Commit 8b21d5861d6b3f72d618cbaf26d6ddd96565f359
1 parent
3a79ad14
remove global_analysis (was always true, todo said "remove it")
Showing
1 changed file
with
7 additions
and
18 deletions
oletools/olevba.py
| @@ -2584,7 +2584,7 @@ class VBA_Parser_CLI(VBA_Parser): | @@ -2584,7 +2584,7 @@ class VBA_Parser_CLI(VBA_Parser): | ||
| 2584 | for kw_type, keyword, description in self.analyze_macros(show_decoded_strings)] | 2584 | for kw_type, keyword, description in self.analyze_macros(show_decoded_strings)] |
| 2585 | 2585 | ||
| 2586 | def process_file(self, show_decoded_strings=False, | 2586 | def process_file(self, show_decoded_strings=False, |
| 2587 | - display_code=True, global_analysis=True, hide_attributes=True, | 2587 | + display_code=True, hide_attributes=True, |
| 2588 | vba_code_only=False, show_deobfuscated_code=False, | 2588 | vba_code_only=False, show_deobfuscated_code=False, |
| 2589 | deobfuscate=False): | 2589 | deobfuscate=False): |
| 2590 | """ | 2590 | """ |
| @@ -2630,19 +2630,12 @@ class VBA_Parser_CLI(VBA_Parser): | @@ -2630,19 +2630,12 @@ class VBA_Parser_CLI(VBA_Parser): | ||
| 2630 | print '(empty macro)' | 2630 | print '(empty macro)' |
| 2631 | else: | 2631 | else: |
| 2632 | print vba_code_filtered | 2632 | print vba_code_filtered |
| 2633 | - if not global_analysis and not vba_code_only: | ||
| 2634 | - #TODO: remove this option | ||
| 2635 | - raise NotImplementedError | ||
| 2636 | - print '- ' * 39 | ||
| 2637 | - print 'ANALYSIS:' | ||
| 2638 | - # analyse each module's code, filtered to avoid false positives: | ||
| 2639 | - self.print_analysis(show_decoded_strings, deobfuscate) | ||
| 2640 | for (subfilename, stream_path, form_string) in self.extract_form_strings(): | 2633 | for (subfilename, stream_path, form_string) in self.extract_form_strings(): |
| 2641 | print '-' * 79 | 2634 | print '-' * 79 |
| 2642 | print 'VBA FORM STRING IN %r - OLE stream: %r' % (subfilename, stream_path) | 2635 | print 'VBA FORM STRING IN %r - OLE stream: %r' % (subfilename, stream_path) |
| 2643 | print '- ' * 39 | 2636 | print '- ' * 39 |
| 2644 | print form_string | 2637 | print form_string |
| 2645 | - if global_analysis and not vba_code_only: | 2638 | + if not vba_code_only: |
| 2646 | # analyse the code from all modules at once: | 2639 | # analyse the code from all modules at once: |
| 2647 | self.print_analysis(show_decoded_strings, deobfuscate) | 2640 | self.print_analysis(show_decoded_strings, deobfuscate) |
| 2648 | if show_deobfuscated_code: | 2641 | if show_deobfuscated_code: |
| @@ -2660,7 +2653,7 @@ class VBA_Parser_CLI(VBA_Parser): | @@ -2660,7 +2653,7 @@ class VBA_Parser_CLI(VBA_Parser): | ||
| 2660 | 2653 | ||
| 2661 | 2654 | ||
| 2662 | def process_file_json(self, show_decoded_strings=False, | 2655 | def process_file_json(self, show_decoded_strings=False, |
| 2663 | - display_code=True, global_analysis=True, hide_attributes=True, | 2656 | + display_code=True, hide_attributes=True, |
| 2664 | vba_code_only=False, show_deobfuscated_code=False): | 2657 | vba_code_only=False, show_deobfuscated_code=False): |
| 2665 | """ | 2658 | """ |
| 2666 | Process a single file | 2659 | Process a single file |
| @@ -2709,12 +2702,8 @@ class VBA_Parser_CLI(VBA_Parser): | @@ -2709,12 +2702,8 @@ class VBA_Parser_CLI(VBA_Parser): | ||
| 2709 | curr_macro['ole_stream'] = stream_path | 2702 | curr_macro['ole_stream'] = stream_path |
| 2710 | if display_code: | 2703 | if display_code: |
| 2711 | curr_macro['code'] = vba_code_filtered.strip() | 2704 | curr_macro['code'] = vba_code_filtered.strip() |
| 2712 | - if not global_analysis and not vba_code_only: | ||
| 2713 | - # analyse each module's code, filtered to avoid false positives: | ||
| 2714 | - #TODO: remove this option | ||
| 2715 | - curr_macro['analysis'] = self.print_analysis_json(show_decoded_strings) | ||
| 2716 | macros.append(curr_macro) | 2705 | macros.append(curr_macro) |
| 2717 | - if global_analysis and not vba_code_only: | 2706 | + if not vba_code_only: |
| 2718 | # analyse the code from all modules at once: | 2707 | # analyse the code from all modules at once: |
| 2719 | result['analysis'] = self.print_analysis_json(show_decoded_strings) | 2708 | result['analysis'] = self.print_analysis_json(show_decoded_strings) |
| 2720 | if show_deobfuscated_code: | 2709 | if show_deobfuscated_code: |
| @@ -2910,7 +2899,7 @@ def main(): | @@ -2910,7 +2899,7 @@ def main(): | ||
| 2910 | if options.output_mode == 'detailed': | 2899 | if options.output_mode == 'detailed': |
| 2911 | # fully detailed output | 2900 | # fully detailed output |
| 2912 | vba_parser.process_file(show_decoded_strings=options.show_decoded_strings, | 2901 | vba_parser.process_file(show_decoded_strings=options.show_decoded_strings, |
| 2913 | - display_code=options.display_code, global_analysis=True, #options.global_analysis, | 2902 | + display_code=options.display_code, |
| 2914 | hide_attributes=options.hide_attributes, vba_code_only=options.vba_code_only, | 2903 | hide_attributes=options.hide_attributes, vba_code_only=options.vba_code_only, |
| 2915 | show_deobfuscated_code=options.show_deobfuscated_code, | 2904 | show_deobfuscated_code=options.show_deobfuscated_code, |
| 2916 | deobfuscate=options.deobfuscate) | 2905 | deobfuscate=options.deobfuscate) |
| @@ -2926,7 +2915,7 @@ def main(): | @@ -2926,7 +2915,7 @@ def main(): | ||
| 2926 | elif options.output_mode == 'json': | 2915 | elif options.output_mode == 'json': |
| 2927 | json_results.append( | 2916 | json_results.append( |
| 2928 | vba_parser.process_file_json(show_decoded_strings=options.show_decoded_strings, | 2917 | vba_parser.process_file_json(show_decoded_strings=options.show_decoded_strings, |
| 2929 | - display_code=options.display_code, global_analysis=True, #options.global_analysis, | 2918 | + display_code=options.display_code, |
| 2930 | hide_attributes=options.hide_attributes, vba_code_only=options.vba_code_only, | 2919 | hide_attributes=options.hide_attributes, vba_code_only=options.vba_code_only, |
| 2931 | show_deobfuscated_code=options.show_deobfuscated_code)) | 2920 | show_deobfuscated_code=options.show_deobfuscated_code)) |
| 2932 | else: # (should be impossible) | 2921 | else: # (should be impossible) |
| @@ -2940,7 +2929,7 @@ def main(): | @@ -2940,7 +2929,7 @@ def main(): | ||
| 2940 | if count == 1 and options.output_mode == 'unspecified': | 2929 | if count == 1 and options.output_mode == 'unspecified': |
| 2941 | # if options -t, -d and -j were not specified and it's a single file, print details: | 2930 | # if options -t, -d and -j were not specified and it's a single file, print details: |
| 2942 | vba_parser.process_file(show_decoded_strings=options.show_decoded_strings, | 2931 | vba_parser.process_file(show_decoded_strings=options.show_decoded_strings, |
| 2943 | - display_code=options.display_code, global_analysis=True, #options.global_analysis, | 2932 | + display_code=options.display_code, |
| 2944 | hide_attributes=options.hide_attributes, vba_code_only=options.vba_code_only, | 2933 | hide_attributes=options.hide_attributes, vba_code_only=options.vba_code_only, |
| 2945 | show_deobfuscated_code=options.show_deobfuscated_code, | 2934 | show_deobfuscated_code=options.show_deobfuscated_code, |
| 2946 | deobfuscate=options.deobfuscate) | 2935 | deobfuscate=options.deobfuscate) |