textproc/py-xlmmacrodeobfuscator: Add py-xlmmacrodeobfuscator 0.2.6

XLMMacroDeobfuscator can be used to decode obfuscated XLM macros (also known as
Excel 4.0 macros). It utilizes an internal XLM emulator to interpret the macros,
without fully performing the code.

It supports both xls, xlsm, and xlsb formats.

It uses xlrd2, pyxlsb2 and its own parser to extract cells and other information
from xls, xlsb and xlsm files, respectively.

WWW: https://github.com/DissectMalware/XLMMacroDeobfuscator

5 files changed, 54 insertions, 0 deletions

diff --git a/textproc/Makefile b/textproc/Makefile
index 25be53921f8d..e1929e216bf8 100644
--- a/textproc/Makefile
+++ b/textproc/Makefile
@@ -1565,6 +1565,7 @@
     SUBDIR += py-wtf-peewee
     SUBDIR += py-wtforms
     SUBDIR += py-xhtml2pdf
+    SUBDIR += py-xlmmacrodeobfuscator
     SUBDIR += py-xlrd
     SUBDIR += py-xlsxwriter
     SUBDIR += py-xlutils
diff --git a/textproc/py-xlmmacrodeobfuscator/Makefile b/textproc/py-xlmmacrodeobfuscator/Makefile
new file mode 100644
index 000000000000..397ec6e632b2
--- /dev/null
+++ b/textproc/py-xlmmacrodeobfuscator/Makefile
@@ -0,0 +1,26 @@
+PORTNAME=	xlmmacrodeobfuscator
+PORTVERSION=	0.2.6
+CATEGORIES=	textproc python
+MASTER_SITES=	CHEESESHOP
+PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}
+DISTNAME=	XLMMacroDeobfuscator-${PORTVERSION}
+
+MAINTAINER=	sunpoet@FreeBSD.org
+COMMENT=	XLM Emulation engine designed to analyze and deobfuscate malicious XLM macros
+
+LICENSE=	APACHE20
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}lark>=0:devel/py-lark@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}msoffcrypto-tool>=0:security/py-msoffcrypto-tool@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}pyxlsb2>=0:textproc/py-pyxlsb2@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}roman>=0:math/py-roman@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}untangle>=1.1.1:textproc/py-untangle@${PY_FLAVOR} \
+		${PYTHON_PKGNAMEPREFIX}xlrd2>=0:textproc/py-xlrd2@${PY_FLAVOR}
+
+USES=		python:3.7+
+USE_PYTHON=	autoplist concurrent distutils
+
+NO_ARCH=	yes
+
+.include <bsd.port.mk>
diff --git a/textproc/py-xlmmacrodeobfuscator/distinfo b/textproc/py-xlmmacrodeobfuscator/distinfo
new file mode 100644
index 000000000000..9aeffef10fcf
--- /dev/null
+++ b/textproc/py-xlmmacrodeobfuscator/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1660576698
+SHA256 (XLMMacroDeobfuscator-0.2.6.tar.gz) = 2200828ec15b83517b9f6e085808a682c0d3c4ba802b4c48d2f7b3b9c84c58b1
+SIZE (XLMMacroDeobfuscator-0.2.6.tar.gz) = 48247
diff --git a/textproc/py-xlmmacrodeobfuscator/files/patch-setup.py b/textproc/py-xlmmacrodeobfuscator/files/patch-setup.py
new file mode 100644
index 000000000000..e8be65a38cfd
--- /dev/null
+++ b/textproc/py-xlmmacrodeobfuscator/files/patch-setup.py
@@ -0,0 +1,14 @@
+--- setup.py.orig	2022-02-03 00:53:18 UTC
++++ setup.py
+@@ -35,9 +35,9 @@ setup(

+     python_requires='>=3.4',

+     install_requires=[

+         "pyxlsb2",

+-        "lark-parser",

++        "lark",

+         "xlrd2",

+-        "untangle==1.1.1",

++        "untangle>=1.1.1",

+         "msoffcrypto-tool",

+         "roman"

+     ],

diff --git a/textproc/py-xlmmacrodeobfuscator/pkg-descr b/textproc/py-xlmmacrodeobfuscator/pkg-descr
new file mode 100644
index 000000000000..b52cd1686f40
--- /dev/null
+++ b/textproc/py-xlmmacrodeobfuscator/pkg-descr
@@ -0,0 +1,10 @@
+XLMMacroDeobfuscator can be used to decode obfuscated XLM macros (also known as
+Excel 4.0 macros). It utilizes an internal XLM emulator to interpret the macros,
+without fully performing the code.
+
+It supports both xls, xlsm, and xlsb formats.
+
+It uses xlrd2, pyxlsb2 and its own parser to extract cells and other information
+from xls, xlsb and xlsm files, respectively.
+
+WWW: https://github.com/DissectMalware/XLMMacroDeobfuscator