Support for extracting attachments from OneNote section files #1048
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
micahsnyder
changed the title
micahsnyder
force-pushed
the
CLAM-2330-onenote-c-api
branch
from
395151e
to
0a8b93a
Compare
|
I added 3 test tiles to demonstrate extraction of the clam.exe program from OneNote section files exported by OneNote 2007, OneNote 2010, and a recent Office364 OneNote export. If extraction were to fail, it would fail the libclamav unit tests as well as some clamd and clamscan tests. I have temporarily set the I think it's ready for review. |
ragusaa
reviewed
Oct 11, 2023
ragusaa
reviewed
Oct 11, 2023
ragusaa
requested changes
Oct 11, 2023
|
Ok fixed to remove hardcoded path and dead code. |
ragusaa
approved these changes
Oct 11, 2023
shutton
suggested changes
Oct 18, 2023
shutton
suggested changes
Nov 3, 2023
shutton
suggested changes
Nov 6, 2023
shutton
approved these changes
Nov 6, 2023
micahsnyder
force-pushed
the
CLAM-2330-onenote-c-api
branch
from
c59d598
to
03ca53e
Compare
micahsnyder
commented
Nov 8, 2023
micahsnyder
force-pushed
the
CLAM-2330-onenote-c-api
branch
from
03ca53e
to
cf9a608
Compare
micahsnyder
force-pushed
the
CLAM-2330-onenote-c-api
branch
2 times, most recently
from
ca55c59
to
2633cbc
Compare
ragusaa
approved these changes
Nov 30, 2023
Includes rudimentary support for getting slices from FMap's and for interacting with libclamav's context structure. For now will use a Cisco-Talos org fork of the onenote_parser until the feature to read open a onenote section from a slice (instead of from a filepath) is added to the upstream.
While interesting, it does not appear this warning is useful to anyone.
micahsnyder
force-pushed
the
CLAM-2330-onenote-c-api
branch
from
995d0b5
to
c7413f8
Compare
In order to generate Rust bindings for C code, Rust's bindgen module needs to know where to find all headers included by the API. If they're all inside the project or inside the standard include path (e.g. /usr/include and /usr/local/include) that's fine. But for third- party C library headers from outside the standard include path, that's a problem. We didn't really notice this problem when generating on Unix systems until we switched to use OpenSSL 3.1 and tested on systems that have the OpenSSL 1.1.1 dev package installed. The ability to find headers outside the project path is also needed to generate bindings on Windows, if desired. This commit solves the problem by passing include directories for the ClamAV::libclamav CMake build target to the Rust build via the CARGO_INCLUDE_DIRECTORIES environment variable. Then, in the `libclamav_rust/build.rs` script, where we run bindgen, we split that `;` separated string into invididual paths and add each to the bindgen builder.
The fmap structure has some stuff that differs in size in memory between Linux and Windows, and between 32bit and 64bit architectures. Notably, `time_t` appears to be defined by the Rust bindgen module as `ulong` which may be either 8 bytes or 4 bytes, depending architecture (thanks, C). To resolve this, we'll store time as a uint64_t instead. The other problem in the fmap structure is the windows file and map handles should always be exist, and may only be used in Windows, for consistency in sizing of the structure.
Fix Coverity issues 192935, 192932, 192928, and 192917. None of these are particularly serious. I thought I'd clean them up while trying to track down a strange crash that occurs in Windows debug builds with my specific setup when freeing the metadata filename pointer malloced by the UnRAR iface "peek" function. I wasn't able to figure out why freeing that causes a crash, so instead I converted it to an array that need not be freed, and my troubles melted away.
micahsnyder
force-pushed
the
CLAM-2330-onenote-c-api
branch
from
dc435b3
to
2500f74
Compare
ragusaa
approved these changes
Dec 7, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves: #819
Also includes rudimentary support in libclamav Rust code for getting slices from FMap's and for interacting with libclamav's context structure.