[Test] Add functional tests for regexp mapsvstakhov-more-maps-features

4 files changed, 179 insertions, 0 deletions

diff --git a/test/functional/cases/270_regexp_maps.robot b/test/functional/cases/270_regexp_maps.robot
new file mode 100644
index 000000000..d89143bc8
--- /dev/null
+++ b/test/functional/cases/270_regexp_maps.robot
@@ -0,0 +1,48 @@
+*** Settings ***
+Test Setup      Rspamd Setup
+Test Teardown   Rspamd Teardown
+Library         ${RSPAMD_TESTDIR}/lib/rspamd.py
+Resource        ${RSPAMD_TESTDIR}/lib/rspamd.robot
+Variables       ${RSPAMD_TESTDIR}/lib/vars.py
+
+*** Variables ***
+${CONFIG}          ${RSPAMD_TESTDIR}/configs/regexp_maps.conf
+${MESSAGE1}        ${RSPAMD_TESTDIR}/messages/advance_fee_fraud.eml
+${MESSAGE2}        ${RSPAMD_TESTDIR}/messages/spam_message.eml
+${RSPAMD_SCOPE}    Test
+${RSPAMD_URL_TLD}  ${RSPAMD_TESTDIR}/../lua/unit/test_tld.dat
+
+*** Test Cases ***
+Advance Fee Fraud Detection
+    [Documentation]    Test that advance fee fraud rules match correctly
+    Scan File  ${MESSAGE1}
+    Expect Symbol  ADVANCE_FEE_2
+    Expect Symbol  ADVANCE_FEE_3
+    # Verify filtered options (no __ atoms, max 5 options)
+    ${symbols} =  Get From Dictionary  ${SCAN_RESULT}[symbols]  ADVANCE_FEE_2
+    ${options} =  Get From Dictionary  ${symbols}  options
+    ${options_count} =  Get Length  ${options}
+    Should Be True  ${options_count} <= 5  msg=Too many options: ${options_count}
+    FOR  ${option}  IN  @{options}
+        Should Not Match Regexp  ${option}  ^__  msg=Option should not start with __: ${option}
+    END
+
+Meta Rule Combination
+    [Documentation]    Test that meta rules correctly combine atom results
+    Scan File  ${MESSAGE1}
+    Expect Symbol With Score  ADVANCE_FEE_2  4.0
+    Expect Symbol With Score  ADVANCE_FEE_3  5.0
+
+No False Positives on Ham
+    [Documentation]    Test that regexp rules don't trigger on legitimate messages
+    Scan File  ${MESSAGE2}
+    Do Not Expect Symbol  ADVANCE_FEE_2
+    Do Not Expect Symbol  ADVANCE_FEE_3
+
+Atom Rules Availability
+    [Documentation]    Test that individual atom rules are available for combination
+    Scan File  ${MESSAGE1}
+    # These should be available internally but not shown as main results
+    # We test by ensuring the meta rules work correctly
+    Expect Symbol  ADVANCE_FEE_2
+    Expect Symbol  ADVANCE_FEE_3
diff --git a/test/functional/configs/maps/advance_fee_rules.map b/test/functional/configs/maps/advance_fee_rules.map
new file mode 100644
index 000000000..d07b25c71
--- /dev/null
+++ b/test/functional/configs/maps/advance_fee_rules.map
@@ -0,0 +1,43 @@
+# SpamAssassin-style rules for advance fee fraud detection (simplified for testing)
+
+# Individual atom rules (these detect specific patterns)
+header __FRAUD_VQE Subject =~ /^(?:Re:|\[.{1,10}\])?\s*(?:very )?urgent\s+(?:(?:and|&)\s+)?(?:confidential|assistance|business|attention|reply|response|help)\b/i
+
+body __FRAUD_DBI /(?:\bdollars?\b|\busd(?:ollars)?(?:[0-9]|\b)|\bus\$|\$[0-9,.]{6,}|\$[0-9].{0,8}[mb]illion|\$[0-9.,]{2,10} ?m|\beuros?\b|u[.]?s[.]? [0-9.]+ m)/i
+body __FRAUD_KJV /(?:claim|concerning) (?:the|this) money/i
+body __FRAUD_NEB /(?:government|bank) of nigeria/i
+body __FRAUD_XJR /(?:who was a|as a|an? honest|you being a|to any) foreigner/i
+body __FRAUD_JBU /\bforeign account\b/i
+body __FRAUD_XVW /\bhonest cooperation\b/i
+body __FRAUD_LTX /\bmilli?on (?:.{1,25} thousand\s*)?(?:(?:united states|u\.?s\.?) dollars|(?i:U\.?S\.?D?))\b/i
+body __FRAUD_PVN /as the beneficiary/i
+body __FRAUD_MQO /foreign (?:business partner|customer)/i
+body __FRAUD_TCC /foreign (?:offshore )?(?:bank|account)/i
+body __FRAUD_GBW /god gives .{1,10}second chance/i
+body __FRAUD_NRG /i am contacting you/i
+body __FRAUD_YPO /the total sum/i
+body __FRAUD_UOQ /vital documents/i
+body __FRAUD_BEP /\b(?:bank of nigeria|central bank of|trust bank|apex bank|amalgamated bank)\b/i
+body __FRAUD_DPR /\b(?:(?:respond|reply) (?:urgently|immediately)|(?:urgent|immediate|earliest) (?:reply|response))\b/i
+body __FRAUD_QXX /\b(?:my name is|i am) (?:mrs?|engr|barrister|dr|prince(?:ss)?)[. ]/i
+body __FRAUD_PTS /\b(?:ass?ass?inat(?:ed|ion)|murder(?:e?d)?|kill(?:ed|ing)\b[^.]{0,99}\b(?:war veterans|rebels?))\b/i
+body __FRAUD_TDP /\b(?:business partner(?:s|ship)?|silent partner(?:s|ship)?)\b/i
+body __FRAUD_AON /\b(?:confidential|private|alternate|alternative) (?:(?:e-? *)?mail)\b/i
+body __FRAUD_YWW /\bfurnish you with\b/i
+body __FRAUD_ULK /\baffidavits?\b/i
+body __FRAUD_IOU /\b(?:no risks?|risk-? *free|free of risks?|100% safe)\b/i
+body __FRAUD_IRT /\b(?:compliments? of the|dear friend|dear sir|yours faithfully|season'?s greetings)\b/i
+body __FRAUD_ETX /\byour\b[^.]{0,99}\b(?:contact (?:details|information)|private (?:e?[- ]?mail|telephone|tel|phone|fax))\b/i
+body __FRAUD_WDR /\bprivate lawyer\b/i
+
+# Meta rules that combine multiple atoms
+meta ADVANCE_FEE_2 (__FRAUD_KJV + __FRAUD_NEB + __FRAUD_XJR + __FRAUD_JBU + __FRAUD_XVW + __FRAUD_LTX + __FRAUD_PVN + __FRAUD_MQO + __FRAUD_TCC + __FRAUD_GBW + __FRAUD_NRG + __FRAUD_YPO + __FRAUD_UOQ + __FRAUD_DBI + __FRAUD_BEP + __FRAUD_DPR + __FRAUD_QXX + __FRAUD_PTS + __FRAUD_TDP + __FRAUD_AON + __FRAUD_YWW + __FRAUD_ULK + __FRAUD_IOU + __FRAUD_IRT + __FRAUD_ETX + __FRAUD_WDR > 2)
+
+meta ADVANCE_FEE_3 (__FRAUD_KJV + __FRAUD_NEB + __FRAUD_XJR + __FRAUD_JBU + __FRAUD_XVW + __FRAUD_LTX + __FRAUD_PVN + __FRAUD_MQO + __FRAUD_TCC + __FRAUD_GBW + __FRAUD_NRG + __FRAUD_YPO + __FRAUD_UOQ + __FRAUD_DBI + __FRAUD_BEP + __FRAUD_DPR + __FRAUD_QXX + __FRAUD_PTS + __FRAUD_TDP + __FRAUD_AON + __FRAUD_YWW + __FRAUD_ULK + __FRAUD_IOU + __FRAUD_IRT + __FRAUD_ETX + __FRAUD_WDR > 3)
+
+# Descriptions for the rules
+describe ADVANCE_FEE_2 Appears to be advance fee fraud (Nigerian 419) - moderate confidence
+describe ADVANCE_FEE_3 Appears to be advance fee fraud (Nigerian 419) - high confidence
+
+score ADVANCE_FEE_2 4.0
+score ADVANCE_FEE_3 5.0
\ No newline at end of file
diff --git a/test/functional/configs/regexp_maps.conf b/test/functional/configs/regexp_maps.conf
new file mode 100644
index 000000000..be4cd047b
--- /dev/null
+++ b/test/functional/configs/regexp_maps.conf
@@ -0,0 +1,51 @@
+.include(duplicate=append,priority=0) "{= env.TESTDIR =}/configs/plugins.conf"
+
+# Configure multimap for regexp rules testing
+multimap {
+  ADVANCE_FEE_SA_RULES {
+    type = "regexp_rules";
+    map = "{= env.TESTDIR =}/configs/maps/advance_fee_rules.map";
+    scope = "advance_fee_scope";
+    description = "Advance fee fraud detection rules";
+  }
+}
+
+# Override symbol scores for testing
+symbols {
+  ADVANCE_FEE_2 {
+    score = 4.0;
+    description = "Advance fee fraud pattern (medium confidence)";
+    group = "scam";
+  }
+  ADVANCE_FEE_3 {
+    score = 5.0;
+    description = "Advance fee fraud pattern (high confidence)";
+    group = "scam";
+  }
+}
+
+# Set required score for testing
+actions {
+  reject = 10;
+  add_header = 6;
+  greylist = 4;
+}
+
+# Enable necessary modules
+dmarc { }
+spf { }
+dkim { }
+
+# Module path for multimap
+modules {
+    path = "{= env.TESTDIR =}/../../src/plugins/lua/"
+}
+
+# Disable some modules that might interfere with testing
+rbl {
+  enabled = false;
+}
+
+fuzzy_check {
+  enabled = false;
+}
diff --git a/test/functional/messages/advance_fee_fraud.eml b/test/functional/messages/advance_fee_fraud.eml
new file mode 100644
index 000000000..d9b468b6a
--- /dev/null
+++ b/test/functional/messages/advance_fee_fraud.eml
@@ -0,0 +1,37 @@
+From: Prince John Doe <prince@nigeria-bank.com>
+To: recipient@example.com
+Subject: URGENT BUSINESS ASSISTANCE NEEDED
+Date: Thu, 26 Oct 2023 10:30:00 +0000
+Message-ID: <advance-fee-test@example.com>
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf-8
+
+Dear Friend,
+
+Compliments of the season. I am contacting you with utmost confidence
+regarding this money transfer opportunity that will be of mutual benefit
+to both of us.
+
+My name is Prince John Doe, director of the Central Bank of Nigeria.
+I am writing to you concerning the total sum of Twenty-Five Million
+United States Dollars ($25,000,000 USD) that belongs to a foreigner
+who died in a plane crash.
+
+As the beneficiary of this vast fortune, I need your honest cooperation
+to claim this money. The Government of Nigeria has approved this transfer
+to a foreign account, and you have been selected as a business partner
+to assist in this confidential transaction.
+
+This is a risk-free business proposal, and I can furnish you with
+all vital documents to prove the legitimacy of this transaction.
+Your private email and contact details are needed to proceed immediately.
+
+Please respond urgently through my private lawyer, as this requires
+your immediate attention. God gives everyone a second chance, and this
+is yours.
+
+Yours faithfully,
+Prince John Doe
+Director, Bank of Nigeria
+
+Note: This is 100% safe and no risk is involved.