function utils.IsOfficeLockFile()

in ransomware/artifact.lua [198:246]

• 45 lines of code
• 4 McCabe index (conditional complexity)

function utils.IsOfficeLockFile(extension, fileName)

    
    local officeExtensions = {
        'doc',
        'docb',
        'docm',
        'docx',
        'dotm',
        'dotx',
        'dot',
        'wbk',
        'pot',
        'potm',
        'potx',
        'ppam',
        'pps',
        'ppsm',
        'ppsx',
        'ppt',
        'pptm',
        'pptx',
        'sldm',
        'sldx',
        'xla',
        'xlam',
        'xll',
        'xlm',
        'xls',
        'xlsb',
        'xlsm',
        'xlsx',
        'xlt',
        'xltm',
        'xltx',
        'xlw'
    }

    if utils.TableHasValue(officeExtensions, extension) then
        local index = string.find(fileName, '~$', nil, true)
        if index ~= nil then
            if index == 1 then
                return true
            end
        end
    end

    return false
end