mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-19 19:14:55 +00:00
Fix blackboard code
This commit is contained in:
Joe Ho
parent
12870f0fd1
commit
0e45fb99a8
@ -21,7 +21,6 @@ package org.sleuthkit.autopsy.logicalimager.dsp;
|
|||||||
import java.io.BufferedReader;
|
import java.io.BufferedReader;
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.io.FilenameFilter;
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStreamReader;
|
import java.io.InputStreamReader;
|
||||||
import java.nio.file.Path;
|
import java.nio.file.Path;
|
||||||
@ -60,6 +59,7 @@ final class AddLogicalImageTask implements Runnable {
|
|||||||
private final static String SEARCH_RESULTS_TXT = "SearchResults.txt"; //NON-NLS
|
private final static String SEARCH_RESULTS_TXT = "SearchResults.txt"; //NON-NLS
|
||||||
private final static String USERS_TXT = "users.txt"; //NON-NLS
|
private final static String USERS_TXT = "users.txt"; //NON-NLS
|
||||||
private final static String MODULE_NAME = "Logical Imager"; //NON-NLS
|
private final static String MODULE_NAME = "Logical Imager"; //NON-NLS
|
||||||
|
private final static String ROOT_STR = "root"; // NON-NLS
|
||||||
private final String deviceId;
|
private final String deviceId;
|
||||||
private final String timeZone;
|
private final String timeZone;
|
||||||
private final File src;
|
private final File src;
|
||||||
@ -174,24 +174,18 @@ final class AddLogicalImageTask implements Runnable {
|
|||||||
|
|
||||||
if (imagePaths.isEmpty()) {
|
if (imagePaths.isEmpty()) {
|
||||||
createVHD = false;
|
createVHD = false;
|
||||||
// No VHD in src directory, try ingest directories using Logical File Set
|
// No VHD in src directory, try ingest the root directory using Logical File Set
|
||||||
String[] directories = dest.list(new FilenameFilter() {
|
File root = Paths.get(dest.toString(), ROOT_STR).toFile();
|
||||||
@Override
|
if (root.exists() && root.isDirectory()) {
|
||||||
public boolean accept(File dir, String name) {
|
imagePaths.add(root.getAbsolutePath());
|
||||||
return Paths.get(dir.toString(), name).toFile().isDirectory();
|
} else {
|
||||||
}
|
|
||||||
});
|
|
||||||
// for (String dir : directories) {
|
|
||||||
imagePaths.add(Paths.get(dest.toString(), "root").toFile().getAbsolutePath());
|
|
||||||
// }
|
|
||||||
if (imagePaths.isEmpty()) {
|
|
||||||
String msg = Bundle.AddLogicalImageTask_directoryDoesNotContainSparseImage(dest);
|
String msg = Bundle.AddLogicalImageTask_directoryDoesNotContainSparseImage(dest);
|
||||||
errorList.add(msg);
|
errorList.add(msg);
|
||||||
callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources);
|
callback.done(DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS, errorList, emptyDataSources);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
// ingest the directories
|
// ingest the root directory
|
||||||
FileManager fileManager = Case.getCurrentCase().getServices().getFileManager();
|
FileManager fileManager = Case.getCurrentCase().getServices().getFileManager();
|
||||||
try {
|
try {
|
||||||
LocalFilesDataSource newDataSource = fileManager.addLocalFilesDataSource(deviceId, "", "", imagePaths, new ProgressUpdater());
|
LocalFilesDataSource newDataSource = fileManager.addLocalFilesDataSource(deviceId, "", "", imagePaths, new ProgressUpdater());
|
||||||
@ -204,17 +198,14 @@ final class AddLogicalImageTask implements Runnable {
|
|||||||
|
|
||||||
} else {
|
} else {
|
||||||
createVHD = true;
|
createVHD = true;
|
||||||
|
|
||||||
// ingest the VHDs
|
// ingest the VHDs
|
||||||
try {
|
try {
|
||||||
addMultipleImageTask = new AddMultipleImageTask(deviceId, imagePaths, timeZone , progressMonitor, callback);
|
addMultipleImageTask = new AddMultipleImageTask(deviceId, imagePaths, timeZone , progressMonitor, callback);
|
||||||
addMultipleImageTask.run();
|
addMultipleImageTask.run();
|
||||||
|
|
||||||
if (addMultipleImageTask.getResult() == DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS) {
|
if (addMultipleImageTask.getResult() == DataSourceProcessorCallback.DataSourceProcessorResult.CRITICAL_ERRORS) {
|
||||||
callback.done(addMultipleImageTask.getResult(), addMultipleImageTask.getErrorMessages(), addMultipleImageTask.getNewDataSources());
|
callback.done(addMultipleImageTask.getResult(), addMultipleImageTask.getErrorMessages(), addMultipleImageTask.getNewDataSources());
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
} catch (NoCurrentCaseException ex) {
|
} catch (NoCurrentCaseException ex) {
|
||||||
String msg = Bundle.AddLogicalImageTask_noCurrentCase();
|
String msg = Bundle.AddLogicalImageTask_noCurrentCase();
|
||||||
errorList.add(msg);
|
errorList.add(msg);
|
||||||
@ -295,6 +286,7 @@ final class AddLogicalImageTask implements Runnable {
|
|||||||
|
|
||||||
try (BufferedReader br = new BufferedReader(new InputStreamReader(
|
try (BufferedReader br = new BufferedReader(new InputStreamReader(
|
||||||
new FileInputStream(resultsPath.toFile()), "UTF8"))) { // NON-NLS
|
new FileInputStream(resultsPath.toFile()), "UTF8"))) { // NON-NLS
|
||||||
|
List<BlackboardArtifact> artifacts = new ArrayList<>();
|
||||||
String line;
|
String line;
|
||||||
br.readLine(); // skip the header line
|
br.readLine(); // skip the header line
|
||||||
int lineNumber = 2;
|
int lineNumber = 2;
|
||||||
@ -324,40 +316,40 @@ final class AddLogicalImageTask implements Runnable {
|
|||||||
dataSourceObjId.toString(), fileMetaAddressStr, filename.replace("'", "''"));
|
dataSourceObjId.toString(), fileMetaAddressStr, filename.replace("'", "''"));
|
||||||
} else {
|
} else {
|
||||||
String parentPath = fields[8];
|
String parentPath = fields[8];
|
||||||
targetImagePath = Paths.get("root", vhdFilename).toString();
|
targetImagePath = Paths.get(ROOT_STR, vhdFilename).toString();
|
||||||
String tmpRootPath = targetImagePath.replace(".vhd", "").replace("\\", "/");
|
String tmpRootPath = targetImagePath.replace(".vhd", "").replace("\\", "/");
|
||||||
String searchParentPath = "/" + tmpRootPath + "/" + parentPath;
|
String searchParentPath = "/" + tmpRootPath + "/" + parentPath;
|
||||||
query = String.format("name = '%s' AND parent_path = '%s'", // NON-NLS
|
query = String.format("name = '%s' AND parent_path = '%s'", // NON-NLS
|
||||||
filename.replace("'", "''"), searchParentPath.replace("'", "''"));
|
filename.replace("'", "''"), searchParentPath.replace("'", "''"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO - findAllFilesWhere should SQL-escape the query
|
||||||
List<AbstractFile> matchedFiles = Case.getCurrentCase().getSleuthkitCase().findAllFilesWhere(query);
|
List<AbstractFile> matchedFiles = Case.getCurrentCase().getSleuthkitCase().findAllFilesWhere(query);
|
||||||
for (AbstractFile file : matchedFiles) {
|
for (AbstractFile file : matchedFiles) {
|
||||||
addInterestingFile(file, ruleSetName, ruleName);
|
addInterestingFileToArtifacts(file, ruleSetName, ruleName, artifacts);
|
||||||
}
|
}
|
||||||
lineNumber++;
|
lineNumber++;
|
||||||
|
} // end reading file
|
||||||
|
|
||||||
|
try {
|
||||||
|
// index the artifact for keyword search
|
||||||
|
blackboard.postArtifacts(artifacts, MODULE_NAME);
|
||||||
|
} catch (Blackboard.BlackboardException ex) {
|
||||||
|
LOGGER.log(Level.SEVERE, "Unable to post artifacts to blackboard", ex); //NON-NLS
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME,
|
|
||||||
// BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private void addInterestingFile(AbstractFile file, String ruleSetName, String ruleName) throws TskCoreException {
|
private void addInterestingFileToArtifacts(AbstractFile file, String ruleSetName, String ruleName, List<BlackboardArtifact> artifacts) throws TskCoreException {
|
||||||
Collection<BlackboardAttribute> attributes = new ArrayList<>();
|
Collection<BlackboardAttribute> attributes = new ArrayList<>();
|
||||||
BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, ruleSetName);
|
BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, ruleSetName);
|
||||||
attributes.add(setNameAttribute);
|
attributes.add(setNameAttribute);
|
||||||
BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, ruleName);
|
BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, ruleName);
|
||||||
attributes.add(ruleNameAttribute);
|
attributes.add(ruleNameAttribute);
|
||||||
Blackboard tskBlackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard();
|
if (!blackboard.artifactExists(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) {
|
||||||
if (!tskBlackboard.artifactExists(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) {
|
|
||||||
BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
|
BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
|
||||||
artifact.addAttributes(attributes);
|
artifact.addAttributes(attributes);
|
||||||
try {
|
artifacts.add(artifact);
|
||||||
// index the artifact for keyword search
|
|
||||||
blackboard.postArtifact(artifact, MODULE_NAME);
|
|
||||||
} catch (Blackboard.BlackboardException ex) {
|
|
||||||
LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user