-
Notifications
You must be signed in to change notification settings - Fork 70
/
rule_multiple.t
executable file
·124 lines (96 loc) · 3.68 KB
/
rule_multiple.t
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#!/usr/bin/perl -T
use lib '.'; use lib 't';
use SATest; sa_t_init("rule_multiple");
use Test::More tests => 42;
# ---------------------------------------------------------------------------
%patterns = (
q{ 1.0 META_BODY_RULE }, '',
q{ 1.0 META_BODY_RULE_MAX }, '',
q{ 1.0 META_EVAL_RULE }, '',
q{ 1.0 META_FULL_RULE }, '',
q{ 1.0 META_FULL_RULE_MAX }, '',
q{ 1.0 META_HEADER_RULE }, '',
q{ 1.0 META_HEADER_RULE_MAX }, '',
q{ 1.0 META_META_RULE }, '',
q{ 1.0 META_RAWBODY_RULE }, '',
q{ 1.0 META_RAWBODY_RULE_MAX }, '',
q{ 1.0 META_RULE_6 }, '',
q{ 1.0 META_URI_RULE }, '',
q{ 1.0 META_URI_RULE_MAX }, '',
);
%anti_patterns = (
q{ META_BODY_RULE_2 }, '',
q{ META_BODY_RULE_MAX_2 }, '',
q{ META_FULL_RULE_2 }, '',
q{ META_FULL_RULE_MAX_2 }, '',
q{ META_HEADER_RULE_2 }, '',
q{ META_HEADER_RULE_MAX_2 }, '',
q{ META_RAWBODY_RULE_MAX_2 }, '',
q{ META_URI_RULE_MAX_2 }, '',
);
tstlocalrules ('
header HEADER_RULE Subject =~ /--/
tflags HEADER_RULE multiple
meta META_HEADER_RULE HEADER_RULE > 1
header HEADER_RULE_2 Subject =~ /--/
meta META_HEADER_RULE_2 HEADER_RULE_2 > 1
body BODY_RULE /WWW.SUPERSITESCENTRAL.COM/i
tflags BODY_RULE multiple
meta META_BODY_RULE BODY_RULE == 3
body BODY_RULE_2 /WWW.SUPERSITESCENTRAL.COM/i
meta META_BODY_RULE_2 BODY_RULE_2 > 2
rawbody RAWBODY_RULE /WWW.SUPERSITESCENTRAL.COM/i
tflags RAWBODY_RULE multiple
meta META_RAWBODY_RULE RAWBODY_RULE == 3
full FULL_RULE /WWW.SUPERSITESCENTRAL.COM/i
tflags FULL_RULE multiple
meta META_FULL_RULE FULL_RULE == 3
full FULL_RULE_2 /WWW.SUPERSITESCENTRAL.COM/i
meta META_FULL_RULE_2 FULL_RULE_2 > 2
header HEADER_RULE_MAX Subject =~ /--/
tflags HEADER_RULE_MAX multiple maxhits=2
meta META_HEADER_RULE_MAX HEADER_RULE_MAX > 1
header HEADER_RULE_MAX_2 Subject =~ /--/
tflags HEADER_RULE_MAX_2 multiple maxhits=1
meta META_HEADER_RULE_MAX_2 HEADER_RULE_MAX_2 > 1
body BODY_RULE_MAX /WWW.SUPERSITESCENTRAL.COM/i
tflags BODY_RULE_MAX multiple maxhits=3
meta META_BODY_RULE_MAX BODY_RULE_MAX == 3
body BODY_RULE_MAX_2 /WWW.SUPERSITESCENTRAL.COM/i
tflags BODY_RULE_MAX_2 multiple maxhits=2
meta META_BODY_RULE_MAX_2 BODY_RULE_MAX_2 > 2
rawbody RAWBODY_RULE_MAX /WWW.SUPERSITESCENTRAL.COM/i
tflags RAWBODY_RULE_MAX multiple maxhits=3
meta META_RAWBODY_RULE_MAX RAWBODY_RULE_MAX == 3
rawbody RAWBODY_RULE_MAX_2 /WWW.SUPERSITESCENTRAL.COM/i
tflags RAWBODY_RULE_MAX_2 multiple maxhits=2
meta META_RAWBODY_RULE_MAX_2 RAWBODY_RULE_MAX_2 > 2
full FULL_RULE_MAX /WWW.SUPERSITESCENTRAL.COM/i
tflags FULL_RULE_MAX multiple maxhits=3
meta META_FULL_RULE_MAX FULL_RULE_MAX == 3
full FULL_RULE_MAX_2 /WWW.SUPERSITESCENTRAL.COM/i
tflags FULL_RULE_MAX_2 multiple maxhits=2
meta META_FULL_RULE_MAX_2 FULL_RULE_MAX_2 > 2
# Note that this is supposed to hit 2 times -> 2 unique urls
uri URI_RULE /WWW.SUPERSITESCENTRAL.COM/i
tflags URI_RULE multiple
meta META_URI_RULE URI_RULE == 2
uri URI_RULE_MAX /WWW.SUPERSITESCENTRAL.COM/i
tflags URI_RULE_MAX multiple maxhits=1
meta META_URI_RULE_MAX URI_RULE_MAX == 1
uri URI_RULE_MAX_2 /WWW.SUPERSITESCENTRAL.COM/i
tflags URI_RULE_MAX_2 multiple maxhits=1
meta META_URI_RULE_MAX_2 URI_RULE_MAX_2 > 1
meta META_RULE META_BODY_RULE + META_RAWBODY_RULE
meta META_META_RULE META_RULE == 2
meta META_RULE_6 BODY_RULE + RAWBODY_RULE == 6
loadplugin myTestPlugin ../../../data/testplugin.pm
header EVAL_RULE eval:check_return_2()
meta META_EVAL_RULE EVAL_RULE > 1
');
sarun ("-L -t < data/spam/002 2>&1", \&patterns_run_cb);
ok_all_patterns();
# do some tests without any other rules to check meta bugs
clear_localrules();
sarun ("-L -t < data/spam/002 2>&1", \&patterns_run_cb);
ok_all_patterns();