Commit 7680eb11f7721747ea8e8a7f47aa1798d7ddabf1
1 parent
c8a4b6a9
oleobj: remember whether OleNativeStream data is stream/link
Showing
1 changed file
with
11 additions
and
2 deletions
oletools/oleobj.py
| @@ -284,6 +284,8 @@ class OleNativeStream (object): | @@ -284,6 +284,8 @@ class OleNativeStream (object): | ||
| 284 | self.actual_size = None | 284 | self.actual_size = None |
| 285 | self.data = None | 285 | self.data = None |
| 286 | self.package = package | 286 | self.package = package |
| 287 | + self.is_link = None | ||
| 288 | + self.data_is_stream = None | ||
| 287 | if bindata is not None: | 289 | if bindata is not None: |
| 288 | self.parse(data=bindata) | 290 | self.parse(data=bindata) |
| 289 | 291 | ||
| @@ -300,8 +302,10 @@ class OleNativeStream (object): | @@ -300,8 +302,10 @@ class OleNativeStream (object): | ||
| 300 | # TODO: strict mode to raise exceptions when values are incorrect | 302 | # TODO: strict mode to raise exceptions when values are incorrect |
| 301 | # (permissive mode by default) | 303 | # (permissive mode by default) |
| 302 | if hasattr(data, 'read'): | 304 | if hasattr(data, 'read'): |
| 305 | + self.data_is_stream = True | ||
| 303 | index = None # marker for read_* functions to expect stream | 306 | index = None # marker for read_* functions to expect stream |
| 304 | else: | 307 | else: |
| 308 | + self.data_is_stream = False | ||
| 305 | index = 0 # marker for read_* functions to expect array | 309 | index = 0 # marker for read_* functions to expect array |
| 306 | 310 | ||
| 307 | # An OLE Package object does not have the native data size field | 311 | # An OLE Package object does not have the native data size field |
| @@ -322,10 +326,11 @@ class OleNativeStream (object): | @@ -322,10 +326,11 @@ class OleNativeStream (object): | ||
| 322 | # size of the rest of the data | 326 | # size of the rest of the data |
| 323 | try: | 327 | try: |
| 324 | self.actual_size, index = read_uint32(data, index) | 328 | self.actual_size, index = read_uint32(data, index) |
| 325 | - if index is None: # data is a bytes stream | 329 | + if self.data_is_stream: |
| 326 | self.data = data | 330 | self.data = data |
| 327 | - else: # data is a bytes array | 331 | + else: |
| 328 | self.data = data[index:index+self.actual_size] | 332 | self.data = data[index:index+self.actual_size] |
| 333 | + self.is_link = False | ||
| 329 | # TODO: exception when size > remaining data | 334 | # TODO: exception when size > remaining data |
| 330 | # TODO: SLACK DATA | 335 | # TODO: SLACK DATA |
| 331 | except (IOError, struct.error): # no data to read actual_size | 336 | except (IOError, struct.error): # no data to read actual_size |
| @@ -549,6 +554,10 @@ def process_file(container, filename, data, output_dir=None): | @@ -549,6 +554,10 @@ def process_file(container, filename, data, output_dir=None): | ||
| 549 | continue | 554 | continue |
| 550 | 555 | ||
| 551 | # print info | 556 | # print info |
| 557 | + if opkg.is_link: | ||
| 558 | + log.debug('Object is not embedded but only linked to ' | ||
| 559 | + '- skip') | ||
| 560 | + continue | ||
| 552 | print ('Filename = %r' % opkg.filename) | 561 | print ('Filename = %r' % opkg.filename) |
| 553 | print ('Source path = %r' % opkg.src_path) | 562 | print ('Source path = %r' % opkg.src_path) |
| 554 | print ('Temp path = %r' % opkg.temp_path) | 563 | print ('Temp path = %r' % opkg.temp_path) |