def supprimer_macros_win32(self, fichier):
"""
Pour desactiver les macros VBA en utilisant l'API Win32 pour supprimer
le stream contenant les macros.
Cette methode est rapide et simple, mais ne fonctionne que sous Windows.
De plus elle ne fonctionne que pour Word et Excel, et des effets de
bord sont possible si le fichier contient certains mots cles.
"""
if self.stream_macros == None:
# Pour certains formats cette methode simple ne fonctionne pas:
return Resultat.Resultat(
Resultat.ACCEPTE,
self.nom + " : pas de contenu suspect détecté", fichier)
Journal.info2(u"Suppression des macros VBA via l'API Win32")
mode = STGM_READWRITE | STGM_SHARE_EXCLUSIVE
istorage = pythoncom.StgOpenStorageEx(fichier.copie_temp(), mode,
STGFMT_STORAGE, 0,
pythoncom.IID_IStorage)
try:
istorage.DestroyElement(self.stream_macros)
Journal.debug(u"Le stream %s a ete supprime." % self.stream_macros)
Journal.info2(u"Des macros VBA ont ete trouvees et desactivees.")
return self.resultat_nettoye(
fichier) #, _(u"Macro(s) VBA supprimée(s)"))
except pythoncom.com_error, details:
# exception specifique quand le stream n'existe pas
if details[1] == 'STG_E_FILENOTFOUND':
# macros VBA non trouvees
Journal.info2(u"Aucune macro VBA n'a ete trouvee.")
return self.resultat_accepte(fichier)
else:
# autre erreur pythoncom:
Journal.exception("Erreur lors du nettoyage des macros")
def property_sets(filepath):
property_set_storage = pythoncom.StgOpenStorageEx(
filepath, STORAGE_READ, storagecon.STGFMT_ANY, 0,
pythoncom.IID_IPropertySetStorage)
for fmtid, clsid, flags, ctime, mtime, atime in property_set_storage:
yield FORMATS.get(fmtid, unicode(fmtid)), property_dict(
property_set_storage, fmtid)
if fmtid == pythoncom.FMTID_DocSummaryInformation:
fmtid = pythoncom.FMTID_UserDefinedProperties
user_defined_properties = property_dict(property_set_storage,
fmtid)
if user_defined_properties:
yield FORMATS.get(fmtid,
unicode(fmtid)), user_defined_properties
def set_file_attributes(eml_fp, author, title, comments):
""" change the windows file attributes (author, title, comments) to make easier for searching
Parameters:
-----------
eml_fp: str
full path to the email file on HDD
Returns:
--------
None
"""
flags = storagecon.STGM_READWRITE | storagecon.STGM_SHARE_EXCLUSIVE | storagecon.STGM_DIRECT
pss = pythoncom.StgOpenStorageEx(eml_fp, flags, storagecon.STGFMT_FILE, 0,
pythoncom.IID_IPropertySetStorage, None)
try:
ps = pss.Create(
pythoncom.FMTID_SummaryInformation, pythoncom.IID_IPropertyStorage,
0, storagecon.STGM_READWRITE | storagecon.STGM_SHARE_EXCLUSIVE)
except:
try:
ps = pss.Open(
pythoncom.FMTID_SummaryInformation,
storagecon.STGM_READWRITE | storagecon.STGM_SHARE_EXCLUSIVE)
except:
print(
"80 Failed \teml_fp: %s\n\tauthor:: %s\n\ttitle:: %s\n\tcomments::%s"
% (eml_fp, author, title, comments))
raise
ps.WriteMultiple((storagecon.PIDSI_KEYWORDS, storagecon.PIDSI_COMMENTS,
storagecon.PIDSI_AUTHOR, storagecon.PIDSI_TITLE),
('keywords', comments, author, title))
#add here wait loop to secure the filename change was effective
while not os.path.isfile(eml_fp):
sleep(0.01)
ps = None
pss = None
def testit(self):
fname, tmp = win32api.GetTempFileName(win32api.GetTempPath(), 'stg')
m = storagecon.STGM_READWRITE | storagecon.STGM_SHARE_EXCLUSIVE
## file, mode, format, attrs (always 0), IID (IStorage or IPropertySetStorage, storage options(only used with STGFMT_DOCFILE)
pss = pythoncom.StgOpenStorageEx(fname, m, storagecon.STGFMT_FILE, 0,
pythoncom.IID_IPropertySetStorage)
### {"Version":2,"reserved":0,"SectorSize":512,"TemplateFile":u'somefilename'})
## FMTID_SummaryInformation FMTID_DocSummaryInformation FMTID_UserDefinedProperties
psuser = pss.Create(pythoncom.FMTID_UserDefinedProperties,
pythoncom.IID_IPropertySetStorage,
storagecon.PROPSETFLAG_DEFAULT,
storagecon.STGM_READWRITE | storagecon.STGM_CREATE
| storagecon.STGM_SHARE_EXCLUSIVE
) ## its very picky about flag combinations!
psuser.WriteMultiple((3, 4), ('hey', 'bubba'))
psuser.WritePropertyNames((3, 4), ('property3', 'property4'))
expected_summaries = []
expected_summaries.append(('property3', 3, pythoncom.VT_BSTR))
expected_summaries.append(('property4', 4, pythoncom.VT_BSTR))
psuser = None
pssum = pss.Create(
pythoncom.FMTID_SummaryInformation,
pythoncom.IID_IPropertySetStorage, storagecon.PROPSETFLAG_DEFAULT,
storagecon.STGM_READWRITE | storagecon.STGM_CREATE
| storagecon.STGM_SHARE_EXCLUSIVE)
pssum.WriteMultiple(
(storagecon.PIDSI_AUTHOR, storagecon.PIDSI_COMMENTS),
('me', 'comment'))
pssum = None
pss = None ## doesn't seem to be a close or release method, and you can't even reopen it from the same process until previous object is gone
pssread = pythoncom.StgOpenStorageEx(
fname, storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE,
storagecon.STGFMT_FILE, 0, pythoncom.IID_IPropertySetStorage)
found_summaries = []
for psstat in pssread:
ps = pssread.Open(
psstat[0],
storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE)
for p in ps:
p_val = ps.ReadMultiple((p[1], ))[0]
if (p[1]==storagecon.PIDSI_AUTHOR and p_val=='me') or \
(p[1]==storagecon.PIDSI_COMMENTS and p_val=='comment'):
pass
else:
self.fail("Uxexpected property %s/%s" % (p, p_val))
ps = None
## FMTID_UserDefinedProperties can't exist without FMTID_DocSummaryInformation, and isn't returned independently from Enum
## also can't be open at same time
if psstat[0] == pythoncom.FMTID_DocSummaryInformation:
ps = pssread.Open(
pythoncom.FMTID_UserDefinedProperties,
storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE)
for p in ps:
found_summaries.append(p)
ps = None
psread = None
expected_summaries.sort()
found_summaries.sort()
self.assertEqual(expected_summaries, found_summaries)
def get_stats(path):
""" Function returns author,title,subject,keywords,comments,category using
the COM interface on windows"""
# this is code lifted from a message by [email protected]
# I changed some things
author = title = subject = keywords = comments = category = None
try:
#This is all MS stuff
pssread = pythoncom.StgOpenStorageEx(
path, storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE,
storagecon.STGFMT_FILE, 0, pythoncom.IID_IPropertySetStorage)
except:
try:
stg = pythoncom.StgOpenStorage(
path, None,
storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE)
pssread = stg.QueryInterface(pythoncom.IID_IPropertySetStorage)
except:
print("No extended storage")
else:
try:
ps = pssread.Open(
pythoncom.FMTID_SummaryInformation,
storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE)
except:
pass
else:
author,title,subject,keywords,comments = ps.ReadMultiple(\
(storagecon.PIDSI_AUTHOR, storagecon.PIDSI_TITLE,
storagecon.PIDSI_SUBJECT, storagecon.PIDSI_KEYWORDS,
storagecon.PIDSI_COMMENTS) )
try:
ps = pssread.Open(
pythoncom.FMTID_DocSummaryInformation,
storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE)
except:
pass
else:
category = ps.ReadMultiple((storagecon.PIDDSI_CATEGORY, ))[0]
stat_list = [author, title, subject, keywords, comments, category]
stat_dictionary = dict([(Field, stat_list[index])
for index, Field in enumerate(GET_STATS_FIELDS)
])
return stat_dictionary
else:
try:
ps = pssread.Open(
pythoncom.FMTID_SummaryInformation,
storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE)
except:
pass
else:
author, title, subject, keywords, comments = ps.ReadMultiple(
(storagecon.PIDSI_AUTHOR, storagecon.PIDSI_TITLE,
storagecon.PIDSI_SUBJECT, storagecon.PIDSI_KEYWORDS,
storagecon.PIDSI_COMMENTS))
try:
ps = pssread.Open(
pythoncom.FMTID_DocSummaryInformation,
storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE)
except:
pass
else:
category = ps.ReadMultiple((storagecon.PIDDSI_CATEGORY, ))[0]
try:
ps = pssread.Open(
pythoncom.FMTID_UserDefinedProperties,
storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE)
except:
pass
else:
pass
stat_list = [author, title, subject, keywords, comments, category]
stat_dictionary = dict([(Field, stat_list[index])
for index, Field in enumerate(GET_STATS_FIELDS)
])
return stat_dictionary
f = open(tempfile, 'w')
f.write('some random junk' + 'x' * 100)
f.close()
## add a couple of alternate data streams
f = open(tempfile + ':streamdata', 'w')
f.write('data written to alternate stream' + 'y' * 100)
f.close()
f = open(tempfile + ':anotherstream', 'w')
f.write('z' * 100)
f.close()
## add Summary Information, which is stored as a separate stream
m = storagecon.STGM_READWRITE | storagecon.STGM_SHARE_EXCLUSIVE | storagecon.STGM_DIRECT
pss = pythoncom.StgOpenStorageEx(tempfile, m, storagecon.STGFMT_FILE, 0,
pythoncom.IID_IPropertySetStorage, None)
ps = pss.Create(pythoncom.FMTID_SummaryInformation,
pythoncom.IID_IPropertyStorage, 0,
storagecon.STGM_READWRITE | storagecon.STGM_SHARE_EXCLUSIVE)
ps.WriteMultiple((storagecon.PIDSI_KEYWORDS, storagecon.PIDSI_COMMENTS),
('keywords', 'comments'))
ps = None
pss = None
## add a custom security descriptor to make sure we don't
## get a default that would always be the same for both files in temp dir
new_sd = pywintypes.SECURITY_DESCRIPTOR()
sid = win32security.LookupAccountName('', 'EveryOne')[0]
acl = pywintypes.ACL()
acl.AddAccessAllowedAce(1, win32con.GENERIC_READ, sid)
acl.AddAccessAllowedAce(1, ntsecuritycon.FILE_APPEND_DATA, sid)
