Author: gbechis
Date: Tue Nov 23 15:47:31 2021
New Revision: 1895271
URL: http://svn.apache.org/viewvc?rev=1895271&view=rev
Log:
improve logging and add regression tests for check_olemacro_redirect_uri()
Added:
spamassassin/trunk/t/data/spam/olevbmacro/target_uri.eml
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm
spamassassin/trunk/t/olevbmacro.t
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm?rev=1895271&r1=1895270&r2=1895271&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm Tue Nov 23 15:47:31 2021
@@ -499,7 +499,13 @@ sub check_olemacro_redirect_uri {
_check_attachments(@_) unless exists $pms->{olemacro_redirect_uri};
- return $pms->{olemacro_redirect_uri};
+ my $rulename = $pms->get_current_eval_rule_name();
+ if(defined $pms->{olemacro_redirect_uri}) {
+ $pms->test_log("$pms->{olemacro_redirect_uri}", $rulename);
+ $pms->got_hit($rulename, "", ruletype => 'eval');
+ return 1;
+ }
+ return 0;
}
sub _check_attachments {
@@ -849,6 +855,7 @@ sub _check_macrotype_doc {
my @rels = $zip->membersMatching('.*\.rels');
my @relations;
+ my $target_uri;
if(not defined $pms->{olemacro_redirect_uri}) {
foreach my $rel ( @rels ) {
dbg("Found " . $rel->fileName . " configuration file");
@@ -856,8 +863,10 @@ sub _check_macrotype_doc {
@relations = split(/Relationship\s/, $data);
foreach my $rls ( @relations ) {
if (($status == $az_ok) && ($rls =~ /Target=\"(https?\:\/\/[^"']*)\".*TargetMode=\"External\"/is)) {
- $pms->{olemacro_redirect_uri} = 1;
- $pms->add_uri_detail_list($1) if defined $1;
+ $target_uri = $1;
+ dbg("Found target uri $target_uri");
+ $pms->add_uri_detail_list($target_uri) if defined $target_uri;
+ $pms->{olemacro_redirect_uri} = $target_uri;
}
}
}
Added: spamassassin/trunk/t/data/spam/olevbmacro/target_uri.eml
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/data/spam/olevbmacro/target_uri.eml?rev=1895271&view=auto
==============================================================================
--- spamassassin/trunk/t/data/spam/olevbmacro/target_uri.eml (added)
+++ spamassassin/trunk/t/data/spam/olevbmacro/target_uri.eml Tue Nov 23 15:47:31 2021
@@ -0,0 +1,123 @@
+Date: Mon, 11 Nov 2019 16:27:11 +0100
+From: spammer@example.com
+To: victim@example.com
+Subject: Macro
+Message-ID: <20191111152711.GC97706@example.com>
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="------------hAgW8a3LP3BWlJ9fOS2eb04F"
+
+This is a multi-part message in MIME format.
+--------------hAgW8a3LP3BWlJ9fOS2eb04F
+Content-Type: multipart/alternative;
+ boundary="------------iC5uW0YI0OqufC4h0AmvPaCr"
+
+--------------iC5uW0YI0OqufC4h0AmvPaCr
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 7bit
+
+
+--------------iC5uW0YI0OqufC4h0AmvPaCr
+Content-Type: text/html; charset=UTF-8
+Content-Transfer-Encoding: 7bit
+
+<html>
+ <head>
+
+ <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+ </head>
+ <body>
+ <br>
+ </body>
+</html>
+--------------iC5uW0YI0OqufC4h0AmvPaCr--
+
+--------------hAgW8a3LP3BWlJ9fOS2eb04F
+Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document;
+ name="uridoc.docx"
+Content-Disposition: attachment; filename="uridoc.docx"
+Content-Transfer-Encoding: base64
+
+UEsDBBQACAgIAEJ8d1MAAAAAAAAAAAAAAAALAAAAX3JlbHMvLnJlbHOtkk1LA0EMhu/9FUPu
+3WwriMjO9iJCbyL1B4SZ7O7Qzgczaa3/3kEKulCKoMe8efPwHNJtzv6gTpyLi0HDqmlBcTDR
+ujBqeNs9Lx9g0y+6Vz6Q1EqZXCqq3oSiYRJJj4jFTOypNDFxqJshZk9SxzxiIrOnkXHdtveY
+fzKgnzHV1mrIW7sCtftI/Dc2ehayJIQmZl6mXK+zOC4VTnlk0WCjealx+Wo0lQx4XWj9e6E4
+DM7wUzRHz0GuefFZOFi2t5UopVtGd/9pNG98y7zHbNFe4ovNosPZG/SfUEsHCOjQASPZAAAA
+PQIAAFBLAwQUAAgICABCfHdTAAAAAAAAAAAAAAAAEQAAAGRvY1Byb3BzL2NvcmUueG1sjVJd
+T8IwFH33Vyx9H12HELPASNSQmEhi4ozGt9peRnXrmvbC4N/bbWyg8uDbPfecnvvV2WJfFsEO
+rFOVnhM2ikgAWlRS6XxOXrJleEMCh1xLXlQa5uQAjizSq5kwiagsPNnKgEUFLvBG2iXCzMkG
+0SSUOrGBkruRV2hPritbcvTQ5tRw8cVzoHEUTWkJyCVHThvD0AyO5GgpxWBptrZoDaSgUEAJ
+Gh1lI0ZPWgRbuosPWuZMWSo8GLgo7clBvXdqENZ1ParHrdT3z+jb6vG5HTVUulmVAJLOjo0k
+wgJHkIE3SLpyPfM6vrvPliSNo5iFjIXxOGPTZBwnk5v3Gf31vjHs4sqmDXsCPpbghFUG/Q07
+8kfC44LrfOsXnioMH7JWMqSaUxbc4coffa1A3h68x4Vc31F5zP1/pOskmpyN1Bu0lS3sVPP3
+UtYWHWDTtdt+fILAbqQB+BgVFtCl+/DPf0y/AVBLBwjh3s3VYwEAANsCAABQSwMEFAAICAgA
+Qnx3UwAAAAAAAAAAAAAAABAAAABkb2NQcm9wcy9hcHAueG1snZFNT8MwDIbv/Ioq2nVNN2BM
+U5qJD3GaxCTKxm0KidcGtUmUZNP273FXKBVHkotfv9Zjx2HLU1MnR/BBW5OTSZqRBIy0Spsy
+J2/F83hOkhCFUaK2BnJyhkCW/IqtvXXgo4aQIMGEnFQxugWlQVbQiJCibdDZW9+IiNKX1O73
+WsKTlYcGTKTTLJtROEUwCtTY9UDSERfH+F+osrKdL2yKs0MeZwU0rhYROKO/YWGjqAvdAJ9g
+uhfs3rlaSxFxI3ylPzy8XFrQu3Ta3tFKm8Np9z6f7WY3yaBgh0/4BNnOMHo46FqNp4wOYS15
+062aT27TDM+l4CfH1qKE0E7TBWxrvbroLmCPlfBCRizn18geyIG11bF6dULC36KBgZ28KL1w
+1Xe7XqHoP4J/AVBLBwi/3MlYKgEAAB4CAABQSwMEFAAICAgAQnx3UwAAAAAAAAAAAAAAABwA
+AAB3b3JkL19yZWxzL2RvY3VtZW50LnhtbC5yZWxzrZLPTsMwDMbve4ood5puIIRQ010G0g5c
+UHmA0LpNtNSJEoO2t8eDwTZpIA6VcvGf/L5PtqvldvTiHVJ2AbWcF6UUgG3oHA5avjSPV3dy
+Wc+qZ/CGuCVbF7PgP5i1tETxXqncWhhNLkIE5Eof0miIwzSoaNqNGUAtyvJWpVOGrM+YYt1p
+mdbdXIpmF+E/7ND3roVVaN9GQLogoTLtPGQmmjQAafkVF8yR6rL8Ykp5y6TkHW6ODvbYvOdG
+w9jMz2FheEoWPqHfnU+hYxMPW4KE5le311O67QNSY149HN3+pP4a2c2kGwMivrzTnR0yBwuz
+Sp2dYv0BUEsHCNLpPe72AAAAwQIAAFBLAwQUAAgICABCfHdTAAAAAAAAAAAAAAAAEQAAAHdv
+cmQvZG9jdW1lbnQueG1spZTbjpswEIbv+xTI9wmwu1qlaMneRK0itatISR/AMQbc9Uljk2z6
+9B2DgT1IVdS9wdie+Wb+35iHxxclkxMHJ4wuSb7MSMI1M5XQTUl+Hb4tViRxnuqKSqN5SS7c
+kcf1l4dzURnWKa59ggTtClOSDnThWMsVdQslGBhnar9gRhWmrgXjcSAxA0rSem+LNI1JS2O5
+xr3agKIep9CkQ8om1kpvsuw+BS6px35dK6wbaad/1T8pOcadr6l6NlBZMIw7h0YoOdRVVOgJ
+k2dXCA6cKcNeU7kCen5V8m0jm2FzJroPyKmNJbYR3espyMuzd7x9Sy2fac3naN/BdHakKXaN
+WkXhubPBMYsnehRS+EsvfG4qv/tcV+89+z9e+H4UK7aNNkCPEi8CgpLQHVnjXTia6hJG2z92
+0A97f5E8ORcnKkvyFFRLkvbRohLjejYs/WbjguS1H9YgcNJ5jNz2YjlIoZ8TKERVEthWN30T
+MCXh8Kb4VnsOmvsfmBXY6RTn18ELF8ywFL1wNJi2pJaiN/0RhWA/pPTPqfzQU4A4znzE4eZY
+VPMXv6MNH8TYZv8Hd/D25fnXcL5Iwvf71e1qDPhJAVeD/hB0exdiQDTtq2nTeVQSXAv5nFbT
+xBs7h9XGzGFH471RcTOWeurUYWi1VoivOBPT6YTvcwfGjzpqKl0U4VHSRgDKxb/PdGBwOEZT
+RyPS8YtI59/k+i9QSwcIwJVw+BgCAABrBQAAUEsDBBQACAgIAEJ8d1MAAAAAAAAAAAAAAAAP
+AAAAd29yZC9zdHlsZXMueG1szVVdT9swFH3fr4j8XhIQYlVFQKwI0Q1108p+gOvcNFYd27Md
+2vLrd50PljYpHwVp60MTnxtfn3vuyc355ToXwQMYy5WMyfFRRAKQTCVcLmLy6/5mMCSBdVQm
+VCgJMdmAJZcXn85XI+s2AmyA+6UdrWKSOadHYWhZBjm1R0qDxFiqTE4dLs0iXCmTaKMYWIvp
+cxGeRNFZmFMuSZPm+LSTKOfMKKtSd8RUHqo05QzKVLj9OCrvctEkyNlriOTULAs9wHyaOj7n
+grtNSYYEORtNFlIZOhdYLfIhF1hrotg1pLQQzvql+WHqZb0qLzdKOhusRtQyzmNyx+dgML2S
+wQwMTwmGsitp94SAWndlOY3JVDkVzKi0wfjrt2A29lFmY3JtFE+qwDU8UEkX1HAS+rOXYCQ+
+9UBFTE4qyD4+AacNMra7mKBy0WDcDSb321Qes8F46qE5T5B3xgeTqd8Y1lWHu1ro3ZW/rHii
+VmNUxyhRMSm0NuiCq8Kp243OQD4Rc6aA+gRdn9DOGXZ6UdoQd7uNxoZpaujCUJ150mVoknhF
+sfei7KSkOTRn1XBJ6fdN6Y/wOdpehGZv1Cb5X3iAKaFMQ4+isv/cGqX+3R6xDJvEHJitHk0k
+IhLcHZfLTqfQJGCEj4QttbcqjvA3jKp40YB+zgjo1vO4Xu9UUwFVLX7xqkr63XYL1I/PbhE1
+XnmJWki+yz4rSli7Br/H+y8q2ew16RJAT1sbmvcH+WjKeFnyHHD4ge9s5InSFJXGWX/ydg+j
+7/ZYuI68y8EtXw57fDl8T1OehNztigcDH32xL7VMf3VFQ8LPwn8nytetRpDp5zPSkn1L9NM+
+0Q8t6o5b1ymoBPtq2fZSa7r2Nf/ZVh3Kd0y1d0uHcoO/1IEe/zefEhwbMC1yNKTd437v9ze4
+/wWv8up/bF89UQ8VbSITWHckq9APE+xgHT5gqjZ39uIPUEsHCJV/nbrNAgAAjgoAAFBLAwQU
+AAgICABCfHdTAAAAAAAAAAAAAAAAEgAAAHdvcmQvZm9udFRhYmxlLnhtbK1QQU7DMBC88wrL
+d+q0B4SiphUS4oR6oOUBW2fTWLLXkdck9Pe4TishyKGg3uyd2ZnZWa4/nRU9BjaeKjmfFVIg
+aV8bOlTyffdy/ygFR6AarCes5BFZrld3y6FsPEUWaZ24HCrZxtiVSrFu0QHPfIeUsMYHBzF9
+w0ENPtRd8BqZk7qzalEUD8qBIXmWCdfI+KYxGp+9/nBIcRQJaCGmC7g1HcvVOZ0YSgKXQu+M
+QxYbHMSbd0CZoFsIjCdOD7aSRSFV3gNn7PEyDZmegc5E3V7mPQQDe4snSI1mv0y3R7f3dtJr
+cWuvp0SZtpo8iwfD/E+rV7PHkMsWWwymya5g4yahF52ffaupZPNbl/A9GRBPBRt7uj7On4o6
+P3j1BVBLBwjBx9kIHQEAAFUDAABQSwMEFAAICAgAQnx3UwAAAAAAAAAAAAAAABEAAAB3b3Jk
+L3NldHRpbmdzLnhtbGWQPW7DMAyF957C0N5ICdA/I3a2okunpAdgZDoWIImCRMd1T1+mRuCh
+G8XvkY9P+8N38NUVc3EUG7XdGFVhtNS5eGnU1+n98VVVhSF24Clio2Ys6tA+7Ke6ILOoSiUb
+YqmnRg3Mqda62AEDlA0ljMJ6ygFYnvmiJ8pdymSxFBkNXu+MedYBXFStrPwhCtVUJ8wWI8s5
+xih9Ax32MHo+wfnIlERyBd+oF/O2YBiZPuY0YASWHHfOecRFYCkk4LU6LreLMEKQVEvXnZ13
+PH9Sh0rQmN2/TMHZTIV63siIpr53Fv9Sqbvp9ulmqVdPvX5V+wtQSwcInYQHjPEAAABvAQAA
+UEsDBBQACAgIAEJ8d1MAAAAAAAAAAAAAAAATAAAAW0NvbnRlbnRfVHlwZXNdLnhtbL2Uy07D
+MBBF9/2KyFuUuLBACCXpgscSughrZOxJaogfst3S/j3jNKpQFZoChWU8c++ZuU6Sz9aqTVbg
+vDS6IOfZlCSguRFSNwV5qu7TKzIrJ3m1seAT7NW+IIsQ7DWlni9AMZ8ZCxortXGKBXx0DbWM
+v7EG6MV0ekm50QF0SEP0IGV+CzVbtiG5W+Pxlotyktxs+yKqIMzaVnIWsExjlQ7qHLT+gHCl
+xd50aT9Zhsquxy+k9WdfE6xu9gBSxc3i+bDi1cKwpCug5hHjdlJAMmcuPDCFDfQ5bkKzE+8z
+RBKGz52xHq/FQXY4+AO8qE4tGoELEo4jovX3gaauJQf0WCqUZBCDFiCOZL8bJ/pwdxbY/h9B
+d+jP0F/tHd1wZQ7e46eJG+wqikk9OocPmxb86afY+o7ia0RW7KX9wQs3NsHOejwDCAE1f5FC
+79yPMMlp978sPwBQSwcIC9URx1QBAABeBQAAUEsBAhQAFAAICAgAQnx3U+jQASPZAAAAPQIA
+AAsAAAAAAAAAAAAAAAAAAAAAAF9yZWxzLy5yZWxzUEsBAhQAFAAICAgAQnx3U+HezdVjAQAA
+2wIAABEAAAAAAAAAAAAAAAAAEgEAAGRvY1Byb3BzL2NvcmUueG1sUEsBAhQAFAAICAgAQnx3
+U7/cyVgqAQAAHgIAABAAAAAAAAAAAAAAAAAAtAIAAGRvY1Byb3BzL2FwcC54bWxQSwECFAAU
+AAgICABCfHdT0uk97vYAAADBAgAAHAAAAAAAAAAAAAAAAAAcBAAAd29yZC9fcmVscy9kb2N1
+bWVudC54bWwucmVsc1BLAQIUABQACAgIAEJ8d1PAlXD4GAIAAGsFAAARAAAAAAAAAAAAAAAA
+AFwFAAB3b3JkL2RvY3VtZW50LnhtbFBLAQIUABQACAgIAEJ8d1OVf526zQIAAI4KAAAPAAAA
+AAAAAAAAAAAAALMHAAB3b3JkL3N0eWxlcy54bWxQSwECFAAUAAgICABCfHdTwcfZCB0BAABV
+AwAAEgAAAAAAAAAAAAAAAAC9CgAAd29yZC9mb250VGFibGUueG1sUEsBAhQAFAAICAgAQnx3
+U52EB4zxAAAAbwEAABEAAAAAAAAAAAAAAAAAGgwAAHdvcmQvc2V0dGluZ3MueG1sUEsBAhQA
+FAAICAgAQnx3UwvVEcdUAQAAXgUAABMAAAAAAAAAAAAAAAAASg0AAFtDb250ZW50X1R5cGVz
+XS54bWxQSwUGAAAAAAkACQA8AgAA3w4AAAAA
+--------------hAgW8a3LP3BWlJ9fOS2eb04F--
+
Modified: spamassassin/trunk/t/olevbmacro.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/olevbmacro.t?rev=1895271&r1=1895270&r2=1895271&view=diff
==============================================================================
--- spamassassin/trunk/t/olevbmacro.t (original)
+++ spamassassin/trunk/t/olevbmacro.t Tue Nov 23 15:47:31 2021
@@ -9,7 +9,7 @@ use constant HAS_IO_STRING => eval { req
use Test::More;
plan skip_all => 'Need Archive::Zip for this test' unless HAS_ARCHIVE_ZIP;
plan skip_all => 'Need IO::String for this test' unless HAS_IO_STRING;
-plan tests => 7;
+plan tests => 8;
tstlocalrules (q{
loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro
@@ -28,6 +28,8 @@ tstlocalrules (q{
score OLEMACRO_ZIP_PW 0.1
body OLEMACRO_CSV eval:check_olemacro_csv()
score OLEMACRO_CSV 0.1
+ body OLEMACRO_TURI eval:check_olemacro_redirect_uri()
+ score OLEMACRO_TURI 0.1
});
@@ -87,3 +89,10 @@ ok_all_patterns();
sarun ("-L -t < data/spam/olevbmacro/goodcsv.eml", \&patterns_run_cb);
ok_all_patterns();
+%patterns = (
+ q{ OLEMACRO_TURI }, 'OLEMACRO_TURI',
+);
+%anti_patterns = ();
+
+sarun ("-L -t < data/spam/olevbmacro/target_uri.eml", \&patterns_run_cb);
+ok_all_patterns();
Date: Tue Nov 23 15:47:31 2021
New Revision: 1895271
URL: http://svn.apache.org/viewvc?rev=1895271&view=rev
Log:
improve logging and add regression tests for check_olemacro_redirect_uri()
Added:
spamassassin/trunk/t/data/spam/olevbmacro/target_uri.eml
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm
spamassassin/trunk/t/olevbmacro.t
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm?rev=1895271&r1=1895270&r2=1895271&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/OLEVBMacro.pm Tue Nov 23 15:47:31 2021
@@ -499,7 +499,13 @@ sub check_olemacro_redirect_uri {
_check_attachments(@_) unless exists $pms->{olemacro_redirect_uri};
- return $pms->{olemacro_redirect_uri};
+ my $rulename = $pms->get_current_eval_rule_name();
+ if(defined $pms->{olemacro_redirect_uri}) {
+ $pms->test_log("$pms->{olemacro_redirect_uri}", $rulename);
+ $pms->got_hit($rulename, "", ruletype => 'eval');
+ return 1;
+ }
+ return 0;
}
sub _check_attachments {
@@ -849,6 +855,7 @@ sub _check_macrotype_doc {
my @rels = $zip->membersMatching('.*\.rels');
my @relations;
+ my $target_uri;
if(not defined $pms->{olemacro_redirect_uri}) {
foreach my $rel ( @rels ) {
dbg("Found " . $rel->fileName . " configuration file");
@@ -856,8 +863,10 @@ sub _check_macrotype_doc {
@relations = split(/Relationship\s/, $data);
foreach my $rls ( @relations ) {
if (($status == $az_ok) && ($rls =~ /Target=\"(https?\:\/\/[^"']*)\".*TargetMode=\"External\"/is)) {
- $pms->{olemacro_redirect_uri} = 1;
- $pms->add_uri_detail_list($1) if defined $1;
+ $target_uri = $1;
+ dbg("Found target uri $target_uri");
+ $pms->add_uri_detail_list($target_uri) if defined $target_uri;
+ $pms->{olemacro_redirect_uri} = $target_uri;
}
}
}
Added: spamassassin/trunk/t/data/spam/olevbmacro/target_uri.eml
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/data/spam/olevbmacro/target_uri.eml?rev=1895271&view=auto
==============================================================================
--- spamassassin/trunk/t/data/spam/olevbmacro/target_uri.eml (added)
+++ spamassassin/trunk/t/data/spam/olevbmacro/target_uri.eml Tue Nov 23 15:47:31 2021
@@ -0,0 +1,123 @@
+Date: Mon, 11 Nov 2019 16:27:11 +0100
+From: spammer@example.com
+To: victim@example.com
+Subject: Macro
+Message-ID: <20191111152711.GC97706@example.com>
+MIME-Version: 1.0
+Content-Type: multipart/mixed; boundary="------------hAgW8a3LP3BWlJ9fOS2eb04F"
+
+This is a multi-part message in MIME format.
+--------------hAgW8a3LP3BWlJ9fOS2eb04F
+Content-Type: multipart/alternative;
+ boundary="------------iC5uW0YI0OqufC4h0AmvPaCr"
+
+--------------iC5uW0YI0OqufC4h0AmvPaCr
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 7bit
+
+
+--------------iC5uW0YI0OqufC4h0AmvPaCr
+Content-Type: text/html; charset=UTF-8
+Content-Transfer-Encoding: 7bit
+
+<html>
+ <head>
+
+ <meta http-equiv="content-type" content="text/html; charset=UTF-8">
+ </head>
+ <body>
+ <br>
+ </body>
+</html>
+--------------iC5uW0YI0OqufC4h0AmvPaCr--
+
+--------------hAgW8a3LP3BWlJ9fOS2eb04F
+Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document;
+ name="uridoc.docx"
+Content-Disposition: attachment; filename="uridoc.docx"
+Content-Transfer-Encoding: base64
+
+UEsDBBQACAgIAEJ8d1MAAAAAAAAAAAAAAAALAAAAX3JlbHMvLnJlbHOtkk1LA0EMhu/9FUPu
+3WwriMjO9iJCbyL1B4SZ7O7Qzgczaa3/3kEKulCKoMe8efPwHNJtzv6gTpyLi0HDqmlBcTDR
+ujBqeNs9Lx9g0y+6Vz6Q1EqZXCqq3oSiYRJJj4jFTOypNDFxqJshZk9SxzxiIrOnkXHdtveY
+fzKgnzHV1mrIW7sCtftI/Dc2ehayJIQmZl6mXK+zOC4VTnlk0WCjealx+Wo0lQx4XWj9e6E4
+DM7wUzRHz0GuefFZOFi2t5UopVtGd/9pNG98y7zHbNFe4ovNosPZG/SfUEsHCOjQASPZAAAA
+PQIAAFBLAwQUAAgICABCfHdTAAAAAAAAAAAAAAAAEQAAAGRvY1Byb3BzL2NvcmUueG1sjVJd
+T8IwFH33Vyx9H12HELPASNSQmEhi4ozGt9peRnXrmvbC4N/bbWyg8uDbPfecnvvV2WJfFsEO
+rFOVnhM2ikgAWlRS6XxOXrJleEMCh1xLXlQa5uQAjizSq5kwiagsPNnKgEUFLvBG2iXCzMkG
+0SSUOrGBkruRV2hPritbcvTQ5tRw8cVzoHEUTWkJyCVHThvD0AyO5GgpxWBptrZoDaSgUEAJ
+Gh1lI0ZPWgRbuosPWuZMWSo8GLgo7clBvXdqENZ1ParHrdT3z+jb6vG5HTVUulmVAJLOjo0k
+wgJHkIE3SLpyPfM6vrvPliSNo5iFjIXxOGPTZBwnk5v3Gf31vjHs4sqmDXsCPpbghFUG/Q07
+8kfC44LrfOsXnioMH7JWMqSaUxbc4coffa1A3h68x4Vc31F5zP1/pOskmpyN1Bu0lS3sVPP3
+UtYWHWDTtdt+fILAbqQB+BgVFtCl+/DPf0y/AVBLBwjh3s3VYwEAANsCAABQSwMEFAAICAgA
+Qnx3UwAAAAAAAAAAAAAAABAAAABkb2NQcm9wcy9hcHAueG1snZFNT8MwDIbv/Ioq2nVNN2BM
+U5qJD3GaxCTKxm0KidcGtUmUZNP273FXKBVHkotfv9Zjx2HLU1MnR/BBW5OTSZqRBIy0Spsy
+J2/F83hOkhCFUaK2BnJyhkCW/IqtvXXgo4aQIMGEnFQxugWlQVbQiJCibdDZW9+IiNKX1O73
+WsKTlYcGTKTTLJtROEUwCtTY9UDSERfH+F+osrKdL2yKs0MeZwU0rhYROKO/YWGjqAvdAJ9g
+uhfs3rlaSxFxI3ylPzy8XFrQu3Ta3tFKm8Np9z6f7WY3yaBgh0/4BNnOMHo46FqNp4wOYS15
+062aT27TDM+l4CfH1qKE0E7TBWxrvbroLmCPlfBCRizn18geyIG11bF6dULC36KBgZ28KL1w
+1Xe7XqHoP4J/AVBLBwi/3MlYKgEAAB4CAABQSwMEFAAICAgAQnx3UwAAAAAAAAAAAAAAABwA
+AAB3b3JkL19yZWxzL2RvY3VtZW50LnhtbC5yZWxzrZLPTsMwDMbve4ood5puIIRQ010G0g5c
+UHmA0LpNtNSJEoO2t8eDwTZpIA6VcvGf/L5PtqvldvTiHVJ2AbWcF6UUgG3oHA5avjSPV3dy
+Wc+qZ/CGuCVbF7PgP5i1tETxXqncWhhNLkIE5Eof0miIwzSoaNqNGUAtyvJWpVOGrM+YYt1p
+mdbdXIpmF+E/7ND3roVVaN9GQLogoTLtPGQmmjQAafkVF8yR6rL8Ykp5y6TkHW6ODvbYvOdG
+w9jMz2FheEoWPqHfnU+hYxMPW4KE5le311O67QNSY149HN3+pP4a2c2kGwMivrzTnR0yBwuz
+Sp2dYv0BUEsHCNLpPe72AAAAwQIAAFBLAwQUAAgICABCfHdTAAAAAAAAAAAAAAAAEQAAAHdv
+cmQvZG9jdW1lbnQueG1spZTbjpswEIbv+xTI9wmwu1qlaMneRK0itatISR/AMQbc9Uljk2z6
+9B2DgT1IVdS9wdie+Wb+35iHxxclkxMHJ4wuSb7MSMI1M5XQTUl+Hb4tViRxnuqKSqN5SS7c
+kcf1l4dzURnWKa59ggTtClOSDnThWMsVdQslGBhnar9gRhWmrgXjcSAxA0rSem+LNI1JS2O5
+xr3agKIep9CkQ8om1kpvsuw+BS6px35dK6wbaad/1T8pOcadr6l6NlBZMIw7h0YoOdRVVOgJ
+k2dXCA6cKcNeU7kCen5V8m0jm2FzJroPyKmNJbYR3espyMuzd7x9Sy2fac3naN/BdHakKXaN
+WkXhubPBMYsnehRS+EsvfG4qv/tcV+89+z9e+H4UK7aNNkCPEi8CgpLQHVnjXTia6hJG2z92
+0A97f5E8ORcnKkvyFFRLkvbRohLjejYs/WbjguS1H9YgcNJ5jNz2YjlIoZ8TKERVEthWN30T
+MCXh8Kb4VnsOmvsfmBXY6RTn18ELF8ywFL1wNJi2pJaiN/0RhWA/pPTPqfzQU4A4znzE4eZY
+VPMXv6MNH8TYZv8Hd/D25fnXcL5Iwvf71e1qDPhJAVeD/hB0exdiQDTtq2nTeVQSXAv5nFbT
+xBs7h9XGzGFH471RcTOWeurUYWi1VoivOBPT6YTvcwfGjzpqKl0U4VHSRgDKxb/PdGBwOEZT
+RyPS8YtI59/k+i9QSwcIwJVw+BgCAABrBQAAUEsDBBQACAgIAEJ8d1MAAAAAAAAAAAAAAAAP
+AAAAd29yZC9zdHlsZXMueG1szVVdT9swFH3fr4j8XhIQYlVFQKwI0Q1108p+gOvcNFYd27Md
+2vLrd50PljYpHwVp60MTnxtfn3vuyc355ToXwQMYy5WMyfFRRAKQTCVcLmLy6/5mMCSBdVQm
+VCgJMdmAJZcXn85XI+s2AmyA+6UdrWKSOadHYWhZBjm1R0qDxFiqTE4dLs0iXCmTaKMYWIvp
+cxGeRNFZmFMuSZPm+LSTKOfMKKtSd8RUHqo05QzKVLj9OCrvctEkyNlriOTULAs9wHyaOj7n
+grtNSYYEORtNFlIZOhdYLfIhF1hrotg1pLQQzvql+WHqZb0qLzdKOhusRtQyzmNyx+dgML2S
+wQwMTwmGsitp94SAWndlOY3JVDkVzKi0wfjrt2A29lFmY3JtFE+qwDU8UEkX1HAS+rOXYCQ+
+9UBFTE4qyD4+AacNMra7mKBy0WDcDSb321Qes8F46qE5T5B3xgeTqd8Y1lWHu1ro3ZW/rHii
+VmNUxyhRMSm0NuiCq8Kp243OQD4Rc6aA+gRdn9DOGXZ6UdoQd7uNxoZpaujCUJ150mVoknhF
+sfei7KSkOTRn1XBJ6fdN6Y/wOdpehGZv1Cb5X3iAKaFMQ4+isv/cGqX+3R6xDJvEHJitHk0k
+IhLcHZfLTqfQJGCEj4QttbcqjvA3jKp40YB+zgjo1vO4Xu9UUwFVLX7xqkr63XYL1I/PbhE1
+XnmJWki+yz4rSli7Br/H+y8q2ew16RJAT1sbmvcH+WjKeFnyHHD4ge9s5InSFJXGWX/ydg+j
+7/ZYuI68y8EtXw57fDl8T1OehNztigcDH32xL7VMf3VFQ8LPwn8nytetRpDp5zPSkn1L9NM+
+0Q8t6o5b1ymoBPtq2fZSa7r2Nf/ZVh3Kd0y1d0uHcoO/1IEe/zefEhwbMC1yNKTd437v9ze4
+/wWv8up/bF89UQ8VbSITWHckq9APE+xgHT5gqjZ39uIPUEsHCJV/nbrNAgAAjgoAAFBLAwQU
+AAgICABCfHdTAAAAAAAAAAAAAAAAEgAAAHdvcmQvZm9udFRhYmxlLnhtbK1QQU7DMBC88wrL
+d+q0B4SiphUS4oR6oOUBW2fTWLLXkdck9Pe4TishyKGg3uyd2ZnZWa4/nRU9BjaeKjmfFVIg
+aV8bOlTyffdy/ygFR6AarCes5BFZrld3y6FsPEUWaZ24HCrZxtiVSrFu0QHPfIeUsMYHBzF9
+w0ENPtRd8BqZk7qzalEUD8qBIXmWCdfI+KYxGp+9/nBIcRQJaCGmC7g1HcvVOZ0YSgKXQu+M
+QxYbHMSbd0CZoFsIjCdOD7aSRSFV3gNn7PEyDZmegc5E3V7mPQQDe4snSI1mv0y3R7f3dtJr
+cWuvp0SZtpo8iwfD/E+rV7PHkMsWWwymya5g4yahF52ffaupZPNbl/A9GRBPBRt7uj7On4o6
+P3j1BVBLBwjBx9kIHQEAAFUDAABQSwMEFAAICAgAQnx3UwAAAAAAAAAAAAAAABEAAAB3b3Jk
+L3NldHRpbmdzLnhtbGWQPW7DMAyF957C0N5ICdA/I3a2okunpAdgZDoWIImCRMd1T1+mRuCh
+G8XvkY9P+8N38NUVc3EUG7XdGFVhtNS5eGnU1+n98VVVhSF24Clio2Ys6tA+7Ke6ILOoSiUb
+YqmnRg3Mqda62AEDlA0ljMJ6ygFYnvmiJ8pdymSxFBkNXu+MedYBXFStrPwhCtVUJ8wWI8s5
+xih9Ax32MHo+wfnIlERyBd+oF/O2YBiZPuY0YASWHHfOecRFYCkk4LU6LreLMEKQVEvXnZ13
+PH9Sh0rQmN2/TMHZTIV63siIpr53Fv9Sqbvp9ulmqVdPvX5V+wtQSwcInYQHjPEAAABvAQAA
+UEsDBBQACAgIAEJ8d1MAAAAAAAAAAAAAAAATAAAAW0NvbnRlbnRfVHlwZXNdLnhtbL2Uy07D
+MBBF9/2KyFuUuLBACCXpgscSughrZOxJaogfst3S/j3jNKpQFZoChWU8c++ZuU6Sz9aqTVbg
+vDS6IOfZlCSguRFSNwV5qu7TKzIrJ3m1seAT7NW+IIsQ7DWlni9AMZ8ZCxortXGKBXx0DbWM
+v7EG6MV0ekm50QF0SEP0IGV+CzVbtiG5W+Pxlotyktxs+yKqIMzaVnIWsExjlQ7qHLT+gHCl
+xd50aT9Zhsquxy+k9WdfE6xu9gBSxc3i+bDi1cKwpCug5hHjdlJAMmcuPDCFDfQ5bkKzE+8z
+RBKGz52xHq/FQXY4+AO8qE4tGoELEo4jovX3gaauJQf0WCqUZBCDFiCOZL8bJ/pwdxbY/h9B
+d+jP0F/tHd1wZQ7e46eJG+wqikk9OocPmxb86afY+o7ia0RW7KX9wQs3NsHOejwDCAE1f5FC
+79yPMMlp978sPwBQSwcIC9URx1QBAABeBQAAUEsBAhQAFAAICAgAQnx3U+jQASPZAAAAPQIA
+AAsAAAAAAAAAAAAAAAAAAAAAAF9yZWxzLy5yZWxzUEsBAhQAFAAICAgAQnx3U+HezdVjAQAA
+2wIAABEAAAAAAAAAAAAAAAAAEgEAAGRvY1Byb3BzL2NvcmUueG1sUEsBAhQAFAAICAgAQnx3
+U7/cyVgqAQAAHgIAABAAAAAAAAAAAAAAAAAAtAIAAGRvY1Byb3BzL2FwcC54bWxQSwECFAAU
+AAgICABCfHdT0uk97vYAAADBAgAAHAAAAAAAAAAAAAAAAAAcBAAAd29yZC9fcmVscy9kb2N1
+bWVudC54bWwucmVsc1BLAQIUABQACAgIAEJ8d1PAlXD4GAIAAGsFAAARAAAAAAAAAAAAAAAA
+AFwFAAB3b3JkL2RvY3VtZW50LnhtbFBLAQIUABQACAgIAEJ8d1OVf526zQIAAI4KAAAPAAAA
+AAAAAAAAAAAAALMHAAB3b3JkL3N0eWxlcy54bWxQSwECFAAUAAgICABCfHdTwcfZCB0BAABV
+AwAAEgAAAAAAAAAAAAAAAAC9CgAAd29yZC9mb250VGFibGUueG1sUEsBAhQAFAAICAgAQnx3
+U52EB4zxAAAAbwEAABEAAAAAAAAAAAAAAAAAGgwAAHdvcmQvc2V0dGluZ3MueG1sUEsBAhQA
+FAAICAgAQnx3UwvVEcdUAQAAXgUAABMAAAAAAAAAAAAAAAAASg0AAFtDb250ZW50X1R5cGVz
+XS54bWxQSwUGAAAAAAkACQA8AgAA3w4AAAAA
+--------------hAgW8a3LP3BWlJ9fOS2eb04F--
+
Modified: spamassassin/trunk/t/olevbmacro.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/olevbmacro.t?rev=1895271&r1=1895270&r2=1895271&view=diff
==============================================================================
--- spamassassin/trunk/t/olevbmacro.t (original)
+++ spamassassin/trunk/t/olevbmacro.t Tue Nov 23 15:47:31 2021
@@ -9,7 +9,7 @@ use constant HAS_IO_STRING => eval { req
use Test::More;
plan skip_all => 'Need Archive::Zip for this test' unless HAS_ARCHIVE_ZIP;
plan skip_all => 'Need IO::String for this test' unless HAS_IO_STRING;
-plan tests => 7;
+plan tests => 8;
tstlocalrules (q{
loadplugin Mail::SpamAssassin::Plugin::OLEVBMacro
@@ -28,6 +28,8 @@ tstlocalrules (q{
score OLEMACRO_ZIP_PW 0.1
body OLEMACRO_CSV eval:check_olemacro_csv()
score OLEMACRO_CSV 0.1
+ body OLEMACRO_TURI eval:check_olemacro_redirect_uri()
+ score OLEMACRO_TURI 0.1
});
@@ -87,3 +89,10 @@ ok_all_patterns();
sarun ("-L -t < data/spam/olevbmacro/goodcsv.eml", \&patterns_run_cb);
ok_all_patterns();
+%patterns = (
+ q{ OLEMACRO_TURI }, 'OLEMACRO_TURI',
+);
+%anti_patterns = ();
+
+sarun ("-L -t < data/spam/olevbmacro/target_uri.eml", \&patterns_run_cb);
+ok_all_patterns();