mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-20 11:26:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve plaso modules getAbstractFile() method to be more robust; use try-with-resources

Browse Source
This commit is contained in:
millmanorama 2018-09-12 17:51:52 +02:00
parent d3429c2c97
commit 15af1e03d0
1 changed files with 57 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java
View File

@ -20,6 +20,7 @@ package org.sleuthkit.autopsy.modules.plaso;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths; import java.nio.file.Paths;
import java.sql.ResultSet; import java.sql.ResultSet;
import java.sql.SQLException; import java.sql.SQLException;
@ -43,6 +44,7 @@ import org.sleuthkit.autopsy.ingest.IngestJobContext;
import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT; import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
@ -270,9 +272,9 @@ public class PlasoIngestModule implements DataSourceIngestModule {
String connectionString = "jdbc:sqlite:" + plasoDb; //NON-NLS String connectionString = "jdbc:sqlite:" + plasoDb; //NON-NLS
String sqlStatement = "select substr(filename,1) filename, strftime('%s', datetime) 'epoch_date', description, source, type, sourcetype \n" String sqlStatement = "select substr(filename,1) filename, strftime('%s', datetime) 'epoch_date', description, source, type, sourcetype \n"
+ " from log2timeline where source not in ('FILE') and sourcetype not in ('UNKNOWN');"; + " from log2timeline where source not in ('FILE') and sourcetype not in ('UNKNOWN');";
try {
SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); //NON-NLS try (SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", connectionString); //NON-NLS
try (ResultSet resultSet = tempdbconnect.executeQry(sqlStatement)) { ResultSet resultSet = tempdbconnect.executeQry(sqlStatement)) {
while (resultSet.next()) { while (resultSet.next()) {
if (context.dataSourceIngestIsCancelled()) { if (context.dataSourceIngestIsCancelled()) {
logger.log(Level.INFO, Bundle.PlasoIngestModule_create_artifacts_cancelled()); //NON-NLS logger.log(Level.INFO, Bundle.PlasoIngestModule_create_artifacts_cancelled()); //NON-NLS
@ -313,12 +315,12 @@ public class PlasoIngestModule implements DataSourceIngestModule {
bbart.addAttributes(bbattributes); bbart.addAttributes(bbattributes);
try { try {
/* /*
* post the artifact which will index the artifact * post the artifact which will index the artifact for
* for keyword search, and fire an event to notify * keyword search, and fire an event to notify UI of
* UI of this new artifact * this new artifact
*/ */
blackboard.postArtifact(bbart, MODULE_NAME); blackboard.postArtifact(bbart, MODULE_NAME);
} catch (org.sleuthkit.datamodel.Blackboard.BlackboardException ex) { } catch (BlackboardException ex) {
logger.log(Level.INFO, Bundle.PlasoIngestModule_exception_posting_artifact(), ex); //NON-NLS logger.log(Level.INFO, Bundle.PlasoIngestModule_exception_posting_artifact(), ex); //NON-NLS
} }
@ -326,8 +328,6 @@ public class PlasoIngestModule implements DataSourceIngestModule {
logger.log(Level.INFO, Bundle.PlasoIngestModule_exception_adding_artifact(), ex); logger.log(Level.INFO, Bundle.PlasoIngestModule_exception_adding_artifact(), ex);
} }
} }
}
tempdbconnect.closeConnection();
} catch (SQLException ex) { } catch (SQLException ex) {
logger.log(Level.SEVERE, Bundle.PlasoIngestModule_exception_database_error(), ex); //NON-NLS logger.log(Level.SEVERE, Bundle.PlasoIngestModule_exception_database_error(), ex); //NON-NLS
} }
@ -336,12 +336,12 @@ public class PlasoIngestModule implements DataSourceIngestModule {
@NbBundle.Messages({"PlasoIngestModule_exception_find_file=Exception finding file."}) @NbBundle.Messages({"PlasoIngestModule_exception_find_file=Exception finding file."})
private AbstractFile getAbstractFile(String file) { private AbstractFile getAbstractFile(String file) {
List<AbstractFile> abstractFiles; Path path = Paths.get(file);
File eventFile = new File(file.replaceAll("\\\\", "/")); String fileName = path.getFileName().toString();
String fileName = eventFile.getName().toLowerCase(); String filePath = path.getParent().toString().replaceAll("\\\\", "/");
String filePath = eventFile.getParent(); if (filePath.endsWith("/") == false) {
filePath = filePath.replaceAll("\\\\", "/"); filePath += "/";
filePath = filePath.toLowerCase() + "/"; }
// check the cached file // check the cached file
if (previousFile != null if (previousFile != null
@ -351,7 +351,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
} }
try { try {
abstractFiles = fileManager.findFiles(fileName, filePath); List<AbstractFile> abstractFiles = fileManager.findFiles(fileName, filePath);
if (abstractFiles.size() == 1) { if (abstractFiles.size() == 1) {
return abstractFiles.get(0); return abstractFiles.get(0);
} }