Commit b5149339cadf63374f5ca521ffddfd56fe68cb80
1 parent
866ab339
olevba3: fixed issue #219, do not close the file too early
Showing
1 changed file
with
6 additions
and
4 deletions
oletools/olevba3.py
| @@ -201,6 +201,7 @@ from __future__ import print_function | @@ -201,6 +201,7 @@ from __future__ import print_function | ||
| 201 | # 2017-06-08 PL: - fixed issue #122 Chr() with negative numbers | 201 | # 2017-06-08 PL: - fixed issue #122 Chr() with negative numbers |
| 202 | # 2017-06-15 PL: - deobfuscation line by line to handle large files | 202 | # 2017-06-15 PL: - deobfuscation line by line to handle large files |
| 203 | # 2017-07-11 v0.52 PL: - raise exception instead of sys.exit (issue #180) | 203 | # 2017-07-11 v0.52 PL: - raise exception instead of sys.exit (issue #180) |
| 204 | +# 2017-11-20 PL: - fixed issue #219, do not close the file too early | ||
| 204 | # 2017-11-24 PL: - added keywords to detect self-modifying macros and | 205 | # 2017-11-24 PL: - added keywords to detect self-modifying macros and |
| 205 | # attempts to disable macro security (issue #221) | 206 | # attempts to disable macro security (issue #221) |
| 206 | # 2018-03-19 PL: - removed pyparsing from the thirdparty subfolder | 207 | # 2018-03-19 PL: - removed pyparsing from the thirdparty subfolder |
| @@ -3550,6 +3551,11 @@ def main(cmd_line_args=None): | @@ -3550,6 +3551,11 @@ def main(cmd_line_args=None): | ||
| 3550 | continue | 3551 | continue |
| 3551 | 3552 | ||
| 3552 | try: | 3553 | try: |
| 3554 | + # close the previous file if analyzing several: | ||
| 3555 | + # (this must be done here to avoid closing the file if there is only 1, | ||
| 3556 | + # to fix issue #219) | ||
| 3557 | + if vba_parser is not None: | ||
| 3558 | + vba_parser.close() | ||
| 3553 | # Open the file | 3559 | # Open the file |
| 3554 | vba_parser = VBA_Parser_CLI(filename, data=data, container=container, | 3560 | vba_parser = VBA_Parser_CLI(filename, data=data, container=container, |
| 3555 | relaxed=options.relaxed) | 3561 | relaxed=options.relaxed) |
| @@ -3627,10 +3633,6 @@ def main(cmd_line_args=None): | @@ -3627,10 +3633,6 @@ def main(cmd_line_args=None): | ||
| 3627 | else RETURN_SEVERAL_ERRS | 3633 | else RETURN_SEVERAL_ERRS |
| 3628 | # Here we do not close the vba_parser, because process_file may need it below. | 3634 | # Here we do not close the vba_parser, because process_file may need it below. |
| 3629 | 3635 | ||
| 3630 | - finally: | ||
| 3631 | - if vba_parser is not None: | ||
| 3632 | - vba_parser.close() | ||
| 3633 | - | ||
| 3634 | if options.output_mode == 'triage': | 3636 | if options.output_mode == 'triage': |
| 3635 | print('\n(Flags: OpX=OpenXML, XML=Word2003XML, FlX=FlatOPC XML, MHT=MHTML, TXT=Text, M=Macros, ' \ | 3637 | print('\n(Flags: OpX=OpenXML, XML=Word2003XML, FlX=FlatOPC XML, MHT=MHTML, TXT=Text, M=Macros, ' \ |
| 3636 | 'A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, ' \ | 3638 | 'A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, ' \ |