IntelOwl
IntelOwl copied to clipboard
Docinfo oletools
Description
- added support for password detection during ole file decryption
- added extraction of cve in KNOWN_CLSIDS oletools data
Type of change
- [ ] Bug fix (non-breaking change which fixes an issue).
- [X] New feature (non-breaking change which adds functionality).
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected).
Checklist
- [X] I have read and understood the rules about how to Contribute to this project
- [X] The pull request is for the branch
develop
- [X] A new plugin (analyzer, connector, visualizer, playbook, pivot or ingestor) was added or changed, in which case:
- [ ] I strictly followed the documentation "How to create a Plugin"
- [ ] Usage file was updated.
- [ ] Advanced-Usage was updated (in case the plugin provides additional optional configuration).
- [ ] If the plugin requires mocked testing,
_monkeypatch()
was used in its class to apply the necessary decorators. - [ ] I have dumped the configuration from Django Admin using the
dumpplugin
command and added it in the project as a data migration. ("How to share a plugin with the community") - [ ] If a File analyzer was added and it supports a mimetype which is not already supported, you added a sample of that type inside the archive
test_files.zip
and you added the default tests for that mimetype in test_classes.py. - [ ] If you created a new analyzer and it is free (does not require API keys), please add it in the
FREE_TO_USE_ANALYZERS
playbook by following this guide. - [ ] Check if it could make sense to add that analyzer/connector to other freely available playbooks.
- [ ] I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
- [ ] If external libraries/packages with restrictive licenses were used, they were added in the Legal Notice section.
- [ ] Linters (
Black
,Flake
,Isort
) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf. - [ ] I have added tests for the feature/bug I solved (see
tests
folder). All the tests (new and old ones) gave 0 errors. - [ ] If changes were made to an existing model/serializer/view, the docs were updated and regenerated (check CONTRIBUTE.md).
- [ ] If the GUI has been modified:
- [ ] I have a provided a screenshot of the result in the PR.
- [ ] I have created new frontend tests for the new component or updated existing ones.