6865 fix alternate filter use for domains

This commit is contained in:
William Schaefer 2020-09-21 13:57:11 -04:00
parent 7c652b384c
commit 0f0f7022b7

View File

@ -59,23 +59,25 @@ class DomainSearchCacheLoader extends CacheLoader<SearchKey, Map<GroupKey, List<
public Map<GroupKey, List<Result>> load(SearchKey key) throws DiscoveryException, SQLException, TskCoreException { public Map<GroupKey, List<Result>> load(SearchKey key) throws DiscoveryException, SQLException, TskCoreException {
List<Result> domainResults = getResultDomainsFromDatabase(key); List<Result> domainResults = getResultDomainsFromDatabase(key);
//manually add the attributes for filters which use alternate non filters and could be used by grouping or sorting
DiscoveryAttributes.FrequencyAttribute freqAttr = new DiscoveryAttributes.FrequencyAttribute();
freqAttr.addAttributeToResults(domainResults, key.getSleuthkitCase(), key.getCentralRepository());
// Apply secondary in memory filters // Apply secondary in memory filters
for (AbstractFilter filter : key.getFilters()) { for (AbstractFilter filter : key.getFilters()) {
if (filter.useAlternateFilter()) { if (filter.useAlternateFilter()) {
domainResults = filter.applyAlternateFilter(domainResults, key.getSleuthkitCase(), key.getCentralRepository()); domainResults = filter.applyAlternateFilter(domainResults, key.getSleuthkitCase(), key.getCentralRepository());
} }
} }
// Grouping by CR Frequency, for example, will require further processing // Grouping by CR Frequency, for example, will require further processing
// in order to make the correct decision. The attribute types that require // in order to make the correct decision. The attribute types that require
// more information implement their logic by overriding `addAttributeToResults`. // more information implement their logic by overriding `addAttributeToResults`.
List<AttributeType> searchAttributes = new ArrayList<>(); List<AttributeType> searchAttributes = new ArrayList<>();
searchAttributes.add(key.getGroupAttributeType()); searchAttributes.add(key.getGroupAttributeType());
searchAttributes.addAll(key.getFileSortingMethod().getRequiredAttributes()); searchAttributes.addAll(key.getFileSortingMethod().getRequiredAttributes());
for (AttributeType attr : searchAttributes) { for (AttributeType attr : searchAttributes) {
attr.addAttributeToResults(domainResults, attr.addAttributeToResults(domainResults,
key.getSleuthkitCase(), key.getCentralRepository()); key.getSleuthkitCase(), key.getCentralRepository());
} }
@ -244,11 +246,13 @@ class DomainSearchCacheLoader extends CacheLoader<SearchKey, Map<GroupKey, List<
private final SleuthkitCase skc; private final SleuthkitCase skc;
private SQLException sqlCause; private SQLException sqlCause;
private TskCoreException coreCause; private TskCoreException coreCause;
private final Set<String> bannedDomains = new HashSet<String>() {{ private final Set<String> bannedDomains = new HashSet<String>() {
add("localhost"); {
add("127.0.0.1"); add("localhost");
}}; add("127.0.0.1");
}
};
/** /**
* Construct a new DomainCallback object. * Construct a new DomainCallback object.
@ -267,13 +271,13 @@ class DomainSearchCacheLoader extends CacheLoader<SearchKey, Map<GroupKey, List<
while (resultSet.next()) { while (resultSet.next()) {
String domain = resultSet.getString("domain"); String domain = resultSet.getString("domain");
if (bannedDomains.contains(domain)) { if (bannedDomains.contains(domain)) {
// Skip banned domains // Skip banned domains
// Domain names are lowercased in the SQL query // Domain names are lowercased in the SQL query
continue; continue;
} }
Long activityStart = resultSet.getLong("activity_start"); Long activityStart = resultSet.getLong("activity_start");
if (resultSet.wasNull()) { if (resultSet.wasNull()) {
activityStart = null; activityStart = null;