Commit b7da0ac5c400be39a132f118e7b611ba3f4d66f4
1 parent
2966aa5d
oleid: do not run checks for non-ole files/objects
Showing
1 changed file
with
16 additions
and
0 deletions
oletools/oleid.py
| @@ -232,6 +232,8 @@ class OleID(object): | @@ -232,6 +232,8 @@ class OleID(object): | ||
| 232 | appname = Indicator('appname', 'unknown', _type=str, | 232 | appname = Indicator('appname', 'unknown', _type=str, |
| 233 | name='Application name') | 233 | name='Application name') |
| 234 | self.indicators.append(appname) | 234 | self.indicators.append(appname) |
| 235 | + if not self.ole: | ||
| 236 | + return suminfo, appname | ||
| 235 | self.suminfo_data = {} | 237 | self.suminfo_data = {} |
| 236 | # check stream SummaryInformation | 238 | # check stream SummaryInformation |
| 237 | if self.ole.exists("\x05SummaryInformation"): | 239 | if self.ole.exists("\x05SummaryInformation"): |
| @@ -255,6 +257,8 @@ class OleID(object): | @@ -255,6 +257,8 @@ class OleID(object): | ||
| 255 | # we keep the pointer to the indicator, can be modified by other checks: | 257 | # we keep the pointer to the indicator, can be modified by other checks: |
| 256 | encrypted = Indicator('encrypted', False, name='Encrypted') | 258 | encrypted = Indicator('encrypted', False, name='Encrypted') |
| 257 | self.indicators.append(encrypted) | 259 | self.indicators.append(encrypted) |
| 260 | + if not self.ole: | ||
| 261 | + return encrypted | ||
| 258 | # check if bit 1 of security field = 1: | 262 | # check if bit 1 of security field = 1: |
| 259 | # (this field may be missing for Powerpoint2000, for example) | 263 | # (this field may be missing for Powerpoint2000, for example) |
| 260 | if self.suminfo_data is None: | 264 | if self.suminfo_data is None: |
| @@ -281,6 +285,8 @@ class OleID(object): | @@ -281,6 +285,8 @@ class OleID(object): | ||
| 281 | self.indicators.append(word) | 285 | self.indicators.append(word) |
| 282 | macros = Indicator('vba_macros', False, name='VBA Macros') | 286 | macros = Indicator('vba_macros', False, name='VBA Macros') |
| 283 | self.indicators.append(macros) | 287 | self.indicators.append(macros) |
| 288 | + if not self.ole: | ||
| 289 | + return word, macros | ||
| 284 | if self.ole.exists('WordDocument'): | 290 | if self.ole.exists('WordDocument'): |
| 285 | word.value = True | 291 | word.value = True |
| 286 | # check for Word-specific encryption flag: | 292 | # check for Word-specific encryption flag: |
| @@ -324,6 +330,8 @@ class OleID(object): | @@ -324,6 +330,8 @@ class OleID(object): | ||
| 324 | description='Contains a Workbook or Book stream, very likely to be ' | 330 | description='Contains a Workbook or Book stream, very likely to be ' |
| 325 | 'a Microsoft Excel Workbook.') | 331 | 'a Microsoft Excel Workbook.') |
| 326 | self.indicators.append(excel) | 332 | self.indicators.append(excel) |
| 333 | + if not self.ole: | ||
| 334 | + return excel | ||
| 327 | #self.macros = Indicator('vba_macros', False, name='VBA Macros') | 335 | #self.macros = Indicator('vba_macros', False, name='VBA Macros') |
| 328 | #self.indicators.append(self.macros) | 336 | #self.indicators.append(self.macros) |
| 329 | if self.ole.exists('Workbook') or self.ole.exists('Book'): | 337 | if self.ole.exists('Workbook') or self.ole.exists('Book'): |
| @@ -353,6 +361,8 @@ class OleID(object): | @@ -353,6 +361,8 @@ class OleID(object): | ||
| 353 | description='Contains a PowerPoint Document stream, very likely to ' | 361 | description='Contains a PowerPoint Document stream, very likely to ' |
| 354 | 'be a Microsoft PowerPoint Presentation.') | 362 | 'be a Microsoft PowerPoint Presentation.') |
| 355 | self.indicators.append(ppt) | 363 | self.indicators.append(ppt) |
| 364 | + if not self.ole: | ||
| 365 | + return ppt | ||
| 356 | if self.ole.exists('PowerPoint Document'): | 366 | if self.ole.exists('PowerPoint Document'): |
| 357 | ppt.value = True | 367 | ppt.value = True |
| 358 | return ppt | 368 | return ppt |
| @@ -364,6 +374,8 @@ class OleID(object): | @@ -364,6 +374,8 @@ class OleID(object): | ||
| 364 | description='Contains a VisioDocument stream, very likely to be a ' | 374 | description='Contains a VisioDocument stream, very likely to be a ' |
| 365 | 'Microsoft Visio Drawing.') | 375 | 'Microsoft Visio Drawing.') |
| 366 | self.indicators.append(visio) | 376 | self.indicators.append(visio) |
| 377 | + if not self.ole: | ||
| 378 | + return visio | ||
| 367 | if self.ole.exists('VisioDocument'): | 379 | if self.ole.exists('VisioDocument'): |
| 368 | visio.value = True | 380 | visio.value = True |
| 369 | return visio | 381 | return visio |
| @@ -375,6 +387,8 @@ class OleID(object): | @@ -375,6 +387,8 @@ class OleID(object): | ||
| 375 | description='Contains an ObjectPool stream, very likely to contain ' | 387 | description='Contains an ObjectPool stream, very likely to contain ' |
| 376 | 'embedded OLE objects or files.') | 388 | 'embedded OLE objects or files.') |
| 377 | self.indicators.append(objpool) | 389 | self.indicators.append(objpool) |
| 390 | + if not self.ole: | ||
| 391 | + return objpool | ||
| 378 | if self.ole.exists('ObjectPool'): | 392 | if self.ole.exists('ObjectPool'): |
| 379 | objpool.value = True | 393 | objpool.value = True |
| 380 | return objpool | 394 | return objpool |
| @@ -387,6 +401,8 @@ class OleID(object): | @@ -387,6 +401,8 @@ class OleID(object): | ||
| 387 | 'in OLE streams. Not 100% accurate, there may be false ' | 401 | 'in OLE streams. Not 100% accurate, there may be false ' |
| 388 | 'positives.') | 402 | 'positives.') |
| 389 | self.indicators.append(flash) | 403 | self.indicators.append(flash) |
| 404 | + if not self.ole: | ||
| 405 | + return flash | ||
| 390 | for stream in self.ole.listdir(): | 406 | for stream in self.ole.listdir(): |
| 391 | data = self.ole.openstream(stream).read() | 407 | data = self.ole.openstream(stream).read() |
| 392 | found = detect_flash(data) | 408 | found = detect_flash(data) |