mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

disable module instead of running without license

Browse Source
This commit is contained in:
Greg DiCristofaro 2023-07-23 14:26:37 -04:00
parent 315b8abbc5
commit 7cb41b4d8a
2 changed files with 34 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/Bundle.properties-MERGED
View File

@ -18,6 +18,10 @@ MalwareScanIngestModule_ShareProcessing_batchTimeout_title=Batch Processing Time
# {0} - remainingLookups
MalwareScanIngestModule_ShareProcessing_lowLimitWarning_desc=This license only has {0} lookups remaining
MalwareScanIngestModule_ShareProcessing_lowLimitWarning_title=Hash Lookups Low
MalwareScanIngestModule_ShareProcessing_noLicense_desc=No Cyber Triage license could be loaded. Cyber Triage processing will be disabled.
MalwareScanIngestModule_ShareProcessing_noLicense_title=No Cyber Triage License
MalwareScanIngestModule_ShareProcessing_noRemaining_desc=There are no more remaining hash lookups for this license at this time. Cyber Triage processing will be disabled.
MalwareScanIngestModule_ShareProcessing_noRemaining_title=No remaining lookups
MalwareScanIngestModuleFactory_description=The malware scan ingest module queries the Cyber Triage cloud API for any possible malicious executables.
MalwareScanIngestModuleFactory_displayName=Cyber Triage Malware Scanner
MalwareScanIngestModuleFactory_version=1.0.0

56
Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/MalwareScanIngestModule.java
View File

@ -111,13 +111,12 @@ public class MalwareScanIngestModule implements FileIngestModule {
private final CTLicensePersistence ctSettingsPersistence = CTLicensePersistence.getInstance();
private final CTApiDAO ctApiDAO = CTApiDAO.getInstance();
private FileTypeDetector fileTypeDetector;
private RunState runState = null;
private SleuthkitCase tskCase = null;
private FileTypeDetector fileTypeDetector = null;
private LicenseInfo licenseInfo = null;
private BlackboardArtifact.Type malwareType = null;
private boolean noMoreHashLookups = false;
private IngestModuleException startupException;
private long dsId = 0;
private long ingestJobId = 0;
@ -125,23 +124,28 @@ public class MalwareScanIngestModule implements FileIngestModule {
"MalwareScanIngestModule_ShareProcessing_lowLimitWarning_title=Hash Lookups Low",
"# {0} - remainingLookups",
"MalwareScanIngestModule_ShareProcessing_lowLimitWarning_desc=This license only has {0} lookups remaining",
"MalwareScanIngestModule_malwareTypeDisplayName=Malware"
"MalwareScanIngestModule_malwareTypeDisplayName=Malware",
"MalwareScanIngestModule_ShareProcessing_noLicense_title=No Cyber Triage License",
"MalwareScanIngestModule_ShareProcessing_noLicense_desc=No Cyber Triage license could be loaded. Cyber Triage processing will be disabled.",
"MalwareScanIngestModule_ShareProcessing_noRemaining_title=No remaining lookups",
"MalwareScanIngestModule_ShareProcessing_noRemaining_desc=There are no more remaining hash lookups for this license at this time. Cyber Triage processing will be disabled."
})
synchronized void startUp(IngestJobContext context) throws IngestModuleException {
// only run this code once per startup
if (runState == RunState.STARTED_UP) {
if (startupException != null) {
throw startupException;
} else {
return;
}
if (runState == RunState.STARTED_UP || runState == RunState.DISABLED) {
return;
}
try {
// get saved license
Optional<LicenseInfo> licenseInfoOpt = ctSettingsPersistence.loadLicenseInfo();
if (licenseInfoOpt.isEmpty() || licenseInfoOpt.get().getDecryptedLicense() == null) {
throw new IngestModuleException("No saved license was found");
notifyWarning(
Bundle.MalwareScanIngestModule_ShareProcessing_noLicense_title(),
Bundle.MalwareScanIngestModule_ShareProcessing_noLicense_desc(),
null);
runState = RunState.DISABLED;
return;
}
AuthTokenResponse authTokenResponse = ctApiDAO.getAuthToken(licenseInfoOpt.get().getDecryptedLicense());
@ -150,7 +154,12 @@ public class MalwareScanIngestModule implements FileIngestModule {
// determine lookups remaining
long lookupsRemaining = remaining(authTokenResponse.getHashLookupLimit(), authTokenResponse.getHashLookupCount());
if (lookupsRemaining <= 0) {
throw new IngestModuleException("There are no more file hash lookups for this license");
notifyWarning(
Bundle.MalwareScanIngestModule_ShareProcessing_noRemaining_title(),
Bundle.MalwareScanIngestModule_ShareProcessing_noRemaining_desc(),
null);
runState = RunState.DISABLED;
return;
} else if (lookupsRemaining < LOW_LOOKUPS_REMAINING) {
notifyWarning(
Bundle.MalwareScanIngestModule_ShareProcessing_lowLimitWarning_title(),
@ -168,15 +177,12 @@ public class MalwareScanIngestModule implements FileIngestModule {
dsId = context.getDataSource().getId();
ingestJobId = context.getJobId();
licenseInfo = licenseInfoOpt.get();
startupException = null;
noMoreHashLookups = false;
// set run state to initialized
runState = RunState.STARTED_UP;
} catch (IngestModuleException ex) {
startupException = ex;
throw startupException;
} catch (Exception ex) {
startupException = new IngestModuleException("An exception occurred on MalwareScanIngestModule startup", ex);
throw startupException;
runState = RunState.DISABLED;
throw new IngestModuleException("An exception occurred on MalwareScanIngestModule startup", ex);
}
}
@ -192,7 +198,7 @@ public class MalwareScanIngestModule implements FileIngestModule {
})
IngestModule.ProcessResult process(AbstractFile af) {
try {
if (af.getKnown() != TskData.FileKnown.KNOWN
if (runState == RunState.STARTED_UP && af.getKnown() != TskData.FileKnown.KNOWN
&& EXECUTABLE_MIME_TYPES.contains(StringUtils.defaultString(fileTypeDetector.getMIMEType(af)).trim().toLowerCase())) {
batchProcessor.add(new FileRecord(af.getId(), af.getMd5Hash()));
@ -219,7 +225,7 @@ public class MalwareScanIngestModule implements FileIngestModule {
"MalwareScanIngestModule_SharedProcessing_generalProcessingError_title=Hash Lookup Error",
"MalwareScanIngestModule_SharedProcessing_generalProcessingError_desc=An error occurred while processing hash lookup results",})
private void handleBatch(List<FileRecord> fileRecords) {
if (fileRecords == null || fileRecords.isEmpty() || noMoreHashLookups) {
if (runState != RunState.STARTED_UP || fileRecords == null || fileRecords.isEmpty()) {
return;
}
@ -250,7 +256,7 @@ public class MalwareScanIngestModule implements FileIngestModule {
// make sure we are in bounds for the remaining scans
long remainingScans = remaining(authTokenResponse.getHashLookupLimit(), authTokenResponse.getHashLookupCount());
if (remainingScans <= 0) {
noMoreHashLookups = true;
runState = RunState.DISABLED;
notifyWarning(
Bundle.MalwareScanIngestModule_SharedProcessing_exhaustedHashLookups_title(),
Bundle.MalwareScanIngestModule_SharedProcessing_exhaustedHashLookups_desc(),
@ -307,7 +313,7 @@ public class MalwareScanIngestModule implements FileIngestModule {
// if we only processed part of the batch, after processing, notify that we are out of scans.
if (exceededScanLimit) {
noMoreHashLookups = true;
runState = RunState.DISABLED;
notifyWarning(
Bundle.MalwareScanIngestModule_SharedProcessing_exhaustedHashLookups_title(),
Bundle.MalwareScanIngestModule_SharedProcessing_exhaustedHashLookups_desc(),
@ -378,9 +384,7 @@ public class MalwareScanIngestModule implements FileIngestModule {
ex);
} finally {
// set state to shut down and clear any remaining
noMoreHashLookups = false;
runState = RunState.SHUT_DOWN;
startupException = null;
batchProcessor.clearCurrentBatch();
}
}
@ -391,7 +395,7 @@ public class MalwareScanIngestModule implements FileIngestModule {
}
private enum RunState {
STARTED_UP, SHUT_DOWN
STARTED_UP, DISABLED, SHUT_DOWN
}
class FileRecord {