[Minor] Also add suspicious patterns support

author Vsevolod Stakhov <vsevolod@highsecure.ru>

Wed, 27 Nov 2019 13:42:24 +0000 (13:42 +0000)

committer Vsevolod Stakhov <vsevolod@highsecure.ru>

Wed, 27 Nov 2019 13:42:24 +0000 (13:42 +0000)
author Vsevolod Stakhov <vsevolod@highsecure.ru>
Wed, 27 Nov 2019 13:42:24 +0000 (13:42 +0000)
committer Vsevolod Stakhov <vsevolod@highsecure.ru>
Wed, 27 Nov 2019 13:42:24 +0000 (13:42 +0000)
diff --git a/lualib/lua_content/pdf.lua b/lualib/lua_content/pdf.lua

index e8d4c7bab1a0ee3f54e7dfcb3aeb4c14b1cd7a7e..588117fc728b3cecaacda7938f7da8253ecac581 100644 (file)
--- a/lualib/lua_content/pdf.lua
+++ b/lualib/lua_content/pdf.lua
@@ -32,8 +32,14 @@ local pdf_patterns = {
    },
    javascript = {
      patterns = {
-      [[\s/JS]],
-      [[\s/JavaScript]],
+      [[\s|>/JS]],
+      [[\s|>/JavaScript]],
+    }
+  },
+  suspicious = {
+    patterns = {
+      [[netsh\s]],
+      [[echo\s]],
      }
    }
  }
@@ -139,6 +145,11 @@ processors.javascript = function(_, task, _, output)
    output.javascript = true
  end
  
+processors.suspicious = function(_, task, _, output)
+  lua_util.debugm(N, task, "pdf: found a suspicious pattern")
+  output.suspicious = true
+end
+
  exports.process = process_pdf
  
  return exports
 \ No newline at end of file
author	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Wed, 27 Nov 2019 13:42:24 +0000 (13:42 +0000)
committer	Vsevolod Stakhov <vsevolod@highsecure.ru>
	Wed, 27 Nov 2019 13:42:24 +0000 (13:42 +0000)