public Set<String> getEntryNames() { Set<String> names = new HashSet<>(); for (String name : directory.getEntryNames()) { if (!excludes.contains(name)) { names.add(name); } } return names; }
public Set<String> getEntryNames() { Set<String> names = new HashSet<>(); for (String name : directory.getEntryNames()) { if (!excludes.contains(name)) { names.add(name); } } return names; }
protected void sanitize(BleachSession session, DirectoryEntry rootIn, DirectoryEntry rootOut) { LOGGER.debug("Entries before: {}", rootIn.getEntryNames()); // Save the changes to a new file // Returns false if the entry should be removed Predicate<Entry> visitor = ((Predicate<Entry>) (e -> true)) .and(new MacroRemover(session)) .and(new ObjectRemover(session)) .and(new SummaryInformationSanitiser(session)); LOGGER.debug("Root ClassID: {}", rootIn.getStorageClsid()); // https://blogs.msdn.microsoft.com/heaths/2006/02/27/identifying-windows-installer-file-types/ rootOut.setStorageClsid(rootIn.getStorageClsid()); rootIn .getEntries() .forEachRemaining( entry -> { if (!visitor.test(entry)) { return; } copyNodesRecursively(session, entry, rootOut); }); LOGGER.debug("Entries after: {}", rootOut.getEntryNames()); // Save the changes to a new file }
@Override public boolean test(Entry entry) { String entryName = entry.getName(); if (!isObject(entryName)) { return true; } LOGGER.info("Found Compound Objects, removing them."); StringBuilder infos = new StringBuilder(); if (entry instanceof DirectoryEntry) { Set<String> entryNames = ((DirectoryEntry) entry).getEntryNames(); LOGGER.trace("Compound Objects' entries: {}", entryNames); infos.append("Entries: ").append(entryNames); } else if (entry instanceof DocumentEntry) { int size = ((DocumentEntry) entry).getSize(); infos.append("Size: ").append(size); } Threat threat = Threat.builder() .type(ThreatType.EXTERNAL_CONTENT) .severity(ThreatSeverity.HIGH) .action(ThreatAction.REMOVE) .location(entryName) .details(infos.toString()) .build(); session.recordThreat(threat); return false; }
@Override public boolean test(Entry entry) { String entryName = entry.getName(); // Matches _VBA_PROJECT_CUR, VBA, ... :) if (!isMacro(entryName)) { return true; } LOGGER.info("Found Macros, removing them."); StringBuilder infos = new StringBuilder(); if (entry instanceof DirectoryEntry) { Set<String> entryNames = ((DirectoryEntry) entry).getEntryNames(); LOGGER.trace("Macros' entries: {}", entryNames); infos.append("Entries: ").append(entryNames); } else if (entry instanceof DocumentEntry) { int size = ((DocumentEntry) entry).getSize(); infos.append("Size: ").append(size); } Threat threat = Threat.builder() .type(ThreatType.ACTIVE_CONTENT) .severity(ThreatSeverity.EXTREME) .action(ThreatAction.REMOVE) .location(entryName) .details(infos.toString()) .build(); session.recordThreat(threat); return false; }
/** * This method allows us to peek into the OLE compound document to extract the file format. * This allows the UniversalProjectReader to determine if this is an MPP file, or if * it is another type of OLE compound document. * * @param fs POIFSFileSystem instance * @return file format name * @throws IOException */ public static String getFileFormat(POIFSFileSystem fs) throws IOException { String fileFormat = ""; DirectoryEntry root = fs.getRoot(); if (root.getEntryNames().contains("\1CompObj")) { CompObj compObj = new CompObj(new DocumentInputStream((DocumentEntry) root.getEntry("\1CompObj"))); fileFormat = compObj.getFileFormat(); } return fileFormat; }
/** * This method allows us to peek into the OLE compound document to extract the file format. * This allows the UniversalProjectReader to determine if this is an MPP file, or if * it is another type of OLE compound document. * * @param fs POIFSFileSystem instance * @return file format name * @throws IOException */ public static String getFileFormat(POIFSFileSystem fs) throws IOException { String fileFormat = ""; DirectoryEntry root = fs.getRoot(); if (root.getEntryNames().contains("\1CompObj")) { CompObj compObj = new CompObj(new DocumentInputStream((DocumentEntry) root.getEntry("\1CompObj"))); fileFormat = compObj.getFileFormat(); } return fileFormat; }