Commit 5381391642a614e7d0cc9e0926adeb6ce6be4968
1 parent
3f526ce4
Updated to check both the file and temp path extensions. Added a check comparing…
… if both extensions are identical.
Showing
1 changed file
with
10 additions
and
3 deletions
oletools/rtfobj.py
| @@ -880,9 +880,16 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | @@ -880,9 +880,16 @@ def process_file(container, filename, data, output_dir=None, save_object=False): | ||
| 880 | ole_column += '\nTemp path = %r' % rtfobj.temp_path | 880 | ole_column += '\nTemp path = %r' % rtfobj.temp_path |
| 881 | ole_color = 'yellow' | 881 | ole_color = 'yellow' |
| 882 | # check if the file extension is executable: | 882 | # check if the file extension is executable: |
| 883 | - _, ext = os.path.splitext(rtfobj.temp_path) | ||
| 884 | - log.debug('File extension: %r' % ext) | ||
| 885 | - if re_executable_extensions.match(ext): | 883 | + |
| 884 | + _, temp_ext = os.path.splitext(rtfobj.temp_path) | ||
| 885 | + log.debug('Temp path extension: %r' % temp_ext) | ||
| 886 | + _, file_ext = os.path.splitext(rtfobj.filename) | ||
| 887 | + log.debug('File extension: %r' % file_ext) | ||
| 888 | + | ||
| 889 | + if temp_ext != file_ext: | ||
| 890 | + ole_column += "\nMODIFIED FILE EXTENSION" | ||
| 891 | + | ||
| 892 | + if re_executable_extensions.match(temp_ext) or re_executable_extensions.match(file_ext): | ||
| 886 | ole_color = 'red' | 893 | ole_color = 'red' |
| 887 | ole_column += '\nEXECUTABLE FILE' | 894 | ole_column += '\nEXECUTABLE FILE' |
| 888 | # else: | 895 | # else: |