git-svn: trunk@4183
Török Edvin authored on 2008/09/17 03:13:07... | ... |
@@ -395,7 +395,7 @@ static int get_host(const struct phishcheck* s,const char* URL,int isReal,int* p |
395 | 395 |
return rc; |
396 | 396 |
if(rc) |
397 | 397 |
*phishy |= PHISHY_USERNAME_IN_URL;/* if the url contains a username that is there just to fool people, |
398 |
- like http://www.ebay.com@somevilplace.someevildomain.com/ */ |
|
398 |
+ like http://banksite@example.com/ */ |
|
399 | 399 |
start = realhost+1;/*skip the username*/ |
400 | 400 |
} while(realhost);/*skip over multiple @ characters, text following last @ character is the real host*/ |
401 | 401 |
} |
... | ... |
@@ -592,7 +592,7 @@ static void clear_msb(char* begin) |
592 | 592 |
|
593 | 593 |
/* |
594 | 594 |
* Particularly yahoo puts links like this in mails: |
595 |
- * http:/ /mail.yahoo.com |
|
595 |
+ * http:/ /www.example.com |
|
596 | 596 |
* So first step: delete space between / / |
597 | 597 |
* |
598 | 598 |
* Next there could be possible links like this: |
... | ... |
@@ -817,13 +817,13 @@ int phishingScan(message* m,const char* dir,cli_ctx* ctx,tag_arguments_t* hrefs) |
817 | 817 |
*ctx->virname="Phishing.Heuristics.Email.Cloaked.NumericIP"; |
818 | 818 |
break; |
819 | 819 |
case CL_PHISH_CLOAKED_NULL: |
820 |
- *ctx->virname="Phishing.Heuristics.Email.Cloaked.Null";/*http://www.real.com%01%00@www.evil.com*/ |
|
820 |
+ *ctx->virname="Phishing.Heuristics.Email.Cloaked.Null";/*fakesite%01%00@fake.example.com*/ |
|
821 | 821 |
break; |
822 | 822 |
case CL_PHISH_SSL_SPOOF: |
823 | 823 |
*ctx->virname="Phishing.Heuristics.Email.SSL-Spoof"; |
824 | 824 |
break; |
825 | 825 |
case CL_PHISH_CLOAKED_UIU: |
826 |
- *ctx->virname="Phishing.Heuristics.Email.Cloaked.Username";/*http://www.ebay.com@www.evil.com*/ |
|
826 |
+ *ctx->virname="Phishing.Heuristics.Email.Cloaked.Username";/*http://banksite@fake.example.com*/ |
|
827 | 827 |
break; |
828 | 828 |
case CL_PHISH_HASH0: |
829 | 829 |
case CL_PHISH_HASH1: |
... | ... |
@@ -865,7 +865,7 @@ int phishing_init(struct cl_engine* engine) |
865 | 865 |
pchk = engine->phishcheck = cli_malloc(sizeof(struct phishcheck)); |
866 | 866 |
if(!pchk) |
867 | 867 |
return CL_EMEM; |
868 |
- pchk->is_disabled = 1; |
|
868 |
+ pchk->is_disabled=1; |
|
869 | 869 |
} |
870 | 870 |
else { |
871 | 871 |
pchk = engine->phishcheck; |
... | ... |
@@ -29,7 +29,7 @@ $(top_builddir)/test/clam.exe: |
29 | 29 |
(cd $(top_builddir)/test && $(MAKE)) |
30 | 30 |
|
31 | 31 |
CLEANFILES=lcov.out *.gcno *.gcda *.log $(FILES) test-stderr.log clamscan.log valgrind-*.log duma.log duma2.log |
32 |
-EXTRA_DIST=.split input test-clamd.conf test-freshclam.conf valgrind.supp virusaction-test.sh $(scripts)/preload_run.sh |
|
32 |
+EXTRA_DIST=.split input test-clamd.conf test-freshclam.conf valgrind.supp virusaction-test.sh $(scripts) preload_run.sh |
|
33 | 33 |
if ENABLE_COVERAGE |
34 | 34 |
LCOV_OUTPUT = lcov.out |
35 | 35 |
LCOV_HTML = lcov_html |
... | ... |
@@ -238,7 +238,7 @@ check_SCRIPTS = $(scripts) |
238 | 238 |
@HAVE_LIBCHECK_TRUE@check_clamav_CPPFLAGS = @CHECK_CPPFLAGS@ -DSRCDIR=\"$(abs_srcdir)\" |
239 | 239 |
@HAVE_LIBCHECK_TRUE@check_clamav_LDADD = $(top_builddir)/libclamav/libclamav.la @THREAD_LIBS@ @CHECK_LIBS@ |
240 | 240 |
CLEANFILES = lcov.out *.gcno *.gcda *.log $(FILES) test-stderr.log clamscan.log valgrind-*.log duma.log duma2.log |
241 |
-EXTRA_DIST = .split input test-clamd.conf test-freshclam.conf valgrind.supp virusaction-test.sh $(scripts)/preload_run.sh |
|
241 |
+EXTRA_DIST = .split input test-clamd.conf test-freshclam.conf valgrind.supp virusaction-test.sh $(scripts) preload_run.sh |
|
242 | 242 |
@ENABLE_COVERAGE_TRUE@LCOV_OUTPUT = lcov.out |
243 | 243 |
@ENABLE_COVERAGE_TRUE@LCOV_HTML = lcov_html |
244 | 244 |
@ENABLE_COVERAGE_TRUE@LCOV_LCOV = @LCOV@ |
... | ... |
@@ -329,14 +329,14 @@ static const char jstest_expected3[] = |
329 | 329 |
#define B64 "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb" |
330 | 330 |
|
331 | 331 |
/* TODO: document.write should be normalized too */ |
332 |
-static const char jstest_buf4[] = |
|
333 |
-"document.write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74%69%6F%6E%20%64%46%28%73%29%7B%76%61%72%20%73%31%3D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74%72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%29%29%3B%20%76%61%72%20%74%3D%27%27%3B%66%6F%72%28%69%3D%30%3B%69%3C%73%31%2E%6C%65%6E%67%74%68%3B%69%2B%2B%29%74%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%73%31%2E%63%68%61%72%43%6F%64%65%41%74%28%69%29%2D%73%2E%73%75%62%73%74%72%28%73%2E%6C%65%6E%67%74%68%2D%31%2C%31%29%29%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%74%29%29%3B%7D%3C%2F%73%63%72%69%70%74%3E'));eval(dF('gI%285%3B%285%3Afqjwy%28585%3A7%28586D%28585%3A7%3C%7C55y%28585%3A7%3C%28585%3A7%28586E%28585%3A8G5%285%3A%285%3C%286E3'));"; |
|
332 |
+static char jstest_buf4[] = |
|
333 |
+"qbphzrag.jevgr(harfpncr('%3P%73%63%72%69%70%74%20%6P%61%6R%67%75%61%67%65%3Q%22%6N%61%76%61%73%63%72%69%70%74%22%3R%66%75%6R%63%74%69%6S%6R%20%64%46%28%73%29%7O%76%61%72%20%73%31%3Q%75%6R%65%73%63%61%70%65%28%73%2R%73%75%62%73%74%72%28%30%2P%73%2R%6P%65%6R%67%74%68%2Q%31%29%29%3O%20%76%61%72%20%74%3Q%27%27%3O%66%6S%72%28%69%3Q%30%3O%69%3P%73%31%2R%6P%65%6R%67%74%68%3O%69%2O%2O%29%74%2O%3Q%53%74%72%69%6R%67%2R%66%72%6S%6Q%43%68%61%72%43%6S%64%65%28%73%31%2R%63%68%61%72%43%6S%64%65%41%74%28%69%29%2Q%73%2R%73%75%62%73%74%72%28%73%2R%6P%65%6R%67%74%68%2Q%31%2P%31%29%29%3O%64%6S%63%75%6Q%65%6R%74%2R%77%72%69%74%65%28%75%6R%65%73%63%61%70%65%28%74%29%29%3O%7Q%3P%2S%73%63%72%69%70%74%3R'));riny(qS('tV%285%3O%285%3Nsdwjl%28585%3N7%28586Q%28585%3N7%3P%7P55l%28585%3N7%3P%28585%3N7%28586R%28585%3N8T5%285%3N%285%3P%286R3'));"; |
|
334 | 334 |
|
335 |
-static const char jstest_expected4[] = |
|
336 |
-"document.write(\"<script language=\"javascript\">function df(s){var s1=unescape(s.substr(0,s.length-1)); var t='';for(i=0;i<s1.length;i++)t+=string.fromcharcode(s1.charcodeat(i)-s.substr(s.length-1,1));document.write(unescape(t));}</script>\");eval();alert(\"w00t\");"; |
|
335 |
+static char jstest_expected4[] = |
|
336 |
+"qbphzrag.jevgr(\"<fpevcg ynathntr=\"wninfpevcg\">shapgvba qs(f){ine f1=harfpncr(f.fhofge(0,f.yratgu-1)); ine g='';sbe(v=0;v<f1.yratgu;v++)g+=fgevat.sebzpunepbqr(f1.punepbqrng(v)-f.fhofge(f.yratgu-1,1));qbphzrag.jevgr(harfpncr(g));}</fpevcg>\");riny();nyreg(\"j00g\");"; |
|
337 | 337 |
|
338 |
-static const char jstest_buf5[] = |
|
339 |
-"function (p,a,c,k,e,r){}('0(\\'1\\');',2,2,'alert|w00t'.split('|'),0,{});"; |
|
338 |
+static char jstest_buf5[] = |
|
339 |
+"shapgvba (c,n,p,x,r,e){}('0(\\'1\\');',2,2,'nyreg|j00g'.fcyvg('|'),0,{});"; |
|
340 | 340 |
|
341 | 341 |
static const char jstest_expected5[] = |
342 | 342 |
"function(n000,n001,n002,n003,n004,n005){}(alert(\"w00t\"););"; |
... | ... |
@@ -359,8 +359,8 @@ static const char jstest_buf8[] = |
359 | 359 |
static const char jstest_expected8[] = |
360 | 360 |
"var n000=\"tst" B64 "tst\";"; |
361 | 361 |
|
362 |
-static const char jstest_buf9[] = |
|
363 |
-"eval(unescape('%61%6c%65%72%74%28%27%74%65%73%74%27%29%3b'));"; |
|
362 |
+static char jstest_buf9[] = |
|
363 |
+"riny(harfpncr('%61%6p%65%72%74%28%27%74%65%73%74%27%29%3o'));"; |
|
364 | 364 |
|
365 | 365 |
static const char jstest_expected9[] = |
366 | 366 |
"alert(\"test\");"; |
... | ... |
@@ -461,12 +461,32 @@ START_TEST (screnc_infloop) |
461 | 461 |
} |
462 | 462 |
END_TEST |
463 | 463 |
|
464 |
+static void prepare_s(char *s) |
|
465 |
+{ |
|
466 |
+ char xlat[] = "NOPQRSTUVWXYZABCDEFGHIJKLM[\\]^_`nopqrstuvwxyzabcdefghijklm"; |
|
467 |
+ while(*s) { |
|
468 |
+ if(isalpha(*s)) { |
|
469 |
+ *s = xlat[*s - 'A']; |
|
470 |
+ } |
|
471 |
+ s++; |
|
472 |
+ } |
|
473 |
+} |
|
474 |
+ |
|
475 |
+static void prepare(void) |
|
476 |
+{ |
|
477 |
+ prepare_s(jstest_buf4); |
|
478 |
+ prepare_s(jstest_expected4); |
|
479 |
+ prepare_s(jstest_buf5); |
|
480 |
+ prepare_s(jstest_buf9); |
|
481 |
+} |
|
482 |
+ |
|
464 | 483 |
Suite *test_jsnorm_suite(void) |
465 | 484 |
{ |
466 | 485 |
Suite *s = suite_create("jsnorm"); |
467 | 486 |
TCase *tc_jsnorm_gperf, *tc_jsnorm_token, *tc_jsnorm_api, |
468 | 487 |
*tc_jsnorm_tokenizer, *tc_jsnorm_bugs, *tc_screnc_infloop; |
469 | 488 |
|
489 |
+ prepare(); |
|
470 | 490 |
tc_jsnorm_gperf = tcase_create("jsnorm gperf"); |
471 | 491 |
suite_add_tcase (s, tc_jsnorm_gperf); |
472 | 492 |
#ifdef CHECK_HAVE_LOOPS |