Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add oleobj arg to just find external relations #772

Open
wants to merge 15 commits into
base: master
Choose a base branch
from
Open

Add oleobj arg to just find external relations #772

wants to merge 15 commits into from

Commits on Nov 28, 2022

  1. Fix occurrence of "msodde" in io-encoding license text 

    (...and one typo in doc string)
    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    4610c02 View commit details
    Browse the repository at this point in the history

  2. Remove unused import 

    Not needed any more when using log_helper
    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    8764504 View commit details
    Browse the repository at this point in the history

  3. oleobj: Clarify input arg 

    People (like me) might think that when they give "-r" as argument they
could give a directory with samples as input, e.g.

oleobj -r /path/to/samples

when actually they need to specify that with a glob and -r is
independent of that

oleobj /path/to/samples\*

Clarify that in the help-string of "-r".

Also, giving a glob did result in an error saying that this is not an
existing file. Fixed that.
    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    e15bb61 View commit details
    Browse the repository at this point in the history

  4. oleobj: Use log_helper

    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    f00197e View commit details
    Browse the repository at this point in the history

  5. oleobj: Add json-logging

    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    9443f08 View commit details
    Browse the repository at this point in the history

  6. oleobj: Minor fix 

    Should not matter but this is safer and consistent with other tests.
    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    fe5517f View commit details
    Browse the repository at this point in the history

  7. tests: Add helper to temporarily extract malware samples 

    When testing json-output we need to run samples through the "main"
functions of modules, not just their "process_file" functions that would
accept the extracted and decrypted data from the existing helper
function "loop_over_files". They need a filename as input, so add helper
to create a temp dir and extract&decrypt samples to that temporarily.
    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    fd96cfe View commit details
    Browse the repository at this point in the history

  8. tests: Add test for json output 

    Since this test runs 3 scripts over all samples it takes pretty long.
Therefore, disable it per default, enable with a environment variable
OLETOOLS_TEST_JSON=1

Also, decrypting and extracting malware samples onto the disc might
cause trouble, another reason for not enabling this test per default.
    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    138f8c0 View commit details
    Browse the repository at this point in the history

  9. oleobj: Add --nodump option 

    oleobj also serves as finder for external relationships. If users want just
that behaviour and no dumping of embedded objects, give them the option to
get that. Also clarify this double-purpose in the doc string.

There is a TODO that might be aimed for exactly that, but I am uncertain
whether I interpret it correctly
    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    1f537b8 View commit details
    Browse the repository at this point in the history

  10. tests: Check oleobj's --nodump

    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    c37d8a2 View commit details
    Browse the repository at this point in the history

  11. tests: Check that oleobj reports finding external relationships 

    Do not just rely on return value.

Also avoid dumping stuff when just checking links.
    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    3a896dd View commit details
    Browse the repository at this point in the history

  12. tests: Use --nodump in json test

    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    5c66f26 View commit details
    Browse the repository at this point in the history

  13. oleobj: Add return-val for "found external relationship" 

    Do not abuse the "did dump"-flag for "did find external relationship", add
an extra flag and return value for that
    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    8bf957f View commit details
    Browse the repository at this point in the history

  14. tests: Adjust to new oleobj output

    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    3d441a5 View commit details
    Browse the repository at this point in the history

  15. tests: Remove old hack we do not need any more 

    Branch that fixed this has been merged Oct 2019.
    @christian-intra2net
    christian-intra2net committed Nov 28, 2022
    Configuration menu
    Copy the full SHA
    198b16c View commit details
    Browse the repository at this point in the history