mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 02:07:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3282 from APriestman/removeGlobalStatus

Browse Source 
Remove global status
This commit is contained in:
Richard Cordovano 2017-12-08 13:41:29 -05:00 committed by GitHub
commit 1ea14b6917
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 22 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.java
View File

@ -433,36 +433,6 @@ public class DataContentViewerOtherCases extends javax.swing.JPanel implements D
return Collections.emptyList();
}
/**
* Get the global file instances matching the given eamArtifact and convert
* them to central repository artifact instances.
*
* @param eamArtifact Artifact to use for ArtifactTypeEnum matching
*
* @return List of central repository artifact instances, empty list if none
* found
*/
public Collection<CorrelationAttributeInstance> getReferenceInstancesAsArtifactInstances(CorrelationAttribute eamArtifact) {
Collection<CorrelationAttributeInstance> eamArtifactInstances = new ArrayList<>();
// FUTURE: support other reference types
if (eamArtifact.getCorrelationType().getId() != CorrelationAttribute.FILES_TYPE_ID) {
return Collections.emptyList();
}
try {
EamDb dbManager = EamDb.getInstance();
Collection<EamGlobalFileInstance> eamGlobalFileInstances = dbManager.getReferenceInstancesByTypeValue(eamArtifact.getCorrelationType(), eamArtifact.getCorrelationValue());
eamGlobalFileInstances.forEach((eamGlobalFileInstance) -> {
eamArtifactInstances.add(new CorrelationAttributeInstance(
null, null, "", eamGlobalFileInstance.getComment(), eamGlobalFileInstance.getKnownStatus(), CorrelationAttributeInstance.GlobalStatus.GLOBAL
));
});
return eamArtifactInstances;
} catch (EamDbException ex) {
LOGGER.log(Level.SEVERE, "Error getting reference instances from database.", ex); // NON-NLS
}
return Collections.emptyList();
}
@Override
public boolean isSupported(Node node) {
if (!EamDb.isEnabled()) {
@ -517,7 +487,6 @@ public class DataContentViewerOtherCases extends javax.swing.JPanel implements D
// get correlation and reference set instances from DB
corAttrInstances.addAll(getCorrelatedInstances(corAttr, dataSourceName, deviceId));
corAttrInstances.addAll(getReferenceInstancesAsArtifactInstances(corAttr));
corAttrInstances.forEach((corAttrInstance) -> {
CorrelationAttribute newCeArtifact = new CorrelationAttribute(

7
Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCasesTableModel.java
View File

@ -36,8 +36,7 @@ public class DataContentViewerOtherCasesTableModel extends AbstractTableModel {
"DataContentViewerOtherCasesTableModel.path=Path",
"DataContentViewerOtherCasesTableModel.type=Correlation Type",
"DataContentViewerOtherCasesTableModel.value=Correlation Value",
"DataContentViewerOtherCasesTableModel.scope=Scope",
"DataContentViewerOtherCasesTableModel.known=Known",
"DataContentViewerOtherCasesTableModel.known=Tagged",
"DataContentViewerOtherCasesTableModel.comment=Comment",
"DataContentViewerOtherCasesTableModel.noData=No Data.",})
enum TableColumns {
@ -48,7 +47,6 @@ public class DataContentViewerOtherCasesTableModel extends AbstractTableModel {
TYPE(Bundle.DataContentViewerOtherCasesTableModel_type(), 100),
VALUE(Bundle.DataContentViewerOtherCasesTableModel_value(), 200),
KNOWN(Bundle.DataContentViewerOtherCasesTableModel_known(), 50),
SCOPE(Bundle.DataContentViewerOtherCasesTableModel_scope(), 50),
FILE_PATH(Bundle.DataContentViewerOtherCasesTableModel_path(), 450),
COMMENT(Bundle.DataContentViewerOtherCasesTableModel_comment(), 200),
DEVICE(Bundle.DataContentViewerOtherCasesTableModel_device(), 250);
@ -156,9 +154,6 @@ public class DataContentViewerOtherCasesTableModel extends AbstractTableModel {
case VALUE:
value = eamArtifact.getCorrelationValue();
break;
case SCOPE:
value = eamArtifactInstance.getGlobalStatus().toString();
break;
case KNOWN:
value = eamArtifactInstance.getKnownStatus().getName();
break;

3
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java
View File

@ -2172,8 +2172,7 @@ public abstract class AbstractSqlEamDb implements EamDb {
new CorrelationDataSource(-1, resultSet.getInt("case_id"), resultSet.getString("device_id"), resultSet.getString("name")),
resultSet.getString("file_path"),
resultSet.getString("comment"),
TskData.FileKnown.valueOf(resultSet.getByte("known_status")),
CorrelationAttributeInstance.GlobalStatus.LOCAL
TskData.FileKnown.valueOf(resultSet.getByte("known_status"))
);
return eamArtifactInstance;

54
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java
View File

@ -28,29 +28,12 @@ import org.sleuthkit.datamodel.TskData;
* CorrelationAttribute. Includes its data source, path, etc.
*
*/
@Messages({"EamArtifactInstances.globalStatus.local=Local",
"EamArtifactInstances.globalStatus.global=Global",
@Messages({
"EamArtifactInstances.knownStatus.bad=Bad",
"EamArtifactInstances.knownStatus.known=Known",
"EamArtifactInstances.knownStatus.unknown=Unknown"})
public class CorrelationAttributeInstance implements Serializable {
public enum GlobalStatus {
LOCAL(Bundle.EamArtifactInstances_globalStatus_local()),
GLOBAL(Bundle.EamArtifactInstances_globalStatus_global());
private final String globalStatus;
private GlobalStatus(String globalStatus) {
this.globalStatus = globalStatus;
}
@Override
public String toString() {
return globalStatus;
}
}
private static final long serialVersionUID = 1L;
private int ID;
@ -59,13 +42,12 @@ public class CorrelationAttributeInstance implements Serializable {
private String filePath;
private String comment;
private TskData.FileKnown knownStatus;
private GlobalStatus globalStatus;
public CorrelationAttributeInstance(
CorrelationCase eamCase,
CorrelationDataSource eamDataSource
) {
this(-1, eamCase, eamDataSource, "", null, TskData.FileKnown.UNKNOWN, GlobalStatus.LOCAL);
this(-1, eamCase, eamDataSource, "", null, TskData.FileKnown.UNKNOWN);
}
public CorrelationAttributeInstance(
@ -73,7 +55,7 @@ public class CorrelationAttributeInstance implements Serializable {
CorrelationDataSource eamDataSource,
String filePath
) {
this(-1, eamCase, eamDataSource, filePath, null, TskData.FileKnown.UNKNOWN, GlobalStatus.LOCAL);
this(-1, eamCase, eamDataSource, filePath, null, TskData.FileKnown.UNKNOWN);
}
public CorrelationAttributeInstance(
@ -82,7 +64,7 @@ public class CorrelationAttributeInstance implements Serializable {
String filePath,
String comment
) {
this(-1, eamCase, eamDataSource, filePath, comment, TskData.FileKnown.UNKNOWN, GlobalStatus.LOCAL);
this(-1, eamCase, eamDataSource, filePath, comment, TskData.FileKnown.UNKNOWN);
}
public CorrelationAttributeInstance(
@ -90,20 +72,18 @@ public class CorrelationAttributeInstance implements Serializable {
CorrelationDataSource eamDataSource,
String filePath,
String comment,
TskData.FileKnown knownStatus,
GlobalStatus globalStatus
TskData.FileKnown knownStatus
) {
this(-1, eamCase, eamDataSource, filePath, comment, knownStatus, globalStatus);
this(-1, eamCase, eamDataSource, filePath, comment, knownStatus);
}
public CorrelationAttributeInstance(
CorrelationAttributeInstance(
int ID,
CorrelationCase eamCase,
CorrelationDataSource eamDataSource,
String filePath,
String comment,
TskData.FileKnown knownStatus,
GlobalStatus globalStatus
TskData.FileKnown knownStatus
) {
this.ID = ID;
this.correlationCase = eamCase;
@ -112,7 +92,6 @@ public class CorrelationAttributeInstance implements Serializable {
this.filePath = filePath.toLowerCase();
this.comment = comment;
this.knownStatus = knownStatus;
this.globalStatus = globalStatus;
}
public Boolean equals(CorrelationAttributeInstance otherInstance) {
@ -120,7 +99,6 @@ public class CorrelationAttributeInstance implements Serializable {
&& (this.getCorrelationCase().equals(otherInstance.getCorrelationCase()))
&& (this.getCorrelationDataSource().equals(otherInstance.getCorrelationDataSource()))
&& (this.getFilePath().equals(otherInstance.getFilePath()))
&& (this.getGlobalStatus().equals(otherInstance.getGlobalStatus()))
&& (this.getKnownStatus().equals(otherInstance.getKnownStatus()))
&& (this.getComment().equals(otherInstance.getComment())));
}
@ -131,7 +109,6 @@ public class CorrelationAttributeInstance implements Serializable {
+ this.getCorrelationCase().getCaseUUID()
+ this.getCorrelationDataSource().getName()
+ this.getFilePath()
+ this.getGlobalStatus()
+ this.getKnownStatus()
+ this.getComment();
}
@ -197,19 +174,4 @@ public class CorrelationAttributeInstance implements Serializable {
public void setKnownStatus(TskData.FileKnown knownStatus) {
this.knownStatus = knownStatus;
}
/**
* @return the globalStatus
*/
public GlobalStatus getGlobalStatus() {
return globalStatus;
}
/**
* @param globalStatus the globalStatus to set
*/
public void setGlobalStatus(GlobalStatus globalStatus) {
this.globalStatus = globalStatus;
}
}

9
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamArtifactUtil.java
View File

@ -105,8 +105,7 @@ public class EamArtifactUtil {
CorrelationDataSource.fromTSKDataSource(correlationCase, bbSourceFile.getDataSource()),
bbSourceFile.getParentPath() + bbSourceFile.getName(),
"",
TskData.FileKnown.UNKNOWN,
CorrelationAttributeInstance.GlobalStatus.LOCAL
TskData.FileKnown.UNKNOWN
);
// add the instance details
@ -227,7 +226,7 @@ public class EamArtifactUtil {
*
* @return The new EamArtifact or null if creation failed
*/
public static CorrelationAttribute getEamArtifactFromContent(Content content, TskData.FileKnown knownStatus, String comment) {
public static CorrelationAttribute getCorrelationAttributeFromContent(Content content, TskData.FileKnown knownStatus, String comment) {
if (!(content instanceof AbstractFile)) {
return null;
@ -241,6 +240,7 @@ public class EamArtifactUtil {
// We need a hash to make the artifact
String md5 = af.getMd5Hash();
// @@@ Should also check for empty data hash
if (md5 == null || md5.isEmpty()) {
return null;
}
@ -258,8 +258,7 @@ public class EamArtifactUtil {
CorrelationDataSource.fromTSKDataSource(correlationCase, af.getDataSource()),
af.getParentPath() + af.getName(),
comment,
TskData.FileKnown.BAD,
CorrelationAttributeInstance.GlobalStatus.LOCAL
knownStatus
);
eamArtifact.addInstance(cei);
return eamArtifact;

4
Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java
View File

@ -191,7 +191,7 @@ final class CaseEventListener implements PropertyChangeListener {
}
}
final CorrelationAttribute eamArtifact = EamArtifactUtil.getEamArtifactFromContent(af,
final CorrelationAttribute eamArtifact = EamArtifactUtil.getCorrelationAttributeFromContent(af,
knownStatus, comment);
if (eamArtifact != null) {
@ -394,7 +394,7 @@ final class CaseEventListener implements PropertyChangeListener {
}
//if the file will have no tags with a status which would prevent the current status from being changed
if (!hasTagWithConflictingKnownStatus) {
final CorrelationAttribute eamArtifact = EamArtifactUtil.getEamArtifactFromContent(contentTag.getContent(),
final CorrelationAttribute eamArtifact = EamArtifactUtil.getCorrelationAttributeFromContent(contentTag.getContent(),
tagName.getKnownStatus(), "");
if (eamArtifact != null) {
EamDb.getInstance().setArtifactInstanceKnownStatus(eamArtifact, tagName.getKnownStatus());

14
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
View File

@ -104,22 +104,21 @@ class IngestModule implements FileIngestModule {
return ProcessResult.OK;
}
// If unknown to both the hash module and as a globally known artifact in the EAM DB, correlate to other cases
if (af.getKnown() == TskData.FileKnown.UNKNOWN) {
// query db for artifact instances having this MD5 and knownStatus = "Bad".
/* Search the central repo to see if this file was previously
* marked as being bad. Create artifact if it was. */
if (af.getKnown() != TskData.FileKnown.KNOWN) {
try {
// if af.getKnown() is "UNKNOWN" and this artifact instance was marked bad in a previous case,
// create TSK_INTERESTING_FILE artifact on BB.
List<String> caseDisplayNames = dbManager.getListCasesHavingArtifactInstancesKnownBad(filesType, md5);
if (!caseDisplayNames.isEmpty()) {
postCorrelatedBadFileToBlackboard(af, caseDisplayNames);
}
} catch (EamDbException ex) {
LOGGER.log(Level.SEVERE, "Error counting notable artifacts.", ex); // NON-NLS
LOGGER.log(Level.SEVERE, "Error searching database for artifact.", ex); // NON-NLS
return ProcessResult.ERROR;
}
}
// insert this file into the central repository
try {
CorrelationAttribute eamArtifact = new CorrelationAttribute(filesType, md5);
CorrelationAttributeInstance cefi = new CorrelationAttributeInstance(
@ -127,8 +126,7 @@ class IngestModule implements FileIngestModule {
eamDataSource,
af.getParentPath() + af.getName(),
null,
TskData.FileKnown.UNKNOWN,
CorrelationAttributeInstance.GlobalStatus.LOCAL
TskData.FileKnown.UNKNOWN // NOTE: Known status in the CR is based on tagging, not hashes like the Case Database.
);
eamArtifact.addInstance(cefi);
dbManager.prepareBulkArtifact(eamArtifact);