From 52ded97f8db4ce0c0b030b4175c1f6e9432bea44 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 15 Apr 2020 15:49:00 -0400 Subject: [PATCH 1/7] beginnings of gpx file ingest --- .../GPX_Module/GPX_Parser_Module.py | 268 ++++++++++-------- 1 file changed, 145 insertions(+), 123 deletions(-) diff --git a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py index 3d202a963b..73952a341d 100644 --- a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py +++ b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py @@ -60,12 +60,17 @@ import gpxpy import gpxpy.gpx import gpxpy.parser +# to get a random filename to prevent race conditions +import uuid + # Factory that defines the name and details of the module and allows Autopsy # to create instances of the modules that will do the analysis. + + class GPXParserDataSourceIngestModuleFactory(IngestModuleFactoryAdapter): moduleName = "GPX Parser" - + def getModuleDisplayName(self): return self.moduleName @@ -75,158 +80,175 @@ class GPXParserDataSourceIngestModuleFactory(IngestModuleFactoryAdapter): def getModuleVersionNumber(self): return "1.2" - def isDataSourceIngestModuleFactory(self): + def isFileIngestModuleFactory(self): return True - def createDataSourceIngestModule(self, ingestOptions): + def createFileIngestModule(self, ingestOptions): return GPXParserDataSourceIngestModule() - -# Data Source-level ingest module. One gets created per data source. -class GPXParserDataSourceIngestModule(DataSourceIngestModule): - logger = Logger.getLogger(GPXParserDataSourceIngestModuleFactory.moduleName) +# Data Source-level ingest module. One gets created per data source. +class GPXParserDataSourceIngestModule(FileIngestModule): + + logger = Logger.getLogger( + GPXParserDataSourceIngestModuleFactory.moduleName) writeDebugMsgs = False def log(self, level, msg): - self.logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg) + self.logger.logp(level, self.__class__.__name__, + inspect.stack()[1][3], msg) def __init__(self): self.context = None - - # Where any setup and configuration is done. - def startUp(self, context): - self.context = context - - # Where the analysis is done. - def process(self, dataSource, progressBar): - - # We don't know how much work there is yet. - progressBar.switchToIndeterminate() - - # Get the case database and its blackboard. - skCase = Case.getCurrentCase().getSleuthkitCase() - blackboard = skCase.getBlackboard() - - # Get any files with a .gpx extension. - # It would perhaps be better to get these files by MIME type instead. - # RC: It would also be better if this were a file level ingest module so it could process files extracted from archives. - fileManager = Case.getCurrentCase().getServices().getFileManager() - files = fileManager.findFiles(dataSource, "%.gpx") - - # Update the progress bar now that we know how much work there is to do. - numFiles = len(files) - if self.writeDebugMsgs: self.log(Level.INFO, "Found " + str(numFiles) + " GPX files") - progressBar.switchToDeterminate(numFiles) + self.fileCount = 0 # Get the module name, it will be needed for adding attributes - moduleName = GPXParserDataSourceIngestModuleFactory.moduleName + self.moduleName = GPXParserDataSourceIngestModuleFactory.moduleName - # Check if a folder for this module is present in the case Temp directory. + # Check if a folder for this module is present in the case Temp directory. # If not, create it. - dirName = os.path.join(Case.getCurrentCase().getTempDirectory(), "GPX_Parser_Module") + self.dirName = os.path.join( + Case.getCurrentCase().getTempDirectory(), "GPX_Parser_Module") try: - os.stat(dirName) + os.stat(self.dirName) except: - os.mkdir(dirName) + os.mkdir(self.dirName) - # Create a temp file name. It appears that we cannot close and delete + # Where any setup and configuration is done. + + def startUp(self, context): + self.context = context + self.fileFound = 0 + + # Where the file analysis is done. + def process(self, file): + if not file.getName().lower().endswith(".gpx"): + return IngestModule.ProcessResult.OK + + # Create a temp file name. It appears that we cannot close and delete # this file, but we can overwrite it for each file we need to process. - fileName = os.path.join(dirName, "tmp.gpx") - - fileCount = 0; - for file in files: + fileName = os.path.join(self.dirName, uuid.uuid4().hex + ".gpx") - # Create a GeoArtifactsHelper for this file. - geoArtifactHelper = GeoArtifactsHelper(skCase, moduleName, None, file) - - # Check if the user pressed cancel while we were busy. - if self.context.isJobCancelled(): - return IngestModule.ProcessResult.OK + # Create a GeoArtifactsHelper for this file. + geoArtifactHelper = GeoArtifactsHelper(skCase, moduleName, None, file) - if self.writeDebugMsgs: self.log(Level.INFO, "Processing " + file.getUniquePath() + " (objID = " + str(file.getId()) + ")") - fileCount += 1 + if self.writeDebugMsgs: + self.log(Level.INFO, "Processing " + file.getUniquePath() + + " (objID = " + str(file.getId()) + ")") - # Write the file so that it can be parsed by gpxpy. - localFile = File(fileName) - ContentUtils.writeToFile(file, localFile) + self.fileCount += 1 - # Send the file to gpxpy for parsing. - gpxfile = open(fileName) - try: - gpx = gpxpy.parse(gpxfile) - if self.writeDebugMsgs: self.log(Level.INFO, "Parsed " + file.getUniquePath() + " (objID = " + str(file.getId()) + ")") - except Exception as e: - self.log(Level.WARNING, "Error parsing file " + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + str(e)) - continue - - if gpx: - if self.writeDebugMsgs: self.log(Level.INFO, "Processing tracks from " + file.getUniquePath() + " (objID = " + str(file.getId()) + ")") - for track in gpx.tracks: - for segment in track.segments: - geoPointList = GeoTrackPoints() - for point in segment.points: + # Write the file so that it can be parsed by gpxpy. + localFile = File(fileName) + ContentUtils.writeToFile(file, localFile) - elevation = 0 - if point.elevation != None: - elevation = point.elevation - - timeStamp = 0 - try: - if (point.time != None): - timeStamp = long(time.mktime(point.time.timetuple())) - except Exception as e: - self.log(Level.WARNING, "Error getting track timestamp from " + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + str(e)) + # Send the file to gpxpy for parsing. + gpxfile = open(fileName) + try: + gpx = gpxpy.parse(gpxfile) + if self.writeDebugMsgs: + self.log(Level.INFO, "Parsed " + file.getUniquePath() + + " (objID = " + str(file.getId()) + ")") + except Exception as e: + self.log(Level.WARNING, "Error parsing file " + file.getUniquePath() + + " (objID = " + str(file.getId()) + "):" + str(e)) + continue - geoPointList.addPoint(TrackPoint(point.latitude, point.longitude, elevation, None, 0, 0, 0, timeStamp)) - + if gpx: + if self.writeDebugMsgs: + self.log(Level.INFO, "Processing tracks from " + + file.getUniquePath() + " (objID = " + str(file.getId()) + ")") + + for track in gpx.tracks: + for segment in track.segments: + geoPointList = GeoTrackPoints() + for point in segment.points: + + elevation = 0 + if point.elevation != None: + elevation = point.elevation + + timeStamp = 0 try: - geoArtifactHelper.addTrack("Track", geoPointList, None) - except Blackboard.BlackboardException as e: - self.log(Level.SEVERE, "Error posting GPS track artifact for " + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + e.getMessage()) - except TskCoreException as e: - self.log(Level.SEVERE, "Error creating GPS track artifact for " + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + e.getMessage()) - - if self.writeDebugMsgs: self.log(Level.INFO, "Processing waypoints from " + file.getUniquePath() + " (objID = " + str(file.getId()) + ")") - for waypoint in gpx.waypoints: - + if (point.time != None): + timeStamp = long(time.mktime( + point.time.timetuple())) + except Exception as e: + self.log(Level.WARNING, "Error getting track timestamp from " + + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + str(e)) + + geoPointList.addPoint(TrackPoint( + point.latitude, point.longitude, elevation, None, 0, 0, 0, timeStamp)) + try: - art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK) - - attributes = ArrayList() - attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(), moduleName, waypoint.latitude)) - attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID(), moduleName, waypoint.longitude)) - attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FLAG.getTypeID(), moduleName, "Waypoint")) - attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, waypoint.name)) - attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), moduleName, "GPXParser")) - art.addAttributes(attributes) - - blackboard.postArtifact(art, moduleName) - + geoArtifactHelper.addTrack("Track", geoPointList, None) except Blackboard.BlackboardException as e: - self.log(Level.SEVERE, "Error posting GPS bookmark artifact for " + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + e.getMessage()) + self.log(Level.SEVERE, "Error posting GPS track artifact for " + + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + e.getMessage()) except TskCoreException as e: - self.log(Level.SEVERE, "Error creating GPS bookmark artifact for " + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + e.getMessage()) + self.log(Level.SEVERE, "Error creating GPS track artifact for " + + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + e.getMessage()) - if self.writeDebugMsgs: self.log(Level.INFO, "Processing routes from " + file.getUniquePath() + " (objID = " + str(file.getId()) + ")") - for route in gpx.routes: + if self.writeDebugMsgs: + self.log(Level.INFO, "Processing waypoints from " + + file.getUniquePath() + " (objID = " + str(file.getId()) + ")") - geoWaypoints = GeoWaypoints() + for waypoint in gpx.waypoints: - for point in route.points: - geoWaypoints.addPoint(Waypoint(point.latitude, point.longitude, point.elevation, point.name)) - - try: - geoArtifactHelper.addRoute(None, None, geoWaypoints, None) - except Blackboard.BlackboardException as e: - self.log("Error posting GPS route artifact for " + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + e.getMessage()) - except TskCoreException as e: - self.log(Level.SEVERE, "Error creating GPS route artifact for " + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + e.getMessage()) - - # Update the progress bar. - progressBar.progress(fileCount) + try: + art = file.newArtifact( + BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK) - # Post a message to the ingest messages inbox. - message = IngestMessage.createMessage(IngestMessage.MessageType.DATA, moduleName, "Processed %d files" % fileCount) - IngestServices.getInstance().postMessage(message) - return IngestModule.ProcessResult.OK; + attributes = ArrayList() + attributes.add(BlackboardAttribute( + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(), moduleName, waypoint.latitude)) + attributes.add(BlackboardAttribute( + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID(), moduleName, waypoint.longitude)) + attributes.add(BlackboardAttribute( + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FLAG.getTypeID(), moduleName, "Waypoint")) + attributes.add(BlackboardAttribute( + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, waypoint.name)) + attributes.add(BlackboardAttribute( + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), moduleName, "GPXParser")) + art.addAttributes(attributes) + + blackboard.postArtifact(art, moduleName) + + except Blackboard.BlackboardException as e: + self.log(Level.SEVERE, "Error posting GPS bookmark artifact for " + + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + e.getMessage()) + except TskCoreException as e: + self.log(Level.SEVERE, "Error creating GPS bookmark artifact for " + + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + e.getMessage()) + + if self.writeDebugMsgs: + self.log(Level.INFO, "Processing routes from " + + file.getUniquePath() + " (objID = " + str(file.getId()) + ")") + + for route in gpx.routes: + + geoWaypoints = GeoWaypoints() + + for point in route.points: + geoWaypoints.addPoint( + Waypoint(point.latitude, point.longitude, point.elevation, point.name)) + + try: + geoArtifactHelper.addRoute(None, None, geoWaypoints, None) + except Blackboard.BlackboardException as e: + self.log("Error posting GPS route artifact for " + file.getUniquePath() + + " (objID = " + str(file.getId()) + "):" + e.getMessage()) + except TskCoreException as e: + self.log(Level.SEVERE, "Error creating GPS route artifact for " + + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + e.getMessage()) + + return IngestModule.ProcessResult.OK + + # Where any shutdown code is run and resources are freed. + + def shutDown(self): + # As a final part of this example, we'll send a message to the ingest inbox with the number of files found (in this thread) + message = IngestMessage.createMessage( + IngestMessage.MessageType.DATA, SampleJythonFileIngestModuleFactory.moduleName, + str(self.filesFound) + " files found") + ingestServices = IngestServices.getInstance().postMessage(message) From f6be62c09097fb0e7b9d62a6212d1c78e204bb42 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 15 Apr 2020 16:27:03 -0400 Subject: [PATCH 2/7] syntax updates --- InternalPythonModules/GPX_Module/GPX_Parser_Module.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py index 73952a341d..f4a83c1995 100644 --- a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py +++ b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py @@ -92,7 +92,7 @@ class GPXParserDataSourceIngestModule(FileIngestModule): logger = Logger.getLogger( GPXParserDataSourceIngestModuleFactory.moduleName) - writeDebugMsgs = False + writeDebugMsgs = True def log(self, level, msg): self.logger.logp(level, self.__class__.__name__, @@ -136,8 +136,6 @@ class GPXParserDataSourceIngestModule(FileIngestModule): self.log(Level.INFO, "Processing " + file.getUniquePath() + " (objID = " + str(file.getId()) + ")") - self.fileCount += 1 - # Write the file so that it can be parsed by gpxpy. localFile = File(fileName) ContentUtils.writeToFile(file, localFile) @@ -152,7 +150,7 @@ class GPXParserDataSourceIngestModule(FileIngestModule): except Exception as e: self.log(Level.WARNING, "Error parsing file " + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + str(e)) - continue + return IngestModule.ProcessResult.ERROR if gpx: if self.writeDebugMsgs: @@ -242,6 +240,7 @@ class GPXParserDataSourceIngestModule(FileIngestModule): self.log(Level.SEVERE, "Error creating GPS route artifact for " + file.getUniquePath() + " (objID = " + str(file.getId()) + "):" + e.getMessage()) + self.fileCount += 1 return IngestModule.ProcessResult.OK # Where any shutdown code is run and resources are freed. From 43152e56f3fc768827ed6cecb174c4cfda2f1d8f Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Thu, 16 Apr 2020 09:16:22 -0400 Subject: [PATCH 3/7] bug fixes --- .../GPX_Module/GPX_Parser_Module.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py index f4a83c1995..d73a55555e 100644 --- a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py +++ b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py @@ -105,6 +105,10 @@ class GPXParserDataSourceIngestModule(FileIngestModule): # Get the module name, it will be needed for adding attributes self.moduleName = GPXParserDataSourceIngestModuleFactory.moduleName + # Get the case database and its blackboard. + self.skCase = Case.getCurrentCase().getSleuthkitCase() + self.blackboard = self.skCase.getBlackboard() + # Check if a folder for this module is present in the case Temp directory. # If not, create it. self.dirName = os.path.join( @@ -118,7 +122,7 @@ class GPXParserDataSourceIngestModule(FileIngestModule): def startUp(self, context): self.context = context - self.fileFound = 0 + self.fileCount = 0 # Where the file analysis is done. def process(self, file): @@ -130,7 +134,7 @@ class GPXParserDataSourceIngestModule(FileIngestModule): fileName = os.path.join(self.dirName, uuid.uuid4().hex + ".gpx") # Create a GeoArtifactsHelper for this file. - geoArtifactHelper = GeoArtifactsHelper(skCase, moduleName, None, file) + geoArtifactHelper = GeoArtifactsHelper(self.skCase, self.moduleName, None, file) if self.writeDebugMsgs: self.log(Level.INFO, "Processing " + file.getUniquePath() + @@ -210,7 +214,7 @@ class GPXParserDataSourceIngestModule(FileIngestModule): BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), moduleName, "GPXParser")) art.addAttributes(attributes) - blackboard.postArtifact(art, moduleName) + self.blackboard.postArtifact(art, self.moduleName) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error posting GPS bookmark artifact for " + @@ -248,6 +252,6 @@ class GPXParserDataSourceIngestModule(FileIngestModule): def shutDown(self): # As a final part of this example, we'll send a message to the ingest inbox with the number of files found (in this thread) message = IngestMessage.createMessage( - IngestMessage.MessageType.DATA, SampleJythonFileIngestModuleFactory.moduleName, - str(self.filesFound) + " files found") + IngestMessage.MessageType.DATA, GPXParserDataSourceIngestModuleFactory.moduleName, + str(self.fileCount) + " files found") ingestServices = IngestServices.getInstance().postMessage(message) From 1d5b9d4089fa9cd7df00e91c12c9d0c1a77b266e Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Thu, 16 Apr 2020 09:17:38 -0400 Subject: [PATCH 4/7] turn off debug --- InternalPythonModules/GPX_Module/GPX_Parser_Module.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py index d73a55555e..f8e3f04522 100644 --- a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py +++ b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py @@ -92,7 +92,7 @@ class GPXParserDataSourceIngestModule(FileIngestModule): logger = Logger.getLogger( GPXParserDataSourceIngestModuleFactory.moduleName) - writeDebugMsgs = True + writeDebugMsgs = False def log(self, level, msg): self.logger.logp(level, self.__class__.__name__, From 7e35e479f986e7bcb2745f87c2aac0e42b78ac47 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Thu, 16 Apr 2020 09:34:28 -0400 Subject: [PATCH 5/7] more bug fixes --- InternalPythonModules/GPX_Module/GPX_Parser_Module.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py index f8e3f04522..35b18847d1 100644 --- a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py +++ b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py @@ -203,15 +203,15 @@ class GPXParserDataSourceIngestModule(FileIngestModule): attributes = ArrayList() attributes.add(BlackboardAttribute( - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(), moduleName, waypoint.latitude)) + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(), self.moduleName, waypoint.latitude)) attributes.add(BlackboardAttribute( - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID(), moduleName, waypoint.longitude)) + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID(), self.moduleName, waypoint.longitude)) attributes.add(BlackboardAttribute( - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FLAG.getTypeID(), moduleName, "Waypoint")) + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FLAG.getTypeID(), self.moduleName, "Waypoint")) attributes.add(BlackboardAttribute( - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, waypoint.name)) + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self.moduleName, waypoint.name)) attributes.add(BlackboardAttribute( - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), moduleName, "GPXParser")) + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), self.moduleName, "GPXParser")) art.addAttributes(attributes) self.blackboard.postArtifact(art, self.moduleName) From cb66620dba9972b62b409cb0a6af6aa81e3d808a Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Thu, 16 Apr 2020 13:04:38 -0400 Subject: [PATCH 6/7] updates to remove datasource mentions --- .../GPX_Module/GPX_Parser_Module.py | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py index 35b18847d1..d77b9e6278 100644 --- a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py +++ b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py @@ -44,7 +44,6 @@ from org.sleuthkit.datamodel.blackboardutils.attributes.GeoTrackPoints import Tr from org.sleuthkit.autopsy.datamodel import ContentUtils from org.sleuthkit.autopsy.ingest import IngestModule from org.sleuthkit.autopsy.ingest.IngestModule import IngestModuleException -from org.sleuthkit.autopsy.ingest import DataSourceIngestModule from org.sleuthkit.autopsy.ingest import FileIngestModule from org.sleuthkit.autopsy.ingest import IngestModuleFactoryAdapter from org.sleuthkit.autopsy.ingest import IngestMessage @@ -65,9 +64,7 @@ import uuid # Factory that defines the name and details of the module and allows Autopsy # to create instances of the modules that will do the analysis. - - -class GPXParserDataSourceIngestModuleFactory(IngestModuleFactoryAdapter): +class GPXParserFileIngestModuleFactory(IngestModuleFactoryAdapter): moduleName = "GPX Parser" @@ -84,14 +81,14 @@ class GPXParserDataSourceIngestModuleFactory(IngestModuleFactoryAdapter): return True def createFileIngestModule(self, ingestOptions): - return GPXParserDataSourceIngestModule() + return GPXParserFileIngestModule() -# Data Source-level ingest module. One gets created per data source. -class GPXParserDataSourceIngestModule(FileIngestModule): +# File level ingest module. +class GPXParserFileIngestModule(FileIngestModule): logger = Logger.getLogger( - GPXParserDataSourceIngestModuleFactory.moduleName) + GPXParserFileIngestModuleFactory.moduleName) writeDebugMsgs = False def log(self, level, msg): @@ -103,7 +100,7 @@ class GPXParserDataSourceIngestModule(FileIngestModule): self.fileCount = 0 # Get the module name, it will be needed for adding attributes - self.moduleName = GPXParserDataSourceIngestModuleFactory.moduleName + self.moduleName = GPXParserFileIngestModuleFactory.moduleName # Get the case database and its blackboard. self.skCase = Case.getCurrentCase().getSleuthkitCase() @@ -247,11 +244,9 @@ class GPXParserDataSourceIngestModule(FileIngestModule): self.fileCount += 1 return IngestModule.ProcessResult.OK - # Where any shutdown code is run and resources are freed. def shutDown(self): - # As a final part of this example, we'll send a message to the ingest inbox with the number of files found (in this thread) message = IngestMessage.createMessage( - IngestMessage.MessageType.DATA, GPXParserDataSourceIngestModuleFactory.moduleName, + IngestMessage.MessageType.DATA, GPXParserFileIngestModuleFactory.moduleName, str(self.fileCount) + " files found") ingestServices = IngestServices.getInstance().postMessage(message) From 846881136cc0a9c7e4aaf20534b3ae7f0c2b375b Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Thu, 16 Apr 2020 13:05:10 -0400 Subject: [PATCH 7/7] formatting --- InternalPythonModules/GPX_Module/GPX_Parser_Module.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py index d77b9e6278..0e4face2bc 100644 --- a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py +++ b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py @@ -64,6 +64,8 @@ import uuid # Factory that defines the name and details of the module and allows Autopsy # to create instances of the modules that will do the analysis. + + class GPXParserFileIngestModuleFactory(IngestModuleFactoryAdapter): moduleName = "GPX Parser" @@ -131,7 +133,8 @@ class GPXParserFileIngestModule(FileIngestModule): fileName = os.path.join(self.dirName, uuid.uuid4().hex + ".gpx") # Create a GeoArtifactsHelper for this file. - geoArtifactHelper = GeoArtifactsHelper(self.skCase, self.moduleName, None, file) + geoArtifactHelper = GeoArtifactsHelper( + self.skCase, self.moduleName, None, file) if self.writeDebugMsgs: self.log(Level.INFO, "Processing " + file.getUniquePath() + @@ -244,7 +247,6 @@ class GPXParserFileIngestModule(FileIngestModule): self.fileCount += 1 return IngestModule.ProcessResult.OK - def shutDown(self): message = IngestMessage.createMessage( IngestMessage.MessageType.DATA, GPXParserFileIngestModuleFactory.moduleName,