From 42e072dba27d4209513271e31dcbcae72b3142a9 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 13 Jan 2021 09:43:27 -0500 Subject: [PATCH 1/6] error handling --- .../leappanalyzers/LeappFileProcessor.java | 281 ++++++++++++++---- 1 file changed, 217 insertions(+), 64 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java index 9f7418f8f9..57cc3e6212 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java @@ -39,11 +39,14 @@ import static java.util.Locale.US; import java.util.Map; import java.util.logging.Level; import java.util.stream.Collectors; +import java.util.stream.IntStream; import java.util.stream.Stream; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; +import org.apache.commons.collections4.MapUtils; import org.apache.commons.io.FilenameUtils; +import org.apache.commons.lang.StringUtils; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; @@ -69,6 +72,52 @@ import org.xml.sax.SAXException; */ public final class LeappFileProcessor { + /** + * Represents metadata for a particular column in a tsv file. + */ + private static class TsvColumn { + + private final String attributeName; + private final String columnName; + private final boolean required; + + /** + * Main constructor. + * + * @param attributeName The BlackboardAttribute name or null if not + * used. + * @param columnName The name of the column in the tsv file. + * @param required Whether or not this attribute is required to be + * present. + */ + TsvColumn(String attributeName, String columnName, boolean required) { + this.attributeName = attributeName; + this.columnName = columnName; + this.required = required; + } + + /** + * @return The BlackboardAttribute name or null if not used. + */ + String getAttributeName() { + return attributeName; + } + + /** + * @return The name of the column in the tsv file. + */ + String getColumnName() { + return columnName; + } + + /** + * @return Whether or not this attribute is required to be present. + */ + boolean isRequired() { + return required; + } + } + private static final Logger logger = Logger.getLogger(LeappFileProcessor.class.getName()); private static final String MODULE_NAME = ILeappAnalyzerModuleFactory.getModuleName(); @@ -77,7 +126,7 @@ public final class LeappFileProcessor { private final Map tsvFiles; private final Map tsvFileArtifacts; private final Map tsvFileArtifactComments; - private final Map>> tsvFileAttributes; + private final Map> tsvFileAttributes; Blackboard blkBoard; @@ -104,9 +153,7 @@ public final class LeappFileProcessor { "LeappFileProcessor.Leapp.cancelled=Leapp run was canceled", "LeappFileProcessor.completed=Leapp Processing Completed", "LeappFileProcessor.error.reading.Leapp.directory=Error reading Leapp Output Directory"}) - public ProcessResult processFiles(Content dataSource, Path moduleOutputPath, AbstractFile LeappFile) { - try { List LeappTsvOutputFiles = findTsvFiles(moduleOutputPath); processLeappFiles(LeappTsvOutputFiles, LeappFile); @@ -123,7 +170,7 @@ public final class LeappFileProcessor { try { List LeappTsvOutputFiles = findTsvFiles(moduleOutputPath); processLeappFiles(LeappTsvOutputFiles, dataSource); - } catch (IOException | IngestModuleException ex) { + } catch (IngestModuleException ex) { logger.log(Level.SEVERE, String.format("Error trying to process Leapp output files in directory %s. ", moduleOutputPath.toString()), ex); //NON-NLS return ProcessResult.ERROR; } @@ -162,7 +209,7 @@ public final class LeappFileProcessor { * Process the Leapp files that were found that match the xml mapping file * * @param LeappFilesToProcess List of files to process - * @param LeappImageFile Abstract file to create artifact for + * @param LeappImageFile Abstract file to create artifact for * * @throws FileNotFoundException * @throws IOException @@ -174,7 +221,7 @@ public final class LeappFileProcessor { String fileName = FilenameUtils.getName(LeappFileName); File LeappFile = new File(LeappFileName); if (tsvFileAttributes.containsKey(fileName)) { - List> attrList = tsvFileAttributes.get(fileName); + List attrList = tsvFileAttributes.get(fileName); try { BlackboardArtifact.Type artifactType = Case.getCurrentCase().getSleuthkitCase().getArtifactType(tsvFileArtifacts.get(fileName)); @@ -197,26 +244,34 @@ public final class LeappFileProcessor { * Process the Leapp files that were found that match the xml mapping file * * @param LeappFilesToProcess List of files to process - * @param dataSource The data source. + * @param dataSource The data source. * * @throws FileNotFoundException * @throws IOException */ - private void processLeappFiles(List LeappFilesToProcess, Content dataSource) throws FileNotFoundException, IOException, IngestModuleException { + private void processLeappFiles(List LeappFilesToProcess, Content dataSource) throws IngestModuleException { List bbartifacts = new ArrayList<>(); for (String LeappFileName : LeappFilesToProcess) { String fileName = FilenameUtils.getName(LeappFileName); File LeappFile = new File(LeappFileName); if (tsvFileAttributes.containsKey(fileName)) { - List> attrList = tsvFileAttributes.get(fileName); + List attrList = tsvFileAttributes.get(fileName); + BlackboardArtifact.Type artifactType = null; try { - BlackboardArtifact.Type artifactType = Case.getCurrentCase().getSleuthkitCase().getArtifactType(tsvFileArtifacts.get(fileName)); - - processFile(LeappFile, attrList, fileName, artifactType, bbartifacts, dataSource); - + artifactType = Case.getCurrentCase().getSleuthkitCase().getArtifactType(tsvFileArtifacts.get(fileName)); } catch (TskCoreException ex) { - throw new IngestModuleException(String.format("Error getting Blackboard Artifact Type for %s", tsvFileArtifacts.get(fileName)), ex); + logger.log(Level.SEVERE, String.format("Error getting Blackboard Artifact Type for %s", tsvFileArtifacts.get(fileName)), ex); + } + + if (artifactType == null) { + continue; + } + + try { + processFile(LeappFile, attrList, fileName, artifactType, bbartifacts, dataSource); + } catch (TskCoreException | IOException ex) { + logger.log(Level.SEVERE, String.format("Error processing file at %s", LeappFile.toString()), ex); } } @@ -228,26 +283,34 @@ public final class LeappFileProcessor { } - private void processFile(File LeappFile, List> attrList, String fileName, BlackboardArtifact.Type artifactType, + private void processFile(File LeappFile, List attrList, String fileName, BlackboardArtifact.Type artifactType, List bbartifacts, Content dataSource) throws FileNotFoundException, IOException, IngestModuleException, TskCoreException { + + if (LeappFile == null || !LeappFile.exists() || fileName == null) { + logger.log(Level.SEVERE, String.format("Leap file: %s is null or does not exist", LeappFile == null ? LeappFile.toString() : "")); + return; + } else if (attrList == null || artifactType == null || dataSource == null) { + logger.log(Level.SEVERE, String.format("attribute list, artifact type or dataSource not provided for %s", LeappFile == null ? LeappFile.toString() : "")); + return; + } + try (BufferedReader reader = new BufferedReader(new FileReader(LeappFile))) { - String line = reader.readLine(); + String header = reader.readLine(); // Check first line, if it is null then no heading so nothing to match to, close and go to next file. - if (line != null) { - Map columnNumberToProcess = findColumnsToProcess(line, attrList); - line = reader.readLine(); + if (header != null) { + Map columnNumberToProcess = findColumnsToProcess(fileName, header, attrList); + String line = reader.readLine(); while (line != null) { Collection bbattributes = processReadLine(line, columnNumberToProcess, fileName); - if (artifactType == null) { - logger.log(Level.SEVERE, "Error trying to process Leapp output files in directory . "); //NON-NLS - } + if (!bbattributes.isEmpty() && !blkBoard.artifactExists(dataSource, BlackboardArtifact.ARTIFACT_TYPE.fromID(artifactType.getTypeID()), bbattributes)) { BlackboardArtifact bbartifact = createArtifactWithAttributes(artifactType.getTypeID(), dataSource, bbattributes); if (bbartifact != null) { bbartifacts.add(bbartifact); } } + line = reader.readLine(); } } @@ -258,16 +321,22 @@ public final class LeappFileProcessor { /** * Process the line read and create the necessary attributes for it * - * @param line a tsv line to process that was read + * @param line a tsv line to process that was read * @param columnNumberToProcess Which columns to process in the tsv line - * @param fileName name of file begin processed + * @param fileName name of file begin processed * * @return */ private Collection processReadLine(String line, Map columnNumberToProcess, String fileName) throws IngestModuleException { - + if (MapUtils.isEmpty(columnNumberToProcess)) { + return Collections.emptyList(); + } else if (line == null) { + logger.log(Level.SEVERE, "Line is null. Returning empty list for attributes."); + return Collections.emptyList(); + } + String[] columnValues; - + // Check to see if the 2 values are equal, they may not be equal if there is no corresponding data in the line. // If this happens then adding an empty value(s) for each columnValue where data does not exist Integer maxColumnNumber = Collections.max(columnNumberToProcess.keySet()); @@ -286,7 +355,7 @@ public final class LeappFileProcessor { try { BlackboardAttribute.Type attributeType = Case.getCurrentCase().getSleuthkitCase().getAttributeType(attributeName.toUpperCase()); if (attributeType == null) { - break; + continue; } String attrType = attributeType.getValueType().getLabel().toUpperCase(); checkAttributeType(bbattributes, attrType, columnValues, columnNumber, attributeType, fileName); @@ -303,34 +372,60 @@ public final class LeappFileProcessor { } - private void checkAttributeType(Collection bbattributes, String attrType, String[] columnValues, Integer columnNumber, BlackboardAttribute.Type attributeType, + private void checkAttributeType(Collection bbattributes, String attrType, String[] columnValues, int columnNumber, BlackboardAttribute.Type attributeType, String fileName) { + + if (columnValues == null || columnNumber < 0 || columnNumber > columnValues.length || columnValues[columnNumber] == null) { + logger.log(Level.SEVERE, String.format("Unable to determine column value at index %d in columnValues: %s", + columnNumber, + columnValues == null ? "" : "[" + String.join(", ", columnValues) + "]")); + return; + } + + String columnValue = columnValues[columnNumber]; + if (attrType.matches("STRING")) { - bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, columnValues[columnNumber])); + bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, columnValue)); } else if (attrType.matches("INTEGER")) { - bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Integer.valueOf(columnValues[columnNumber]))); + try { + bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Integer.valueOf(columnValue))); + } catch (NumberFormatException ex) { + logger.log(Level.WARNING, String.format("Unable to format %s as an integer.", columnValue), ex); + } } else if (attrType.matches("LONG")) { - bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Long.valueOf(columnValues[columnNumber]))); + try { + bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Long.valueOf(columnValue))); + } catch (NumberFormatException ex) { + logger.log(Level.WARNING, String.format("Unable to format %s as an long.", columnValue), ex); + } } else if (attrType.matches("DOUBLE")) { - bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Double.valueOf(columnValues[columnNumber]))); + try { + bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Double.valueOf(columnValue))); + } catch (NumberFormatException ex) { + logger.log(Level.WARNING, String.format("Unable to format %s as an double.", columnValue), ex); + } } else if (attrType.matches("BYTE")) { - bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Byte.valueOf(columnValues[columnNumber]))); + try { + bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Byte.valueOf(columnValue))); + } catch (NumberFormatException ex) { + logger.log(Level.WARNING, String.format("Unable to format %s as an byte.", columnValue), ex); + } } else if (attrType.matches("DATETIME")) { // format of data should be the same in all the data and the format is 2020-03-28 01:00:17 SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-d HH:mm:ss", US); Long dateLong = Long.valueOf(0); try { - Date newDate = dateFormat.parse(columnValues[columnNumber]); + Date newDate = dateFormat.parse(columnValue); dateLong = newDate.getTime() / 1000; bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, dateLong)); } catch (ParseException ex) { // catching error and displaying date that could not be parsed // we set the timestamp to 0 and continue on processing - logger.log(Level.WARNING, String.format("Failed to parse date/time %s for attribute type %s in file %s.", columnValues[columnNumber], attributeType.getDisplayName(), fileName)); //NON-NLS + logger.log(Level.WARNING, String.format("Failed to parse date/time %s for attribute type %s in file %s.", columnValue, attributeType.getDisplayName(), fileName)); //NON-NLS } } else if (attrType.matches("JSON")) { - bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, columnValues[columnNumber])); + bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, columnValue)); } else { // Log this and continue on with processing logger.log(Level.WARNING, String.format("Attribute Type %s not defined.", attrType)); //NON-NLS @@ -343,29 +438,43 @@ public final class LeappFileProcessor { * headings to the columns in the XML mapping file so we know which columns * to process. * - * @param line a tsv heading line of the columns in the file + * @param fileName The name of the file in which these column headers exist. + * @param line a tsv heading line of the columns in the file * @param attrList the list of headings we want to process * * @return the numbered column(s) and attribute(s) we want to use for the - * column(s) + * column(s) */ - private Map findColumnsToProcess(String line, List> attrList) { + private Map findColumnsToProcess(String fileName, String line, List attrList) { String[] columnNames = line.split("\\t"); HashMap columnsToProcess = new HashMap<>(); Integer columnPosition = 0; for (String columnName : columnNames) { // for some reason the first column of the line has unprintable characters so removing them - String cleanColumnName = columnName.replaceAll("[^\\n\\r\\t\\p{Print}]", ""); - for (List atList : attrList) { - if (atList.contains(cleanColumnName.toLowerCase())) { - columnsToProcess.put(columnPosition, atList.get(0)); + String cleanColumnName = columnName.trim().replaceAll("[^\\n\\r\\t\\p{Print}]", ""); + for (TsvColumn tsvColumn : attrList) { + if (cleanColumnName.equalsIgnoreCase(tsvColumn.getColumnName())) { + columnsToProcess.put(columnPosition, tsvColumn.getAttributeName()); break; } } columnPosition++; } + if (columnsToProcess.size() != attrList.size()) { + String missingColumns = IntStream.range(0, attrList.size()) + .filter((idx) -> !columnsToProcess.containsKey(attrList.get(idx).getAttributeName())) + .mapToObj((idx) -> String.format("'%s'", attrList.get(idx).getColumnName() == null ? "" : attrList.get(idx).getColumnName())) + .collect(Collectors.joining(", ")); + + logger.log(Level.SEVERE, String.format("Columns size expected not found in file %s based on xml from %s. Column Keys Missing = [%s]; Header Line = '%s'.", + this.xmlFile == null ? "" : this.xmlFile, + fileName, + missingColumns, + line)); + } + return columnsToProcess; } @@ -424,6 +533,16 @@ public final class LeappFileProcessor { String comment = nnm.getNamedItem("comment").getNodeValue(); String parentName = artifactNlist.item(k).getParentNode().getAttributes().getNamedItem("filename").getNodeValue(); + BlackboardArtifact.ARTIFACT_TYPE foundArtifactType = Stream.of(BlackboardArtifact.ARTIFACT_TYPE.values()) + .filter((art_type) -> art_type.name().equalsIgnoreCase(artifactName)) + .findFirst() + .orElse(null); + + if (foundArtifactType == null) { + logger.log(Level.SEVERE, String.format("No known artifact mapping found for [artifact: %s, %s]", + artifactName, getXmlFileIdentifier(parentName))); + } + tsvFileArtifacts.put(parentName, artifactName); if (!comment.toLowerCase().matches("null")) { @@ -433,29 +552,64 @@ public final class LeappFileProcessor { } + private String getXmlFileIdentifier(String fileName) { + return String.format("file: %s, filename: %s", + this.xmlFile == null ? "" : this.xmlFile, + fileName == null ? "" : fileName); + } + + private String getXmlAttrIdentifier(String fileName, String attributeName) { + return String.format("attribute: %s %s", + attributeName == null ? "" : attributeName, + getXmlFileIdentifier(fileName)); + } + private void getAttributeNodes(Document xmlinput) { NodeList attributeNlist = xmlinput.getElementsByTagName("AttributeName"); //NON-NLS for (int k = 0; k < attributeNlist.getLength(); k++) { - List attributeList = new ArrayList<>(); NamedNodeMap nnm = attributeNlist.item(k).getAttributes(); String attributeName = nnm.getNamedItem("attributename").getNodeValue(); + if (!attributeName.toLowerCase().matches("null")) { String columnName = nnm.getNamedItem("columnName").getNodeValue(); String required = nnm.getNamedItem("required").getNodeValue(); String parentName = attributeNlist.item(k).getParentNode().getParentNode().getAttributes().getNamedItem("filename").getNodeValue(); - attributeList.add(attributeName.toLowerCase()); - attributeList.add(columnName.toLowerCase()); - attributeList.add(required.toLowerCase()); + BlackboardAttribute.ATTRIBUTE_TYPE foundAttrType = Stream.of(BlackboardAttribute.ATTRIBUTE_TYPE.values()) + .filter((attr_type) -> attr_type.name().compareToIgnoreCase(attributeName) == 0) + .findFirst() + .orElse(null); + + if (foundAttrType == null) { + logger.log(Level.SEVERE, String.format("No known attribute mapping found for [%s]", getXmlAttrIdentifier(parentName, attributeName))); + } + + if (required != null && required.compareToIgnoreCase("yes") != 0 && required.compareToIgnoreCase("no") != 0) { + logger.log(Level.SEVERE, String.format("Required value %s did not match 'yes' or 'no' for [%s]", + required, getXmlAttrIdentifier(parentName, attributeName))); + } + + if (columnName == null) { + logger.log(Level.SEVERE, String.format("No column name provided for [%s]", getXmlAttrIdentifier(parentName, attributeName))); + } else if (columnName.trim().length() != columnName.length()) { + logger.log(Level.SEVERE, String.format("Column name '%s' starts or ends with whitespace for [%s]", columnName, getXmlAttrIdentifier(parentName, attributeName))); + } else if (columnName.matches("[^ \\S]")) { + logger.log(Level.SEVERE, String.format("Column name '%s' contains invalid characters [%s]", columnName, getXmlAttrIdentifier(parentName, attributeName))); + } + + TsvColumn thisCol = new TsvColumn( + attributeName.toLowerCase(), + columnName.toLowerCase(), + "yes".compareToIgnoreCase(required) == 0); if (tsvFileAttributes.containsKey(parentName)) { - List> attrList = tsvFileAttributes.get(parentName); - attrList.add(attributeList); + List attrList = tsvFileAttributes.get(parentName); + attrList.add(thisCol); tsvFileAttributes.replace(parentName, attrList); } else { - List> attrList = new ArrayList<>(); - attrList.add(attributeList); + List attrList = new ArrayList<>(); + attrList.add(thisCol); tsvFileAttributes.put(parentName, attrList); } } @@ -466,13 +620,12 @@ public final class LeappFileProcessor { /** * Generic method for creating a blackboard artifact with attributes * - * @param type is a blackboard.artifact_type enum to determine which - * type the artifact should be + * @param type is a blackboard.artifact_type enum to determine which type + * the artifact should be * @param abstractFile is the AbstractFile object that needs to have the - * artifact added for it + * artifact added for it * @param bbattributes is the collection of blackboard attributes that need - * to be added to the artifact after the artifact has - * been created + * to be added to the artifact after the artifact has been created * * @return The newly-created artifact, or null on error */ @@ -490,13 +643,12 @@ public final class LeappFileProcessor { /** * Generic method for creating a blackboard artifact with attributes * - * @param type is a blackboard.artifact_type enum to determine which - * type the artifact should be - * @param dataSource is the Content object that needs to have the artifact - * added for it + * @param type is a blackboard.artifact_type enum to determine which type + * the artifact should be + * @param dataSource is the Content object that needs to have the artifact + * added for it * @param bbattributes is the collection of blackboard attributes that need - * to be added to the artifact after the artifact has - * been created + * to be added to the artifact after the artifact has been created * * @return The newly-created artifact, or null on error */ @@ -515,7 +667,7 @@ public final class LeappFileProcessor { * Method to post a list of BlackboardArtifacts to the blackboard. * * @param artifacts A list of artifacts. IF list is empty or null, the - * function will return. + * function will return. */ void postArtifacts(Collection artifacts) { if (artifacts == null || artifacts.isEmpty()) { @@ -535,7 +687,8 @@ public final class LeappFileProcessor { * @throws org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException */ private void configExtractor() throws IOException { - PlatformUtil.extractResourceToUserConfigDir(LeappFileProcessor.class, xmlFile, true); + PlatformUtil.extractResourceToUserConfigDir(LeappFileProcessor.class, + xmlFile, true); } } From cbd9d96e7b7a01709c4b0680511b823646d974df Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 13 Jan 2021 12:27:46 -0500 Subject: [PATCH 2/6] imports fix --- .../autopsy/modules/leappanalyzers/LeappFileProcessor.java | 1 - 1 file changed, 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java index 57cc3e6212..e48943c15e 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java @@ -46,7 +46,6 @@ import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import org.apache.commons.collections4.MapUtils; import org.apache.commons.io.FilenameUtils; -import org.apache.commons.lang.StringUtils; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; From 37b51d0c626ed30e58ec7791315f80f71152c6fb Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 13 Jan 2021 14:15:18 -0500 Subject: [PATCH 3/6] fix for validating artifact type --- .../modules/leappanalyzers/LeappFileProcessor.java | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java index e48943c15e..cf465c33da 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java @@ -532,11 +532,13 @@ public final class LeappFileProcessor { String comment = nnm.getNamedItem("comment").getNodeValue(); String parentName = artifactNlist.item(k).getParentNode().getAttributes().getNamedItem("filename").getNodeValue(); - BlackboardArtifact.ARTIFACT_TYPE foundArtifactType = Stream.of(BlackboardArtifact.ARTIFACT_TYPE.values()) - .filter((art_type) -> art_type.name().equalsIgnoreCase(artifactName)) - .findFirst() - .orElse(null); - + BlackboardArtifact.ARTIFACT_TYPE foundArtifactType = null; + try { + Case.getCurrentCase().getSleuthkitCase().getArtifactType(artifactName); + } catch (TskCoreException ex) { + logger.log(Level.SEVERE, String.format("There was an issue that arose while trying to fetch artifact type for %s.", artifactName), ex); + } + if (foundArtifactType == null) { logger.log(Level.SEVERE, String.format("No known artifact mapping found for [artifact: %s, %s]", artifactName, getXmlFileIdentifier(parentName))); From ed9552dab557fb911d70f7f18042df5e3ce0da7d Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 13 Jan 2021 14:29:31 -0500 Subject: [PATCH 4/6] bug fix --- .../autopsy/modules/leappanalyzers/LeappFileProcessor.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java index cf465c33da..2735eb5cee 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java @@ -532,9 +532,9 @@ public final class LeappFileProcessor { String comment = nnm.getNamedItem("comment").getNodeValue(); String parentName = artifactNlist.item(k).getParentNode().getAttributes().getNamedItem("filename").getNodeValue(); - BlackboardArtifact.ARTIFACT_TYPE foundArtifactType = null; + BlackboardArtifact.Type foundArtifactType = null; try { - Case.getCurrentCase().getSleuthkitCase().getArtifactType(artifactName); + foundArtifactType = Case.getCurrentCase().getSleuthkitCase().getArtifactType(artifactName); } catch (TskCoreException ex) { logger.log(Level.SEVERE, String.format("There was an issue that arose while trying to fetch artifact type for %s.", artifactName), ex); } From 34d1efd73ac7bc22b0e54d78ac00e9352fd98c67 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Wed, 13 Jan 2021 14:44:36 -0500 Subject: [PATCH 5/6] bug fix --- .../modules/leappanalyzers/LeappFileProcessor.java | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java index 2735eb5cee..3811f21a90 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java @@ -577,10 +577,12 @@ public final class LeappFileProcessor { String required = nnm.getNamedItem("required").getNodeValue(); String parentName = attributeNlist.item(k).getParentNode().getParentNode().getAttributes().getNamedItem("filename").getNodeValue(); - BlackboardAttribute.ATTRIBUTE_TYPE foundAttrType = Stream.of(BlackboardAttribute.ATTRIBUTE_TYPE.values()) - .filter((attr_type) -> attr_type.name().compareToIgnoreCase(attributeName) == 0) - .findFirst() - .orElse(null); + BlackboardAttribute.Type foundAttrType = null; + try { + foundAttrType = Case.getCurrentCase().getSleuthkitCase().getAttributeType(attributeName.toUpperCase()); + } catch (TskCoreException ex) { + logger.log(Level.SEVERE, String.format("There was an issue that arose while trying to fetch attribute type for %s.", attributeName), ex); + } if (foundAttrType == null) { logger.log(Level.SEVERE, String.format("No known attribute mapping found for [%s]", getXmlAttrIdentifier(parentName, attributeName))); From 44aa98a0f518d185c9e29697bf53482baeed4cde Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Thu, 14 Jan 2021 14:13:52 -0500 Subject: [PATCH 6/6] switch to warning --- .../modules/leappanalyzers/LeappFileProcessor.java | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java index 19578cab74..f4e24aca39 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java @@ -287,10 +287,10 @@ public final class LeappFileProcessor { TskCoreException { if (LeappFile == null || !LeappFile.exists() || fileName == null) { - logger.log(Level.SEVERE, String.format("Leap file: %s is null or does not exist", LeappFile == null ? LeappFile.toString() : "")); + logger.log(Level.WARNING, String.format("Leap file: %s is null or does not exist", LeappFile == null ? LeappFile.toString() : "")); return; } else if (attrList == null || artifactType == null || dataSource == null) { - logger.log(Level.SEVERE, String.format("attribute list, artifact type or dataSource not provided for %s", LeappFile == null ? LeappFile.toString() : "")); + logger.log(Level.WARNING, String.format("attribute list, artifact type or dataSource not provided for %s", LeappFile == null ? LeappFile.toString() : "")); return; } @@ -330,7 +330,7 @@ public final class LeappFileProcessor { if (MapUtils.isEmpty(columnNumberToProcess)) { return Collections.emptyList(); } else if (line == null) { - logger.log(Level.SEVERE, "Line is null. Returning empty list for attributes."); + logger.log(Level.WARNING, "Line is null. Returning empty list for attributes."); return Collections.emptyList(); } @@ -379,7 +379,7 @@ public final class LeappFileProcessor { String fileName) { if (columnValues == null || columnNumber < 0 || columnNumber > columnValues.length || columnValues[columnNumber] == null) { - logger.log(Level.SEVERE, String.format("Unable to determine column value at index %d in columnValues: %s", + logger.log(Level.WARNING, String.format("Unable to determine column value at index %d in columnValues: %s", columnNumber, columnValues == null ? "" : "[" + String.join(", ", columnValues) + "]")); return; @@ -471,7 +471,7 @@ public final class LeappFileProcessor { .mapToObj((idx) -> String.format("'%s'", attrList.get(idx).getColumnName() == null ? "" : attrList.get(idx).getColumnName())) .collect(Collectors.joining(", ")); - logger.log(Level.SEVERE, String.format("Columns size expected not found in file %s based on xml from %s. Column Keys Missing = [%s]; Header Line = '%s'.", + logger.log(Level.WARNING, String.format("Columns size expected not found in file %s based on xml from %s. Column Keys Missing = [%s]; Header Line = '%s'.", this.xmlFile == null ? "" : this.xmlFile, fileName, missingColumns, @@ -542,7 +542,7 @@ public final class LeappFileProcessor { } catch (TskCoreException ex) { logger.log(Level.SEVERE, String.format("There was an issue that arose while trying to fetch artifact type for %s.", artifactName), ex); } - + if (foundArtifactType == null) { logger.log(Level.SEVERE, String.format("No known artifact mapping found for [artifact: %s, %s]", artifactName, getXmlFileIdentifier(parentName)));