title update; disabled by default

2025-07-06 21:00:22 +00:00 · 2023-07-23 14:09:01 -04:00 · 2023-07-23 14:09:01 -04:00 · 315b8abbc5
commit 315b8abbc5
parent dd2b56eb55
4 changed files with 35 additions and 28 deletions
--- a/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/Bundle.properties-MERGED
+++ b/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/Bundle.properties-MERGED
@ -19,5 +19,5 @@ MalwareScanIngestModule_ShareProcessing_batchTimeout_title=Batch Processing Time
 MalwareScanIngestModule_ShareProcessing_lowLimitWarning_desc=This license only has {0} lookups remaining
 MalwareScanIngestModule_ShareProcessing_lowLimitWarning_title=Hash Lookups Low
 MalwareScanIngestModuleFactory_description=The malware scan ingest module queries the Cyber Triage cloud API for any possible malicious executables.
-MalwareScanIngestModuleFactory_displayName=Cyber Triage Malware Scan
+MalwareScanIngestModuleFactory_displayName=Cyber Triage Malware Scanner
 MalwareScanIngestModuleFactory_version=1.0.0
--- a/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/MalwareScanIngestModuleFactory.java
+++ b/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/MalwareScanIngestModuleFactory.java
@ -31,15 +31,22 @@ import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings;
 */
@ServiceProvider(service = org.sleuthkit.autopsy.ingest.IngestModuleFactory.class)
@Messages({
-    "MalwareScanIngestModuleFactory_displayName=Cyber Triage Malware Scan",
+    "MalwareScanIngestModuleFactory_displayName=Cyber Triage Malware Scanner",
    "MalwareScanIngestModuleFactory_description=The malware scan ingest module queries the Cyber Triage cloud API for any possible malicious executables.",
    "MalwareScanIngestModuleFactory_version=1.0.0"
 })
 public class MalwareScanIngestModuleFactory extends IngestModuleFactoryAdapter {
    /**
     * @return The display name for the factory (static method).
     */
    public static String getDisplayName() {
        return Bundle.MalwareScanIngestModuleFactory_displayName();
    }
    @Override
    public String getModuleDisplayName() {
-        return Bundle.MalwareScanIngestModuleFactory_displayName();
+        return MalwareScanIngestModuleFactory.getDisplayName();
    }
    @Override
--- a/Core/src/org/sleuthkit/autopsy/ingest/IngestJobSettings.java
+++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestJobSettings.java
@ -18,6 +18,7 @@
 */
 package org.sleuthkit.autopsy.ingest;
 import com.basistech.df.cybertriage.autopsy.malwarescan.MalwareScanIngestModuleFactory;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
@ -33,7 +34,10 @@ import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import org.openide.util.NbBundle;
 import org.openide.util.io.NbObjectInputStream;
 import org.openide.util.io.NbObjectOutputStream;
@ -54,6 +58,11 @@ public final class IngestJobSettings {
    private static final String LAST_FILE_INGEST_FILTER_PROPERTY = "Last_File_Ingest_Filter"; //NON-NLS
    private static final String MODULE_SETTINGS_FOLDER_NAME = "IngestSettings"; //NON-NLS
    private static final Set<String> DEFAULT_DISABLED_MODULES = Stream.of(
            "Plaso",
            MalwareScanIngestModuleFactory.getDisplayName()
    ).collect(Collectors.toSet());
    private static final String MODULE_SETTINGS_FOLDER = Paths.get(
            Paths.get(PlatformUtil.getUserConfigDirectory()).relativize(Paths.get(PlatformUtil.getModuleConfigDirectory())).toString(),
            MODULE_SETTINGS_FOLDER_NAME
@ -361,36 +370,23 @@ public final class IngestJobSettings {
            loadedModuleNames.add(moduleFactory.getModuleDisplayName());
        }
-        /**
+
-         * Hard coding Plaso to be disabled by default. loadedModuleNames is
+        List<String> defaultEnabledAndLoaded = new ArrayList<>();
-         * passed below as the default list of enabled modules so briefly remove
+        List<String> defaultDisabledAndLoaded = new ArrayList<>();
-         * Plaso from loaded modules to get the list of enabled and disabled
+        for (String loadedModule: loadedModuleNames) {
-         * modules names. Then put Plaso back into loadedModulesNames to let the
+            if (DEFAULT_DISABLED_MODULES.contains(loadedModule)) {
-         * rest of the code continue as before.
+                defaultDisabledAndLoaded.add(loadedModule);
-         */
+            } else {
-        final String plasoModuleName = "Plaso";
+                defaultEnabledAndLoaded.add(loadedModule);
-        boolean plasoLoaded = loadedModuleNames.contains(plasoModuleName);
+            }
        if (plasoLoaded) {
            loadedModuleNames.remove(plasoModuleName);
        }
        /**
         * Get the enabled/disabled ingest modules settings for this context. By
         * default, all loaded modules except Plaso are enabled.
         */
-        HashSet<String> enabledModuleNames = getModulesNames(this.executionContext, IngestJobSettings.ENABLED_MODULES_PROPERTY, makeCsvList(loadedModuleNames));
+        HashSet<String> enabledModuleNames = getModulesNames(this.executionContext, IngestJobSettings.ENABLED_MODULES_PROPERTY, makeCsvList(defaultEnabledAndLoaded));
-        HashSet<String> disabledModuleNames = getModulesNames(this.executionContext, IngestJobSettings.DISABLED_MODULES_PROPERTY, plasoModuleName); //NON-NLS
+        HashSet<String> disabledModuleNames = getModulesNames(this.executionContext, IngestJobSettings.DISABLED_MODULES_PROPERTY, makeCsvList(defaultDisabledAndLoaded)); //NON-NLS
        // If plaso was loaded, but appears in neither the enabled nor the 
        // disabled list, add it to the disabled list.
        if (!enabledModuleNames.contains(plasoModuleName) && !disabledModuleNames.contains(plasoModuleName)) {
            disabledModuleNames.add(plasoModuleName);
        }
        //Put plaso back into loadedModuleNames
        if (plasoLoaded) {
            loadedModuleNames.add(plasoModuleName);
        }
        /**
         * Check for missing modules and create warnings if any are found.
--- a/Core/src/org/sleuthkit/autopsy/integrationtesting/ConfigurationModuleManager.java
+++ b/Core/src/org/sleuthkit/autopsy/integrationtesting/ConfigurationModuleManager.java
@ -18,6 +18,7 @@
 */
 package org.sleuthkit.autopsy.integrationtesting;
 import com.basistech.df.cybertriage.autopsy.malwarescan.MalwareScanIngestModuleFactory;
 import java.lang.reflect.Method;
 import java.lang.reflect.ParameterizedType;
 import java.lang.reflect.Type;
@ -46,7 +47,10 @@ public class ConfigurationModuleManager {
    private static final Logger logger = Logger.getLogger(ConfigurationModuleManager.class.getName());
    private static final IngestJobSettings.IngestType DEFAULT_INGEST_FILTER_TYPE = IngestJobSettings.IngestType.ALL_MODULES;
-    private static final Set<String> DEFAULT_EXCLUDED_MODULES = Stream.of("Plaso").collect(Collectors.toSet());
+    private static final Set<String> DEFAULT_EXCLUDED_MODULES = Stream.of(
            "Plaso",
            MalwareScanIngestModuleFactory.getDisplayName()
    ).collect(Collectors.toSet());
    private static final ConfigDeserializer configDeserializer = new ConfigDeserializer();
    /**