Macro deployment security changed yet again!

[Paul Herber]

https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/bc-p/3566698/highlight/true#M4280

[Visisthebest]

I love the 'without telling anyone' part!

https://www.theregister.com/2022/07/08/office_macro_block_rollback/

Microsoft Defender could do deep scanning of VBA code to find issues for sure, why doesn't Microsoft use this instead? (or if they do, promote it more clearly).

Scanning VBA for security issues is trivial for the current generation of security software compared to some other security challenges out there.

[wapperdude]

Yuck.  As I read along, it seems MS is already rolling this back.

It would seem MS hasn't followed the security trail to it's headpoint.  The simplist, absolutely guaranteed to work solution involving Office products is, just eliminate the products.  Surprised that such a simple, direct approach hasn't been implemented, rather than the highly complex, minimally effective solutions that keep reducing useability of the Office suite.  Guess they're headed that way, but refuse to admit it.  As long as the user has creative control/development / design automation access, there'll always be ability for abuse.

[Surrogate]

Yuck.  As I read along, it seems MS is already rolling this back

In other words, it's time to learn Python if you need anything from the list "creative control/development / design automation access" ?

[Yacine]

I'm biased. Can't give a thumbs up.

[Paul Herber]

Can Python handle Visio events?

[Yacine]

Can Python handle Visio events?

Yes, it can.
It requires some research though.
I had some headache to get it working in Jupyterlab. In plain python it should be easier.
I can upload a snippet if you want.

[Surrogate]

I can upload a snippet if you want.

I want

[Yacine]

Here you are.

Code

import PySimpleGUI as sg

sg.change_look_and_feel('SystemDefaultForReal')


import win32com.client as win32
import pythoncom


vApp = win32.gencache.EnsureDispatch('Visio.Application')
# This code assumes you have already a Visio document open #
# You would otherwise need to write some file handling stuff #
vDoc = vApp.ActiveDocument
vPg = vApp.ActivePage
vWin = vApp.ActiveWindow
print(vDoc,vPg,vWin)


def foo():
    t = "You've selected the following shapes:\n"
    t += ''.join([f'    Shape {shp.Name}\n' for shp in list(vWin.Selection)])
    t += 'We could now perform some operations on them.'
    print(t)


class WinEvents:
    def OnSelectionChanged(self, *args):
        foo()


w_events = win32.WithEvents(vWin, WinEvents)


layout = [ [sg.T('Select random shapes in the drawing')],
    [sg.Button('Stop',key='Exit')]]
window = sg.Window('MyApp',layout,finalize=True)
while True:
    pythoncom.PumpWaitingMessages()
    event,values = window.read()
    if event is None or event == 'Exit':
        break
window.close()
#The following ensures that the events are no longer active. Not needed if the code ends here. #
w_events = None
vWin = None
vWin = vApp.ActiveWindow

To explain:


There's a lot of stuff handling the GUI (graphical user interface). It has nothing to do with events handling by itself, but it provides a loop that interrogates (contacts the events-) procedure.
I put it inside since you'll need it any anyway. (You can choose another type of loop, but this one showed to be very efficient - for me at least).


What are the key points?
- You connect to visio by means of ensuredispatch and get handles on the relevant objects (the application, the document, the page and the window)
- You'll define an event handler class (here "WinEvents")
  - in it you define the type of event to listen to (here "OnSelectionChanged"). You can define other or several ones.
  - the listening is launched by means of "w_events = win32.WithEvents(vWin, WinEvents)". A reference to the window object and the class handling the events.

[Paul Herber]

More on the VBA to and fro:
https://www.theregister.com/2022/07/22/microsoft-windows-vba-macros/

[wapperdude]

Let the good times roll.  Not!