From 075b76e8bf6d0b274b35da38678c172d06a04d0c Mon Sep 17 00:00:00 2001 From: Andrew Ziehl Date: Tue, 31 Jul 2018 11:46:44 -0700 Subject: [PATCH] logic overhaul to reduce manipulation and building of hashmaps. --- .../AbstractCommonAttributeInstance.java | 5 ++- .../CentralRepoCommonAttributeInstance.java | 4 +- .../InterCaseSearchResultsProcessor.java | 45 ++++++++++++++++++- 3 files changed, 48 insertions(+), 6 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/AbstractCommonAttributeInstance.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/AbstractCommonAttributeInstance.java index 6f445ca0a3..96741efc0d 100644 --- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/AbstractCommonAttributeInstance.java +++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/AbstractCommonAttributeInstance.java @@ -19,6 +19,7 @@ */ package org.sleuthkit.autopsy.commonfilesearch; +import java.util.HashMap; import java.util.Map; import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance; import org.sleuthkit.autopsy.datamodel.DisplayableItemNode; @@ -70,9 +71,9 @@ public abstract class AbstractCommonAttributeInstance { * @param cachedFiles storage for abstract files which have been used * already so we can avoid extra roundtrips to the case db */ - AbstractCommonAttributeInstance(Map cachedFiles) { + AbstractCommonAttributeInstance() { this.abstractFileObjectId = -1L; - this.cachedFiles = cachedFiles; + this.cachedFiles = new HashMap<>(); this.caseName = ""; this.dataSource = ""; } diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CentralRepoCommonAttributeInstance.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CentralRepoCommonAttributeInstance.java index e720cef635..dd2ff9e2b7 100644 --- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CentralRepoCommonAttributeInstance.java +++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CentralRepoCommonAttributeInstance.java @@ -45,8 +45,8 @@ final public class CentralRepoCommonAttributeInstance extends AbstractCommonAttr private final Integer crFileId; private CorrelationAttributeInstance currentAttributeInstance; - CentralRepoCommonAttributeInstance(Integer attrInstId, Map cachedFiles) { - super(cachedFiles); + CentralRepoCommonAttributeInstance(Integer attrInstId) { + super(); this.crFileId = attrInstId; } diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCaseSearchResultsProcessor.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCaseSearchResultsProcessor.java index 8416bbd856..8298089d4e 100644 --- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCaseSearchResultsProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCaseSearchResultsProcessor.java @@ -20,8 +20,10 @@ package org.sleuthkit.autopsy.commonfilesearch; import java.sql.ResultSet; import java.sql.SQLException; +import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.logging.Level; import org.openide.util.Exceptions; @@ -32,7 +34,11 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource; import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb; import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException; import org.sleuthkit.autopsy.centralrepository.datamodel.InstanceTableCallback; +import static org.sleuthkit.autopsy.commonfilesearch.AbstractCommonAttributeSearcher.collateMatchesByNumberOfInstances; import org.sleuthkit.autopsy.coreutils.Logger; +import static org.sleuthkit.autopsy.timeline.datamodel.eventtype.ArtifactEventType.LOGGER; +import org.sleuthkit.datamodel.AbstractFile; +import org.sleuthkit.datamodel.HashUtility; /** * Used to process and return CorrelationCase md5s from the EamDB for @@ -123,14 +129,49 @@ final class InterCaseSearchResultsProcessor { @Override public void process(ResultSet resultSet) { + Map> instanceCollatedCommonFiles = new HashMap<>(); + try { + String previousRowMd5 = ""; + EamDb dbManager = EamDb.getInstance(); + CommonAttributeValue commonAttributeValue = null; while (resultSet.next()) { int resultId = InstanceTableCallback.getId(resultSet); - intercaseCommonValuesMap.put(resultId, InstanceTableCallback.getValue(resultSet)); - intercaseCommonCasesMap.put(resultId, InstanceTableCallback.getCaseId(resultSet)); + String md5Value = InstanceTableCallback.getValue(resultSet); + if (md5Value == null || HashUtility.isNoDataMd5(md5Value)) { + continue; + } + int caseId = InstanceTableCallback.getCaseId(resultSet); + CorrelationCase autopsyCrCase = dbManager.getCaseById(caseId); + final String correlationCaseDisplayName = autopsyCrCase.getDisplayName(); + + if(commonAttributeValue == null) { + commonAttributeValue = new CommonAttributeValue(md5Value); + } + // we don't *have* all the information for the rows in the CR, + // so we need to consult the present case via the SleuthkitCase object + // Later, when the FileInstanceNodde is built. Therefore, build node generators for now. + if (!md5Value.equals(previousRowMd5)) { + int size = commonAttributeValue.getInstanceCount(); + if (instanceCollatedCommonFiles.containsKey(size)) { + instanceCollatedCommonFiles.get(size).add(commonAttributeValue); + } else { + ArrayList value = new ArrayList<>(); + value.add(commonAttributeValue); + instanceCollatedCommonFiles.put(size, value); + } + + commonAttributeValue = new CommonAttributeValue(md5Value); + previousRowMd5 = md5Value; + } + AbstractCommonAttributeInstance searchResult = new CentralRepoCommonAttributeInstance(resultId); + commonAttributeValue.addFileInstanceMetadata(searchResult, correlationCaseDisplayName); + } } catch (SQLException ex) { Exceptions.printStackTrace(ex); + } catch (EamDbException ex) { + LOGGER.log(Level.WARNING, "Error getting artifact instances from database.", ex); // NON-NLS } }