Peter M. Groen / oletools

Commit f07043b931ab6163e130323e68a6cb562fb1947d

Authored by decalage2
1 parent 29572ea3

olefile is now an external dependency, obsolete copy removed from thirdparty folder

Inline Side-by-side
Showing 38 changed files with 115 additions and 4290 deletions
oletools/msodde.py
  View file @f07043b
... ... @@ -58,16 +58,7 @@ import logging
58 58 import re
59 59 import csv
60 60  
61   -# little hack to allow absolute imports even if oletools is not installed
62   -# Copied from olevba.py
63   -try:
64   - from oletools.thirdparty import olefile
65   -except ImportError:
66   - PARENT_DIR = dirname(dirname(abspath(__file__)))
67   - if PARENT_DIR not in sys.path:
68   - sys.path.insert(0, PARENT_DIR)
69   - del PARENT_DIR
70   - from oletools.thirdparty import olefile
  61 +import olefile
71 62  
72 63 from oletools import ooxml
73 64 from oletools import xls_parser
... ... @@ -93,8 +84,9 @@ from oletools import rtfobj
93 84 # 2018-01-11 PL: - fixed issue #242 (apply unquote to fldSimple tags)
94 85 # 2018-01-10 CH: - add single-xml files (Word 2003/2007+ / Excel 2003)
95 86 # 2018-03-21 CH: - added detection for various CSV formulas (issue #259)
  87 +# 2018-09-11 v0.54 PL: - olefile is now a dependency
96 88  
97   -__version__ = '0.53'
  89 +__version__ = '0.54dev1'
98 90  
99 91 # -----------------------------------------------------------------------------
100 92 # TODO: field codes can be in headers/footers/comments - parse these
... ...
oletools/olebrowse.py
  View file @f07043b
... ... @@ -41,8 +41,9 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
41 41 # 2012-09-17 v0.01 PL: - first version
42 42 # 2014-11-29 v0.02 PL: - use olefile instead of OleFileIO_PL
43 43 # 2017-04-26 v0.51 PL: - fixed absolute imports (issue #141)
  44 +# 2018-09-11 v0.54 PL: - olefile is now a dependency
44 45  
45   -__version__ = '0.51'
  46 +__version__ = '0.54dev1'
46 47  
47 48 #------------------------------------------------------------------------------
48 49 # TODO:
... ... @@ -69,7 +70,7 @@ if not _parent_dir in sys.path:
69 70 sys.path.insert(0, _parent_dir)
70 71  
71 72 from oletools.thirdparty.easygui import easygui
72   -from oletools.thirdparty import olefile
  73 +import olefile
73 74 from oletools import ezhexviewer
74 75  
75 76 ABOUT = '~ About olebrowse'
... ...
oletools/oledir.py
  View file @f07043b
... ... @@ -50,8 +50,9 @@ from __future__ import print_function
50 50 # - added support for zip files and wildcards
51 51 # 2018-04-11 v0.53 PL: - added table displaying storage tree and CLSIDs
52 52 # 2018-04-13 PL: - moved KNOWN_CLSIDS to common.clsid
  53 +# 2018-08-28 v0.54 PL: - olefile is now a dependency
53 54  
54   -__version__ = '0.53'
  55 +__version__ = '0.54dev1'
55 56  
56 57 #------------------------------------------------------------------------------
57 58 # TODO:
... ... @@ -87,7 +88,7 @@ import colorclass
87 88 if os.name == 'nt':
88 89 colorclass.Windows.enable(auto_colors=True)
89 90  
90   -from oletools.thirdparty import olefile
  91 +import olefile
91 92 from oletools.thirdparty.tablestream import tablestream
92 93 from oletools.thirdparty.xglob import xglob
93 94 from oletools.common.clsid import KNOWN_CLSIDS
... ... @@ -236,6 +237,35 @@ def main():
236 237 # t.add_row((id, status, entry_type, name, left, right, child, hex(d.isectStart), d.size))
237 238 table.write_row((id, status, entry_type, name, left, right, child, '%X' % d.isectStart, d.size),
238 239 colors=(None, status_color, etype_color, None, None, None, None, None, None))
  240 +
  241 + table = tablestream.TableStream(column_width=[4, 28, 6, 38],
  242 + header_row=('id', 'Name', 'Size', 'CLSID'),
  243 + style=tablestream.TableStyleSlim)
  244 + rootname = ole.get_rootentry_name()
  245 + entry_id = 0
  246 + clsid = ole.root.clsid
  247 + clsid_text, clsid_color = clsid_display(clsid)
  248 + table.write_row((entry_id, rootname, '-', clsid_text),
  249 + colors=(None, 'cyan', None, clsid_color))
  250 + for entry in sorted(ole.listdir(storages=True)):
  251 + name = entry[-1]
  252 + # handle non-printable chars using repr(), remove quotes:
  253 + name = repr(name)[1:-1]
  254 + name_color = None
  255 + if ole.get_type(entry) in (olefile.STGTY_STORAGE, olefile.STGTY_ROOT):
  256 + name_color = 'cyan'
  257 + indented_name = ' '*(len(entry)-1) + name
  258 + entry_id = ole._find(entry)
  259 + try:
  260 + size = ole.get_size(entry)
  261 + except:
  262 + size = '-'
  263 + clsid = ole.getclsid(entry)
  264 + clsid_text, clsid_color = clsid_display(clsid)
  265 + table.write_row((entry_id, indented_name, size, clsid_text),
  266 + colors=(None, name_color, None, clsid_color))
  267 +
  268 +
239 269 ole.close()
240 270 # print t
241 271  
... ...
oletools/oleform.py
  View file @f07043b
... ... @@ -114,8 +114,6 @@ class ExtendedStream(object):
114 114  
115 115 @classmethod
116 116 def open(cls, ole_file, path):
117   - # import oletools.thirdparty.olefile as olefile
118   - # olefile.enable_logging()
119 117 stream = ole_file.openstream(path)
120 118 # print('Opening OLE stream %r - size: %d' % (path, stream.size))
121 119 # print('declared size: %d' % ole_file.get_size(path))
... ...
oletools/oleid.py
  View file @f07043b
... ... @@ -55,8 +55,9 @@ from __future__ import print_function
55 55 # 2016-12-12 v0.51 PL: - fixed relative imports for Python 3 (issue #115)
56 56 # 2017-04-26 PL: - fixed absolute imports (issue #141)
57 57 # 2017-09-01 SA: - detect OpenXML encryption
  58 +# 2018-09-11 v0.54 PL: - olefile is now a dependency
58 59  
59   -__version__ = '0.53'
  60 +__version__ = '0.54dev1'
60 61  
61 62  
62 63 #------------------------------------------------------------------------------
... ... @@ -91,7 +92,7 @@ _parent_dir = os.path.normpath(os.path.join(_thismodule_dir, '..'))
91 92 if not _parent_dir in sys.path:
92 93 sys.path.insert(0, _parent_dir)
93 94  
94   -from oletools.thirdparty import olefile
  95 +import olefile
95 96 from oletools.thirdparty.prettytable import prettytable
96 97  
97 98  
... ...
oletools/olemap.py
  View file @f07043b
... ... @@ -13,7 +13,7 @@ http://www.decalage.info/python/oletools
13 13  
14 14 #=== LICENSE ==================================================================
15 15  
16   -# olemap is copyright (c) 2015-2017 Philippe Lagadec (http://www.decalage.info)
  16 +# olemap is copyright (c) 2015-2018 Philippe Lagadec (http://www.decalage.info)
17 17 # All rights reserved.
18 18 #
19 19 # Redistribution and use in source and binary forms, with or without modification,
... ... @@ -51,9 +51,9 @@ http://www.decalage.info/python/oletools
51 51 # 2017-03-22 PL: - added extra data detection, completed header display
52 52 # 2017-03-23 PL: - only display the header by default
53 53 # - added option --exdata to display extra data in hex
  54 +# 2018-08-28 v0.54 PL: - olefile is now a dependency
54 55  
55   -
56   -__version__ = '0.51'
  56 +__version__ = '0.54dev1'
57 57  
58 58 #------------------------------------------------------------------------------
59 59 # TODO:
... ... @@ -74,7 +74,7 @@ _parent_dir = os.path.normpath(os.path.join(_thismodule_dir, '..'))
74 74 if not _parent_dir in sys.path:
75 75 sys.path.insert(0, _parent_dir)
76 76  
77   -from oletools.thirdparty.olefile import olefile
  77 +import olefile
78 78 from oletools.thirdparty.tablestream import tablestream
79 79 from oletools.thirdparty.xglob import xglob
80 80 from oletools.ezhexviewer import hexdump3
... ...
oletools/olemeta.py
  View file @f07043b
... ... @@ -15,7 +15,7 @@ http://www.decalage.info/python/oletools
15 15  
16 16 #=== LICENSE =================================================================
17 17  
18   -# olemeta is copyright (c) 2013-2017, Philippe Lagadec (http://www.decalage.info)
  18 +# olemeta is copyright (c) 2013-2018, Philippe Lagadec (http://www.decalage.info)
19 19 # All rights reserved.
20 20 #
21 21 # Redistribution and use in source and binary forms, with or without modification,
... ... @@ -49,8 +49,9 @@ http://www.decalage.info/python/oletools
49 49 # 2016-10-28 PL: - removed the UTF8 codec for console display
50 50 # 2017-04-26 v0.51 PL: - fixed absolute imports (issue #141)
51 51 # 2017-05-04 PL: - added optparse and xglob (issue #141)
  52 +# 2018-09-11 v0.54 PL: - olefile is now a dependency
52 53  
53   -__version__ = '0.51'
  54 +__version__ = '0.54dev1'
54 55  
55 56 #------------------------------------------------------------------------------
56 57 # TODO:
... ... @@ -75,7 +76,7 @@ _parent_dir = os.path.normpath(os.path.join(_thismodule_dir, '..'))
75 76 if not _parent_dir in sys.path:
76 77 sys.path.insert(0, _parent_dir)
77 78  
78   -from oletools.thirdparty import olefile
  79 +import olefile
79 80 from oletools.thirdparty import xglob
80 81 from oletools.thirdparty.tablestream import tablestream
81 82  
... ...
oletools/oleobj.py
  View file @f07043b
... ... @@ -52,13 +52,15 @@ import sys
52 52 import io
53 53 from zipfile import is_zipfile, ZipFile
54 54  
  55 +import olefile
  56 +
55 57 # IMPORTANT: it should be possible to run oletools directly as scripts
56 58 # in any directory without installing them with pip or setup.py.
57 59 # In that case, relative imports are NOT usable.
58 60 # And to enable Python 2+3 compatibility, we need to use absolute imports,
59 61 # so we add the oletools parent folder to sys.path (absolute+normalized path):
60 62 try:
61   - from oletools.thirdparty import olefile
  63 + from oletools.thirdparty import xglob
62 64 except ImportError:
63 65 import os.path
64 66 PARENT_DIR = os.path.normpath(os.path.dirname(os.path.dirname(
... ... @@ -66,8 +68,8 @@ except ImportError:
66 68 if PARENT_DIR not in sys.path:
67 69 sys.path.insert(0, PARENT_DIR)
68 70 del PARENT_DIR
69   - from oletools.thirdparty import olefile
70   -from oletools.thirdparty import xglob
  71 + from oletools.thirdparty import xglob
  72 +
71 73 from oletools.ppt_record_parser import (is_ppt, PptFile,
72 74 PptRecordExOleVbaActiveXAtom)
73 75 from oletools.ooxml import ZipSubFile
... ... @@ -84,8 +86,9 @@ from oletools.ooxml import ZipSubFile
84 86 # 2018-01-18 v0.52 CH: - added support for zipped-xml-based types (docx, pptx,
85 87 # xlsx), and ppt
86 88 # 2018-03-27 PL: - fixed issue #274 in read_length_prefixed_string
  89 +# 2018-09-11 v0.54 PL: - olefile is now a dependency
87 90  
88   -__version__ = '0.52.4'
  91 +__version__ = '0.54dev1'
89 92  
90 93 # -----------------------------------------------------------------------------
91 94 # TODO:
... ...
oletools/oletimes.py
  View file @f07043b
... ... @@ -50,8 +50,9 @@ http://www.decalage.info/python/oletools
50 50 # 2016-09-05 PL: - added main entry point for setup.py
51 51 # 2017-05-03 v0.51 PL: - fixed absolute imports (issue #141)
52 52 # 2017-05-04 PL: - added optparse and xglob (issue #141)
  53 +# 2018-09-11 v0.54 PL: - olefile is now a dependency
53 54  
54   -__version__ = '0.51'
  55 +__version__ = '0.54dev1'
55 56  
56 57 #------------------------------------------------------------------------------
57 58 # TODO:
... ... @@ -75,7 +76,7 @@ _parent_dir = os.path.normpath(os.path.join(_thismodule_dir, '..'))
75 76 if not _parent_dir in sys.path:
76 77 sys.path.insert(0, _parent_dir)
77 78  
78   -from oletools.thirdparty import olefile
  79 +import olefile
79 80 from oletools.thirdparty import xglob
80 81 from oletools.thirdparty.prettytable import prettytable
81 82  
... ...
oletools/olevba.py
  View file @f07043b
... ... @@ -206,8 +206,9 @@ from __future__ import print_function
206 206 # 2018-03-19 PL: - removed pyparsing from the thirdparty subfolder
207 207 # 2018-04-15 v0.53 PL: - added support for Word/PowerPoint 2007+ XML (FlatOPC)
208 208 # (issue #283)
  209 +# 2018-09-11 v0.54 PL: - olefile is now a dependency
209 210  
210   -__version__ = '0.53.1'
  211 +__version__ = '0.54dev1'
211 212  
212 213 #------------------------------------------------------------------------------
213 214 # TODO:
... ... @@ -287,7 +288,7 @@ _parent_dir = os.path.normpath(os.path.join(_thismodule_dir, '..'))
287 288 if not _parent_dir in sys.path:
288 289 sys.path.insert(0, _parent_dir)
289 290  
290   -from oletools.thirdparty import olefile
  291 +import olefile
291 292 from oletools.thirdparty.prettytable import prettytable
292 293 from oletools.thirdparty.xglob import xglob, PathNotFoundException
293 294 from pyparsing import \
... ...
oletools/olevba3.py
  View file @f07043b
... ... @@ -206,8 +206,9 @@ from __future__ import print_function
206 206 # (issue #283)
207 207 # 2018-06-11 v0.53.1 MHW: - fixed #320: chr instead of unichr on python 3
208 208 # 2018-06-12 MHW: - fixed #322: import reduce from functools
  209 +# 2018-09-11 v0.54 PL: - olefile is now a dependency
209 210  
210   -__version__ = '0.53.1'
  211 +__version__ = '0.54dev1'
211 212  
212 213 #------------------------------------------------------------------------------
213 214 # TODO:
... ... @@ -288,7 +289,7 @@ _parent_dir = os.path.normpath(os.path.join(_thismodule_dir, '..'))
288 289 if not _parent_dir in sys.path:
289 290 sys.path.insert(0, _parent_dir)
290 291  
291   -from oletools.thirdparty import olefile
  292 +import olefile
292 293 from oletools.thirdparty.prettytable import prettytable
293 294 from oletools.thirdparty.xglob import xglob, PathNotFoundException
294 295 from pyparsing import \
... ...
oletools/ppt_parser.py
  View file @f07043b
... ... @@ -41,8 +41,9 @@ file structure and will replace this module some time soon!
41 41 # 2016-09-13 PL: - fixed olefile import for Python 2+3
42 42 # - fixed format strings for Python 2.6 (issue #75)
43 43 # 2017-04-23 v0.51 PL: - fixed absolute imports and issue #101
  44 +# 2018-09-11 v0.54 PL: - olefile is now a dependency
44 45  
45   -__version__ = '0.51'
  46 +__version__ = '0.54dev1'
46 47  
47 48  
48 49 # --- IMPORTS ------------------------------------------------------------------
... ... @@ -66,11 +67,41 @@ _parent_dir = os.path.normpath(os.path.join(_thismodule_dir, '..'))
66 67 if not _parent_dir in sys.path:
67 68 sys.path.insert(0, _parent_dir)
68 69  
69   -from oletools.thirdparty.olefile import olefile
  70 +import olefile
  71 +
  72 +
  73 +# TODO: this is a temporary fix until all logging features are unified in oletools
  74 +def get_logger(name, level=logging.CRITICAL+1):
  75 + """
  76 + Create a suitable logger object for this module.
  77 + The goal is not to change settings of the root logger, to avoid getting
  78 + other modules' logs on the screen.
  79 + If a logger exists with same name, reuse it. (Else it would have duplicate
  80 + handlers and messages would be doubled.)
  81 + The level is set to CRITICAL+1 by default, to avoid any logging.
  82 + """
  83 + # First, test if there is already a logger with the same name, else it
  84 + # will generate duplicate messages (due to duplicate handlers):
  85 + if name in logging.Logger.manager.loggerDict:
  86 + #NOTE: another less intrusive but more "hackish" solution would be to
  87 + # use getLogger then test if its effective level is not default.
  88 + logger = logging.getLogger(name)
  89 + # make sure level is OK:
  90 + logger.setLevel(level)
  91 + return logger
  92 + # get a new logger:
  93 + logger = logging.getLogger(name)
  94 + # only add a NullHandler for this logger, it is up to the application
  95 + # to configure its own logging:
  96 + logger.addHandler(logging.NullHandler())
  97 + logger.setLevel(level)
  98 + return logger
  99 +
  100 +
70 101  
71 102  
72 103 # a global logger object used for debugging:
73   -log = olefile.get_logger('ppt')
  104 +log = get_logger('ppt')
74 105  
75 106  
76 107 def enable_logging():
... ...
oletools/pyxswf.py
  View file @f07043b
... ... @@ -57,8 +57,9 @@ http://www.decalage.info/python/oletools
57 57 # 2016-09-06 v0.50 PL: - updated to match the rtfobj API
58 58 # 2016-10-25 PL: - fixed print for Python 3
59 59 # 2016-11-01 PL: - replaced StringIO by BytesIO for Python 3
  60 +# 2018-09-11 v0.54 PL: - olefile is now a dependency
60 61  
61   -__version__ = '0.50'
  62 +__version__ = '0.54dev1'
62 63  
63 64 #------------------------------------------------------------------------------
64 65 # TODO:
... ... @@ -78,7 +79,7 @@ import optparse, sys, os
78 79 from . import rtfobj
79 80 from io import BytesIO
80 81 from .thirdparty.xxxswf import xxxswf
81   -from .thirdparty import olefile
  82 +import olefile
82 83  
83 84  
84 85 #=== MAIN =================================================================
... ...
oletools/record_base.py
  View file @f07043b
... ... @@ -36,6 +36,9 @@ from __future__ import print_function
36 36 # -----------------------------------------------------------------------------
37 37 # CHANGELOG:
38 38 # 2017-11-30 v0.01 CH: - first version based on xls_parser
  39 +# 2018-09-11 v0.54 PL: - olefile is now a dependency
  40 +
  41 +__version__ = '0.54dev1'
39 42  
40 43 # -----------------------------------------------------------------------------
41 44 # TODO:
... ... @@ -57,17 +60,7 @@ import os.path
57 60 from io import SEEK_CUR
58 61 import logging
59 62  
60   -try:
61   - from oletools.thirdparty import olefile
62   -except ImportError:
63   - # little hack to allow absolute imports even if oletools is not installed.
64   - # Copied from olevba.py
65   - PARENT_DIR = os.path.normpath(os.path.dirname(os.path.dirname(
66   - os.path.abspath(__file__))))
67   - if PARENT_DIR not in sys.path:
68   - sys.path.insert(0, PARENT_DIR)
69   - del PARENT_DIR
70   - from oletools.thirdparty import olefile
  63 +import olefile
71 64  
72 65  
73 66 ###############################################################################
... ...
oletools/rtfobj.py
  View file @f07043b
... ... @@ -86,8 +86,10 @@ http://www.decalage.info/python/oletools
86 86 # 2018-05-10 PL: - fixed issues #303 #307: several destination cwords were incorrect
87 87 # 2018-05-17 PL: - fixed issue #273: bytes constants instead of str
88 88 # 2018-05-31 v0.53.1 PP: - fixed issue #316: whitespace after \bin on Python 3
  89 +# 2018-06-22 v0.53.2 PL: - fixed issue #327: added "\pnaiu" & "\pnaiud"
  90 +# 2018-09-11 v0.54 PL: - olefile is now a dependency
89 91  
90   -__version__ = '0.53.1'
  92 +__version__ = '0.54dev1'
91 93  
92 94 # ------------------------------------------------------------------------------
93 95 # TODO:
... ... @@ -120,7 +122,7 @@ if not _parent_dir in sys.path:
120 122 from oletools.thirdparty.xglob import xglob
121 123 from oletools.thirdparty.tablestream import tablestream
122 124 from oletools import oleobj
123   -from oletools.thirdparty.olefile import olefile
  125 +import olefile
124 126 from oletools.common import clsid
125 127  
126 128 # === LOGGING =================================================================
... ... @@ -303,6 +305,8 @@ DESTINATION_CONTROL_WORDS = frozenset((
303 305 b"xmlattrname", b"xmlattrvalue", b"xmlclose", b"xmlname", b"xmlnstbl", b"xmlopen",
304 306 # added for issue #292: https://github.com/decalage2/oletools/issues/292
305 307 b"margSz",
  308 + # added for issue #327:
  309 + b"pnaiu", b"pnaiud",
306 310  
307 311 # It seems \private should not be treated as a destination (issue #178)
308 312 # Same for \pxe (issue #196)
... ...
oletools/thirdparty/olefile/CONTRIBUTORS.txt deleted
View file @29572ea
1   -CONTRIBUTORS for the olefile project
2   -====================================
3   -
4   -This is a non-exhaustive list of all the people who helped me improve the
5   -olefile project (formerly OleFileIO_PL), in approximative chronological order.
6   -Please contact me if I forgot to mention your name.
7   -
8   -A big thank you to all of them:
9   -
10   -- Niko Ehrenfeuchter: added support for Jython
11   -- Niko Ehrenfeuchter, Martijn Berger and Dave Jones: helped fix 4K sector support
12   -- Martin Panter: conversion to Python 3.x/2.6+
13   -- mete0r_kr: added support for file-like objects
14   -- chuckleberryfinn: fixed bug in getproperties
15   -- Martijn, Ben G.: bug report for 64 bits platforms
16   -- Philippe Lagadec: main author and maintainer since 2005
17   -- and of course Fredrik Lundh: original author of OleFileIO from 1995 to 2005
oletools/thirdparty/olefile/LICENSE.txt deleted
View file @29572ea
1   -LICENSE for the olefile package:
2   -
3   -olefile (formerly OleFileIO_PL) is copyright (c) 2005-2016 Philippe Lagadec
4   -(http://www.decalage.info)
5   -
6   -All rights reserved.
7   -
8   -Redistribution and use in source and binary forms, with or without modification,
9   -are permitted provided that the following conditions are met:
10   -
11   - * Redistributions of source code must retain the above copyright notice, this
12   - list of conditions and the following disclaimer.
13   - * Redistributions in binary form must reproduce the above copyright notice,
14   - this list of conditions and the following disclaimer in the documentation
15   - and/or other materials provided with the distribution.
16   -
17   -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
18   -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19   -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20   -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
21   -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22   -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
23   -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
24   -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25   -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26   -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27   -
28   -
29   -----------
30   -
31   -olefile is based on source code from the OleFileIO module of the Python
32   -Imaging Library (PIL) published by Fredrik Lundh under the following license:
33   -
34   -The Python Imaging Library (PIL) is
35   -- Copyright (c) 1997-2005 by Secret Labs AB
36   -- Copyright (c) 1995-2005 by Fredrik Lundh
37   -
38   -By obtaining, using, and/or copying this software and/or its associated
39   -documentation, you agree that you have read, understood, and will comply with
40   -the following terms and conditions:
41   -
42   -Permission to use, copy, modify, and distribute this software and its
43   -associated documentation for any purpose and without fee is hereby granted,
44   -provided that the above copyright notice appears in all copies, and that both
45   -that copyright notice and this permission notice appear in supporting
46   -documentation, and that the name of Secret Labs AB or the author not be used
47   -in advertising or publicity pertaining to distribution of the software without
48   -specific, written prior permission.
49   -
50   -SECRET LABS AB AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
51   -SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN
52   -NO EVENT SHALL SECRET LABS AB OR THE AUTHOR BE LIABLE FOR ANY SPECIAL,
53   -INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
54   -LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
55   -OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
56   -PERFORMANCE OF THIS SOFTWARE.
oletools/thirdparty/olefile/README.html deleted
View file @29572ea
1   -<h1 id="olefile-formerly-olefileio_pl">olefile (formerly OleFileIO_PL)</h1>
2   -<p><a href="http://www.decalage.info/olefile">olefile</a> is a Python package to parse, read and write <a href="http://en.wikipedia.org/wiki/Compound_File_Binary_Format">Microsoft OLE2 files</a> (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc.</p>
3   -<p><strong>Quick links:</strong> <a href="http://www.decalage.info/olefile">Home page</a> - <a href="https://bitbucket.org/decalage/olefileio_pl/wiki/Install">Download/Install</a> - <a href="https://bitbucket.org/decalage/olefileio_pl/wiki">Documentation</a> - <a href="https://bitbucket.org/decalage/olefileio_pl/issues?status=new&amp;status=open">Report Issues/Suggestions/Questions</a> - <a href="http://decalage.info/contact">Contact the author</a> - <a href="https://bitbucket.org/decalage/olefileio_pl">Repository</a> - <a href="https://twitter.com/decalage2">Updates on Twitter</a></p>
4   -<h2 id="news">News</h2>
5   -<p>Follow all updates and news on Twitter: <a href="https://twitter.com/decalage2">https://twitter.com/decalage2</a></p>
6   -<ul>
7   -<li><strong>2016-02-02 v0.43</strong>: fixed issues <a href="https://bitbucket.org/decalage/olefileio_pl/issues/26/variable-referenced-before-assignment">#26</a> and <a href="https://bitbucket.org/decalage/olefileio_pl/issues/27/incomplete-ole-stream-incorrect-ole-fat">#27</a>, better handling of malformed files, use python logging.</li>
8   -<li>2015-01-25 v0.42: improved handling of special characters in stream/storage names on Python 2.x (using UTF-8 instead of Latin-1), fixed bug in listdir with empty storages.</li>
9   -<li>2014-11-25 v0.41: OleFileIO.open and isOleFile now support OLE files stored in byte strings, fixed installer for python 3, added support for Jython (Niko Ehrenfeuchter)</li>
10   -<li>2014-10-01 v0.40: renamed OleFileIO_PL to olefile, added initial write support for streams &gt;4K, updated doc and license, improved the setup script.</li>
11   -<li>2014-07-27 v0.31: fixed support for large files with 4K sectors, thanks to Niko Ehrenfeuchter, Martijn Berger and Dave Jones. Added test scripts from Pillow (by hugovk). Fixed setup for Python 3 (Martin Panter)</li>
12   -<li>2014-02-04 v0.30: now compatible with Python 3.x, thanks to Martin Panter who did most of the hard work.</li>
13   -<li>2013-07-24 v0.26: added methods to parse stream/storage timestamps, improved listdir to include storages, fixed parsing of direntry timestamps</li>
14   -<li>2013-05-27 v0.25: improved metadata extraction, properties parsing and exception handling, fixed <a href="https://bitbucket.org/decalage/olefileio_pl/issue/12/error-when-converting-timestamps-in-ole">issue #12</a></li>
15   -<li>2013-05-07 v0.24: new features to extract metadata (get_metadata method and OleMetadata class), improved getproperties to convert timestamps to Python datetime</li>
16   -<li>2012-10-09: published <a href="http://www.decalage.info/python/oletools">python-oletools</a>, a package of analysis tools based on OleFileIO_PL</li>
17   -<li>2012-09-11 v0.23: added support for file-like objects, fixed <a href="https://bitbucket.org/decalage/olefileio_pl/issue/8/bug-with-file-object">issue #8</a></li>
18   -<li>2012-02-17 v0.22: fixed issues #7 (bug in getproperties) and #2 (added close method)</li>
19   -<li>2011-10-20: code hosted on bitbucket to ease contributions and bug tracking</li>
20   -<li>2010-01-24 v0.21: fixed support for big-endian CPUs, such as PowerPC Macs.</li>
21   -<li>2009-12-11 v0.20: small bugfix in OleFileIO.open when filename is not plain str.</li>
22   -<li>2009-12-10 v0.19: fixed support for 64 bits platforms (thanks to Ben G. and Martijn for reporting the bug)</li>
23   -<li>see changelog in source code for more info.</li>
24   -</ul>
25   -<h2 id="downloadinstall">Download/Install</h2>
26   -<p>If you have pip or setuptools installed (pip is included in Python 2.7.9+), you may simply run <strong>pip install olefile</strong> or <strong>easy_install olefile</strong> for the first installation.</p>
27   -<p>To update olefile, run <strong>pip install -U olefile</strong>.</p>
28   -<p>Otherwise, see https://bitbucket.org/decalage/olefileio_pl/wiki/Install</p>
29   -<h2 id="features">Features</h2>
30   -<ul>
31   -<li>Parse, read and write any OLE file such as Microsoft Office 97-2003 legacy document formats (Word .doc, Excel .xls, PowerPoint .ppt, Visio .vsd, Project .mpp), Image Composer and FlashPix files, Outlook messages, StickyNotes, Zeiss AxioVision ZVI files, Olympus FluoView OIB files, etc</li>
32   -<li>List all the streams and storages contained in an OLE file</li>
33   -<li>Open streams as files</li>
34   -<li>Parse and read property streams, containing metadata of the file</li>
35   -<li>Portable, pure Python module, no dependency</li>
36   -</ul>
37   -<p>olefile can be used as an independent package or with PIL/Pillow.</p>
38   -<p>olefile is mostly meant for developers. If you are looking for tools to analyze OLE files or to extract data (especially for security purposes such as malware analysis and forensics), then please also check my <a href="http://www.decalage.info/python/oletools">python-oletools</a>, which are built upon olefile and provide a higher-level interface.</p>
39   -<h2 id="history">History</h2>
40   -<p>olefile is based on the OleFileIO module from <a href="http://www.pythonware.com/products/pil/index.htm">PIL</a>, the excellent Python Imaging Library, created and maintained by Fredrik Lundh. The olefile API is still compatible with PIL, but since 2005 I have improved the internal implementation significantly, with new features, bugfixes and a more robust design. From 2005 to 2014 the project was called OleFileIO_PL, and in 2014 I changed its name to olefile to celebrate its 9 years and its new write features.</p>
41   -<p>As far as I know, olefile is the most complete and robust Python implementation to read MS OLE2 files, portable on several operating systems. (please tell me if you know other similar Python modules)</p>
42   -<p>Since 2014 olefile/OleFileIO_PL has been integrated into <a href="http://python-imaging.github.io/">Pillow</a>, the friendly fork of PIL. olefile will continue to be improved as a separate project, and new versions will be merged into Pillow regularly.</p>
43   -<h2 id="main-improvements-over-the-original-version-of-olefileio-in-pil">Main improvements over the original version of OleFileIO in PIL:</h2>
44   -<ul>
45   -<li>Compatible with Python 3.x and 2.6+</li>
46   -<li>Many bug fixes</li>
47   -<li>Support for files larger than 6.8MB</li>
48   -<li>Support for 64 bits platforms and big-endian CPUs</li>
49   -<li>Robust: many checks to detect malformed files</li>
50   -<li>Runtime option to choose if malformed files should be parsed or raise exceptions</li>
51   -<li>Improved API</li>
52   -<li>Metadata extraction, stream/storage timestamps (e.g. for document forensics)</li>
53   -<li>Can open file-like objects</li>
54   -<li>Added setup.py and install.bat to ease installation</li>
55   -<li>More convenient slash-based syntax for stream paths</li>
56   -<li>Write features</li>
57   -</ul>
58   -<h2 id="documentation">Documentation</h2>
59   -<p>Please see the <a href="https://bitbucket.org/decalage/olefileio_pl/wiki">online documentation</a> for more information, especially the <a href="https://bitbucket.org/decalage/olefileio_pl/wiki/OLE_Overview">OLE overview</a> and the <a href="https://bitbucket.org/decalage/olefileio_pl/wiki/API">API page</a> which describe how to use olefile in Python applications. A copy of the same documentation is also provided in the doc subfolder of the olefile package.</p>
60   -<h2 id="real-life-examples">Real-life examples</h2>
61   -<p>A real-life example: <a href="http://blog.gregback.net/2011/03/using-remnux-for-forensic-puzzle-6/">using OleFileIO_PL for malware analysis and forensics</a>.</p>
62   -<p>See also <a href="https://computer-forensics.sans.org/community/papers/gcfa/grow-forensic-tools-taxonomy-python-libraries-helpful-forensic-analysis_6879">this paper</a> about python tools for forensics, which features olefile.</p>
63   -<h2 id="license">License</h2>
64   -<p>olefile (formerly OleFileIO_PL) is copyright (c) 2005-2016 Philippe Lagadec (<a href="http://www.decalage.info">http://www.decalage.info</a>)</p>
65   -<p>All rights reserved.</p>
66   -<p>Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:</p>
67   -<ul>
68   -<li>Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.</li>
69   -<li>Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.</li>
70   -</ul>
71   -<p>THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</p>
72   -<hr />
73   -<p>olefile is based on source code from the OleFileIO module of the Python Imaging Library (PIL) published by Fredrik Lundh under the following license:</p>
74   -<p>The Python Imaging Library (PIL) is</p>
75   -<ul>
76   -<li>Copyright (c) 1997-2005 by Secret Labs AB</li>
77   -<li>Copyright (c) 1995-2005 by Fredrik Lundh</li>
78   -</ul>
79   -<p>By obtaining, using, and/or copying this software and/or its associated documentation, you agree that you have read, understood, and will comply with the following terms and conditions:</p>
80   -<p>Permission to use, copy, modify, and distribute this software and its associated documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appears in all copies, and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Secret Labs AB or the author not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.</p>
81   -<p>SECRET LABS AB AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL SECRET LABS AB OR THE AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.</p>
oletools/thirdparty/olefile/README.rst deleted
View file @29572ea
1   -olefile (formerly OleFileIO\_PL)
2   -================================
3   -
4   -`olefile <http://www.decalage.info/olefile>`__ is a Python package to
5   -parse, read and write `Microsoft OLE2
6   -files <http://en.wikipedia.org/wiki/Compound_File_Binary_Format>`__
7   -(also called Structured Storage, Compound File Binary Format or Compound
8   -Document File Format), such as Microsoft Office 97-2003 documents,
9   -vbaProject.bin in MS Office 2007+ files, Image Composer and FlashPix
10   -files, Outlook messages, StickyNotes, several Microscopy file formats,
11   -McAfee antivirus quarantine files, etc.
12   -
13   -**Quick links:** `Home page <http://www.decalage.info/olefile>`__ -
14   -`Download/Install <https://bitbucket.org/decalage/olefileio_pl/wiki/Install>`__
15   -- `Documentation <https://bitbucket.org/decalage/olefileio_pl/wiki>`__ -
16   -`Report
17   -Issues/Suggestions/Questions <https://bitbucket.org/decalage/olefileio_pl/issues?status=new&status=open>`__
18   -- `Contact the author <http://decalage.info/contact>`__ -
19   -`Repository <https://bitbucket.org/decalage/olefileio_pl>`__ - `Updates
20   -on Twitter <https://twitter.com/decalage2>`__
21   -
22   -News
23   -----
24   -
25   -Follow all updates and news on Twitter: https://twitter.com/decalage2
26   -
27   -- **2016-02-02 v0.43**: fixed issues
28   - `#26 <https://bitbucket.org/decalage/olefileio_pl/issues/26/variable-referenced-before-assignment>`__
29   - and
30   - `#27 <https://bitbucket.org/decalage/olefileio_pl/issues/27/incomplete-ole-stream-incorrect-ole-fat>`__,
31   - better handling of malformed files, use python logging.
32   -- 2015-01-25 v0.42: improved handling of special characters in
33   - stream/storage names on Python 2.x (using UTF-8 instead of Latin-1),
34   - fixed bug in listdir with empty storages.
35   -- 2014-11-25 v0.41: OleFileIO.open and isOleFile now support OLE files
36   - stored in byte strings, fixed installer for python 3, added support
37   - for Jython (Niko Ehrenfeuchter)
38   -- 2014-10-01 v0.40: renamed OleFileIO\_PL to olefile, added initial
39   - write support for streams >4K, updated doc and license, improved the
40   - setup script.
41   -- 2014-07-27 v0.31: fixed support for large files with 4K sectors,
42   - thanks to Niko Ehrenfeuchter, Martijn Berger and Dave Jones. Added
43   - test scripts from Pillow (by hugovk). Fixed setup for Python 3
44   - (Martin Panter)
45   -- 2014-02-04 v0.30: now compatible with Python 3.x, thanks to Martin
46   - Panter who did most of the hard work.
47   -- 2013-07-24 v0.26: added methods to parse stream/storage timestamps,
48   - improved listdir to include storages, fixed parsing of direntry
49   - timestamps
50   -- 2013-05-27 v0.25: improved metadata extraction, properties parsing
51   - and exception handling, fixed `issue
52   - #12 <https://bitbucket.org/decalage/olefileio_pl/issue/12/error-when-converting-timestamps-in-ole>`__
53   -- 2013-05-07 v0.24: new features to extract metadata (get\_metadata
54   - method and OleMetadata class), improved getproperties to convert
55   - timestamps to Python datetime
56   -- 2012-10-09: published
57   - `python-oletools <http://www.decalage.info/python/oletools>`__, a
58   - package of analysis tools based on OleFileIO\_PL
59   -- 2012-09-11 v0.23: added support for file-like objects, fixed `issue
60   - #8 <https://bitbucket.org/decalage/olefileio_pl/issue/8/bug-with-file-object>`__
61   -- 2012-02-17 v0.22: fixed issues #7 (bug in getproperties) and #2
62   - (added close method)
63   -- 2011-10-20: code hosted on bitbucket to ease contributions and bug
64   - tracking
65   -- 2010-01-24 v0.21: fixed support for big-endian CPUs, such as PowerPC
66   - Macs.
67   -- 2009-12-11 v0.20: small bugfix in OleFileIO.open when filename is not
68   - plain str.
69   -- 2009-12-10 v0.19: fixed support for 64 bits platforms (thanks to Ben
70   - G. and Martijn for reporting the bug)
71   -- see changelog in source code for more info.
72   -
73   -Download/Install
74   -----------------
75   -
76   -If you have pip or setuptools installed (pip is included in Python
77   -2.7.9+), you may simply run **pip install olefile** or **easy\_install
78   -olefile** for the first installation.
79   -
80   -To update olefile, run **pip install -U olefile**.
81   -
82   -Otherwise, see https://bitbucket.org/decalage/olefileio\_pl/wiki/Install
83   -
84   -Features
85   ---------
86   -
87   -- Parse, read and write any OLE file such as Microsoft Office 97-2003
88   - legacy document formats (Word .doc, Excel .xls, PowerPoint .ppt,
89   - Visio .vsd, Project .mpp), Image Composer and FlashPix files, Outlook
90   - messages, StickyNotes, Zeiss AxioVision ZVI files, Olympus FluoView
91   - OIB files, etc
92   -- List all the streams and storages contained in an OLE file
93   -- Open streams as files
94   -- Parse and read property streams, containing metadata of the file
95   -- Portable, pure Python module, no dependency
96   -
97   -olefile can be used as an independent package or with PIL/Pillow.
98   -
99   -olefile is mostly meant for developers. If you are looking for tools to
100   -analyze OLE files or to extract data (especially for security purposes
101   -such as malware analysis and forensics), then please also check my
102   -`python-oletools <http://www.decalage.info/python/oletools>`__, which
103   -are built upon olefile and provide a higher-level interface.
104   -
105   -History
106   --------
107   -
108   -olefile is based on the OleFileIO module from
109   -`PIL <http://www.pythonware.com/products/pil/index.htm>`__, the
110   -excellent Python Imaging Library, created and maintained by Fredrik
111   -Lundh. The olefile API is still compatible with PIL, but since 2005 I
112   -have improved the internal implementation significantly, with new
113   -features, bugfixes and a more robust design. From 2005 to 2014 the
114   -project was called OleFileIO\_PL, and in 2014 I changed its name to
115   -olefile to celebrate its 9 years and its new write features.
116   -
117   -As far as I know, olefile is the most complete and robust Python
118   -implementation to read MS OLE2 files, portable on several operating
119   -systems. (please tell me if you know other similar Python modules)
120   -
121   -Since 2014 olefile/OleFileIO\_PL has been integrated into
122   -`Pillow <http://python-imaging.github.io/>`__, the friendly fork of PIL.
123   -olefile will continue to be improved as a separate project, and new
124   -versions will be merged into Pillow regularly.
125   -
126   -Main improvements over the original version of OleFileIO in PIL:
127   -----------------------------------------------------------------
128   -
129   -- Compatible with Python 3.x and 2.6+
130   -- Many bug fixes
131   -- Support for files larger than 6.8MB
132   -- Support for 64 bits platforms and big-endian CPUs
133   -- Robust: many checks to detect malformed files
134   -- Runtime option to choose if malformed files should be parsed or raise
135   - exceptions
136   -- Improved API
137   -- Metadata extraction, stream/storage timestamps (e.g. for document
138   - forensics)
139   -- Can open file-like objects
140   -- Added setup.py and install.bat to ease installation
141   -- More convenient slash-based syntax for stream paths
142   -- Write features
143   -
144   -Documentation
145   --------------
146   -
147   -Please see the `online
148   -documentation <https://bitbucket.org/decalage/olefileio_pl/wiki>`__ for
149   -more information, especially the `OLE
150   -overview <https://bitbucket.org/decalage/olefileio_pl/wiki/OLE_Overview>`__
151   -and the `API
152   -page <https://bitbucket.org/decalage/olefileio_pl/wiki/API>`__ which
153   -describe how to use olefile in Python applications. A copy of the same
154   -documentation is also provided in the doc subfolder of the olefile
155   -package.
156   -
157   -Real-life examples
158   -------------------
159   -
160   -A real-life example: `using OleFileIO\_PL for malware analysis and
161   -forensics <http://blog.gregback.net/2011/03/using-remnux-for-forensic-puzzle-6/>`__.
162   -
163   -See also `this
164   -paper <https://computer-forensics.sans.org/community/papers/gcfa/grow-forensic-tools-taxonomy-python-libraries-helpful-forensic-analysis_6879>`__
165   -about python tools for forensics, which features olefile.
166   -
167   -License
168   --------
169   -
170   -olefile (formerly OleFileIO\_PL) is copyright (c) 2005-2016 Philippe
171   -Lagadec (http://www.decalage.info)
172   -
173   -All rights reserved.
174   -
175   -Redistribution and use in source and binary forms, with or without
176   -modification, are permitted provided that the following conditions are
177   -met:
178   -
179   -- Redistributions of source code must retain the above copyright
180   - notice, this list of conditions and the following disclaimer.
181   -- Redistributions in binary form must reproduce the above copyright
182   - notice, this list of conditions and the following disclaimer in the
183   - documentation and/or other materials provided with the distribution.
184   -
185   -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
186   -IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
187   -TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
188   -PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
189   -HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
190   -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
191   -TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
192   -PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
193   -LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
194   -NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
195   -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
196   -
197   ---------------
198   -
199   -olefile is based on source code from the OleFileIO module of the Python
200   -Imaging Library (PIL) published by Fredrik Lundh under the following
201   -license:
202   -
203   -The Python Imaging Library (PIL) is
204   -
205   -- Copyright (c) 1997-2005 by Secret Labs AB
206   -- Copyright (c) 1995-2005 by Fredrik Lundh
207   -
208   -By obtaining, using, and/or copying this software and/or its associated
209   -documentation, you agree that you have read, understood, and will comply
210   -with the following terms and conditions:
211   -
212   -Permission to use, copy, modify, and distribute this software and its
213   -associated documentation for any purpose and without fee is hereby
214   -granted, provided that the above copyright notice appears in all copies,
215   -and that both that copyright notice and this permission notice appear in
216   -supporting documentation, and that the name of Secret Labs AB or the
217   -author not be used in advertising or publicity pertaining to
218   -distribution of the software without specific, written prior permission.
219   -
220   -SECRET LABS AB AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO
221   -THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
222   -FITNESS. IN NO EVENT SHALL SECRET LABS AB OR THE AUTHOR BE LIABLE FOR
223   -ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER
224   -RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF
225   -CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
226   -CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
oletools/thirdparty/olefile/__init__.py deleted
View file @29572ea
1   -#!/usr/local/bin/python
2   -# -*- coding: latin-1 -*-
3   -"""
4   -olefile (formerly OleFileIO_PL)
5   -
6   -Module to read/write Microsoft OLE2 files (also called Structured Storage or
7   -Microsoft Compound Document File Format), such as Microsoft Office 97-2003
8   -documents, Image Composer and FlashPix files, Outlook messages, ...
9   -This version is compatible with Python 2.6+ and 3.x
10   -
11   -Project website: http://www.decalage.info/olefile
12   -
13   -olefile is copyright (c) 2005-2015 Philippe Lagadec (http://www.decalage.info)
14   -
15   -olefile is based on the OleFileIO module from the PIL library v1.1.6
16   -See: http://www.pythonware.com/products/pil/index.htm
17   -
18   -The Python Imaging Library (PIL) is
19   - Copyright (c) 1997-2005 by Secret Labs AB
20   - Copyright (c) 1995-2005 by Fredrik Lundh
21   -
22   -See source code and LICENSE.txt for information on usage and redistribution.
23   -"""
24   -
25   -# first try to import olefile for Python 2.6+/3.x
26   -from .olefile import *
27   -# import metadata not covered by *:
28   -from .olefile import __version__, __author__, __date__
oletools/thirdparty/olefile/doc/API.html deleted
View file @29572ea
1   -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2   -<html xmlns="http://www.w3.org/1999/xhtml">
3   -<head>
4   - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5   - <meta http-equiv="Content-Style-Type" content="text/css" />
6   - <meta name="generator" content="pandoc" />
7   - <title></title>
8   -</head>
9   -<body>
10   -<h1 id="how-to-use-olefile---api">How to use olefile - API</h1>
11   -<p>This page is part of the documentation for <a href="https://bitbucket.org/decalage/olefileio_pl/wiki">olefile</a>. It explains how to use all its features to parse and write OLE files. For more information about OLE files, see <a href="OLE_Overview.html">OLE_Overview</a>.</p>
12   -<p>olefile can be used as an independent module or with PIL/Pillow. The main functions and methods are explained below.</p>
13   -<p>For more information, see also the file <strong>olefile.html</strong>, sample code at the end of the module itself, and docstrings within the code.</p>
14   -<h2 id="import-olefile">Import olefile</h2>
15   -<p>When the olefile package has been installed, it can be imported in Python applications with this statement:</p>
16   -<pre><code>import olefile</code></pre>
17   -<p>Before v0.40, olefile was named OleFileIO_PL. To maintain backward compatibility with older applications and samples, a simple script is also installed so that the following statement imports olefile as OleFileIO_PL:</p>
18   -<pre><code>import OleFileIO_PL</code></pre>
19   -<p>As of version 0.30, the code has been changed to be compatible with Python 3.x. As a consequence, compatibility with Python 2.5 or older is not provided anymore. However, a copy of OleFileIO_PL v0.26 (with some backported enhancements) is available as olefile2.py. When importing the olefile package, it falls back automatically to olefile2 if running on Python 2.5 or older. This is implemented in olefile/<strong>init</strong>.py. (new in v0.40)</p>
20   -<p>If you think olefile should stay compatible with Python 2.5 or older, please <a href="http://decalage.info/contact">contact me</a>.</p>
21   -<h2 id="test-if-a-file-is-an-ole-container">Test if a file is an OLE container</h2>
22   -<p>Use <strong>isOleFile</strong> to check if the first bytes of the file contain the Magic for OLE files, before opening it. isOleFile returns True if it is an OLE file, False otherwise (new in v0.16).</p>
23   -<pre><code>assert olefile.isOleFile(&#39;myfile.doc&#39;)</code></pre>
24   -<p>The argument of isOleFile can be (new in v0.41):</p>
25   -<ul>
26   -<li>the path of the file to open on disk (bytes or unicode string smaller than 1536 bytes),</li>
27   -<li>or a bytes string containing the file in memory. (bytes string longer than 1535 bytes),</li>
28   -<li>or a file-like object (with read and seek methods).</li>
29   -</ul>
30   -<h2 id="open-an-ole-file-from-disk">Open an OLE file from disk</h2>
31   -<p>Create an <strong>OleFileIO</strong> object with the file path as parameter:</p>
32   -<pre><code>ole = olefile.OleFileIO(&#39;myfile.doc&#39;)</code></pre>
33   -<h2 id="open-an-ole-file-from-a-bytes-string">Open an OLE file from a bytes string</h2>
34   -<p>This is useful if the file is already stored in memory as a bytes string.</p>
35   -<pre><code>ole = olefile.OleFileIO(s)</code></pre>
36   -<p>Note: olefile checks the size of the string provided as argument to determine if it is a file path or the content of an OLE file. An OLE file cannot be smaller than 1536 bytes. If the string is larger than 1535 bytes, then it is expected to contain an OLE file, otherwise it is expected to be a file path.</p>
37   -<p>(new in v0.41)</p>
38   -<h2 id="open-an-ole-file-from-a-file-like-object">Open an OLE file from a file-like object</h2>
39   -<p>This is useful if the file is not on disk but only available as a file-like object (with read, seek and tell methods).</p>
40   -<pre><code>ole = olefile.OleFileIO(f)</code></pre>
41   -<p>If the file-like object does not have seek or tell methods, the easiest solution is to read the file entirely in a bytes string before parsing:</p>
42   -<pre><code>data = f.read()
43   -ole = olefile.OleFileIO(data)</code></pre>
44   -<h2 id="how-to-handle-malformed-ole-files">How to handle malformed OLE files</h2>
45   -<p>By default, the parser is configured to be as robust and permissive as possible, allowing to parse most malformed OLE files. Only fatal errors will raise an exception. It is possible to tell the parser to be more strict in order to raise exceptions for files that do not fully conform to the OLE specifications, using the raise_defect option (new in v0.14):</p>
46   -<pre><code>ole = olefile.OleFileIO(&#39;myfile.doc&#39;, raise_defects=olefile.DEFECT_INCORRECT)</code></pre>
47   -<p>When the parsing is done, the list of non-fatal issues detected is available as a list in the parsing_issues attribute of the OleFileIO object (new in 0.25):</p>
48   -<pre><code>print(&#39;Non-fatal issues raised during parsing:&#39;)
49   -if ole.parsing_issues:
50   - for exctype, msg in ole.parsing_issues:
51   - print(&#39;- %s: %s&#39; % (exctype.__name__, msg))
52   -else:
53   - print(&#39;None&#39;)</code></pre>
54   -<h2 id="open-an-ole-file-in-write-mode">Open an OLE file in write mode</h2>
55   -<p>Before using the write features, the OLE file must be opened in read/write mode:</p>
56   -<pre><code>ole = olefile.OleFileIO(&#39;test.doc&#39;, write_mode=True)</code></pre>
57   -<p>(new in v0.40)</p>
58   -<p>The code for write features is new and it has not been thoroughly tested yet. See <a href="https://bitbucket.org/decalage/olefileio_pl/issue/6/improve-olefileio_pl-to-write-ole-files">issue #6</a> for the roadmap and the implementation status. If you encounter any issue, please send me your <a href="http://www.decalage.info/en/contact">feedback</a> or <a href="https://bitbucket.org/decalage/olefileio_pl/issues?status=new&amp;status=open">report issues</a>.</p>
59   -<h2 id="syntax-for-stream-and-storage-paths">Syntax for stream and storage paths</h2>
60   -<p>Two different syntaxes are allowed for methods that need or return the path of streams and storages:</p>
61   -<ol style="list-style-type: decimal">
62   -<li><p>Either a <strong>list of strings</strong> including all the storages from the root up to the stream/storage name. For example a stream called &quot;WordDocument&quot; at the root will have ['WordDocument'] as full path. A stream called &quot;ThisDocument&quot; located in the storage &quot;Macros/VBA&quot; will be ['Macros', 'VBA', 'ThisDocument']. This is the original syntax from PIL. While hard to read and not very convenient, this syntax works in all cases.</p></li>
63   -<li><p>Or a <strong>single string with slashes</strong> to separate storage and stream names (similar to the Unix path syntax). The previous examples would be 'WordDocument' and 'Macros/VBA/ThisDocument'. This syntax is easier, but may fail if a stream or storage name contains a slash (which is normally not allowed, according to the Microsoft specifications [MS-CFB]). (new in v0.15)</p></li>
64   -</ol>
65   -<p>Both are case-insensitive.</p>
66   -<p>Switching between the two is easy:</p>
67   -<pre><code>slash_path = &#39;/&#39;.join(list_path)
68   -list_path = slash_path.split(&#39;/&#39;)</code></pre>
69   -<p><strong>Encoding</strong>:</p>
70   -<ul>
71   -<li>Stream and Storage names are stored in Unicode format in OLE files, which means they may contain special characters (e.g. Greek, Cyrillic, Japanese, etc) that applications must support to avoid exceptions.</li>
72   -<li><strong>On Python 2.x</strong>, all stream and storage paths are handled by olefile in bytes strings, using the <strong>UTF-8 encoding</strong> by default. If you need to use Unicode instead, add the option <strong>path_encoding=None</strong> when creating the OleFileIO object. This is new in v0.42. Olefile was using the Latin-1 encoding until v0.41, therefore special characters were not supported.<br /></li>
73   -<li><strong>On Python 3.x</strong>, all stream and storage paths are handled by olefile in unicode strings, without encoding.</li>
74   -</ul>
75   -<h2 id="get-the-list-of-streams">Get the list of streams</h2>
76   -<p>listdir() returns a list of all the streams contained in the OLE file, including those stored in storages. Each stream is listed itself as a list, as described above.</p>
77   -<pre><code>print(ole.listdir())</code></pre>
78   -<p>Sample result:</p>
79   -<pre><code>[[&#39;\x01CompObj&#39;], [&#39;\x05DocumentSummaryInformation&#39;], [&#39;\x05SummaryInformation&#39;]
80   -, [&#39;1Table&#39;], [&#39;Macros&#39;, &#39;PROJECT&#39;], [&#39;Macros&#39;, &#39;PROJECTwm&#39;], [&#39;Macros&#39;, &#39;VBA&#39;,
81   -&#39;Module1&#39;], [&#39;Macros&#39;, &#39;VBA&#39;, &#39;ThisDocument&#39;], [&#39;Macros&#39;, &#39;VBA&#39;, &#39;_VBA_PROJECT&#39;]
82   -, [&#39;Macros&#39;, &#39;VBA&#39;, &#39;dir&#39;], [&#39;ObjectPool&#39;], [&#39;WordDocument&#39;]]</code></pre>
83   -<p>As an option it is possible to choose if storages should also be listed, with or without streams (new in v0.26):</p>
84   -<pre><code>ole.listdir (streams=False, storages=True)</code></pre>
85   -<h2 id="test-if-known-streamsstorages-exist">Test if known streams/storages exist:</h2>
86   -<p>exists(path) checks if a given stream or storage exists in the OLE file (new in v0.16). The provided path is case-insensitive.</p>
87   -<pre><code>if ole.exists(&#39;worddocument&#39;):
88   - print(&quot;This is a Word document.&quot;)
89   - if ole.exists(&#39;macros/vba&#39;):
90   - print(&quot;This document seems to contain VBA macros.&quot;)</code></pre>
91   -<h2 id="read-data-from-a-stream">Read data from a stream</h2>
92   -<p>openstream(path) opens a stream as a file-like object. The provided path is case-insensitive.</p>
93   -<p>The following example extracts the &quot;Pictures&quot; stream from a PPT file:</p>
94   -<pre><code>pics = ole.openstream(&#39;Pictures&#39;)
95   -data = pics.read()</code></pre>
96   -<h2 id="get-information-about-a-streamstorage">Get information about a stream/storage</h2>
97   -<p>Several methods can provide the size, type and timestamps of a given stream/storage:</p>
98   -<p>get_size(path) returns the size of a stream in bytes (new in v0.16):</p>
99   -<pre><code>s = ole.get_size(&#39;WordDocument&#39;)</code></pre>
100   -<p>get_type(path) returns the type of a stream/storage, as one of the following constants: STGTY_STREAM for a stream, STGTY_STORAGE for a storage, STGTY_ROOT for the root entry, and False for a non existing path (new in v0.15).</p>
101   -<pre><code>t = ole.get_type(&#39;WordDocument&#39;)</code></pre>
102   -<p>get_ctime(path) and get_mtime(path) return the creation and modification timestamps of a stream/storage, as a Python datetime object with UTC timezone. Please note that these timestamps are only present if the application that created the OLE file explicitly stored them, which is rarely the case. When not present, these methods return None (new in v0.26).</p>
103   -<pre><code>c = ole.get_ctime(&#39;WordDocument&#39;)
104   -m = ole.get_mtime(&#39;WordDocument&#39;)</code></pre>
105   -<p>The root storage is a special case: You can get its creation and modification timestamps using the OleFileIO.root attribute (new in v0.26):</p>
106   -<pre><code>c = ole.root.getctime()
107   -m = ole.root.getmtime()</code></pre>
108   -<p>Note: all these methods are case-insensitive.</p>
109   -<h2 id="overwriting-a-sector">Overwriting a sector</h2>
110   -<p>The write_sect method can overwrite any sector of the file. If the provided data is smaller than the sector size (normally 512 bytes, sometimes 4KB), data is padded with null characters. (new in v0.40)</p>
111   -<p>Here is an example:</p>
112   -<pre><code>ole.write_sect(0x17, b&#39;TEST&#39;)</code></pre>
113   -<p>Note: following the <a href="http://msdn.microsoft.com/en-us/library/dd942138.aspx">MS-CFB specifications</a>, sector 0 is actually the second sector of the file. You may use -1 as index to write the first sector.</p>
114   -<h2 id="overwriting-a-stream">Overwriting a stream</h2>
115   -<p>The write_stream method can overwrite an existing stream in the file. The new stream data must be the exact same size as the existing one. For now, write_stream can only write streams of 4KB or larger (stored in the main FAT).</p>
116   -<p>For example, you may change text in a MS Word document:</p>
117   -<pre><code>ole = olefile.OleFileIO(&#39;test.doc&#39;, write_mode=True)
118   -data = ole.openstream(&#39;WordDocument&#39;).read()
119   -data = data.replace(b&#39;foo&#39;, b&#39;bar&#39;)
120   -ole.write_stream(&#39;WordDocument&#39;, data)
121   -ole.close()</code></pre>
122   -<p>(new in v0.40)</p>
123   -<h2 id="extract-metadata">Extract metadata</h2>
124   -<p>get_metadata() will check if standard property streams exist, parse all the properties they contain, and return an OleMetadata object with the found properties as attributes (new in v0.24).</p>
125   -<pre><code>meta = ole.get_metadata()
126   -print(&#39;Author:&#39;, meta.author)
127   -print(&#39;Title:&#39;, meta.title)
128   -print(&#39;Creation date:&#39;, meta.create_time)
129   -# print all metadata:
130   -meta.dump()</code></pre>
131   -<p>Available attributes include:</p>
132   -<pre><code>codepage, title, subject, author, keywords, comments, template,
133   -last_saved_by, revision_number, total_edit_time, last_printed, create_time,
134   -last_saved_time, num_pages, num_words, num_chars, thumbnail,
135   -creating_application, security, codepage_doc, category, presentation_target,
136   -bytes, lines, paragraphs, slides, notes, hidden_slides, mm_clips,
137   -scale_crop, heading_pairs, titles_of_parts, manager, company, links_dirty,
138   -chars_with_spaces, unused, shared_doc, link_base, hlinks, hlinks_changed,
139   -version, dig_sig, content_type, content_status, language, doc_version</code></pre>
140   -<p>See the source code of the OleMetadata class for more information.</p>
141   -<h2 id="parse-a-property-stream">Parse a property stream</h2>
142   -<p>get_properties(path) can be used to parse any property stream that is not handled by get_metadata. It returns a dictionary indexed by integers. Each integer is the index of the property, pointing to its value. For example in the standard property stream '05SummaryInformation', the document title is property #2, and the subject is #3.</p>
143   -<pre><code>p = ole.getproperties(&#39;specialprops&#39;)</code></pre>
144   -<p>By default as in the original PIL version, timestamp properties are converted into a number of seconds since Jan 1,1601. With the option convert_time, you can obtain more convenient Python datetime objects (UTC timezone). If some time properties should not be converted (such as total editing time in '05SummaryInformation'), the list of indexes can be passed as no_conversion (new in v0.25):</p>
145   -<pre><code>p = ole.getproperties(&#39;specialprops&#39;, convert_time=True, no_conversion=[10])</code></pre>
146   -<h2 id="close-the-ole-file">Close the OLE file</h2>
147   -<p>Unless your application is a simple script that terminates after processing an OLE file, do not forget to close each OleFileIO object after parsing to close the file on disk. (new in v0.22)</p>
148   -<pre><code>ole.close()</code></pre>
149   -<h2 id="use-olefile-as-a-script-for-testingdebugging">Use olefile as a script for testing/debugging</h2>
150   -<p>olefile can also be used as a script from the command-line to display the structure of an OLE file and its metadata, for example:</p>
151   -<pre><code>olefile.py myfile.doc</code></pre>
152   -<p>You can use the option -c to check that all streams can be read fully, and -d to generate very verbose debugging information.</p>
153   -<hr />
154   -<h2 id="olefile-documentation">olefile documentation</h2>
155   -<ul>
156   -<li><a href="Home.html">Home</a></li>
157   -<li><a href="License.html">License</a></li>
158   -<li><a href="Install.html">Install</a></li>
159   -<li><a href="Contribute.html">Contribute</a>, Suggest Improvements or Report Issues</li>
160   -<li><a href="OLE_Overview.html">OLE_Overview</a></li>
161   -<li><a href="API.html">API</a> and Usage</li>
162   -</ul>
163   -</body>
164   -</html>
oletools/thirdparty/olefile/doc/API.md deleted
View file @29572ea
1   -How to use olefile - API
2   -========================
3   -
4   -This page is part of the documentation for [olefile](https://bitbucket.org/decalage/olefileio_pl/wiki). It explains
5   -how to use all its features to parse and write OLE files. For more information about OLE files, see [[OLE_Overview]].
6   -
7   -olefile can be used as an independent module or with PIL/Pillow. The main functions and methods are explained below.
8   -
9   -For more information, see also the file **olefile.html**, sample code at the end of the module itself, and docstrings within the code.
10   -
11   -
12   -
13   -Import olefile
14   ---------------
15   -
16   -When the olefile package has been installed, it can be imported in Python applications with this statement:
17   -
18   - :::python
19   - import olefile
20   -
21   -Before v0.40, olefile was named OleFileIO_PL. To maintain backward compatibility with older applications and samples, a
22   -simple script is also installed so that the following statement imports olefile as OleFileIO_PL:
23   -
24   - :::python
25   - import OleFileIO_PL
26   -
27   -As of version 0.30, the code has been changed to be compatible with Python 3.x. As a consequence, compatibility with
28   -Python 2.5 or older is not provided anymore. However, a copy of OleFileIO_PL v0.26 (with some backported enhancements)
29   -is available as olefile2.py. When importing the olefile package, it falls back automatically to olefile2 if running on
30   -Python 2.5 or older. This is implemented in olefile/__init__.py. (new in v0.40)
31   -
32   -If you think olefile should stay compatible with Python 2.5 or older, please [contact me](http://decalage.info/contact).
33   -
34   -
35   -## Test if a file is an OLE container
36   -
37   -Use **isOleFile** to check if the first bytes of the file contain the Magic for OLE files, before opening it. isOleFile
38   -returns True if it is an OLE file, False otherwise (new in v0.16).
39   -
40   - :::python
41   - assert olefile.isOleFile('myfile.doc')
42   -
43   -The argument of isOleFile can be (new in v0.41):
44   -
45   -- the path of the file to open on disk (bytes or unicode string smaller than 1536 bytes),
46   -- or a bytes string containing the file in memory. (bytes string longer than 1535 bytes),
47   -- or a file-like object (with read and seek methods).
48   -
49   -## Open an OLE file from disk
50   -
51   -Create an **OleFileIO** object with the file path as parameter:
52   -
53   - :::python
54   - ole = olefile.OleFileIO('myfile.doc')
55   -
56   -## Open an OLE file from a bytes string
57   -
58   -This is useful if the file is already stored in memory as a bytes string.
59   -
60   - :::python
61   - ole = olefile.OleFileIO(s)
62   -
63   -Note: olefile checks the size of the string provided as argument to determine if it is a file path or the content of an
64   -OLE file. An OLE file cannot be smaller than 1536 bytes. If the string is larger than 1535 bytes, then it is expected to
65   -contain an OLE file, otherwise it is expected to be a file path.
66   -
67   -(new in v0.41)
68   -
69   -
70   -## Open an OLE file from a file-like object
71   -
72   -This is useful if the file is not on disk but only available as a file-like object (with read, seek and tell methods).
73   -
74   - :::python
75   - ole = olefile.OleFileIO(f)
76   -
77   -If the file-like object does not have seek or tell methods, the easiest solution is to read the file entirely in
78   -a bytes string before parsing:
79   -
80   - :::python
81   - data = f.read()
82   - ole = olefile.OleFileIO(data)
83   -
84   -
85   -## How to handle malformed OLE files
86   -
87   -By default, the parser is configured to be as robust and permissive as possible, allowing to parse most malformed OLE files. Only fatal errors will raise an exception. It is possible to tell the parser to be more strict in order to raise exceptions for files that do not fully conform to the OLE specifications, using the raise_defect option (new in v0.14):
88   -
89   - :::python
90   - ole = olefile.OleFileIO('myfile.doc', raise_defects=olefile.DEFECT_INCORRECT)
91   -
92   -When the parsing is done, the list of non-fatal issues detected is available as a list in the parsing_issues attribute of the OleFileIO object (new in 0.25):
93   -
94   - :::python
95   - print('Non-fatal issues raised during parsing:')
96   - if ole.parsing_issues:
97   - for exctype, msg in ole.parsing_issues:
98   - print('- %s: %s' % (exctype.__name__, msg))
99   - else:
100   - print('None')
101   -
102   -
103   -## Open an OLE file in write mode
104   -
105   -Before using the write features, the OLE file must be opened in read/write mode:
106   -
107   - :::python
108   - ole = olefile.OleFileIO('test.doc', write_mode=True)
109   -
110   -(new in v0.40)
111   -
112   -The code for write features is new and it has not been thoroughly tested yet. See [issue #6](https://bitbucket.org/decalage/olefileio_pl/issue/6/improve-olefileio_pl-to-write-ole-files) for the roadmap and the implementation status. If you encounter any issue, please send me your [feedback](http://www.decalage.info/en/contact) or [report issues](https://bitbucket.org/decalage/olefileio_pl/issues?status=new&status=open).
113   -
114   -
115   -## Syntax for stream and storage paths
116   -
117   -Two different syntaxes are allowed for methods that need or return the path of streams and storages:
118   -
119   -1) Either a **list of strings** including all the storages from the root up to the stream/storage name. For example a
120   -stream called "WordDocument" at the root will have ['WordDocument'] as full path. A stream called "ThisDocument"
121   -located in the storage "Macros/VBA" will be ['Macros', 'VBA', 'ThisDocument']. This is the original syntax from PIL.
122   -While hard to read and not very convenient, this syntax works in all cases.
123   -
124   -2) Or a **single string with slashes** to separate storage and stream names (similar to the Unix path syntax).
125   -The previous examples would be 'WordDocument' and 'Macros/VBA/ThisDocument'. This syntax is easier, but may fail if a
126   -stream or storage name contains a slash (which is normally not allowed, according to the Microsoft specifications [MS-CFB]). (new in v0.15)
127   -
128   -Both are case-insensitive.
129   -
130   -Switching between the two is easy:
131   -
132   - :::python
133   - slash_path = '/'.join(list_path)
134   - list_path = slash_path.split('/')
135   -
136   -**Encoding**:
137   -
138   -- Stream and Storage names are stored in Unicode format in OLE files, which means they may contain special characters
139   - (e.g. Greek, Cyrillic, Japanese, etc) that applications must support to avoid exceptions.
140   -- **On Python 2.x**, all stream and storage paths are handled by olefile in bytes strings, using the **UTF-8 encoding**
141   - by default. If you need to use Unicode instead, add the option **path_encoding=None** when creating the OleFileIO
142   - object. This is new in v0.42. Olefile was using the Latin-1 encoding until v0.41, therefore special characters were
143   - not supported.
144   -- **On Python 3.x**, all stream and storage paths are handled by olefile in unicode strings, without encoding.
145   -
146   -## Get the list of streams
147   -
148   -listdir() returns a list of all the streams contained in the OLE file, including those stored in storages.
149   -Each stream is listed itself as a list, as described above.
150   -
151   - :::python
152   - print(ole.listdir())
153   -
154   -Sample result:
155   -
156   - :::python
157   - [['\x01CompObj'], ['\x05DocumentSummaryInformation'], ['\x05SummaryInformation']
158   - , ['1Table'], ['Macros', 'PROJECT'], ['Macros', 'PROJECTwm'], ['Macros', 'VBA',
159   - 'Module1'], ['Macros', 'VBA', 'ThisDocument'], ['Macros', 'VBA', '_VBA_PROJECT']
160   - , ['Macros', 'VBA', 'dir'], ['ObjectPool'], ['WordDocument']]
161   -
162   -As an option it is possible to choose if storages should also be listed, with or without streams (new in v0.26):
163   -
164   - :::python
165   - ole.listdir (streams=False, storages=True)
166   -
167   -
168   -## Test if known streams/storages exist:
169   -
170   -exists(path) checks if a given stream or storage exists in the OLE file (new in v0.16). The provided path is case-insensitive.
171   -
172   - :::python
173   - if ole.exists('worddocument'):
174   - print("This is a Word document.")
175   - if ole.exists('macros/vba'):
176   - print("This document seems to contain VBA macros.")
177   -
178   -
179   -## Read data from a stream
180   -
181   -openstream(path) opens a stream as a file-like object. The provided path is case-insensitive.
182   -
183   -The following example extracts the "Pictures" stream from a PPT file:
184   -
185   - :::python
186   - pics = ole.openstream('Pictures')
187   - data = pics.read()
188   -
189   -
190   -## Get information about a stream/storage
191   -
192   -Several methods can provide the size, type and timestamps of a given stream/storage:
193   -
194   -get_size(path) returns the size of a stream in bytes (new in v0.16):
195   -
196   - :::python
197   - s = ole.get_size('WordDocument')
198   -
199   -get_type(path) returns the type of a stream/storage, as one of the following constants: STGTY\_STREAM for a stream, STGTY\_STORAGE for a storage, STGTY\_ROOT for the root entry, and False for a non existing path (new in v0.15).
200   -
201   - :::python
202   - t = ole.get_type('WordDocument')
203   -
204   -get\_ctime(path) and get\_mtime(path) return the creation and modification timestamps of a stream/storage, as a Python datetime object with UTC timezone. Please note that these timestamps are only present if the application that created the OLE file explicitly stored them, which is rarely the case. When not present, these methods return None (new in v0.26).
205   -
206   - :::python
207   - c = ole.get_ctime('WordDocument')
208   - m = ole.get_mtime('WordDocument')
209   -
210   -The root storage is a special case: You can get its creation and modification timestamps using the OleFileIO.root attribute (new in v0.26):
211   -
212   - :::python
213   - c = ole.root.getctime()
214   - m = ole.root.getmtime()
215   -
216   -Note: all these methods are case-insensitive.
217   -
218   -## Overwriting a sector
219   -
220   -The write_sect method can overwrite any sector of the file. If the provided data is smaller than the sector size (normally 512 bytes, sometimes 4KB), data is padded with null characters. (new in v0.40)
221   -
222   -Here is an example:
223   -
224   - :::python
225   - ole.write_sect(0x17, b'TEST')
226   -
227   -Note: following the [MS-CFB specifications](http://msdn.microsoft.com/en-us/library/dd942138.aspx), sector 0 is actually the second sector of the file. You may use -1 as index to write the first sector.
228   -
229   -
230   -## Overwriting a stream
231   -
232   -The write_stream method can overwrite an existing stream in the file. The new stream data must be the exact same size as the existing one. For now, write_stream can only write streams of 4KB or larger (stored in the main FAT).
233   -
234   -For example, you may change text in a MS Word document:
235   -
236   - :::python
237   - ole = olefile.OleFileIO('test.doc', write_mode=True)
238   - data = ole.openstream('WordDocument').read()
239   - data = data.replace(b'foo', b'bar')
240   - ole.write_stream('WordDocument', data)
241   - ole.close()
242   -
243   -(new in v0.40)
244   -
245   -
246   -
247   -## Extract metadata
248   -
249   -get_metadata() will check if standard property streams exist, parse all the properties they contain, and return an OleMetadata object with the found properties as attributes (new in v0.24).
250   -
251   - :::python
252   - meta = ole.get_metadata()
253   - print('Author:', meta.author)
254   - print('Title:', meta.title)
255   - print('Creation date:', meta.create_time)
256   - # print all metadata:
257   - meta.dump()
258   -
259   -Available attributes include:
260   -
261   - :::text
262   - codepage, title, subject, author, keywords, comments, template,
263   - last_saved_by, revision_number, total_edit_time, last_printed, create_time,
264   - last_saved_time, num_pages, num_words, num_chars, thumbnail,
265   - creating_application, security, codepage_doc, category, presentation_target,
266   - bytes, lines, paragraphs, slides, notes, hidden_slides, mm_clips,
267   - scale_crop, heading_pairs, titles_of_parts, manager, company, links_dirty,
268   - chars_with_spaces, unused, shared_doc, link_base, hlinks, hlinks_changed,
269   - version, dig_sig, content_type, content_status, language, doc_version
270   -
271   -See the source code of the OleMetadata class for more information.
272   -
273   -
274   -## Parse a property stream
275   -
276   -get\_properties(path) can be used to parse any property stream that is not handled by get\_metadata. It returns a dictionary indexed by integers. Each integer is the index of the property, pointing to its value. For example in the standard property stream '\x05SummaryInformation', the document title is property #2, and the subject is #3.
277   -
278   - :::python
279   - p = ole.getproperties('specialprops')
280   -
281   -By default as in the original PIL version, timestamp properties are converted into a number of seconds since Jan 1,1601. With the option convert\_time, you can obtain more convenient Python datetime objects (UTC timezone). If some time properties should not be converted (such as total editing time in '\x05SummaryInformation'), the list of indexes can be passed as no_conversion (new in v0.25):
282   -
283   - :::python
284   - p = ole.getproperties('specialprops', convert_time=True, no_conversion=[10])
285   -
286   -
287   -## Close the OLE file
288   -
289   -Unless your application is a simple script that terminates after processing an OLE file, do not forget to close each OleFileIO object after parsing to close the file on disk. (new in v0.22)
290   -
291   - :::python
292   - ole.close()
293   -
294   -## Use olefile as a script for testing/debugging
295   -
296   -olefile can also be used as a script from the command-line to display the structure of an OLE file and its metadata, for example:
297   -
298   - :::text
299   - olefile.py myfile.doc
300   -
301   -You can use the option -c to check that all streams can be read fully, and -d to generate very verbose debugging information.
302   -
303   ---------------------------------------------------------------------------
304   -
305   -olefile documentation
306   ----------------------
307   -
308   -- [[Home]]
309   -- [[License]]
310   -- [[Install]]
311   -- [[Contribute]], Suggest Improvements or Report Issues
312   -- [[OLE_Overview]]
313   -- [[API]] and Usage
oletools/thirdparty/olefile/doc/Contribute.html deleted
View file @29572ea
1   -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2   -<html xmlns="http://www.w3.org/1999/xhtml">
3   -<head>
4   - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5   - <meta http-equiv="Content-Style-Type" content="text/css" />
6   - <meta name="generator" content="pandoc" />
7   - <title></title>
8   -</head>
9   -<body>
10   -<h1 id="how-to-suggest-improvements-report-issues-or-contribute">How to Suggest Improvements, Report Issues or Contribute</h1>
11   -<p>This is a personal open-source project, developed on my spare time. Any contribution, suggestion, feedback or bug report is welcome.</p>
12   -<p>To <strong>suggest improvements, report a bug or any issue</strong>, please use the <a href="https://bitbucket.org/decalage/olefileio_pl/issues?status=new&amp;status=open">issue reporting page</a>, providing all the information and files to reproduce the problem.</p>
13   -<p>If possible please join the debugging output of olefile. For this, launch the following command :</p>
14   -<pre><code> olefile.py -d -c file &gt;debug.txt </code></pre>
15   -<p>You may also <a href="http://decalage.info/contact">contact the author</a> directly to <strong>provide feedback</strong>.</p>
16   -<p>The code is available in <a href="https://bitbucket.org/decalage/olefileio_pl">a Mercurial repository on Bitbucket</a>. You may use it to <strong>submit enhancements</strong> using forks and pull requests.</p>
17   -<hr />
18   -<h2 id="olefile-documentation">olefile documentation</h2>
19   -<ul>
20   -<li><a href="Home.html">Home</a></li>
21   -<li><a href="License.html">License</a></li>
22   -<li><a href="Install.html">Install</a></li>
23   -<li><a href="Contribute.html">Contribute</a>, Suggest Improvements or Report Issues</li>
24   -<li><a href="OLE_Overview.html">OLE_Overview</a></li>
25   -<li><a href="API.html">API</a> and Usage</li>
26   -</ul>
27   -</body>
28   -</html>
oletools/thirdparty/olefile/doc/Contribute.md deleted
View file @29572ea
1   -How to Suggest Improvements, Report Issues or Contribute
2   -========================================================
3   -
4   -This is a personal open-source project, developed on my spare time. Any contribution, suggestion, feedback or bug report is welcome.
5   -
6   -To **suggest improvements, report a bug or any issue**, please use the [issue reporting page](https://bitbucket.org/decalage/olefileio_pl/issues?status=new&status=open), providing all the information and files to reproduce the problem.
7   -
8   -If possible please join the debugging output of olefile. For this, launch the following command :
9   -
10   - :::text
11   - olefile.py -d -c file >debug.txt
12   -
13   -
14   -You may also [contact the author](http://decalage.info/contact) directly to **provide feedback**.
15   -
16   -The code is available in [a Mercurial repository on Bitbucket](https://bitbucket.org/decalage/olefileio_pl). You may use it to **submit enhancements** using forks and pull requests.
17   -
18   ---------------------------------------------------------------------------
19   -
20   -olefile documentation
21   ----------------------
22   -
23   -- [[Home]]
24   -- [[License]]
25   -- [[Install]]
26   -- [[Contribute]], Suggest Improvements or Report Issues
27   -- [[OLE_Overview]]
28   -- [[API]] and Usage
oletools/thirdparty/olefile/doc/Home.html deleted
View file @29572ea
1   -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2   -<html xmlns="http://www.w3.org/1999/xhtml">
3   -<head>
4   - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5   - <meta http-equiv="Content-Style-Type" content="text/css" />
6   - <meta name="generator" content="pandoc" />
7   - <title></title>
8   -</head>
9   -<body>
10   -<h1 id="olefile-v0.42-documentation">olefile v0.42 documentation</h1>
11   -<p>This is the home page of the documentation for olefile. The latest version can be found <a href="https://bitbucket.org/decalage/olefileio_pl/wiki">online</a>, otherwise a copy is provided in the doc subfolder of the package.</p>
12   -<p><a href="http://www.decalage.info/olefile">olefile</a> is a Python package to parse, read and write <a href="http://en.wikipedia.org/wiki/Compound_File_Binary_Format">Microsoft OLE2 files</a> (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office 97-2003 documents, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc.</p>
13   -<p><strong>Quick links:</strong> <a href="http://www.decalage.info/olefile">Home page</a> - <a href="https://bitbucket.org/decalage/olefileio_pl/wiki/Install">Download/Install</a> - <a href="https://bitbucket.org/decalage/olefileio_pl/wiki">Documentation</a> - <a href="https://bitbucket.org/decalage/olefileio_pl/issues?status=new&amp;status=open">Report Issues/Suggestions/Questions</a> - <a href="http://decalage.info/contact">Contact the author</a> - <a href="https://bitbucket.org/decalage/olefileio_pl">Repository</a> - <a href="https://twitter.com/decalage2">Updates on Twitter</a></p>
14   -<h2 id="documentation-pages">Documentation pages</h2>
15   -<ul>
16   -<li><a href="License.html">License</a></li>
17   -<li><a href="Install.html">Install</a></li>
18   -<li><a href="Contribute.html">Contribute</a>, Suggest Improvements or Report Issues</li>
19   -<li><a href="OLE_Overview.html">OLE_Overview</a></li>
20   -<li><a href="API.html">API</a> and Usage</li>
21   -</ul>
22   -<h2 id="features">Features</h2>
23   -<ul>
24   -<li>Parse, read and write any OLE file such as Microsoft Office 97-2003 legacy document formats (Word .doc, Excel .xls, PowerPoint .ppt, Visio .vsd, Project .mpp), Image Composer and FlashPix files, Outlook messages, StickyNotes, Zeiss AxioVision ZVI files, Olympus FluoView OIB files, etc</li>
25   -<li>List all the streams and storages contained in an OLE file</li>
26   -<li>Open streams as files</li>
27   -<li>Parse and read property streams, containing metadata of the file</li>
28   -<li>Portable, pure Python module, no dependency</li>
29   -</ul>
30   -<p>olefile can be used as an independent module or with PIL/Pillow.</p>
31   -<p>olefile is mostly meant for developers. If you are looking for tools to analyze OLE files or to extract data (especially for security purposes such as malware analysis and forensics), then please also check my <a href="http://www.decalage.info/python/oletools">python-oletools</a>, which are built upon olefile and provide a higher-level interface.</p>
32   -<h2 id="history">History</h2>
33   -<p>olefile is based on the OleFileIO module from <a href="http://www.pythonware.com/products/pil/index.htm">PIL</a>, the excellent Python Imaging Library, created and maintained by Fredrik Lundh. The olefile API is still compatible with PIL, but since 2005 I have improved the internal implementation significantly, with new features, bugfixes and a more robust design. From 2005 to 2014 the project was called OleFileIO_PL, and in 2014 I changed its name to olefile to celebrate its 9 years and its new write features.</p>
34   -<p>As far as I know, this module is the most complete and robust Python implementation to read MS OLE2 files, portable on several operating systems. (please tell me if you know other similar Python modules)</p>
35   -<p>Since 2014 olefile/OleFileIO_PL has been integrated into <a href="http://python-imaging.github.io/">Pillow</a>, the friendly fork of PIL. olefile will continue to be improved as a separate project, and new versions will be merged into Pillow regularly.</p>
36   -<h2 id="main-improvements-over-the-original-version-of-olefileio-in-pil">Main improvements over the original version of OleFileIO in PIL:</h2>
37   -<ul>
38   -<li>Compatible with Python 3.x and 2.6+</li>
39   -<li>Many bug fixes</li>
40   -<li>Support for files larger than 6.8MB</li>
41   -<li>Support for 64 bits platforms and big-endian CPUs</li>
42   -<li>Robust: many checks to detect malformed files</li>
43   -<li>Runtime option to choose if malformed files should be parsed or raise exceptions</li>
44   -<li>Improved API</li>
45   -<li>Metadata extraction, stream/storage timestamps (e.g. for document forensics)</li>
46   -<li>Can open file-like objects</li>
47   -<li>Added setup.py and install.bat to ease installation</li>
48   -<li>More convenient slash-based syntax for stream paths</li>
49   -<li>Write features</li>
50   -</ul>
51   -<hr />
52   -<h2 id="olefile-documentation">olefile documentation</h2>
53   -<ul>
54   -<li><a href="Home.html">Home</a></li>
55   -<li><a href="License.html">License</a></li>
56   -<li><a href="Install.html">Install</a></li>
57   -<li><a href="Contribute.html">Contribute</a>, Suggest Improvements or Report Issues</li>
58   -<li><a href="OLE_Overview.html">OLE_Overview</a></li>
59   -<li><a href="API.html">API</a> and Usage</li>
60   -</ul>
61   -</body>
62   -</html>
oletools/thirdparty/olefile/doc/Home.md deleted
View file @29572ea
1   -olefile v0.42 documentation
2   -===========================
3   -
4   -This is the home page of the documentation for olefile. The latest version can be found
5   -[online](https://bitbucket.org/decalage/olefileio_pl/wiki), otherwise a copy is provided in the doc subfolder of the package.
6   -
7   -[olefile](http://www.decalage.info/olefile) is a Python package to parse, read and write
8   -[Microsoft OLE2 files](http://en.wikipedia.org/wiki/Compound_File_Binary_Format)
9   -(also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft
10   -Office 97-2003 documents, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file
11   -formats, McAfee antivirus quarantine files, etc.
12   -
13   -
14   -**Quick links:**
15   -[Home page](http://www.decalage.info/olefile) -
16   -[Download/Install](https://bitbucket.org/decalage/olefileio_pl/wiki/Install) -
17   -[Documentation](https://bitbucket.org/decalage/olefileio_pl/wiki) -
18   -[Report Issues/Suggestions/Questions](https://bitbucket.org/decalage/olefileio_pl/issues?status=new&status=open) -
19   -[Contact the author](http://decalage.info/contact) -
20   -[Repository](https://bitbucket.org/decalage/olefileio_pl) -
21   -[Updates on Twitter](https://twitter.com/decalage2)
22   -
23   -Documentation pages
24   --------------------
25   -
26   -- [[License]]
27   -- [[Install]]
28   -- [[Contribute]], Suggest Improvements or Report Issues
29   -- [[OLE_Overview]]
30   -- [[API]] and Usage
31   -
32   -
33   -Features
34   ---------
35   -
36   -- Parse, read and write any OLE file such as Microsoft Office 97-2003 legacy document formats (Word .doc, Excel .xls,
37   - PowerPoint .ppt, Visio .vsd, Project .mpp), Image Composer and FlashPix files, Outlook messages, StickyNotes, Zeiss
38   - AxioVision ZVI files, Olympus FluoView OIB files, etc
39   -- List all the streams and storages contained in an OLE file
40   -- Open streams as files
41   -- Parse and read property streams, containing metadata of the file
42   -- Portable, pure Python module, no dependency
43   -
44   -olefile can be used as an independent module or with PIL/Pillow.
45   -
46   -olefile is mostly meant for developers. If you are looking for tools to analyze OLE files or to extract data
47   -(especially for security purposes such as malware analysis and forensics), then please also check my
48   -[python-oletools](http://www.decalage.info/python/oletools), which are built upon olefile and provide a higher-level
49   -interface.
50   -
51   -
52   -History
53   --------
54   -
55   -olefile is based on the OleFileIO module from [PIL](http://www.pythonware.com/products/pil/index.htm), the excellent
56   -Python Imaging Library, created and maintained by Fredrik Lundh. The olefile API is still compatible with PIL, but
57   -since 2005 I have improved the internal implementation significantly, with new features, bugfixes and a more robust
58   -design. From 2005 to 2014 the project was called OleFileIO_PL, and in 2014 I changed its name to olefile to celebrate
59   -its 9 years and its new write features.
60   -
61   -As far as I know, this module is the most complete and robust Python implementation to read MS OLE2 files, portable on
62   -several operating systems. (please tell me if you know other similar Python modules)
63   -
64   -Since 2014 olefile/OleFileIO_PL has been integrated into [Pillow](http://python-imaging.github.io/), the friendly fork
65   -of PIL. olefile will continue to be improved as a separate project, and new versions will be merged into Pillow regularly.
66   -
67   -Main improvements over the original version of OleFileIO in PIL:
68   -----------------------------------------------------------------
69   -
70   -- Compatible with Python 3.x and 2.6+
71   -- Many bug fixes
72   -- Support for files larger than 6.8MB
73   -- Support for 64 bits platforms and big-endian CPUs
74   -- Robust: many checks to detect malformed files
75   -- Runtime option to choose if malformed files should be parsed or raise exceptions
76   -- Improved API
77   -- Metadata extraction, stream/storage timestamps (e.g. for document forensics)
78   -- Can open file-like objects
79   -- Added setup.py and install.bat to ease installation
80   -- More convenient slash-based syntax for stream paths
81   -- Write features
82   -
83   -
84   ---------------------------------------------------------------------------
85   -
86   -olefile documentation
87   ----------------------
88   -
89   -- [[Home]]
90   -- [[License]]
91   -- [[Install]]
92   -- [[Contribute]], Suggest Improvements or Report Issues
93   -- [[OLE_Overview]]
94   -- [[API]] and Usage
oletools/thirdparty/olefile/doc/Install.html deleted
View file @29572ea
1   -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2   -<html xmlns="http://www.w3.org/1999/xhtml">
3   -<head>
4   - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5   - <meta http-equiv="Content-Style-Type" content="text/css" />
6   - <meta name="generator" content="pandoc" />
7   - <title></title>
8   -</head>
9   -<body>
10   -<h1 id="how-to-download-and-install-olefile">How to Download and Install olefile</h1>
11   -<h2 id="pre-requisites">Pre-requisites</h2>
12   -<p>olefile requires Python 2.6, 2.7 or 3.x.</p>
13   -<p>For Python 2.5 and older, olefile falls back to an older version (based on OleFileIO_PL 0.26) which might not contain all the enhancements implemented in olefile.</p>
14   -<h2 id="download-and-install">Download and Install</h2>
15   -<p>To use olefile with other Python applications or your own scripts, the simplest solution is to run <strong>pip install olefile</strong> or <strong>easy_install olefile</strong>, to download and install the package in one go. Pip is part of the standard Python distribution since v2.7.9.</p>
16   -<p>To update olefile if a previous version is already installed, run <strong>pip install -U olefile</strong>.</p>
17   -<p>Otherwise you may download/extract the <a href="https://bitbucket.org/decalage/olefileio_pl/downloads">zip archive</a> in a temporary directory and run <strong>python setup.py install</strong>.</p>
18   -<p>On Windows you may simply double-click on <strong>install.bat</strong>.</p>
19   -<hr />
20   -<h2 id="olefile-documentation">olefile documentation</h2>
21   -<ul>
22   -<li><a href="Home.html">Home</a></li>
23   -<li><a href="License.html">License</a></li>
24   -<li><a href="Install.html">Install</a></li>
25   -<li><a href="Contribute.html">Contribute</a>, Suggest Improvements or Report Issues</li>
26   -<li><a href="OLE_Overview.html">OLE_Overview</a></li>
27   -<li><a href="API.html">API</a> and Usage</li>
28   -</ul>
29   -</body>
30   -</html>
oletools/thirdparty/olefile/doc/Install.md deleted
View file @29572ea
1   -How to Download and Install olefile
2   -===================================
3   -
4   -Pre-requisites
5   ---------------
6   -
7   -olefile requires Python 2.6, 2.7 or 3.x.
8   -
9   -For Python 2.5 and older, olefile falls back to an older version (based on OleFileIO_PL 0.26) which might not contain
10   -all the enhancements implemented in olefile.
11   -
12   -
13   -Download and Install
14   ---------------------
15   -
16   -To use olefile with other Python applications or your own scripts, the simplest solution is to run **pip install olefile**
17   -or **easy_install olefile**, to download and install the package in one go. Pip is part of the standard Python
18   -distribution since v2.7.9.
19   -
20   -To update olefile if a previous version is already installed, run **pip install -U olefile**.
21   -
22   -Otherwise you may download/extract the [zip archive](https://bitbucket.org/decalage/olefileio_pl/downloads) in a
23   -temporary directory and run **python setup.py install**.
24   -
25   -On Windows you may simply double-click on **install.bat**.
26   -
27   ---------------------------------------------------------------------------
28   -
29   -olefile documentation
30   ----------------------
31   -
32   -- [[Home]]
33   -- [[License]]
34   -- [[Install]]
35   -- [[Contribute]], Suggest Improvements or Report Issues
36   -- [[OLE_Overview]]
37   -- [[API]] and Usage
oletools/thirdparty/olefile/doc/License.html deleted
View file @29572ea
1   -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2   -<html xmlns="http://www.w3.org/1999/xhtml">
3   -<head>
4   - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5   - <meta http-equiv="Content-Style-Type" content="text/css" />
6   - <meta name="generator" content="pandoc" />
7   - <title></title>
8   -</head>
9   -<body>
10   -<h1 id="license-for-olefile">License for olefile</h1>
11   -<p>olefile (formerly OleFileIO_PL) is copyright (c) 2005-2015 Philippe Lagadec (<a href="http://www.decalage.info">http://www.decalage.info</a>)</p>
12   -<p>All rights reserved.</p>
13   -<p>Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:</p>
14   -<ul>
15   -<li>Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.</li>
16   -<li>Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.</li>
17   -</ul>
18   -<p>THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS &quot;AS IS&quot; AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.</p>
19   -<hr />
20   -<p>olefile is based on source code from the OleFileIO module of the Python Imaging Library (PIL) published by Fredrik Lundh under the following license:</p>
21   -<p>The Python Imaging Library (PIL) is</p>
22   -<ul>
23   -<li>Copyright (c) 1997-2005 by Secret Labs AB</li>
24   -<li>Copyright (c) 1995-2005 by Fredrik Lundh</li>
25   -</ul>
26   -<p>By obtaining, using, and/or copying this software and/or its associated documentation, you agree that you have read, understood, and will comply with the following terms and conditions:</p>
27   -<p>Permission to use, copy, modify, and distribute this software and its associated documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appears in all copies, and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Secret Labs AB or the author not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.</p>
28   -<p>SECRET LABS AB AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL SECRET LABS AB OR THE AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.</p>
29   -<hr />
30   -<h2 id="olefile-documentation">olefile documentation</h2>
31   -<ul>
32   -<li><a href="Home.html">Home</a></li>
33   -<li><a href="License.html">License</a></li>
34   -<li><a href="Install.html">Install</a></li>
35   -<li><a href="Contribute.html">Contribute</a>, Suggest Improvements or Report Issues</li>
36   -<li><a href="OLE_Overview.html">OLE_Overview</a></li>
37   -<li><a href="API.html">API</a> and Usage</li>
38   -</ul>
39   -</body>
40   -</html>
oletools/thirdparty/olefile/doc/License.md deleted
View file @29572ea
1   -License for olefile
2   -===================
3   -
4   -olefile (formerly OleFileIO_PL) is copyright (c) 2005-2015 Philippe Lagadec ([http://www.decalage.info](http://www.decalage.info))
5   -
6   -All rights reserved.
7   -
8   -Redistribution and use in source and binary forms, with or without modification,
9   -are permitted provided that the following conditions are met:
10   -
11   - * Redistributions of source code must retain the above copyright notice, this
12   - list of conditions and the following disclaimer.
13   - * Redistributions in binary form must reproduce the above copyright notice,
14   - this list of conditions and the following disclaimer in the documentation
15   - and/or other materials provided with the distribution.
16   -
17   -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
18   -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19   -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20   -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
21   -FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22   -DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
23   -SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
24   -CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
25   -OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
26   -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27   -
28   -
29   -----------
30   -
31   -olefile is based on source code from the OleFileIO module of the Python Imaging Library (PIL) published by Fredrik Lundh under the following license:
32   -
33   -The Python Imaging Library (PIL) is
34   -
35   -- Copyright (c) 1997-2005 by Secret Labs AB
36   -- Copyright (c) 1995-2005 by Fredrik Lundh
37   -
38   -By obtaining, using, and/or copying this software and/or its associated documentation, you agree that you have read, understood, and will comply with the following terms and conditions:
39   -
40   -Permission to use, copy, modify, and distribute this software and its associated documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appears in all copies, and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of Secret Labs AB or the author not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission.
41   -
42   -SECRET LABS AB AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL SECRET LABS AB OR THE AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
43   -
44   ---------------------------------------------------------------------------
45   -
46   -olefile documentation
47   ----------------------
48   -
49   -- [[Home]]
50   -- [[License]]
51   -- [[Install]]
52   -- [[Contribute]], Suggest Improvements or Report Issues
53   -- [[OLE_Overview]]
54   -- [[API]] and Usage
oletools/thirdparty/olefile/doc/OLE_Overview.html deleted
View file @29572ea
1   -<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
2   -<html xmlns="http://www.w3.org/1999/xhtml">
3   -<head>
4   - <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
5   - <meta http-equiv="Content-Style-Type" content="text/css" />
6   - <meta name="generator" content="pandoc" />
7   - <title></title>
8   -</head>
9   -<body>
10   -<h1 id="about-the-structure-of-ole-files">About the structure of OLE files</h1>
11   -<p>This page is part of the documentation for <a href="https://bitbucket.org/decalage/olefileio_pl/wiki">olefile</a>. It provides a brief overview of the structure of <a href="http://en.wikipedia.org/wiki/Compound_File_Binary_Format">Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)</a>, such as Microsoft Office 97-2003 documents, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc.</p>
12   -<p>An OLE file can be seen as a mini file system or a Zip archive: It contains <strong>streams</strong> of data that look like files embedded within the OLE file. Each stream has a name. For example, the main stream of a MS Word document containing its text is named &quot;WordDocument&quot;.</p>
13   -<p>An OLE file can also contain <strong>storages</strong>. A storage is a folder that contains streams or other storages. For example, a MS Word document with VBA macros has a storage called &quot;Macros&quot;.</p>
14   -<p>Special streams can contain <strong>properties</strong>. A property is a specific value that can be used to store information such as the metadata of a document (title, author, creation date, etc). Property stream names usually start with the character '05'.</p>
15   -<p>For example, a typical MS Word document may look like this:</p>
16   -<div class="figure">
17   -<img src="OLE_VBA_sample.png" /><p class="caption"></p>
18   -</div>
19   -<p>Go to the <a href="API.html">API</a> page to see how to use all olefile features to parse OLE files.</p>
20   -<hr />
21   -<h2 id="olefile-documentation">olefile documentation</h2>
22   -<ul>
23   -<li><a href="Home.html">Home</a></li>
24   -<li><a href="License.html">License</a></li>
25   -<li><a href="Install.html">Install</a></li>
26   -<li><a href="Contribute.html">Contribute</a>, Suggest Improvements or Report Issues</li>
27   -<li><a href="OLE_Overview.html">OLE_Overview</a></li>
28   -<li><a href="API.html">API</a> and Usage</li>
29   -</ul>
30   -</body>
31   -</html>
oletools/thirdparty/olefile/doc/OLE_Overview.md deleted
View file @29572ea
1   -About the structure of OLE files
2   -================================
3   -
4   -This page is part of the documentation for [olefile](https://bitbucket.org/decalage/olefileio_pl/wiki). It provides a brief overview of the structure of [Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format)](http://en.wikipedia.org/wiki/Compound_File_Binary_Format), such as Microsoft Office 97-2003 documents, Image Composer and FlashPix files, Outlook messages, StickyNotes, several Microscopy file formats, McAfee antivirus quarantine files, etc.
5   -
6   -An OLE file can be seen as a mini file system or a Zip archive: It contains **streams** of data that look like files embedded within the OLE file. Each stream has a name. For example, the main stream of a MS Word document containing its text is named "WordDocument".
7   -
8   -An OLE file can also contain **storages**. A storage is a folder that contains streams or other storages. For example, a MS Word document with VBA macros has a storage called "Macros".
9   -
10   -Special streams can contain **properties**. A property is a specific value that can be used to store information such as the metadata of a document (title, author, creation date, etc). Property stream names usually start with the character '\x05'.
11   -
12   -For example, a typical MS Word document may look like this:
13   -
14   -![](OLE_VBA_sample.png)
15   -
16   -Go to the [[API]] page to see how to use all olefile features to parse OLE files.
17   -
18   -
19   ---------------------------------------------------------------------------
20   -
21   -olefile documentation
22   ----------------------
23   -
24   -- [[Home]]
25   -- [[License]]
26   -- [[Install]]
27   -- [[Contribute]], Suggest Improvements or Report Issues
28   -- [[OLE_Overview]]
29   -- [[API]] and Usage
oletools/thirdparty/olefile/doc/OLE_VBA_sample.png deleted
View file @29572ea

3.48 KB
oletools/thirdparty/olefile/olefile.html deleted
View file @29572ea
No preview for this file type
oletools/thirdparty/olefile/olefile.py deleted
View file @29572ea
1   -"""
2   -olefile (formerly OleFileIO_PL)
3   -
4   -Module to read/write Microsoft OLE2 files (also called Structured Storage or
5   -Microsoft Compound Document File Format), such as Microsoft Office 97-2003
6   -documents, Image Composer and FlashPix files, Outlook messages, ...
7   -This version is compatible with Python 2.6+ and 3.x
8   -
9   -Project website: https://www.decalage.info/olefile
10   -
11   -olefile is copyright (c) 2005-2017 Philippe Lagadec
12   -(https://www.decalage.info)
13   -
14   -olefile is based on the OleFileIO module from the PIL library v1.1.7
15   -See: http://www.pythonware.com/products/pil/index.htm
16   -and http://svn.effbot.org/public/tags/pil-1.1.7/PIL/OleFileIO.py
17   -
18   -The Python Imaging Library (PIL) is
19   -Copyright (c) 1997-2009 by Secret Labs AB
20   -Copyright (c) 1995-2009 by Fredrik Lundh
21   -
22   -See source code and LICENSE.txt for information on usage and redistribution.
23   -"""
24   -
25   -# Since OleFileIO_PL v0.30, only Python 2.6+ and 3.x is supported
26   -# This import enables print() as a function rather than a keyword
27   -# (main requirement to be compatible with Python 3.x)
28   -# The comment on the line below should be printed on Python 2.5 or older:
29   -from __future__ import print_function # This version of olefile requires Python 2.6+ or 3.x.
30   -
31   -
32   -#--- LICENSE ------------------------------------------------------------------
33   -
34   -# olefile (formerly OleFileIO_PL) is copyright (c) 2005-2017 Philippe Lagadec
35   -# (https://www.decalage.info)
36   -#
37   -# All rights reserved.
38   -#
39   -# Redistribution and use in source and binary forms, with or without modification,
40   -# are permitted provided that the following conditions are met:
41   -#
42   -# * Redistributions of source code must retain the above copyright notice, this
43   -# list of conditions and the following disclaimer.
44   -# * Redistributions in binary form must reproduce the above copyright notice,
45   -# this list of conditions and the following disclaimer in the documentation
46   -# and/or other materials provided with the distribution.
47   -#
48   -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
49   -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
50   -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
51   -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
52   -# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
53   -# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
54   -# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
55   -# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
56   -# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
57   -# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
58   -
59   -# ----------
60   -# PIL License:
61   -#
62   -# olefile is based on source code from the OleFileIO module of the Python
63   -# Imaging Library (PIL) published by Fredrik Lundh under the following license:
64   -
65   -# The Python Imaging Library (PIL) is
66   -# Copyright (c) 1997-2009 by Secret Labs AB
67   -# Copyright (c) 1995-2009 by Fredrik Lundh
68   -#
69   -# By obtaining, using, and/or copying this software and/or its associated
70   -# documentation, you agree that you have read, understood, and will comply with
71   -# the following terms and conditions:
72   -#
73   -# Permission to use, copy, modify, and distribute this software and its
74   -# associated documentation for any purpose and without fee is hereby granted,
75   -# provided that the above copyright notice appears in all copies, and that both
76   -# that copyright notice and this permission notice appear in supporting
77   -# documentation, and that the name of Secret Labs AB or the author(s) not be used
78   -# in advertising or publicity pertaining to distribution of the software
79   -# without specific, written prior permission.
80   -#
81   -# SECRET LABS AB AND THE AUTHORS DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS
82   -# SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS.
83   -# IN NO EVENT SHALL SECRET LABS AB OR THE AUTHORS BE LIABLE FOR ANY SPECIAL,
84   -# INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
85   -# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
86   -# OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
87   -# PERFORMANCE OF THIS SOFTWARE.
88   -
89   -#-----------------------------------------------------------------------------
90   -# CHANGELOG: (only olefile/OleFileIO_PL changes compared to PIL 1.1.6)
91   -# 2005-05-11 v0.10 PL: - a few fixes for Python 2.4 compatibility
92   -# (all changes flagged with [PL])
93   -# 2006-02-22 v0.11 PL: - a few fixes for some Office 2003 documents which raise
94   -# exceptions in OleStream.__init__()
95   -# 2006-06-09 v0.12 PL: - fixes for files above 6.8MB (DIFAT in loadfat)
96   -# - added some constants
97   -# - added header values checks
98   -# - added some docstrings
99   -# - getsect: bugfix in case sectors >512 bytes
100   -# - getsect: added conformity checks
101   -# - DEBUG_MODE constant to activate debug display
102   -# 2007-09-04 v0.13 PL: - improved/translated (lots of) comments
103   -# - updated license
104   -# - converted tabs to 4 spaces
105   -# 2007-11-19 v0.14 PL: - added OleFileIO._raise_defect() to adapt sensitivity
106   -# - improved _unicode() to use Python 2.x unicode support
107   -# - fixed bug in OleDirectoryEntry
108   -# 2007-11-25 v0.15 PL: - added safety checks to detect FAT loops
109   -# - fixed OleStream which didn't check stream size
110   -# - added/improved many docstrings and comments
111   -# - moved helper functions _unicode and _clsid out of
112   -# OleFileIO class
113   -# - improved OleFileIO._find() to add Unix path syntax
114   -# - OleFileIO._find() is now case-insensitive
115   -# - added get_type() and get_rootentry_name()
116   -# - rewritten loaddirectory and OleDirectoryEntry
117   -# 2007-11-27 v0.16 PL: - added OleDirectoryEntry.kids_dict
118   -# - added detection of duplicate filenames in storages
119   -# - added detection of duplicate references to streams
120   -# - added get_size() and exists() to OleDirectoryEntry
121   -# - added isOleFile to check header before parsing
122   -# - added __all__ list to control public keywords in pydoc
123   -# 2007-12-04 v0.17 PL: - added _load_direntry to fix a bug in loaddirectory
124   -# - improved _unicode(), added workarounds for Python <2.3
125   -# - added set_debug_mode and -d option to set debug mode
126   -# - fixed bugs in OleFileIO.open and OleDirectoryEntry
127   -# - added safety check in main for large or binary
128   -# properties
129   -# - allow size>0 for storages for some implementations
130   -# 2007-12-05 v0.18 PL: - fixed several bugs in handling of FAT, MiniFAT and
131   -# streams
132   -# - added option '-c' in main to check all streams
133   -# 2009-12-10 v0.19 PL: - bugfix for 32 bit arrays on 64 bits platforms
134   -# (thanks to Ben G. and Martijn for reporting the bug)
135   -# 2009-12-11 v0.20 PL: - bugfix in OleFileIO.open when filename is not plain str
136   -# 2010-01-22 v0.21 PL: - added support for big-endian CPUs such as PowerPC Macs
137   -# 2012-02-16 v0.22 PL: - fixed bug in getproperties, patch by chuckleberryfinn
138   -# (https://github.com/decalage2/olefile/issues/7)
139   -# - added close method to OleFileIO (fixed issue #2)
140   -# 2012-07-25 v0.23 PL: - added support for file-like objects (patch by mete0r_kr)
141   -# 2013-05-05 v0.24 PL: - getproperties: added conversion from filetime to python
142   -# datetime
143   -# - main: displays properties with date format
144   -# - new class OleMetadata to parse standard properties
145   -# - added get_metadata method
146   -# 2013-05-07 v0.24 PL: - a few improvements in OleMetadata
147   -# 2013-05-24 v0.25 PL: - getproperties: option to not convert some timestamps
148   -# - OleMetaData: total_edit_time is now a number of seconds,
149   -# not a timestamp
150   -# - getproperties: added support for VT_BOOL, VT_INT, V_UINT
151   -# - getproperties: filter out null chars from strings
152   -# - getproperties: raise non-fatal defects instead of
153   -# exceptions when properties cannot be parsed properly
154   -# 2013-05-27 PL: - getproperties: improved exception handling
155   -# - _raise_defect: added option to set exception type
156   -# - all non-fatal issues are now recorded, and displayed
157   -# when run as a script
158   -# 2013-07-11 v0.26 PL: - added methods to get modification and creation times
159   -# of a directory entry or a storage/stream
160   -# - fixed parsing of direntry timestamps
161   -# 2013-07-24 PL: - new options in listdir to list storages and/or streams
162   -# 2014-02-04 v0.30 PL: - upgraded code to support Python 3.x by Martin Panter
163   -# - several fixes for Python 2.6 (xrange, MAGIC)
164   -# - reused i32 from Pillow's _binary
165   -# 2014-07-18 v0.31 - preliminary support for 4K sectors
166   -# 2014-07-27 v0.31 PL: - a few improvements in OleFileIO.open (header parsing)
167   -# - Fixed loadfat for large files with 4K sectors (issue #3)
168   -# 2014-07-30 v0.32 PL: - added write_sect to write sectors to disk
169   -# - added write_mode option to OleFileIO.__init__ and open
170   -# 2014-07-31 PL: - fixed padding in write_sect for Python 3, added checks
171   -# - added write_stream to write a stream to disk
172   -# 2014-09-26 v0.40 PL: - renamed OleFileIO_PL to olefile
173   -# 2014-11-09 NE: - added support for Jython (Niko Ehrenfeuchter)
174   -# 2014-11-13 v0.41 PL: - improved isOleFile and OleFileIO.open to support OLE
175   -# data in a string buffer and file-like objects.
176   -# 2014-11-21 PL: - updated comments according to Pillow's commits
177   -# 2015-01-24 v0.42 PL: - changed the default path name encoding from Latin-1
178   -# to UTF-8 on Python 2.x (Unicode on Python 3.x)
179   -# - added path_encoding option to override the default
180   -# - fixed a bug in _list when a storage is empty
181   -# 2015-04-17 v0.43 PL: - slight changes in OleDirectoryEntry
182   -# 2015-10-19 - fixed issue #26 in OleFileIO.getproperties
183   -# (using id and type as local variable names)
184   -# 2015-10-29 - replaced debug() with proper logging
185   -# - use optparse to handle command line options
186   -# - improved attribute names in OleFileIO class
187   -# 2015-11-05 - fixed issue #27 by correcting the MiniFAT sector
188   -# cutoff size if invalid.
189   -# 2016-02-02 - logging is disabled by default
190   -# 2016-04-26 v0.44 PL: - added enable_logging
191   -# - renamed _OleDirectoryEntry and _OleStream without '_'
192   -# - in OleStream use _raise_defect instead of exceptions
193   -# 2016-04-27 - added support for incomplete streams and incorrect
194   -# directory entries (to read malformed documents)
195   -# 2016-05-04 - fixed slight bug in OleStream
196   -# 2016-11-27 DR: - added method to get the clsid of a storage/stream
197   -# (Daniel Roethlisberger)
198   -# 2017-05-31 v0.45 BS: - PR #114 from oletools to handle excessive number of
199   -# properties:
200   -# https://github.com/decalage2/oletools/pull/114
201   -# 2017-07-11 PL: - ignore incorrect ByteOrder (issue #70)
202   -
203   -__date__ = "2017-07-11"
204   -__version__ = '0.45dev2'
205   -__author__ = "Philippe Lagadec"
206   -
207   -#-----------------------------------------------------------------------------
208   -# TODO (for version 1.0):
209   -# + get rid of print statements, to simplify Python 2.x and 3.x support
210   -# + add is_stream and is_storage
211   -# + remove leading and trailing slashes where a path is used
212   -# + add functions path_list2str and path_str2list
213   -# + fix how all the methods handle unicode str and/or bytes as arguments
214   -# + add path attrib to _OleDirEntry, set it once and for all in init or
215   -# append_kids (then listdir/_list can be simplified)
216   -# - TESTS with Linux, MacOSX, Python 1.5.2, various files, PIL, ...
217   -# - add underscore to each private method, to avoid their display in
218   -# pydoc/epydoc documentation - Remove it for classes to be documented
219   -# - replace all raised exceptions with _raise_defect (at least in OleFileIO)
220   -# - merge code from OleStream and OleFileIO.getsect to read sectors
221   -# (maybe add a class for FAT and MiniFAT ?)
222   -# - add method to check all streams (follow sectors chains without storing all
223   -# stream in memory, and report anomalies)
224   -# - use OleDirectoryEntry.kids_dict to improve _find and _list ?
225   -# - fix Unicode names handling (find some way to stay compatible with Py1.5.2)
226   -# => if possible avoid converting names to Latin-1
227   -# - review DIFAT code: fix handling of DIFSECT blocks in FAT (not stop)
228   -# - rewrite OleFileIO.getproperties
229   -# - improve docstrings to show more sample uses
230   -# - see also original notes and FIXME below
231   -# - remove all obsolete FIXMEs
232   -# - OleMetadata: fix version attrib according to
233   -# https://msdn.microsoft.com/en-us/library/dd945671%28v=office.12%29.aspx
234   -
235   -# IDEAS:
236   -# - in OleFileIO._open and OleStream, use size=None instead of 0x7FFFFFFF for
237   -# streams with unknown size
238   -# - use arrays of int instead of long integers for FAT/MiniFAT, to improve
239   -# performance and reduce memory usage ? (possible issue with values >2^31)
240   -# - provide tests with unittest (may need write support to create samples)
241   -# - move all debug code (and maybe dump methods) to a separate module, with
242   -# a class which inherits OleFileIO ?
243   -# - fix docstrings to follow epydoc format
244   -# - add support for big endian byte order ?
245   -# - create a simple OLE explorer with wxPython
246   -
247   -# FUTURE EVOLUTIONS to add write support:
248   -# see issue #6 on GitHub:
249   -# https://github.com/decalage2/olefile/issues/6
250   -
251   -#-----------------------------------------------------------------------------
252   -# NOTES from PIL 1.1.6:
253   -
254   -# History:
255   -# 1997-01-20 fl Created
256   -# 1997-01-22 fl Fixed 64-bit portability quirk
257   -# 2003-09-09 fl Fixed typo in OleFileIO.loadfat (noted by Daniel Haertle)
258   -# 2004-02-29 fl Changed long hex constants to signed integers
259   -#
260   -# Notes:
261   -# FIXME: sort out sign problem (eliminate long hex constants)
262   -# FIXME: change filename to use "a/b/c" instead of ["a", "b", "c"]
263   -# FIXME: provide a glob mechanism function (using fnmatchcase)
264   -#
265   -# Literature:
266   -#
267   -# "FlashPix Format Specification, Appendix A", Kodak and Microsoft,
268   -# September 1996.
269   -#
270   -# Quotes:
271   -#
272   -# "If this document and functionality of the Software conflict,
273   -# the actual functionality of the Software represents the correct
274   -# functionality" -- Microsoft, in the OLE format specification
275   -
276   -#------------------------------------------------------------------------------
277   -
278   -__all__ = ['isOleFile', 'OleFileIO', 'OleMetadata', 'enable_logging',
279   - 'MAGIC', 'STGTY_EMPTY',
280   - 'STGTY_STREAM', 'STGTY_STORAGE', 'STGTY_ROOT', 'STGTY_PROPERTY',
281   - 'STGTY_LOCKBYTES', 'MINIMAL_OLEFILE_SIZE', 'NOSTREAM']
282   -
283   -import io
284   -import sys
285   -import struct, array, os.path, datetime, logging
286   -
287   -#=== COMPATIBILITY WORKAROUNDS ================================================
288   -
289   -#[PL] Define explicitly the public API to avoid private objects in pydoc:
290   -#TODO: add more
291   -# __all__ = ['OleFileIO', 'isOleFile', 'MAGIC']
292   -
293   -# For Python 3.x, need to redefine long as int:
294   -if str is not bytes:
295   - long = int
296   -
297   -# Need to make sure we use xrange both on Python 2 and 3.x:
298   -try:
299   - # on Python 2 we need xrange:
300   - iterrange = xrange
301   -except:
302   - # no xrange, for Python 3 it was renamed as range:
303   - iterrange = range
304   -
305   -#[PL] workaround to fix an issue with array item size on 64 bits systems:
306   -if array.array('L').itemsize == 4:
307   - # on 32 bits platforms, long integers in an array are 32 bits:
308   - UINT32 = 'L'
309   -elif array.array('I').itemsize == 4:
310   - # on 64 bits platforms, integers in an array are 32 bits:
311   - UINT32 = 'I'
312   -elif array.array('i').itemsize == 4:
313   - # On 64 bit Jython, signed integers ('i') are the only way to store our 32
314   - # bit values in an array in a *somewhat* reasonable way, as the otherwise
315   - # perfectly suited 'H' (unsigned int, 32 bits) results in a completely
316   - # unusable behaviour. This is most likely caused by the fact that Java
317   - # doesn't have unsigned values, and thus Jython's "array" implementation,
318   - # which is based on "jarray", doesn't have them either.
319   - # NOTE: to trick Jython into converting the values it would normally
320   - # interpret as "signed" into "unsigned", a binary-and operation with
321   - # 0xFFFFFFFF can be used. This way it is possible to use the same comparing
322   - # operations on all platforms / implementations. The corresponding code
323   - # lines are flagged with a 'JYTHON-WORKAROUND' tag below.
324   - UINT32 = 'i'
325   -else:
326   - raise ValueError('Need to fix a bug with 32 bit arrays, please contact author...')
327   -
328   -
329   -#[PL] These workarounds were inspired from the Path module
330   -# (see http://www.jorendorff.com/articles/python/path/)
331   -try:
332   - basestring
333   -except NameError:
334   - basestring = str
335   -
336   -#[PL] Experimental setting: if True, OLE filenames will be kept in Unicode
337   -# if False (default PIL behaviour), all filenames are converted to Latin-1.
338   -KEEP_UNICODE_NAMES = True
339   -
340   -if sys.version_info[0] < 3:
341   - # On Python 2.x, the default encoding for path names is UTF-8:
342   - DEFAULT_PATH_ENCODING = 'utf-8'
343   -else:
344   - # On Python 3.x, the default encoding for path names is Unicode (None):
345   - DEFAULT_PATH_ENCODING = None
346   -
347   -
348   -# === LOGGING =================================================================
349   -
350   -class NullHandler(logging.Handler):
351   - """
352   - Log Handler without output, to avoid printing messages if logging is not
353   - configured by the main application.
354   - Python 2.7 has logging.NullHandler, but this is necessary for 2.6:
355   - see https://docs.python.org/2.6/library/logging.html#configuring-logging-for-a-library
356   - """
357   - def emit(self, record):
358   - pass
359   -
360   -def get_logger(name, level=logging.CRITICAL+1):
361   - """
362   - Create a suitable logger object for this module.
363   - The goal is not to change settings of the root logger, to avoid getting
364   - other modules' logs on the screen.
365   - If a logger exists with same name, reuse it. (Else it would have duplicate
366   - handlers and messages would be doubled.)
367   - The level is set to CRITICAL+1 by default, to avoid any logging.
368   - """
369   - # First, test if there is already a logger with the same name, else it
370   - # will generate duplicate messages (due to duplicate handlers):
371   - if name in logging.Logger.manager.loggerDict:
372   - #NOTE: another less intrusive but more "hackish" solution would be to
373   - # use getLogger then test if its effective level is not default.
374   - logger = logging.getLogger(name)
375   - # make sure level is OK:
376   - logger.setLevel(level)
377   - return logger
378   - # get a new logger:
379   - logger = logging.getLogger(name)
380   - # only add a NullHandler for this logger, it is up to the application
381   - # to configure its own logging:
382   - logger.addHandler(NullHandler())
383   - logger.setLevel(level)
384   - return logger
385   -
386   -
387   -# a global logger object used for debugging:
388   -log = get_logger('olefile')
389   -
390   -
391   -def enable_logging():
392   - """
393   - Enable logging for this module (disabled by default).
394   - This will set the module-specific logger level to NOTSET, which
395   - means the main application controls the actual logging level.
396   - """
397   - log.setLevel(logging.NOTSET)
398   -
399   -
400   -#=== CONSTANTS ===============================================================
401   -
402   -#: magic bytes that should be at the beginning of every OLE file:
403   -MAGIC = b'\xD0\xCF\x11\xE0\xA1\xB1\x1A\xE1'
404   -
405   -#[PL]: added constants for Sector IDs (from AAF specifications)
406   -MAXREGSECT = 0xFFFFFFFA #: (-6) maximum SECT
407   -DIFSECT = 0xFFFFFFFC #: (-4) denotes a DIFAT sector in a FAT
408   -FATSECT = 0xFFFFFFFD #: (-3) denotes a FAT sector in a FAT
409   -ENDOFCHAIN = 0xFFFFFFFE #: (-2) end of a virtual stream chain
410   -FREESECT = 0xFFFFFFFF #: (-1) unallocated sector
411   -
412   -#[PL]: added constants for Directory Entry IDs (from AAF specifications)
413   -MAXREGSID = 0xFFFFFFFA #: (-6) maximum directory entry ID
414   -NOSTREAM = 0xFFFFFFFF #: (-1) unallocated directory entry
415   -
416   -#[PL] object types in storage (from AAF specifications)
417   -STGTY_EMPTY = 0 #: empty directory entry
418   -STGTY_STORAGE = 1 #: element is a storage object
419   -STGTY_STREAM = 2 #: element is a stream object
420   -STGTY_LOCKBYTES = 3 #: element is an ILockBytes object
421   -STGTY_PROPERTY = 4 #: element is an IPropertyStorage object
422   -STGTY_ROOT = 5 #: element is a root storage
423   -
424   -# Unknown size for a stream (used by OleStream):
425   -UNKNOWN_SIZE = 0x7FFFFFFF
426   -
427   -#
428   -# --------------------------------------------------------------------
429   -# property types
430   -
431   -VT_EMPTY=0; VT_NULL=1; VT_I2=2; VT_I4=3; VT_R4=4; VT_R8=5; VT_CY=6;
432   -VT_DATE=7; VT_BSTR=8; VT_DISPATCH=9; VT_ERROR=10; VT_BOOL=11;
433   -VT_VARIANT=12; VT_UNKNOWN=13; VT_DECIMAL=14; VT_I1=16; VT_UI1=17;
434   -VT_UI2=18; VT_UI4=19; VT_I8=20; VT_UI8=21; VT_INT=22; VT_UINT=23;
435   -VT_VOID=24; VT_HRESULT=25; VT_PTR=26; VT_SAFEARRAY=27; VT_CARRAY=28;
436   -VT_USERDEFINED=29; VT_LPSTR=30; VT_LPWSTR=31; VT_FILETIME=64;
437   -VT_BLOB=65; VT_STREAM=66; VT_STORAGE=67; VT_STREAMED_OBJECT=68;
438   -VT_STORED_OBJECT=69; VT_BLOB_OBJECT=70; VT_CF=71; VT_CLSID=72;
439   -VT_VECTOR=0x1000;
440   -
441   -# map property id to name (for debugging purposes)
442   -
443   -VT = {}
444   -for keyword, var in list(vars().items()):
445   - if keyword[:3] == "VT_":
446   - VT[var] = keyword
447   -
448   -#
449   -# --------------------------------------------------------------------
450   -# Some common document types (root.clsid fields)
451   -
452   -WORD_CLSID = "00020900-0000-0000-C000-000000000046"
453   -#TODO: check Excel, PPT, ...
454   -
455   -#[PL]: Defect levels to classify parsing errors - see OleFileIO._raise_defect()
456   -DEFECT_UNSURE = 10 # a case which looks weird, but not sure it's a defect
457   -DEFECT_POTENTIAL = 20 # a potential defect
458   -DEFECT_INCORRECT = 30 # an error according to specifications, but parsing
459   - # can go on
460   -DEFECT_FATAL = 40 # an error which cannot be ignored, parsing is
461   - # impossible
462   -
463   -# Minimal size of an empty OLE file, with 512-bytes sectors = 1536 bytes
464   -# (this is used in isOleFile and OleFile.open)
465   -MINIMAL_OLEFILE_SIZE = 1536
466   -
467   -#[PL] add useful constants to __all__:
468   -# for key in list(vars().keys()):
469   -# if key.startswith('STGTY_') or key.startswith('DEFECT_'):
470   -# __all__.append(key)
471   -
472   -
473   -#=== FUNCTIONS ===============================================================
474   -
475   -def isOleFile (filename):
476   - """
477   - Test if a file is an OLE container (according to the magic bytes in its header).
478   -
479   - .. note::
480   - This function only checks the first 8 bytes of the file, not the
481   - rest of the OLE structure.
482   -
483   - .. versionadded:: 0.16
484   -
485   - :param filename: filename, contents or file-like object of the OLE file (string-like or file-like object)
486   -
487   - - if filename is a string smaller than 1536 bytes, it is the path
488   - of the file to open. (bytes or unicode string)
489   - - if filename is a string longer than 1535 bytes, it is parsed
490   - as the content of an OLE file in memory. (bytes type only)
491   - - if filename is a file-like object (with read and seek methods),
492   - it is parsed as-is.
493   -
494   - :type filename: bytes or str or unicode or file
495   - :returns: True if OLE, False otherwise.
496   - :rtype: bool
497   - """
498   - # check if filename is a string-like or file-like object:
499   - if hasattr(filename, 'read'):
500   - # file-like object: use it directly
501   - header = filename.read(len(MAGIC))
502   - # just in case, seek back to start of file:
503   - filename.seek(0)
504   - elif isinstance(filename, bytes) and len(filename) >= MINIMAL_OLEFILE_SIZE:
505   - # filename is a bytes string containing the OLE file to be parsed:
506   - header = filename[:len(MAGIC)]
507   - else:
508   - # string-like object: filename of file on disk
509   - with open(filename, 'rb') as fp:
510   - header = fp.read(len(MAGIC))
511   - if header == MAGIC:
512   - return True
513   - else:
514   - return False
515   -
516   -
517   -if bytes is str:
518   - # version for Python 2.x
519   - def i8(c):
520   - return ord(c)
521   -else:
522   - # version for Python 3.x
523   - def i8(c):
524   - return c if c.__class__ is int else c[0]
525   -
526   -
527   -def i16(c, o = 0):
528   - """
529   - Converts a 2-bytes (16 bits) string to an integer.
530   -
531   - :param c: string containing bytes to convert
532   - :param o: offset of bytes to convert in string
533   - """
534   - return struct.unpack("<H", c[o:o+2])[0]
535   -
536   -
537   -def i32(c, o = 0):
538   - """
539   - Converts a 4-bytes (32 bits) string to an integer.
540   -
541   - :param c: string containing bytes to convert
542   - :param o: offset of bytes to convert in string
543   - """
544   - return struct.unpack("<I", c[o:o+4])[0]
545   -
546   -
547   -def _clsid(clsid):
548   - """
549   - Converts a CLSID to a human-readable string.
550   -
551   - :param clsid: string of length 16.
552   - """
553   - assert len(clsid) == 16
554   - # if clsid is only made of null bytes, return an empty string:
555   - # (PL: why not simply return the string with zeroes?)
556   - if not clsid.strip(b"\0"):
557   - return ""
558   - return (("%08X-%04X-%04X-%02X%02X-" + "%02X" * 6) %
559   - ((i32(clsid, 0), i16(clsid, 4), i16(clsid, 6)) +
560   - tuple(map(i8, clsid[8:16]))))
561   -
562   -
563   -
564   -def filetime2datetime(filetime):
565   - """
566   - convert FILETIME (64 bits int) to Python datetime.datetime
567   - """
568   - # TODO: manage exception when microseconds is too large
569   - # inspired from https://code.activestate.com/recipes/511425-filetime-to-datetime/
570   - _FILETIME_null_date = datetime.datetime(1601, 1, 1, 0, 0, 0)
571   - #log.debug('timedelta days=%d' % (filetime//(10*1000000*3600*24)))
572   - return _FILETIME_null_date + datetime.timedelta(microseconds=filetime//10)
573   -
574   -
575   -
576   -#=== CLASSES ==================================================================
577   -
578   -class OleMetadata:
579   - """
580   - class to parse and store metadata from standard properties of OLE files.
581   -
582   - Available attributes:
583   - codepage, title, subject, author, keywords, comments, template,
584   - last_saved_by, revision_number, total_edit_time, last_printed, create_time,
585   - last_saved_time, num_pages, num_words, num_chars, thumbnail,
586   - creating_application, security, codepage_doc, category, presentation_target,
587   - bytes, lines, paragraphs, slides, notes, hidden_slides, mm_clips,
588   - scale_crop, heading_pairs, titles_of_parts, manager, company, links_dirty,
589   - chars_with_spaces, unused, shared_doc, link_base, hlinks, hlinks_changed,
590   - version, dig_sig, content_type, content_status, language, doc_version
591   -
592   - Note: an attribute is set to None when not present in the properties of the
593   - OLE file.
594   -
595   - References for SummaryInformation stream:
596   -
597   - - https://msdn.microsoft.com/en-us/library/dd942545.aspx
598   - - https://msdn.microsoft.com/en-us/library/dd925819%28v=office.12%29.aspx
599   - - https://msdn.microsoft.com/en-us/library/windows/desktop/aa380376%28v=vs.85%29.aspx
600   - - https://msdn.microsoft.com/en-us/library/aa372045.aspx
601   - - http://sedna-soft.de/articles/summary-information-stream/
602   - - https://poi.apache.org/apidocs/org/apache/poi/hpsf/SummaryInformation.html
603   -
604   - References for DocumentSummaryInformation stream:
605   -
606   - - https://msdn.microsoft.com/en-us/library/dd945671%28v=office.12%29.aspx
607   - - https://msdn.microsoft.com/en-us/library/windows/desktop/aa380374%28v=vs.85%29.aspx
608   - - https://poi.apache.org/apidocs/org/apache/poi/hpsf/DocumentSummaryInformation.html
609   -
610   - new in version 0.25
611   - """
612   -
613   - # attribute names for SummaryInformation stream properties:
614   - # (ordered by property id, starting at 1)
615   - SUMMARY_ATTRIBS = ['codepage', 'title', 'subject', 'author', 'keywords', 'comments',
616   - 'template', 'last_saved_by', 'revision_number', 'total_edit_time',
617   - 'last_printed', 'create_time', 'last_saved_time', 'num_pages',
618   - 'num_words', 'num_chars', 'thumbnail', 'creating_application',
619   - 'security']
620   -
621   - # attribute names for DocumentSummaryInformation stream properties:
622   - # (ordered by property id, starting at 1)
623   - DOCSUM_ATTRIBS = ['codepage_doc', 'category', 'presentation_target', 'bytes', 'lines', 'paragraphs',
624   - 'slides', 'notes', 'hidden_slides', 'mm_clips',
625   - 'scale_crop', 'heading_pairs', 'titles_of_parts', 'manager',
626   - 'company', 'links_dirty', 'chars_with_spaces', 'unused', 'shared_doc',
627   - 'link_base', 'hlinks', 'hlinks_changed', 'version', 'dig_sig',
628   - 'content_type', 'content_status', 'language', 'doc_version']
629   -
630   - def __init__(self):
631   - """
632   - Constructor for OleMetadata
633   - All attributes are set to None by default
634   - """
635   - # properties from SummaryInformation stream
636   - self.codepage = None
637   - self.title = None
638   - self.subject = None
639   - self.author = None
640   - self.keywords = None
641   - self.comments = None
642   - self.template = None
643   - self.last_saved_by = None
644   - self.revision_number = None
645   - self.total_edit_time = None
646   - self.last_printed = None
647   - self.create_time = None
648   - self.last_saved_time = None
649   - self.num_pages = None
650   - self.num_words = None
651   - self.num_chars = None
652   - self.thumbnail = None
653   - self.creating_application = None
654   - self.security = None
655   - # properties from DocumentSummaryInformation stream
656   - self.codepage_doc = None
657   - self.category = None
658   - self.presentation_target = None
659   - self.bytes = None
660   - self.lines = None
661   - self.paragraphs = None
662   - self.slides = None
663   - self.notes = None
664   - self.hidden_slides = None
665   - self.mm_clips = None
666   - self.scale_crop = None
667   - self.heading_pairs = None
668   - self.titles_of_parts = None
669   - self.manager = None
670   - self.company = None
671   - self.links_dirty = None
672   - self.chars_with_spaces = None
673   - self.unused = None
674   - self.shared_doc = None
675   - self.link_base = None
676   - self.hlinks = None
677   - self.hlinks_changed = None
678   - self.version = None
679   - self.dig_sig = None
680   - self.content_type = None
681   - self.content_status = None
682   - self.language = None
683   - self.doc_version = None
684   -
685   -
686   - def parse_properties(self, olefile):
687   - """
688   - Parse standard properties of an OLE file, from the streams
689   - ``\\x05SummaryInformation`` and ``\\x05DocumentSummaryInformation``,
690   - if present.
691   - Properties are converted to strings, integers or python datetime objects.
692   - If a property is not present, its value is set to None.
693   - """
694   - # first set all attributes to None:
695   - for attrib in (self.SUMMARY_ATTRIBS + self.DOCSUM_ATTRIBS):
696   - setattr(self, attrib, None)
697   - if olefile.exists("\x05SummaryInformation"):
698   - # get properties from the stream:
699   - # (converting timestamps to python datetime, except total_edit_time,
700   - # which is property #10)
701   - props = olefile.getproperties("\x05SummaryInformation",
702   - convert_time=True, no_conversion=[10])
703   - # store them into this object's attributes:
704   - for i in range(len(self.SUMMARY_ATTRIBS)):
705   - # ids for standards properties start at 0x01, until 0x13
706   - value = props.get(i+1, None)
707   - setattr(self, self.SUMMARY_ATTRIBS[i], value)
708   - if olefile.exists("\x05DocumentSummaryInformation"):
709   - # get properties from the stream:
710   - props = olefile.getproperties("\x05DocumentSummaryInformation",
711   - convert_time=True)
712   - # store them into this object's attributes:
713   - for i in range(len(self.DOCSUM_ATTRIBS)):
714   - # ids for standards properties start at 0x01, until 0x13
715   - value = props.get(i+1, None)
716   - setattr(self, self.DOCSUM_ATTRIBS[i], value)
717   -
718   - def dump(self):
719   - """
720   - Dump all metadata, for debugging purposes.
721   - """
722   - print('Properties from SummaryInformation stream:')
723   - for prop in self.SUMMARY_ATTRIBS:
724   - value = getattr(self, prop)
725   - print('- %s: %s' % (prop, repr(value)))
726   - print('Properties from DocumentSummaryInformation stream:')
727   - for prop in self.DOCSUM_ATTRIBS:
728   - value = getattr(self, prop)
729   - print('- %s: %s' % (prop, repr(value)))
730   -
731   -
732   -#--- OleStream ---------------------------------------------------------------
733   -
734   -class OleStream(io.BytesIO):
735   - """
736   - OLE2 Stream
737   -
738   - Returns a read-only file object which can be used to read
739   - the contents of a OLE stream (instance of the BytesIO class).
740   - To open a stream, use the openstream method in the OleFile class.
741   -
742   - This function can be used with either ordinary streams,
743   - or ministreams, depending on the offset, sectorsize, and
744   - fat table arguments.
745   -
746   - Attributes:
747   -
748   - - size: actual size of data stream, after it was opened.
749   - """
750   - # FIXME: should store the list of sects obtained by following
751   - # the fat chain, and load new sectors on demand instead of
752   - # loading it all in one go.
753   -
754   - def __init__(self, fp, sect, size, offset, sectorsize, fat, filesize, olefileio):
755   - """
756   - Constructor for OleStream class.
757   -
758   - :param fp: file object, the OLE container or the MiniFAT stream
759   - :param sect: sector index of first sector in the stream
760   - :param size: total size of the stream
761   - :param offset: offset in bytes for the first FAT or MiniFAT sector
762   - :param sectorsize: size of one sector
763   - :param fat: array/list of sector indexes (FAT or MiniFAT)
764   - :param filesize: size of OLE file (for debugging)
765   - :param olefileio: OleFileIO object containing this stream
766   - :returns: a BytesIO instance containing the OLE stream
767   - """
768   - log.debug('OleStream.__init__:')
769   - log.debug(' sect=%d (%X), size=%d, offset=%d, sectorsize=%d, len(fat)=%d, fp=%s'
770   - %(sect,sect,size,offset,sectorsize,len(fat), repr(fp)))
771   - self.ole = olefileio
772   - if self.ole.fp.closed:
773   - raise OSError('Attempting to open a stream from a closed OLE File')
774   - #[PL] To detect malformed documents with FAT loops, we compute the
775   - # expected number of sectors in the stream:
776   - unknown_size = False
777   - if size == UNKNOWN_SIZE:
778   - # this is the case when called from OleFileIO._open(), and stream
779   - # size is not known in advance (for example when reading the
780   - # Directory stream). Then we can only guess maximum size:
781   - size = len(fat)*sectorsize
782   - # and we keep a record that size was unknown:
783   - unknown_size = True
784   - log.debug(' stream with UNKNOWN SIZE')
785   - nb_sectors = (size + (sectorsize-1)) // sectorsize
786   - log.debug('nb_sectors = %d' % nb_sectors)
787   - # This number should (at least) be less than the total number of
788   - # sectors in the given FAT:
789   - if nb_sectors > len(fat):
790   - self.ole._raise_defect(DEFECT_INCORRECT, 'malformed OLE document, stream too large')
791   - # optimization(?): data is first a list of strings, and join() is called
792   - # at the end to concatenate all in one string.
793   - # (this may not be really useful with recent Python versions)
794   - data = []
795   - # if size is zero, then first sector index should be ENDOFCHAIN:
796   - if size == 0 and sect != ENDOFCHAIN:
797   - log.debug('size == 0 and sect != ENDOFCHAIN:')
798   - self.ole._raise_defect(DEFECT_INCORRECT, 'incorrect OLE sector index for empty stream')
799   - #[PL] A fixed-length for loop is used instead of an undefined while
800   - # loop to avoid DoS attacks:
801   - for i in range(nb_sectors):
802   - log.debug('Reading stream sector[%d] = %Xh' % (i, sect))
803   - # Sector index may be ENDOFCHAIN, but only if size was unknown
804   - if sect == ENDOFCHAIN:
805   - if unknown_size:
806   - log.debug('Reached ENDOFCHAIN sector for stream with unknown size')
807   - break
808   - else:
809   - # else this means that the stream is smaller than declared:
810   - log.debug('sect=ENDOFCHAIN before expected size')
811   - self.ole._raise_defect(DEFECT_INCORRECT, 'incomplete OLE stream')
812   - # sector index should be within FAT:
813   - if sect<0 or sect>=len(fat):
814   - log.debug('sect=%d (%X) / len(fat)=%d' % (sect, sect, len(fat)))
815   - log.debug('i=%d / nb_sectors=%d' %(i, nb_sectors))
816   -## tmp_data = b"".join(data)
817   -## f = open('test_debug.bin', 'wb')
818   -## f.write(tmp_data)
819   -## f.close()
820   -## log.debug('data read so far: %d bytes' % len(tmp_data))
821   - self.ole._raise_defect(DEFECT_INCORRECT, 'incorrect OLE FAT, sector index out of range')
822   - # stop reading here if the exception is ignored:
823   - break
824   - #TODO: merge this code with OleFileIO.getsect() ?
825   - #TODO: check if this works with 4K sectors:
826   - try:
827   - fp.seek(offset + sectorsize * sect)
828   - except:
829   - log.debug('sect=%d, seek=%d, filesize=%d' %
830   - (sect, offset+sectorsize*sect, filesize))
831   - self.ole._raise_defect(DEFECT_INCORRECT, 'OLE sector index out of range')
832   - # stop reading here if the exception is ignored:
833   - break
834   - sector_data = fp.read(sectorsize)
835   - # [PL] check if there was enough data:
836   - # Note: if sector is the last of the file, sometimes it is not a
837   - # complete sector (of 512 or 4K), so we may read less than
838   - # sectorsize.
839   - if len(sector_data)!=sectorsize and sect!=(len(fat)-1):
840   - log.debug('sect=%d / len(fat)=%d, seek=%d / filesize=%d, len read=%d' %
841   - (sect, len(fat), offset+sectorsize*sect, filesize, len(sector_data)))
842   - log.debug('seek+len(read)=%d' % (offset+sectorsize*sect+len(sector_data)))
843   - self.ole._raise_defect(DEFECT_INCORRECT, 'incomplete OLE sector')
844   - data.append(sector_data)
845   - # jump to next sector in the FAT:
846   - try:
847   - sect = fat[sect] & 0xFFFFFFFF # JYTHON-WORKAROUND
848   - except IndexError:
849   - # [PL] if pointer is out of the FAT an exception is raised
850   - self.ole._raise_defect(DEFECT_INCORRECT, 'incorrect OLE FAT, sector index out of range')
851   - # stop reading here if the exception is ignored:
852   - break
853   - #[PL] Last sector should be a "end of chain" marker:
854   - # if sect != ENDOFCHAIN:
855   - # raise IOError('incorrect last sector index in OLE stream')
856   - data = b"".join(data)
857   - # Data is truncated to the actual stream size:
858   - if len(data) >= size:
859   - log.debug('Read data of length %d, truncated to stream size %d' % (len(data), size))
860   - data = data[:size]
861   - # actual stream size is stored for future use:
862   - self.size = size
863   - elif unknown_size:
864   - # actual stream size was not known, now we know the size of read
865   - # data:
866   - log.debug('Read data of length %d, the stream size was unknown' % len(data))
867   - self.size = len(data)
868   - else:
869   - # read data is less than expected:
870   - log.debug('Read data of length %d, less than expected stream size %d' % (len(data), size))
871   - # TODO: provide details in exception message
872   - self.size = len(data)
873   - self.ole._raise_defect(DEFECT_INCORRECT, 'OLE stream size is less than declared')
874   - # when all data is read in memory, BytesIO constructor is called
875   - io.BytesIO.__init__(self, data)
876   - # Then the OleStream object can be used as a read-only file object.
877   -
878   -
879   -#--- OleDirectoryEntry -------------------------------------------------------
880   -
881   -class OleDirectoryEntry:
882   -
883   - """
884   - OLE2 Directory Entry
885   - """
886   - #[PL] parsing code moved from OleFileIO.loaddirectory
887   -
888   - # struct to parse directory entries:
889   - # <: little-endian byte order, standard sizes
890   - # (note: this should guarantee that Q returns a 64 bits int)
891   - # 64s: string containing entry name in unicode UTF-16 (max 31 chars) + null char = 64 bytes
892   - # H: uint16, number of bytes used in name buffer, including null = (len+1)*2
893   - # B: uint8, dir entry type (between 0 and 5)
894   - # B: uint8, color: 0=black, 1=red
895   - # I: uint32, index of left child node in the red-black tree, NOSTREAM if none
896   - # I: uint32, index of right child node in the red-black tree, NOSTREAM if none
897   - # I: uint32, index of child root node if it is a storage, else NOSTREAM
898   - # 16s: CLSID, unique identifier (only used if it is a storage)
899   - # I: uint32, user flags
900   - # Q (was 8s): uint64, creation timestamp or zero
901   - # Q (was 8s): uint64, modification timestamp or zero
902   - # I: uint32, SID of first sector if stream or ministream, SID of 1st sector
903   - # of stream containing ministreams if root entry, 0 otherwise
904   - # I: uint32, total stream size in bytes if stream (low 32 bits), 0 otherwise
905   - # I: uint32, total stream size in bytes if stream (high 32 bits), 0 otherwise
906   - STRUCT_DIRENTRY = '<64sHBBIII16sIQQIII'
907   - # size of a directory entry: 128 bytes
908   - DIRENTRY_SIZE = 128
909   - assert struct.calcsize(STRUCT_DIRENTRY) == DIRENTRY_SIZE
910   -
911   -
912   - def __init__(self, entry, sid, olefile):
913   - """
914   - Constructor for an OleDirectoryEntry object.
915   - Parses a 128-bytes entry from the OLE Directory stream.
916   -
917   - :param entry : string (must be 128 bytes long)
918   - :param sid : index of this directory entry in the OLE file directory
919   - :param olefile: OleFileIO containing this directory entry
920   - """
921   - self.sid = sid
922   - # ref to olefile is stored for future use
923   - self.olefile = olefile
924   - # kids is a list of children entries, if this entry is a storage:
925   - # (list of OleDirectoryEntry objects)
926   - self.kids = []
927   - # kids_dict is a dictionary of children entries, indexed by their
928   - # name in lowercase: used to quickly find an entry, and to detect
929   - # duplicates
930   - self.kids_dict = {}
931   - # flag used to detect if the entry is referenced more than once in
932   - # directory:
933   - self.used = False
934   - # decode DirEntry
935   - (
936   - self.name_raw, # 64s: string containing entry name in unicode UTF-16 (max 31 chars) + null char = 64 bytes
937   - self.namelength, # H: uint16, number of bytes used in name buffer, including null = (len+1)*2
938   - self.entry_type,
939   - self.color,
940   - self.sid_left,
941   - self.sid_right,
942   - self.sid_child,
943   - clsid,
944   - self.dwUserFlags,
945   - self.createTime,
946   - self.modifyTime,
947   - self.isectStart,
948   - self.sizeLow,
949   - self.sizeHigh
950   - ) = struct.unpack(OleDirectoryEntry.STRUCT_DIRENTRY, entry)
951   - if self.entry_type not in [STGTY_ROOT, STGTY_STORAGE, STGTY_STREAM, STGTY_EMPTY]:
952   - olefile._raise_defect(DEFECT_INCORRECT, 'unhandled OLE storage type')
953   - # only first directory entry can (and should) be root:
954   - if self.entry_type == STGTY_ROOT and sid != 0:
955   - olefile._raise_defect(DEFECT_INCORRECT, 'duplicate OLE root entry')
956   - if sid == 0 and self.entry_type != STGTY_ROOT:
957   - olefile._raise_defect(DEFECT_INCORRECT, 'incorrect OLE root entry')
958   - #log.debug(struct.unpack(fmt_entry, entry[:len_entry]))
959   - # name should be at most 31 unicode characters + null character,
960   - # so 64 bytes in total (31*2 + 2):
961   - if self.namelength>64:
962   - olefile._raise_defect(DEFECT_INCORRECT, 'incorrect DirEntry name length >64 bytes')
963   - # if exception not raised, namelength is set to the maximum value:
964   - self.namelength = 64
965   - # only characters without ending null char are kept:
966   - self.name_utf16 = self.name_raw[:(self.namelength-2)]
967   - #TODO: check if the name is actually followed by a null unicode character ([MS-CFB] 2.6.1)
968   - #TODO: check if the name does not contain forbidden characters:
969   - # [MS-CFB] 2.6.1: "The following characters are illegal and MUST NOT be part of the name: '/', '\', ':', '!'."
970   - # name is converted from UTF-16LE to the path encoding specified in the OleFileIO:
971   - self.name = olefile._decode_utf16_str(self.name_utf16)
972   -
973   - log.debug('DirEntry SID=%d: %s' % (self.sid, repr(self.name)))
974   - log.debug(' - type: %d' % self.entry_type)
975   - log.debug(' - sect: %Xh' % self.isectStart)
976   - log.debug(' - SID left: %d, right: %d, child: %d' % (self.sid_left,
977   - self.sid_right, self.sid_child))
978   -
979   - # sizeHigh is only used for 4K sectors, it should be zero for 512 bytes
980   - # sectors, BUT apparently some implementations set it as 0xFFFFFFFF, 1
981   - # or some other value so it cannot be raised as a defect in general:
982   - if olefile.sectorsize == 512:
983   - if self.sizeHigh != 0 and self.sizeHigh != 0xFFFFFFFF:
984   - log.debug('sectorsize=%d, sizeLow=%d, sizeHigh=%d (%X)' %
985   - (olefile.sectorsize, self.sizeLow, self.sizeHigh, self.sizeHigh))
986   - olefile._raise_defect(DEFECT_UNSURE, 'incorrect OLE stream size')
987   - self.size = self.sizeLow
988   - else:
989   - self.size = self.sizeLow + (long(self.sizeHigh)<<32)
990   - log.debug(' - size: %d (sizeLow=%d, sizeHigh=%d)' % (self.size, self.sizeLow, self.sizeHigh))
991   -
992   - self.clsid = _clsid(clsid)
993   - # a storage should have a null size, BUT some implementations such as
994   - # Word 8 for Mac seem to allow non-null values => Potential defect:
995   - if self.entry_type == STGTY_STORAGE and self.size != 0:
996   - olefile._raise_defect(DEFECT_POTENTIAL, 'OLE storage with size>0')
997   - # check if stream is not already referenced elsewhere:
998   - if self.entry_type in (STGTY_ROOT, STGTY_STREAM) and self.size>0:
999   - if self.size < olefile.minisectorcutoff \
1000   - and self.entry_type==STGTY_STREAM: # only streams can be in MiniFAT
1001   - # ministream object
1002   - minifat = True
1003   - else:
1004   - minifat = False
1005   - olefile._check_duplicate_stream(self.isectStart, minifat)
1006   -
1007   -
1008   -
1009   - def build_storage_tree(self):
1010   - """
1011   - Read and build the red-black tree attached to this OleDirectoryEntry
1012   - object, if it is a storage.
1013   - Note that this method builds a tree of all subentries, so it should
1014   - only be called for the root object once.
1015   - """
1016   - log.debug('build_storage_tree: SID=%d - %s - sid_child=%d'
1017   - % (self.sid, repr(self.name), self.sid_child))
1018   - if self.sid_child != NOSTREAM:
1019   - # if child SID is not NOSTREAM, then this entry is a storage.
1020   - # Let's walk through the tree of children to fill the kids list:
1021   - self.append_kids(self.sid_child)
1022   -
1023   - # Note from OpenOffice documentation: the safest way is to
1024   - # recreate the tree because some implementations may store broken
1025   - # red-black trees...
1026   -
1027   - # in the OLE file, entries are sorted on (length, name).
1028   - # for convenience, we sort them on name instead:
1029   - # (see rich comparison methods in this class)
1030   - self.kids.sort()
1031   -
1032   -
1033   - def append_kids(self, child_sid):
1034   - """
1035   - Walk through red-black tree of children of this directory entry to add
1036   - all of them to the kids list. (recursive method)
1037   -
1038   - :param child_sid: index of child directory entry to use, or None when called
1039   - first time for the root. (only used during recursion)
1040   - """
1041   - log.debug('append_kids: child_sid=%d' % child_sid)
1042   - #[PL] this method was added to use simple recursion instead of a complex
1043   - # algorithm.
1044   - # if this is not a storage or a leaf of the tree, nothing to do:
1045   - if child_sid == NOSTREAM:
1046   - return
1047   - # check if child SID is in the proper range:
1048   - if child_sid<0 or child_sid>=len(self.olefile.direntries):
1049   - self.olefile._raise_defect(DEFECT_INCORRECT, 'OLE DirEntry index out of range')
1050   - else:
1051   - # get child direntry:
1052   - child = self.olefile._load_direntry(child_sid) #direntries[child_sid]
1053   - log.debug('append_kids: child_sid=%d - %s - sid_left=%d, sid_right=%d, sid_child=%d'
1054   - % (child.sid, repr(child.name), child.sid_left, child.sid_right, child.sid_child))
1055   - # the directory entries are organized as a red-black tree.
1056   - # (cf. Wikipedia for details)
1057   - # First walk through left side of the tree:
1058   - self.append_kids(child.sid_left)
1059   - # Check if its name is not already used (case-insensitive):
1060   - name_lower = child.name.lower()
1061   - if name_lower in self.kids_dict:
1062   - self.olefile._raise_defect(DEFECT_INCORRECT,
1063   - "Duplicate filename in OLE storage")
1064   - # Then the child_sid OleDirectoryEntry object is appended to the
1065   - # kids list and dictionary:
1066   - self.kids.append(child)
1067   - self.kids_dict[name_lower] = child
1068   - # Check if kid was not already referenced in a storage:
1069   - if child.used:
1070   - self.olefile._raise_defect(DEFECT_INCORRECT,
1071   - 'OLE Entry referenced more than once')
1072   - child.used = True
1073   - # Finally walk through right side of the tree:
1074   - self.append_kids(child.sid_right)
1075   - # Afterwards build kid's own tree if it's also a storage:
1076   - child.build_storage_tree()
1077   -
1078   -
1079   - def __eq__(self, other):
1080   - "Compare entries by name"
1081   - return self.name == other.name
1082   -
1083   - def __lt__(self, other):
1084   - "Compare entries by name"
1085   - return self.name < other.name
1086   -
1087   - def __ne__(self, other):
1088   - return not self.__eq__(other)
1089   -
1090   - def __le__(self, other):
1091   - return self.__eq__(other) or self.__lt__(other)
1092   -
1093   - # Reflected __lt__() and __le__() will be used for __gt__() and __ge__()
1094   -
1095   - #TODO: replace by the same function as MS implementation ?
1096   - # (order by name length first, then case-insensitive order)
1097   -
1098   -
1099   - def dump(self, tab = 0):
1100   - "Dump this entry, and all its subentries (for debug purposes only)"
1101   - TYPES = ["(invalid)", "(storage)", "(stream)", "(lockbytes)",
1102   - "(property)", "(root)"]
1103   - print(" "*tab + repr(self.name), TYPES[self.entry_type], end=' ')
1104   - if self.entry_type in (STGTY_STREAM, STGTY_ROOT):
1105   - print(self.size, "bytes", end=' ')
1106   - print()
1107   - if self.entry_type in (STGTY_STORAGE, STGTY_ROOT) and self.clsid:
1108   - print(" "*tab + "{%s}" % self.clsid)
1109   -
1110   - for kid in self.kids:
1111   - kid.dump(tab + 2)
1112   -
1113   -
1114   - def getmtime(self):
1115   - """
1116   - Return modification time of a directory entry.
1117   -
1118   - :returns: None if modification time is null, a python datetime object
1119   - otherwise (UTC timezone)
1120   -
1121   - new in version 0.26
1122   - """
1123   - if self.modifyTime == 0:
1124   - return None
1125   - return filetime2datetime(self.modifyTime)
1126   -
1127   -
1128   - def getctime(self):
1129   - """
1130   - Return creation time of a directory entry.
1131   -
1132   - :returns: None if modification time is null, a python datetime object
1133   - otherwise (UTC timezone)
1134   -
1135   - new in version 0.26
1136   - """
1137   - if self.createTime == 0:
1138   - return None
1139   - return filetime2datetime(self.createTime)
1140   -
1141   -
1142   -#--- OleFileIO ----------------------------------------------------------------
1143   -
1144   -class OleFileIO:
1145   - """
1146   - OLE container object
1147   -
1148   - This class encapsulates the interface to an OLE 2 structured
1149   - storage file. Use the listdir and openstream methods to
1150   - access the contents of this file.
1151   -
1152   - Object names are given as a list of strings, one for each subentry
1153   - level. The root entry should be omitted. For example, the following
1154   - code extracts all image streams from a Microsoft Image Composer file::
1155   -
1156   - ole = OleFileIO("fan.mic")
1157   -
1158   - for entry in ole.listdir():
1159   - if entry[1:2] == "Image":
1160   - fin = ole.openstream(entry)
1161   - fout = open(entry[0:1], "wb")
1162   - while True:
1163   - s = fin.read(8192)
1164   - if not s:
1165   - break
1166   - fout.write(s)
1167   -
1168   - You can use the viewer application provided with the Python Imaging
1169   - Library to view the resulting files (which happens to be standard
1170   - TIFF files).
1171   - """
1172   -
1173   - def __init__(self, filename=None, raise_defects=DEFECT_FATAL,
1174   - write_mode=False, debug=False, path_encoding=DEFAULT_PATH_ENCODING):
1175   - """
1176   - Constructor for the OleFileIO class.
1177   -
1178   - :param filename: file to open.
1179   -
1180   - - if filename is a string smaller than 1536 bytes, it is the path
1181   - of the file to open. (bytes or unicode string)
1182   - - if filename is a string longer than 1535 bytes, it is parsed
1183   - as the content of an OLE file in memory. (bytes type only)
1184   - - if filename is a file-like object (with read, seek and tell methods),
1185   - it is parsed as-is.
1186   -
1187   - :param raise_defects: minimal level for defects to be raised as exceptions.
1188   - (use DEFECT_FATAL for a typical application, DEFECT_INCORRECT for a
1189   - security-oriented application, see source code for details)
1190   -
1191   - :param write_mode: bool, if True the file is opened in read/write mode instead
1192   - of read-only by default.
1193   -
1194   - :param debug: bool, set debug mode (deprecated, not used anymore)
1195   -
1196   - :param path_encoding: None or str, name of the codec to use for path
1197   - names (streams and storages), or None for Unicode.
1198   - Unicode by default on Python 3+, UTF-8 on Python 2.x.
1199   - (new in olefile 0.42, was hardcoded to Latin-1 until olefile v0.41)
1200   - """
1201   - # minimal level for defects to be raised as exceptions:
1202   - self._raise_defects_level = raise_defects
1203   - #: list of defects/issues not raised as exceptions:
1204   - #: tuples of (exception type, message)
1205   - self.parsing_issues = []
1206   - self.write_mode = write_mode
1207   - self.path_encoding = path_encoding
1208   - self._filesize = None
1209   - self.fp = None
1210   - if filename:
1211   - self.open(filename, write_mode=write_mode)
1212   -
1213   -
1214   - def _raise_defect(self, defect_level, message, exception_type=IOError):
1215   - """
1216   - This method should be called for any defect found during file parsing.
1217   - It may raise an IOError exception according to the minimal level chosen
1218   - for the OleFileIO object.
1219   -
1220   - :param defect_level: defect level, possible values are:
1221   -
1222   - - DEFECT_UNSURE : a case which looks weird, but not sure it's a defect
1223   - - DEFECT_POTENTIAL : a potential defect
1224   - - DEFECT_INCORRECT : an error according to specifications, but parsing can go on
1225   - - DEFECT_FATAL : an error which cannot be ignored, parsing is impossible
1226   -
1227   - :param message: string describing the defect, used with raised exception.
1228   - :param exception_type: exception class to be raised, IOError by default
1229   - """
1230   - # added by [PL]
1231   - if defect_level >= self._raise_defects_level:
1232   - log.error(message)
1233   - raise exception_type(message)
1234   - else:
1235   - # just record the issue, no exception raised:
1236   - self.parsing_issues.append((exception_type, message))
1237   - log.warning(message)
1238   -
1239   -
1240   - def _decode_utf16_str(self, utf16_str, errors='replace'):
1241   - """
1242   - Decode a string encoded in UTF-16 LE format, as found in the OLE
1243   - directory or in property streams. Return a string encoded
1244   - according to the path_encoding specified for the OleFileIO object.
1245   -
1246   - :param utf16_str: bytes string encoded in UTF-16 LE format
1247   - :param errors: str, see python documentation for str.decode()
1248   - :return: str, encoded according to path_encoding
1249   - """
1250   - unicode_str = utf16_str.decode('UTF-16LE', errors)
1251   - if self.path_encoding:
1252   - # an encoding has been specified for path names:
1253   - return unicode_str.encode(self.path_encoding, errors)
1254   - else:
1255   - # path_encoding=None, return the Unicode string as-is:
1256   - return unicode_str
1257   -
1258   -
1259   - def open(self, filename, write_mode=False):
1260   - """
1261   - Open an OLE2 file in read-only or read/write mode.
1262   - Read and parse the header, FAT and directory.
1263   -
1264   - :param filename: string-like or file-like object, OLE file to parse
1265   -
1266   - - if filename is a string smaller than 1536 bytes, it is the path
1267   - of the file to open. (bytes or unicode string)
1268   - - if filename is a string longer than 1535 bytes, it is parsed
1269   - as the content of an OLE file in memory. (bytes type only)
1270   - - if filename is a file-like object (with read, seek and tell methods),
1271   - it is parsed as-is.
1272   -
1273   - :param write_mode: bool, if True the file is opened in read/write mode instead
1274   - of read-only by default. (ignored if filename is not a path)
1275   - """
1276   - self.write_mode = write_mode
1277   - #[PL] check if filename is a string-like or file-like object:
1278   - # (it is better to check for a read() method)
1279   - if hasattr(filename, 'read'):
1280   - #TODO: also check seek and tell methods?
1281   - # file-like object: use it directly
1282   - self.fp = filename
1283   - elif isinstance(filename, bytes) and len(filename) >= MINIMAL_OLEFILE_SIZE:
1284   - # filename is a bytes string containing the OLE file to be parsed:
1285   - # convert it to BytesIO
1286   - self.fp = io.BytesIO(filename)
1287   - else:
1288   - # string-like object: filename of file on disk
1289   - if self.write_mode:
1290   - # open file in mode 'read with update, binary'
1291   - # According to https://docs.python.org/2/library/functions.html#open
1292   - # 'w' would truncate the file, 'a' may only append on some Unixes
1293   - mode = 'r+b'
1294   - else:
1295   - # read-only mode by default
1296   - mode = 'rb'
1297   - self.fp = open(filename, mode)
1298   - # obtain the filesize by using seek and tell, which should work on most
1299   - # file-like objects:
1300   - #TODO: do it above, using getsize with filename when possible?
1301   - #TODO: fix code to fail with clear exception when filesize cannot be obtained
1302   - filesize=0
1303   - self.fp.seek(0, os.SEEK_END)
1304   - try:
1305   - filesize = self.fp.tell()
1306   - finally:
1307   - self.fp.seek(0)
1308   - self._filesize = filesize
1309   - log.debug('File size: %d bytes (%Xh)' % (self._filesize, self._filesize))
1310   -
1311   - # lists of streams in FAT and MiniFAT, to detect duplicate references
1312   - # (list of indexes of first sectors of each stream)
1313   - self._used_streams_fat = []
1314   - self._used_streams_minifat = []
1315   -
1316   - header = self.fp.read(512)
1317   -
1318   - if len(header) != 512 or header[:8] != MAGIC:
1319   - log.debug('Magic = %r instead of %r' % (header[:8], MAGIC))
1320   - self._raise_defect(DEFECT_FATAL, "not an OLE2 structured storage file")
1321   -
1322   - # [PL] header structure according to AAF specifications:
1323   - ##Header
1324   - ##struct StructuredStorageHeader { // [offset from start (bytes), length (bytes)]
1325   - ##BYTE _abSig[8]; // [00H,08] {0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1,
1326   - ## // 0x1a, 0xe1} for current version
1327   - ##CLSID _clsid; // [08H,16] reserved must be zero (WriteClassStg/
1328   - ## // GetClassFile uses root directory class id)
1329   - ##USHORT _uMinorVersion; // [18H,02] minor version of the format: 33 is
1330   - ## // written by reference implementation
1331   - ##USHORT _uDllVersion; // [1AH,02] major version of the dll/format: 3 for
1332   - ## // 512-byte sectors, 4 for 4 KB sectors
1333   - ##USHORT _uByteOrder; // [1CH,02] 0xFFFE: indicates Intel byte-ordering
1334   - ##USHORT _uSectorShift; // [1EH,02] size of sectors in power-of-two;
1335   - ## // typically 9 indicating 512-byte sectors
1336   - ##USHORT _uMiniSectorShift; // [20H,02] size of mini-sectors in power-of-two;
1337   - ## // typically 6 indicating 64-byte mini-sectors
1338   - ##USHORT _usReserved; // [22H,02] reserved, must be zero
1339   - ##ULONG _ulReserved1; // [24H,04] reserved, must be zero
1340   - ##FSINDEX _csectDir; // [28H,04] must be zero for 512-byte sectors,
1341   - ## // number of SECTs in directory chain for 4 KB
1342   - ## // sectors
1343   - ##FSINDEX _csectFat; // [2CH,04] number of SECTs in the FAT chain
1344   - ##SECT _sectDirStart; // [30H,04] first SECT in the directory chain
1345   - ##DFSIGNATURE _signature; // [34H,04] signature used for transactions; must
1346   - ## // be zero. The reference implementation
1347   - ## // does not support transactions
1348   - ##ULONG _ulMiniSectorCutoff; // [38H,04] maximum size for a mini stream;
1349   - ## // typically 4096 bytes
1350   - ##SECT _sectMiniFatStart; // [3CH,04] first SECT in the MiniFAT chain
1351   - ##FSINDEX _csectMiniFat; // [40H,04] number of SECTs in the MiniFAT chain
1352   - ##SECT _sectDifStart; // [44H,04] first SECT in the DIFAT chain
1353   - ##FSINDEX _csectDif; // [48H,04] number of SECTs in the DIFAT chain
1354   - ##SECT _sectFat[109]; // [4CH,436] the SECTs of first 109 FAT sectors
1355   - ##};
1356   -
1357   - # [PL] header decoding:
1358   - # '<' indicates little-endian byte ordering for Intel (cf. struct module help)
1359   - fmt_header = '<8s16sHHHHHHLLLLLLLLLL'
1360   - header_size = struct.calcsize(fmt_header)
1361   - log.debug( "fmt_header size = %d, +FAT = %d" % (header_size, header_size + 109*4) )
1362   - header1 = header[:header_size]
1363   - (
1364   - self.header_signature,
1365   - self.header_clsid,
1366   - self.minor_version,
1367   - self.dll_version,
1368   - self.byte_order,
1369   - self.sector_shift,
1370   - self.mini_sector_shift,
1371   - self.reserved1,
1372   - self.reserved2,
1373   - self.num_dir_sectors,
1374   - self.num_fat_sectors,
1375   - self.first_dir_sector,
1376   - self.transaction_signature_number,
1377   - self.mini_stream_cutoff_size,
1378   - self.first_mini_fat_sector,
1379   - self.num_mini_fat_sectors,
1380   - self.first_difat_sector,
1381   - self.num_difat_sectors
1382   - ) = struct.unpack(fmt_header, header1)
1383   - log.debug( struct.unpack(fmt_header, header1))
1384   -
1385   - if self.header_signature != MAGIC:
1386   - # OLE signature should always be present
1387   - self._raise_defect(DEFECT_FATAL, "incorrect OLE signature")
1388   - if self.header_clsid != bytearray(16):
1389   - # according to AAF specs, CLSID should always be zero
1390   - self._raise_defect(DEFECT_INCORRECT, "incorrect CLSID in OLE header")
1391   - log.debug( "Minor Version = %d" % self.minor_version )
1392   - # TODO: according to MS-CFB, minor version should be 0x003E
1393   - log.debug( "DLL Version = %d (expected: 3 or 4)" % self.dll_version )
1394   - if self.dll_version not in [3, 4]:
1395   - # version 3: usual format, 512 bytes per sector
1396   - # version 4: large format, 4K per sector
1397   - self._raise_defect(DEFECT_INCORRECT, "incorrect DllVersion in OLE header")
1398   - log.debug( "Byte Order = %X (expected: FFFE)" % self.byte_order )
1399   - if self.byte_order != 0xFFFE:
1400   - # For now only common little-endian documents are handled correctly
1401   - self._raise_defect(DEFECT_INCORRECT, "incorrect ByteOrder in OLE header")
1402   - # TODO: add big-endian support for documents created on Mac ?
1403   - # But according to [MS-CFB] ? v20140502, ByteOrder MUST be 0xFFFE.
1404   - self.sector_size = 2**self.sector_shift
1405   - log.debug( "Sector Size = %d bytes (expected: 512 or 4096)" % self.sector_size )
1406   - if self.sector_size not in [512, 4096]:
1407   - self._raise_defect(DEFECT_INCORRECT, "incorrect sector_size in OLE header")
1408   - if (self.dll_version==3 and self.sector_size!=512) \
1409   - or (self.dll_version==4 and self.sector_size!=4096):
1410   - self._raise_defect(DEFECT_INCORRECT, "sector_size does not match DllVersion in OLE header")
1411   - self.mini_sector_size = 2**self.mini_sector_shift
1412   - log.debug( "MiniFAT Sector Size = %d bytes (expected: 64)" % self.mini_sector_size )
1413   - if self.mini_sector_size not in [64]:
1414   - self._raise_defect(DEFECT_INCORRECT, "incorrect mini_sector_size in OLE header")
1415   - if self.reserved1 != 0 or self.reserved2 != 0:
1416   - self._raise_defect(DEFECT_INCORRECT, "incorrect OLE header (non-null reserved bytes)")
1417   - log.debug( "Number of Directory sectors = %d" % self.num_dir_sectors )
1418   - # Number of directory sectors (only allowed if DllVersion != 3)
1419   - if self.sector_size==512 and self.num_dir_sectors!=0:
1420   - self._raise_defect(DEFECT_INCORRECT, "incorrect number of directory sectors in OLE header")
1421   - log.debug( "Number of FAT sectors = %d" % self.num_fat_sectors )
1422   - # num_fat_sectors = number of FAT sectors in the file
1423   - log.debug( "First Directory sector = %Xh" % self.first_dir_sector )
1424   - # first_dir_sector = 1st sector containing the directory
1425   - log.debug( "Transaction Signature Number = %d" % self.transaction_signature_number )
1426   - # Signature should be zero, BUT some implementations do not follow this
1427   - # rule => only a potential defect:
1428   - # (according to MS-CFB, may be != 0 for applications supporting file
1429   - # transactions)
1430   - if self.transaction_signature_number != 0:
1431   - self._raise_defect(DEFECT_POTENTIAL, "incorrect OLE header (transaction_signature_number>0)")
1432   - log.debug( "Mini Stream cutoff size = %Xh (expected: 1000h)" % self.mini_stream_cutoff_size )
1433   - # MS-CFB: This integer field MUST be set to 0x00001000. This field
1434   - # specifies the maximum size of a user-defined data stream allocated
1435   - # from the mini FAT and mini stream, and that cutoff is 4096 bytes.
1436   - # Any user-defined data stream larger than or equal to this cutoff size
1437   - # must be allocated as normal sectors from the FAT.
1438   - if self.mini_stream_cutoff_size != 0x1000:
1439   - self._raise_defect(DEFECT_INCORRECT, "incorrect mini_stream_cutoff_size in OLE header")
1440   - # if no exception is raised, the cutoff size is fixed to 0x1000
1441   - log.warning('Fixing the mini_stream_cutoff_size to 4096 (mandatory value) instead of %d' %
1442   - self.mini_stream_cutoff_size)
1443   - self.mini_stream_cutoff_size = 0x1000
1444   - # TODO: check if these values are OK
1445   - log.debug( "First MiniFAT sector = %Xh" % self.first_mini_fat_sector )
1446   - log.debug( "Number of MiniFAT sectors = %d" % self.num_mini_fat_sectors )
1447   - log.debug( "First DIFAT sector = %Xh" % self.first_difat_sector )
1448   - log.debug( "Number of DIFAT sectors = %d" % self.num_difat_sectors )
1449   -
1450   - # calculate the number of sectors in the file
1451   - # (-1 because header doesn't count)
1452   - self.nb_sect = ( (filesize + self.sector_size-1) // self.sector_size) - 1
1453   - log.debug( "Maximum number of sectors in the file: %d (%Xh)" % (self.nb_sect, self.nb_sect))
1454   - #TODO: change this test, because an OLE file MAY contain other data
1455   - # after the last sector.
1456   -
1457   - # file clsid
1458   - self.header_clsid = _clsid(header[8:24])
1459   -
1460   - #TODO: remove redundant attributes, and fix the code which uses them?
1461   - self.sectorsize = self.sector_size #1 << i16(header, 30)
1462   - self.minisectorsize = self.mini_sector_size #1 << i16(header, 32)
1463   - self.minisectorcutoff = self.mini_stream_cutoff_size # i32(header, 56)
1464   -
1465   - # check known streams for duplicate references (these are always in FAT,
1466   - # never in MiniFAT):
1467   - self._check_duplicate_stream(self.first_dir_sector)
1468   - # check MiniFAT only if it is not empty:
1469   - if self.num_mini_fat_sectors:
1470   - self._check_duplicate_stream(self.first_mini_fat_sector)
1471   - # check DIFAT only if it is not empty:
1472   - if self.num_difat_sectors:
1473   - self._check_duplicate_stream(self.first_difat_sector)
1474   -
1475   - # Load file allocation tables
1476   - self.loadfat(header)
1477   - # Load directory. This sets both the direntries list (ordered by sid)
1478   - # and the root (ordered by hierarchy) members.
1479   - self.loaddirectory(self.first_dir_sector)
1480   - self.ministream = None
1481   - self.minifatsect = self.first_mini_fat_sector
1482   -
1483   -
1484   - def close(self):
1485   - """
1486   - close the OLE file, to release the file object
1487   - """
1488   - self.fp.close()
1489   -
1490   -
1491   - def _check_duplicate_stream(self, first_sect, minifat=False):
1492   - """
1493   - Checks if a stream has not been already referenced elsewhere.
1494   - This method should only be called once for each known stream, and only
1495   - if stream size is not null.
1496   -
1497   - :param first_sect: int, index of first sector of the stream in FAT
1498   - :param minifat: bool, if True, stream is located in the MiniFAT, else in the FAT
1499   - """
1500   - if minifat:
1501   - log.debug('_check_duplicate_stream: sect=%Xh in MiniFAT' % first_sect)
1502   - used_streams = self._used_streams_minifat
1503   - else:
1504   - log.debug('_check_duplicate_stream: sect=%Xh in FAT' % first_sect)
1505   - # some values can be safely ignored (not a real stream):
1506   - if first_sect in (DIFSECT,FATSECT,ENDOFCHAIN,FREESECT):
1507   - return
1508   - used_streams = self._used_streams_fat
1509   - #TODO: would it be more efficient using a dict or hash values, instead
1510   - # of a list of long ?
1511   - if first_sect in used_streams:
1512   - self._raise_defect(DEFECT_INCORRECT, 'Stream referenced twice')
1513   - else:
1514   - used_streams.append(first_sect)
1515   -
1516   -
1517   - def dumpfat(self, fat, firstindex=0):
1518   - """
1519   - Display a part of FAT in human-readable form for debugging purposes
1520   - """
1521   - # dictionary to convert special FAT values in human-readable strings
1522   - VPL = 8 # values per line (8+1 * 8+1 = 81)
1523   - fatnames = {
1524   - FREESECT: "..free..",
1525   - ENDOFCHAIN: "[ END. ]",
1526   - FATSECT: "FATSECT ",
1527   - DIFSECT: "DIFSECT "
1528   - }
1529   - nbsect = len(fat)
1530   - nlines = (nbsect+VPL-1)//VPL
1531   - print("index", end=" ")
1532   - for i in range(VPL):
1533   - print("%8X" % i, end=" ")
1534   - print()
1535   - for l in range(nlines):
1536   - index = l*VPL
1537   - print("%6X:" % (firstindex+index), end=" ")
1538   - for i in range(index, index+VPL):
1539   - if i>=nbsect:
1540   - break
1541   - sect = fat[i]
1542   - aux = sect & 0xFFFFFFFF # JYTHON-WORKAROUND
1543   - if aux in fatnames:
1544   - name = fatnames[aux]
1545   - else:
1546   - if sect == i+1:
1547   - name = " --->"
1548   - else:
1549   - name = "%8X" % sect
1550   - print(name, end=" ")
1551   - print()
1552   -
1553   -
1554   - def dumpsect(self, sector, firstindex=0):
1555   - """
1556   - Display a sector in a human-readable form, for debugging purposes
1557   - """
1558   - VPL=8 # number of values per line (8+1 * 8+1 = 81)
1559   - tab = array.array(UINT32, sector)
1560   - if sys.byteorder == 'big':
1561   - tab.byteswap()
1562   - nbsect = len(tab)
1563   - nlines = (nbsect+VPL-1)//VPL
1564   - print("index", end=" ")
1565   - for i in range(VPL):
1566   - print("%8X" % i, end=" ")
1567   - print()
1568   - for l in range(nlines):
1569   - index = l*VPL
1570   - print("%6X:" % (firstindex+index), end=" ")
1571   - for i in range(index, index+VPL):
1572   - if i>=nbsect:
1573   - break
1574   - sect = tab[i]
1575   - name = "%8X" % sect
1576   - print(name, end=" ")
1577   - print()
1578   -
1579   - def sect2array(self, sect):
1580   - """
1581   - convert a sector to an array of 32 bits unsigned integers,
1582   - swapping bytes on big endian CPUs such as PowerPC (old Macs)
1583   - """
1584   - a = array.array(UINT32, sect)
1585   - # if CPU is big endian, swap bytes:
1586   - if sys.byteorder == 'big':
1587   - a.byteswap()
1588   - return a
1589   -
1590   -
1591   - def loadfat_sect(self, sect):
1592   - """
1593   - Adds the indexes of the given sector to the FAT
1594   -
1595   - :param sect: string containing the first FAT sector, or array of long integers
1596   - :returns: index of last FAT sector.
1597   - """
1598   - # a FAT sector is an array of ulong integers.
1599   - if isinstance(sect, array.array):
1600   - # if sect is already an array it is directly used
1601   - fat1 = sect
1602   - else:
1603   - # if it's a raw sector, it is parsed in an array
1604   - fat1 = self.sect2array(sect)
1605   - # Display the sector contents only if the logging level is debug:
1606   - if log.isEnabledFor(logging.DEBUG):
1607   - self.dumpsect(sect)
1608   - # The FAT is a sector chain starting at the first index of itself.
1609   - # initialize isect, just in case:
1610   - isect = None
1611   - for isect in fat1:
1612   - isect = isect & 0xFFFFFFFF # JYTHON-WORKAROUND
1613   - log.debug("isect = %X" % isect)
1614   - if isect == ENDOFCHAIN or isect == FREESECT:
1615   - # the end of the sector chain has been reached
1616   - log.debug("found end of sector chain")
1617   - break
1618   - # read the FAT sector
1619   - s = self.getsect(isect)
1620   - # parse it as an array of 32 bits integers, and add it to the
1621   - # global FAT array
1622   - nextfat = self.sect2array(s)
1623   - self.fat = self.fat + nextfat
1624   - return isect
1625   -
1626   -
1627   - def loadfat(self, header):
1628   - """
1629   - Load the FAT table.
1630   - """
1631   - # The 1st sector of the file contains sector numbers for the first 109
1632   - # FAT sectors, right after the header which is 76 bytes long.
1633   - # (always 109, whatever the sector size: 512 bytes = 76+4*109)
1634   - # Additional sectors are described by DIF blocks
1635   -
1636   - log.debug('Loading the FAT table, starting with the 1st sector after the header')
1637   - sect = header[76:512]
1638   - log.debug( "len(sect)=%d, so %d integers" % (len(sect), len(sect)//4) )
1639   - #fat = []
1640   - # [PL] FAT is an array of 32 bits unsigned ints, it's more effective
1641   - # to use an array than a list in Python.
1642   - # It's initialized as empty first:
1643   - self.fat = array.array(UINT32)
1644   - self.loadfat_sect(sect)
1645   - #self.dumpfat(self.fat)
1646   -## for i in range(0, len(sect), 4):
1647   -## ix = i32(sect, i)
1648   -## #[PL] if ix == -2 or ix == -1: # ix == 0xFFFFFFFE or ix == 0xFFFFFFFF:
1649   -## if ix == 0xFFFFFFFE or ix == 0xFFFFFFFF:
1650   -## break
1651   -## s = self.getsect(ix)
1652   -## #fat = fat + [i32(s, i) for i in range(0, len(s), 4)]
1653   -## fat = fat + array.array(UINT32, s)
1654   - if self.num_difat_sectors != 0:
1655   - log.debug('DIFAT is used, because file size > 6.8MB.')
1656   - # [PL] There's a DIFAT because file is larger than 6.8MB
1657   - # some checks just in case:
1658   - if self.num_fat_sectors <= 109:
1659   - # there must be at least 109 blocks in header and the rest in
1660   - # DIFAT, so number of sectors must be >109.
1661   - self._raise_defect(DEFECT_INCORRECT, 'incorrect DIFAT, not enough sectors')
1662   - if self.first_difat_sector >= self.nb_sect:
1663   - # initial DIFAT block index must be valid
1664   - self._raise_defect(DEFECT_FATAL, 'incorrect DIFAT, first index out of range')
1665   - log.debug( "DIFAT analysis..." )
1666   - # We compute the necessary number of DIFAT sectors :
1667   - # Number of pointers per DIFAT sector = (sectorsize/4)-1
1668   - # (-1 because the last pointer is the next DIFAT sector number)
1669   - nb_difat_sectors = (self.sectorsize//4)-1
1670   - # (if 512 bytes: each DIFAT sector = 127 pointers + 1 towards next DIFAT sector)
1671   - nb_difat = (self.num_fat_sectors-109 + nb_difat_sectors-1)//nb_difat_sectors
1672   - log.debug( "nb_difat = %d" % nb_difat )
1673   - if self.num_difat_sectors != nb_difat:
1674   - raise IOError('incorrect DIFAT')
1675   - isect_difat = self.first_difat_sector
1676   - for i in iterrange(nb_difat):
1677   - log.debug( "DIFAT block %d, sector %X" % (i, isect_difat) )
1678   - #TODO: check if corresponding FAT SID = DIFSECT
1679   - sector_difat = self.getsect(isect_difat)
1680   - difat = self.sect2array(sector_difat)
1681   - # Display the sector contents only if the logging level is debug:
1682   - if log.isEnabledFor(logging.DEBUG):
1683   - self.dumpsect(sector_difat)
1684   - self.loadfat_sect(difat[:nb_difat_sectors])
1685   - # last DIFAT pointer is next DIFAT sector:
1686   - isect_difat = difat[nb_difat_sectors]
1687   - log.debug( "next DIFAT sector: %X" % isect_difat )
1688   - # checks:
1689   - if isect_difat not in [ENDOFCHAIN, FREESECT]:
1690   - # last DIFAT pointer value must be ENDOFCHAIN or FREESECT
1691   - raise IOError('incorrect end of DIFAT')
1692   -## if len(self.fat) != self.num_fat_sectors:
1693   -## # FAT should contain num_fat_sectors blocks
1694   -## print("FAT length: %d instead of %d" % (len(self.fat), self.num_fat_sectors))
1695   -## raise IOError('incorrect DIFAT')
1696   - else:
1697   - log.debug('No DIFAT, because file size < 6.8MB.')
1698   - # since FAT is read from fixed-size sectors, it may contain more values
1699   - # than the actual number of sectors in the file.
1700   - # Keep only the relevant sector indexes:
1701   - if len(self.fat) > self.nb_sect:
1702   - log.debug('len(fat)=%d, shrunk to nb_sect=%d' % (len(self.fat), self.nb_sect))
1703   - self.fat = self.fat[:self.nb_sect]
1704   - log.debug('FAT references %d sectors / Maximum %d sectors in file' % (len(self.fat), self.nb_sect))
1705   - # Display the FAT contents only if the logging level is debug:
1706   - if log.isEnabledFor(logging.DEBUG):
1707   - log.debug('\nFAT:')
1708   - self.dumpfat(self.fat)
1709   -
1710   -
1711   - def loadminifat(self):
1712   - """
1713   - Load the MiniFAT table.
1714   - """
1715   - # MiniFAT is stored in a standard sub-stream, pointed to by a header
1716   - # field.
1717   - # NOTE: there are two sizes to take into account for this stream:
1718   - # 1) Stream size is calculated according to the number of sectors
1719   - # declared in the OLE header. This allocated stream may be more than
1720   - # needed to store the actual sector indexes.
1721   - # (self.num_mini_fat_sectors is the number of sectors of size self.sector_size)
1722   - stream_size = self.num_mini_fat_sectors * self.sector_size
1723   - # 2) Actually used size is calculated by dividing the MiniStream size
1724   - # (given by root entry size) by the size of mini sectors, *4 for
1725   - # 32 bits indexes:
1726   - nb_minisectors = (self.root.size + self.mini_sector_size-1) // self.mini_sector_size
1727   - used_size = nb_minisectors * 4
1728   - log.debug('loadminifat(): minifatsect=%d, nb FAT sectors=%d, used_size=%d, stream_size=%d, nb MiniSectors=%d' %
1729   - (self.minifatsect, self.num_mini_fat_sectors, used_size, stream_size, nb_minisectors))
1730   - if used_size > stream_size:
1731   - # This is not really a problem, but may indicate a wrong implementation:
1732   - self._raise_defect(DEFECT_INCORRECT, 'OLE MiniStream is larger than MiniFAT')
1733   - # In any case, first read stream_size:
1734   - s = self._open(self.minifatsect, stream_size, force_FAT=True).read()
1735   - #[PL] Old code replaced by an array:
1736   - #self.minifat = [i32(s, i) for i in range(0, len(s), 4)]
1737   - self.minifat = self.sect2array(s)
1738   - # Then shrink the array to used size, to avoid indexes out of MiniStream:
1739   - log.debug('MiniFAT shrunk from %d to %d sectors' % (len(self.minifat), nb_minisectors))
1740   - self.minifat = self.minifat[:nb_minisectors]
1741   - log.debug('loadminifat(): len=%d' % len(self.minifat))
1742   - # Display the FAT contents only if the logging level is debug:
1743   - if log.isEnabledFor(logging.DEBUG):
1744   - log.debug('\nMiniFAT:')
1745   - self.dumpfat(self.minifat)
1746   -
1747   - def getsect(self, sect):
1748   - """
1749   - Read given sector from file on disk.
1750   -
1751   - :param sect: int, sector index
1752   - :returns: a string containing the sector data.
1753   - """
1754   - # From [MS-CFB]: A sector number can be converted into a byte offset
1755   - # into the file by using the following formula:
1756   - # (sector number + 1) x Sector Size.
1757   - # This implies that sector #0 of the file begins at byte offset Sector
1758   - # Size, not at 0.
1759   -
1760   - # [PL] the original code in PIL was wrong when sectors are 4KB instead of
1761   - # 512 bytes:
1762   - #self.fp.seek(512 + self.sectorsize * sect)
1763   - #[PL]: added safety checks:
1764   - #print("getsect(%X)" % sect)
1765   - try:
1766   - self.fp.seek(self.sectorsize * (sect+1))
1767   - except:
1768   - log.debug('getsect(): sect=%X, seek=%d, filesize=%d' %
1769   - (sect, self.sectorsize*(sect+1), self._filesize))
1770   - self._raise_defect(DEFECT_FATAL, 'OLE sector index out of range')
1771   - sector = self.fp.read(self.sectorsize)
1772   - if len(sector) != self.sectorsize:
1773   - log.debug('getsect(): sect=%X, read=%d, sectorsize=%d' %
1774   - (sect, len(sector), self.sectorsize))
1775   - self._raise_defect(DEFECT_FATAL, 'incomplete OLE sector')
1776   - return sector
1777   -
1778   -
1779   - def write_sect(self, sect, data, padding=b'\x00'):
1780   - """
1781   - Write given sector to file on disk.
1782   -
1783   - :param sect: int, sector index
1784   - :param data: bytes, sector data
1785   - :param padding: single byte, padding character if data < sector size
1786   - """
1787   - if not isinstance(data, bytes):
1788   - raise TypeError("write_sect: data must be a bytes string")
1789   - if not isinstance(padding, bytes) or len(padding)!=1:
1790   - raise TypeError("write_sect: padding must be a bytes string of 1 char")
1791   - #TODO: we could allow padding=None for no padding at all
1792   - try:
1793   - self.fp.seek(self.sectorsize * (sect+1))
1794   - except:
1795   - log.debug('write_sect(): sect=%X, seek=%d, filesize=%d' %
1796   - (sect, self.sectorsize*(sect+1), self._filesize))
1797   - self._raise_defect(DEFECT_FATAL, 'OLE sector index out of range')
1798   - if len(data) < self.sectorsize:
1799   - # add padding
1800   - data += padding * (self.sectorsize - len(data))
1801   - elif len(data) < self.sectorsize:
1802   - raise ValueError("Data is larger than sector size")
1803   - self.fp.write(data)
1804   -
1805   -
1806   - def loaddirectory(self, sect):
1807   - """
1808   - Load the directory.
1809   -
1810   - :param sect: sector index of directory stream.
1811   - """
1812   - log.debug('Loading the Directory:')
1813   - # The directory is stored in a standard
1814   - # substream, independent of its size.
1815   -
1816   - # open directory stream as a read-only file:
1817   - # (stream size is not known in advance)
1818   - self.directory_fp = self._open(sect)
1819   -
1820   - #[PL] to detect malformed documents and avoid DoS attacks, the maximum
1821   - # number of directory entries can be calculated:
1822   - max_entries = self.directory_fp.size // 128
1823   - log.debug('loaddirectory: size=%d, max_entries=%d' %
1824   - (self.directory_fp.size, max_entries))
1825   -
1826   - # Create list of directory entries
1827   - #self.direntries = []
1828   - # We start with a list of "None" object
1829   - self.direntries = [None] * max_entries
1830   -## for sid in iterrange(max_entries):
1831   -## entry = fp.read(128)
1832   -## if not entry:
1833   -## break
1834   -## self.direntries.append(OleDirectoryEntry(entry, sid, self))
1835   - # load root entry:
1836   - root_entry = self._load_direntry(0)
1837   - # Root entry is the first entry:
1838   - self.root = self.direntries[0]
1839   - # TODO: read ALL directory entries (ignore bad entries?)
1840   - # TODO: adapt build_storage_tree to avoid duplicate reads
1841   - # for i in range(1, max_entries):
1842   - # self._load_direntry(i)
1843   - # read and build all storage trees, starting from the root:
1844   - self.root.build_storage_tree()
1845   -
1846   -
1847   - def _load_direntry (self, sid):
1848   - """
1849   - Load a directory entry from the directory.
1850   - This method should only be called once for each storage/stream when
1851   - loading the directory.
1852   -
1853   - :param sid: index of storage/stream in the directory.
1854   - :returns: a OleDirectoryEntry object
1855   -
1856   - :exception IOError: if the entry has always been referenced.
1857   - """
1858   - # check if SID is OK:
1859   - if sid<0 or sid>=len(self.direntries):
1860   - self._raise_defect(DEFECT_FATAL, "OLE directory index out of range")
1861   - # check if entry was already referenced:
1862   - if self.direntries[sid] is not None:
1863   - self._raise_defect(DEFECT_INCORRECT,
1864   - "double reference for OLE stream/storage")
1865   - # if exception not raised, return the object
1866   - return self.direntries[sid]
1867   - self.directory_fp.seek(sid * 128)
1868   - entry = self.directory_fp.read(128)
1869   - self.direntries[sid] = OleDirectoryEntry(entry, sid, self)
1870   - return self.direntries[sid]
1871   -
1872   -
1873   - def dumpdirectory(self):
1874   - """
1875   - Dump directory (for debugging only)
1876   - """
1877   - self.root.dump()
1878   -
1879   -
1880   - def _open(self, start, size = UNKNOWN_SIZE, force_FAT=False):
1881   - """
1882   - Open a stream, either in FAT or MiniFAT according to its size.
1883   - (openstream helper)
1884   -
1885   - :param start: index of first sector
1886   - :param size: size of stream (or nothing if size is unknown)
1887   - :param force_FAT: if False (default), stream will be opened in FAT or MiniFAT
1888   - according to size. If True, it will always be opened in FAT.
1889   - """
1890   - log.debug('OleFileIO.open(): sect=%Xh, size=%d, force_FAT=%s' %
1891   - (start, size, str(force_FAT)))
1892   - # stream size is compared to the mini_stream_cutoff_size threshold:
1893   - if size < self.minisectorcutoff and not force_FAT:
1894   - # ministream object
1895   - if not self.ministream:
1896   - # load MiniFAT if it wasn't already done:
1897   - self.loadminifat()
1898   - # The first sector index of the miniFAT stream is stored in the
1899   - # root directory entry:
1900   - size_ministream = self.root.size
1901   - log.debug('Opening MiniStream: sect=%Xh, size=%d' %
1902   - (self.root.isectStart, size_ministream))
1903   - self.ministream = self._open(self.root.isectStart,
1904   - size_ministream, force_FAT=True)
1905   - return OleStream(fp=self.ministream, sect=start, size=size,
1906   - offset=0, sectorsize=self.minisectorsize,
1907   - fat=self.minifat, filesize=self.ministream.size,
1908   - olefileio=self)
1909   - else:
1910   - # standard stream
1911   - return OleStream(fp=self.fp, sect=start, size=size,
1912   - offset=self.sectorsize,
1913   - sectorsize=self.sectorsize, fat=self.fat,
1914   - filesize=self._filesize,
1915   - olefileio=self)
1916   -
1917   -
1918   - def _list(self, files, prefix, node, streams=True, storages=False):
1919   - """
1920   - listdir helper
1921   -
1922   - :param files: list of files to fill in
1923   - :param prefix: current location in storage tree (list of names)
1924   - :param node: current node (OleDirectoryEntry object)
1925   - :param streams: bool, include streams if True (True by default) - new in v0.26
1926   - :param storages: bool, include storages if True (False by default) - new in v0.26
1927   - (note: the root storage is never included)
1928   - """
1929   - prefix = prefix + [node.name]
1930   - for entry in node.kids:
1931   - if entry.entry_type == STGTY_STORAGE:
1932   - # this is a storage
1933   - if storages:
1934   - # add it to the list
1935   - files.append(prefix[1:] + [entry.name])
1936   - # check its kids
1937   - self._list(files, prefix, entry, streams, storages)
1938   - elif entry.entry_type == STGTY_STREAM:
1939   - # this is a stream
1940   - if streams:
1941   - # add it to the list
1942   - files.append(prefix[1:] + [entry.name])
1943   - else:
1944   - self._raise_defect(DEFECT_INCORRECT, 'The directory tree contains an entry which is not a stream nor a storage.')
1945   -
1946   -
1947   - def listdir(self, streams=True, storages=False):
1948   - """
1949   - Return a list of streams and/or storages stored in this file
1950   -
1951   - :param streams: bool, include streams if True (True by default) - new in v0.26
1952   - :param storages: bool, include storages if True (False by default) - new in v0.26
1953   - (note: the root storage is never included)
1954   - :returns: list of stream and/or storage paths
1955   - """
1956   - files = []
1957   - self._list(files, [], self.root, streams, storages)
1958   - return files
1959   -
1960   -
1961   - def _find(self, filename):
1962   - """
1963   - Returns directory entry of given filename. (openstream helper)
1964   - Note: this method is case-insensitive.
1965   -
1966   - :param filename: path of stream in storage tree (except root entry), either:
1967   -
1968   - - a string using Unix path syntax, for example:
1969   - 'storage_1/storage_1.2/stream'
1970   - - or a list of storage filenames, path to the desired stream/storage.
1971   - Example: ['storage_1', 'storage_1.2', 'stream']
1972   -
1973   - :returns: sid of requested filename
1974   - :exception IOError: if file not found
1975   - """
1976   -
1977   - # if filename is a string instead of a list, split it on slashes to
1978   - # convert to a list:
1979   - if isinstance(filename, basestring):
1980   - filename = filename.split('/')
1981   - # walk across storage tree, following given path:
1982   - node = self.root
1983   - for name in filename:
1984   - for kid in node.kids:
1985   - if kid.name.lower() == name.lower():
1986   - break
1987   - else:
1988   - raise IOError("file not found")
1989   - node = kid
1990   - return node.sid
1991   -
1992   -
1993   - def openstream(self, filename):
1994   - """
1995   - Open a stream as a read-only file object (BytesIO).
1996   - Note: filename is case-insensitive.
1997   -
1998   - :param filename: path of stream in storage tree (except root entry), either:
1999   -
2000   - - a string using Unix path syntax, for example:
2001   - 'storage_1/storage_1.2/stream'
2002   - - or a list of storage filenames, path to the desired stream/storage.
2003   - Example: ['storage_1', 'storage_1.2', 'stream']
2004   -
2005   - :returns: file object (read-only)
2006   - :exception IOError: if filename not found, or if this is not a stream.
2007   - """
2008   - sid = self._find(filename)
2009   - entry = self.direntries[sid]
2010   - if entry.entry_type != STGTY_STREAM:
2011   - raise IOError("this file is not a stream")
2012   - return self._open(entry.isectStart, entry.size)
2013   -
2014   -
2015   - def write_stream(self, stream_name, data):
2016   - """
2017   - Write a stream to disk. For now, it is only possible to replace an
2018   - existing stream by data of the same size.
2019   -
2020   - :param stream_name: path of stream in storage tree (except root entry), either:
2021   -
2022   - - a string using Unix path syntax, for example:
2023   - 'storage_1/storage_1.2/stream'
2024   - - or a list of storage filenames, path to the desired stream/storage.
2025   - Example: ['storage_1', 'storage_1.2', 'stream']
2026   -
2027   - :param data: bytes, data to be written, must be the same size as the original
2028   - stream.
2029   - """
2030   - if not isinstance(data, bytes):
2031   - raise TypeError("write_stream: data must be a bytes string")
2032   - sid = self._find(stream_name)
2033   - entry = self.direntries[sid]
2034   - if entry.entry_type != STGTY_STREAM:
2035   - raise IOError("this is not a stream")
2036   - size = entry.size
2037   - if size != len(data):
2038   - raise ValueError("write_stream: data must be the same size as the existing stream")
2039   - if size < self.minisectorcutoff:
2040   - raise NotImplementedError("Writing a stream in MiniFAT is not implemented yet")
2041   - sect = entry.isectStart
2042   - # number of sectors to write
2043   - nb_sectors = (size + (self.sectorsize-1)) // self.sectorsize
2044   - log.debug('nb_sectors = %d' % nb_sectors)
2045   - for i in range(nb_sectors):
2046   -## try:
2047   -## self.fp.seek(offset + self.sectorsize * sect)
2048   -## except:
2049   -## log.debug('sect=%d, seek=%d' %
2050   -## (sect, offset+self.sectorsize*sect))
2051   -## raise IOError('OLE sector index out of range')
2052   - # extract one sector from data, the last one being smaller:
2053   - if i<(nb_sectors-1):
2054   - data_sector = data [i*self.sectorsize : (i+1)*self.sectorsize]
2055   - #TODO: comment this if it works
2056   - assert(len(data_sector)==self.sectorsize)
2057   - else:
2058   - data_sector = data [i*self.sectorsize:]
2059   - #TODO: comment this if it works
2060   - log.debug('write_stream: size=%d sectorsize=%d data_sector=%Xh size%%sectorsize=%d'
2061   - % (size, self.sectorsize, len(data_sector), size % self.sectorsize))
2062   - assert(len(data_sector) % self.sectorsize==size % self.sectorsize)
2063   - self.write_sect(sect, data_sector)
2064   -## self.fp.write(data_sector)
2065   - # jump to next sector in the FAT:
2066   - try:
2067   - sect = self.fat[sect]
2068   - except IndexError:
2069   - # [PL] if pointer is out of the FAT an exception is raised
2070   - raise IOError('incorrect OLE FAT, sector index out of range')
2071   - #[PL] Last sector should be a "end of chain" marker:
2072   - if sect != ENDOFCHAIN:
2073   - raise IOError('incorrect last sector index in OLE stream')
2074   -
2075   -
2076   - def get_type(self, filename):
2077   - """
2078   - Test if given filename exists as a stream or a storage in the OLE
2079   - container, and return its type.
2080   -
2081   - :param filename: path of stream in storage tree. (see openstream for syntax)
2082   - :returns: False if object does not exist, its entry type (>0) otherwise:
2083   -
2084   - - STGTY_STREAM: a stream
2085   - - STGTY_STORAGE: a storage
2086   - - STGTY_ROOT: the root entry
2087   - """
2088   - try:
2089   - sid = self._find(filename)
2090   - entry = self.direntries[sid]
2091   - return entry.entry_type
2092   - except:
2093   - return False
2094   -
2095   -
2096   - def getclsid(self, filename):
2097   - """
2098   - Return clsid of a stream/storage.
2099   -
2100   - :param filename: path of stream/storage in storage tree. (see openstream for
2101   - syntax)
2102   - :returns: Empty string if clsid is null, a printable representation of the clsid otherwise
2103   -
2104   - new in version 0.44
2105   - """
2106   - sid = self._find(filename)
2107   - entry = self.direntries[sid]
2108   - return entry.clsid
2109   -
2110   -
2111   - def getmtime(self, filename):
2112   - """
2113   - Return modification time of a stream/storage.
2114   -
2115   - :param filename: path of stream/storage in storage tree. (see openstream for
2116   - syntax)
2117   - :returns: None if modification time is null, a python datetime object
2118   - otherwise (UTC timezone)
2119   -
2120   - new in version 0.26
2121   - """
2122   - sid = self._find(filename)
2123   - entry = self.direntries[sid]
2124   - return entry.getmtime()
2125   -
2126   -
2127   - def getctime(self, filename):
2128   - """
2129   - Return creation time of a stream/storage.
2130   -
2131   - :param filename: path of stream/storage in storage tree. (see openstream for
2132   - syntax)
2133   - :returns: None if creation time is null, a python datetime object
2134   - otherwise (UTC timezone)
2135   -
2136   - new in version 0.26
2137   - """
2138   - sid = self._find(filename)
2139   - entry = self.direntries[sid]
2140   - return entry.getctime()
2141   -
2142   -
2143   - def exists(self, filename):
2144   - """
2145   - Test if given filename exists as a stream or a storage in the OLE
2146   - container.
2147   - Note: filename is case-insensitive.
2148   -
2149   - :param filename: path of stream in storage tree. (see openstream for syntax)
2150   - :returns: True if object exist, else False.
2151   - """
2152   - try:
2153   - sid = self._find(filename)
2154   - return True
2155   - except:
2156   - return False
2157   -
2158   -
2159   - def get_size(self, filename):
2160   - """
2161   - Return size of a stream in the OLE container, in bytes.
2162   -
2163   - :param filename: path of stream in storage tree (see openstream for syntax)
2164   - :returns: size in bytes (long integer)
2165   - :exception IOError: if file not found
2166   - :exception TypeError: if this is not a stream.
2167   - """
2168   - sid = self._find(filename)
2169   - entry = self.direntries[sid]
2170   - if entry.entry_type != STGTY_STREAM:
2171   - #TODO: Should it return zero instead of raising an exception ?
2172   - raise TypeError('object is not an OLE stream')
2173   - return entry.size
2174   -
2175   -
2176   - def get_rootentry_name(self):
2177   - """
2178   - Return root entry name. Should usually be 'Root Entry' or 'R' in most
2179   - implementations.
2180   - """
2181   - return self.root.name
2182   -
2183   -
2184   - def getproperties(self, filename, convert_time=False, no_conversion=None):
2185   - """
2186   - Return properties described in substream.
2187   -
2188   - :param filename: path of stream in storage tree (see openstream for syntax)
2189   - :param convert_time: bool, if True timestamps will be converted to Python datetime
2190   - :param no_conversion: None or list of int, timestamps not to be converted
2191   - (for example total editing time is not a real timestamp)
2192   -
2193   - :returns: a dictionary of values indexed by id (integer)
2194   - """
2195   - #REFERENCE: [MS-OLEPS] https://msdn.microsoft.com/en-us/library/dd942421.aspx
2196   - # make sure no_conversion is a list, just to simplify code below:
2197   - if no_conversion == None:
2198   - no_conversion = []
2199   - # stream path as a string to report exceptions:
2200   - streampath = filename
2201   - if not isinstance(streampath, str):
2202   - streampath = '/'.join(streampath)
2203   -
2204   - fp = self.openstream(filename)
2205   -
2206   - data = {}
2207   -
2208   - try:
2209   - # header
2210   - s = fp.read(28)
2211   - clsid = _clsid(s[8:24])
2212   -
2213   - # format id
2214   - s = fp.read(20)
2215   - fmtid = _clsid(s[:16])
2216   - fp.seek(i32(s, 16))
2217   -
2218   - # get section
2219   - s = b"****" + fp.read(i32(fp.read(4))-4)
2220   - # number of properties:
2221   - num_props = i32(s, 4)
2222   - except BaseException as exc:
2223   - # catch exception while parsing property header, and only raise
2224   - # a DEFECT_INCORRECT then return an empty dict, because this is not
2225   - # a fatal error when parsing the whole file
2226   - msg = 'Error while parsing properties header in stream %s: %s' % (
2227   - repr(streampath), exc)
2228   - self._raise_defect(DEFECT_INCORRECT, msg, type(exc))
2229   - return data
2230   -
2231   - # clamp num_props based on the data length
2232   - num_props = min(num_props, len(s) / 8)
2233   -
2234   - for i in iterrange(num_props):
2235   - property_id = 0 # just in case of an exception
2236   - try:
2237   - property_id = i32(s, 8+i*8)
2238   - offset = i32(s, 12+i*8)
2239   - property_type = i32(s, offset)
2240   -
2241   - log.debug('property id=%d: type=%d offset=%X' % (property_id, property_type, offset))
2242   -
2243   - # test for common types first (should perhaps use
2244   - # a dictionary instead?)
2245   -
2246   - if property_type == VT_I2: # 16-bit signed integer
2247   - value = i16(s, offset+4)
2248   - if value >= 32768:
2249   - value = value - 65536
2250   - elif property_type == VT_UI2: # 2-byte unsigned integer
2251   - value = i16(s, offset+4)
2252   - elif property_type in (VT_I4, VT_INT, VT_ERROR):
2253   - # VT_I4: 32-bit signed integer
2254   - # VT_ERROR: HRESULT, similar to 32-bit signed integer,
2255   - # see https://msdn.microsoft.com/en-us/library/cc230330.aspx
2256   - value = i32(s, offset+4)
2257   - elif property_type in (VT_UI4, VT_UINT): # 4-byte unsigned integer
2258   - value = i32(s, offset+4) # FIXME
2259   - elif property_type in (VT_BSTR, VT_LPSTR):
2260   - # CodePageString, see https://msdn.microsoft.com/en-us/library/dd942354.aspx
2261   - # size is a 32 bits integer, including the null terminator, and
2262   - # possibly trailing or embedded null chars
2263   - #TODO: if codepage is unicode, the string should be converted as such
2264   - count = i32(s, offset+4)
2265   - value = s[offset+8:offset+8+count-1]
2266   - # remove all null chars:
2267   - value = value.replace(b'\x00', b'')
2268   - elif property_type == VT_BLOB:
2269   - # binary large object (BLOB)
2270   - # see https://msdn.microsoft.com/en-us/library/dd942282.aspx
2271   - count = i32(s, offset+4)
2272   - value = s[offset+8:offset+8+count]
2273   - elif property_type == VT_LPWSTR:
2274   - # UnicodeString
2275   - # see https://msdn.microsoft.com/en-us/library/dd942313.aspx
2276   - # "the string should NOT contain embedded or additional trailing
2277   - # null characters."
2278   - count = i32(s, offset+4)
2279   - value = self._decode_utf16_str(s[offset+8:offset+8+count*2])
2280   - elif property_type == VT_FILETIME:
2281   - value = long(i32(s, offset+4)) + (long(i32(s, offset+8))<<32)
2282   - # FILETIME is a 64-bit int: "number of 100ns periods
2283   - # since Jan 1,1601".
2284   - if convert_time and property_id not in no_conversion:
2285   - log.debug('Converting property #%d to python datetime, value=%d=%fs'
2286   - %(property_id, value, float(value)/10000000))
2287   - # convert FILETIME to Python datetime.datetime
2288   - # inspired from https://code.activestate.com/recipes/511425-filetime-to-datetime/
2289   - _FILETIME_null_date = datetime.datetime(1601, 1, 1, 0, 0, 0)
2290   - log.debug('timedelta days=%d' % (value//(10*1000000*3600*24)))
2291   - value = _FILETIME_null_date + datetime.timedelta(microseconds=value//10)
2292   - else:
2293   - # legacy code kept for backward compatibility: returns a
2294   - # number of seconds since Jan 1,1601
2295   - value = value // 10000000 # seconds
2296   - elif property_type == VT_UI1: # 1-byte unsigned integer
2297   - value = i8(s[offset+4])
2298   - elif property_type == VT_CLSID:
2299   - value = _clsid(s[offset+4:offset+20])
2300   - elif property_type == VT_CF:
2301   - # PropertyIdentifier or ClipboardData??
2302   - # see https://msdn.microsoft.com/en-us/library/dd941945.aspx
2303   - count = i32(s, offset+4)
2304   - value = s[offset+8:offset+8+count]
2305   - elif property_type == VT_BOOL:
2306   - # VARIANT_BOOL, 16 bits bool, 0x0000=Fals, 0xFFFF=True
2307   - # see https://msdn.microsoft.com/en-us/library/cc237864.aspx
2308   - value = bool(i16(s, offset+4))
2309   - else:
2310   - value = None # everything else yields "None"
2311   - log.debug('property id=%d: type=%d not implemented in parser yet' % (property_id, property_type))
2312   -
2313   - # missing: VT_EMPTY, VT_NULL, VT_R4, VT_R8, VT_CY, VT_DATE,
2314   - # VT_DECIMAL, VT_I1, VT_I8, VT_UI8,
2315   - # see https://msdn.microsoft.com/en-us/library/dd942033.aspx
2316   -
2317   - # FIXME: add support for VT_VECTOR
2318   - # VT_VECTOR is a 32 uint giving the number of items, followed by
2319   - # the items in sequence. The VT_VECTOR value is combined with the
2320   - # type of items, e.g. VT_VECTOR|VT_BSTR
2321   - # see https://msdn.microsoft.com/en-us/library/dd942011.aspx
2322   -
2323   - #print("%08x" % property_id, repr(value), end=" ")
2324   - #print("(%s)" % VT[i32(s, offset) & 0xFFF])
2325   -
2326   - data[property_id] = value
2327   - except BaseException as exc:
2328   - # catch exception while parsing each property, and only raise
2329   - # a DEFECT_INCORRECT, because parsing can go on
2330   - msg = 'Error while parsing property id %d in stream %s: %s' % (
2331   - property_id, repr(streampath), exc)
2332   - self._raise_defect(DEFECT_INCORRECT, msg, type(exc))
2333   -
2334   - return data
2335   -
2336   - def get_metadata(self):
2337   - """
2338   - Parse standard properties streams, return an OleMetadata object
2339   - containing all the available metadata.
2340   - (also stored in the metadata attribute of the OleFileIO object)
2341   -
2342   - new in version 0.25
2343   - """
2344   - self.metadata = OleMetadata()
2345   - self.metadata.parse_properties(self)
2346   - return self.metadata
2347   -
2348   -#
2349   -# --------------------------------------------------------------------
2350   -# This script can be used to dump the directory of any OLE2 structured
2351   -# storage file.
2352   -
2353   -if __name__ == "__main__":
2354   -
2355   - import sys, optparse
2356   -
2357   - DEFAULT_LOG_LEVEL = "warning" # Default log level
2358   - LOG_LEVELS = {
2359   - 'debug': logging.DEBUG,
2360   - 'info': logging.INFO,
2361   - 'warning': logging.WARNING,
2362   - 'error': logging.ERROR,
2363   - 'critical': logging.CRITICAL
2364   - }
2365   -
2366   - usage = 'usage: %prog [options] <filename> [filename2 ...]'
2367   - parser = optparse.OptionParser(usage=usage)
2368   - parser.add_option("-c", action="store_true", dest="check_streams",
2369   - help='check all streams (for debugging purposes)')
2370   - parser.add_option("-d", action="store_true", dest="debug_mode",
2371   - help='debug mode, shortcut for -l debug (displays a lot of debug information, for developers only)')
2372   - parser.add_option('-l', '--loglevel', dest="loglevel", action="store", default=DEFAULT_LOG_LEVEL,
2373   - help="logging level debug/info/warning/error/critical (default=%default)")
2374   -
2375   - (options, args) = parser.parse_args()
2376   -
2377   - print('olefile version %s %s - https://www.decalage.info/en/olefile\n' % (__version__, __date__))
2378   -
2379   - # Print help if no arguments are passed
2380   - if len(args) == 0:
2381   - print(__doc__)
2382   - parser.print_help()
2383   - sys.exit()
2384   -
2385   - if options.debug_mode:
2386   - options.loglevel = 'debug'
2387   -
2388   - # setup logging to the console
2389   - logging.basicConfig(level=LOG_LEVELS[options.loglevel], format='%(levelname)-8s %(message)s')
2390   -
2391   - # also enable the module's logger:
2392   - enable_logging()
2393   -
2394   - for filename in args:
2395   - try:
2396   - ole = OleFileIO(filename)#, raise_defects=DEFECT_INCORRECT)
2397   - print("-" * 68)
2398   - print(filename)
2399   - print("-" * 68)
2400   - ole.dumpdirectory()
2401   - for streamname in ole.listdir():
2402   - if streamname[-1][0] == "\005":
2403   - print("%r: properties" % streamname)
2404   - try:
2405   - props = ole.getproperties(streamname, convert_time=True)
2406   - props = sorted(props.items())
2407   - for k, v in props:
2408   - #[PL]: avoid to display too large or binary values:
2409   - if isinstance(v, (basestring, bytes)):
2410   - if len(v) > 50:
2411   - v = v[:50]
2412   - if isinstance(v, bytes):
2413   - # quick and dirty binary check:
2414   - for c in (1,2,3,4,5,6,7,11,12,14,15,16,17,18,19,20,
2415   - 21,22,23,24,25,26,27,28,29,30,31):
2416   - if c in bytearray(v):
2417   - v = '(binary data)'
2418   - break
2419   - print(" ", k, v)
2420   - except:
2421   - log.exception('Error while parsing property stream %r' % streamname)
2422   -
2423   - if options.check_streams:
2424   - # Read all streams to check if there are errors:
2425   - print('\nChecking streams...')
2426   - for streamname in ole.listdir():
2427   - # print name using repr() to convert binary chars to \xNN:
2428   - print('-', repr('/'.join(streamname)),'-', end=' ')
2429   - st_type = ole.get_type(streamname)
2430   - if st_type == STGTY_STREAM:
2431   - print('size %d' % ole.get_size(streamname))
2432   - # just try to read stream in memory:
2433   - ole.openstream(streamname)
2434   - else:
2435   - print('NOT a stream : type=%d' % st_type)
2436   - print()
2437   -
2438   -## for streamname in ole.listdir():
2439   -## # print name using repr() to convert binary chars to \xNN:
2440   -## print('-', repr('/'.join(streamname)),'-', end=' ')
2441   -## print(ole.getmtime(streamname))
2442   -## print()
2443   -
2444   - print('Modification/Creation times of all directory entries:')
2445   - for entry in ole.direntries:
2446   - if entry is not None:
2447   - print('- %s: mtime=%s ctime=%s' % (entry.name,
2448   - entry.getmtime(), entry.getctime()))
2449   - print()
2450   -
2451   - # parse and display metadata:
2452   - try:
2453   - meta = ole.get_metadata()
2454   - meta.dump()
2455   - except:
2456   - log.exception('Error while parsing metadata')
2457   - print()
2458   - #[PL] Test a few new methods:
2459   - root = ole.get_rootentry_name()
2460   - print('Root entry name: "%s"' % root)
2461   - if ole.exists('worddocument'):
2462   - print("This is a Word document.")
2463   - print("type of stream 'WordDocument':", ole.get_type('worddocument'))
2464   - print("size :", ole.get_size('worddocument'))
2465   - if ole.exists('macros/vba'):
2466   - print("This document may contain VBA macros.")
2467   -
2468   - # print parsing issues:
2469   - print('\nNon-fatal issues raised during parsing:')
2470   - if ole.parsing_issues:
2471   - for exctype, msg in ole.parsing_issues:
2472   - print('- %s: %s' % (exctype.__name__, msg))
2473   - else:
2474   - print('None')
2475   - except:
2476   - log.exception('Error while parsing file %r' % filename)
2477   -
2478   -# this code was developed while listening to The Wedding Present "Sea Monsters"
oletools/xls_parser.py
  View file @f07043b
... ... @@ -5,7 +5,7 @@ Read storages, (sub-)streams, records from xls file
5 5 #
6 6 # === LICENSE ==================================================================
7 7  
8   -# xls_parser is copyright (c) 2014-2017 Philippe Lagadec (http://www.decalage.info)
  8 +# xls_parser is copyright (c) 2014-2018 Philippe Lagadec (http://www.decalage.info)
9 9 # All rights reserved.
10 10 #
11 11 # Redistribution and use in source and binary forms, with or without modification,
... ...
setup.py
  View file @f07043b
... ... @@ -79,7 +79,6 @@ packages=[
79 79 "oletools",
80 80 "oletools.common",
81 81 'oletools.thirdparty',
82   - 'oletools.thirdparty.olefile',
83 82 'oletools.thirdparty.easygui',
84 83 'oletools.thirdparty.xxxswf',
85 84 'oletools.thirdparty.prettytable',
... ... @@ -163,10 +162,6 @@ package_data={
163 162 + rglob('oletools/doc', 'doc', '*.md')
164 163 + rglob('oletools/doc', 'doc', '*.png'),
165 164  
166   - 'oletools.thirdparty.olefile': [
167   - 'README.txt',
168   - 'LICENSE.txt',
169   - ],
170 165 'oletools.thirdparty.xglob': [
171 166 'LICENSE.txt',
172 167 ],
... ... @@ -323,7 +318,7 @@ def main():
323 318 # scripts=scripts,
324 319 install_requires=[
325 320 "pyparsing>=2.2.0",
326   - "olefile>=0.45",
  321 + "olefile>=0.46",
327 322 ],
328 323 )
329 324  
... ...
tests/ooxml/test_basic.py
  View file @f07043b
... ... @@ -5,7 +5,7 @@ import unittest
5 5 import os
6 6 from os.path import join, splitext
7 7 from tests.test_utils import DATA_BASE_DIR
8   -from oletools.thirdparty.olefile import isOleFile
  8 +from olefile import isOleFile
9 9 from oletools import ooxml
10 10 import logging
11 11  
... ...