From 1e1e01098082d63cf6aade95eeeb33994626e10c Mon Sep 17 00:00:00 2001 From: Kelly Kelly Date: Mon, 25 Feb 2019 10:05:17 -0500 Subject: [PATCH] Made changes based on review comments, including the addition of NON-NLS and changing hashtable to hashmap --- .../autopsy/recentactivity/Extract.java | 12 +- .../autopsy/recentactivity/ExtractEdge.java | 156 +++++++++--------- 2 files changed, 90 insertions(+), 78 deletions(-) diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java index 466fbb6997..7ab22b4850 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java @@ -201,11 +201,19 @@ abstract class Extract { return moduleName; } + /** + * Returns the state of foundData + * @return + */ public boolean foundData() { return dataFound; } - protected void setFoundData(boolean b){ - dataFound = b; + /** + * Sets the value of foundData + * @param foundData + */ + protected void setFoundData(boolean foundData){ + dataFound = foundData; } } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractEdge.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractEdge.java index 8acfce9f87..2264a83850 100755 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractEdge.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractEdge.java @@ -29,7 +29,7 @@ import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; -import java.util.Hashtable; +import java.util.HashMap; import java.util.List; import java.util.Scanner; import java.util.logging.Level; @@ -62,42 +62,42 @@ final class ExtractEdge extends Extract { private final Path moduleTempResultPath; private Content dataSource; private IngestJobContext context; - private Hashtable> containersTable; + private HashMap> containersTable; - private static final String EDGE = "Edge"; + private static final String EDGE = "Edge"; //NON-NLS - private static final String EDGE_KEYWORD_VISIT = "Visited:"; - private static final String IGNORE_COMMA_IN_QUOTES_REGEX = ",(?=(?:[^\"]*\"[^\"]*\")*[^\"]*$)"; + private static final String EDGE_KEYWORD_VISIT = "Visited:"; //NON-NLS + private static final String IGNORE_COMMA_IN_QUOTES_REGEX = ",(?=(?:[^\"]*\"[^\"]*\")*[^\"]*$)"; //NON-NLS - private static final String EDGE_TABLE_TYPE_DOWNLOAD = "iedownload"; - private static final String EDGE_TABLE_TYPE_HISTORY = "History"; - private static final String EDGE_TABLE_TYPE_COOKIE = "cookie"; + private static final String EDGE_TABLE_TYPE_DOWNLOAD = "iedownload"; //NON-NLS + private static final String EDGE_TABLE_TYPE_HISTORY = "History"; //NON-NLS + private static final String EDGE_TABLE_TYPE_COOKIE = "cookie"; //NON-NLS - private static final String EDGE_HEAD_URL = "url"; - private static final String EDGE_HEAD_ACCESSTIME = "accessedtime"; - private static final String EDGE_HEAD_NAME = "name"; - private static final String EDGE_HEAD_CONTAINER_ID = "containerid"; - private static final String EDGE_HEAD_RESPONSEHEAD = "responseheaders"; - private static final String EDGE_HEAD_TITLE = "title"; - private static final String EDGE_HEAD_RDOMAIN = "rdomain"; - private static final String EDGE_HEAD_VALUE = "value"; - private static final String EDGE_HEAD_LASTMOD = "lastmodified"; + private static final String EDGE_HEAD_URL = "url"; //NON-NLS + private static final String EDGE_HEAD_ACCESSTIME = "accessedtime"; //NON-NLS + private static final String EDGE_HEAD_NAME = "name"; //NON-NLS + private static final String EDGE_HEAD_CONTAINER_ID = "containerid"; //NON-NLS + private static final String EDGE_HEAD_RESPONSEHEAD = "responseheaders"; //NON-NLS + private static final String EDGE_HEAD_TITLE = "title"; //NON-NLS + private static final String EDGE_HEAD_RDOMAIN = "rdomain"; //NON-NLS + private static final String EDGE_HEAD_VALUE = "value"; //NON-NLS + private static final String EDGE_HEAD_LASTMOD = "lastmodified"; //NON-NLS - private static final String EDGE_WEBCACHE_PREFIX = "WebCacheV01"; - private static final String EDGE_CONTAINER_FILE_PREFIX = "Container_"; - private static final String EDGE_CONTAINER_FILE_EXT = ".csv"; - private static final String EDGE_WEBCACHE_EXT = ".dat"; + private static final String EDGE_WEBCACHE_PREFIX = "WebCacheV01"; //NON-NLS + private static final String EDGE_CONTAINER_FILE_PREFIX = "Container_"; //NON-NLS + private static final String EDGE_CONTAINER_FILE_EXT = ".csv"; //NON-NLS + private static final String EDGE_WEBCACHE_EXT = ".dat"; //NON-NLS - private static final String ESE_TOOL_NAME = "ESEDatabaseView.exe"; - private static final String EDGE_WEBCACHE_NAME = "WebCacheV01.dat"; - private static final String EDGE_SPARTAN_NAME = "Spartan.edb"; - private static final String EDGE_CONTAINTERS_FILE_NAME = "Containers.csv"; - private static final String EDGE_FAVORITE_FILE_NAME = "Favorites.csv"; - private static final String EDGE_OUTPUT_FILE_NAME = "Output.txt"; - private static final String EDGE_ERROR_FILE_NAME = "File.txt"; + private static final String ESE_TOOL_NAME = "ESEDatabaseView.exe"; //NON-NLS + private static final String EDGE_WEBCACHE_NAME = "WebCacheV01.dat"; //NON-NLS + private static final String EDGE_SPARTAN_NAME = "Spartan.edb"; //NON-NLS + private static final String EDGE_CONTAINTERS_FILE_NAME = "Containers.csv"; //NON-NLS + private static final String EDGE_FAVORITE_FILE_NAME = "Favorites.csv"; //NON-NLS + private static final String EDGE_OUTPUT_FILE_NAME = "Output.txt"; //NON-NLS + private static final String EDGE_ERROR_FILE_NAME = "File.txt"; //NON-NLS - private static final String ESE_TOOL_FOLDER = "ESEDatabaseView"; - private static final String EDGE_RESULT_FOLDER_NAME = "results"; + private static final String ESE_TOOL_FOLDER = "ESEDatabaseView"; //NON-NLS + private static final String EDGE_RESULT_FOLDER_NAME = "results"; //NON-NLS private static final SimpleDateFormat DATE_FORMATTER = new SimpleDateFormat("MM/dd/yyyy hh:mm:ss a"); @@ -107,8 +107,12 @@ final class ExtractEdge extends Extract { "ExtractEdge_process_errMsg_webcacheFail=Failure processing Microsoft Edge WebCacheV01.dat file", "ExtractEdge_process_errMsg_spartanFail=Failure processing Microsoft Edge spartan.edb file", "ExtractEdge_Module_Name=Microsoft Edge", - "ExtractEdge_getHistory_containerFileNotFound=Error while trying to analyze Edge history",}) + "ExtractEdge_getHistory_containerFileNotFound=Error while trying to analyze Edge history", + }) + /** + * Extract the bookmarks, cookies, downloads and history from Microsoft Edge + */ ExtractEdge() throws NoCurrentCaseException { moduleTempResultPath = Paths.get(RAImageIngestModule.getRATempPath(Case.getCurrentCaseThrows(), EDGE), EDGE_RESULT_FOLDER_NAME); } @@ -222,7 +226,7 @@ final class ExtractEdge extends Extract { return; } - this.getCookie(webCacheFile, resultsDir); + this.getCookies(webCacheFile, resultsDir); // if (context.dataSourceIngestIsCancelled()) { // return; @@ -255,7 +259,7 @@ final class ExtractEdge extends Extract { //Run the dumper String tempSpartanFileName = EDGE_WEBCACHE_PREFIX - + Integer.toString((int) spartanFile.getId()) + EDGE_WEBCACHE_EXT; //NON-NLS + + Integer.toString((int) spartanFile.getId()) + EDGE_WEBCACHE_EXT; File tempSpartanFile = new File(RAImageIngestModule.getRATempPath(currentCase, EDGE), tempSpartanFileName); try { @@ -275,7 +279,7 @@ final class ExtractEdge extends Extract { return; } - this.getBookmark(spartanFile, resultsDir); + this.getBookmarks(spartanFile, resultsDir); } finally { tempSpartanFile.delete(); @@ -321,10 +325,10 @@ final class ExtractEdge extends Extract { } if (line.contains(EDGE_KEYWORD_VISIT)) { - BlackboardArtifact b = getHistoryArtifact(origFile, headers, line); - if (b != null) { - bbartifacts.add(b); - this.indexArtifact(b); + BlackboardArtifact ba = getHistoryArtifact(origFile, headers, line); + if (ba != null) { + bbartifacts.add(ba); + this.indexArtifact(ba); } } } @@ -348,14 +352,14 @@ final class ExtractEdge extends Extract { * @throws TskCoreException * @throws FileNotFoundException */ - private void getBookmark(AbstractFile origFile, File resultDir) throws TskCoreException { + private void getBookmarks(AbstractFile origFile, File resultDir) throws TskCoreException { Scanner fileScanner; File favoriteFile = new File(resultDir, EDGE_FAVORITE_FILE_NAME); try { fileScanner = new Scanner(new FileInputStream(favoriteFile)); } catch (FileNotFoundException ex) { - // This is a non-fatial error, if the favorites file is not found + // This is a non-fatal error, if the favorites file is not found // there might have not been any favorites\bookmarks return; } @@ -371,10 +375,10 @@ final class ExtractEdge extends Extract { continue; } - BlackboardArtifact b = getBookmarkArtifact(origFile, headers, line); - if (b != null) { - bbartifacts.add(b); - this.indexArtifact(b); + BlackboardArtifact ba = getBookmarkArtifact(origFile, headers, line); + if (ba != null) { + bbartifacts.add(ba); + this.indexArtifact(ba); } } } finally { @@ -395,7 +399,7 @@ final class ExtractEdge extends Extract { * @param resultDir Output directory of ESEDatabaseViewer * @throws TskCoreException */ - private void getCookie(AbstractFile origFile, File resultDir) throws TskCoreException { + private void getCookies(AbstractFile origFile, File resultDir) throws TskCoreException { File containerFiles[] = resultDir.listFiles((dir, name) -> name.toLowerCase().contains(EDGE_TABLE_TYPE_COOKIE)); if (containerFiles == null) { @@ -422,10 +426,10 @@ final class ExtractEdge extends Extract { continue; } - BlackboardArtifact b = getCookieArtifact(origFile, headers, line); - if (b != null) { - bbartifacts.add(b); - this.indexArtifact(b); + BlackboardArtifact ba = getCookieArtifact(origFile, headers, line); + if (ba != null) { + bbartifacts.add(ba); + this.indexArtifact(ba); } } } finally { @@ -448,7 +452,7 @@ final class ExtractEdge extends Extract { * @throws TskCoreException * @throws FileNotFoundException */ - private void getDownload(AbstractFile origFile, File resultDir) throws TskCoreException, FileNotFoundException { + private void getDownloads(AbstractFile origFile, File resultDir) throws TskCoreException, FileNotFoundException { ArrayList downloadFiles = getDownloadFiles(resultDir); if (downloadFiles == null) { @@ -476,10 +480,10 @@ final class ExtractEdge extends Extract { if (line.contains(EDGE_TABLE_TYPE_DOWNLOAD)) { - BlackboardArtifact b = getDownloadArtifact(origFile, headers, line); - if (b != null) { - bbartifacts.add(b); - this.indexArtifact(b); + BlackboardArtifact ba = getDownloadArtifact(origFile, headers, line); + if (ba != null) { + bbartifacts.add(ba); + this.indexArtifact(ba); } } } @@ -498,7 +502,7 @@ final class ExtractEdge extends Extract { /** * Find the location of ESEDatabaseViewer.exe * - * @return Absolute path to ESEDatabaseViewer.exe + * @return Absolute path to ESEDatabaseViewer.exe or null if the file is not found */ private String getPathForESEDumper() { Path path = Paths.get(ESE_TOOL_FOLDER, ESE_TOOL_NAME); @@ -514,25 +518,25 @@ final class ExtractEdge extends Extract { /** * Finds all of the WebCacheV01.dat files in the case * - * @return A list of WebCacheV01.dat files + * @return A list of WebCacheV01.dat files, possibly empty if none are found * @throws TskCoreException */ private List fetchWebCacheDBFiles() throws TskCoreException { org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager(); - return fileManager.findFiles(dataSource, EDGE_WEBCACHE_NAME, "WebCache"); + return fileManager.findFiles(dataSource, EDGE_WEBCACHE_NAME, "WebCache"); //NON-NLS } /** * Finds all of the spartan.edb files in the case * - * @return A list of spartan files + * @return A list of spartan files, possibly empty if none are found * @throws TskCoreException */ private List fetchSpartanDBFiles() throws TskCoreException { org.sleuthkit.autopsy.casemodule.services.FileManager fileManager = currentCase.getServices().getFileManager(); - return fileManager.findFiles(dataSource, EDGE_SPARTAN_NAME, "MicrosoftEdge"); + return fileManager.findFiles(dataSource, EDGE_SPARTAN_NAME, "MicrosoftEdge"); //NON-NLS } /** @@ -555,11 +559,11 @@ final class ExtractEdge extends Extract { List commandLine = new ArrayList<>(); commandLine.add(dumperPath); - commandLine.add("/table"); + commandLine.add("/table"); //NON-NLS commandLine.add(inputFilePath); - commandLine.add("*"); - commandLine.add("/scomma"); - commandLine.add(outputDir + "\\" + "*.csv"); + commandLine.add("*"); //NON-NLS + commandLine.add("/scomma"); //NON-NLS + commandLine.add(outputDir + "\\" + "*.csv"); //NON-NLS ProcessBuilder processBuilder = new ProcessBuilder(commandLine); processBuilder.redirectOutput(outputFilePath.toFile()); @@ -675,7 +679,7 @@ final class ExtractEdge extends Extract { * @param origFile File the table came from ie spartan.edb * @param headers List of table column headers * @param line The line or row of the table to parse - * @return BlackboardArtifact representation of the passed in line\table row + * @return BlackboardArtifact representation of the passed in line\table row or null if no Bookmark is found * @throws TskCoreException */ private BlackboardArtifact getBookmarkArtifact(AbstractFile origFile, List headers, String line) throws TskCoreException { @@ -872,17 +876,17 @@ final class ExtractEdge extends Extract { * Converts a space separated string of hex values to ascii characters. * * @param hexString - * @return "decoded" string + * @return "decoded" string or null if a non-hex value was found */ private String hexToChar(String hexString) { String[] hexValues = hexString.split(" "); StringBuilder output = new StringBuilder(); - for (String s : hexValues) { + for (String str : hexValues) { try { - int i = Integer.parseInt(s, 16); - if (i > 31) { // Ignore non-print characters - output.append((char) i); + int value = Integer.parseInt(str, 16); + if (value > 31) { // Ignore non-print characters + output.append((char) value); } } catch (NumberFormatException ex) { return null; @@ -953,11 +957,11 @@ final class ExtractEdge extends Extract { * * @param resultDir Path to ESEDatabaseViewer output * @param type Type of table files - * @return List of table files + * @return List of table files returns null if no files of that type are found * @throws FileNotFoundException */ private ArrayList getContainerFiles(File resultDir, String type) throws FileNotFoundException { - Hashtable> idTable = getContainerIDTable(resultDir); + HashMap> idTable = getContainerIDTable(resultDir); ArrayList idList = idTable.get(type); if (idList == null) { @@ -965,8 +969,8 @@ final class ExtractEdge extends Extract { } ArrayList fileList = new ArrayList<>(); - for (String s : idList) { - String fileName = EDGE_CONTAINER_FILE_PREFIX + s + EDGE_CONTAINER_FILE_EXT; + for (String str : idList) { + String fileName = EDGE_CONTAINER_FILE_PREFIX + str + EDGE_CONTAINER_FILE_EXT; fileList.add(new File(resultDir, fileName)); } @@ -981,16 +985,16 @@ final class ExtractEdge extends Extract { * files. * * @param resultDir Path to ESEDatabaseViewer output - * @return Hashtable with Key representing the table type, the value is a list of table ids for that type + * @return Hashmap with Key representing the table type, the value is a list of table ids for that type */ - private Hashtable> getContainerIDTable(File resultDir) throws FileNotFoundException { + private HashMap> getContainerIDTable(File resultDir) throws FileNotFoundException { if (containersTable == null) { File containerFile = new File(resultDir, EDGE_CONTAINTERS_FILE_NAME); try (Scanner fileScanner = new Scanner(new FileInputStream(containerFile))) { List headers = null; - containersTable = new Hashtable<>(); + containersTable = new HashMap<>(); int nameIdx = 0; int idIdx = 0; while (fileScanner.hasNext()) {