Suppress Unnecessary Logs & Fix an Undefined Reference (#12)

* Turn off mupdf errrors & upgrade version

build/python/backend/requirements.txt

@@ -21,7 +21,7 @@ numpy==1.20.2
 olefile==0.46
 oletools==0.56.1
 opencv-python==4.5.1.48
-PyMuPDF==1.18.19
+PyMuPDF==1.19.3
 pefile==2019.4.18
 pgpdump3==1.5.2
 pyelftools==0.27

src/python/strelka/scanners/scan_ole.py

@@ -13,55 +13,52 @@ def scan(self, data, file, options, expire_at):
         self.event['total'] = {'streams': 0, 'extracted': 0}
 
         try:
-            ole = olefile.OleFileIO(data)
-            ole_streams = ole.listdir(streams=True)
-            self.event['total']['streams'] = len(ole_streams)
-            for stream in ole_streams:
-                file = ole.openstream(stream)
-                extract_data = file.read()
-                extract_name = f'{"_".join(stream)}'
-                extract_name = re.sub(r'[\x00-\x1F]', '', extract_name)
-                if extract_name.endswith('Ole10Native'):
-                    native_stream = oletools.oleobj.OleNativeStream(
-                        bindata=extract_data,
-                    )
-                    if native_stream.filename:
-                        extract_name = extract_name + f'_{str(native_stream.filename)}'
-                    else:
-                        extract_name = extract_name + '_native_data'
-
-                    extract_file = strelka.File(
-                        name=extract_name,
-                        source=self.name,
-                    )
+            with olefile.OleFileIO(data) as ole:
+                ole_streams = ole.listdir(streams=True)
+                self.event['total']['streams'] = len(ole_streams)
+                for stream in ole_streams:
+                    file = ole.openstream(stream)
+                    extract_data = file.read()
+                    extract_name = f'{"_".join(stream)}'
+                    extract_name = re.sub(r'[\x00-\x1F]', '', extract_name)
+                    if extract_name.endswith('Ole10Native'):
+                        native_stream = oletools.oleobj.OleNativeStream(
+                            bindata=extract_data,
+                        )
+                        if native_stream.filename:
+                            extract_name = extract_name + f'_{str(native_stream.filename)}'
+                        else:
+                            extract_name = extract_name + '_native_data'
 
-                    for c in strelka.chunk_string(native_stream.data):
-                        self.upload_to_coordinator(
-                            extract_file.pointer,
-                            c,
-                            expire_at,
+                        extract_file = strelka.File(
+                            name=extract_name,
+                            source=self.name,
                         )
 
-                else:
-                    extract_file = strelka.File(
-                        name=extract_name,
-                        source=self.name,
-                    )
+                        for c in strelka.chunk_string(native_stream.data):
+                            self.upload_to_coordinator(
+                                extract_file.pointer,
+                                c,
+                                expire_at,
+                            )
 
-                    for c in strelka.chunk_string(extract_data):
-                        self.upload_to_coordinator(
-                            extract_file.pointer,
-                            c,
-                            expire_at,
+                    else:
+                        extract_file = strelka.File(
+                            name=extract_name,
+                            source=self.name,
                         )
 
-                self.files.append(extract_file)
-                self.event['total']['extracted'] += 1
+                        for c in strelka.chunk_string(extract_data):
+                            self.upload_to_coordinator(
+                                extract_file.pointer,
+                                c,
+                                expire_at,
+                            )
+
+                    self.files.append(extract_file)
+                    self.event['total']['extracted'] += 1
 
         except OSError:
             type, value, traceback = sys.exc_info()
             self.flags.append('os_error')
             self.flags.append(f' {type} {value} {traceback}')
-        finally:
-            if ole is not None:
-                ole.close()

src/python/strelka/scanners/scan_pdf.py

@@ -14,6 +14,8 @@ class ScanPdf(strelka.Scanner):
         limit: Maximum number of files to extract.
             Defaults to 2000.
     """
+    def init(self):
+        fitz.TOOLS.mupdf_display_errors(False)
 
     def scan(self, data, file, options, expire_at):
         extract_text = options.get("extract_text", False)

src/python/strelka/scanners/scan_vba.py

@@ -16,52 +16,49 @@ def scan(self, data, file, options, expire_at):
         self.event['total'] = {'files': 0, 'extracted': 0}
 
         try:
-            vba = olevba.VBA_Parser(filename=file.name, data=data)
-            if vba.detect_vba_macros():
-                extract_macros = list(vba.extract_macros())
-                self.event['total']['files'] = len(extract_macros)
-                for (filename, stream_path, vba_filename, vba_code) in extract_macros:
-                    extract_file = strelka.File(
-                        name=f'{vba_filename}',
-                        source=self.name,
-                    )
-
-                    for c in strelka.chunk_string(vba_code):
-                        self.upload_to_coordinator(
-                            extract_file.pointer,
-                            c,
-                            expire_at,
+            with olevba.VBA_Parser(filename=file.name, data=data) as vba:
+                if vba.detect_vba_macros():
+                    extract_macros = list(vba.extract_macros())
+                    self.event['total']['files'] = len(extract_macros)
+                    for (filename, stream_path, vba_filename, vba_code) in extract_macros:
+                        extract_file = strelka.File(
+                            name=f'{vba_filename}',
+                            source=self.name,
                         )
 
-                    self.files.append(extract_file)
-                    self.event['total']['extracted'] += 1
+                        for c in strelka.chunk_string(vba_code):
+                            self.upload_to_coordinator(
+                                extract_file.pointer,
+                                c,
+                                expire_at,
+                            )
+
+                        self.files.append(extract_file)
+                        self.event['total']['extracted'] += 1
 
-                if analyze_macros:
-                    self.event.setdefault('auto_exec', [])
-                    self.event.setdefault('base64', [])
-                    self.event.setdefault('dridex', [])
-                    self.event.setdefault('hex', [])
-                    self.event.setdefault('ioc', [])
-                    self.event.setdefault('suspicious', [])
-                    macros = vba.analyze_macros()
-                    for (macro_type, keyword, description) in macros:
-                        if macro_type == 'AutoExec':
-                            self.event['auto_exec'].append(keyword)
-                        elif macro_type == 'Base64 String':
-                            self.event['base64'].append(keyword)
-                        elif macro_type == 'Dridex String':
-                            self.event['dridex'].append(keyword)
-                        elif macro_type == 'Hex String':
-                            self.event['hex'].append(keyword)
-                        elif macro_type == 'IOC':
-                            self.event['ioc'].append(keyword)
-                        elif macro_type == 'Suspicious':
-                            self.event['suspicious'].append(keyword)
-                        elif macro_type == 'VBA obfuscated Strings':
-                            self.event['vba_obfuscated'].append(keyword)
+                    if analyze_macros:
+                        self.event.setdefault('auto_exec', [])
+                        self.event.setdefault('base64', [])
+                        self.event.setdefault('dridex', [])
+                        self.event.setdefault('hex', [])
+                        self.event.setdefault('ioc', [])
+                        self.event.setdefault('suspicious', [])
+                        macros = vba.analyze_macros()
+                        for (macro_type, keyword, description) in macros:
+                            if macro_type == 'AutoExec':
+                                self.event['auto_exec'].append(keyword)
+                            elif macro_type == 'Base64 String':
+                                self.event['base64'].append(keyword)
+                            elif macro_type == 'Dridex String':
+                                self.event['dridex'].append(keyword)
+                            elif macro_type == 'Hex String':
+                                self.event['hex'].append(keyword)
+                            elif macro_type == 'IOC':
+                                self.event['ioc'].append(keyword)
+                            elif macro_type == 'Suspicious':
+                                self.event['suspicious'].append(keyword)
+                            elif macro_type == 'VBA obfuscated Strings':
+                                self.event['vba_obfuscated'].append(keyword)
 
         except olevba.FileOpenError:
             self.flags.append('file_open_error')
-        finally:
-            if vba is not None:
-                vba.close()