Commit ca1940b706df6fa89ea24b7e4e054695f0bed6ec
1 parent
332a4a5b
msodde: Raise error of file is encrypted
Sofar, msodde do not complain if file is encrypted, but cannot inspect it either. That gives the user a false sense of security which is dangerous. Raise error to make the situation clear
Showing
1 changed file
with
18 additions
and
4 deletions
oletools/msodde.py
| @@ -61,7 +61,9 @@ import olefile | @@ -61,7 +61,9 @@ import olefile | ||
| 61 | from oletools import ooxml | 61 | from oletools import ooxml |
| 62 | from oletools import xls_parser | 62 | from oletools import xls_parser |
| 63 | from oletools import rtfobj | 63 | from oletools import rtfobj |
| 64 | +from oletools import oleid | ||
| 64 | from oletools.common.log_helper import log_helper | 65 | from oletools.common.log_helper import log_helper |
| 66 | +from oletools.common.errors import FileIsEncryptedError | ||
| 65 | 67 | ||
| 66 | # ----------------------------------------------------------------------------- | 68 | # ----------------------------------------------------------------------------- |
| 67 | # CHANGELOG: | 69 | # CHANGELOG: |
| @@ -438,17 +440,18 @@ def process_doc_stream(stream): | @@ -438,17 +440,18 @@ def process_doc_stream(stream): | ||
| 438 | return result_parts | 440 | return result_parts |
| 439 | 441 | ||
| 440 | 442 | ||
| 441 | -def process_doc(filepath): | 443 | +def process_doc(ole): |
| 442 | """ | 444 | """ |
| 443 | find dde links in word ole (.doc/.dot) file | 445 | find dde links in word ole (.doc/.dot) file |
| 444 | 446 | ||
| 447 | + Checks whether files is ppt and returns empty immediately in that case | ||
| 448 | + (ppt files cannot contain DDE-links to my knowledge) | ||
| 449 | + | ||
| 445 | like process_xml, returns a concatenated unicode string of dde links or | 450 | like process_xml, returns a concatenated unicode string of dde links or |
| 446 | empty if none were found. dde-links will still begin with the dde[auto] key | 451 | empty if none were found. dde-links will still begin with the dde[auto] key |
| 447 | word (possibly after some whitespace) | 452 | word (possibly after some whitespace) |
| 448 | """ | 453 | """ |
| 449 | logger.debug('process_doc') | 454 | logger.debug('process_doc') |
| 450 | - ole = olefile.OleFileIO(filepath, path_encoding=None) | ||
| 451 | - | ||
| 452 | links = [] | 455 | links = [] |
| 453 | for sid, direntry in enumerate(ole.direntries): | 456 | for sid, direntry in enumerate(ole.direntries): |
| 454 | is_orphan = direntry is None | 457 | is_orphan = direntry is None |
| @@ -886,9 +889,20 @@ def process_file(filepath, field_filter_mode=None): | @@ -886,9 +889,20 @@ def process_file(filepath, field_filter_mode=None): | ||
| 886 | if xls_parser.is_xls(filepath): | 889 | if xls_parser.is_xls(filepath): |
| 887 | logger.debug('Process file as excel 2003 (xls)') | 890 | logger.debug('Process file as excel 2003 (xls)') |
| 888 | return process_xls(filepath) | 891 | return process_xls(filepath) |
| 892 | + | ||
| 893 | + # encrypted files also look like ole, even if office 2007+ (xml-based) | ||
| 894 | + # so check for encryption, first | ||
| 895 | + ole = olefile.OleFileIO(filepath, path_encoding=None) | ||
| 896 | + oid = oleid.OleID(ole) | ||
| 897 | + if oid.check_encrypted().value: | ||
| 898 | + log.debug('is encrypted - raise error') | ||
| 899 | + raise FileIsEncryptedError(filepath) | ||
| 900 | + elif oid.check_powerpoint().value: | ||
| 901 | + log.debug('is ppt - cannot have DDE') | ||
| 902 | + return u'' | ||
| 889 | else: | 903 | else: |
| 890 | logger.debug('Process file as word 2003 (doc)') | 904 | logger.debug('Process file as word 2003 (doc)') |
| 891 | - return process_doc(filepath) | 905 | + return process_doc(ole) |
| 892 | 906 | ||
| 893 | with open(filepath, 'rb') as file_handle: | 907 | with open(filepath, 'rb') as file_handle: |
| 894 | if file_handle.read(4) == RTF_START: | 908 | if file_handle.read(4) == RTF_START: |