60 lines
1.8 KiB
Go
60 lines
1.8 KiB
Go
package msoffice
|
|
|
|
import (
|
|
"git.jmbit.de/jmb/scanfile/server/internal/database"
|
|
"git.jmbit.de/jmb/scanfile/server/internal/sqlc"
|
|
)
|
|
|
|
func MSOfficeProcessing(job sqlc.ProcessingJob) error {
|
|
database.StartProcessingJob(job.ID)
|
|
oleidResp, err := OleIDScan(job.FileID)
|
|
if err != nil {
|
|
database.FailProcessingJob(job.ID, err)
|
|
return err
|
|
}
|
|
olevbaResp, err := OleVBAScan(job.FileID)
|
|
if err != nil {
|
|
database.FailProcessingJob(job.ID, err)
|
|
return err
|
|
}
|
|
params := sqlc.InsertMSOfficeResultsParams{
|
|
FileID: job.FileID,
|
|
}
|
|
params.ContainerFormat.String = oleidResp.ContainerFormat
|
|
params.ContainerFormat.Valid = true
|
|
params.Encrypted.Bool = oleidResp.Encrypted
|
|
params.Encrypted.Valid = true
|
|
params.FileFormat.String = oleidResp.FileFormat
|
|
params.FileFormat.Valid = true
|
|
params.VbaMacros.String = oleidResp.VBAMacros
|
|
params.VbaMacros.Valid = true
|
|
params.XlmMacros.String = oleidResp.XLMMacros
|
|
params.XlmMacros.Valid = true
|
|
params.VbaStomping.Bool = olevbaResp.Stomping
|
|
params.VbaStomping.Valid = true
|
|
params.NbAutoexec.Int32 = int32(olevbaResp.NbAutoexec)
|
|
params.NbAutoexec.Valid = true
|
|
params.NbIocs.Int32 = int32(olevbaResp.NbIocs)
|
|
params.NbIocs.Valid = true
|
|
params.NbMacros.Int32 = int32(olevbaResp.NbMacros)
|
|
params.NbIocs.Valid = true
|
|
params.NbSuspicious.Int32 = int32(olevbaResp.NbSuspicious)
|
|
params.NbSuspicious.Valid = true
|
|
|
|
params.OlevbaResults = olevbaResp.Results
|
|
params.Macros = olevbaResp.Macros
|
|
if olevbaResp.NbSuspicious > 0 || olevbaResp.NbIocs > 0 || olevbaResp.NbAutoexec > 0 {
|
|
params.Verdict.String = "suspicious"
|
|
} else {
|
|
params.Verdict.String = "inconspicous"
|
|
}
|
|
params.Verdict.Valid = true
|
|
|
|
err = database.InsertMSOfficeResults(params)
|
|
if err != nil {
|
|
database.FailProcessingJob(job.ID, err)
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|