title update; disabled by default

2025-07-06 21:00:22 +00:00 · 2023-07-23 14:09:01 -04:00 · 2023-07-23 14:09:01 -04:00 · 315b8abbc5
commit 315b8abbc5
parent dd2b56eb55
4 changed files with 35 additions and 28 deletions
--- a/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/Bundle.properties-MERGED
+++ b/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/Bundle.properties-MERGED
@ -19,5 +19,5 @@ MalwareScanIngestModule_ShareProcessing_batchTimeout_title=Batch Processing Time
 MalwareScanIngestModule_ShareProcessing_lowLimitWarning_desc=This license only has {0} lookups remaining
 MalwareScanIngestModule_ShareProcessing_lowLimitWarning_title=Hash Lookups Low
 MalwareScanIngestModuleFactory_description=The malware scan ingest module queries the Cyber Triage cloud API for any possible malicious executables.
-MalwareScanIngestModuleFactory_displayName=Cyber Triage Malware Scan
+MalwareScanIngestModuleFactory_displayName=Cyber Triage Malware Scanner
 MalwareScanIngestModuleFactory_version=1.0.0
--- a/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/MalwareScanIngestModuleFactory.java
+++ b/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/MalwareScanIngestModuleFactory.java
@ -31,15 +31,22 @@ import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings;
 */
@ServiceProvider(service = org.sleuthkit.autopsy.ingest.IngestModuleFactory.class)
@Messages({
-    "MalwareScanIngestModuleFactory_displayName=Cyber Triage Malware Scan",
+    "MalwareScanIngestModuleFactory_displayName=Cyber Triage Malware Scanner",
    "MalwareScanIngestModuleFactory_description=The malware scan ingest module queries the Cyber Triage cloud API for any possible malicious executables.",
    "MalwareScanIngestModuleFactory_version=1.0.0"
 })
 public class MalwareScanIngestModuleFactory extends IngestModuleFactoryAdapter {

+    /**
+     * @return The display name for the factory (static method).
+     */
+    public static String getDisplayName() {
+        return Bundle.MalwareScanIngestModuleFactory_displayName();
+    }
+
    @Override
    public String getModuleDisplayName() {
-        return Bundle.MalwareScanIngestModuleFactory_displayName();
+        return MalwareScanIngestModuleFactory.getDisplayName();
    }

    @Override
--- a/Core/src/org/sleuthkit/autopsy/ingest/IngestJobSettings.java
+++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestJobSettings.java
@ -18,6 +18,7 @@
 */
 package org.sleuthkit.autopsy.ingest;

+import com.basistech.df.cybertriage.autopsy.malwarescan.MalwareScanIngestModuleFactory;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
@ -33,7 +34,10 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 import java.util.logging.Level;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
 import org.openide.util.NbBundle;
 import org.openide.util.io.NbObjectInputStream;
 import org.openide.util.io.NbObjectOutputStream;
@ -54,6 +58,11 @@ public final class IngestJobSettings {
    private static final String LAST_FILE_INGEST_FILTER_PROPERTY = "Last_File_Ingest_Filter"; //NON-NLS
    private static final String MODULE_SETTINGS_FOLDER_NAME = "IngestSettings"; //NON-NLS
    
+    private static final Set<String> DEFAULT_DISABLED_MODULES = Stream.of(
+            "Plaso",
+            MalwareScanIngestModuleFactory.getDisplayName()
+    ).collect(Collectors.toSet());
+    
    private static final String MODULE_SETTINGS_FOLDER = Paths.get(
            Paths.get(PlatformUtil.getUserConfigDirectory()).relativize(Paths.get(PlatformUtil.getModuleConfigDirectory())).toString(),
            MODULE_SETTINGS_FOLDER_NAME
@ -361,36 +370,23 @@ public final class IngestJobSettings {
            loadedModuleNames.add(moduleFactory.getModuleDisplayName());
        }

-        /**
-         * Hard coding Plaso to be disabled by default. loadedModuleNames is
-         * passed below as the default list of enabled modules so briefly remove
-         * Plaso from loaded modules to get the list of enabled and disabled
-         * modules names. Then put Plaso back into loadedModulesNames to let the
-         * rest of the code continue as before.
-         */
-        final String plasoModuleName = "Plaso";
-        boolean plasoLoaded = loadedModuleNames.contains(plasoModuleName);
-        if (plasoLoaded) {
-            loadedModuleNames.remove(plasoModuleName);
+
+        List<String> defaultEnabledAndLoaded = new ArrayList<>();
+        List<String> defaultDisabledAndLoaded = new ArrayList<>();
+        for (String loadedModule: loadedModuleNames) {
+            if (DEFAULT_DISABLED_MODULES.contains(loadedModule)) {
+                defaultDisabledAndLoaded.add(loadedModule);
+            } else {
+                defaultEnabledAndLoaded.add(loadedModule);
+            }
        }

        /**
         * Get the enabled/disabled ingest modules settings for this context. By
         * default, all loaded modules except Plaso are enabled.
         */
-        HashSet<String> enabledModuleNames = getModulesNames(this.executionContext, IngestJobSettings.ENABLED_MODULES_PROPERTY, makeCsvList(loadedModuleNames));
-        HashSet<String> disabledModuleNames = getModulesNames(this.executionContext, IngestJobSettings.DISABLED_MODULES_PROPERTY, plasoModuleName); //NON-NLS
-
-        // If plaso was loaded, but appears in neither the enabled nor the 
-        // disabled list, add it to the disabled list.
-        if (!enabledModuleNames.contains(plasoModuleName) && !disabledModuleNames.contains(plasoModuleName)) {
-            disabledModuleNames.add(plasoModuleName);
-        }
-
-        //Put plaso back into loadedModuleNames
-        if (plasoLoaded) {
-            loadedModuleNames.add(plasoModuleName);
-        }
+        HashSet<String> enabledModuleNames = getModulesNames(this.executionContext, IngestJobSettings.ENABLED_MODULES_PROPERTY, makeCsvList(defaultEnabledAndLoaded));
+        HashSet<String> disabledModuleNames = getModulesNames(this.executionContext, IngestJobSettings.DISABLED_MODULES_PROPERTY, makeCsvList(defaultDisabledAndLoaded)); //NON-NLS

        /**
         * Check for missing modules and create warnings if any are found.
--- a/Core/src/org/sleuthkit/autopsy/integrationtesting/ConfigurationModuleManager.java
+++ b/Core/src/org/sleuthkit/autopsy/integrationtesting/ConfigurationModuleManager.java
@ -18,6 +18,7 @@
 */
 package org.sleuthkit.autopsy.integrationtesting;

+import com.basistech.df.cybertriage.autopsy.malwarescan.MalwareScanIngestModuleFactory;
 import java.lang.reflect.Method;
 import java.lang.reflect.ParameterizedType;
 import java.lang.reflect.Type;
@ -46,7 +47,10 @@ public class ConfigurationModuleManager {
    private static final Logger logger = Logger.getLogger(ConfigurationModuleManager.class.getName());

    private static final IngestJobSettings.IngestType DEFAULT_INGEST_FILTER_TYPE = IngestJobSettings.IngestType.ALL_MODULES;
-    private static final Set<String> DEFAULT_EXCLUDED_MODULES = Stream.of("Plaso").collect(Collectors.toSet());
+    private static final Set<String> DEFAULT_EXCLUDED_MODULES = Stream.of(
+            "Plaso",
+            MalwareScanIngestModuleFactory.getDisplayName()
+    ).collect(Collectors.toSet());
    private static final ConfigDeserializer configDeserializer = new ConfigDeserializer();

    /**