Notify user that ole2 files are encrypted

Add keys to the metadata.json file that informs the user that a scanned ole2 file is encrypted. Information about the type of encryption is provided when the information is available. This feature co-authored by Micah Snyder.
Cisco-Talos · Jul 22, 2024 · 481a8b6 · 481a8b6
1 parent 652d5f6
commit 481a8b6
Show file tree

Hide file tree

Showing 17 changed files with 942 additions and 22 deletions.
diff --git a/libclamav/ole2_extract.c b/libclamav/ole2_extract.c
diff --git a/unit_tests/clamscan/ole2_encryption_test.py b/unit_tests/clamscan/ole2_encryption_test.py
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.doc b/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.doc
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.docx b/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.docx
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.dot b/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.dot
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.ppsx b/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.ppsx
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.pptx b/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.pptx
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.xls b/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.xls
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.xlsx b/unit_tests/input/other_scanfiles/ole2_encryption/password.fat.xlsx
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.doc b/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.doc
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.docx b/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.docx
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.dot b/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.dot
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.ppsx b/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.ppsx
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.pptx b/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.pptx
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.xls b/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.xls
diff --git a/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.xlsx b/unit_tests/input/other_scanfiles/ole2_encryption/password.ministream.xlsx
diff --git a/unit_tests/testcase.py b/unit_tests/testcase.py
@@ -508,6 +508,20 @@ def execute_command(self, cmd, **kwargs):
         """
         return self.execute(cmd, **kwargs)
 
+    # Find the metadata.json file and verify its contents.
+    def verify_metadata_json(self, tempdir, expected=[], unexpected=[]):
+        for parent, dirs, files in os.walk(tempdir):
+            for f in files:
+                if "metadata.json" == f:
+                    with open(os.path.join(parent, f)) as handle:
+                        metadata_json = handle.read()
+                        self.verify_output(metadata_json, expected=expected, unexpected=unexpected)
+
+                    # There is only one metadata.json per scan.
+                    # We found it, so we can break out of the loop.
+                    break
+
+
 
 class Logger(object):