"Fossies" - the Fresh Open Source Software Archive

Member "anomy/testcases/sanitizer.boundary.t" (8 May 2003, 3040 Bytes) of package /linux/privat/old/anomy-sanitizer-1.76.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Bash source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 #!/bin/sh
    2 [ "$1" = "-h" ] && cat <<tac
    3 
    4 This example tests the following features of the sanitizer:
    5 
    6   - This tests handling of RFC822 comments within Boundary strings,
    7     where the sanitizer doesn't actually chose between possible 
    8     boundary strings until message processing has begun.
    9     
   10   - Test various other naughty boundary-string exploits.
   11 
   12   - Test handling of broken "name=file with unquoted spaces.ext" stuff.
   13 
   14   - Test the Transfer-Encoding fixer-upper code.
   15 
   16 tac
   17 $ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
   18       'feat_testing = 1' \
   19       'feat_log_inline = 1' \
   20       'feat_log_stderr = 1' \
   21       'file_list_2_policy = accept' \
   22       'file_list_2 = (?i)\.txt$' \
   23       'file_list_7 = 0' \
   24       "header_rev = 0" <<EOF 2>test.log >test.out
   25 From bre Fri Jan 30 03:37:34 1998
   26 Date: Wed, 13 Dec 2000 17:13:26 +0800
   27 From: Admin <foo@bar.com>
   28 Subject: Yet another MIME test
   29 To: Admin <baz@bar.com>
   30 MIME-Version: 1.0
   31 Con(FOO)tent-Type: MULT(comment)I(c2)PA(c3)RT/ALTERNATIVE; boundary=Boundary_(THIS_DOESNT_GET_DROPPED)
   32 Content-Transfer-Encoding: quoted-printable
   33 
   34 --Boundary_(THIS_DOESNT_GET_DROPPED)
   35 Content-type: text/plain; format=flowed; charset=us-ascii
   36 Content-disposition: attachment; 
   37  name=evil file.exe
   38 
   39 Part one
   40 --Boundary_(THIS_DOESNT_GET_DROPPED)
   41 Content-type: text/plain; charset=us-ascii
   42 
   43 Part two
   44 --Boundary_(THIS_DOESNT_GET_DROPPED)--
   45 
   46 EOF
   47 echo "*** Exit code was $? ***" >>test.out
   48 
   49 $ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
   50   'feat_log_inline = 1' \
   51   'file_list_2_policy = accept' \
   52   'file_list_2 = (?i)\.txt$' \
   53   'file_list_7 = 0' \
   54   'feat_testing = 1' "header_rev = 0" <<EOF 2>>test.log >>test.out
   55 From bre Fri Jan 30 03:37:34 1998
   56 Date: Wed, 13 Dec 2000 17:13:26 +0800
   57 From: Admin <foo@bar.com>
   58 Subject: Yet another MIME test
   59 To: Admin <baz@bar.com>
   60 MIME-Version: 1.0
   61 Content-Type: MULTIPART/ALTERNATIVE; boundary=Boundary(THIS_GETS_DROPPED)
   62 Content-Transfer-Encoding: 8bit
   63 
   64 --Boundary
   65 Content-type: text/plain; format=flowed; charset=us-ascii
   66 Content-disposition: attachment; name=evil file.exe
   67 
   68 Part one
   69 --Boundary
   70 Content-type: text/plain; charset=us-ascii
   71 
   72 Part two
   73 --Boundary--
   74 
   75 EOF
   76 echo "*** Exit code was $? ***" >>test.out
   77 
   78 $ANOMY/bin/sanitizer.pl -nofprot $SAN_CONF \
   79   'feat_log_inline = 1' \
   80   'file_list_2_policy = accept' \
   81   'file_list_2 = (?i)\.txt$' \
   82   'file_list_7 = 0' \
   83   'feat_testing = 1' "header_rev = 0" <<EOF 2>>test.log >>test.out
   84 From bre Fri Jan 30 03:37:34 1998
   85 Date: Wed, 13 Dec 2000 17:13:26 +0800
   86 From: Admin <foo@bar.com>
   87 Subject: Yet another MIME test
   88 To: Admin <baz@bar.com>
   89 MIME-Version: 1.0
   90 Content-Type: MULTIPART/ALTERNATIVE;
   91 Content-Transfer-Encoding: 8bit
   92 
   93 --------------------------------------------
   94 This is crap
   95 --------------------------------------------
   96 
   97 --NotABoundary
   98 
   99 --ReallyAFakeBoundary
  100 
  101 --Boundary
  102 Content-type: text/plain; format=flowed; charset=us-ascii
  103 Content-disposition: attachment; name="evil.exe"
  104 
  105 Part one
  106 --Boundary
  107 Content-type: text/plain; charset=us-ascii
  108 
  109 Part two
  110 --Boundary--
  111 
  112 EOF
  113 echo "*** Exit code was $? ***" >>test.out