Moved from jsonb to arrays for olevba results and macros

2025-06-17 17:02:41 +02:00 · 2025-06-17 17:02:41 +02:00 · a381ef8cf6
commit a381ef8cf6
parent 38feee1360
4 changed files with 25 additions and 23 deletions
--- a/server/internal/database/schema.sql
+++ b/server/internal/database/schema.sql
@ -63,8 +63,8 @@ CREATE TABLE IF NOT EXISTS msoffice (
  nb_iocs INTEGER,
  nb_macros INTEGER,
  nb_suspicious INTEGER,
-  olevba_results JSONB,
+  olevba_results TEXT[][],
-  macros JSONB
+  macros TEXT[][]
 );
@ -84,6 +84,6 @@ CREATE INDEX idx_processing_jobs_file_id ON processing_jobs (file_id);
 CREATE INDEX idx_msoffice_oleid_file_id ON msoffice_oleid (file_id);
 CREATE INDEX idx_msoffice_olevba_file_id ON msoffice_olevba (file_id);
 CREATE INDEX idx_msoffice_mraptor_file_id ON msoffice_mraptor (file_id);
-CREATE INDEX idx_msoffice_results_file_id ON msoffice_results (file_id);
+CREATE INDEX idx_msoffice_results_file_id ON msoffice (file_id);
 CREATE INDEX idx_file_properties_id ON file_properties (id);
 CREATE INDEX idx_file_id ON files (id);
--- a/server/internal/processing/msoffice/msoffice.go
+++ b/server/internal/processing/msoffice/msoffice.go
@ -1,9 +1,6 @@
 package msoffice
 import (
 	"encoding/json"
 	"log/slog"
 	"git.jmbit.de/jmb/scanfile/server/internal/database"
 	"git.jmbit.de/jmb/scanfile/server/internal/sqlc"
 )
@ -24,29 +21,34 @@ func MSOfficeProcessing(job sqlc.ProcessingJob) error {
    FileID: job.FileID,
  }
  params.ContainerFormat.String = oleidResp.ContainerFormat
  params.ContainerFormat.Valid = true
  params.Encrypted.Bool = oleidResp.Encrypted
  params.Encrypted.Valid = true
  params.FileFormat.String = oleidResp.FileFormat
  params.FileFormat.Valid = true
  params.VbaMacros.String = oleidResp.VBAMacros
  params.VbaMacros.Valid = true
  params.XlmMacros.String = oleidResp.XLMMacros
  params.XlmMacros.Valid = true
  params.VbaStomping.Bool = olevbaResp.Stomping
  params.VbaStomping.Valid = true
  params.NbAutoexec.Int32 = int32(olevbaResp.NbAutoexec)
  params.NbAutoexec.Valid = true
  params.NbIocs.Int32 = int32(olevbaResp.NbIocs)
  params.NbIocs.Valid = true
  params.NbMacros.Int32 = int32(olevbaResp.NbMacros)
  params.NbIocs.Valid = true
  params.NbSuspicious.Int32 = int32(olevbaResp.NbSuspicious)
  params.NbSuspicious.Valid = true
-  params.OlevbaResults, err = json.Marshal(olevbaResp.Results)
+  params.OlevbaResults = olevbaResp.Results
-	if err != nil {
+  params.Macros = olevbaResp.Macros
-    slog.Error("Error in MSOfficeProcessing while marshaling olevba results to json", "file-uuid", job.FileID.String(), "error", err, "job-id", job.ID)
+  if olevbaResp.NbSuspicious > 0 || olevbaResp.NbIocs > 0 || olevbaResp.NbAutoexec > 0 {
-		database.FailProcessingJob(job.ID, err)
+    params.Verdict.String = "suspicious"
-		return err
+  } else {
-	}
+    params.Verdict.String = "inconspicous"
-
+  }
-  params.Macros, err = json.Marshal(olevbaResp.Macros)
+  params.Verdict.Valid = true
 	if err != nil {
    slog.Error("Error in MSOfficeProcessing while marshaling macros to json", "file-uuid", job.FileID.String(), "error", err, "job-id", job.ID)
 		database.FailProcessingJob(job.ID, err)
 		return err
 	}
  err = database.InsertMSOfficeResults(params)
 	if err != nil {
--- a/server/internal/sqlc/models.go
+++ b/server/internal/sqlc/models.go
@ -48,8 +48,8 @@ type Msoffice struct {
 	NbIocs          pgtype.Int4
 	NbMacros        pgtype.Int4
 	NbSuspicious    pgtype.Int4
-	OlevbaResults   []byte
+	OlevbaResults   [][]string
-	Macros          []byte
+	Macros          [][]string
 }
 type MsofficeMraptor struct {
--- a/server/internal/sqlc/queries-msoffice.sql.go
+++ b/server/internal/sqlc/queries-msoffice.sql.go
@ -137,8 +137,8 @@ type InsertMSOfficeResultsParams struct {
 	NbIocs          pgtype.Int4
 	NbMacros        pgtype.Int4
 	NbSuspicious    pgtype.Int4
-	OlevbaResults   []byte
+	OlevbaResults   [][]string
-	Macros          []byte
+	Macros          [][]string
 }
 func (q *Queries) InsertMSOfficeResults(ctx context.Context, arg InsertMSOfficeResultsParams) error {