grierforensics / officedissector Goto Github PK
View Code? Open in Web Editor NEWStatic analysis tools for Microsoft Office Open XML files and documents
Home Page: https://www.officedissector.com/
License: Other
Static analysis tools for Microsoft Office Open XML files and documents
Home Page: https://www.officedissector.com/
License: Other
Hi,
In my opinion there are 2 flaws with extracting self.type, self.is_macro_enabled, self.is_template from the extension:
You can check http://www.decalage.info/files/JCV07_Lagadec_OpenDocument_OpenXML_v4_decalage.pdf for an interesting security assessment.
Marian
Thank you for the work on this project.
Just as you do for Core Properties, is it possible to add support for:
Extended Properties
http://schemas.openxmlformats.org/officedocument/2006/relationships/extended-properties
Extended Properties
http://schemas.openxmlformats.org/officedocument/2006/relationships/custom-properties
Document Properties
http://schemas.openxmlformats.org/officedocument/2006/relationships/officedocument
Thank you.
Hi, i got the following error:
AssertionError: content_type of Part is empty: Part [/[Content_Types].xml]
It happens on completely empty and new .docx file created with latest LibreOffice version
Thanks!
I have an XML file that I can open without any problem with LibreOffice but office dissector fails because the following parameter fails in the document:
<Default Extension="xml" ContentType="application/xml"/>
It seems the document should be considered invalid [1] but as it can be open with LibreOffice, I think office dissector should be able to handle it (the document is legitimate).
My dirty fix (?) right now is to default to self.__content_type = 'application/xml'
if the parameter is missing.
[1] https://developer.marklogic.com/blog/smallchanges/2007-11-27 https://msdn.microsoft.com/en-us/library/bb879915%28v=office.12%29.aspx
Hi there - currently, officedissector is vulnerable to a specific type of denial of service using external entitites. For example, an office document containing an external entity linking to /dev/random will wait for /dev/random to return a character, causing officedissector to hang without returning an error or timing out. Some possible solutions:
Any thoughts? I would be interested in helping with the patch, but wanted to get your opinion first.
I'm writing a script to process email attachments and I don't want to touch the disk so I need a way to pass a pseudo file (BytesIO).
It doesn't seems particularly difficult to implement and won't change much of the logic so I may just do a pull requests soon-ish.
I find the json representation quite useful. Is is possible to add the Core Properties in there as well?
Also, if you fix issue #10 would be great if you could add those in the json, as well.
Thank you.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.