mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-08 22:29:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

dont rescan

Browse Source
This commit is contained in:
Greg DiCristofaro 2023-07-24 15:49:57 -04:00
parent 404284cdfc
commit a634a2e7fd
1 changed files with 15 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/MalwareScanIngestModule.java
View File

@ -50,6 +50,7 @@ import org.sleuthkit.datamodel.Blackboard;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.Score; import org.sleuthkit.datamodel.Score;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData;
/** /**
@ -198,12 +199,21 @@ public class MalwareScanIngestModule implements FileIngestModule {
}) })
IngestModule.ProcessResult process(AbstractFile af) { IngestModule.ProcessResult process(AbstractFile af) {
try { try {
if (runState == RunState.STARTED_UP && af.getKnown() != TskData.FileKnown.KNOWN if (runState == RunState.STARTED_UP
&& EXECUTABLE_MIME_TYPES.contains(StringUtils.defaultString(fileTypeDetector.getMIMEType(af)).trim().toLowerCase())) { && af.getKnown() != TskData.FileKnown.KNOWN
&& EXECUTABLE_MIME_TYPES.contains(StringUtils.defaultString(fileTypeDetector.getMIMEType(af)).trim().toLowerCase())
&& CollectionUtils.isEmpty(af.getAnalysisResults(malwareType))) {
batchProcessor.add(new FileRecord(af.getId(), af.getMd5Hash())); batchProcessor.add(new FileRecord(af.getId(), af.getMd5Hash()));
} }
return ProcessResult.OK; return ProcessResult.OK;
} catch (TskCoreException ex) {
notifyWarning(
Bundle.MalwareScanIngestModule_SharedProcessing_generalProcessingError_title(),
Bundle.MalwareScanIngestModule_SharedProcessing_generalProcessingError_desc(),
ex);
return IngestModule.ProcessResult.ERROR;
} catch (InterruptedException ex) { } catch (InterruptedException ex) {
notifyWarning( notifyWarning(
Bundle.MalwareScanIngestModule_ShareProcessing_batchTimeout_title(), Bundle.MalwareScanIngestModule_ShareProcessing_batchTimeout_title(),
@ -231,7 +241,7 @@ public class MalwareScanIngestModule implements FileIngestModule {
// create mapping of md5 to corresponding object ids as well as just the list of md5's // create mapping of md5 to corresponding object ids as well as just the list of md5's
Map<String, List<Long>> md5ToObjId = new HashMap<>(); Map<String, List<Long>> md5ToObjId = new HashMap<>();
List<String> md5Hashes = new ArrayList<>();
for (FileRecord fr : fileRecords) { for (FileRecord fr : fileRecords) {
if (fr == null || StringUtils.isBlank(fr.getMd5hash()) || fr.getObjId() <= 0) { if (fr == null || StringUtils.isBlank(fr.getMd5hash()) || fr.getObjId() <= 0) {
continue; continue;
@ -242,9 +252,10 @@ public class MalwareScanIngestModule implements FileIngestModule {
.computeIfAbsent(sanitizedMd5, (k) -> new ArrayList<>()) .computeIfAbsent(sanitizedMd5, (k) -> new ArrayList<>())
.add(fr.getObjId()); .add(fr.getObjId());
md5Hashes.add(sanitizedMd5);
} }
List<String> md5Hashes = new ArrayList<>(md5ToObjId.keySet());
if (md5Hashes.isEmpty()) { if (md5Hashes.isEmpty()) {
return; return;
} }