Here is the brief description of the problem.
I am working on identifying excel files which have CMD functions such as "=cmd|'/C calc'!A0" for security filtering. We have to currently use Java to parse these files.
I used the following two approaches:
Does anyone have some suggestions how i can go about this ? It would be really helpful.
Thank you.
I did find an elaborate soln which i used using the above linked stackoverflow.. It handles for both XSSF and HSSF.
if (workbook instanceof XSSFWorkbook) {
XSSFWorkbook xssfWorkbook = (XSSFWorkbook) workbook;
List<ExternalLinksTable> externalLinks = xssfWorkbook.getExternalLinksTable();
for (ExternalLinksTable linksTable : externalLinks) {
if (linksTable.getCTExternalLink().isSetDdeLink()) {
return false;
}
}
} else {
HSSFWorkbook hssfWorkbook = (HSSFWorkbook) workbook;
Set<String> references = getWorkbookReferences(hssfWorkbook);
if (containsStartsWithSubString(references, "cmd")) {
return false;
}
}
private Set<String> getWorkbookReferences (HSSFWorkbook wb)
{
Set<String> references = new HashSet<>();
InternalWorkbook internalWorkbook = wb.getInternalWorkbook();
int extSheetIdx = 0;
while (internalWorkbook.getExternalSheet(extSheetIdx) != null) {
EvaluationWorkbook.ExternalSheet extSheet =
internalWorkbook.getExternalSheet(extSheetIdx++);
references.add(extSheet.getWorkbookName());
// fail safe.
if (extSheetIdx > maxExterLinks) {
return references;
}
}
return references;
}
Any suggestions are welcome!
I am still working on how to identify for Word documents, unfortunately :)
There is no option to get the complete string of the cell if there is a formula in the cell as below
SUM(1+1)*cmd|' /C calc'!A0
When I use myCell.getCellFormula()
the result is SUM(1+1)*A1
which is not an expected one.
I wanted to block the =cmd| or cmd| if found in a particular cell in the sheet.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.