CIRCL
/
PyCIRCLean
mirror of https://github.com/CIRCL/PyCIRCLean
2
0
Fork 0
Code Issues Releases Wiki Activity

Add support for ObjectStream in PDF 

ObjectStream isn't necessarely malicious, but can be. This patch could
be improved by unpacking the content of the stream, but it requires 3rd
party libraries we don't have for now.

Final fix for PCL-01-002
pull/17/merge
Raphaël Vinot 2017-06-19 11:24:47 +02:00
parent 7d38ec3d32
commit 079e8d30a3
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
bin/filecheck.py
View File

@ -407,6 +407,8 @@ class File(FileBase):
self.make_dangerous('Pdf with launch action(s)') self.make_dangerous('Pdf with launch action(s)')
if oPDFiD.xfa.count > 0: if oPDFiD.xfa.count > 0:
self.make_dangerous('Pdf with XFA structures') self.make_dangerous('Pdf with XFA structures')
if oPDFiD.objstm.count > 0:
self.make_dangerous('Pdf with ObjectStream structures')
if not self.is_dangerous: if not self.is_dangerous:
self.add_description('Pdf file') self.add_description('Pdf file')