mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-17 18:17:43 +00:00
Merge pull request #3282 from APriestman/removeGlobalStatus
Remove global status
This commit is contained in:
Richard Cordovano
GitHub
commit
1ea14b6917
@ -433,36 +433,6 @@ public class DataContentViewerOtherCases extends javax.swing.JPanel implements D
|
|||||||
return Collections.emptyList();
|
return Collections.emptyList();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Get the global file instances matching the given eamArtifact and convert
|
|
||||||
* them to central repository artifact instances.
|
|
||||||
*
|
|
||||||
* @param eamArtifact Artifact to use for ArtifactTypeEnum matching
|
|
||||||
*
|
|
||||||
* @return List of central repository artifact instances, empty list if none
|
|
||||||
* found
|
|
||||||
*/
|
|
||||||
public Collection<CorrelationAttributeInstance> getReferenceInstancesAsArtifactInstances(CorrelationAttribute eamArtifact) {
|
|
||||||
Collection<CorrelationAttributeInstance> eamArtifactInstances = new ArrayList<>();
|
|
||||||
// FUTURE: support other reference types
|
|
||||||
if (eamArtifact.getCorrelationType().getId() != CorrelationAttribute.FILES_TYPE_ID) {
|
|
||||||
return Collections.emptyList();
|
|
||||||
}
|
|
||||||
try {
|
|
||||||
EamDb dbManager = EamDb.getInstance();
|
|
||||||
Collection<EamGlobalFileInstance> eamGlobalFileInstances = dbManager.getReferenceInstancesByTypeValue(eamArtifact.getCorrelationType(), eamArtifact.getCorrelationValue());
|
|
||||||
eamGlobalFileInstances.forEach((eamGlobalFileInstance) -> {
|
|
||||||
eamArtifactInstances.add(new CorrelationAttributeInstance(
|
|
||||||
null, null, "", eamGlobalFileInstance.getComment(), eamGlobalFileInstance.getKnownStatus(), CorrelationAttributeInstance.GlobalStatus.GLOBAL
|
|
||||||
));
|
|
||||||
});
|
|
||||||
return eamArtifactInstances;
|
|
||||||
} catch (EamDbException ex) {
|
|
||||||
LOGGER.log(Level.SEVERE, "Error getting reference instances from database.", ex); // NON-NLS
|
|
||||||
}
|
|
||||||
return Collections.emptyList();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isSupported(Node node) {
|
public boolean isSupported(Node node) {
|
||||||
if (!EamDb.isEnabled()) {
|
if (!EamDb.isEnabled()) {
|
||||||
@ -517,7 +487,6 @@ public class DataContentViewerOtherCases extends javax.swing.JPanel implements D
|
|||||||
|
|
||||||
// get correlation and reference set instances from DB
|
// get correlation and reference set instances from DB
|
||||||
corAttrInstances.addAll(getCorrelatedInstances(corAttr, dataSourceName, deviceId));
|
corAttrInstances.addAll(getCorrelatedInstances(corAttr, dataSourceName, deviceId));
|
||||||
corAttrInstances.addAll(getReferenceInstancesAsArtifactInstances(corAttr));
|
|
||||||
|
|
||||||
corAttrInstances.forEach((corAttrInstance) -> {
|
corAttrInstances.forEach((corAttrInstance) -> {
|
||||||
CorrelationAttribute newCeArtifact = new CorrelationAttribute(
|
CorrelationAttribute newCeArtifact = new CorrelationAttribute(
|
||||||
|
|||||||
@ -36,8 +36,7 @@ public class DataContentViewerOtherCasesTableModel extends AbstractTableModel {
|
|||||||
"DataContentViewerOtherCasesTableModel.path=Path",
|
"DataContentViewerOtherCasesTableModel.path=Path",
|
||||||
"DataContentViewerOtherCasesTableModel.type=Correlation Type",
|
"DataContentViewerOtherCasesTableModel.type=Correlation Type",
|
||||||
"DataContentViewerOtherCasesTableModel.value=Correlation Value",
|
"DataContentViewerOtherCasesTableModel.value=Correlation Value",
|
||||||
"DataContentViewerOtherCasesTableModel.scope=Scope",
|
"DataContentViewerOtherCasesTableModel.known=Tagged",
|
||||||
"DataContentViewerOtherCasesTableModel.known=Known",
|
|
||||||
"DataContentViewerOtherCasesTableModel.comment=Comment",
|
"DataContentViewerOtherCasesTableModel.comment=Comment",
|
||||||
"DataContentViewerOtherCasesTableModel.noData=No Data.",})
|
"DataContentViewerOtherCasesTableModel.noData=No Data.",})
|
||||||
enum TableColumns {
|
enum TableColumns {
|
||||||
@ -48,7 +47,6 @@ public class DataContentViewerOtherCasesTableModel extends AbstractTableModel {
|
|||||||
TYPE(Bundle.DataContentViewerOtherCasesTableModel_type(), 100),
|
TYPE(Bundle.DataContentViewerOtherCasesTableModel_type(), 100),
|
||||||
VALUE(Bundle.DataContentViewerOtherCasesTableModel_value(), 200),
|
VALUE(Bundle.DataContentViewerOtherCasesTableModel_value(), 200),
|
||||||
KNOWN(Bundle.DataContentViewerOtherCasesTableModel_known(), 50),
|
KNOWN(Bundle.DataContentViewerOtherCasesTableModel_known(), 50),
|
||||||
SCOPE(Bundle.DataContentViewerOtherCasesTableModel_scope(), 50),
|
|
||||||
FILE_PATH(Bundle.DataContentViewerOtherCasesTableModel_path(), 450),
|
FILE_PATH(Bundle.DataContentViewerOtherCasesTableModel_path(), 450),
|
||||||
COMMENT(Bundle.DataContentViewerOtherCasesTableModel_comment(), 200),
|
COMMENT(Bundle.DataContentViewerOtherCasesTableModel_comment(), 200),
|
||||||
DEVICE(Bundle.DataContentViewerOtherCasesTableModel_device(), 250);
|
DEVICE(Bundle.DataContentViewerOtherCasesTableModel_device(), 250);
|
||||||
@ -156,9 +154,6 @@ public class DataContentViewerOtherCasesTableModel extends AbstractTableModel {
|
|||||||
case VALUE:
|
case VALUE:
|
||||||
value = eamArtifact.getCorrelationValue();
|
value = eamArtifact.getCorrelationValue();
|
||||||
break;
|
break;
|
||||||
case SCOPE:
|
|
||||||
value = eamArtifactInstance.getGlobalStatus().toString();
|
|
||||||
break;
|
|
||||||
case KNOWN:
|
case KNOWN:
|
||||||
value = eamArtifactInstance.getKnownStatus().getName();
|
value = eamArtifactInstance.getKnownStatus().getName();
|
||||||
break;
|
break;
|
||||||
|
|||||||
@ -2172,8 +2172,7 @@ public abstract class AbstractSqlEamDb implements EamDb {
|
|||||||
new CorrelationDataSource(-1, resultSet.getInt("case_id"), resultSet.getString("device_id"), resultSet.getString("name")),
|
new CorrelationDataSource(-1, resultSet.getInt("case_id"), resultSet.getString("device_id"), resultSet.getString("name")),
|
||||||
resultSet.getString("file_path"),
|
resultSet.getString("file_path"),
|
||||||
resultSet.getString("comment"),
|
resultSet.getString("comment"),
|
||||||
TskData.FileKnown.valueOf(resultSet.getByte("known_status")),
|
TskData.FileKnown.valueOf(resultSet.getByte("known_status"))
|
||||||
CorrelationAttributeInstance.GlobalStatus.LOCAL
|
|
||||||
);
|
);
|
||||||
|
|
||||||
return eamArtifactInstance;
|
return eamArtifactInstance;
|
||||||
|
|||||||
@ -28,29 +28,12 @@ import org.sleuthkit.datamodel.TskData;
|
|||||||
* CorrelationAttribute. Includes its data source, path, etc.
|
* CorrelationAttribute. Includes its data source, path, etc.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
@Messages({"EamArtifactInstances.globalStatus.local=Local",
|
@Messages({
|
||||||
"EamArtifactInstances.globalStatus.global=Global",
|
|
||||||
"EamArtifactInstances.knownStatus.bad=Bad",
|
"EamArtifactInstances.knownStatus.bad=Bad",
|
||||||
"EamArtifactInstances.knownStatus.known=Known",
|
"EamArtifactInstances.knownStatus.known=Known",
|
||||||
"EamArtifactInstances.knownStatus.unknown=Unknown"})
|
"EamArtifactInstances.knownStatus.unknown=Unknown"})
|
||||||
public class CorrelationAttributeInstance implements Serializable {
|
public class CorrelationAttributeInstance implements Serializable {
|
||||||
|
|
||||||
public enum GlobalStatus {
|
|
||||||
LOCAL(Bundle.EamArtifactInstances_globalStatus_local()),
|
|
||||||
GLOBAL(Bundle.EamArtifactInstances_globalStatus_global());
|
|
||||||
|
|
||||||
private final String globalStatus;
|
|
||||||
|
|
||||||
private GlobalStatus(String globalStatus) {
|
|
||||||
this.globalStatus = globalStatus;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public String toString() {
|
|
||||||
return globalStatus;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static final long serialVersionUID = 1L;
|
private static final long serialVersionUID = 1L;
|
||||||
|
|
||||||
private int ID;
|
private int ID;
|
||||||
@ -59,13 +42,12 @@ public class CorrelationAttributeInstance implements Serializable {
|
|||||||
private String filePath;
|
private String filePath;
|
||||||
private String comment;
|
private String comment;
|
||||||
private TskData.FileKnown knownStatus;
|
private TskData.FileKnown knownStatus;
|
||||||
private GlobalStatus globalStatus;
|
|
||||||
|
|
||||||
public CorrelationAttributeInstance(
|
public CorrelationAttributeInstance(
|
||||||
CorrelationCase eamCase,
|
CorrelationCase eamCase,
|
||||||
CorrelationDataSource eamDataSource
|
CorrelationDataSource eamDataSource
|
||||||
) {
|
) {
|
||||||
this(-1, eamCase, eamDataSource, "", null, TskData.FileKnown.UNKNOWN, GlobalStatus.LOCAL);
|
this(-1, eamCase, eamDataSource, "", null, TskData.FileKnown.UNKNOWN);
|
||||||
}
|
}
|
||||||
|
|
||||||
public CorrelationAttributeInstance(
|
public CorrelationAttributeInstance(
|
||||||
@ -73,7 +55,7 @@ public class CorrelationAttributeInstance implements Serializable {
|
|||||||
CorrelationDataSource eamDataSource,
|
CorrelationDataSource eamDataSource,
|
||||||
String filePath
|
String filePath
|
||||||
) {
|
) {
|
||||||
this(-1, eamCase, eamDataSource, filePath, null, TskData.FileKnown.UNKNOWN, GlobalStatus.LOCAL);
|
this(-1, eamCase, eamDataSource, filePath, null, TskData.FileKnown.UNKNOWN);
|
||||||
}
|
}
|
||||||
|
|
||||||
public CorrelationAttributeInstance(
|
public CorrelationAttributeInstance(
|
||||||
@ -82,7 +64,7 @@ public class CorrelationAttributeInstance implements Serializable {
|
|||||||
String filePath,
|
String filePath,
|
||||||
String comment
|
String comment
|
||||||
) {
|
) {
|
||||||
this(-1, eamCase, eamDataSource, filePath, comment, TskData.FileKnown.UNKNOWN, GlobalStatus.LOCAL);
|
this(-1, eamCase, eamDataSource, filePath, comment, TskData.FileKnown.UNKNOWN);
|
||||||
}
|
}
|
||||||
|
|
||||||
public CorrelationAttributeInstance(
|
public CorrelationAttributeInstance(
|
||||||
@ -90,20 +72,18 @@ public class CorrelationAttributeInstance implements Serializable {
|
|||||||
CorrelationDataSource eamDataSource,
|
CorrelationDataSource eamDataSource,
|
||||||
String filePath,
|
String filePath,
|
||||||
String comment,
|
String comment,
|
||||||
TskData.FileKnown knownStatus,
|
TskData.FileKnown knownStatus
|
||||||
GlobalStatus globalStatus
|
|
||||||
) {
|
) {
|
||||||
this(-1, eamCase, eamDataSource, filePath, comment, knownStatus, globalStatus);
|
this(-1, eamCase, eamDataSource, filePath, comment, knownStatus);
|
||||||
}
|
}
|
||||||
|
|
||||||
public CorrelationAttributeInstance(
|
CorrelationAttributeInstance(
|
||||||
int ID,
|
int ID,
|
||||||
CorrelationCase eamCase,
|
CorrelationCase eamCase,
|
||||||
CorrelationDataSource eamDataSource,
|
CorrelationDataSource eamDataSource,
|
||||||
String filePath,
|
String filePath,
|
||||||
String comment,
|
String comment,
|
||||||
TskData.FileKnown knownStatus,
|
TskData.FileKnown knownStatus
|
||||||
GlobalStatus globalStatus
|
|
||||||
) {
|
) {
|
||||||
this.ID = ID;
|
this.ID = ID;
|
||||||
this.correlationCase = eamCase;
|
this.correlationCase = eamCase;
|
||||||
@ -112,7 +92,6 @@ public class CorrelationAttributeInstance implements Serializable {
|
|||||||
this.filePath = filePath.toLowerCase();
|
this.filePath = filePath.toLowerCase();
|
||||||
this.comment = comment;
|
this.comment = comment;
|
||||||
this.knownStatus = knownStatus;
|
this.knownStatus = knownStatus;
|
||||||
this.globalStatus = globalStatus;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public Boolean equals(CorrelationAttributeInstance otherInstance) {
|
public Boolean equals(CorrelationAttributeInstance otherInstance) {
|
||||||
@ -120,7 +99,6 @@ public class CorrelationAttributeInstance implements Serializable {
|
|||||||
&& (this.getCorrelationCase().equals(otherInstance.getCorrelationCase()))
|
&& (this.getCorrelationCase().equals(otherInstance.getCorrelationCase()))
|
||||||
&& (this.getCorrelationDataSource().equals(otherInstance.getCorrelationDataSource()))
|
&& (this.getCorrelationDataSource().equals(otherInstance.getCorrelationDataSource()))
|
||||||
&& (this.getFilePath().equals(otherInstance.getFilePath()))
|
&& (this.getFilePath().equals(otherInstance.getFilePath()))
|
||||||
&& (this.getGlobalStatus().equals(otherInstance.getGlobalStatus()))
|
|
||||||
&& (this.getKnownStatus().equals(otherInstance.getKnownStatus()))
|
&& (this.getKnownStatus().equals(otherInstance.getKnownStatus()))
|
||||||
&& (this.getComment().equals(otherInstance.getComment())));
|
&& (this.getComment().equals(otherInstance.getComment())));
|
||||||
}
|
}
|
||||||
@ -131,7 +109,6 @@ public class CorrelationAttributeInstance implements Serializable {
|
|||||||
+ this.getCorrelationCase().getCaseUUID()
|
+ this.getCorrelationCase().getCaseUUID()
|
||||||
+ this.getCorrelationDataSource().getName()
|
+ this.getCorrelationDataSource().getName()
|
||||||
+ this.getFilePath()
|
+ this.getFilePath()
|
||||||
+ this.getGlobalStatus()
|
|
||||||
+ this.getKnownStatus()
|
+ this.getKnownStatus()
|
||||||
+ this.getComment();
|
+ this.getComment();
|
||||||
}
|
}
|
||||||
@ -197,19 +174,4 @@ public class CorrelationAttributeInstance implements Serializable {
|
|||||||
public void setKnownStatus(TskData.FileKnown knownStatus) {
|
public void setKnownStatus(TskData.FileKnown knownStatus) {
|
||||||
this.knownStatus = knownStatus;
|
this.knownStatus = knownStatus;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @return the globalStatus
|
|
||||||
*/
|
|
||||||
public GlobalStatus getGlobalStatus() {
|
|
||||||
return globalStatus;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @param globalStatus the globalStatus to set
|
|
||||||
*/
|
|
||||||
public void setGlobalStatus(GlobalStatus globalStatus) {
|
|
||||||
this.globalStatus = globalStatus;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -105,8 +105,7 @@ public class EamArtifactUtil {
|
|||||||
CorrelationDataSource.fromTSKDataSource(correlationCase, bbSourceFile.getDataSource()),
|
CorrelationDataSource.fromTSKDataSource(correlationCase, bbSourceFile.getDataSource()),
|
||||||
bbSourceFile.getParentPath() + bbSourceFile.getName(),
|
bbSourceFile.getParentPath() + bbSourceFile.getName(),
|
||||||
"",
|
"",
|
||||||
TskData.FileKnown.UNKNOWN,
|
TskData.FileKnown.UNKNOWN
|
||||||
CorrelationAttributeInstance.GlobalStatus.LOCAL
|
|
||||||
);
|
);
|
||||||
|
|
||||||
// add the instance details
|
// add the instance details
|
||||||
@ -227,7 +226,7 @@ public class EamArtifactUtil {
|
|||||||
*
|
*
|
||||||
* @return The new EamArtifact or null if creation failed
|
* @return The new EamArtifact or null if creation failed
|
||||||
*/
|
*/
|
||||||
public static CorrelationAttribute getEamArtifactFromContent(Content content, TskData.FileKnown knownStatus, String comment) {
|
public static CorrelationAttribute getCorrelationAttributeFromContent(Content content, TskData.FileKnown knownStatus, String comment) {
|
||||||
|
|
||||||
if (!(content instanceof AbstractFile)) {
|
if (!(content instanceof AbstractFile)) {
|
||||||
return null;
|
return null;
|
||||||
@ -241,6 +240,7 @@ public class EamArtifactUtil {
|
|||||||
|
|
||||||
// We need a hash to make the artifact
|
// We need a hash to make the artifact
|
||||||
String md5 = af.getMd5Hash();
|
String md5 = af.getMd5Hash();
|
||||||
|
// @@@ Should also check for empty data hash
|
||||||
if (md5 == null || md5.isEmpty()) {
|
if (md5 == null || md5.isEmpty()) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
@ -258,8 +258,7 @@ public class EamArtifactUtil {
|
|||||||
CorrelationDataSource.fromTSKDataSource(correlationCase, af.getDataSource()),
|
CorrelationDataSource.fromTSKDataSource(correlationCase, af.getDataSource()),
|
||||||
af.getParentPath() + af.getName(),
|
af.getParentPath() + af.getName(),
|
||||||
comment,
|
comment,
|
||||||
TskData.FileKnown.BAD,
|
knownStatus
|
||||||
CorrelationAttributeInstance.GlobalStatus.LOCAL
|
|
||||||
);
|
);
|
||||||
eamArtifact.addInstance(cei);
|
eamArtifact.addInstance(cei);
|
||||||
return eamArtifact;
|
return eamArtifact;
|
||||||
|
|||||||
@ -191,7 +191,7 @@ final class CaseEventListener implements PropertyChangeListener {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
final CorrelationAttribute eamArtifact = EamArtifactUtil.getEamArtifactFromContent(af,
|
final CorrelationAttribute eamArtifact = EamArtifactUtil.getCorrelationAttributeFromContent(af,
|
||||||
knownStatus, comment);
|
knownStatus, comment);
|
||||||
|
|
||||||
if (eamArtifact != null) {
|
if (eamArtifact != null) {
|
||||||
@ -394,7 +394,7 @@ final class CaseEventListener implements PropertyChangeListener {
|
|||||||
}
|
}
|
||||||
//if the file will have no tags with a status which would prevent the current status from being changed
|
//if the file will have no tags with a status which would prevent the current status from being changed
|
||||||
if (!hasTagWithConflictingKnownStatus) {
|
if (!hasTagWithConflictingKnownStatus) {
|
||||||
final CorrelationAttribute eamArtifact = EamArtifactUtil.getEamArtifactFromContent(contentTag.getContent(),
|
final CorrelationAttribute eamArtifact = EamArtifactUtil.getCorrelationAttributeFromContent(contentTag.getContent(),
|
||||||
tagName.getKnownStatus(), "");
|
tagName.getKnownStatus(), "");
|
||||||
if (eamArtifact != null) {
|
if (eamArtifact != null) {
|
||||||
EamDb.getInstance().setArtifactInstanceKnownStatus(eamArtifact, tagName.getKnownStatus());
|
EamDb.getInstance().setArtifactInstanceKnownStatus(eamArtifact, tagName.getKnownStatus());
|
||||||
|
|||||||
@ -104,22 +104,21 @@ class IngestModule implements FileIngestModule {
|
|||||||
return ProcessResult.OK;
|
return ProcessResult.OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
// If unknown to both the hash module and as a globally known artifact in the EAM DB, correlate to other cases
|
/* Search the central repo to see if this file was previously
|
||||||
if (af.getKnown() == TskData.FileKnown.UNKNOWN) {
|
* marked as being bad. Create artifact if it was. */
|
||||||
// query db for artifact instances having this MD5 and knownStatus = "Bad".
|
if (af.getKnown() != TskData.FileKnown.KNOWN) {
|
||||||
try {
|
try {
|
||||||
// if af.getKnown() is "UNKNOWN" and this artifact instance was marked bad in a previous case,
|
|
||||||
// create TSK_INTERESTING_FILE artifact on BB.
|
|
||||||
List<String> caseDisplayNames = dbManager.getListCasesHavingArtifactInstancesKnownBad(filesType, md5);
|
List<String> caseDisplayNames = dbManager.getListCasesHavingArtifactInstancesKnownBad(filesType, md5);
|
||||||
if (!caseDisplayNames.isEmpty()) {
|
if (!caseDisplayNames.isEmpty()) {
|
||||||
postCorrelatedBadFileToBlackboard(af, caseDisplayNames);
|
postCorrelatedBadFileToBlackboard(af, caseDisplayNames);
|
||||||
}
|
}
|
||||||
} catch (EamDbException ex) {
|
} catch (EamDbException ex) {
|
||||||
LOGGER.log(Level.SEVERE, "Error counting notable artifacts.", ex); // NON-NLS
|
LOGGER.log(Level.SEVERE, "Error searching database for artifact.", ex); // NON-NLS
|
||||||
return ProcessResult.ERROR;
|
return ProcessResult.ERROR;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// insert this file into the central repository
|
||||||
try {
|
try {
|
||||||
CorrelationAttribute eamArtifact = new CorrelationAttribute(filesType, md5);
|
CorrelationAttribute eamArtifact = new CorrelationAttribute(filesType, md5);
|
||||||
CorrelationAttributeInstance cefi = new CorrelationAttributeInstance(
|
CorrelationAttributeInstance cefi = new CorrelationAttributeInstance(
|
||||||
@ -127,8 +126,7 @@ class IngestModule implements FileIngestModule {
|
|||||||
eamDataSource,
|
eamDataSource,
|
||||||
af.getParentPath() + af.getName(),
|
af.getParentPath() + af.getName(),
|
||||||
null,
|
null,
|
||||||
TskData.FileKnown.UNKNOWN,
|
TskData.FileKnown.UNKNOWN // NOTE: Known status in the CR is based on tagging, not hashes like the Case Database.
|
||||||
CorrelationAttributeInstance.GlobalStatus.LOCAL
|
|
||||||
);
|
);
|
||||||
eamArtifact.addInstance(cefi);
|
eamArtifact.addInstance(cefi);
|
||||||
dbManager.prepareBulkArtifact(eamArtifact);
|
dbManager.prepareBulkArtifact(eamArtifact);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user