Commit ca1940b706df6fa89ea24b7e4e054695f0bed6ec
1 parent
332a4a5b
msodde: Raise error of file is encrypted
Sofar, msodde do not complain if file is encrypted, but cannot inspect it either. That gives the user a false sense of security which is dangerous. Raise error to make the situation clear
Showing
1 changed file
with
18 additions
and
4 deletions
oletools/msodde.py
| ... | ... | @@ -61,7 +61,9 @@ import olefile |
| 61 | 61 | from oletools import ooxml |
| 62 | 62 | from oletools import xls_parser |
| 63 | 63 | from oletools import rtfobj |
| 64 | +from oletools import oleid | |
| 64 | 65 | from oletools.common.log_helper import log_helper |
| 66 | +from oletools.common.errors import FileIsEncryptedError | |
| 65 | 67 | |
| 66 | 68 | # ----------------------------------------------------------------------------- |
| 67 | 69 | # CHANGELOG: |
| ... | ... | @@ -438,17 +440,18 @@ def process_doc_stream(stream): |
| 438 | 440 | return result_parts |
| 439 | 441 | |
| 440 | 442 | |
| 441 | -def process_doc(filepath): | |
| 443 | +def process_doc(ole): | |
| 442 | 444 | """ |
| 443 | 445 | find dde links in word ole (.doc/.dot) file |
| 444 | 446 | |
| 447 | + Checks whether files is ppt and returns empty immediately in that case | |
| 448 | + (ppt files cannot contain DDE-links to my knowledge) | |
| 449 | + | |
| 445 | 450 | like process_xml, returns a concatenated unicode string of dde links or |
| 446 | 451 | empty if none were found. dde-links will still begin with the dde[auto] key |
| 447 | 452 | word (possibly after some whitespace) |
| 448 | 453 | """ |
| 449 | 454 | logger.debug('process_doc') |
| 450 | - ole = olefile.OleFileIO(filepath, path_encoding=None) | |
| 451 | - | |
| 452 | 455 | links = [] |
| 453 | 456 | for sid, direntry in enumerate(ole.direntries): |
| 454 | 457 | is_orphan = direntry is None |
| ... | ... | @@ -886,9 +889,20 @@ def process_file(filepath, field_filter_mode=None): |
| 886 | 889 | if xls_parser.is_xls(filepath): |
| 887 | 890 | logger.debug('Process file as excel 2003 (xls)') |
| 888 | 891 | return process_xls(filepath) |
| 892 | + | |
| 893 | + # encrypted files also look like ole, even if office 2007+ (xml-based) | |
| 894 | + # so check for encryption, first | |
| 895 | + ole = olefile.OleFileIO(filepath, path_encoding=None) | |
| 896 | + oid = oleid.OleID(ole) | |
| 897 | + if oid.check_encrypted().value: | |
| 898 | + log.debug('is encrypted - raise error') | |
| 899 | + raise FileIsEncryptedError(filepath) | |
| 900 | + elif oid.check_powerpoint().value: | |
| 901 | + log.debug('is ppt - cannot have DDE') | |
| 902 | + return u'' | |
| 889 | 903 | else: |
| 890 | 904 | logger.debug('Process file as word 2003 (doc)') |
| 891 | - return process_doc(filepath) | |
| 905 | + return process_doc(ole) | |
| 892 | 906 | |
| 893 | 907 | with open(filepath, 'rb') as file_handle: |
| 894 | 908 | if file_handle.read(4) == RTF_START: | ... | ... |