#212 WIP fix conflicts

TheHive-Project · Mar 29, 2018 · bfb338b · bfb338b
2 parents 2ab6ec9 + 49ac953
commit bfb338b
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 10 deletions.
diff --git a/analyzers/FileInfo/fileinfo_analyzer.py b/analyzers/FileInfo/fileinfo_analyzer.py
@@ -4,7 +4,7 @@
 
 from cortexutils.analyzer import Analyzer
 from submodules import *
-# import submodules
+
 
 class FileInfoAnalyzer(Analyzer):
     def __init__(self):
@@ -14,12 +14,6 @@ def __init__(self):
         self.filetype = pyexifinfo.fileType(self.filepath)
         #self.auto_extract = False
 
-        # Create a dictionary of custom submodules
-        # self.available_submodules = [
-        #     GZIPSubmodule(),
-        #     PESubmodule()
-        # ]
-
     def run(self):
         results = []
 
@@ -31,8 +25,8 @@ def run(self):
         })
 
         # for module in self.available_submodules:
-        for module in AVAILABLE_SUBMODULES:
-            if module.check_file(file=self.filepath, filetype=self.filetype):
+        for module in self.available_submodules:
+            if module.check_file(file=self.filepath, filetype=self.filetype, filename=self.filename):
                 # temporary report
                 results.append({
                     'submodule_name': module.name,
@@ -41,6 +35,5 @@ def run(self):
         self.report(results)
 
 
-
 if __name__ == '__main__':
     FileInfoAnalyzer().run()
diff --git a/analyzers/FileInfo/submodules/submodule_base.py b/analyzers/FileInfo/submodules/submodule_base.py
@@ -23,6 +23,8 @@ def check_file(self, **kwargs):
         :type file: str
         :param filetype: used for checking compatibility for a file using the filetype string of pyexiftool.fileType().
         :type filetype: str
+        :param filename: the original filename, not the one given by cortex
+        :type filename: str
         :return: true on success, false otherwise
         :rtype: bool
         """

diff --git a/analyzers/FileInfo/submodules/submodule_oletools.py b/analyzers/FileInfo/submodules/submodule_oletools.py
@@ -0,0 +1,25 @@
+"""FileInfo oletools submodule; WIP"""
+from .submodule_base import SubmoduleBaseclass
+
+
+class OLEToolsSubmodule(SubmoduleBaseclass):
+    """Try to inspect files using python oletools."""
+    def __init__(self):
+        SubmoduleBaseclass.__init__(self)
+        self.name = 'OLETools Submodule'
+
+    def check_file(self, **kwargs):
+        """Oletools accepts MS office documents."""
+        try:
+            if kwargs.get('filename').rsplit('.', 1)[1] in [
+                    'doc',
+                    'docx',
+                    'xls',
+                    'xlsx',
+                    'ppt',
+                    'pptx'
+                ]:
+                return True
+        except KeyError:
+            return False
+        return False