Commit f92bfd75e407a461c6df359af14157f94a476183
1 parent
1009dda5
olevba: fixed detect_patterns to detect all patterns
Showing
1 changed file
with
8 additions
and
4 deletions
oletools/olevba.py
| @@ -91,8 +91,9 @@ https://github.com/unixfreak0037/officeparser | @@ -91,8 +91,9 @@ https://github.com/unixfreak0037/officeparser | ||
| 91 | # - option -r to recurse subdirectories | 91 | # - option -r to recurse subdirectories |
| 92 | # - option -z to scan files in password-protected zips | 92 | # - option -z to scan files in password-protected zips |
| 93 | # 2015-01-02 v0.11 PL: - improved filter_vba to detect colons | 93 | # 2015-01-02 v0.11 PL: - improved filter_vba to detect colons |
| 94 | +# 2015-01-03 v0.12 PL: - fixed detect_patterns to detect all patterns | ||
| 94 | 95 | ||
| 95 | -__version__ = '0.11' | 96 | +__version__ = '0.12' |
| 96 | 97 | ||
| 97 | #------------------------------------------------------------------------------ | 98 | #------------------------------------------------------------------------------ |
| 98 | # TODO: | 99 | # TODO: |
| @@ -798,10 +799,13 @@ def detect_patterns(vba_code): | @@ -798,10 +799,13 @@ def detect_patterns(vba_code): | ||
| 798 | :return: list of str tuples (pattern type, value) | 799 | :return: list of str tuples (pattern type, value) |
| 799 | """ | 800 | """ |
| 800 | results = [] | 801 | results = [] |
| 802 | + found = set() | ||
| 801 | for pattern_type, pattern_re in RE_PATTERNS: | 803 | for pattern_type, pattern_re in RE_PATTERNS: |
| 802 | - match = pattern_re.search(vba_code) | ||
| 803 | - if match is not None: | ||
| 804 | - results.append((pattern_type, match.group())) | 804 | + for match in pattern_re.finditer(vba_code): |
| 805 | + value = match.group() | ||
| 806 | + if value not in found: | ||
| 807 | + results.append((pattern_type, value)) | ||
| 808 | + found.add(value) | ||
| 805 | return results | 809 | return results |
| 806 | 810 | ||
| 807 | 811 |