From dc9c212db521e8451785c022b44b0dc171686bbc Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Thu, 27 Jul 2023 19:41:29 -0400
Subject: [PATCH] fixes
---
.../malwarescan/Bundle.properties-MERGED | 5 +++
.../malwarescan/MalwareScanIngestModule.java | 35 +++++++++++++++++--
2 files changed, 38 insertions(+), 2 deletions(-)
diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/Bundle.properties-MERGED b/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/Bundle.properties-MERGED
index a03690feed..9aecc568df 100644
--- a/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/Bundle.properties-MERGED
+++ b/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/Bundle.properties-MERGED
@@ -33,6 +33,11 @@ MalwareScanIngestModule_ShareProcessing_noLookupsRemaining_desc=There are no mor
MalwareScanIngestModule_ShareProcessing_noLookupsRemaining_title=No remaining lookups
MalwareScanIngestModule_ShareProcessing_noUploadsRemaining_desc=There are no more remaining file uploads for this license at this time. File uploading will be disabled.
MalwareScanIngestModule_ShareProcessing_noUploadsRemaining_title=No remaining file uploads
+MalwareScanIngestModule_uploadFile_noRemainingFileUploads_desc=There are no more file uploads on this license at this time. File uploads will be disabled for remaining uploads.
+MalwareScanIngestModule_uploadFile_noRemainingFileUploads_title=No Remaining File Uploads
+# {0} - objectId
+MalwareScanIngestModule_uploadFile_notUploadable_desc=A file did not meet requirements for upload (object id: {0}).
+MalwareScanIngestModule_uploadFile_notUploadable_title=Not Able to Upload
MalwareScanIngestModuleFactory_description=The malware scan ingest module queries the Cyber Triage cloud API for any possible malicious executables.
MalwareScanIngestModuleFactory_displayName=Cyber Triage Malware Scanner
MalwareScanIngestModuleFactory_version=1.0.0
diff --git a/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/MalwareScanIngestModule.java b/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/MalwareScanIngestModule.java
index f528feb653..9b69226c58 100644
--- a/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/MalwareScanIngestModule.java
+++ b/Core/src/com/basistech/df/cybertriage/autopsy/malwarescan/MalwareScanIngestModule.java
@@ -27,7 +27,6 @@
import com.basistech.df.cybertriage.autopsy.ctapi.json.MalwareResultBean.Status;
import com.basistech.df.cybertriage.autopsy.ctapi.json.MetadataUploadRequest;
import com.basistech.df.cybertriage.autopsy.ctoptions.ctcloud.CTLicensePersistence;
-import java.security.DigestInputStream;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.text.MessageFormat;
@@ -559,6 +558,18 @@ private List<CTCloudBean> getHashLookupResults(IngestJobState ingestJobState, Li
} else if (ingestJobState.getIngestJobContext().fileIngestIsCancelled()) {
return Collections.emptyList();
}
+
+ // while we have a valid auth token, also check file uploads.
+ if (ingestJobState.isUploadUnknownFiles()) {
+ long remainingUploads = remaining(authTokenResponse.getFileUploadLimit(), authTokenResponse.getHashLookupCount());
+ if (remainingUploads <= 0) {
+ ingestJobState.disableUploadUnknownFiles();
+ notifyWarning(
+ Bundle.MalwareScanIngestModule_uploadFile_noRemainingFileUploads_title(),
+ Bundle.MalwareScanIngestModule_uploadFile_noRemainingFileUploads_desc(),
+ null);
+ }
+ }
// using auth token, get results
return ctApiDAO.getReputationResults(
@@ -598,13 +609,27 @@ private static boolean isUploadable(AbstractFile af) {
* @throws CTCloudException
* @throws TskCoreException
*/
+ @Messages({
+ "MalwareScanIngestModule_uploadFile_notUploadable_title=Not Able to Upload",
+ "# {0} - objectId",
+ "MalwareScanIngestModule_uploadFile_notUploadable_desc=A file did not meet requirements for upload (object id: {0}).",
+ "MalwareScanIngestModule_uploadFile_noRemainingFileUploads_title=No Remaining File Uploads",
+ "MalwareScanIngestModule_uploadFile_noRemainingFileUploads_desc=There are no more file uploads on this license at this time. File uploads will be disabled for remaining uploads.",})
private boolean uploadFile(IngestJobState ingestJobState, String md5, long objId) throws CTCloudException, TskCoreException, NoSuchAlgorithmException, ReadContentInputStream.ReadContentInputStreamException {
if (!ingestJobState.isUploadUnknownFiles() || ingestJobState.getIngestJobContext().fileIngestIsCancelled()) {
return false;
}
AbstractFile af = ingestJobState.getTskCase().getAbstractFileById(objId);
- if (af == null || !isUploadable(af)) {
+ if (af == null) {
+ return false;
+ }
+
+ if (!isUploadable(af)) {
+ notifyWarning(
+ Bundle.MalwareScanIngestModule_uploadFile_notUploadable_title(),
+ Bundle.MalwareScanIngestModule_uploadFile_notUploadable_desc(objId),
+ null);
return false;
}
@@ -615,6 +640,11 @@ private boolean uploadFile(IngestJobState ingestJobState, String md5, long objId
} else if (remaining(authTokenResponse.getFileUploadLimit(), authTokenResponse.getFileUploadCount()) <= 0) {
// don't proceed with upload if reached limit
ingestJobState.disableUploadUnknownFiles();
+ notifyWarning(
+ Bundle.MalwareScanIngestModule_uploadFile_noRemainingFileUploads_title(),
+ Bundle.MalwareScanIngestModule_uploadFile_noRemainingFileUploads_desc(),
+ null);
+
return false;
} else if (ingestJobState.getIngestJobContext().fileIngestIsCancelled()) {
return false;
@@ -640,6 +670,7 @@ private boolean uploadFile(IngestJobState ingestJobState, String md5, long objId
/**
* Does long polling for any pending results.
+ *
* @param ingestJobState The state of the ingest job.
* @throws InterruptedException
* @throws CTCloudException
--
GitLab