scanfile/server/internal/processing/msoffice/olevba.go

package msoffice

import (
	"encoding/json"
	"fmt"
	"io"
	"log/slog"
	"net/http"
	"net/url"
	"strings"

	"github.com/jackc/pgx/v5/pgtype"
	"github.com/spf13/viper"
)

type olevbaResponse struct {
	Forms        any        `json:"forms"`
	Macros       [][]string `json:"macros"`
	NbAutoexec   int        `json:"nb_autoexec"`
	NbIocs       int        `json:"nb_iocs"`
	NbMacros     int        `json:"nb_macros"`
	NbSuspicious int        `json:"nb_suspicious"`
	Results      [][]string `json:"results"`
	Stomping     bool       `json:"stomping"`
}

func OleVBAScan(fileID pgtype.UUID) (olevbaResponse, error) {
	slog.Debug("Starting OLEvba scan", "file-uuid", fileID.String())
	oleidUrl, err := url.Parse(viper.GetString("processing.oleurl"))
	if err != nil {
		slog.Error("Error in OleVBAScan parsing URL for ole service", "file-uuid", fileID.String(), "error", err)
	}
	oleidUrl.Path = "/olevba/analyze"
	oleidUrl.RawQuery = fmt.Sprintf("file=%s", fileID.String())
	oleidResp, err := http.Get(oleidUrl.String())
	slog.Debug("OleVBAScan request", "file-uuid", fileID.String(), "url", oleidUrl.String(), "status-code", oleidResp.StatusCode)
	if err != nil {
		slog.Error("Error in OleVBAScan getting olevba info from service", "file-uuid", fileID.String(), "error", err)
	}
	defer oleidResp.Body.Close()
	body, err := io.ReadAll(oleidResp.Body)
	if err != nil {
		slog.Error("Error in OleVBAScan parsing olevba body", "file-uuid", fileID.String(), "error", err)
	}

	var jsonResp olevbaResponse

	err = json.Unmarshal(body, &jsonResp)
	if err != nil {
		slog.Error("Error in OleVBAScan when trying to unmarshal response", "file-uuid", fileID.String(), "error", err)
		return jsonResp, err
	}

	for i, result := range jsonResp.Results {
		if result[0] == "Hex String" {
			var hexParts []string
			for _, b := range []byte(result[1]) {
				hexParts = append(hexParts, fmt.Sprintf("0x%X", b))
			}
			result[1] = strings.Join(hexParts, " ")
		}
		slog.Debug("OleVBAScan Result", "0", result[0], "1", result[1], "2", result[2], "i", i)
	}

	for i, macro := range jsonResp.Macros {
		slog.Debug("OleVBAScan Macro", "0", macro[0], "1", macro[1], "2", macro[2], "3", macro[3], "i", i)
	}

	slog.Debug("OleVBAScan", "file-uuid", fileID.String(), "data", jsonResp)
	return jsonResp, nil
}