diff --git a/oletools/msodde.py b/oletools/msodde.py index 129d1cf..49438eb 100644 --- a/oletools/msodde.py +++ b/oletools/msodde.py @@ -185,10 +185,10 @@ def process_args(cmd_line_args=None): parser.add_argument("filepath", help="path of the file to be analyzed", type=existing_file, metavar='FILE') parser.add_argument("--json", '-j', action='store_true', - help="Output in json format") + help="Output in json format. Do not use with -ldebug") parser.add_argument("--nounquote", help="don't unquote values",action='store_true') parser.add_argument('-l', '--loglevel', dest="loglevel", action="store", default=DEFAULT_LOG_LEVEL, - help="logging level debug/info/warning/error/critical (default=warning)") + help="logging level debug/info/warning/error/critical (default=%(default)s)") return parser.parse_args(cmd_line_args) @@ -212,10 +212,10 @@ def process_ole_field(data): """ check if field instructions start with DDE expects unicode input, returns unicode output (empty if not dde) """ - #print('processing field \'{0}\''.format(data)) + #log.debug('processing field \'{0}\''.format(data)) if data.lstrip().lower().startswith(u'dde'): - #print('--> is DDE!') + #log.debug('--> is DDE!') return data else: return u'' @@ -248,10 +248,6 @@ def process_ole_stream(stream): char = ord(char) if char == OLE_FIELD_START: - #print('DEBUG: have start at {}'.format(idx)) - #if have_start: - # print("DEBUG: dismissing previous contents of length {}" - # .format(len(field_contents))) have_start = True have_sep = False max_size_exceeded = False @@ -262,11 +258,8 @@ def process_ole_stream(stream): # now we are after start char but not at end yet if char == OLE_FIELD_SEP: - #print('DEBUG: have sep at {}'.format(idx)) have_sep = True elif char == OLE_FIELD_END: - #print('DEBUG: have end at {}'.format(idx)) - # have complete field now, process it result_parts.append(process_ole_field(field_contents)) @@ -279,20 +272,18 @@ def process_ole_stream(stream): if max_size_exceeded: pass elif len(field_contents) > OLE_FIELD_MAX_SIZE: - #print('DEBUG: exceeded max size') + log.debug('field exceeds max size of {0}. Ignore rest' + .format(OLE_FIELD_MAX_SIZE)) max_size_exceeded = True # appending a raw byte to a unicode string here. Not clean but # all we do later is check for the ascii-sequence 'DDE' later... elif char < 128: field_contents += unichr(char) - #print('DEBUG: at idx {:4d}: add byte {} ({})' - # .format(idx, unichr(char), char)) else: field_contents += u'?' - #print('DEBUG: at idx {:4d}: add byte ? ({})' - # .format(idx, char)) - #print('\nstream len = {}'.format(idx)) + log.debug('Checked {0} characters, found {1} fields' + .format(idx, len(result_parts))) # copy behaviour of process_xml: Just concatenate unicode strings return u''.join(result_parts) @@ -308,7 +299,7 @@ def process_ole_storage(ole): links = '' try: stream = ole.openstream(st) - #print('Checking stream {0}'.format(st)) + log.debug('Checking stream {0}'.format(st)) links = process_ole_stream(stream) except: raise @@ -318,13 +309,13 @@ def process_ole_storage(ole): if links: results.append(links) elif st_type == olefile.STGTY_STORAGE: # a storage - #print('Checking storage {0}'.format(st)) + log.debug('Checking storage {0}'.format(st)) links = process_ole_storage(st) if links: results.extend(links) else: - #print('Warning: unexpected type {0} for entry {1}. Ignore it' - # .format(st_type, st)) + log.info('unexpected type {0} for entry {1}. Ignore it' + .format(st_type, st)) continue return results @@ -338,7 +329,6 @@ def process_ole(filepath): word (possibly after some whitespace) """ log.debug('process_ole') - #print('Looks like ole') ole = olefile.OleFileIO(filepath, path_encoding=None) text_parts = process_ole_storage(ole) return u'\n'.join(text_parts) @@ -452,6 +442,8 @@ def main(cmd_line_args=None): # enable logging in the modules: log.setLevel(logging.NOTSET) + if args.json and args.loglevel.lower() == 'debug': + log.warning('Debug log output will not be json-compatible!') if args.nounquote : global NO_QUOTES