def getPeepXML(statsDict, version, revision):
root = etree.Element('peepdf_analysis', version = version+' r'+revision, url = 'http://peepdf.eternal-todo.com', author = 'Jose Miguel Esparza')
analysisDate = etree.SubElement(root, 'date')
analysisDate.text = datetime.today().strftime('%Y-%m-%d %H:%M')
basicInfo = etree.SubElement(root, 'basic')
fileName = etree.SubElement(basicInfo, 'filename')
fileName.text = statsDict['File']
md5 = etree.SubElement(basicInfo, 'md5')
md5.text = statsDict['MD5']
sha1 = etree.SubElement(basicInfo, 'sha1')
sha1.text = statsDict['SHA1']
sha256 = etree.SubElement(basicInfo, 'sha256')
sha256.text = statsDict['SHA256']
size = etree.SubElement(basicInfo, 'size')
size.text = statsDict['Size']
version = etree.SubElement(basicInfo, 'pdf_version')
version.text = statsDict['Version']
binary = etree.SubElement(basicInfo, 'binary', status = statsDict['Binary'].lower())
linearized = etree.SubElement(basicInfo, 'linearized', status = statsDict['Linearized'].lower())
encrypted = etree.SubElement(basicInfo, 'encrypted', status = statsDict['Encrypted'].lower())
if statsDict['Encryption Algorithms'] != []:
algorithms = etree.SubElement(encrypted, 'algorithms')
for algorithmInfo in statsDict['Encryption Algorithms']:
algorithm = etree.SubElement(algorithms, 'algorithm', bits = str(algorithmInfo[1]))
algorithm.text = algorithmInfo[0]
updates = etree.SubElement(basicInfo, 'updates')
updates.text = statsDict['Updates']
objects = etree.SubElement(basicInfo, 'num_objects')
objects.text = statsDict['Objects']
streams = etree.SubElement(basicInfo, 'num_streams')
streams.text = statsDict['Streams']
comments = etree.SubElement(basicInfo, 'comments')
comments.text = statsDict['Comments']
errors = etree.SubElement(basicInfo, 'errors', num = str(len(statsDict['Errors'])))
for error in statsDict['Errors']:
errorMessage = etree.SubElement(errors, 'error_message')
errorMessage.text = error
advancedInfo = etree.SubElement(root, 'advanced')
for version in range(len(statsDict['Versions'])):
statsVersion = statsDict['Versions'][version]
if version == 0:
versionType = 'original'
else:
versionType = 'update'
versionInfo = etree.SubElement(advancedInfo, 'version', num = str(version), type = versionType)
catalog = etree.SubElement(versionInfo, 'catalog')
if statsVersion['Catalog'] != None:
catalog.set('object_id', statsVersion['Catalog'])
info = etree.SubElement(versionInfo, 'info')
if statsVersion['Info'] != None:
info.set('object_id', statsVersion['Info'])
objects = etree.SubElement(versionInfo, 'objects', num = statsVersion['Objects'][0])
for id in statsVersion['Objects'][1]:
object = etree.SubElement(objects, 'object', id = str(id))
if statsVersion['Compressed Objects'] != None:
if id in statsVersion['Compressed Objects'][1]:
object.set('compressed','true')
else:
object.set('compressed','false')
if statsVersion['Errors'] != None:
if id in statsVersion['Errors'][1]:
object.set('errors','true')
else:
object.set('errors','false')
streams = etree.SubElement(versionInfo, 'streams', num = statsVersion['Streams'][0])
for id in statsVersion['Streams'][1]:
stream = etree.SubElement(streams, 'stream', id = str(id))
if statsVersion['Xref Streams'] != None:
if id in statsVersion['Xref Streams'][1]:
stream.set('xref_stream','true')
else:
stream.set('xref_stream','false')
if statsVersion['Object Streams'] != None:
if id in statsVersion['Object Streams'][1]:
stream.set('object_stream','true')
else:
stream.set('object_stream','false')
if statsVersion['Encoded'] != None:
if id in statsVersion['Encoded'][1]:
stream.set('encoded','true')
if statsVersion['Decoding Errors'] != None:
if id in statsVersion['Decoding Errors'][1]:
stream.set('decoding_errors','true')
else:
stream.set('decoding_errors','false')
else:
stream.set('encoded','false')
jsObjects = etree.SubElement(versionInfo, 'js_objects')
if statsVersion['Objects with JS code'] != None:
for id in statsVersion['Objects with JS code'][1]:
etree.SubElement(jsObjects, 'container_object', id = str(id))
actions = statsVersion['Actions']
events = statsVersion['Events']
vulns = statsVersion['Vulns']
elements = statsVersion['Elements']
suspicious = etree.SubElement(versionInfo, 'suspicious_elements')
if events != None or actions != None or vulns != None or elements != None:
if events != None:
triggers = etree.SubElement(suspicious, 'triggers')
for event in events:
trigger = etree.SubElement(triggers, 'trigger', name = event)
for id in events[event]:
etree.SubElement(trigger, 'container_object', id = str(id))
if actions != None:
actionsList = etree.SubElement(suspicious, 'actions')
for action in actions:
actionInfo = etree.SubElement(actionsList, 'action', name = action)
for id in actions[action]:
etree.SubElement(actionInfo, 'container_object', id = str(id))
if elements != None:
elementsList = etree.SubElement(suspicious, 'elements')
for element in elements:
elementInfo = etree.SubElement(elementsList, 'element', name = element)
if vulnsDict.has_key(element):
for vulnCVE in vulnsDict[element]:
cve = etree.SubElement(elementInfo, 'cve')
cve.text = vulnCVE
for id in elements[element]:
etree.SubElement(elementInfo, 'container_object', id = str(id))
if vulns != None:
vulnsList = etree.SubElement(suspicious, 'js_vulns')
for vuln in vulns:
vulnInfo = etree.SubElement(vulnsList, 'vulnerable_function', name = vuln)
if vulnsDict.has_key(vuln):
for vulnCVE in vulnsDict[vuln]:
cve = etree.SubElement(vulnInfo, 'cve')
cve.text = vulnCVE
for id in vulns[vuln]:
etree.SubElement(vulnInfo, 'container_object', id = str(id))
urls = statsVersion['URLs']
suspiciousURLs = etree.SubElement(versionInfo, 'suspicious_urls')
if urls != None:
for url in urls:
urlInfo = etree.SubElement(versionInfo, 'url')
urlInfo.text = url
return etree.tostring(root, pretty_print=True)
stats += newLine + '\tObjects with JS code ('+statsVersion['Objects with JS code'][0]+'): ' + str(statsVersion['Objects with JS code'][1])
actions = statsVersion['Actions']
events = statsVersion['Events']
vulns = statsVersion['Vulns']
elements = statsVersion['Elements']
if events != None or actions != None or vulns != None or elements != None:
stats += newLine + '\tSuspicious elements:' + newLine
if events != None:
for event in events:
stats += '\t\t' + event + ': ' + str(events[event]) + newLine
if actions != None:
for action in actions:
stats += '\t\t' + action + ': ' + str(actions[action]) + newLine
if vulns != None:
for vuln in vulns:
if vulnsDict.has_key(vuln):
stats += '\t\t' + vuln + ' ('
for vulnCVE in vulnsDict[vuln]:
stats += vulnCVE + ','
stats = stats[:-1] + '): ' + str(vulns[vuln]) + newLine
else:
stats += '\t\t' + vuln + ': ' + str(vulns[vuln]) + newLine
if elements != None:
for element in elements:
if vulnsDict.has_key(element):
stats += '\t\t' + element + ' ('
for vulnCVE in vulnsDict[element]:
stats += vulnCVE + ','
stats = stats[:-1] + '): ' + str(elements[element]) + newLine
else:
stats += '\t\t' + element + ': ' + str(elements[element]) + newLine
