From 079e8d30a3c5e6209b78d8b1a50e9944704b17c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Vinot?= Date: Mon, 19 Jun 2017 11:24:47 +0200 Subject: [PATCH] Add support for ObjectStream in PDF ObjectStream isn't necessarely malicious, but can be. This patch could be improved by unpacking the content of the stream, but it requires 3rd party libraries we don't have for now. Final fix for PCL-01-002 --- bin/filecheck.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/filecheck.py b/bin/filecheck.py index e7cfdc8..536f4e1 100644 --- a/bin/filecheck.py +++ b/bin/filecheck.py @@ -407,6 +407,8 @@ class File(FileBase): self.make_dangerous('Pdf with launch action(s)') if oPDFiD.xfa.count > 0: self.make_dangerous('Pdf with XFA structures') + if oPDFiD.objstm.count > 0: + self.make_dangerous('Pdf with ObjectStream structures') if not self.is_dangerous: self.add_description('Pdf file')