update to latest version: v1.4.0

Author: su-amaas

CHANGELOG.md

@@ -1,21 +1,37 @@
 # CHANGELOG
 
+## 1.4.0 - 2024-08-23
+
+* Update README.md
+* Support digest calculation bypass
+
+## 1.3.0 - 2024-08-21
+
+* Update README.md
+* Support passing host address in an AMaasClient constructor
+* Support CA cert import
+
 ## 1.2.0 - 2024-08-07
+
 * Support verbose scan result
 
 ## 1.1.1 - 2024-04-10
+
 * Update README.md
 * Extend the scan default timeout to 300s
 
 ## 1.1.0 - 2024-04-03
+
 * Update protos
 * Enable PML (Predictive Machine Learning) detection and smart feedback
 * Enable bulk mode
 * Enable India region
 * Support for scanning large files (over 2GB)
 
 ## 1.0.1 - 2023-11-23
+
 * Update to latest code
 
 ## 1.0.0 - 2023-11-21
+
 * Initial release

README.md

@@ -154,18 +154,20 @@ When malicious content is detected in the scanned object, `scanResult` will show
 
 The AmaasClient class is the main class of the SDK and provides methods to use the AMaaS scanning services.
 
-#### ```public AMaasClient(final String region, final String apiKey, final long timeoutInSecs, final boolean enabledTLS) throws AMaasException```
+#### ```public AMaasClient(final String region, final String host, final String apiKey, final long timeoutInSecs, final boolean enabledTLS, final string caCert) throws AMaasException```
 
 Creates a new instance of the `AmaasClient` class, and provisions essential settings, including authentication/authorization credentials (API key), preferred service region, etc.
 
 **_Parameters_**
 
 | Parameter     | Description                                                                              |
 | ------------- | ---------------------------------------------------------------------------------------- |
-| region        | The region you obtained your api key. Value provided must be one of the Vision One regions, e.g. `us-east-1`, `eu-central-1`, `ap-northeast-1`, `ap-southeast-2`, `ap-southeast-1`, `ap-south-1`, etc. |
+| region        | The region you obtained your api key. Value provided must be one of the Vision One regions, e.g. `us-east-1`, `eu-central-1`, `ap-northeast-1`, `ap-southeast-2`, `ap-southeast-1`, `ap-south-1`, etc. If host is given, region will be ignored. |
+| host          | The host ip address of self hosted AMaaS scanner. Ignore if to use Trend AMaaS service    |
 | apikey        | Your own Vision One API Key.                                                              |
 | timeoutInSecs | Timeout to cancel the connection to server in seconds. Valid value is 0, 1, 2, ... ; default to 300 seconds.         |
 | enabledTLS    | Enable or disable TLS. TLS should always be enabled when connecting to the AMaaS server. For more information, see the 'Ensuring Secure Communication with TLS' |
+| caCert        | File path of the CA certificate for hosted AMaaS Scanner server. null if using Trend AMaaS service.                  |
 
 **_Return_**
 An AmaasClient instance
@@ -211,6 +213,7 @@ Scan a file for malware, add a list of tags to the scan result and retrieves res
 | pml           | A flag to indicate whether to enable predictive machine learning detection.                  |
 | feedback      | A flag to indicate whether to enable Trend Micro Smart Protection Network's Smart Feedback.  |
 | verbose       | A flag to enable log verbose mode.                                                       |
+| digest        | A flag to enable/disable calculation of digests for cache search and result lookup.      |
 
 **_Return_**
 String the scanned result in JSON format.
@@ -243,6 +246,7 @@ Scan a buffer for malware, add a list of tags to the scan result, and retrieves
 | pml           | A flag to indicate whether to enable predictive machine learning detection.                  |
 | feedback      | A flag to indicate whether to enable Trend Micro Smart Protection Network's Smart Feedback.  |
 | verbose       | A flag to enable log verbose mode.                                                        |
+| digest        | A flag to enable/disable calculation of digests for cache search and result lookup.       |
 
 **_Return_**
 String the scanned result in JSON format.

VERSION

@@ -1 +1 @@
-1.2.0
+1.4.0

examples/README.md

@@ -42,11 +42,14 @@ There are 4 examples under the following sub-folders:
    -f a file or a directory to be scanned
    -k customer Vision One API key
    -r region where the Vision One API key was obtained. eg, us-east-1
+   -a host ip address of self hosted AMaaS scanner. Ignore if to use Trend AMaaS service
    -t optional client maximum waiting time in seconds for a scan. 0 or missing will default to 180 seconds.
-   --taglist a commas separated string of tags. e.g. dev,sdk
+   --tags a commas separated string of tags. e.g. dev,sdk
    --pml enable predictive machine language detection. default to false
    --feedback enable Smart Feedback of Trend Micro Smart Protection Network. default to false
    -v enable log verbose mode. default to false
+   --ca_cert File path of the CA certificate for hosted AMaaS Scanner server. ignore if using Trend AMaaS service.
+   --digest Flag to enable/disable calculation of digests for cache search and result lookup.
    ```
 
    For example:

examples/filescan/App.java

@@ -34,12 +34,12 @@ private static String[] listFiles(final String pathName) {
             .collect(Collectors.toList()).toArray(new String[] {});
     }
 
-    static void scanFilesInSequential(final AMaasClient client, final String[] fList, final String[] tagList, final boolean pmlFlag, final boolean feedbackFlag, final boolean verbose) {
+    static void scanFilesInSequential(final AMaasClient client, final String[] fList, final String[] tagList, final boolean pmlFlag, final boolean feedbackFlag, final boolean verbose, final boolean digest) {
         for (String fileName: fList) {
             try {
                 info("===============> Scanning file {0}", fileName);
                 long startTS = System.currentTimeMillis();
-                String scanResult = client.scanFile(fileName, tagList, pmlFlag, feedbackFlag, verbose);
+                String scanResult = client.scanFile(fileName, tagList, pmlFlag, feedbackFlag, verbose, digest);
                 long endTS = System.currentTimeMillis();
                 info("{0}", scanResult);
                 info("===============> File scan time {0}", endTS - startTS);
@@ -53,12 +53,15 @@ private static Options getCmdOptions() {
         Options optionList = new Options();
         optionList.addRequiredOption("f", "filename", true, "File path or folder to be scanned");
         optionList.addRequiredOption("k", "apikey", true, "Cloud One API key");
-        optionList.addRequiredOption("r", "region", true, "AMaaS service region");
+        optionList.addRequiredOption("r", "region", true, "AMaaS service region to used. Ignore if self hosted.");
+        optionList.addOption("a", "addr", true, "host ip address of self hosted AMaaS scanner. Ignore if to use Trend AMaaS service");
         optionList.addOption("t", "timeout", true, "Per scan timeout in seconds");
-        optionList.addOption(null, "taglist", true, "commas separated string of tags.e.g, sdk,dev");
+        optionList.addOption(null, "tags", true, "commas separated string of tags.e.g, sdk,dev");
         optionList.addOption(null, "pml", true, "Enable predictive machine language detection");
         optionList.addOption(null, "feedback", true, "Enable Trend Smart Protection Network's Smart Feedback");
         optionList.addOption("v", "verbose", true, "Enable log verbose mode");
+        optionList.addOption(null, "ca_cert", true, "CA Certificate of hosted AMaaS Scanner server");
+        optionList.addOption(null, "digest", true, "Enable/Disable calculation of digests for cache search and result lookup");
         return optionList;
     }
 
@@ -67,22 +70,28 @@ private static Options getCmdOptions() {
      * @param args Input options:
      *                  -f a file or a directory to be scanned
      *                  -k the API key or bearer authentication token
-     *                  -r region where the key/token was applied. eg, us-east-1
+     *                  -r region where the Vision One API key was obtained. eg, us-east-1. If host is given, region value will be ignored.
+     *                  -a host ip address of self hosted AMaaS scanner. Ignore if to use Trend AMaaS service.
      *                  -t optional client maximum waiting time in seconds for a scan. 0 or missing means default.
-     *                  --taglist a commas separated string of tags. e.g. dev,sdk
+     *                  --tags a commas separated string of tags. e.g. dev,sdk
      *                  --pml enable predictive machine language detection. default to false
      *                  --feedback enable Trend Micro Smart Protection Network's Smart Feedback. default to false
      *                  -v enable log verbose mode. default to false
+     *                  --ca_cert CA certificate of self hosted AMaaS server
+     *                  --digest Enable/Disable calculation of digests for cache search and result lookup
      */
     public static void main(final String[] args) {
         String pathname = "";
         String apikey = null;
         String region = "";
+        String addr = "";
         long timeout = 0;
         String tags = null;
         boolean pmlFlag = false;
         boolean feedbackFlag = false;
         boolean verbose = false;
+        String caCertPath = null;
+        boolean digest = true;
 
         DefaultParser parser = new DefaultParser();
         HelpFormatter helper = new HelpFormatter();
@@ -92,17 +101,20 @@ public static void main(final String[] args) {
             if (cmd.hasOption("f")) {
                 pathname = cmd.getOptionValue("f");
             }
-            if (cmd.hasOption("r")) {
+            if (cmd.hasOption("k")) {
                 apikey = cmd.getOptionValue("k");
             }
-            if (cmd.hasOption("k")) {
+            if (cmd.hasOption("r")) {
                 region = cmd.getOptionValue("r");
             }
+            if (cmd.hasOption("a")) {
+                addr = cmd.getOptionValue("a");
+            }
             if (cmd.hasOption("t")) {
                 timeout = Long.parseLong(cmd.getOptionValue("t"));
             }
-            if (cmd.hasOption("taglist")) {
-                tags = cmd.getOptionValue("taglist");
+            if (cmd.hasOption("tags")) {
+                tags = cmd.getOptionValue("tags");
             }
             if (cmd.hasOption("pml")) {
                 if (cmd.getOptionValue("pml").equals("true")) {
@@ -119,17 +131,25 @@ public static void main(final String[] args) {
                     verbose = true;
                 }
             }
+            if (cmd.hasOption("ca_cert")) {
+                caCertPath = cmd.getOptionValue("ca_cert");
+            }
+            if (cmd.hasOption("digest")) {
+                if (cmd.getOptionValue("digest").equals("false")) {
+                    digest = false;
+                }
+            }
             String[] tagList = null;
             if (tags != null) {
                 info("tags to used {0}", tags);
                 tagList = tags.split(",");
             }
 
-            AMaasClient client = new AMaasClient(region, apikey, timeout);
+            AMaasClient client = new AMaasClient(region, addr, apikey, timeout, true, caCertPath);
             String[] listOfFiles = listFiles(pathname);
             long totalStartTs = System.currentTimeMillis();
 
-            scanFilesInSequential(client, listOfFiles, tagList, pmlFlag, feedbackFlag, verbose);
+            scanFilesInSequential(client, listOfFiles, tagList, pmlFlag, feedbackFlag, verbose, digest);
 
             long totalEndTs = System.currentTimeMillis();
             info("*************** Total scan time {0}", totalEndTs - totalStartTs);

examples/pom.xml

@@ -61,7 +61,7 @@
     </dependency>
     <dependency>
       <groupId>io.grpc</groupId>
-      <artifactId>grpc-netty-shaded</artifactId>
+      <artifactId>grpc-netty</artifactId>
       <version>1.56.0</version>
     </dependency>
     <dependency>

pom.xml

@@ -5,7 +5,7 @@
 
   <groupId>com.trend</groupId>
   <artifactId>file-security-java-sdk</artifactId>
-  <version>1.2.0</version>
+  <version>1.4.0</version>
 
   <name>file-security-java-sdk</name>
   <url>https://github.com/trendmicro/tm-v1-fs-java-sdk</url>
@@ -83,7 +83,7 @@
     </dependency>
     <dependency>
       <groupId>io.grpc</groupId>
-      <artifactId>grpc-netty-shaded</artifactId>
+      <artifactId>grpc-netty</artifactId>
       <version>1.56.0</version>
     </dependency>
     <dependency>

src/main/java/com/trend/cloudone/amaas/AMaasBaseReader.java

@@ -24,11 +24,11 @@ private static String bytesToHex(final byte[] bytes) {
     public final String getHash(final HashType htype) {
         switch (htype) {
             case HASH_SHA1:
-                return "sha1:" + bytesToHex(this.sha1);
+                return (this.sha1 == null) ? "" : "sha1:" + bytesToHex(this.sha1);
             case HASH_SHA256:
-                return "sha256:" + bytesToHex(this.sha256);
+                return (this.sha256 == null) ? "" : "sha256:" + bytesToHex(this.sha256);
             default:
-                return null;
+                return "";
         }
     }
 

src/main/java/com/trend/cloudone/amaas/AMaasBufferReader.java

@@ -12,16 +12,18 @@ final class AMaasBufferReader extends AMaasBaseReader {
     private String identifier;
     private byte[] readerBuf;
 
-    AMaasBufferReader(final byte[] byteBuf, final String identifier) throws AMaasException {
+    AMaasBufferReader(final byte[] byteBuf, final String identifier, final boolean digest) throws AMaasException {
         this.readerBuf = byteBuf;
         this.identifier = identifier;
-        try {
-            MessageDigest md = MessageDigest.getInstance("SHA1");
-            this.setHash(HashType.HASH_SHA1, md.digest(this.readerBuf));
-            md = MessageDigest.getInstance("SHA-256");
-            this.setHash(HashType.HASH_SHA256, md.digest(this.readerBuf));
-        } catch (NoSuchAlgorithmException err) {
-            // this exception is not possible as the algorithms are hard coded.
+        if (digest) {
+            try {
+                MessageDigest md = MessageDigest.getInstance("SHA1");
+                this.setHash(HashType.HASH_SHA1, md.digest(this.readerBuf));
+                md = MessageDigest.getInstance("SHA-256");
+                this.setHash(HashType.HASH_SHA256, md.digest(this.readerBuf));
+            } catch (NoSuchAlgorithmException err) {
+                // this exception is not possible as the algorithms are hard coded.
+            }
         }
     }