officedissector
1.0.0
主持人是一个解析器图书馆,用于用于办公室开放XML(OOXML)文档的静态安全分析,该文档是由Grier取证为麻省理工学院林肯实验室的网络系统评估小组创建的。
主持人是第一个专门针对OOXML文档安全性分析的解析器。它揭示了所有内部内容,包括文档属性,零件,内容类型,关系,嵌入式宏和多媒体以及评论等等。它提供完整的JSON导出和基于MASTIFF的插件体系结构。它还包括近600 MB的测试语料库,覆盖范围近100%的单元测试,与整个语料库进行的烟雾测试,并且简单,善于货物,充分评论的代码
主持人需要Python 2.7和LXML包。
安装主管的最简单方法是使用PIP自动下载并安装它:
$ sudo pip install lxml # If you haven't installed lxml already
$ sudo pip install officedissector
另外,您可以从GitHub或作为ZIP下载Pocordedector,并使用PIP(推荐)或Python设置安装本地副本:
$ sudo pip install /path/to/thisfolder # Recommended, as pip supports uninstall
$ sudo python setup.py install # Alternative
最后,要在不安装它的情况下使用主持人,请下载并将PYTHONPATH设置为officedissector目录:
$ export PYTHONPATH=/path/to/thisfolder
要查看Posinesedector文档,请在浏览器中打开:
$ doc/html/index.html
要测试,请首先设置PythonPath或如上所述安装officedissector 。然后:
# Unit tests
$ cd test/unit_test
$ python test_officedissector.py
# Smoke tests
$ cd test
$ python smoke_tests.py
烟雾测试将创建日志文件,其中包含有关它们的更多信息。
要查找有关MASTIFF架构和示例插件的更多信息,请参见mastiff-plugins/README.txt 。
以下是IPYTHON的会议,展示了主持人的使用:
$ ipython
In [1]: import officedissector
In [2]: doc = officedissector.doc.Document('test/fraunhoferlibrary/Artikel.docx')
In [4]: doc.is_macro_enabled
Out[4]: False
In [5]: doc.is_template
Out[5]: False
In [6]: mp = doc.main_part()
In [7]: mp.content_type()
Out[7]: 'application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml'
In [9]: mp.name
Out[9]: '/word/document.xml'
In [10]: mp.content_type()
Out[10]: 'application/vnd.openxmlformats-officedocument.wordprocessingml.document.main+xml'
# We can read the part's stream of data:
In [17]: mp.stream().read(200)
Out[17]: '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>rn<w:document xmlns:wpc="http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas" xmlns:mc="http://schemas.openxmlformats.org/markup-c'
# Or use XPath to parse it:
In [33]: t = mp.xpath('//w:t', {'w': "http://schemas.openxmlformats.org/wordprocessingml/2006/main"})
In [37]: t[2].text
Out[37]: u'Das vorliegende Dokument ist ein Beispiel fxfcr einen zur Publikation in einer Zeitschrift vorgesehenen Artikel. Es verwendet fxfcr Autor und Titel in den Dokumenteigenschaften festgelegte Eintrxe4ge.'
# All Relationships in and out are exposed:
In [38]: mp.relationships_in()
Out[38]: [Relationship [rId1] (source Part [RootPart])]
In [39]: mp.relationships_out()
Out[39]:
[Relationship [rId8] (source Part [/word/document.xml]),
Relationship [rId13] (source Part [/word/document.xml]),
Relationship [rId3] (source Part [/word/document.xml]),
...
Relationship [rId14] (source Part [/word/document.xml])]
In [40]: rel = mp.relationships_out()[0]
In [43]: rel.type
Out[43]: 'http://schemas.openxmlformats.org/officeDocument/2006/relationships/endnotes'
In [46]: endnotes = rel.target_part
In [48]: endnotes.content_type()
Out[48]: 'application/vnd.openxmlformats-officedocument.wordprocessingml.endnotes+xml'
# Any Part (or the entire Document) can be exported to JSON:
In [50]: print endnotes.to_json()
{
"content-type": "application/vnd.openxmlformats-officedocument.wordprocessingml.endnotes+xml",
"uri": "/word/endnotes.xml",
"relationships_out": [],
"relationships_in": [
"Relationship [rId8] (source Part [/word/document.xml])"
]
}
# Features are automatically exposed:
In [55]: doc.features.[TAB]
...
doc.features.comments
doc.features.custom_properties
doc.features.custom_xml
doc.features.digital_signatures
doc.features.doc
doc.features.embedded_controls
doc.features.embedded_objects
doc.features.embedded_packages
doc.features.fonts
doc.features.get_parts
doc.features.get_union
doc.features.images
doc.features.macros
doc.features.sounds
doc.features.videos
In [55]: doc.features.images
Out[55]: [Part [/word/media/image1.jpeg]]
In [56]: image = doc.features.images[0]
In [58]: image.content_type()
Out[58]: 'image/jpeg'
# We can export the binary data to JSON as well, by setting include_stream = True:
In [61]: print image.to_json(include_stream = True)
{
"stream_b64": "/9j/4AAQSkZJRgABAQEASABIAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCAAFAAUDASIAAhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQAAAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWmp6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QAHwEAAwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSExBhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElKU1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3uGGO3iWKJdqL0Gc0UUUAf//Z",
"content-type": "image/jpeg",
"uri": "/word/media/image1.jpeg",
"relationships_out": [],
"relationships_in": [
"Relationship [rId1] (source Part [/word/theme/theme1.xml])"
]
}
# Check for macros:
In [62]: doc.features.macros
Out[62]: []
# Or comments:
In [63]: doc.features.comments
Out[63]: []
# Core properties are exposed:
In [64]: doc.core_properties.[TAB]
...
doc.core_properties.content_status
doc.core_properties.core_prop_part
doc.core_properties.created
doc.core_properties.creator
doc.core_properties.description
doc.core_properties.identifier
doc.core_properties.keywords
doc.core_properties.language
doc.core_properties.last_modified_by
doc.core_properties.last_printed
doc.core_properties.modified
doc.core_properties.name
doc.core_properties.parse_all
doc.core_properties.parse_prop
doc.core_properties.revision
doc.core_properties.subject
doc.core_properties.title
doc.core_properties.version
doc.core_properties.category
In [68]: doc.core_properties.modified
Out[68]: '2009-12-04T14:47:00Z'
有关如何使用官员分析OOXML文档的快速启动指南,请参见doc/txt/ANALYZING_OOXML.txt 。
有关主持人的更多详细信息,请参见API doc/html/rst/api.html文档。
有关该项目的更多信息,请参见http://www.officedissector.com。
