Commit 6f8179f5f858952527d3965b40772e8bce03a286
1 parent
537fb409
improved comments in rtfobj
Showing
1 changed file
with
37 additions
and
24 deletions
oletools/rtfobj.py
| @@ -11,46 +11,54 @@ rtfobj project website: http://www.decalage.info/python/rtfobj | @@ -11,46 +11,54 @@ rtfobj project website: http://www.decalage.info/python/rtfobj | ||
| 11 | 11 | ||
| 12 | rtfobj is part of the python-oletools package: | 12 | rtfobj is part of the python-oletools package: |
| 13 | http://www.decalage.info/python/oletools | 13 | http://www.decalage.info/python/oletools |
| 14 | - | ||
| 15 | -rtfobj is copyright (c) 2012-2013, Philippe Lagadec (http://www.decalage.info) | ||
| 16 | -All rights reserved. | ||
| 17 | - | ||
| 18 | -Redistribution and use in source and binary forms, with or without modification, | ||
| 19 | -are permitted provided that the following conditions are met: | ||
| 20 | - | ||
| 21 | - * Redistributions of source code must retain the above copyright notice, this | ||
| 22 | - list of conditions and the following disclaimer. | ||
| 23 | - * Redistributions in binary form must reproduce the above copyright notice, | ||
| 24 | - this list of conditions and the following disclaimer in the documentation | ||
| 25 | - and/or other materials provided with the distribution. | ||
| 26 | - | ||
| 27 | -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | ||
| 28 | -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
| 29 | -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
| 30 | -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | ||
| 31 | -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 32 | -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | ||
| 33 | -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | ||
| 34 | -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | ||
| 35 | -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | ||
| 36 | -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 37 | """ | 14 | """ |
| 38 | 15 | ||
| 39 | -__version__ = '0.02' | 16 | +#=== LICENSE ================================================================= |
| 17 | + | ||
| 18 | +# rtfobj is copyright (c) 2012-2014, Philippe Lagadec (http://www.decalage.info) | ||
| 19 | +# All rights reserved. | ||
| 20 | +# | ||
| 21 | +# Redistribution and use in source and binary forms, with or without modification, | ||
| 22 | +# are permitted provided that the following conditions are met: | ||
| 23 | +# | ||
| 24 | +# * Redistributions of source code must retain the above copyright notice, this | ||
| 25 | +# list of conditions and the following disclaimer. | ||
| 26 | +# * Redistributions in binary form must reproduce the above copyright notice, | ||
| 27 | +# this list of conditions and the following disclaimer in the documentation | ||
| 28 | +# and/or other materials provided with the distribution. | ||
| 29 | +# | ||
| 30 | +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND | ||
| 31 | +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED | ||
| 32 | +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE | ||
| 33 | +# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE | ||
| 34 | +# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 35 | +# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR | ||
| 36 | +# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER | ||
| 37 | +# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, | ||
| 38 | +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | ||
| 39 | +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 40 | + | ||
| 40 | 41 | ||
| 41 | #------------------------------------------------------------------------------ | 42 | #------------------------------------------------------------------------------ |
| 42 | # CHANGELOG: | 43 | # CHANGELOG: |
| 43 | # 2012-11-09 v0.01 PL: - first version | 44 | # 2012-11-09 v0.01 PL: - first version |
| 44 | # 2013-04-02 v0.02 PL: - fixed bug in main | 45 | # 2013-04-02 v0.02 PL: - fixed bug in main |
| 45 | 46 | ||
| 47 | +__version__ = '0.02' | ||
| 48 | + | ||
| 46 | #------------------------------------------------------------------------------ | 49 | #------------------------------------------------------------------------------ |
| 47 | # TODO: | 50 | # TODO: |
| 48 | # - improve regex pattern for better performance? | 51 | # - improve regex pattern for better performance? |
| 49 | # - allow semicolon within hex, as found in this sample: | 52 | # - allow semicolon within hex, as found in this sample: |
| 50 | # http://contagiodump.blogspot.nl/2011/10/sep-28-cve-2010-3333-manuscript-with.html | 53 | # http://contagiodump.blogspot.nl/2011/10/sep-28-cve-2010-3333-manuscript-with.html |
| 51 | 54 | ||
| 55 | +#=== IMPORTS ================================================================= | ||
| 56 | + | ||
| 52 | import re, sys, string, binascii | 57 | import re, sys, string, binascii |
| 53 | 58 | ||
| 59 | + | ||
| 60 | +#=== CONSTANTS================================================================= | ||
| 61 | + | ||
| 54 | # REGEX pattern to extract embedded OLE objects in hexadecimal format: | 62 | # REGEX pattern to extract embedded OLE objects in hexadecimal format: |
| 55 | # alphanum digit: [0-9A-Fa-f] | 63 | # alphanum digit: [0-9A-Fa-f] |
| 56 | # hex char = two alphanum digits: [0-9A-Fa-f]{2} | 64 | # hex char = two alphanum digits: [0-9A-Fa-f]{2} |
| @@ -64,6 +72,8 @@ PATTERN = r'(?:(?:[0-9A-Fa-f]{2})+\s*)*(?:[0-9A-Fa-f]{2}){4,}' | @@ -64,6 +72,8 @@ PATTERN = r'(?:(?:[0-9A-Fa-f]{2})+\s*)*(?:[0-9A-Fa-f]{2}){4,}' | ||
| 64 | TRANSTABLE_NOCHANGE = string.maketrans('', '') | 72 | TRANSTABLE_NOCHANGE = string.maketrans('', '') |
| 65 | 73 | ||
| 66 | 74 | ||
| 75 | +#=== FUNCTIONS ================================================================= | ||
| 76 | + | ||
| 67 | def rtf_iter_objects (filename, min_size=32): | 77 | def rtf_iter_objects (filename, min_size=32): |
| 68 | """ | 78 | """ |
| 69 | Open a RTF file, extract each embedded object encoded in hexadecimal of | 79 | Open a RTF file, extract each embedded object encoded in hexadecimal of |
| @@ -82,6 +92,9 @@ def rtf_iter_objects (filename, min_size=32): | @@ -82,6 +92,9 @@ def rtf_iter_objects (filename, min_size=32): | ||
| 82 | if len(found)>min_size: | 92 | if len(found)>min_size: |
| 83 | yield m.start(), found | 93 | yield m.start(), found |
| 84 | 94 | ||
| 95 | + | ||
| 96 | +#=== MAIN ================================================================= | ||
| 97 | + | ||
| 85 | if __name__ == '__main__': | 98 | if __name__ == '__main__': |
| 86 | if len(sys.argv)<2: | 99 | if len(sys.argv)<2: |
| 87 | sys.exit(__doc__) | 100 | sys.exit(__doc__) |