open-dsi
/
clamav
mirror of https://github.com/Cisco-Talos/clamav
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ClamAV is an open source (GPLv2) anti-virus toolkit.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10392 Commits
35 Branches
233 Tags
240 MiB
Tag: Branch: Tree: a8e8c344eb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a8e8c344eb'
${ noResults }
clamav/unit_tests/clamscan_test.py

221 lines
8.9 KiB
Raw Normal View History Unescape

CMake: Add CTest support to match Autotools checks An ENABLE_TESTS CMake option is provided so that users can disable testing if they don't want it. Instructions for how to use this included in the INSTALL.cmake.md file. If you run `ctest`, each testcase will write out a log file to the <build>/unit_tests directory. As with Autotools' make check, the test files are from test/.split and unit_tests/.split files, but for CMake these are generated at build time instead of at test time. On Posix systems, sets the LD_LIBRARY_PATH so that ClamAV-compiled libraries can be loaded when running tests. On Windows systems, CTest will identify and collect all library dependencies and assemble a temporarily install under the build/unit_tests directory so that the libraries can be loaded when running tests. The same feature is used on Windows when using CMake to install to collect all DLL dependencies so that users don't have to install them manually afterwards. Each of the CTest tests are run using a custom wrapper around Python's unittest framework, which is also responsible for finding and inserting valgrind into the valgrind tests on Posix systems. Unlike with Autotools, the CMake CTest Valgrind-tests are enabled by default, if Valgrind can be found. There's no need to set VG=1. CTest's memcheck module is NOT supported, because we use Python to orchestrate our tests. Added a bunch of Windows compatibility changes to the unit tests. These were primarily changing / to PATHSEP and making adjustments to use Win32 C headers and ifdef out the POSIX ones which aren't available on Windows. Also disabled a bunch of tests on Win32 that don't work on Windows, notably the mmap ones and FD-passing (i.e. FILEDES) ones. Add JSON_C_HAVE_INTTYPES_H definition to clamav-config.h to eliminate warnings on Windows where json.h is included after inttypes.h because json-c's inttypes replacement relies on it. This is a it of a hack and may be removed if json-c fixes their inttypes header stuff in the future. Add preprocessor definitions on Windows to disable MSVC warnings about CRT secure and nonstandard functions. While there may be a better solution, this is needed to be able to see other more serious warnings. Add missing file comment block and copyright statement for clamsubmit.c. Also change json-c/json.h include filename to json.h in clamsubmit.c. The directory name is not required. Changed the hash table data integer type from long, which is poorly defined, to size_t -- which is capable of storing a pointer. Fixed a bunch of casts regarding this variable to eliminate warnings. Fixed two bugs causing utf8 encoding unit tests to fail on Windows: - The in_size variable should be the number of bytes, not the character count. This was was causing the SHIFT_JIS (japanese codepage) to UTF8 transcoding test to only transcode half the bytes. - It turns out that the MultiByteToWideChar() API can't transcode UTF16-BE to UTF16-LE. The solution is to just iterate over the buffer and flip the bytes on each uint16_t. This but was causing the UTF16-BE to UTF8 tests to fail. I also split up the utf8 transcoding tests into separate tests so I could see all of the failures instead of just the first one. Added a flags parameter to the unit test function to open testfiles because it turns out that on Windows if a file contains the \r\n it will replace it with just \n if you opened the file as a text file instead of as binary. However, if we open the CBC files as binary, then a bunch of bytecode tests fail. So I've changed the tests to open the CBC files in the bytecode tests as text files and open all other files as binary. Ported the feature tests from shell scripts to Python using a modified version of our QA test-framework, which is largely compatible and will allow us to migrate some QA tests into this repo. I'd like to add GitHub Actions pipelines in the future so that all public PR's get some testing before anyone has to manually review them. The clamd --log option was missing from the help string, though it definitely works. I've added it in this commit. It appears that clamd.c was never clang-format'd, so this commit also reformats clamd.c. Some of the check_clamd tests expected the path returned by clamd to match character for character with original path sent to clamd. However, as we now evaluate real paths before a scan, the path returned by clamd isn't going to match the relative (and possibly symlink-ridden) path passed to clamdscan. I fixed this test by changing the test to search for the basename: <signature> FOUND within the response instead of matching the exact path. Autotools: Link check_clamd with libclamav so we can use our utility functions in check_clamd.c.
5 years ago
# Copyright (C) 2020 Cisco Systems, Inc. and/or its affiliates. All rights reserved.
"""
Run clamscan tests.
"""
import os
from pathlib import Path
import platform
import shutil
import subprocess
import sys
import time
import unittest
import testcase
os_platform = platform.platform()
operating_system = os_platform.split('-')[0].lower()
class TC(testcase.TestCase):
@classmethod
def setUpClass(cls):
super(TC, cls).setUpClass()
TC.testpaths = list(TC.path_build.glob('test/clam*')) # A list of Path()'s of each of our generated test files
# Prepare a directory to store our test databases
TC.path_db = TC.path_tmp / 'database'
TC.path_db.mkdir(parents=True)
shutil.copy(
str(TC.path_build / 'unit_tests' / 'clamav.hdb'),
str(TC.path_db),
)
(TC.path_db / 'clamav.ign2').write_text('ClamAV-Test-File\n')
(TC.path_db / 'phish.pdb').write_text('H:example.com\n')
(TC.path_db / 'icon.idb').write_text(
"EA0X-32x32x8:ea0x-grp1:ea0x-grp2:2046f030a42a07153f4120a0031600007000005e1617ef0000d21100cb090674150f880313970b0e7716116d01136216022500002f0a173700081a004a0e\n"
"IScab-16x16x8:iscab-grp1:iscab-grp2:107b3000168306015c20a0105b07060be0a0b11c050bea0706cb0a0bbb060b6f00017c06018301068109086b03046705081b000a270a002a000039002b17\n"
)
(TC.path_db / 'icon.ldb').write_text(
"ClamAV-Test-Icon-EA0X;Engine:52-1000,Target:1,IconGroup1:ea0x-grp1,IconGroup2:*;(0);0:4d5a\n"
"ClamAV-Test-Icon-IScab;Engine:52-1000,Target:1,IconGroup2:iscab-grp2;(0);0:4d5a\n"
)
(TC.path_db / 'Clam-VI.ldb').write_text(
"Clam-VI-Test:Target;Engine:52-255,Target:1;(0&1);VI:43006f006d00700061006e0079004e0061006d0065000000000063006f006d00700061006e007900;VI:500072006f0064007500630074004e0061006d0065000000000063006c0061006d00\n"
)
(TC.path_db / 'yara-at-offset.yara').write_text(
"rule yara_at_offset {strings: $tar_magic = { 75 73 74 61 72 } condition: $tar_magic at 257}\n"
)
(TC.path_db / 'yara-in-range.yara').write_text(
"rule yara_in_range {strings: $tar_magic = { 75 73 74 61 72 } condition: $tar_magic in (200..300)}\n"
)
@classmethod
def tearDownClass(cls):
super(TC, cls).tearDownClass()
def setUp(self):
super(TC, self).setUp()
def tearDown(self):
super(TC, self).tearDown()
self.verify_valgrind_log()
def test_clamscan_00_version(self):
self.step_name('clamscan version test')
command = f'{TC.valgrind} {TC.valgrind_args} {TC.clamscan} -V'
output = self.execute_command(command)
assert output.ec == 0 # success
expected_results = [
f'ClamAV {TC.version}',
]
self.verify_output(output.out, expected=expected_results)
def test_clamscan_01_all_testfiles(self):
self.step_name('Test that clamscan alerts on all test files')
testfiles = ' '.join([str(testpath) for testpath in TC.testpaths])
command = f'{TC.valgrind} {TC.valgrind_args} {TC.clamscan} -d {TC.path_db / "clamav.hdb"} {testfiles}'
output = self.execute_command(command)
assert output.ec == 1 # virus found
expected_results = [f'{testpath.name}: ClamAV-Test-File.UNOFFICIAL FOUND' for testpath in TC.testpaths]
expected_results.append(f'Scanned files: {len(TC.testpaths)}')
expected_results.append(f'Infected files: {len(TC.testpaths)}')
self.verify_output(output.out, expected=expected_results)
def test_clamscan_02_all_testfiles_ign2(self):
self.step_name('Test that clamscan ignores ClamAV-Test-File alerts')
testfiles = ' '.join([str(testpath) for testpath in TC.testpaths])
command = f'{TC.valgrind} {TC.valgrind_args} {TC.clamscan} -d {TC.path_db / "clamav.hdb"} -d {TC.path_db / "clamav.ign2"} {testfiles}'
output = self.execute_command(command)
assert output.ec == 1 # virus found
expected_results = [f'{testpath.name}: ClamAV-Test-File.UNOFFICIAL FOUND' for testpath in TC.testpaths]
expected_results.append(f'Scanned files: {len(TC.testpaths)}')
expected_results.append(f'Infected files: {len(TC.testpaths)}')
self.verify_output(output.out, expected=expected_results)
def test_clamscan_03_phish_test_not_enabled(self):
self.step_name('Test that clamscan will load the phishing sigs w/out issue')
testpaths = list(TC.path_source.glob('unit_tests/input/phish-test-*'))
testfiles = ' '.join([str(testpath) for testpath in testpaths])
command = f'{TC.valgrind} {TC.valgrind_args} {TC.clamscan} -d {TC.path_db / "phish.pdb"} {testfiles}'
output = self.execute_command(command)
assert output.ec == 0 # virus NOT found
expected_results = [
'Scanned files: 3',
'Infected files: 0',
]
self.verify_output(output.out, expected=expected_results)
def test_clamscan_04_phish_test_alert_phishing_ssl_alert_phishing_cloak(self):
self.step_name('Test clamscan --alert-phishing-ssl --alert-phishing-cloak')
testpaths = list(TC.path_source.glob('unit_tests/input/phish-test-*'))
testfiles = ' '.join([str(testpath) for testpath in testpaths])
command = f'{TC.valgrind} {TC.valgrind_args} {TC.clamscan} -d {TC.path_db / "phish.pdb"} --alert-phishing-ssl --alert-phishing-cloak {testfiles}'
output = self.execute_command(command)
assert output.ec == 1 # virus found
expected_results = [
'phish-test-ssl: Heuristics.Phishing.Email.SSL-Spoof FOUND',
'phish-test-cloak: Heuristics.Phishing.Email.Cloaked.Null FOUND',
'Scanned files: 3',
'Infected files: 2', # there's a clean one
]
self.verify_output(output.out, expected=expected_results)
def test_clamscan_05_icon(self):
self.step_name('Test icon (.ldb + .idb) signatures')
testfiles = ' '.join([str(testpath) for testpath in TC.testpaths])
command = f'{TC.valgrind} {TC.valgrind_args} {TC.clamscan} -d {TC.path_db / "icon.ldb"} -d {TC.path_db / "icon.idb"} {testfiles}'
output = self.execute_command(command)
assert output.ec == 1 # virus found
# Use check_fpu_endian to determine expected results
command = f'{TC.check_fpu_endian}'
fpu_endian_output = self.execute_command(command)
expected_results = [
'clam_IScab_ext.exe: ClamAV-Test-Icon-IScab.UNOFFICIAL FOUND',
'clam_IScab_int.exe: ClamAV-Test-Icon-IScab.UNOFFICIAL FOUND',
]
if fpu_endian_output.ec == 3:
expected_num_infected = 3
else:
expected_results.append('clam.ea06.exe: ClamAV-Test-Icon-EA0X.UNOFFICIAL FOUND')
expected_num_infected = 4
expected_results.append(f'Infected files: {expected_num_infected}')
self.verify_output(output.out, expected=expected_results)
def test_clamscan_06_LDB_VI(self):
self.step_name('Test LDB VI feature')
testfiles = ' '.join([str(testpath) for testpath in TC.testpaths])
command = f'{TC.valgrind} {TC.valgrind_args} {TC.clamscan} -d {TC.path_db / "Clam-VI.ldb"} {testfiles}'
output = self.execute_command(command)
assert output.ec == 1 # virus found
expected_results = [
'clam_ISmsi_ext.exe: Clam-VI-Test:Target.UNOFFICIAL FOUND',
'clam_ISmsi_int.exe: Clam-VI-Test:Target.UNOFFICIAL FOUND',
'Infected files: 2',
]
self.verify_output(output.out, expected=expected_results)
def test_clamscan_07_yara_at_offset(self):
self.step_name('Test yara signature - detect TAR file magic at an offset')
testfiles = ' '.join([str(testpath) for testpath in TC.testpaths])
command = f'{TC.valgrind} {TC.valgrind_args} {TC.clamscan} -d {TC.path_db / "yara-at-offset.yara"} {testfiles}'
output = self.execute_command(command)
assert output.ec == 1 # virus found
expected_results = [
'clam.tar.gz: YARA.yara_at_offset.UNOFFICIAL FOUND',
'clam_cache_emax.tgz: YARA.yara_at_offset.UNOFFICIAL FOUND',
'Infected files: 2',
]
self.verify_output(output.out, expected=expected_results)
def test_clamscan_08_yara_in_range(self):
self.step_name('Test yara signature - detect TAR file magic in a range')
testfiles = ' '.join([str(testpath) for testpath in TC.testpaths])
command = f'{TC.valgrind} {TC.valgrind_args} {TC.clamscan} -d {TC.path_db / "yara-in-range.yara"} {testfiles}'
output = self.execute_command(command)
assert output.ec == 1 # virus found
expected_results = [
'clam.tar.gz: YARA.yara_in_range.UNOFFICIAL FOUND',
'clam_cache_emax.tgz: YARA.yara_in_range.UNOFFICIAL FOUND',
'Infected files: 2',
]
self.verify_output(output.out, expected=expected_results)