From 166a61d9358db634d46bc1a7c5c93d22bedb03d1 Mon Sep 17 00:00:00 2001
From: Richard Cordovano <rcordovano@basistech.com>
Date: Wed, 16 Jul 2014 15:22:56 -0400
Subject: [PATCH] Remove discarded first draft files for Jython ingest modules,
 improve samples

---
 .../examples/SampleJythonIngestModule.py      | 104 +++++++++++++++---
 .../SampleJythonIngestModuleMetadata.xml      |   8 --
 .../ingest/IngestModuleFactoryLoader.java     |   1 -
 3 files changed, 88 insertions(+), 25 deletions(-)
 delete mode 100755 Core/src/org/sleuthkit/autopsy/examples/SampleJythonIngestModuleMetadata.xml

diff --git a/Core/src/org/sleuthkit/autopsy/examples/SampleJythonIngestModule.py b/Core/src/org/sleuthkit/autopsy/examples/SampleJythonIngestModule.py
index f559bb2abb..9731cc7704 100755
--- a/Core/src/org/sleuthkit/autopsy/examples/SampleJythonIngestModule.py
+++ b/Core/src/org/sleuthkit/autopsy/examples/SampleJythonIngestModule.py
@@ -1,32 +1,98 @@
 import jarray
-from org.sleuthkit.autopsy.ingest import FileIngestModule
+from java.lang import System
+from org.sleuthkit.datamodel import SleuthkitCase
 from org.sleuthkit.datamodel import AbstractFile
 from org.sleuthkit.datamodel import ReadContentInputStream
 from org.sleuthkit.datamodel import BlackboardArtifact
 from org.sleuthkit.datamodel import BlackboardAttribute
+from org.sleuthkit.autopsy.ingest import IngestModule
+from org.sleuthkit.autopsy.ingest import DataSourceIngestModule
+from org.sleuthkit.autopsy.ingest import FileIngestModule
 from org.sleuthkit.autopsy.ingest import IngestModuleFactoryAdapter
- 
+from org.sleuthkit.autopsy.ingest import IngestMessage
+from org.sleuthkit.autopsy.ingest import IngestServices
+from org.sleuthkit.autopsy.casemodule import Case
+from org.sleuthkit.autopsy.casemodule.services import Services
+from org.sleuthkit.autopsy.casemodule.services import FileManager
+
+class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
+
+    def __init__(self):
+        self.context = None
+
+    def startUp(self, context):
+        self.context = context
+
+    def process(self, dataSource, progressBar):
+		if self.context.isJobCancelled():
+			return IngestModule.ProcessResult.OK
+
+		# There are two tasks to do.
+		progressBar.switchToDeterminate(2)
+
+		autopsyCase = Case.getCurrentCase()
+		sleuthkitCase = autopsyCase.getSleuthkitCase()
+		services = Services(sleuthkitCase)
+		fileManager = services.getFileManager()
+
+		#Get count of files with .doc extension.
+		fileCount = 0;
+		docFiles = fileManager.findFiles(dataSource, "%.doc")
+		for docFile in docFiles:
+			fileCount += 1
+		progressBar.progress(1)
+
+		if self.context.isJobCancelled():
+			return IngestModule.ProcessResult.OK
+
+		# Get files by creation time.
+		currentTime = System.currentTimeMillis() / 1000
+		minTime = currentTime - (14 * 24 * 60 * 60) # Go back two weeks.
+		otherFiles = sleuthkitCase.findFilesWhere("crtime > %d" % minTime)
+		for otherFile in otherFiles:
+			fileCount += 1
+		progressBar.progress(1);
+
+		if self.context.isJobCancelled():
+			return IngestModule.ProcessResult.OK;
+
+		#Post a message to the ingest messages in box.
+		# message = IngestMessage.createMessage(IngestMessage.MessageType.DATA, "SampleJythonDataSourceIngestModule", "Found %d files" % fileCount)
+		# IngestServices.getInstance().postMessage(message)
+
+		return IngestModule.ProcessResult.OK;
+
+        
 class SampleJythonFileIngestModule(FileIngestModule):
 
     def startUp(self, context):
         pass
 
     def process(self, file):
-        # Read the contents of the file.
-        inputStream = ReadContentInputStream(file)
-        buffer = jarray.zeros(1024, "b")
-        totLen = 0
-        len = inputStream.read(buffer)
-        while (len != -1):
-            totLen = totLen + len
-            len = inputStream.read(buffer)
+		# If the file has a txt extension, post an artifact to the blackboard.
+		if file.getName().endswith("txt"):
+			art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)
+			att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), "SampleJythonFileIngestModule", "Text file")
+			art.addAttribute(att)
 
-        # If the file has a txtr extension, post an artifact to the blackboard.
-        if file.getName().endswith("txt"):
-            # Make an artifact
-            art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)
-            att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), "pythonModule", "Text FILE")
-            art.addAttribute(att)
+			# Read the contents of the file.
+			inputStream = ReadContentInputStream(file)
+			buffer = jarray.zeros(1024, "b")
+			totLen = 0
+			len = inputStream.read(buffer)
+			while (len != -1):
+				totLen = totLen + len
+				len = inputStream.read(buffer)
+
+			# Send the size of the file to the ingest messages in box. 
+			#msgText = "Size of %s is %d bytes" % ((file.getName(), totLen))
+			#message = IngestMessage.createMessage(IngestMessage.MessageType.DATA, "SampleJythonFileIngestModule", msgText)
+			#ingestServices = IngestServices.getInstance().postMessage(message)
+
+		return IngestModule.ProcessResult.OK
+
+    def shutDown(self):
+        pass
 
 class SampleJythonIngestModuleFactory(IngestModuleFactoryAdapter):
 
@@ -39,6 +105,12 @@ class SampleJythonIngestModuleFactory(IngestModuleFactoryAdapter):
     def getModuleVersionNumber(self):
         return "1.0"
 
+    def isDataSourceIngestModuleFactory(self):
+        return True
+
+    def createDataSourceIngestModule(self, ingestOptions):
+        return SampleJythonDataSourceIngestModule()
+
     def isFileIngestModuleFactory(self):
         return True
 
diff --git a/Core/src/org/sleuthkit/autopsy/examples/SampleJythonIngestModuleMetadata.xml b/Core/src/org/sleuthkit/autopsy/examples/SampleJythonIngestModuleMetadata.xml
deleted file mode 100755
index 6d6f459977..0000000000
--- a/Core/src/org/sleuthkit/autopsy/examples/SampleJythonIngestModuleMetadata.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<IngestModule>
-	<DisplayName>Sample Jython Ingest Module</DisplayName>
-	<Description>A sample Jython ingest module.</Description>
-	<Version>1.0</Version>
-	<DataSourceIngestModuleClassName>SampleJythonDataSourceIngestModule</DataSourceIngestModule>
-	<FileIngestModuleClassName>SampleJythonFileIngestModule</FileIngestModule>
-</IngestModule>
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java
index a3c1094035..f4502a7670 100644
--- a/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java
+++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java
@@ -31,7 +31,6 @@ import org.python.util.PythonInterpreter;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.autopsy.examples.SampleExecutableIngestModuleFactory;
 import org.sleuthkit.autopsy.examples.SampleIngestModuleFactory;
-import org.sleuthkit.autopsy.ingest.JythonIngestModuleFactory.JythonIngestModuleFactoryException;
 import org.sleuthkit.autopsy.modules.android.AndroidModuleFactory;
 import org.sleuthkit.autopsy.modules.e01verify.E01VerifierModuleFactory;
 import org.sleuthkit.autopsy.modules.exif.ExifParserModuleFactory;