END_TEST START_TEST (test_bm_scanbuff_allscan) { struct cli_matcher *root; const char *virname = NULL; int ret; root = ctx.engine->root[0]; fail_unless(root != NULL, "root == NULL"); #ifdef USE_MPOOL root->mempool = mpool_create(); #endif ret = cli_bm_init(root); fail_unless(ret == CL_SUCCESS, "cli_bm_init() failed"); ret = cli_parse_add(root, "Sig1", "deadbabe", 0, 0, 0, "*", 0, NULL, 0); fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); ret = cli_parse_add(root, "Sig2", "deadbeef", 0, 0, 0, "*", 0, NULL, 0); fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); ret = cli_parse_add(root, "Sig3", "babedead", 0, 0, 0, "*", 0, NULL, 0); fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); ret = cli_bm_scanbuff((const unsigned char*)"blah\xde\xad\xbe\xef", 12, &virname, NULL, root, 0, NULL, NULL, NULL); fail_unless(ret == CL_VIRUS, "cli_bm_scanbuff() failed"); fail_unless(!strncmp(virname, "Sig2", 4), "Incorrect signature matched in cli_bm_scanbuff()\n"); }
END_TEST START_TEST (test_bm_scanbuff) { struct cli_matcher *root; const char *virname = NULL; int ret; root = (struct cli_matcher *) cli_calloc(1, sizeof(struct cli_matcher)); fail_unless(root != NULL, "root == NULL"); #ifdef USE_MPOOL root->mempool = mpool_create(); #endif ret = cli_bm_init(root); fail_unless(ret == CL_SUCCESS, "cli_bm_init() failed"); ret = cli_parse_add(root, "Sig1", "deadbabe", 0, 0, NULL, 0, NULL, 0); fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); ret = cli_parse_add(root, "Sig2", "deadbeef", 0, 0, NULL, 0, NULL, 0); fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); ret = cli_parse_add(root, "Sig3", "babedead", 0, 0, NULL, 0, NULL, 0); fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); ret = cli_bm_scanbuff("blah\xde\xad\xbe\xef", 12, &virname, root, 0, 0, -1); fail_unless(ret == CL_VIRUS, "cli_bm_scanbuff() failed"); fail_unless(!strncmp(virname, "Sig2", 4), "Incorrect signature matched in cli_bm_scanbuff()\n"); cli_bm_free(root); #ifdef USE_MPOOL mpool_destroy(root->mempool); #endif free(root); }
int cli_addtypesigs(struct cl_engine *engine) { int i, ret; struct cli_matcher *root; if(!engine->root[0]) { cli_dbgmsg("cli_addtypesigs: Need to allocate AC trie in engine->root[0]\n"); root = engine->root[0] = (struct cli_matcher *) cli_calloc(1, sizeof(struct cli_matcher)); if(!root) { cli_errmsg("cli_addtypesigs: Can't initialise AC pattern matcher\n"); return CL_EMEM; } if((ret = cli_ac_init(root, cli_ac_mindepth, cli_ac_maxdepth))) { /* No need to free previously allocated memory here - all engine * elements will be properly freed by cl_free() */ cli_errmsg("cli_addtypesigs: Can't initialise AC pattern matcher\n"); return ret; } } else { root = engine->root[0]; } for(i = 0; cli_smagic[i].sig; i++) { if((ret = cli_parse_add(root, cli_smagic[i].descr, cli_smagic[i].sig, cli_smagic[i].type, NULL, 0))) { cli_errmsg("cli_addtypesigs: Problem adding signature for %s\n", cli_smagic[i].descr); return ret; } } return 0; }
END_TEST START_TEST (test_pcre_scanbuff_allscan) { struct cli_ac_data mdata; struct cli_matcher *root; char *hexsig; unsigned int i, hexlen; int ret; root = ctx.engine->root[0]; fail_unless(root != NULL, "root == NULL"); #ifdef USE_MPOOL root->mempool = mpool_create(); #endif ret = cli_pcre_init(); fail_unless(ret == CL_SUCCESS, "[pcre] cli_pcre_init() failed"); for(i = 0; pcre_testdata[i].data; i++) { hexlen = strlen(PCRE_BYPASS) + strlen(pcre_testdata[i].hexsig) + 1; hexsig = cli_calloc(hexlen, sizeof(char)); fail_unless(hexsig != NULL, "[pcre] failed to prepend bypass (out-of-memory)"); strncat(hexsig, PCRE_BYPASS, hexlen); strncat(hexsig, pcre_testdata[i].hexsig, hexlen); ret = cli_parse_add(root, pcre_testdata[i].virname, hexsig, 0, 0, 0, pcre_testdata[i].offset, 0, NULL, 0); fail_unless(ret == CL_SUCCESS, "[pcre] cli_parse_add() failed"); free(hexsig); } ret = cli_pcre_build(root, CLI_DEFAULT_PCRE_MATCH_LIMIT, CLI_DEFAULT_PCRE_RECMATCH_LIMIT, NULL); fail_unless(ret == CL_SUCCESS, "[pcre] cli_pcre_build() failed"); // recomputate offsets ret = cli_ac_initdata(&mdata, root->ac_partsigs, root->ac_lsigs, root->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN); fail_unless(ret == CL_SUCCESS, "[pcre] cli_ac_initdata() failed"); ctx.options |= CL_SCAN_ALLMATCHES; for(i = 0; pcre_testdata[i].data; i++) { ret = cli_pcre_scanbuf((const unsigned char*)pcre_testdata[i].data, strlen(pcre_testdata[i].data), &virname, NULL, root, NULL, NULL, NULL); fail_unless_fmt(ret == pcre_testdata[i].expected_result, "[pcre] cli_pcre_scanbuff() failed for %s (%d != %d)", pcre_testdata[i].virname, ret, pcre_testdata[i].expected_result); if (pcre_testdata[i].expected_result == CL_VIRUS) fail_unless_fmt(!strncmp(virname, pcre_testdata[i].virname, strlen(pcre_testdata[i].virname)), "[pcre] Dataset %u matched with %s", i, virname); ret = cli_scanbuff((const unsigned char*)pcre_testdata[i].data, strlen(pcre_testdata[i].data), 0, &ctx, 0, NULL); fail_unless_fmt(ret == pcre_testdata[i].expected_result, "[pcre] cli_scanbuff() failed for %s", pcre_testdata[i].virname); /* num_virus field add to test case struct */ if (ctx.num_viruses) ctx.num_viruses = 0; } cli_ac_freedata(&mdata); }
END_TEST START_TEST (test_ac_scanbuff_allscan) { struct cli_ac_data mdata; struct cli_matcher *root; unsigned int i; int ret; root = ctx.engine->root[0]; fail_unless(root != NULL, "root == NULL"); root->ac_only = 1; #ifdef USE_MPOOL root->mempool = mpool_create(); #endif ret = cli_ac_init(root, CLI_DEFAULT_AC_MINDEPTH, CLI_DEFAULT_AC_MAXDEPTH, 1); fail_unless(ret == CL_SUCCESS, "cli_ac_init() failed"); for(i = 0; ac_testdata[i].data; i++) { ret = cli_parse_add(root, ac_testdata[i].virname, ac_testdata[i].hexsig, 0, 0, 0, "*", 0, NULL, 0); fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed"); } ret = cli_ac_buildtrie(root); fail_unless(ret == CL_SUCCESS, "cli_ac_buildtrie() failed"); ret = cli_ac_initdata(&mdata, root->ac_partsigs, 0, 0, CLI_DEFAULT_AC_TRACKLEN); fail_unless(ret == CL_SUCCESS, "cli_ac_initdata() failed"); ctx.options |= CL_SCAN_ALLMATCHES; for(i = 0; ac_testdata[i].data; i++) { ret = cli_ac_scanbuff((const unsigned char*)ac_testdata[i].data, strlen(ac_testdata[i].data), &virname, NULL, NULL, root, &mdata, 0, 0, NULL, AC_SCAN_VIR, NULL); fail_unless_fmt(ret == CL_VIRUS, "cli_ac_scanbuff() failed for %s", ac_testdata[i].virname); fail_unless_fmt(!strncmp(virname, ac_testdata[i].virname, strlen(ac_testdata[i].virname)), "Dataset %u matched with %s", i, virname); ret = cli_scanbuff((const unsigned char*)ac_testdata[i].data, strlen(ac_testdata[i].data), 0, &ctx, 0, NULL); fail_unless_fmt(ret == CL_VIRUS, "cli_scanbuff() failed for %s", ac_testdata[i].virname); fail_unless_fmt(!strncmp(virname, ac_testdata[i].virname, strlen(ac_testdata[i].virname)), "Dataset %u matched with %s", i, virname); if (ctx.num_viruses) ctx.num_viruses = 0; } cli_ac_freedata(&mdata); }