diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-09-08 09:50:27 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-09-08 09:50:27 +0100 |
| commit | ef54307ee4621ee2645c7cf9456e2542f51875f6 (patch) | |
| tree | b0bd95d08eb6409edfdfcc11c8e2e45f8695853f /lualib/lua_magic/heuristics.lua | |
| parent | eb120f830eecdbea31bf7c4090c45a7784de682b (diff) | |
| download | rspamd-ef54307ee4621ee2645c7cf9456e2542f51875f6.tar.gz rspamd-ef54307ee4621ee2645c7cf9456e2542f51875f6.zip | |
[Project] Lua_magic: Add Oasis documents detection
Diffstat (limited to 'lualib/lua_magic/heuristics.lua')
| -rw-r--r-- | lualib/lua_magic/heuristics.lua | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/lualib/lua_magic/heuristics.lua b/lualib/lua_magic/heuristics.lua index 167edd0c9..b30f95794 100644 --- a/lualib/lua_magic/heuristics.lua +++ b/lualib/lua_magic/heuristics.lua @@ -167,6 +167,20 @@ end exports.ole_format_heuristic = detect_ole_format +local function process_detected(res) + local extensions = lua_util.keys(res) + + if #extensions > 0 then + table.sort(extensions, function(ex1, ex2) + return res[ex1] > res[ex2] + end) + + return extensions,res[extensions[1]] + end + + return nil +end + local function detect_archive_flaw(part, arch) local arch_type = arch:get_type() local res = { @@ -174,6 +188,9 @@ local function detect_archive_flaw(part, arch) xlsx = 0, pptx = 0, jar = 0, + odt = 0, + odp = 0, + ods = 0 } -- ext + confidence pairs -- General msoffice patterns @@ -195,8 +212,44 @@ local function detect_archive_flaw(part, arch) res.xlsx = res.docx + 30 elseif file == 'ppt/' then res.xlsx = res.pptx + 30 + elseif file == 'META-INF/manifest.xml' then + -- Apply ODT detection logic + local content = part:get_content() + + if #content > 80 then + -- https://lists.oasis-open.org/archives/office/200505/msg00006.html + local start_span = content:span(30, 50) + + local mp = tostring(start_span:span(1, 8)) + if mp == 'mimetype' then + local spec_type = tostring(start_span:span(9)) + if spec_type:find('vnd.oasis.opendocument.text') then + res.odt = 40 + elseif spec_type:find('vnd.oasis.opendocument.spreadsheet') then + res.ods = 40 + elseif spec_type:find('vnd.oasis.opendocument.formula') then + res.ods = 40 + elseif spec_type:find('vnd.oasis.opendocument.chart') then + res.ods = 40 + elseif spec_type:find('vnd.oasis.opendocument.presentation') then + res.odp = 40 + elseif spec_type:find('vnd.oasis.opendocument.image') then + -- Assume image as odt + res.odt = 40 + elseif spec_type:find('vnd.oasis.opendocument.graphics') then + -- Assume image as odt + res.odt = 40 + end + end + end end end + + local ext,weight = process_detected(res) + + if weight >= 40 then + return ext,weight + end end return arch_type:lower(),40 |