Commit b7da0ac5c400be39a132f118e7b611ba3f4d66f4
1 parent
2966aa5d
oleid: do not run checks for non-ole files/objects
Showing
1 changed file
with
16 additions
and
0 deletions
oletools/oleid.py
| ... | ... | @@ -232,6 +232,8 @@ class OleID(object): |
| 232 | 232 | appname = Indicator('appname', 'unknown', _type=str, |
| 233 | 233 | name='Application name') |
| 234 | 234 | self.indicators.append(appname) |
| 235 | + if not self.ole: | |
| 236 | + return suminfo, appname | |
| 235 | 237 | self.suminfo_data = {} |
| 236 | 238 | # check stream SummaryInformation |
| 237 | 239 | if self.ole.exists("\x05SummaryInformation"): |
| ... | ... | @@ -255,6 +257,8 @@ class OleID(object): |
| 255 | 257 | # we keep the pointer to the indicator, can be modified by other checks: |
| 256 | 258 | encrypted = Indicator('encrypted', False, name='Encrypted') |
| 257 | 259 | self.indicators.append(encrypted) |
| 260 | + if not self.ole: | |
| 261 | + return encrypted | |
| 258 | 262 | # check if bit 1 of security field = 1: |
| 259 | 263 | # (this field may be missing for Powerpoint2000, for example) |
| 260 | 264 | if self.suminfo_data is None: |
| ... | ... | @@ -281,6 +285,8 @@ class OleID(object): |
| 281 | 285 | self.indicators.append(word) |
| 282 | 286 | macros = Indicator('vba_macros', False, name='VBA Macros') |
| 283 | 287 | self.indicators.append(macros) |
| 288 | + if not self.ole: | |
| 289 | + return word, macros | |
| 284 | 290 | if self.ole.exists('WordDocument'): |
| 285 | 291 | word.value = True |
| 286 | 292 | # check for Word-specific encryption flag: |
| ... | ... | @@ -324,6 +330,8 @@ class OleID(object): |
| 324 | 330 | description='Contains a Workbook or Book stream, very likely to be ' |
| 325 | 331 | 'a Microsoft Excel Workbook.') |
| 326 | 332 | self.indicators.append(excel) |
| 333 | + if not self.ole: | |
| 334 | + return excel | |
| 327 | 335 | #self.macros = Indicator('vba_macros', False, name='VBA Macros') |
| 328 | 336 | #self.indicators.append(self.macros) |
| 329 | 337 | if self.ole.exists('Workbook') or self.ole.exists('Book'): |
| ... | ... | @@ -353,6 +361,8 @@ class OleID(object): |
| 353 | 361 | description='Contains a PowerPoint Document stream, very likely to ' |
| 354 | 362 | 'be a Microsoft PowerPoint Presentation.') |
| 355 | 363 | self.indicators.append(ppt) |
| 364 | + if not self.ole: | |
| 365 | + return ppt | |
| 356 | 366 | if self.ole.exists('PowerPoint Document'): |
| 357 | 367 | ppt.value = True |
| 358 | 368 | return ppt |
| ... | ... | @@ -364,6 +374,8 @@ class OleID(object): |
| 364 | 374 | description='Contains a VisioDocument stream, very likely to be a ' |
| 365 | 375 | 'Microsoft Visio Drawing.') |
| 366 | 376 | self.indicators.append(visio) |
| 377 | + if not self.ole: | |
| 378 | + return visio | |
| 367 | 379 | if self.ole.exists('VisioDocument'): |
| 368 | 380 | visio.value = True |
| 369 | 381 | return visio |
| ... | ... | @@ -375,6 +387,8 @@ class OleID(object): |
| 375 | 387 | description='Contains an ObjectPool stream, very likely to contain ' |
| 376 | 388 | 'embedded OLE objects or files.') |
| 377 | 389 | self.indicators.append(objpool) |
| 390 | + if not self.ole: | |
| 391 | + return objpool | |
| 378 | 392 | if self.ole.exists('ObjectPool'): |
| 379 | 393 | objpool.value = True |
| 380 | 394 | return objpool |
| ... | ... | @@ -387,6 +401,8 @@ class OleID(object): |
| 387 | 401 | 'in OLE streams. Not 100% accurate, there may be false ' |
| 388 | 402 | 'positives.') |
| 389 | 403 | self.indicators.append(flash) |
| 404 | + if not self.ole: | |
| 405 | + return flash | |
| 390 | 406 | for stream in self.ole.listdir(): |
| 391 | 407 | data = self.ole.openstream(stream).read() |
| 392 | 408 | found = detect_flash(data) | ... | ... |