Author Topic: Macro deployment security changed yet again!  (Read 1555 times)

0 Members and 1 Guest are viewing this topic.

Paul Herber

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3310
    • Paul Herber's website
Electronic and Electrical engineering, business and software stencils and applications for Visio -

https://www.paulherber.co.uk/

Visisthebest

  • Hero Member
  • *****
  • Posts: 663
Re: Macro deployment security changed yet again!
« Reply #1 on: July 08, 2022, 08:42:16 AM »
I love the 'without telling anyone' part!

https://www.theregister.com/2022/07/08/office_macro_block_rollback/

Microsoft Defender could do deep scanning of VBA code to find issues for sure, why doesn't Microsoft use this instead? (or if they do, promote it more clearly).

Scanning VBA for security issues is trivial for the current generation of security software compared to some other security challenges out there.
Visio 2021 Professional

wapperdude

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4477
  • Ideas Visio-lized into solutions
Re: Macro deployment security changed yet again!
« Reply #2 on: July 08, 2022, 11:08:01 AM »
Yuck.  As I read along, it seems MS is already rolling this back.

It would seem MS hasn't followed the security trail to it's headpoint.  The simplist, absolutely guaranteed to work solution involving Office products is, just eliminate the products.  Surprised that such a simple, direct approach hasn't been implemented, rather than the highly complex, minimally effective solutions that keep reducing useability of the Office suite.  Guess they're headed that way, but refuse to admit it.  As long as the user has creative control/development / design automation access, there'll always be ability for abuse.
Visio 2019 Pro

Surrogate

  • Hero Member
  • *****
  • Posts: 1636
    • ShapeSheet™ Knowledge Base
Re: Macro deployment security changed yet again!
« Reply #3 on: July 18, 2022, 02:02:56 AM »
Yuck.  As I read along, it seems MS is already rolling this back
In other words, it's time to learn Python if you need anything from the list "creative control/development / design automation access" ?

Yacine

  • Hero Member
  • *****
  • Posts: 3000
Re: Macro deployment security changed yet again!
« Reply #4 on: July 18, 2022, 02:41:00 PM »
I'm biased. Can't give a thumbs up. ;)
Yacine

Paul Herber

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3310
    • Paul Herber's website
Re: Macro deployment security changed yet again!
« Reply #5 on: July 18, 2022, 03:32:28 PM »
Can Python handle Visio events?
Electronic and Electrical engineering, business and software stencils and applications for Visio -

https://www.paulherber.co.uk/

Yacine

  • Hero Member
  • *****
  • Posts: 3000
Re: Macro deployment security changed yet again!
« Reply #6 on: July 19, 2022, 02:17:10 AM »
Can Python handle Visio events?

Yes, it can.
It requires some research though.
I had some headache to get it working in Jupyterlab. In plain python it should be easier.
I can upload a snippet if you want.
« Last Edit: July 19, 2022, 05:14:37 AM by Yacine »
Yacine

Surrogate

  • Hero Member
  • *****
  • Posts: 1636
    • ShapeSheet™ Knowledge Base
Re: Macro deployment security changed yet again!
« Reply #7 on: July 19, 2022, 03:13:55 AM »
I can upload a snippet if you want.
I want

Yacine

  • Hero Member
  • *****
  • Posts: 3000
Re: Macro deployment security changed yet again!
« Reply #8 on: July 19, 2022, 04:06:45 AM »

Here you are.


Code
import PySimpleGUI as sg

sg.change_look_and_feel('SystemDefaultForReal')


import win32com.client as win32
import pythoncom


vApp = win32.gencache.EnsureDispatch('Visio.Application')
# This code assumes you have already a Visio document open #
# You would otherwise need to write some file handling stuff #
vDoc = vApp.ActiveDocument
vPg = vApp.ActivePage
vWin = vApp.ActiveWindow
print(vDoc,vPg,vWin)


def foo():
    t = "You've selected the following shapes:\n"
    t += ''.join([f'    Shape {shp.Name}\n' for shp in list(vWin.Selection)])
    t += 'We could now perform some operations on them.'
    print(t)


class WinEvents:
    def OnSelectionChanged(self, *args):
        foo()


w_events = win32.WithEvents(vWin, WinEvents)


layout = [ [sg.T('Select random shapes in the drawing')],
    [sg.Button('Stop',key='Exit')]]
window = sg.Window('MyApp',layout,finalize=True)
while True:
    pythoncom.PumpWaitingMessages()
    event,values = window.read()
    if event is None or event == 'Exit':
        break
window.close()
#The following ensures that the events are no longer active. Not needed if the code ends here. #
w_events = None
vWin = None
vWin = vApp.ActiveWindow




To explain:


There's a lot of stuff handling the GUI (graphical user interface). It has nothing to do with events handling by itself, but it provides a loop that interrogates (contacts the events-) procedure.
I put it inside since you'll need it any anyway. (You can choose another type of loop, but this one showed to be very efficient - for me at least).


What are the key points?
- You connect to visio by means of ensuredispatch and get handles on the relevant objects (the application, the document, the page and the window)
- You'll define an event handler class (here "WinEvents")
  - in it you define the type of event to listen to (here "OnSelectionChanged"). You can define other or several ones.
  - the listening is launched by means of "w_events = win32.WithEvents(vWin, WinEvents)". A reference to the window object and the class handling the events.







« Last Edit: July 19, 2022, 08:37:57 AM by Yacine »
Yacine

Paul Herber

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3310
    • Paul Herber's website
Electronic and Electrical engineering, business and software stencils and applications for Visio -

https://www.paulherber.co.uk/

wapperdude

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4477
  • Ideas Visio-lized into solutions
Re: Macro deployment security changed yet again!
« Reply #10 on: July 23, 2022, 01:39:04 PM »
Let the good times roll.  Not!
Visio 2019 Pro