From 140e36081cb2f3dff39d7b9b03716476db3ac836 Mon Sep 17 00:00:00 2001 From: decalage2 Date: Thu, 7 Apr 2022 23:27:24 +0200 Subject: [PATCH] ftguess: added XLSB format, fixes #758 --- oletools/ftguess.py | 16 ++++++++++++---- setup.py | 2 +- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/oletools/ftguess.py b/oletools/ftguess.py index 4dac38f..3391da4 100644 --- a/oletools/ftguess.py +++ b/oletools/ftguess.py @@ -13,7 +13,7 @@ http://www.decalage.info/python/oletools #=== LICENSE ================================================================= -# ftguess is copyright (c) 2018-2021, Philippe Lagadec (http://www.decalage.info) +# ftguess is copyright (c) 2018-2022, Philippe Lagadec (http://www.decalage.info) # All rights reserved. # # Redistribution and use in source and binary forms, with or without modification, @@ -43,7 +43,7 @@ from __future__ import print_function # 2018-07-04 v0.54 PL: - first version # 2021-05-09 v0.60 PL: - -__version__ = '0.60.1.dev4' +__version__ = '0.60.1.dev8' # ------------------------------------------------------------------------------ # TODO: @@ -172,7 +172,7 @@ class FTYPE(object): POWERPOINT2007_PPSX = 'Powerpoint2007_PPSX' POWERPOINT2007_PPTM = 'Powerpoint2007_PPTM' POWERPOINT2007_PPSM = 'Powerpoint2007_PPSM' - # TODO: XLSB, DOCM, PPTM, PPSX, PPSM, ... + # TODO: DOCM, PPTM, PPSX, PPSM, ... XPS = 'XPS' RTF = 'RTF' HTML = 'HTML' @@ -582,6 +582,14 @@ class FType_Excel2007_XLSM (FType_Excel2007): content_types = ('application/vnd.ms-excel.sheet.macroEnabled.12',) PUID = 'fmt/445' +class FType_Excel2007_XLSB (FType_Excel2007): + filetype = FTYPE.EXCEL2007_XLSB + name = 'MS Excel 2007+ Binary Workbook' + longname = 'MS Excel 2007+ Binary Workbook (.xlsb)' + extensions = ['xlsb'] + content_types = ('application/vnd.ms-excel.sheet.binary.macroEnabled.12',) + PUID = 'fmt/595' + class FType_Excel2007_Template(FType_Excel2007): filetype = FTYPE.EXCEL2007_XLTX name = 'MS Excel 2007+ Template' @@ -682,7 +690,7 @@ openxml_ftypes = { # EXCEL 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet.main+xml': FType_Excel2007_XLSX, 'application/vnd.ms-excel.sheet.macroEnabled.main+xml': FType_Excel2007_XLSM, - 'application/vnd.ms-excel.sheet.binary.macroEnabled.main': None, + 'application/vnd.ms-excel.sheet.binary.macroEnabled.main': FType_Excel2007_XLSB, 'application/vnd.openxmlformats-officedocument.spreadsheetml.template.main+xml': FType_Excel2007_Template, 'application/vnd.ms-excel.template.macroEnabled.main+xml': FType_Excel2007_Template_Macro, 'application/vnd.ms-excel.addin.macroEnabled.main+xml': FType_Excel2007_Addin_Macro, diff --git a/setup.py b/setup.py index 3b58b01..7febda7 100644 --- a/setup.py +++ b/setup.py @@ -55,7 +55,7 @@ import os, fnmatch #--- METADATA ----------------------------------------------------------------- name = "oletools" -version = '0.60.1.dev7' +version = '0.60.1.dev8' desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR" long_desc = open('oletools/README.rst').read() author = "Philippe Lagadec" -- libgit2 0.21.4