END_TEST
START_TEST (test_bm_scanbuff_allscan) {
struct cli_matcher *root;
const char *virname = NULL;
int ret;
root = ctx.engine->root[0];
fail_unless(root != NULL, "root == NULL");
#ifdef USE_MPOOL
root->mempool = mpool_create();
#endif
ret = cli_bm_init(root);
fail_unless(ret == CL_SUCCESS, "cli_bm_init() failed");
ret = cli_parse_add(root, "Sig1", "deadbabe", 0, 0, 0, "*", 0, NULL, 0);
fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed");
ret = cli_parse_add(root, "Sig2", "deadbeef", 0, 0, 0, "*", 0, NULL, 0);
fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed");
ret = cli_parse_add(root, "Sig3", "babedead", 0, 0, 0, "*", 0, NULL, 0);
fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed");
ret = cli_bm_scanbuff((const unsigned char*)"blah\xde\xad\xbe\xef", 12, &virname, NULL, root, 0, NULL, NULL, NULL);
fail_unless(ret == CL_VIRUS, "cli_bm_scanbuff() failed");
fail_unless(!strncmp(virname, "Sig2", 4), "Incorrect signature matched in cli_bm_scanbuff()\n");
}
END_TEST
START_TEST (test_bm_scanbuff) {
struct cli_matcher *root;
const char *virname = NULL;
int ret;
root = (struct cli_matcher *) cli_calloc(1, sizeof(struct cli_matcher));
fail_unless(root != NULL, "root == NULL");
#ifdef USE_MPOOL
root->mempool = mpool_create();
#endif
ret = cli_bm_init(root);
fail_unless(ret == CL_SUCCESS, "cli_bm_init() failed");
ret = cli_parse_add(root, "Sig1", "deadbabe", 0, 0, NULL, 0, NULL, 0);
fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed");
ret = cli_parse_add(root, "Sig2", "deadbeef", 0, 0, NULL, 0, NULL, 0);
fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed");
ret = cli_parse_add(root, "Sig3", "babedead", 0, 0, NULL, 0, NULL, 0);
fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed");
ret = cli_bm_scanbuff("blah\xde\xad\xbe\xef", 12, &virname, root, 0, 0, -1);
fail_unless(ret == CL_VIRUS, "cli_bm_scanbuff() failed");
fail_unless(!strncmp(virname, "Sig2", 4), "Incorrect signature matched in cli_bm_scanbuff()\n");
cli_bm_free(root);
#ifdef USE_MPOOL
mpool_destroy(root->mempool);
#endif
free(root);
}
int cli_addtypesigs(struct cl_engine *engine)
{
int i, ret;
struct cli_matcher *root;
if(!engine->root[0]) {
cli_dbgmsg("cli_addtypesigs: Need to allocate AC trie in engine->root[0]\n");
root = engine->root[0] = (struct cli_matcher *) cli_calloc(1, sizeof(struct cli_matcher));
if(!root) {
cli_errmsg("cli_addtypesigs: Can't initialise AC pattern matcher\n");
return CL_EMEM;
}
if((ret = cli_ac_init(root, cli_ac_mindepth, cli_ac_maxdepth))) {
/* No need to free previously allocated memory here - all engine
* elements will be properly freed by cl_free()
*/
cli_errmsg("cli_addtypesigs: Can't initialise AC pattern matcher\n");
return ret;
}
} else {
root = engine->root[0];
}
for(i = 0; cli_smagic[i].sig; i++) {
if((ret = cli_parse_add(root, cli_smagic[i].descr, cli_smagic[i].sig, cli_smagic[i].type, NULL, 0))) {
cli_errmsg("cli_addtypesigs: Problem adding signature for %s\n", cli_smagic[i].descr);
return ret;
}
}
return 0;
}
END_TEST
START_TEST (test_pcre_scanbuff_allscan) {
struct cli_ac_data mdata;
struct cli_matcher *root;
char *hexsig;
unsigned int i, hexlen;
int ret;
root = ctx.engine->root[0];
fail_unless(root != NULL, "root == NULL");
#ifdef USE_MPOOL
root->mempool = mpool_create();
#endif
ret = cli_pcre_init();
fail_unless(ret == CL_SUCCESS, "[pcre] cli_pcre_init() failed");
for(i = 0; pcre_testdata[i].data; i++) {
hexlen = strlen(PCRE_BYPASS) + strlen(pcre_testdata[i].hexsig) + 1;
hexsig = cli_calloc(hexlen, sizeof(char));
fail_unless(hexsig != NULL, "[pcre] failed to prepend bypass (out-of-memory)");
strncat(hexsig, PCRE_BYPASS, hexlen);
strncat(hexsig, pcre_testdata[i].hexsig, hexlen);
ret = cli_parse_add(root, pcre_testdata[i].virname, hexsig, 0, 0, 0, pcre_testdata[i].offset, 0, NULL, 0);
fail_unless(ret == CL_SUCCESS, "[pcre] cli_parse_add() failed");
free(hexsig);
}
ret = cli_pcre_build(root, CLI_DEFAULT_PCRE_MATCH_LIMIT, CLI_DEFAULT_PCRE_RECMATCH_LIMIT, NULL);
fail_unless(ret == CL_SUCCESS, "[pcre] cli_pcre_build() failed");
// recomputate offsets
ret = cli_ac_initdata(&mdata, root->ac_partsigs, root->ac_lsigs, root->ac_reloff_num, CLI_DEFAULT_AC_TRACKLEN);
fail_unless(ret == CL_SUCCESS, "[pcre] cli_ac_initdata() failed");
ctx.options |= CL_SCAN_ALLMATCHES;
for(i = 0; pcre_testdata[i].data; i++) {
ret = cli_pcre_scanbuf((const unsigned char*)pcre_testdata[i].data, strlen(pcre_testdata[i].data), &virname, NULL, root, NULL, NULL, NULL);
fail_unless_fmt(ret == pcre_testdata[i].expected_result, "[pcre] cli_pcre_scanbuff() failed for %s (%d != %d)", pcre_testdata[i].virname, ret, pcre_testdata[i].expected_result);
if (pcre_testdata[i].expected_result == CL_VIRUS)
fail_unless_fmt(!strncmp(virname, pcre_testdata[i].virname, strlen(pcre_testdata[i].virname)), "[pcre] Dataset %u matched with %s", i, virname);
ret = cli_scanbuff((const unsigned char*)pcre_testdata[i].data, strlen(pcre_testdata[i].data), 0, &ctx, 0, NULL);
fail_unless_fmt(ret == pcre_testdata[i].expected_result, "[pcre] cli_scanbuff() failed for %s", pcre_testdata[i].virname);
/* num_virus field add to test case struct */
if (ctx.num_viruses)
ctx.num_viruses = 0;
}
cli_ac_freedata(&mdata);
}
END_TEST
START_TEST (test_ac_scanbuff_allscan) {
struct cli_ac_data mdata;
struct cli_matcher *root;
unsigned int i;
int ret;
root = ctx.engine->root[0];
fail_unless(root != NULL, "root == NULL");
root->ac_only = 1;
#ifdef USE_MPOOL
root->mempool = mpool_create();
#endif
ret = cli_ac_init(root, CLI_DEFAULT_AC_MINDEPTH, CLI_DEFAULT_AC_MAXDEPTH, 1);
fail_unless(ret == CL_SUCCESS, "cli_ac_init() failed");
for(i = 0; ac_testdata[i].data; i++) {
ret = cli_parse_add(root, ac_testdata[i].virname, ac_testdata[i].hexsig, 0, 0, 0, "*", 0, NULL, 0);
fail_unless(ret == CL_SUCCESS, "cli_parse_add() failed");
}
ret = cli_ac_buildtrie(root);
fail_unless(ret == CL_SUCCESS, "cli_ac_buildtrie() failed");
ret = cli_ac_initdata(&mdata, root->ac_partsigs, 0, 0, CLI_DEFAULT_AC_TRACKLEN);
fail_unless(ret == CL_SUCCESS, "cli_ac_initdata() failed");
ctx.options |= CL_SCAN_ALLMATCHES;
for(i = 0; ac_testdata[i].data; i++) {
ret = cli_ac_scanbuff((const unsigned char*)ac_testdata[i].data, strlen(ac_testdata[i].data), &virname, NULL, NULL, root, &mdata, 0, 0, NULL, AC_SCAN_VIR, NULL);
fail_unless_fmt(ret == CL_VIRUS, "cli_ac_scanbuff() failed for %s", ac_testdata[i].virname);
fail_unless_fmt(!strncmp(virname, ac_testdata[i].virname, strlen(ac_testdata[i].virname)), "Dataset %u matched with %s", i, virname);
ret = cli_scanbuff((const unsigned char*)ac_testdata[i].data, strlen(ac_testdata[i].data), 0, &ctx, 0, NULL);
fail_unless_fmt(ret == CL_VIRUS, "cli_scanbuff() failed for %s", ac_testdata[i].virname);
fail_unless_fmt(!strncmp(virname, ac_testdata[i].virname, strlen(ac_testdata[i].virname)), "Dataset %u matched with %s", i, virname);
if (ctx.num_viruses)
ctx.num_viruses = 0;
}
cli_ac_freedata(&mdata);
}
