def getPeepXML(statsDict, version, revision): root = etree.Element('peepdf_analysis', version = version+' r'+revision, url = 'http://peepdf.eternal-todo.com', author = 'Jose Miguel Esparza') analysisDate = etree.SubElement(root, 'date') analysisDate.text = datetime.today().strftime('%Y-%m-%d %H:%M') basicInfo = etree.SubElement(root, 'basic') fileName = etree.SubElement(basicInfo, 'filename') fileName.text = statsDict['File'] md5 = etree.SubElement(basicInfo, 'md5') md5.text = statsDict['MD5'] sha1 = etree.SubElement(basicInfo, 'sha1') sha1.text = statsDict['SHA1'] sha256 = etree.SubElement(basicInfo, 'sha256') sha256.text = statsDict['SHA256'] size = etree.SubElement(basicInfo, 'size') size.text = statsDict['Size'] version = etree.SubElement(basicInfo, 'pdf_version') version.text = statsDict['Version'] binary = etree.SubElement(basicInfo, 'binary', status = statsDict['Binary'].lower()) linearized = etree.SubElement(basicInfo, 'linearized', status = statsDict['Linearized'].lower()) encrypted = etree.SubElement(basicInfo, 'encrypted', status = statsDict['Encrypted'].lower()) if statsDict['Encryption Algorithms'] != []: algorithms = etree.SubElement(encrypted, 'algorithms') for algorithmInfo in statsDict['Encryption Algorithms']: algorithm = etree.SubElement(algorithms, 'algorithm', bits = str(algorithmInfo[1])) algorithm.text = algorithmInfo[0] updates = etree.SubElement(basicInfo, 'updates') updates.text = statsDict['Updates'] objects = etree.SubElement(basicInfo, 'num_objects') objects.text = statsDict['Objects'] streams = etree.SubElement(basicInfo, 'num_streams') streams.text = statsDict['Streams'] comments = etree.SubElement(basicInfo, 'comments') comments.text = statsDict['Comments'] errors = etree.SubElement(basicInfo, 'errors', num = str(len(statsDict['Errors']))) for error in statsDict['Errors']: errorMessage = etree.SubElement(errors, 'error_message') errorMessage.text = error advancedInfo = etree.SubElement(root, 'advanced') for version in range(len(statsDict['Versions'])): statsVersion = statsDict['Versions'][version] if version == 0: versionType = 'original' else: versionType = 'update' versionInfo = etree.SubElement(advancedInfo, 'version', num = str(version), type = versionType) catalog = etree.SubElement(versionInfo, 'catalog') if statsVersion['Catalog'] != None: catalog.set('object_id', statsVersion['Catalog']) info = etree.SubElement(versionInfo, 'info') if statsVersion['Info'] != None: info.set('object_id', statsVersion['Info']) objects = etree.SubElement(versionInfo, 'objects', num = statsVersion['Objects'][0]) for id in statsVersion['Objects'][1]: object = etree.SubElement(objects, 'object', id = str(id)) if statsVersion['Compressed Objects'] != None: if id in statsVersion['Compressed Objects'][1]: object.set('compressed','true') else: object.set('compressed','false') if statsVersion['Errors'] != None: if id in statsVersion['Errors'][1]: object.set('errors','true') else: object.set('errors','false') streams = etree.SubElement(versionInfo, 'streams', num = statsVersion['Streams'][0]) for id in statsVersion['Streams'][1]: stream = etree.SubElement(streams, 'stream', id = str(id)) if statsVersion['Xref Streams'] != None: if id in statsVersion['Xref Streams'][1]: stream.set('xref_stream','true') else: stream.set('xref_stream','false') if statsVersion['Object Streams'] != None: if id in statsVersion['Object Streams'][1]: stream.set('object_stream','true') else: stream.set('object_stream','false') if statsVersion['Encoded'] != None: if id in statsVersion['Encoded'][1]: stream.set('encoded','true') if statsVersion['Decoding Errors'] != None: if id in statsVersion['Decoding Errors'][1]: stream.set('decoding_errors','true') else: stream.set('decoding_errors','false') else: stream.set('encoded','false') jsObjects = etree.SubElement(versionInfo, 'js_objects') if statsVersion['Objects with JS code'] != None: for id in statsVersion['Objects with JS code'][1]: etree.SubElement(jsObjects, 'container_object', id = str(id)) actions = statsVersion['Actions'] events = statsVersion['Events'] vulns = statsVersion['Vulns'] elements = statsVersion['Elements'] suspicious = etree.SubElement(versionInfo, 'suspicious_elements') if events != None or actions != None or vulns != None or elements != None: if events != None: triggers = etree.SubElement(suspicious, 'triggers') for event in events: trigger = etree.SubElement(triggers, 'trigger', name = event) for id in events[event]: etree.SubElement(trigger, 'container_object', id = str(id)) if actions != None: actionsList = etree.SubElement(suspicious, 'actions') for action in actions: actionInfo = etree.SubElement(actionsList, 'action', name = action) for id in actions[action]: etree.SubElement(actionInfo, 'container_object', id = str(id)) if elements != None: elementsList = etree.SubElement(suspicious, 'elements') for element in elements: elementInfo = etree.SubElement(elementsList, 'element', name = element) if vulnsDict.has_key(element): for vulnCVE in vulnsDict[element]: cve = etree.SubElement(elementInfo, 'cve') cve.text = vulnCVE for id in elements[element]: etree.SubElement(elementInfo, 'container_object', id = str(id)) if vulns != None: vulnsList = etree.SubElement(suspicious, 'js_vulns') for vuln in vulns: vulnInfo = etree.SubElement(vulnsList, 'vulnerable_function', name = vuln) if vulnsDict.has_key(vuln): for vulnCVE in vulnsDict[vuln]: cve = etree.SubElement(vulnInfo, 'cve') cve.text = vulnCVE for id in vulns[vuln]: etree.SubElement(vulnInfo, 'container_object', id = str(id)) urls = statsVersion['URLs'] suspiciousURLs = etree.SubElement(versionInfo, 'suspicious_urls') if urls != None: for url in urls: urlInfo = etree.SubElement(versionInfo, 'url') urlInfo.text = url return etree.tostring(root, pretty_print=True)
stats += newLine + '\tObjects with JS code ('+statsVersion['Objects with JS code'][0]+'): ' + str(statsVersion['Objects with JS code'][1]) actions = statsVersion['Actions'] events = statsVersion['Events'] vulns = statsVersion['Vulns'] elements = statsVersion['Elements'] if events != None or actions != None or vulns != None or elements != None: stats += newLine + '\tSuspicious elements:' + newLine if events != None: for event in events: stats += '\t\t' + event + ': ' + str(events[event]) + newLine if actions != None: for action in actions: stats += '\t\t' + action + ': ' + str(actions[action]) + newLine if vulns != None: for vuln in vulns: if vulnsDict.has_key(vuln): stats += '\t\t' + vuln + ' (' for vulnCVE in vulnsDict[vuln]: stats += vulnCVE + ',' stats = stats[:-1] + '): ' + str(vulns[vuln]) + newLine else: stats += '\t\t' + vuln + ': ' + str(vulns[vuln]) + newLine if elements != None: for element in elements: if vulnsDict.has_key(element): stats += '\t\t' + element + ' (' for vulnCVE in vulnsDict[element]: stats += vulnCVE + ',' stats = stats[:-1] + '): ' + str(elements[element]) + newLine else: stats += '\t\t' + element + ': ' + str(elements[element]) + newLine