1. Advisor
  2. oletools
  3. functions
  4. oletools.msodde
View all oletools analysis

How to use the oletools.msodde function in oletools

To help you get started, we’ve selected a few oletools examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github decalage2 / oletools / tests / msodde / test_basic.py View on Github external
def test_clean_rtf_ddeonly(self):
        """ find no dde links in rtf spec """
        filename = 'RTF-Spec-1.7.rtf'
        output = msodde.process_maybe_encrypted(
            join(BASE_DIR, 'msodde', filename),
            field_filter_mode=msodde.FIELD_FILTER_DDE)
        self.assertEqual(len(self.get_dde_from_output(output)), 0,
                         msg='Found dde links in output of ' + filename)
github decalage2 / oletools / tests / json / test_output.py View on Github external
def test_msodde(self):
        """ Test msodde.py """
        self.run_all_files(msodde.main, ['-j', ])
github decalage2 / oletools / tests / msodde / test_basic.py View on Github external
def do_test_validity(self, filename, expect_error=None):
        """ helper for test_[in]valid_* """
        found_error = None
        # DEBUG: print('Testing file {}'.format(filename))
        try:
            msodde.process_maybe_encrypted(filename,
                            field_filter_mode=msodde.FIELD_FILTER_BLACKLIST)
        except Exception as exc:
            found_error = exc
            # DEBUG: print_exc()

        if expect_error and not found_error:
            self.fail('Expected {} but msodde finished without errors for {}'
                      .format(expect_error, filename))
        elif not expect_error and found_error:
            self.fail('Unexpected error {} from msodde for {}'
                      .format(found_error, filename))
        elif expect_error and not isinstance(found_error, expect_error):
            self.fail('Wrong kind of error {} from msodde for {}, expected {}'
                      .format(type(found_error), filename, expect_error))
github decalage2 / oletools / tests / msodde / test_csv.py View on Github external
def test_file(self):
        """ test simple small example file """
        filename = join(DATA_BASE_DIR, 'msodde', 'dde-in-csv.csv')
        with OutputCapture() as capturer:
            capturer.reload_module(msodde)    # re-create logger
            ret_code = msodde.main([filename, ])
        self.assertEqual(ret_code, 0)
        links = self.get_dde_from_output(capturer)
        self.assertEqual(len(links), 1)
        self.assertEqual(links[0],
                         r"cmd '/k \..\..\..\Windows\System32\calc.exe'")
github decalage2 / oletools / tests / msodde / test_basic.py View on Github external
def test_no_dde(self):
        """ check that no dde links appear on stdout """
        filename = 'harmless-clean.doc'
        output = msodde.process_maybe_encrypted(
            join(BASE_DIR, 'msodde', filename),
            field_filter_mode=msodde.FIELD_FILTER_BLACKLIST)
        self.assertEqual(len(self.get_dde_from_output(output)), 0,
                         msg='Found dde links in output of ' + filename)
github decalage2 / oletools / tests / msodde / test_csv.py View on Github external
def write_and_run(self, sample_text):
        """ helper for test_texts: save text to file, run through msodde """
        filename = None
        handle = 0
        try:
            handle, filename = mkstemp(prefix='oletools-test-csv-', text=True)
            os.write(handle, sample_text.encode('ascii'))
            os.close(handle)
            handle = 0
            args = [filename, ]
            if self.DO_DEBUG:
                args += ['-l', 'debug']

            with OutputCapture() as capturer:
                capturer.reload_module(msodde)    # re-create logger
                ret_code = msodde.main(args)
            self.assertEqual(ret_code, 0, 'checking sample resulted in '
                                          'error:\n' + sample_text)
            return capturer

        except Exception:
            raise
        finally:
            if handle:
                os.close(handle)
                handle = 0   # just in case
            if filename:
                if self.DO_DEBUG:
                    print('keeping for debug purposes: {0}'.format(filename))
                else:
                    os.remove(filename)
github malice-plugins / office / docs / office.py View on Github external
def get_dde(self, file_path):
        try:
            dde_result = msodde.process_file(file_path, 'only dde')
            dde_fields = [[i + 1, x.strip()] for i, x in enumerate(dde_result.split('\n'))]
            if (len(dde_fields) == 1) and (dde_fields[0][1] == ''):
                self.log('info', "No DDE Links Detected.")
            else:
                self.log('success', "DDE Links Detected.")
                header = ['#', 'DDE']
                self.log('table', dict(header=header, rows=dde_fields))
        except Exception as exc:
            self.log('error', "Unable to Process File")

oletools

Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR

GitHub
BSD-2-Clause
Latest version published 2 years ago

Package Health Score

55 / 100
Full package analysis

Popular oletools functions

Similar packages