From: Fabian Keil <fk@fabiankeil.de>
Date: Thu, 6 Feb 2025 13:56:56 +0000 (+0100)
Subject: Remove the obsolete ie-exploits filter
X-Git-Url: http://www.privoxy.org/gitweb/%22https:/static/@@?a=commitdiff_plain;h=62b68d363a7e71b;p=privoxy.git

Remove the obsolete ie-exploits filter

It doesn't actually reliably protect against Nimda, there never
were active maintainers and IE is obsolete anyway.

Also some virus scanners seem to be offended by the test case
for the filter in the source tarball.
---

diff --git a/tests/cts/content-filters/data/test33 b/tests/cts/content-filters/data/test33
deleted file mode 100644
index f1dc0db4..00000000
--- a/tests/cts/content-filters/data/test33
+++ /dev/null
@@ -1,99 +0,0 @@
-<testcase>
-<info>
-<keywords>
-HTTP
-HTTP GET
-filter ie-exploits
-</keywords>
-</info>
-
-<reply>
-<data>
-HTTP/1.1 200 OK
-Date: Thu, 22 Jul 2010 11:22:33 GMT
-Connection: close
-Content-Type: text/html
-X-Control: swsclose
-
-# Here are some strings the ie-exploits filter should filter:
-
-# pcrs command 1:
-
-f("javascript:location.replace('mk:@MSITStore:C:')");
-
-# pcrs command 2:
-
-<a href="http://www.example.org/%hex[%01]hex%@blafasel">
-<a href="http://www.example.org/%hex[%02]hex%@blafasel">
-<a href="http://www.example.org/%hex[%03]hex%@blafasel">
-
-<a href="http://www.example.org/%00@blafasel">
-<a href="http://www.example.org/%01@blafasel">
-<a href="http://www.example.org/%02@blafasel">
-
-# pcrs command 3:
-
-<script language="JavaScript">window.open("readme.eml", null, "resizable=no,top=6000,left=6000")</script>
-<script language="JavaScript">1;''.concat("readme.eml", null, "resizable=no,top=6000,left=6000")</script>
-</data>
-</reply>
-
-<proxy-reply>
-<data>
-HTTP/1.1 200 OK
-Date: Thu, 22 Jul 2010 11:22:33 GMT
-Connection: close
-Content-Type: text/html
-X-Control: swsclose
-Content-Length: 890
-
-# Here are some strings the ie-exploits filter should filter:
-
-# pcrs command 1:
-
-alert("This page looks like it tries to use a vulnerability described here:
- http://online.securityfocus.com/archive/1/298748/2002-11-02/2002-11-08/2");
-
-# pcrs command 2:
-
-<a href="http://www.example.org/MALICIOUS-LINK@blafasel">
-<a href="http://www.example.org/MALICIOUS-LINK@blafasel">
-<a href="http://www.example.org/MALICIOUS-LINK@blafasel">
-
-<a href="http://www.example.org/MALICIOUS-LINK@blafasel">
-<a href="http://www.example.org/MALICIOUS-LINK@blafasel">
-<a href="http://www.example.org/MALICIOUS-LINK@blafasel">
-
-# pcrs command 3:
-
-<br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>
-<br><font size="7"> WARNING: This Server is infected with <a href="http://www.cert.org/advisories/CA-2001-26.html">Nimda</a>!</font>
-</data>
-</proxy-reply>
-
-<client>
-<server>
-http
-</server>
-<name>
-+filter{ie-exploits}
-</name>
-<features>
-proxy
-</features>
-<command>
-http://%HOSTIP:%HTTPPORT/ie-exploits/%TESTNUMBER
-</command>
-</client>
-
-<verify>
-<protocol>
-GET /ie-exploits/%TESTNUMBER HTTP/1.1
-Host: %HOSTIP:%HTTPPORT
-User-Agent: curl/%VERSION
-Accept: */*
-Connection: close
-
-</protocol>
-</verify>
-</testcase>