Module `refinery.units.scripting.vba`

Expand source code Browse git

from __future__ import annotations

from refinery.lib.scripts.vba.deobfuscation import deobfuscate
from refinery.lib.scripts.vba.model import VbaModule
from refinery.lib.scripts.vba.parser import VbaParser
from refinery.lib.scripts.vba.synth import VbaSynthesizer
from refinery.units.scripting import IterativeDeobfuscator


class vba(IterativeDeobfuscator):
    """
    AST-based VBA deobfuscator and pretty-printer.

    Parses the VBA code into an abstract syntax tree, applies simplifying transformations, and
    synthesizes clean output. Deobfuscating transformations are iterated until the output does not
    change any more: This unit targets the deobfuscation of malicious VBA macros in Office
    documents.
    """

    def parse(self, data: str) -> VbaModule:
        return VbaParser(data).parse()

    transform = staticmethod(deobfuscate)

    def synthesize(self, ast: VbaModule) -> str:
        return VbaSynthesizer().convert(ast)

Classes

class vba (timeout=100)

AST-based VBA deobfuscator and pretty-printer.

Parses the VBA code into an abstract syntax tree, applies simplifying transformations, and synthesizes clean output. Deobfuscating transformations are iterated until the output does not change any more: This unit targets the deobfuscation of malicious VBA macros in Office documents.

Expand source code Browse git

class vba(IterativeDeobfuscator):
    """
    AST-based VBA deobfuscator and pretty-printer.

    Parses the VBA code into an abstract syntax tree, applies simplifying transformations, and
    synthesizes clean output. Deobfuscating transformations are iterated until the output does not
    change any more: This unit targets the deobfuscation of malicious VBA macros in Office
    documents.
    """

    def parse(self, data: str) -> VbaModule:
        return VbaParser(data).parse()

    transform = staticmethod(deobfuscate)

    def synthesize(self, ast: VbaModule) -> str:
        return VbaSynthesizer().convert(ast)

Ancestors

Subclasses

Class variables

var reverse: The type of the None singleton.

Static methods

def transform(ast)

Apply all available deobfuscators to the input.

Expand source code Browse git

def deobfuscate(ast: VbaModule) -> bool:
    """
    Apply all available deobfuscators to the input.
    """
    return VbaSimplifications().deobfuscate(ast)

Methods

def parse(self, data)

Expand source code Browse git

def parse(self, data: str) -> VbaModule:
    return VbaParser(data).parse()

def synthesize(self, ast)

Expand source code Browse git

def synthesize(self, ast: VbaModule) -> str:
    return VbaSynthesizer().convert(ast)

Inherited members

IterativeDeobfuscator:
- FilterEverything
- Requires
- act
- assemble
- codec
- console
- filter
- finish
- handles
- is_quiet
- is_reversible
- isatty
- labelled
- leniency
- log_always
- log_debug
- log_detach
- log_fail
- log_info
- log_level
- log_warn
- logger
- name
- nozzle
- optional_dependencies
- read
- read1
- required_dependencies
- reset
- run
- source
- superinit
UnitBase:
- process