mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 07:56:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3782 from dgrove727/3850_CaseUtilsImprovements

Browse Source 
3850 case utils improvements
This commit is contained in:
Richard Cordovano 2018-05-17 11:49:22 -04:00 committed by GitHub
commit 03fda5ff13
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 70 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -13,6 +13,7 @@
/Core/dist/
/Core/nbproject/*
/Core/test/qa-functional/data/*
/Core/test/qa-functional/src/org/sleuthkit/autopsy/testutils/.preserve
!/Core/nbproject/project.xml
!/Core/nbproject/project.properties

11
Core/test/qa-functional/src/org/sleuthkit/autopsy/ingest/EmbeddedFileTest.java
View File

@ -62,17 +62,10 @@ public class EmbeddedFileTest extends NbTestCase {
@Override
public void setUp() {
CaseUtils.createCase(CASE_NAME);
openCase = CaseUtils.createAsCurrentCase(CASE_NAME);
ImageDSProcessor dataSourceProcessor = new ImageDSProcessor();
IngestUtils.addDataSource(dataSourceProcessor, IMAGE_PATH);
try {
openCase = Case.getCurrentCaseThrows();
} catch (NoCurrentCaseException ex) {
Exceptions.printStackTrace(ex);
Assert.fail(ex);
}
IngestModuleTemplate embeddedTemplate = IngestUtils.getIngestModuleTemplate(new EmbeddedFileExtractorModuleFactory());
IngestModuleTemplate hashLookupTemplate = IngestUtils.getIngestModuleTemplate(new HashLookupModuleFactory());
@ -91,7 +84,7 @@ public class EmbeddedFileTest extends NbTestCase {
@Override
public void tearDown() {
CaseUtils.closeCase();
CaseUtils.closeCurrentCase();
}
public void testEncryption() {

23
Core/test/qa-functional/src/org/sleuthkit/autopsy/ingest/IngestFileFiltersTest.java
View File

@ -68,11 +68,11 @@ public class IngestFileFiltersTest extends NbTestCase {
@Override
public void tearDown() {
CaseUtils.closeCase();
CaseUtils.closeCurrentCase();
}
public void testBasicDir() {
CaseUtils.createCase("testBasicDir");
Case currentCase = CaseUtils.createAsCurrentCase("testBasicDir");
ImageDSProcessor dataSourceProcessor = new ImageDSProcessor();
IngestUtils.addDataSource(dataSourceProcessor, IMAGE_PATH);
@ -82,7 +82,6 @@ public class IngestFileFiltersTest extends NbTestCase {
FilesSet dirFilter = new FilesSet("Filter", "Filter to find all files in dir1.", false, true, rule);
try {
Case currentCase = Case.getCurrentCase();
ArrayList<IngestModuleTemplate> templates = new ArrayList<>();
templates.add(IngestUtils.getIngestModuleTemplate(new FileTypeIdModuleFactory()));
IngestJobSettings ingestJobSettings = new IngestJobSettings(IngestFileFiltersTest.class.getCanonicalName(), IngestJobSettings.IngestType.FILES_ONLY, templates, dirFilter);
@ -114,7 +113,7 @@ public class IngestFileFiltersTest extends NbTestCase {
}
public void testExtAndDirWithOneRule() {
CaseUtils.createCase("testExtAndDirWithOneRule");
Case currentCase = CaseUtils.createAsCurrentCase("testExtAndDirWithOneRule");
ImageDSProcessor dataSourceProcessor = new ImageDSProcessor();
IngestUtils.addDataSource(dataSourceProcessor, IMAGE_PATH);
@ -124,7 +123,6 @@ public class IngestFileFiltersTest extends NbTestCase {
FilesSet filesExtDirsFilter = new FilesSet("Filter", "Filter to find all jpg files in dir1.", false, true, rules);
try {
Case currentCase = Case.getCurrentCase();
ArrayList<IngestModuleTemplate> templates = new ArrayList<>();
templates.add(IngestUtils.getIngestModuleTemplate(new FileTypeIdModuleFactory()));
IngestJobSettings ingestJobSettings = new IngestJobSettings(IngestFileFiltersTest.class.getCanonicalName(), IngestJobSettings.IngestType.FILES_ONLY, templates, filesExtDirsFilter);
@ -149,7 +147,7 @@ public class IngestFileFiltersTest extends NbTestCase {
}
public void testExtAndDirWithTwoRules() {
CaseUtils.createCase("testExtAndDirWithTwoRules");
Case currentCase = CaseUtils.createAsCurrentCase("testExtAndDirWithTwoRules");
ImageDSProcessor dataSourceProcessor = new ImageDSProcessor();
IngestUtils.addDataSource(dataSourceProcessor, IMAGE_PATH);
@ -160,7 +158,6 @@ public class IngestFileFiltersTest extends NbTestCase {
FilesSet filesExtDirsFilter = new FilesSet("Filter", "Filter to find all files in dir1 and all files with jpg extention.", false, true, rules);
try {
Case currentCase = Case.getCurrentCase();
ArrayList<IngestModuleTemplate> templates = new ArrayList<>();
templates.add(IngestUtils.getIngestModuleTemplate(new FileTypeIdModuleFactory()));
IngestJobSettings ingestJobSettings = new IngestJobSettings(IngestFileFiltersTest.class.getCanonicalName(), IngestJobSettings.IngestType.FILES_ONLY, templates, filesExtDirsFilter);
@ -193,7 +190,7 @@ public class IngestFileFiltersTest extends NbTestCase {
}
public void testFullFileNameRule() {
CaseUtils.createCase("testFullFileNameRule");
Case currentCase = CaseUtils.createAsCurrentCase("testFullFileNameRule");
ImageDSProcessor dataSourceProcessor = new ImageDSProcessor();
IngestUtils.addDataSource(dataSourceProcessor, IMAGE_PATH);
@ -203,7 +200,6 @@ public class IngestFileFiltersTest extends NbTestCase {
FilesSet fullNameFilter = new FilesSet("Filter", "Filter to find file.docx.", false, true, rules);
try {
Case currentCase = Case.getCurrentCase();
ArrayList<IngestModuleTemplate> templates = new ArrayList<>();
templates.add(IngestUtils.getIngestModuleTemplate(new FileTypeIdModuleFactory()));
IngestJobSettings ingestJobSettings = new IngestJobSettings(IngestFileFiltersTest.class.getCanonicalName(), IngestJobSettings.IngestType.FILES_ONLY, templates, fullNameFilter);
@ -228,7 +224,7 @@ public class IngestFileFiltersTest extends NbTestCase {
}
public void testCarvingWithExtRuleAndUnallocSpace() {
CaseUtils.createCase("testCarvingWithExtRuleAndUnallocSpace");
Case currentCase = CaseUtils.createAsCurrentCase("testCarvingWithExtRuleAndUnallocSpace");
ImageDSProcessor dataSourceProcessor = new ImageDSProcessor();
IngestUtils.addDataSource(dataSourceProcessor, IMAGE_PATH);
@ -240,7 +236,6 @@ public class IngestFileFiltersTest extends NbTestCase {
FilesSet extensionFilter = new FilesSet("Filter", "Filter to files with .jpg and .gif extension.", false, false, rules);
try {
Case currentCase = Case.getCurrentCase();
ArrayList<IngestModuleTemplate> templates = new ArrayList<>();
templates.add(IngestUtils.getIngestModuleTemplate(new FileTypeIdModuleFactory()));
templates.add(IngestUtils.getIngestModuleTemplate(new PhotoRecCarverIngestModuleFactory()));
@ -276,7 +271,7 @@ public class IngestFileFiltersTest extends NbTestCase {
}
public void testCarvingNoUnallocatedSpace() {
CaseUtils.createCase("testCarvingNoUnallocatedSpace");
Case currentCase = CaseUtils.createAsCurrentCase("testCarvingNoUnallocatedSpace");
ImageDSProcessor dataSourceProcessor = new ImageDSProcessor();
IngestUtils.addDataSource(dataSourceProcessor, IMAGE_PATH);
@ -288,7 +283,6 @@ public class IngestFileFiltersTest extends NbTestCase {
FilesSet extensionFilter = new FilesSet("Filter", "Filter to files with .jpg and .gif extension.", false, true, rules);
try {
Case currentCase = Case.getCurrentCase();
ArrayList<IngestModuleTemplate> templates = new ArrayList<>();
templates.add(IngestUtils.getIngestModuleTemplate(new FileTypeIdModuleFactory()));
templates.add(IngestUtils.getIngestModuleTemplate(new PhotoRecCarverIngestModuleFactory()));
@ -309,7 +303,7 @@ public class IngestFileFiltersTest extends NbTestCase {
}
public void testEmbeddedModule() {
CaseUtils.createCase("testEmbeddedModule");
Case currentCase = CaseUtils.createAsCurrentCase("testEmbeddedModule");
LocalFilesDSProcessor dataSourceProcessor = new LocalFilesDSProcessor();
IngestUtils.addDataSource(dataSourceProcessor, ZIPFILE_PATH);
@ -322,7 +316,6 @@ public class IngestFileFiltersTest extends NbTestCase {
FilesSet embeddedFilter = new FilesSet("Filter", "Filter to files with .jpg extension.", false, false, rules);
try {
Case currentCase = Case.getCurrentCase();
ArrayList<IngestModuleTemplate> templates = new ArrayList<>();
templates.add(IngestUtils.getIngestModuleTemplate(new FileTypeIdModuleFactory()));
templates.add(IngestUtils.getIngestModuleTemplate(new EmbeddedFileExtractorModuleFactory()));

33
Core/test/qa-functional/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionTest.java
View File

@ -29,7 +29,6 @@ import org.netbeans.junit.NbTestCase;
import org.openide.util.Exceptions;
import org.python.icu.impl.Assert;
import org.sleuthkit.autopsy.casemodule.ImageDSProcessor;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.casemodule.services.FileManager;
import org.sleuthkit.autopsy.ingest.IngestJobSettings;
import org.sleuthkit.autopsy.ingest.IngestJobSettings.IngestType;
@ -50,18 +49,11 @@ import org.sleuthkit.datamodel.VolumeSystem;
public class EncryptionDetectionTest extends NbTestCase {
private static final String BITLOCKER_CASE_NAME = "testBitlockerEncryption";
private static final String PASSWORD_CASE_NAME = "testPasswordProtection";
private static final Path BITLOCKER_CASE_DIRECTORY_PATH = Paths.get(System.getProperty("java.io.tmpdir"), BITLOCKER_CASE_NAME);
private static final Path PASSWORD_CASE_DIRECTORY_PATH = Paths.get(System.getProperty("java.io.tmpdir"), PASSWORD_CASE_NAME);
private final Path BITLOCKER_IMAGE_PATH = Paths.get(this.getDataDir().toString(), "encryption_detection_bitlocker_test.vhd");
private final Path PASSWORD_IMAGE_PATH = Paths.get(this.getDataDir().toString(), "password_detection_test.img");
private static final String BITLOCKER_DETECTION_CASE_NAME = "testBitlockerEncryption";
private static final String PASSWORD_DETECTION_CASE_NAME = "PasswordDetectionTest";
private static final String VERACRYPT_DETECTION_CASE_NAME = "VeraCryptDetectionTest";
private final Path BITLOCKER_DETECTION_IMAGE_PATH = Paths.get(this.getDataDir().toString(), "encryption_detection_bitlocker_test.vhd");
private final Path PASSWORD_DETECTION_IMAGE_PATH = Paths.get(this.getDataDir().toString(), "password_detection_test.img");
private final Path VERACRYPT_DETECTION_IMAGE_PATH = Paths.get(this.getDataDir().toString(), "veracrypt_detection_test.vhd");
@ -78,7 +70,7 @@ public class EncryptionDetectionTest extends NbTestCase {
@Override
public void tearDown() {
CaseUtils.closeCase();
CaseUtils.closeCurrentCase();
}
/**
@ -86,10 +78,9 @@ public class EncryptionDetectionTest extends NbTestCase {
*/
public void testBitlockerEncryption() {
try {
CaseUtils.createCase(BITLOCKER_CASE_NAME);
Case openCase = CaseUtils.createAsCurrentCase(BITLOCKER_DETECTION_CASE_NAME);
ImageDSProcessor dataSourceProcessor = new ImageDSProcessor();
IngestUtils.addDataSource(dataSourceProcessor, BITLOCKER_IMAGE_PATH);
Case openCase = Case.getCurrentCaseThrows();
IngestUtils.addDataSource(dataSourceProcessor, BITLOCKER_DETECTION_IMAGE_PATH);
/*
* Create ingest job settings.
@ -146,7 +137,7 @@ public class EncryptionDetectionTest extends NbTestCase {
errorMessage = "Expected to find 'vol2', but no such volume exists.";
assertEquals(errorMessage, true, vol2Found);
} catch (NoCurrentCaseException | TskCoreException ex) {
} catch (TskCoreException ex) {
Exceptions.printStackTrace(ex);
Assert.fail(ex);
}
@ -157,13 +148,10 @@ public class EncryptionDetectionTest extends NbTestCase {
*/
public void testPasswordProtection() {
try {
CaseUtils.createCase(PASSWORD_DETECTION_CASE_NAME);
Case openCase = CaseUtils.createAsCurrentCase(PASSWORD_DETECTION_CASE_NAME);
ImageDSProcessor dataSourceProcessor = new ImageDSProcessor();
IngestUtils.addDataSource(dataSourceProcessor, PASSWORD_DETECTION_IMAGE_PATH);
Case openCase = Case.getCurrentCaseThrows();
/*
* Create ingest job settings.
*/
@ -235,7 +223,7 @@ public class EncryptionDetectionTest extends NbTestCase {
}
}
}
} catch (NoCurrentCaseException | TskCoreException ex) {
} catch (TskCoreException ex) {
Exceptions.printStackTrace(ex);
Assert.fail(ex);
}
@ -256,11 +244,10 @@ public class EncryptionDetectionTest extends NbTestCase {
*/
public void testVeraCryptSupport() {
try {
CaseUtils.createCase(VERACRYPT_DETECTION_CASE_NAME);
Case openCase = CaseUtils.createAsCurrentCase(VERACRYPT_DETECTION_CASE_NAME);
ImageDSProcessor dataSourceProcessor = new ImageDSProcessor();
IngestUtils.addDataSource(dataSourceProcessor, VERACRYPT_DETECTION_IMAGE_PATH);
Case openCase = Case.getCurrentCaseThrows();
ArrayList<IngestModuleTemplate> templates = new ArrayList<>();
templates.add(IngestUtils.getIngestModuleTemplate(new EncryptionDetectionModuleFactory()));
//image includes an encrypted container file with size greater than 5 mb so default settings detect it
@ -289,7 +276,7 @@ public class EncryptionDetectionTest extends NbTestCase {
numberOfEncryptedContainers += file.getArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_SUSPECTED).size();
}
assertEquals("Encrypted Container file should have one encyption suspected artifact", 1, numberOfEncryptedContainers);
} catch (NoCurrentCaseException | TskCoreException ex) {
} catch (TskCoreException ex) {
Exceptions.printStackTrace(ex);
Assert.fail(ex);
}

64
Core/test/qa-functional/src/org/sleuthkit/autopsy/testutils/CaseUtils.java
View File

@ -22,6 +22,7 @@ import java.io.File;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Scanner;
import static junit.framework.Assert.assertFalse;
import static junit.framework.Assert.assertTrue;
import org.apache.commons.io.FileUtils;
@ -30,6 +31,7 @@ import org.python.icu.impl.Assert;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.CaseActionException;
import org.sleuthkit.autopsy.casemodule.CaseDetails;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
/**
* Class with common methods for testing related to the creation and elimination
@ -37,12 +39,17 @@ import org.sleuthkit.autopsy.casemodule.CaseDetails;
*/
public final class CaseUtils {
private static final String PRESERVE_CASE_DATA_LIST_FILE_NAME = ".preserve";
/**
* Create a case case directory and case for the given case name.
*
* @param caseName the name for the case and case directory to have
* @param caseName The name for the case and case directory to have
*
* @return The new case
*/
public static void createCase(String caseName) {
public static Case createAsCurrentCase(String caseName) {
Case currentCase = null;
//Make sure the case is starting with a clean state. So delete the case directory, if it exists.
Path caseDirectoryPath = Paths.get(System.getProperty("java.io.tmpdir"), caseName);
File caseDir = new File(caseDirectoryPath.toString());
@ -59,27 +66,54 @@ public final class CaseUtils {
try {
Case.createAsCurrentCase(Case.CaseType.SINGLE_USER_CASE, caseDirectoryPath.toString(), new CaseDetails(caseName));
} catch (CaseActionException ex) {
currentCase = Case.getCurrentCaseThrows();
} catch (CaseActionException | NoCurrentCaseException ex) {
Exceptions.printStackTrace(ex);
Assert.fail(ex);
}
assertTrue(caseDir.exists());
return currentCase;
}
/**
* Close the current case, fails test if case was unable to be closed.
* Close and delete the current case. This will fail the test if the case
* was unable to be closed.
*
* Note: This method will skip case deletion if '.preserve' exists in the
* 'org.sleuthkit.autopsy.testutils' package and includes the current case
* path.
*/
public static void closeCase() {
public static void closeCurrentCase() {
try {
Case.closeCurrentCase();
//Seems like we need some time to close the case, so file handler later can delete the case directory.
try {
Thread.sleep(20000);
} catch (Exception ex) {
if (Case.isCaseOpen()) {
String currentCaseDirectory = Case.getCurrentCase().getCaseDirectory();
Case.closeCurrentCase();
System.gc();
/*
* Look for the current case directory in '.preserved'. If
* found, skip case deletion.
*/
boolean deleteCase = true;
File preserveListFile = new File(
CaseUtils.class.getResource(PRESERVE_CASE_DATA_LIST_FILE_NAME).toExternalForm()
.substring(6)); // Use substring to remove "file:\" from path.
if (preserveListFile.exists()) {
Scanner scanner = new Scanner(preserveListFile);
while (scanner.hasNext()) {
if (scanner.nextLine().equalsIgnoreCase(currentCaseDirectory)) {
deleteCase = false;
break;
}
}
}
if (deleteCase) {
deleteCaseDir(new File(currentCaseDirectory));
}
}
} catch (CaseActionException ex) {
} catch (CaseActionException | IOException ex) {
Exceptions.printStackTrace(ex);
Assert.fail(ex);
}
@ -89,9 +123,9 @@ public final class CaseUtils {
* Delete the case directory if it exists, thows exception if unable to
* delete case dir to allow the user to determine failure with.
*
* @param caseDirectory the case directory to delete
* @param caseDirectory The case directory to delete
*
* @throws IOException thrown if there was an problem deleting the case
* @throws IOException Thrown if there was an problem deleting the case
* directory
*/
public static void deleteCaseDir(File caseDirectory) throws IOException {
@ -105,6 +139,6 @@ public final class CaseUtils {
* Private constructor to prevent utility class instantiation.
*/
private CaseUtils() {
}
}
}