pandora
pandora copied to clipboard
Published
20 hours ago •
pandora-analysis
pandora-analysis
Handle password protected files
Submitting a password protected files raise an exception.
TODO:
- [x] Add a hard-coded list of password in the config
- [x] Allow the user to provide a password on upload
- [x] Sequentially try all of them against the encrypted file
- [ ] If the file cannot be decrypted, store it anyway but skip previews and text extract
- [ ] If the file can be decrypted, store the decrypted version
- [ ] Run relevant workers
Notes:
- UnoConverter (Libreoffice/Office converter) doesn't supports password protected files at all. We need to remove the password before processing: https://github.com/nolze/msoffcrypto-tool
- [x] Add possibility for the user to provide a password
- [ ] Still run some worker like VT/MB/...
Got an error with pdf encrypted:
Traceback (most recent call last):
File "/home/techteam/pandora/website/web/__init__.py", line 142, in wrapper
res = func(*args, **kwargs)
File "/home/techteam/pandora/website/web/__init__.py", line 197, in api_analysis
return render_template('analysis.html', task=task, seed=seed, api=api, api_resource=ApiTaskAction)
File "/home/techteam/.cache/pypoetry/virtualenvs/pandora-cS-zXq0b-py3.8/lib/python3.8/site-packages/flask/templating.py", line 147, in render_template
return _render(
File "/home/techteam/.cache/pypoetry/virtualenvs/pandora-cS-zXq0b-py3.8/lib/python3.8/site-packages/flask/templating.py", line 128, in _render
rv = template.render(context)
File "/home/techteam/.cache/pypoetry/virtualenvs/pandora-cS-zXq0b-py3.8/lib/python3.8/site-packages/jinja2/environment.py", line 1291, in render
self.environment.handle_exception()
File "/home/techteam/.cache/pypoetry/virtualenvs/pandora-cS-zXq0b-py3.8/lib/python3.8/site-packages/jinja2/environment.py", line 926, in handle_exception
raise rewrite_traceback_stack(source=source)
File "/home/techteam/pandora/website/web/templates/analysis.html", line 2, in top-level template code
{% from 'bootstrap5/utils.html' import render_icon %}
File "/home/techteam/pandora/website/web/templates/base.html", line 104, in top-level template code
{% block content %}{% endblock %}
File "/home/techteam/pandora/website/web/templates/analysis.html", line 253, in block 'content'
<li role="presentation" class="nav-item {% if not task.observables %} d-none {% endif %}" id="observables_tab">
File "/home/techteam/.cache/pypoetry/virtualenvs/pandora-cS-zXq0b-py3.8/lib/python3.8/site-packages/jinja2/environment.py", line 475, in getattr
return getattr(obj, attribute)
File "/home/techteam/pandora/pandora/task.py", line 217, in observables
self.__init_observables_from_file()
File "/home/techteam/pandora/pandora/task.py", line 211, in __init_observables_from_file
for observable_type, values in self.file.observables.items():
File "/home/techteam/pandora/pandora/file.py", line 559, in observables
pdf_file = pikepdf.Pdf.open(self.data)
File "/home/techteam/.cache/pypoetry/virtualenvs/pandora-cS-zXq0b-py3.8/lib/python3.8/site-packages/pikepdf/_methods.py", line 923, in open
pdf = Pdf._open(
pikepdf._qpdf.PasswordError: <_io.BytesIO object at 0x7ffb08e6b630>: invalid password
Then result in 404 page
yep, anything besides archives isn't supported at all yet. But the PDF lib supports passwords, so that's gonna happen (for PDFs)
Simply so as not to forget, the password should be stored to offer it by default if a file is rescanned