Macro deployment security changed yet again!

Started by Paul Herber, July 08, 2022, 07:27:59 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.


Visisthebest

I love the 'without telling anyone' part!

https://www.theregister.com/2022/07/08/office_macro_block_rollback/

Microsoft Defender could do deep scanning of VBA code to find issues for sure, why doesn't Microsoft use this instead? (or if they do, promote it more clearly).

Scanning VBA for security issues is trivial for the current generation of security software compared to some other security challenges out there.
Visio 2021 Professional

wapperdude

Yuck.  As I read along, it seems MS is already rolling this back.

It would seem MS hasn't followed the security trail to it's headpoint.  The simplist, absolutely guaranteed to work solution involving Office products is, just eliminate the products.  Surprised that such a simple, direct approach hasn't been implemented, rather than the highly complex, minimally effective solutions that keep reducing useability of the Office suite.  Guess they're headed that way, but refuse to admit it.  As long as the user has creative control/development / design automation access, there'll always be ability for abuse.
Visio 2019 Pro

Surrogate

Quote from: wapperdude on July 08, 2022, 04:08:01 PM
Yuck.  As I read along, it seems MS is already rolling this back
In other words, it's time to learn Python if you need anything from the list "creative control/development / design automation access" ?

Yacine

Yacine

Paul Herber

Electronic and Electrical engineering, business and software stencils for Visio -

https://www.paulherber.co.uk/

Yacine

#6
Quote from: Paul Herber on July 18, 2022, 08:32:28 PM
Can Python handle Visio events?

Yes, it can.
It requires some research though.
I had some headache to get it working in Jupyterlab. In plain python it should be easier.
I can upload a snippet if you want.
Yacine

Surrogate


Yacine

#8

Here you are.



import PySimpleGUI as sg

sg.change_look_and_feel('SystemDefaultForReal')


import win32com.client as win32
import pythoncom


vApp = win32.gencache.EnsureDispatch('Visio.Application')
# This code assumes you have already a Visio document open #
# You would otherwise need to write some file handling stuff #
vDoc = vApp.ActiveDocument
vPg = vApp.ActivePage
vWin = vApp.ActiveWindow
print(vDoc,vPg,vWin)


def foo():
    t = "You've selected the following shapes:\n"
    t += ''.join([f'    Shape {shp.Name}\n' for shp in list(vWin.Selection)])
    t += 'We could now perform some operations on them.'
    print(t)


class WinEvents:
    def OnSelectionChanged(self, *args):
        foo()


w_events = win32.WithEvents(vWin, WinEvents)


layout = [ [sg.T('Select random shapes in the drawing')],
    [sg.Button('Stop',key='Exit')]]
window = sg.Window('MyApp',layout,finalize=True)
while True:
    pythoncom.PumpWaitingMessages()
    event,values = window.read()
    if event is None or event == 'Exit':
        break
window.close()
#The following ensures that the events are no longer active. Not needed if the code ends here. #
w_events = None
vWin = None
vWin = vApp.ActiveWindow





To explain:


There's a lot of stuff handling the GUI (graphical user interface). It has nothing to do with events handling by itself, but it provides a loop that interrogates (contacts the events-) procedure.
I put it inside since you'll need it any anyway. (You can choose another type of loop, but this one showed to be very efficient - for me at least).


What are the key points?
- You connect to visio by means of ensuredispatch and get handles on the relevant objects (the application, the document, the page and the window)
- You'll define an event handler class (here "WinEvents")
  - in it you define the type of event to listen to (here "OnSelectionChanged"). You can define other or several ones.
  - the listening is launched by means of "w_events = win32.WithEvents(vWin, WinEvents)". A reference to the window object and the class handling the events.







Yacine

Paul Herber

Electronic and Electrical engineering, business and software stencils for Visio -

https://www.paulherber.co.uk/

wapperdude

Visio 2019 Pro