Merge pull request #194 from samiraguiar/oleid-openxml-encryption

oleid: detect OpenXML encryption

Merge pull request #194 from samiraguiar/oleid-openxml-encryption
oleid: detect OpenXML encryption
Philippe Lagadec · GitHub
2 parents 08454248 1723e4db
Showing 4 changed files with 30 additions and 0 deletions
oletools/oleid.py
tests/oleid/__init__.py
tests/oleid/test_issue_166.py
tests/test-data/basic/encrypted.docx
@@ -54,6 +54,7 @@ from __future__ import print_function
 # 2016-10-25 v0.50 PL: - fixed print and bytes strings for Python 3
 # 2016-12-12 v0.51 PL: - fixed relative imports for Python 3 (issue #115)
 # 2017-04-26       PL: - fixed absolute imports (issue #141)
+# 2017-09-01       SA: - detect OpenXML encryption
 __version__ = '0.51'
@@ -211,6 +212,9 @@ class OleID:
         if 0x13 in self.suminfo:
             if self.suminfo[0x13] & 1:
                 self.encrypted.value = True
+        # check if this is an OpenXML encrypted file
+        elif self.ole.exists('EncryptionInfo'):
+            self.encrypted.value = True
     def check_word (self):
         word = Indicator('word', False, name='Word Document',
+"""
+Test if oleid detects encrypted documents
+"""
+
+import unittest, sys, os
+
+from tests.test_utils import DATA_BASE_DIR
+from os.path import join
+
+from oletools import oleid
+
+class TestEncryptedDocumentDetection(unittest.TestCase):
+    def test_encrypted_document_detection(self):
+        """ Run oleid and check if the document is flagged as encrypted """
+        filename = join(DATA_BASE_DIR, 'basic/encrypted.docx')
+
+        oleid_instance = oleid.OleID(filename)
+        indicators = oleid_instance.check()
+
+        is_encrypted = next(i.value for i in indicators if i.id == 'encrypted')
+
+        self.assertEqual(is_encrypted, True)
+
+# just in case somebody calls this file as a script
+if __name__ == '__main__':
+    unittest.main()
 \ No newline at end of file