You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
name: olemeta.py json output
about: Update olemeta to provide json output with -o flag and to be run imported into other tools.
Is your feature request related to a problem? Please describe.
The olemeta tool works great to provide a table format for interactive use of the tool. I want to be able to import the tool into other scripts to automate some triage of malicious documents. The existing tool does not import well into other scripts and does not provide output I can manipulate easily.
Describe the solution you'd like
Update olemeta to provide json output with -o flag and to be run imported into other tools.
Describe alternatives you've considered
There are probably other ways to write the code. This was intended to be a minor change, but I added some comments about handling error output in the logging and I also considered created dedicated functions to remove duplicate code as your comments suggested, but figured I'd get something working first.
Additional context
This change would allow the user to provide a -o flag interactively to generate output in json. Normal use of the tool would not change as the default still outputs a table without the -o flag, but it could now be imported into other scripts with something like:
import olefile
from oletools import olemeta
with open('file.doc', 'rb') as file:
output = 'json'
ole = olefile.OleFileIO(file)
meta = olemeta.process_ole(ole)
json_metadata = olemeta.process_output(meta, output)
print(json_metadata)
The latest commit handles cases where byte objects were being returned unencoded (breaks json serializers) and datetime.datetime() values were returned. All values are passing through a cleaner function before being added to the dictionary.
Thanks @remotephone, this looks good.
If you just need to get metadata for a python script/app, then a direct call to olefile get_metadata() would give you a python object with simple attributes: https://olefile.readthedocs.io/en/latest/Howto.html#extract-metadata (olemeta is just a simple wrapper around it)
But if you need integration with non-python tools, then indeed JSON is a good way to do it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
name: olemeta.py json output
about: Update olemeta to provide json output with -o flag and to be run imported into other tools.
Is your feature request related to a problem? Please describe.
The olemeta tool works great to provide a table format for interactive use of the tool. I want to be able to import the tool into other scripts to automate some triage of malicious documents. The existing tool does not import well into other scripts and does not provide output I can manipulate easily.
Describe the solution you'd like
Update olemeta to provide json output with -o flag and to be run imported into other tools.
Describe alternatives you've considered
There are probably other ways to write the code. This was intended to be a minor change, but I added some comments about handling error output in the logging and I also considered created dedicated functions to remove duplicate code as your comments suggested, but figured I'd get something working first.
Additional context
This change would allow the user to provide a -o flag interactively to generate output in json. Normal use of the tool would not change as the default still outputs a table without the -o flag, but it could now be imported into other scripts with something like: