4 * Copyright(c) 2010-2013 Intel Corporation. All rights reserved.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * * Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * * Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in
15 * the documentation and/or other materials provided with the
17 * * Neither the name of Intel Corporation nor the names of its
18 * contributors may be used to endorse or promote products derived
19 * from this software without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
22 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
23 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
24 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
25 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
26 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
27 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
31 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #ifndef TEST_PMAC_PM_H_
35 #define TEST_PMAC_PM_H_
42 * clean ASCII patterns
44 #define MAX_PATTERN_LEN 256
45 const char clean_patterns[][MAX_PATTERN_LEN] = {
47 "Bad command or filename",
52 "subject=FrEaK+SERVER",
54 "/scripts/WWPMsg.dll",
55 "body=JJ+BackDoor+-+v",
57 "subject=Insurrection+Page",
62 "# Nova CGI Notification Script",
63 /* test NOT converting to binary */
65 /* test adding same pattern twice - should result in two matches */
70 * mixed ASCII-binary patterns
72 const char mixed_patterns[][MAX_PATTERN_LEN] = {
73 "1 file|28|s|29| copied",
76 "|7C 32 33 7C 00|", /* gives |23| */
77 /* test converter not converting stuff erroneously */
83 * (P1 is used when having only one pattern)
85 const char P1_patterns[][MAX_PATTERN_LEN] = {
92 * BUFFERS TO LOOK PATTERNS IN
94 #define MAX_MATCH_COUNT 3
96 struct pm_test_buffer {
98 const char string[MAX_PATTERN_LEN];
99 /* strings that should be found marching.
100 * for our test we allow no more than 3 matches.
101 * the number is completely arbitrary */
102 const char * matched_str[MAX_MATCH_COUNT];
103 /* number of matches with and without case sensitivity */
105 uint8_t n_matches_with_case_sense;
108 struct pm_test_buffer clean_buffers[] = {
109 {"abcCommand completedcde",
110 {clean_patterns[0], NULL, NULL},
112 {"jsljelkwlefwe|23|igu5o0",
113 {clean_patterns[16], NULL, NULL},
115 {"Invalid URLwww.kOrnpUterS.comfRiEnD_niCKname=",
116 {clean_patterns[3], clean_patterns[14], clean_patterns[7]},
121 {"abcfrOmemail=y3kcde",
122 {clean_patterns[13], clean_patterns[17], NULL},
124 {"FANOUTsubject=FrEaK+SERVERFANOUT",
125 {clean_patterns[6], NULL, NULL},
127 {"Bad command or filenam",
130 {"Bad command or filename",
131 {clean_patterns[1], NULL, NULL},
133 {"845hyut8hji51 FILE(S) COPIED934ui45",
134 {clean_patterns[2], NULL, NULL},
136 {"HTTP/1.1 403IndEx of /cgi-bin/",
137 {clean_patterns[5], clean_patterns[4], NULL},
139 {"mail.php?subject=Mail&body=JJ+BackDoor+-+v&id=2357874",
140 {clean_patterns[9], NULL, NULL},
142 {"/var/www/site/scripts/WWPMsg.dll",
143 {clean_patterns[8], NULL, NULL},
145 {"backtrust.com/mail.cgi?subject=Insurrection+Page&body=JJ+BackDoor+-+v",
146 {clean_patterns[11], clean_patterns[10], clean_patterns[9]},
148 {"User-Agent: Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1)",
149 {clean_patterns[12], NULL, NULL},
151 {"User-agent: Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1)",
152 {clean_patterns[12], NULL, NULL},
154 {"http://www.kornputers.com/index.php",
155 {clean_patterns[14], NULL, NULL},
157 {"\r\n# Nova CGI Notification Script",
158 {clean_patterns[15], NULL, NULL},
160 {"\r\n# Nova CGI Notification Scrupt",
163 {"User Agent: Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1)",
166 {"abcfromemail=y3dcde",
171 struct pm_test_buffer mixed_buffers[] = {
172 {"jsljelkwlefwe|23|igu5o0",
173 {mixed_patterns[3], NULL, NULL},
176 {mixed_patterns[1], NULL, NULL},
179 {mixed_patterns[2], NULL, NULL},
182 {mixed_patterns[1], NULL, NULL},
184 {"www.kornputers.com",
185 {mixed_patterns[4], NULL, NULL},
187 {"1 file(s) copied from www.kornputers.com ",
188 {mixed_patterns[0], mixed_patterns[4], NULL},
190 {"www.kornputers.com: 1 File(s) Copied",
191 {mixed_patterns[4], mixed_patterns[0], NULL},
194 {mixed_patterns[0], NULL, NULL},
200 {mixed_patterns[0], NULL, NULL},
202 {"iwrhf34890yuhh *Y89#9ireirgf",
203 {mixed_patterns[2], NULL, NULL},
207 struct pm_test_buffer P1_buffers[] = {
209 {P1_patterns[0], NULL, NULL},
212 {P1_patterns[0], NULL, NULL},
223 {"1111aA1111111111aA111111",
224 {P1_patterns[0], P1_patterns[0], NULL},
229 #endif /* TEST_PMAC_PM_H_ */