Commit db092ff0a3a2bd719fc526a39a23d368ad861c10
1 parent
53dfd753
ftguess: added PNG format
Showing
1 changed file
with
20 additions
and
1 deletions
oletools/ftguess.py
| @@ -190,6 +190,7 @@ class FTYPE(object): | @@ -190,6 +190,7 @@ class FTYPE(object): | ||
| 190 | UNKNOWN = 'Unknown File Type' | 190 | UNKNOWN = 'Unknown File Type' |
| 191 | MSI = "MSI" | 191 | MSI = "MSI" |
| 192 | ONENOTE = "OneNote" | 192 | ONENOTE = "OneNote" |
| 193 | + PNG = 'PNG' | ||
| 193 | 194 | ||
| 194 | class CONTAINER(object): | 195 | class CONTAINER(object): |
| 195 | """ | 196 | """ |
| @@ -205,6 +206,7 @@ class CONTAINER(object): | @@ -205,6 +206,7 @@ class CONTAINER(object): | ||
| 205 | BINARY = 'Binary' # Generic binary file without container | 206 | BINARY = 'Binary' # Generic binary file without container |
| 206 | UNKNOWN = 'Unknown Container' | 207 | UNKNOWN = 'Unknown Container' |
| 207 | ONENOTE = 'OneNote' | 208 | ONENOTE = 'OneNote' |
| 209 | + PNG = 'PNG' | ||
| 208 | 210 | ||
| 209 | class APP(object): | 211 | class APP(object): |
| 210 | """ | 212 | """ |
| @@ -700,6 +702,23 @@ class FType_OneNote(FType_Base): | @@ -700,6 +702,23 @@ class FType_OneNote(FType_Base): | ||
| 700 | return True if ftg.data.startswith(b'\xE4\x52\x5C\x7B\x8C\xD8\xA7\x4D\xAE\xB1\x53\x78\xD0\x29\x96\xD3') else False | 702 | return True if ftg.data.startswith(b'\xE4\x52\x5C\x7B\x8C\xD8\xA7\x4D\xAE\xB1\x53\x78\xD0\x29\x96\xD3') else False |
| 701 | 703 | ||
| 702 | 704 | ||
| 705 | +class FType_PNG(FType_Base): | ||
| 706 | + container = CONTAINER.PNG | ||
| 707 | + application = APP.UNKNOWN | ||
| 708 | + filetype = FTYPE.PNG | ||
| 709 | + name = 'PNG' | ||
| 710 | + longname = 'Portable Network Graphics picture (.png)' | ||
| 711 | + extensions = ['png'] | ||
| 712 | + content_types = ('image/png',) | ||
| 713 | + PUID = 'fmt/13' # This is for PNG 1.2. PNG 1.1 is fmt/12, 1.0 is fmt/11 | ||
| 714 | + # ref: http://fileformats.archiveteam.org/wiki/PNG | ||
| 715 | + # PRONOM: https://www.nationalarchives.gov.uk/PRONOM/Format/proFormatSearch.aspx?status=detailReport&id=666 | ||
| 716 | + | ||
| 717 | + @classmethod | ||
| 718 | + def recognize(cls, ftg): | ||
| 719 | + return True if ftg.data.startswith(b'\x89\x50\x4E\x47\x0D\x0A\x1A\x0A') else False | ||
| 720 | + | ||
| 721 | + | ||
| 703 | # TODO: for PPT, check for stream 'PowerPoint Document' | 722 | # TODO: for PPT, check for stream 'PowerPoint Document' |
| 704 | # TODO: for Visio, check for stream 'VisioDocument' | 723 | # TODO: for Visio, check for stream 'VisioDocument' |
| 705 | 724 | ||
| @@ -792,7 +811,7 @@ class FileTypeGuesser(object): | @@ -792,7 +811,7 @@ class FileTypeGuesser(object): | ||
| 792 | self.data_bytesio = io.BytesIO(self.data) | 811 | self.data_bytesio = io.BytesIO(self.data) |
| 793 | 812 | ||
| 794 | # Identify the main container type: | 813 | # Identify the main container type: |
| 795 | - for ftype in (FType_RTF, FType_Generic_OLE, FType_Generic_Zip, FType_OneNote): | 814 | + for ftype in (FType_RTF, FType_Generic_OLE, FType_Generic_Zip, FType_OneNote, FType_PNG): |
| 796 | if ftype.recognize(self): | 815 | if ftype.recognize(self): |
| 797 | self.ftype = ftype | 816 | self.ftype = ftype |
| 798 | break | 817 | break |