def supprimer_macros_win32(self, fichier): """ Pour desactiver les macros VBA en utilisant l'API Win32 pour supprimer le stream contenant les macros. Cette methode est rapide et simple, mais ne fonctionne que sous Windows. De plus elle ne fonctionne que pour Word et Excel, et des effets de bord sont possible si le fichier contient certains mots cles. """ if self.stream_macros == None: # Pour certains formats cette methode simple ne fonctionne pas: return Resultat.Resultat( Resultat.ACCEPTE, self.nom + " : pas de contenu suspect détecté", fichier) Journal.info2(u"Suppression des macros VBA via l'API Win32") mode = STGM_READWRITE | STGM_SHARE_EXCLUSIVE istorage = pythoncom.StgOpenStorageEx(fichier.copie_temp(), mode, STGFMT_STORAGE, 0, pythoncom.IID_IStorage) try: istorage.DestroyElement(self.stream_macros) Journal.debug(u"Le stream %s a ete supprime." % self.stream_macros) Journal.info2(u"Des macros VBA ont ete trouvees et desactivees.") return self.resultat_nettoye( fichier) #, _(u"Macro(s) VBA supprimée(s)")) except pythoncom.com_error, details: # exception specifique quand le stream n'existe pas if details[1] == 'STG_E_FILENOTFOUND': # macros VBA non trouvees Journal.info2(u"Aucune macro VBA n'a ete trouvee.") return self.resultat_accepte(fichier) else: # autre erreur pythoncom: Journal.exception("Erreur lors du nettoyage des macros")
def property_sets(filepath): property_set_storage = pythoncom.StgOpenStorageEx( filepath, STORAGE_READ, storagecon.STGFMT_ANY, 0, pythoncom.IID_IPropertySetStorage) for fmtid, clsid, flags, ctime, mtime, atime in property_set_storage: yield FORMATS.get(fmtid, unicode(fmtid)), property_dict( property_set_storage, fmtid) if fmtid == pythoncom.FMTID_DocSummaryInformation: fmtid = pythoncom.FMTID_UserDefinedProperties user_defined_properties = property_dict(property_set_storage, fmtid) if user_defined_properties: yield FORMATS.get(fmtid, unicode(fmtid)), user_defined_properties
def set_file_attributes(eml_fp, author, title, comments): """ change the windows file attributes (author, title, comments) to make easier for searching Parameters: ----------- eml_fp: str full path to the email file on HDD Returns: -------- None """ flags = storagecon.STGM_READWRITE | storagecon.STGM_SHARE_EXCLUSIVE | storagecon.STGM_DIRECT pss = pythoncom.StgOpenStorageEx(eml_fp, flags, storagecon.STGFMT_FILE, 0, pythoncom.IID_IPropertySetStorage, None) try: ps = pss.Create( pythoncom.FMTID_SummaryInformation, pythoncom.IID_IPropertyStorage, 0, storagecon.STGM_READWRITE | storagecon.STGM_SHARE_EXCLUSIVE) except: try: ps = pss.Open( pythoncom.FMTID_SummaryInformation, storagecon.STGM_READWRITE | storagecon.STGM_SHARE_EXCLUSIVE) except: print( "80 Failed \teml_fp: %s\n\tauthor:: %s\n\ttitle:: %s\n\tcomments::%s" % (eml_fp, author, title, comments)) raise ps.WriteMultiple((storagecon.PIDSI_KEYWORDS, storagecon.PIDSI_COMMENTS, storagecon.PIDSI_AUTHOR, storagecon.PIDSI_TITLE), ('keywords', comments, author, title)) #add here wait loop to secure the filename change was effective while not os.path.isfile(eml_fp): sleep(0.01) ps = None pss = None
def testit(self): fname, tmp = win32api.GetTempFileName(win32api.GetTempPath(), 'stg') m = storagecon.STGM_READWRITE | storagecon.STGM_SHARE_EXCLUSIVE ## file, mode, format, attrs (always 0), IID (IStorage or IPropertySetStorage, storage options(only used with STGFMT_DOCFILE) pss = pythoncom.StgOpenStorageEx(fname, m, storagecon.STGFMT_FILE, 0, pythoncom.IID_IPropertySetStorage) ### {"Version":2,"reserved":0,"SectorSize":512,"TemplateFile":u'somefilename'}) ## FMTID_SummaryInformation FMTID_DocSummaryInformation FMTID_UserDefinedProperties psuser = pss.Create(pythoncom.FMTID_UserDefinedProperties, pythoncom.IID_IPropertySetStorage, storagecon.PROPSETFLAG_DEFAULT, storagecon.STGM_READWRITE | storagecon.STGM_CREATE | storagecon.STGM_SHARE_EXCLUSIVE ) ## its very picky about flag combinations! psuser.WriteMultiple((3, 4), ('hey', 'bubba')) psuser.WritePropertyNames((3, 4), ('property3', 'property4')) expected_summaries = [] expected_summaries.append(('property3', 3, pythoncom.VT_BSTR)) expected_summaries.append(('property4', 4, pythoncom.VT_BSTR)) psuser = None pssum = pss.Create( pythoncom.FMTID_SummaryInformation, pythoncom.IID_IPropertySetStorage, storagecon.PROPSETFLAG_DEFAULT, storagecon.STGM_READWRITE | storagecon.STGM_CREATE | storagecon.STGM_SHARE_EXCLUSIVE) pssum.WriteMultiple( (storagecon.PIDSI_AUTHOR, storagecon.PIDSI_COMMENTS), ('me', 'comment')) pssum = None pss = None ## doesn't seem to be a close or release method, and you can't even reopen it from the same process until previous object is gone pssread = pythoncom.StgOpenStorageEx( fname, storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE, storagecon.STGFMT_FILE, 0, pythoncom.IID_IPropertySetStorage) found_summaries = [] for psstat in pssread: ps = pssread.Open( psstat[0], storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE) for p in ps: p_val = ps.ReadMultiple((p[1], ))[0] if (p[1]==storagecon.PIDSI_AUTHOR and p_val=='me') or \ (p[1]==storagecon.PIDSI_COMMENTS and p_val=='comment'): pass else: self.fail("Uxexpected property %s/%s" % (p, p_val)) ps = None ## FMTID_UserDefinedProperties can't exist without FMTID_DocSummaryInformation, and isn't returned independently from Enum ## also can't be open at same time if psstat[0] == pythoncom.FMTID_DocSummaryInformation: ps = pssread.Open( pythoncom.FMTID_UserDefinedProperties, storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE) for p in ps: found_summaries.append(p) ps = None psread = None expected_summaries.sort() found_summaries.sort() self.assertEqual(expected_summaries, found_summaries)
def get_stats(path): """ Function returns author,title,subject,keywords,comments,category using the COM interface on windows""" # this is code lifted from a message by [email protected] # I changed some things author = title = subject = keywords = comments = category = None try: #This is all MS stuff pssread = pythoncom.StgOpenStorageEx( path, storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE, storagecon.STGFMT_FILE, 0, pythoncom.IID_IPropertySetStorage) except: try: stg = pythoncom.StgOpenStorage( path, None, storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE) pssread = stg.QueryInterface(pythoncom.IID_IPropertySetStorage) except: print("No extended storage") else: try: ps = pssread.Open( pythoncom.FMTID_SummaryInformation, storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE) except: pass else: author,title,subject,keywords,comments = ps.ReadMultiple(\ (storagecon.PIDSI_AUTHOR, storagecon.PIDSI_TITLE, storagecon.PIDSI_SUBJECT, storagecon.PIDSI_KEYWORDS, storagecon.PIDSI_COMMENTS) ) try: ps = pssread.Open( pythoncom.FMTID_DocSummaryInformation, storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE) except: pass else: category = ps.ReadMultiple((storagecon.PIDDSI_CATEGORY, ))[0] stat_list = [author, title, subject, keywords, comments, category] stat_dictionary = dict([(Field, stat_list[index]) for index, Field in enumerate(GET_STATS_FIELDS) ]) return stat_dictionary else: try: ps = pssread.Open( pythoncom.FMTID_SummaryInformation, storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE) except: pass else: author, title, subject, keywords, comments = ps.ReadMultiple( (storagecon.PIDSI_AUTHOR, storagecon.PIDSI_TITLE, storagecon.PIDSI_SUBJECT, storagecon.PIDSI_KEYWORDS, storagecon.PIDSI_COMMENTS)) try: ps = pssread.Open( pythoncom.FMTID_DocSummaryInformation, storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE) except: pass else: category = ps.ReadMultiple((storagecon.PIDDSI_CATEGORY, ))[0] try: ps = pssread.Open( pythoncom.FMTID_UserDefinedProperties, storagecon.STGM_READ | storagecon.STGM_SHARE_EXCLUSIVE) except: pass else: pass stat_list = [author, title, subject, keywords, comments, category] stat_dictionary = dict([(Field, stat_list[index]) for index, Field in enumerate(GET_STATS_FIELDS) ]) return stat_dictionary
f = open(tempfile, 'w') f.write('some random junk' + 'x' * 100) f.close() ## add a couple of alternate data streams f = open(tempfile + ':streamdata', 'w') f.write('data written to alternate stream' + 'y' * 100) f.close() f = open(tempfile + ':anotherstream', 'w') f.write('z' * 100) f.close() ## add Summary Information, which is stored as a separate stream m = storagecon.STGM_READWRITE | storagecon.STGM_SHARE_EXCLUSIVE | storagecon.STGM_DIRECT pss = pythoncom.StgOpenStorageEx(tempfile, m, storagecon.STGFMT_FILE, 0, pythoncom.IID_IPropertySetStorage, None) ps = pss.Create(pythoncom.FMTID_SummaryInformation, pythoncom.IID_IPropertyStorage, 0, storagecon.STGM_READWRITE | storagecon.STGM_SHARE_EXCLUSIVE) ps.WriteMultiple((storagecon.PIDSI_KEYWORDS, storagecon.PIDSI_COMMENTS), ('keywords', 'comments')) ps = None pss = None ## add a custom security descriptor to make sure we don't ## get a default that would always be the same for both files in temp dir new_sd = pywintypes.SECURITY_DESCRIPTOR() sid = win32security.LookupAccountName('', 'EveryOne')[0] acl = pywintypes.ACL() acl.AddAccessAllowedAce(1, win32con.GENERIC_READ, sid) acl.AddAccessAllowedAce(1, ntsecuritycon.FILE_APPEND_DATA, sid)