32 lines
1.2 KiB
Python
32 lines
1.2 KiB
Python
import logging
|
|
from flask import Blueprint, request, jsonify, abort
|
|
from os import path
|
|
from werkzeug.utils import secure_filename
|
|
from oletools import olevba, mraptor
|
|
import config
|
|
|
|
mraptor_bp = Blueprint('mraptor', __name__)
|
|
|
|
@mraptor_bp.route('/analyze', methods=['GET'])
|
|
def analyze_mraptor():
|
|
file = secure_filename(request.args.get('file', ''))
|
|
if file == '':
|
|
abort(400)
|
|
filepath = path.join(config.Config.FILE_DIRECTORY, file)
|
|
# Analyze with olevba
|
|
vbaparser = olevba.VBA_Parser(filepath)
|
|
if vbaparser.detect_vba_macros():
|
|
vba_code = ''
|
|
try:
|
|
vba_code = vbaparser.get_vba_code_all_modules()
|
|
except Exception as e:
|
|
logging.error(e)
|
|
abort(500)
|
|
raptor = mraptor.MacroRaptor(vba_code)
|
|
raptor.scan()
|
|
if raptor.suspicious:
|
|
return jsonify({'result': mraptor.Result_Suspicious.name, 'flags': raptor.get_flags(), 'matches': raptor.matches})
|
|
else:
|
|
return jsonify({'result': mraptor.Result_MacroOK.name, 'flags': raptor.get_flags(), 'matches': raptor.matches})
|
|
else:
|
|
return jsonify({'result': mraptor.Result_NoMacro.name})
|