Package de.pdf_scrutinizer.API

Source Code of de.pdf_scrutinizer.API.Util

/*
* PDF Scrutinizer, a library for detecting and analyzing malicious PDF documents.
* Copyright 2013  Florian Schmitt <florian@florianschmitt.de>, Fraunhofer FKIE
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

package de.pdf_scrutinizer.API;

import java.util.Arrays;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.mozilla.javascript.Interpreter;

import de.pdf_scrutinizer.Scrutinizer;
import de.pdf_scrutinizer.data.MethodVulnerability;
import de.pdf_scrutinizer.utils.Reflect;

public class Util {
    private Log log = LogFactory.getLog(Interpreter.class);

    private final Scrutinizer scrutinizer;

    public Util(Scrutinizer scrutinizer) {
        this.scrutinizer = scrutinizer;
    }

    public void printd(String cFormat, Object oDate) {
        printd(cFormat, oDate, false);
    }

    /*
     * used along with media.newPlayer(null)-Exploit
     * 2 times before 1 time after. each time cFormat 36 chars = 72byte long.
     *
     * 'p@111111111111111111111111 : yyyy111'
     */
    public void printd(String cFormat, Object oDate, boolean bXFAPicture) {
        Reflect.getMethodName();
        //System.out.println(cFormat.length());
    }

    public void printf(String cFormat) {
        printf(cFormat, null);
        //System.out.println(cFormat); //FIXME: debug?
    }

    public void printf(String cFormat, Object arguments) {
        Reflect.getMethodName();
        //FIXME: are these the only vulnerable strings?
        String[] vuln_strs = {"%45000.45000f", "%45000f"};

        if (Arrays.asList(vuln_strs).contains(cFormat)) {
            MethodVulnerability vuln = new MethodVulnerability("CVE-2008-2992", "Util.printf", "buffer overflow");
            scrutinizer.getAnalysisResult().vulnerabilityUsed(vuln);
        } else {
            log.debug("util.printf(\"" + cFormat + "\")");
        }
    }

    /*
     * not documented
     * used by
     * 'CVE-2009-0927 CVE-2007-5659 PDF 2010-04-02_ IPR in China final.pdf='
     * md5: c497c02464ae74bbc94120d1cbe88d49
     */
    public char byteToChar(byte b) {
        return (char) b;
    }
}
TOP

Related Classes of de.pdf_scrutinizer.API.Util

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.