Modified code in load for setting the Plaso module to off by default

This commit is contained in:
Kelly Kelly 2019-08-01 12:49:57 -04:00
parent 936642bfc9
commit df86ce32ae

View File

@ -331,27 +331,35 @@ public final class IngestJobSettings {
} }
/** /**
* Hardcoding Plaso to be disabled by default. Loaded modules is passed * Hard coding Plaso to be disabled by default. loadedModuleNames is passed
* below as the list default list of enabled modules so briefly * below as the default list of enabled modules so briefly
* remove Plaso from loaded modules to get the list of enabled and * remove Plaso from loaded modules to get the list of enabled and
* disabled modules. Then put Plaso back into loadedModulesNames to let * disabled modules names. Then put Plaso back into loadedModulesNames to let
* the rest of the code continue as before. * the rest of the code continue as before.
*/ */
HashSet<String> hardCodedDisabledModules = new HashSet<>(); final String plasoModuleName = "Plaso";
if(loadedModuleNames.contains("Plaso")) { boolean plasoLoaded = loadedModuleNames.contains(plasoModuleName);
loadedModuleNames.remove("Plaso"); if (plasoLoaded) {
hardCodedDisabledModules.add("Plaso"); loadedModuleNames.remove(plasoModuleName);
} }
/** /**
* Get the enabled/disabled ingest modules settings for this context. By * Get the enabled/disabled ingest modules settings for this context. By
* default, all loaded modules are enabled. * default, all loaded modules except Plaso are enabled.
*/ */
HashSet<String> enabledModuleNames = getModulesNames(executionContext, IngestJobSettings.ENABLED_MODULES_PROPERTY, makeCsvList(loadedModuleNames)); HashSet<String> enabledModuleNames = getModulesNames(executionContext, IngestJobSettings.ENABLED_MODULES_PROPERTY, makeCsvList(loadedModuleNames));
HashSet<String> disabledModuleNames = getModulesNames(executionContext, IngestJobSettings.DISABLED_MODULES_PROPERTY, hardCodedDisabledModules.isEmpty() ? "" : makeCsvList(hardCodedDisabledModules)); //NON-NLS HashSet<String> disabledModuleNames = getModulesNames(executionContext, IngestJobSettings.DISABLED_MODULES_PROPERTY, plasoModuleName); //NON-NLS
// If plaso was loaded, but appears in neither the enabled nor the
// disabled list, add it to the disabled list.
if (!enabledModuleNames.contains(plasoModuleName) && !disabledModuleNames.contains(plasoModuleName)) {
disabledModuleNames.add(plasoModuleName);
}
//Put plaso back into loadedModuleNames //Put plaso back into loadedModuleNames
loadedModuleNames.addAll(hardCodedDisabledModules); if (plasoLoaded) {
loadedModuleNames.add(plasoModuleName);
}
/** /**
* Check for missing modules and create warnings if any are found. * Check for missing modules and create warnings if any are found.