forked from sec-consult/msiscan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstandard_action.py
15 lines (13 loc) · 1.79 KB
/
standard_action.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
def analyze_standard_action(action, condition):
uninteresing = [
]
unknown = [
"ADMIN", "ADVERTISE", "AllocateRegistrySpace", "AppSearch", "BindImage", "CCPSearch", "CostFinalize", "CostInitialize", "CreateFolders", "CreateShortcuts", "DeleteServices", "DisableRollback", "DuplicateFiles", "ExecuteAction", "FileCost", "FindRelatedProducts", "ForceReboot", "INSTALL", "InstallAdminPackage", "InstallExecute", "InstallFiles", "InstallFinalize", "InstallInitialize", "InstallSFPCatalogFile", "InstallValidate", "IsolateComponents", "LaunchConditions", "MigrateFeatureStates", "MoveFiles", "MsiConfigureServices", "MsiPublishAssemblies action", "MsiUnpublishAssemblies", "InstallODBC", "InstallServices", "PatchFiles", "ProcessComponents", "PublishComponents", "PublishFeatures", "PublishProduct", "RegisterClassInfo", "RegisterComPlus", "RegisterExtensionInfo", "RegisterFonts", "RegisterMIMEInfo", "RegisterProduct", "RegisterProgIdInfo", "RegisterTypeLibraries", "RegisterUser", "RemoveDuplicateFiles", "RemoveEnvironmentStrings", "RemoveExistingProducts", "RemoveFiles", "RemoveFolders", "RemoveIniValues", "RemoveODBC", "RemoveRegistryValues", "RemoveShortcuts", "ResolveSource", "RMCCPSearch", "ScheduleReboot", "SelfRegModules", "SelfUnregModules", "SEQUENCE", "SetODBCFolders Action", "StartServices", "StopServices", "UnpublishComponents", "UnpublishFeatures", "UnregisterClassInfo", "UnregisterComPlus", "UnregisterExtensionInfo", "UnregisterFonts", "UnregisterMIMEInfo", "UnregisterProgIdInfo", "UnregisterTypeLibraries", "ValidateProductID", "WriteEnvironmentStrings", "WriteIniValues", "WriteRegistryValues"
]
if action in uninteresing:
return None, None
if action in unknown:
return None, None
if action == "PrepareDlg":
return f"{action} {condition}", "white"
return f"UNKNOWN ACTION: {action}", "white"