From a381ef8cf6fc26d40bfd77a1b3e8391ddb923b81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Johannes=20B=C3=BClow?= <johannes.buelow@jmbit.de>
Date: Tue, 17 Jun 2025 17:02:41 +0200
Subject: [PATCH] Moved from jsonb to arrays for olevba results and macros

---
 server/internal/database/schema.sql           |  6 ++--
 .../internal/processing/msoffice/msoffice.go  | 34 ++++++++++---------
 server/internal/sqlc/models.go                |  4 +--
 server/internal/sqlc/queries-msoffice.sql.go  |  4 +--
 4 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/server/internal/database/schema.sql b/server/internal/database/schema.sql
index f202986..7c0891c 100644
--- a/server/internal/database/schema.sql
+++ b/server/internal/database/schema.sql
@@ -63,8 +63,8 @@ CREATE TABLE IF NOT EXISTS msoffice (
   nb_iocs INTEGER,
   nb_macros INTEGER,
   nb_suspicious INTEGER,
-  olevba_results JSONB,
-  macros JSONB
+  olevba_results TEXT[][],
+  macros TEXT[][]
 );
 
 
@@ -84,6 +84,6 @@ CREATE INDEX idx_processing_jobs_file_id ON processing_jobs (file_id);
 CREATE INDEX idx_msoffice_oleid_file_id ON msoffice_oleid (file_id);
 CREATE INDEX idx_msoffice_olevba_file_id ON msoffice_olevba (file_id);
 CREATE INDEX idx_msoffice_mraptor_file_id ON msoffice_mraptor (file_id);
-CREATE INDEX idx_msoffice_results_file_id ON msoffice_results (file_id);
+CREATE INDEX idx_msoffice_results_file_id ON msoffice (file_id);
 CREATE INDEX idx_file_properties_id ON file_properties (id);
 CREATE INDEX idx_file_id ON files (id);
diff --git a/server/internal/processing/msoffice/msoffice.go b/server/internal/processing/msoffice/msoffice.go
index 56c3aac..17be367 100644
--- a/server/internal/processing/msoffice/msoffice.go
+++ b/server/internal/processing/msoffice/msoffice.go
@@ -1,9 +1,6 @@
 package msoffice
 
 import (
-	"encoding/json"
-	"log/slog"
-
 	"git.jmbit.de/jmb/scanfile/server/internal/database"
 	"git.jmbit.de/jmb/scanfile/server/internal/sqlc"
 )
@@ -24,29 +21,34 @@ func MSOfficeProcessing(job sqlc.ProcessingJob) error {
     FileID: job.FileID,
   }
   params.ContainerFormat.String = oleidResp.ContainerFormat
+  params.ContainerFormat.Valid = true
   params.Encrypted.Bool = oleidResp.Encrypted
+  params.Encrypted.Valid = true
   params.FileFormat.String = oleidResp.FileFormat
+  params.FileFormat.Valid = true
   params.VbaMacros.String = oleidResp.VBAMacros
+  params.VbaMacros.Valid = true
   params.XlmMacros.String = oleidResp.XLMMacros
+  params.XlmMacros.Valid = true
   params.VbaStomping.Bool = olevbaResp.Stomping
+  params.VbaStomping.Valid = true
   params.NbAutoexec.Int32 = int32(olevbaResp.NbAutoexec)
+  params.NbAutoexec.Valid = true
   params.NbIocs.Int32 = int32(olevbaResp.NbIocs)
+  params.NbIocs.Valid = true
   params.NbMacros.Int32 = int32(olevbaResp.NbMacros)
+  params.NbIocs.Valid = true
   params.NbSuspicious.Int32 = int32(olevbaResp.NbSuspicious)
+  params.NbSuspicious.Valid = true
 
-  params.OlevbaResults, err = json.Marshal(olevbaResp.Results)
-	if err != nil {
-    slog.Error("Error in MSOfficeProcessing while marshaling olevba results to json", "file-uuid", job.FileID.String(), "error", err, "job-id", job.ID)
-		database.FailProcessingJob(job.ID, err)
-		return err
-	}
-
-  params.Macros, err = json.Marshal(olevbaResp.Macros)
-	if err != nil {
-    slog.Error("Error in MSOfficeProcessing while marshaling macros to json", "file-uuid", job.FileID.String(), "error", err, "job-id", job.ID)
-		database.FailProcessingJob(job.ID, err)
-		return err
-	}
+  params.OlevbaResults = olevbaResp.Results
+  params.Macros = olevbaResp.Macros
+  if olevbaResp.NbSuspicious > 0 || olevbaResp.NbIocs > 0 || olevbaResp.NbAutoexec > 0 {
+    params.Verdict.String = "suspicious"
+  } else {
+    params.Verdict.String = "inconspicous"
+  }
+  params.Verdict.Valid = true
 
   err = database.InsertMSOfficeResults(params)
 	if err != nil {
diff --git a/server/internal/sqlc/models.go b/server/internal/sqlc/models.go
index 464a4ef..f4dd3c7 100644
--- a/server/internal/sqlc/models.go
+++ b/server/internal/sqlc/models.go
@@ -48,8 +48,8 @@ type Msoffice struct {
 	NbIocs          pgtype.Int4
 	NbMacros        pgtype.Int4
 	NbSuspicious    pgtype.Int4
-	OlevbaResults   []byte
-	Macros          []byte
+	OlevbaResults   [][]string
+	Macros          [][]string
 }
 
 type MsofficeMraptor struct {
diff --git a/server/internal/sqlc/queries-msoffice.sql.go b/server/internal/sqlc/queries-msoffice.sql.go
index dbf0111..9740a0d 100644
--- a/server/internal/sqlc/queries-msoffice.sql.go
+++ b/server/internal/sqlc/queries-msoffice.sql.go
@@ -137,8 +137,8 @@ type InsertMSOfficeResultsParams struct {
 	NbIocs          pgtype.Int4
 	NbMacros        pgtype.Int4
 	NbSuspicious    pgtype.Int4
-	OlevbaResults   []byte
-	Macros          []byte
+	OlevbaResults   [][]string
+	Macros          [][]string
 }
 
 func (q *Queries) InsertMSOfficeResults(ctx context.Context, arg InsertMSOfficeResultsParams) error {