... | ... |
@@ -118,17 +118,17 @@ char *cli_virname(const char *virname, unsigned int official) |
118 | 118 |
return newname; |
119 | 119 |
} |
120 | 120 |
|
121 |
-static int sigopts_handler(struct cli_matcher *root, const char *virname, const char *hexsig, uint8_t sigopts, uint16_t rtype, uint16_t type, const char *offset, uint8_t target, const uint32_t *lsigid, unsigned int options) |
|
121 |
+int cli_sigopts_handler(struct cli_matcher *root, const char *virname, const char *hexsig, uint8_t sigopts, uint16_t rtype, uint16_t type, const char *offset, uint8_t target, const uint32_t *lsigid, unsigned int options) |
|
122 | 122 |
{ |
123 | 123 |
char *hexcpy, *start, *end; |
124 | 124 |
int i, ret = CL_SUCCESS; |
125 | 125 |
|
126 | 126 |
/* |
127 | 127 |
* cyclic loops with cli_parse_add are impossible now as cli_parse_add |
128 |
- * no longer calls sigopts_handler; leaving here for safety |
|
128 |
+ * no longer calls cli_sigopts_handler; leaving here for safety |
|
129 | 129 |
*/ |
130 | 130 |
if (sigopts & ACPATT_OPTION_ONCE) { |
131 |
- cli_errmsg("sigopts_handler: invalidly called multiple times!\n"); |
|
131 |
+ cli_errmsg("cli_sigopts_handler: invalidly called multiple times!\n"); |
|
132 | 132 |
return CL_EPARSE; |
133 | 133 |
} |
134 | 134 |
|
... | ... |
@@ -1781,7 +1781,7 @@ static int load_oneldb(char *buffer, int chkpua, struct cl_engine *engine, unsig |
1781 | 1781 |
} |
1782 | 1782 |
|
1783 | 1783 |
if(subsig_opts) |
1784 |
- ret = sigopts_handler(root, virname, sig, subsig_opts, 0, 0, offset, target, lsigid, options); |
|
1784 |
+ ret = cli_sigopts_handler(root, virname, sig, subsig_opts, 0, 0, offset, target, lsigid, options); |
|
1785 | 1785 |
else |
1786 | 1786 |
ret = cli_parse_add(root, virname, sig, 0, 0, 0, offset, target, lsigid, options); |
1787 | 1787 |
|
... | ... |
@@ -3801,7 +3801,7 @@ static int load_oneyara(YR_RULE *rule, int chkpua, struct cl_engine *engine, uns |
3801 | 3801 |
(ytable.table[i]->sigopts & ACPATT_OPTION_WIDE) ? "w" : "", |
3802 | 3802 |
(ytable.table[i]->sigopts & ACPATT_OPTION_ASCII) ? "a" : ""); |
3803 | 3803 |
|
3804 |
- if((ret = sigopts_handler(root, rule->identifier, ytable.table[i]->hexstr, ytable.table[i]->sigopts, 0, 0, ytable.table[i]->offset, target, lsigid, options)) != CL_SUCCESS) { |
|
3804 |
+ if((ret = cli_sigopts_handler(root, rule->identifier, ytable.table[i]->hexstr, ytable.table[i]->sigopts, 0, 0, ytable.table[i]->offset, target, lsigid, options)) != CL_SUCCESS) { |
|
3805 | 3805 |
root->ac_lsigs--; |
3806 | 3806 |
FREE_TDB(tdb); |
3807 | 3807 |
ytable_delete(&ytable); |
... | ... |
@@ -69,6 +69,8 @@ |
69 | 69 |
|
70 | 70 |
char *cli_virname(const char *virname, unsigned int official); |
71 | 71 |
|
72 |
+int cli_sigopts_handler(struct cli_matcher *root, const char *virname, const char *hexsig, uint8_t sigopts, uint16_t rtype, uint16_t type, const char *offset, uint8_t target, const uint32_t *lsigid, unsigned int options); |
|
73 |
+ |
|
72 | 74 |
int cli_parse_add(struct cli_matcher *root, const char *virname, const char *hexsig, uint8_t sigopts, uint16_t rtype, uint16_t type, const char *offset, uint8_t target, const uint32_t *lsigid, unsigned int options); |
73 | 75 |
|
74 | 76 |
int cli_load(const char *filename, struct cl_engine *engine, unsigned int *signo, unsigned int options, struct cli_dbio *dbio); |
... | ... |
@@ -56,29 +56,79 @@ static const struct ac_testdata_s { |
56 | 56 |
{ NULL, NULL, NULL } |
57 | 57 |
}; |
58 | 58 |
|
59 |
+static const struct ac_sigopts_testdata_s { |
|
60 |
+ const char *data; |
|
61 |
+ uint32_t dlength; |
|
62 |
+ const char *hexsig; |
|
63 |
+ const char *offset; |
|
64 |
+ const uint16_t sigopts; |
|
65 |
+ const char *virname; |
|
66 |
+ const uint8_t expected_result; |
|
67 |
+} ac_sigopts_testdata[] = { |
|
68 |
+ /* nocase */ |
|
69 |
+ { "aaaaa", 5, "6161616161", "*", ACPATT_OPTION_NOOPTS, "AC_Sigopts_Test_1", CL_VIRUS }, /* control */ |
|
70 |
+ { "bBbBb", 5, "6262626262", "*", ACPATT_OPTION_NOOPTS, "AC_Sigopts_Test_2", CL_CLEAN }, /* nocase control */ |
|
71 |
+ { "cCcCc", 5, "6363636363", "*", ACPATT_OPTION_NOCASE, "AC_Sigopts_Test_3", CL_VIRUS }, /* nocase test */ |
|
72 |
+ |
|
73 |
+ /* fullword */ |
|
74 |
+ { "ddddd&e", 7, "6464646464", "*", ACPATT_OPTION_FULLWORD, "AC_Sigopts_Test_4", CL_VIRUS }, /* fullword start */ |
|
75 |
+ { "s&eeeee&e", 9, "6565656565", "*", ACPATT_OPTION_FULLWORD, "AC_Sigopts_Test_5", CL_VIRUS }, /* fullword middle */ |
|
76 |
+ { "s&fffff", 7, "6666666666", "*", ACPATT_OPTION_FULLWORD, "AC_Sigopts_Test_6", CL_VIRUS }, /* fullword end */ |
|
77 |
+ { "sggggg", 6, "6767676767", "*", ACPATT_OPTION_FULLWORD, "AC_Sigopts_Test_7", CL_CLEAN }, /* fullword fail start */ |
|
78 |
+ { "hhhhhe", 6, "6868686868", "*", ACPATT_OPTION_FULLWORD, "AC_Sigopts_Test_8", CL_CLEAN }, /* fullword fail end */ |
|
79 |
+ |
|
80 |
+ { "iiiii", 5, "(W)6969696969", "*", ACPATT_OPTION_NOOPTS, "AC_Sigopts_Test_9", CL_VIRUS }, /* fullword class start */ |
|
81 |
+ { "jjj&jj", 6, "6a6a6a(W)6a6a", "*", ACPATT_OPTION_NOOPTS, "AC_Sigopts_Test_10", CL_VIRUS }, /* fullword class middle */ |
|
82 |
+ { "kkkkk", 5, "6b6b6b6b6b(W)", "*", ACPATT_OPTION_NOOPTS, "AC_Sigopts_Test_11", CL_VIRUS }, /* fullword class end */ |
|
83 |
+ { "slllll", 6, "(W)6c6c6c6c6c", "*", ACPATT_OPTION_NOOPTS, "AC_Sigopts_Test_12", CL_CLEAN }, /* fullword fail start */ |
|
84 |
+ { "mmmmme", 6, "6d6d6d6d6d(W)", "*", ACPATT_OPTION_NOOPTS, "AC_Sigopts_Test_13", CL_CLEAN }, /* fullword class end */ |
|
85 |
+ |
|
86 |
+ { "nNnNn", 5, "6e6e6e6e6e", "*", ACPATT_OPTION_NOCASE | ACPATT_OPTION_FULLWORD, "AC_Sigopts_Test_14", CL_VIRUS }, /* nocase fullword */ |
|
87 |
+ { "soOoOo", 6, "6f6f6f6f6f", "*", ACPATT_OPTION_NOCASE | ACPATT_OPTION_FULLWORD, "AC_Sigopts_Test_15", CL_CLEAN }, /* nocase fullword start fail */ |
|
88 |
+ { "pPpPpe", 6, "7070707070", "*", ACPATT_OPTION_NOCASE | ACPATT_OPTION_FULLWORD, "AC_Sigopts_Test_16", CL_CLEAN }, /* nocase fullword end fail */ |
|
89 |
+ |
|
90 |
+ /* wide */ |
|
91 |
+ { "q\0q\0q\0q\0q\0", 10, "7171717171", "*", ACPATT_OPTION_WIDE, "AC_Sigopts_Test_17", CL_VIRUS }, /* control */ |
|
92 |
+ { "r\0R\0r\0R\0r\0", 10, "7272727272", "*", ACPATT_OPTION_WIDE | ACPATT_OPTION_NOCASE, "AC_Sigopts_Test_18", CL_VIRUS }, /* control */ |
|
93 |
+ { "s\0s\0s\0s\0s\0", 10, "7373737373", "*", ACPATT_OPTION_WIDE | ACPATT_OPTION_FULLWORD, "AC_Sigopts_Test_19", CL_VIRUS }, /* control */ |
|
94 |
+ |
|
95 |
+ { "t\0t\0t\0t\0t\0", 10, "7474747474", "*", ACPATT_OPTION_WIDE | ACPATT_OPTION_ASCII, "AC_Sigopts_Test_20", CL_VIRUS }, /* control */ |
|
96 |
+ |
|
97 |
+ { "u\0u\0u\0u\0u\0", 10, "7575757575", "*", ACPATT_OPTION_WIDE | ACPATT_OPTION_NOCASE | ACPATT_OPTION_FULLWORD, "AC_Sigopts_Test_21", CL_VIRUS }, /* control */ |
|
98 |
+ { "v\0v\0v\0v\0v\0", 10, "7676767676", "*", ACPATT_OPTION_WIDE | ACPATT_OPTION_NOCASE | ACPATT_OPTION_ASCII, "AC_Sigopts_Test_22", CL_VIRUS }, /* control */ |
|
99 |
+ |
|
100 |
+ { "w\0w\0w\0w\0w\0", 10, "7777777777", "*", ACPATT_OPTION_WIDE | ACPATT_OPTION_FULLWORD | ACPATT_OPTION_ASCII, "AC_Sigopts_Test_23", CL_VIRUS }, /* control */ |
|
101 |
+ { "x\0x\0x\0x\0x\0", 10, "7878787878", "*", ACPATT_OPTION_WIDE | ACPATT_OPTION_NOCASE | ACPATT_OPTION_FULLWORD | ACPATT_OPTION_ASCII, "AC_Sigopts_Test_24", CL_VIRUS }, /* control */ |
|
102 |
+ |
|
103 |
+ { NULL, 0, NULL, NULL, ACPATT_OPTION_NOOPTS, NULL, CL_CLEAN } |
|
104 |
+}; |
|
105 |
+ |
|
59 | 106 |
#if HAVE_PCRE |
60 | 107 |
|
61 | 108 |
static const struct pcre_testdata_s { |
62 | 109 |
const char *data; |
63 | 110 |
const char *hexsig; |
64 | 111 |
const char *offset; |
112 |
+ const uint16_t sigopts; |
|
65 | 113 |
const char *virname; |
66 | 114 |
const uint8_t expected_result; |
67 | 115 |
} pcre_testdata[] = { |
68 |
- { "clamav", "/clamav/", "*", "Test_1: simple string", CL_VIRUS }, |
|
69 |
- { "cla:mav", "/cla:mav/", "*", "Test_2: embedded colon", CL_VIRUS }, |
|
116 |
+ { "clamav", "/clamav/", "*", ACPATT_OPTION_NOOPTS, "Test_1: simple string", CL_VIRUS }, |
|
117 |
+ { "cla:mav", "/cla:mav/", "*", ACPATT_OPTION_NOOPTS, "Test_2: embedded colon", CL_VIRUS }, |
|
70 | 118 |
|
71 |
- { "notbasic", "/basic/r", "0", "Test_3: rolling option", CL_VIRUS }, |
|
72 |
- { "nottrue", "/true/", "0", "Test4: rolling(off) option", CL_SUCCESS }, |
|
119 |
+ { "notbasic", "/basic/r", "0", ACPATT_OPTION_NOOPTS, "Test_3: rolling option", CL_VIRUS }, |
|
120 |
+ { "nottrue", "/true/", "0", ACPATT_OPTION_NOOPTS, "Test4: rolling(off) option", CL_SUCCESS }, |
|
73 | 121 |
|
74 |
- { "not12345678truly", "/12345678/e", "3,8", "Test_5: encompass option", CL_VIRUS }, |
|
75 |
- { "not23456789truly", "/23456789/e", "4,8", "Test6: encompass option (low end)", CL_SUCCESS }, |
|
76 |
- { "not34567890truly", "/34567890/e", "3,7", "Test7: encompass option (high end)", CL_SUCCESS }, |
|
122 |
+ { "not12345678truly", "/12345678/e", "3,8", ACPATT_OPTION_NOOPTS, "Test_5: encompass option", CL_VIRUS }, |
|
123 |
+ { "not23456789truly", "/23456789/e", "4,8", ACPATT_OPTION_NOOPTS, "Test6: encompass option (low end)", CL_SUCCESS }, |
|
124 |
+ { "not34567890truly", "/34567890/e", "3,7", ACPATT_OPTION_NOOPTS, "Test7: encompass option (high end)", CL_SUCCESS }, |
|
77 | 125 |
|
78 |
- { "notapietruly", "/apie/re", "0,10", "Test8: rolling encompass", CL_VIRUS }, |
|
79 |
- //{ "notafigtruly", "/afig/e", "0,10", "Test9: rolling(off) encompass", CL_SUCCESS }, |
|
126 |
+ { "notapietruly", "/apie/re", "2,2", ACPATT_OPTION_NOOPTS, "Test8: rolling encompass", CL_SUCCESS }, |
|
127 |
+ { "notafigtruly", "/afig/e", "2,2", ACPATT_OPTION_NOOPTS, "Test9: rolling(off) encompass", CL_SUCCESS }, |
|
128 |
+ { "notatretruly", "/atre/re", "2,6", ACPATT_OPTION_NOOPTS, "Test10: rolling encompass", CL_VIRUS }, |
|
129 |
+ { "notasadtruly", "/asad/e", "2,6", ACPATT_OPTION_NOOPTS, "Test11: rolling(off) encompass", CL_VIRUS }, |
|
80 | 130 |
|
81 |
- { NULL, NULL, NULL, NULL, CL_CLEAN } |
|
131 |
+ { NULL, NULL, NULL, ACPATT_OPTION_NOOPTS, NULL, CL_CLEAN } |
|
82 | 132 |
}; |
83 | 133 |
|
84 | 134 |
#endif /* HAVE_PCRE */ |
... | ... |
@@ -151,34 +201,6 @@ START_TEST (test_ac_scanbuff) { |
151 | 151 |
} |
152 | 152 |
END_TEST |
153 | 153 |
|
154 |
-START_TEST (test_bm_scanbuff) { |
|
155 |
- struct cli_matcher *root; |
|
156 |
- const char *virname = NULL; |
|
157 |
- int ret; |
|
158 |
- |
|
159 |
- |
|
160 |
- root = ctx.engine->root[0]; |
|
161 |
- fail_unless(root != NULL, "root == NULL"); |
|
162 |
- |
|
163 |
-#ifdef USE_MPOOL |
|
164 |
- root->mempool = mpool_create(); |
|
165 |
-#endif |
|
166 |
- ret = cli_bm_init(root); |
|
167 |
- fail_unless(ret == CL_SUCCESS, "cli_bm_init() failed"); |
|
168 |
- |
|
169 |
- ret = cli_parse_add(root, "Sig1", "deadbabe", 0, 0, 0, "*", 0, NULL, 0); |
|
170 |
- fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); |
|
171 |
- ret = cli_parse_add(root, "Sig2", "deadbeef", 0, 0, 0, "*", 0, NULL, 0); |
|
172 |
- fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); |
|
173 |
- ret = cli_parse_add(root, "Sig3", "babedead", 0, 0, 0, "*", 0, NULL, 0); |
|
174 |
- fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); |
|
175 |
- |
|
176 |
- ret = cli_bm_scanbuff((const unsigned char*)"blah\xde\xad\xbe\xef", 12, &virname, NULL, root, 0, NULL, NULL, NULL); |
|
177 |
- fail_unless(ret == CL_VIRUS, "cli_bm_scanbuff() failed"); |
|
178 |
- fail_unless(!strncmp(virname, "Sig2", 4), "Incorrect signature matched in cli_bm_scanbuff()\n"); |
|
179 |
-} |
|
180 |
-END_TEST |
|
181 |
- |
|
182 | 154 |
START_TEST (test_ac_scanbuff_allscan) { |
183 | 155 |
struct cli_ac_data mdata; |
184 | 156 |
struct cli_matcher *root; |
... | ... |
@@ -227,6 +249,122 @@ START_TEST (test_ac_scanbuff_allscan) { |
227 | 227 |
} |
228 | 228 |
END_TEST |
229 | 229 |
|
230 |
+START_TEST (test_ac_scanbuff_ex) { |
|
231 |
+ struct cli_ac_data mdata; |
|
232 |
+ struct cli_matcher *root; |
|
233 |
+ unsigned int i; |
|
234 |
+ int ret; |
|
235 |
+ |
|
236 |
+ root = ctx.engine->root[0]; |
|
237 |
+ fail_unless(root != NULL, "root == NULL"); |
|
238 |
+ root->ac_only = 1; |
|
239 |
+ |
|
240 |
+#ifdef USE_MPOOL |
|
241 |
+ root->mempool = mpool_create(); |
|
242 |
+#endif |
|
243 |
+ ret = cli_ac_init(root, CLI_DEFAULT_AC_MINDEPTH, CLI_DEFAULT_AC_MAXDEPTH, 1); |
|
244 |
+ fail_unless(ret == CL_SUCCESS, "[ac_ex] cli_ac_init() failed"); |
|
245 |
+ |
|
246 |
+ for(i = 0; ac_sigopts_testdata[i].data; i++) { |
|
247 |
+ ret = cli_sigopts_handler(root, ac_sigopts_testdata[i].virname, ac_sigopts_testdata[i].hexsig, ac_sigopts_testdata[i].sigopts, 0, 0, ac_sigopts_testdata[i].offset, 0, NULL, 0); |
|
248 |
+ fail_unless(ret == CL_SUCCESS, "[ac_ex] cli_sigopts_handler() failed"); |
|
249 |
+ } |
|
250 |
+ |
|
251 |
+ ret = cli_ac_buildtrie(root); |
|
252 |
+ fail_unless(ret == CL_SUCCESS, "[ac_ex] cli_ac_buildtrie() failed"); |
|
253 |
+ |
|
254 |
+ ret = cli_ac_initdata(&mdata, root->ac_partsigs, 0, 0, CLI_DEFAULT_AC_TRACKLEN); |
|
255 |
+ fail_unless(ret == CL_SUCCESS, "[ac_ex] cli_ac_initdata() failed"); |
|
256 |
+ |
|
257 |
+ for(i = 0; ac_sigopts_testdata[i].data; i++) { |
|
258 |
+ ret = cli_ac_scanbuff((const unsigned char*)ac_sigopts_testdata[i].data, ac_sigopts_testdata[i].dlength, &virname, NULL, NULL, root, &mdata, 0, 0, NULL, AC_SCAN_VIR, NULL); |
|
259 |
+ fail_unless_fmt(ret == ac_sigopts_testdata[i].expected_result, "[ac_ex] cli_ac_scanbuff() failed for %s (%d != %d)", ac_sigopts_testdata[i].virname, ret, ac_sigopts_testdata[i].expected_result); |
|
260 |
+ if (ac_sigopts_testdata[i].expected_result == CL_VIRUS) |
|
261 |
+ fail_unless_fmt(!strncmp(virname, ac_sigopts_testdata[i].virname, strlen(ac_sigopts_testdata[i].virname)), "[ac_ex] Dataset %u matched with %s", i, virname); |
|
262 |
+ |
|
263 |
+ ret = cli_scanbuff((const unsigned char*)ac_sigopts_testdata[i].data, ac_sigopts_testdata[i].dlength, 0, &ctx, 0, NULL); |
|
264 |
+ fail_unless_fmt(ret == ac_sigopts_testdata[i].expected_result, "[ac_ex] cli_ac_scanbuff() failed for %s (%d != %d)", ac_sigopts_testdata[i].virname, ret, ac_sigopts_testdata[i].expected_result); |
|
265 |
+ } |
|
266 |
+ |
|
267 |
+ cli_ac_freedata(&mdata); |
|
268 |
+} |
|
269 |
+END_TEST |
|
270 |
+ |
|
271 |
+START_TEST (test_ac_scanbuff_allscan_ex) { |
|
272 |
+ struct cli_ac_data mdata; |
|
273 |
+ struct cli_matcher *root; |
|
274 |
+ unsigned int i; |
|
275 |
+ int ret; |
|
276 |
+ |
|
277 |
+ root = ctx.engine->root[0]; |
|
278 |
+ fail_unless(root != NULL, "root == NULL"); |
|
279 |
+ root->ac_only = 1; |
|
280 |
+ |
|
281 |
+#ifdef USE_MPOOL |
|
282 |
+ root->mempool = mpool_create(); |
|
283 |
+#endif |
|
284 |
+ ret = cli_ac_init(root, CLI_DEFAULT_AC_MINDEPTH, CLI_DEFAULT_AC_MAXDEPTH, 1); |
|
285 |
+ fail_unless(ret == CL_SUCCESS, "[ac_ex] cli_ac_init() failed"); |
|
286 |
+ |
|
287 |
+ for(i = 0; ac_sigopts_testdata[i].data; i++) { |
|
288 |
+ ret = cli_sigopts_handler(root, ac_sigopts_testdata[i].virname, ac_sigopts_testdata[i].hexsig, ac_sigopts_testdata[i].sigopts, 0, 0, ac_sigopts_testdata[i].offset, 0, NULL, 0); |
|
289 |
+ fail_unless(ret == CL_SUCCESS, "[ac_ex] cli_sigopts_handler() failed"); |
|
290 |
+ } |
|
291 |
+ |
|
292 |
+ ret = cli_ac_buildtrie(root); |
|
293 |
+ fail_unless(ret == CL_SUCCESS, "[ac_ex] cli_ac_buildtrie() failed"); |
|
294 |
+ |
|
295 |
+ ret = cli_ac_initdata(&mdata, root->ac_partsigs, 0, 0, CLI_DEFAULT_AC_TRACKLEN); |
|
296 |
+ fail_unless(ret == CL_SUCCESS, "[ac_ex] cli_ac_initdata() failed"); |
|
297 |
+ |
|
298 |
+ ctx.options |= CL_SCAN_ALLMATCHES; |
|
299 |
+ for(i = 0; ac_sigopts_testdata[i].data; i++) { |
|
300 |
+ ret = cli_ac_scanbuff((const unsigned char*)ac_sigopts_testdata[i].data, ac_sigopts_testdata[i].dlength, &virname, NULL, NULL, root, &mdata, 0, 0, NULL, AC_SCAN_VIR, NULL); |
|
301 |
+ fail_unless_fmt(ret == ac_sigopts_testdata[i].expected_result, "[ac_ex] cli_ac_scanbuff() failed for %s (%d != %d)", ac_sigopts_testdata[i].virname, ret, ac_sigopts_testdata[i].expected_result); |
|
302 |
+ if (ac_sigopts_testdata[i].expected_result == CL_VIRUS) |
|
303 |
+ fail_unless_fmt(!strncmp(virname, ac_sigopts_testdata[i].virname, strlen(ac_sigopts_testdata[i].virname)), "[ac_ex] Dataset %u matched with %s", i, virname); |
|
304 |
+ |
|
305 |
+ ret = cli_scanbuff((const unsigned char*)ac_sigopts_testdata[i].data, ac_sigopts_testdata[i].dlength, 0, &ctx, 0, NULL); |
|
306 |
+ fail_unless_fmt(ret == ac_sigopts_testdata[i].expected_result, "[ac_ex] cli_ac_scanbuff() failed for %s (%d != %d)", ac_sigopts_testdata[i].virname, ret, ac_sigopts_testdata[i].expected_result); |
|
307 |
+ if (ctx.num_viruses) { |
|
308 |
+ free((void *)ctx.virname); |
|
309 |
+ ctx.num_viruses = 0; |
|
310 |
+ ctx.size_viruses = 0; |
|
311 |
+ } |
|
312 |
+ } |
|
313 |
+ |
|
314 |
+ cli_ac_freedata(&mdata); |
|
315 |
+} |
|
316 |
+END_TEST |
|
317 |
+ |
|
318 |
+START_TEST (test_bm_scanbuff) { |
|
319 |
+ struct cli_matcher *root; |
|
320 |
+ const char *virname = NULL; |
|
321 |
+ int ret; |
|
322 |
+ |
|
323 |
+ |
|
324 |
+ root = ctx.engine->root[0]; |
|
325 |
+ fail_unless(root != NULL, "root == NULL"); |
|
326 |
+ |
|
327 |
+#ifdef USE_MPOOL |
|
328 |
+ root->mempool = mpool_create(); |
|
329 |
+#endif |
|
330 |
+ ret = cli_bm_init(root); |
|
331 |
+ fail_unless(ret == CL_SUCCESS, "cli_bm_init() failed"); |
|
332 |
+ |
|
333 |
+ ret = cli_parse_add(root, "Sig1", "deadbabe", 0, 0, 0, "*", 0, NULL, 0); |
|
334 |
+ fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); |
|
335 |
+ ret = cli_parse_add(root, "Sig2", "deadbeef", 0, 0, 0, "*", 0, NULL, 0); |
|
336 |
+ fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); |
|
337 |
+ ret = cli_parse_add(root, "Sig3", "babedead", 0, 0, 0, "*", 0, NULL, 0); |
|
338 |
+ fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); |
|
339 |
+ |
|
340 |
+ ret = cli_bm_scanbuff((const unsigned char*)"blah\xde\xad\xbe\xef", 12, &virname, NULL, root, 0, NULL, NULL, NULL); |
|
341 |
+ fail_unless(ret == CL_VIRUS, "cli_bm_scanbuff() failed"); |
|
342 |
+ fail_unless(!strncmp(virname, "Sig2", 4), "Incorrect signature matched in cli_bm_scanbuff()\n"); |
|
343 |
+} |
|
344 |
+END_TEST |
|
345 |
+ |
|
230 | 346 |
START_TEST (test_bm_scanbuff_allscan) { |
231 | 347 |
struct cli_matcher *root; |
232 | 348 |
const char *virname = NULL; |
... | ... |
@@ -282,7 +420,7 @@ START_TEST (test_pcre_scanbuff) { |
282 | 282 |
strncat(hexsig, PCRE_BYPASS, hexlen); |
283 | 283 |
strncat(hexsig, pcre_testdata[i].hexsig, hexlen); |
284 | 284 |
|
285 |
- ret = cli_parse_add(root, pcre_testdata[i].virname, hexsig, 0, 0, 0, pcre_testdata[i].offset, 0, NULL, 0); |
|
285 |
+ ret = cli_parse_add(root, pcre_testdata[i].virname, hexsig, pcre_testdata[i].sigopts, 0, 0, pcre_testdata[i].offset, 0, NULL, 0); |
|
286 | 286 |
fail_unless(ret == CL_SUCCESS, "[pcre] cli_parse_add() failed"); |
287 | 287 |
free(hexsig); |
288 | 288 |
} |
... | ... |
@@ -378,11 +516,13 @@ Suite *test_matchers_suite(void) |
378 | 378 |
suite_add_tcase(s, tc_matchers); |
379 | 379 |
tcase_add_checked_fixture (tc_matchers, setup, teardown); |
380 | 380 |
tcase_add_test(tc_matchers, test_ac_scanbuff); |
381 |
+ tcase_add_test(tc_matchers, test_ac_scanbuff_ex); |
|
381 | 382 |
tcase_add_test(tc_matchers, test_bm_scanbuff); |
382 | 383 |
#if HAVE_PCRE |
383 | 384 |
tcase_add_test(tc_matchers, test_pcre_scanbuff); |
384 | 385 |
#endif |
385 | 386 |
tcase_add_test(tc_matchers, test_ac_scanbuff_allscan); |
387 |
+ tcase_add_test(tc_matchers, test_ac_scanbuff_allscan_ex); |
|
386 | 388 |
tcase_add_test(tc_matchers, test_bm_scanbuff_allscan); |
387 | 389 |
#if HAVE_PCRE |
388 | 390 |
tcase_add_test(tc_matchers, test_pcre_scanbuff_allscan); |