Peter M. Groen / oletools

Commit 43eabd0caaf408cee5ebda86ab01002d5cbcaff4

Authored by decalage2
1 parent f5e2e0a5

mraptor: added more ActiveX trigger events (issue #95)

Inline Side-by-side
Showing 1 changed file with 7 additions and 1 deletions
oletools/mraptor.py
  View file @43eabd0
@@ -92,12 +92,18 @@ MSG_ISSUES = 'Please report this issue on %s' % URL_ISSUES @@ -92,12 +92,18 @@ MSG_ISSUES = 'Please report this issue on %s' % URL_ISSUES
92 # 'Workbook_Open', 'Workbook_Close', 92 # 'Workbook_Open', 'Workbook_Close',
93 # *_Painted such as InkPicture1_Painted 93 # *_Painted such as InkPicture1_Painted
94 # *_GotFocus|LostFocus|MouseHover for other ActiveX objects 94 # *_GotFocus|LostFocus|MouseHover for other ActiveX objects
  95 +# reference: http://www.greyhathacker.net/?p=948
95 96
96 # TODO: check if line also contains Sub or Function 97 # TODO: check if line also contains Sub or Function
97 re_autoexec = re.compile(r'(?i)\b(?:Auto(?:Exec|_?Open|_?Close|Exit|New)' + 98 re_autoexec = re.compile(r'(?i)\b(?:Auto(?:Exec|_?Open|_?Close|Exit|New)' +
98 r'|Document(?:_?Open|_Close|_?BeforeClose|Change|_New)' + 99 r'|Document(?:_?Open|_Close|_?BeforeClose|Change|_New)' +
99 r'|NewDocument|Workbook(?:_Open|_Activate|_Close)' + 100 r'|NewDocument|Workbook(?:_Open|_Activate|_Close)' +
100 - r'|\w+_(?:Painted|GotFocus|LostFocus|MouseHover|Layout|Click))\b') 101 + r'|\w+_(?:Painted|Painting|GotFocus|LostFocus|MouseHover' +
  102 + r'|Layout|Click|Change|Resize|BeforeNavigate2|BeforeScriptExecute' +
  103 + r'|DocumentComplete|DownloadBegin|DownloadComplete|FileDownload' +
  104 + r'|NavigateComplete2|NavigateError|ProgressChange|PropertyChange' +
  105 + r'|SetSecureLockIcon|StatusTextChange|TitleChange|MouseMove' +
  106 + r'|MouseEnter|MouseLeave|))\b')
101 107
102 # MS-VBAL 5.4.5.1 Open Statement: 108 # MS-VBAL 5.4.5.1 Open Statement:
103 RE_OPEN_WRITE = r'(?:\bOpen\b[^\n]+\b(?:Write|Append|Binary|Output|Random)\b)' 109 RE_OPEN_WRITE = r'(?:\bOpen\b[^\n]+\b(?:Write|Append|Binary|Output|Random)\b)'