Commit 6f8179f5f858952527d3965b40772e8bce03a286
1 parent
537fb409
improved comments in rtfobj
Showing
1 changed file
with
37 additions
and
24 deletions
oletools/rtfobj.py
| ... | ... | @@ -11,46 +11,54 @@ rtfobj project website: http://www.decalage.info/python/rtfobj |
| 11 | 11 | |
| 12 | 12 | rtfobj is part of the python-oletools package: |
| 13 | 13 | http://www.decalage.info/python/oletools |
| 14 | - | |
| 15 | -rtfobj is copyright (c) 2012-2013, Philippe Lagadec (http://www.decalage.info) | |
| 16 | -All rights reserved. | |
| 17 | - | |
| 18 | -Redistribution and use in source and binary forms, with or without modification, | |
| 19 | -are permitted provided that the following conditions are met: | |
| 20 | - | |
| 21 | - * Redistributions of source code must retain the above copyright notice, this | |
| 22 | - list of conditions and the following disclaimer. | |
| 23 | - * Redistributions in binary form must reproduce the above copyright notice, | |
| 24 | - this list of conditions and the following disclaimer in the documentation | |
| 25 | - and/or other materials provided with the distribution. | |
| 26 | - | |
| 27 | -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 28 | -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 29 | -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
| 30 | -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | |
| 31 | -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
| 32 | -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 33 | -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |
| 34 | -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
| 35 | -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
| 36 | -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 37 | 14 | """ |
| 38 | 15 | |
| 39 | -__version__ = '0.02' | |
| 16 | +#=== LICENSE ================================================================= | |
| 17 | + | |
| 18 | +# rtfobj is copyright (c) 2012-2014, Philippe Lagadec (http://www.decalage.info) | |
| 19 | +# All rights reserved. | |
| 20 | +# | |
| 21 | +# Redistribution and use in source and binary forms, with or without modification, | |
| 22 | +# are permitted provided that the following conditions are met: | |
| 23 | +# | |
| 24 | +# * Redistributions of source code must retain the above copyright notice, this | |
| 25 | +# list of conditions and the following disclaimer. | |
| 26 | +# * Redistributions in binary form must reproduce the above copyright notice, | |
| 27 | +# this list of conditions and the following disclaimer in the documentation | |
| 28 | +# and/or other materials provided with the distribution. | |
| 29 | +# | |
| 30 | +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | |
| 31 | +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | |
| 32 | +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | |
| 33 | +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | |
| 34 | +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
| 35 | +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | |
| 36 | +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | |
| 37 | +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | |
| 38 | +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
| 39 | +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 40 | + | |
| 40 | 41 | |
| 41 | 42 | #------------------------------------------------------------------------------ |
| 42 | 43 | # CHANGELOG: |
| 43 | 44 | # 2012-11-09 v0.01 PL: - first version |
| 44 | 45 | # 2013-04-02 v0.02 PL: - fixed bug in main |
| 45 | 46 | |
| 47 | +__version__ = '0.02' | |
| 48 | + | |
| 46 | 49 | #------------------------------------------------------------------------------ |
| 47 | 50 | # TODO: |
| 48 | 51 | # - improve regex pattern for better performance? |
| 49 | 52 | # - allow semicolon within hex, as found in this sample: |
| 50 | 53 | # http://contagiodump.blogspot.nl/2011/10/sep-28-cve-2010-3333-manuscript-with.html |
| 51 | 54 | |
| 55 | +#=== IMPORTS ================================================================= | |
| 56 | + | |
| 52 | 57 | import re, sys, string, binascii |
| 53 | 58 | |
| 59 | + | |
| 60 | +#=== CONSTANTS================================================================= | |
| 61 | + | |
| 54 | 62 | # REGEX pattern to extract embedded OLE objects in hexadecimal format: |
| 55 | 63 | # alphanum digit: [0-9A-Fa-f] |
| 56 | 64 | # hex char = two alphanum digits: [0-9A-Fa-f]{2} |
| ... | ... | @@ -64,6 +72,8 @@ PATTERN = r'(?:(?:[0-9A-Fa-f]{2})+\s*)*(?:[0-9A-Fa-f]{2}){4,}' |
| 64 | 72 | TRANSTABLE_NOCHANGE = string.maketrans('', '') |
| 65 | 73 | |
| 66 | 74 | |
| 75 | +#=== FUNCTIONS ================================================================= | |
| 76 | + | |
| 67 | 77 | def rtf_iter_objects (filename, min_size=32): |
| 68 | 78 | """ |
| 69 | 79 | Open a RTF file, extract each embedded object encoded in hexadecimal of |
| ... | ... | @@ -82,6 +92,9 @@ def rtf_iter_objects (filename, min_size=32): |
| 82 | 92 | if len(found)>min_size: |
| 83 | 93 | yield m.start(), found |
| 84 | 94 | |
| 95 | + | |
| 96 | +#=== MAIN ================================================================= | |
| 97 | + | |
| 85 | 98 | if __name__ == '__main__': |
| 86 | 99 | if len(sys.argv)<2: |
| 87 | 100 | sys.exit(__doc__) | ... | ... |