcase_add_test(tc_jsnorm_api, test_init_parse_destroy); |
173 | 173 |
|
174 |
+ tc_jsnorm_tokenizer = tcase_create("jsnorm tokenizer"); |
|
175 |
+ suite_add_tcase (s, tc_jsnorm_tokenizer); |
|
176 |
+ |
|
177 |
+ tc_jsnorm_bugs = tcase_create("jsnorm bugs"); |
|
178 |
+ suite_add_tcase (s, tc_jsnorm_bugs); |
|
179 |
+ tcase_add_test(tc_jsnorm_bugs, js_begin_end); |
|
180 |
+ tcase_add_test(tc_jsnorm_bugs, multiple_scripts); |
|
181 |
+ |
|
174 | 182 |
return s; |
175 | 183 |
} |
176 | 184 |
|