Merge branch 'develop' of github.com:sleuthkit/autopsy into 7365-domainCategorization

2025-07-17 10:17:41 +00:00 · 2021-03-15 09:57:58 -04:00 · 2021-03-15 09:57:58 -04:00 · 224b55de06
commit 224b55de06
parent 0415a4eef1 7a5b09c7e4
2 changed files with 31 additions and 12 deletions
--- a/Core/src/org/sleuthkit/autopsy/datamodel/OsAccounts.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/OsAccounts.java
@ -24,6 +24,7 @@ import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.EnumSet;
 import java.util.List;
 import java.util.Optional;
 import java.util.logging.Level;
@ -52,7 +53,7 @@ public final class OsAccounts implements AutopsyVisitableItem {
    private static final String ICON_PATH = "org/sleuthkit/autopsy/images/os-account.png";
    private static final SimpleDateFormat DATE_FORMATTER = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss z");

-    private final SleuthkitCase skCase;
+    private SleuthkitCase skCase;
    private final long filteringDSObjId;

    public OsAccounts(SleuthkitCase skCase) {
@ -112,34 +113,46 @@ public final class OsAccounts implements AutopsyVisitableItem {
        private final PropertyChangeListener listener = new PropertyChangeListener() {
            @Override
            public void propertyChange(PropertyChangeEvent evt) {
-                refresh(true);
+                String eventType = evt.getPropertyName();
+                if(eventType.equals(Case.Events.OS_ACCOUNT_ADDED.toString())) {
+                     refresh(true);
+                } else if (eventType.equals(Case.Events.CURRENT_CASE.toString())) {
+                    // case was closed. Remove listeners so that we don't get called with a stale case handle
+                    if (evt.getNewValue() == null) {
+                        removeNotify();
+                        skCase = null;
+                    }
+                }
            }
        };
        
        @Override
        protected void addNotify() {
            Case.addEventTypeSubscriber(Collections.singleton(Case.Events.OS_ACCOUNT_ADDED), listener);
+            Case.addEventTypeSubscriber(EnumSet.of(Case.Events.CURRENT_CASE), listener);
        }
        
        @Override
        protected void removeNotify() {
            Case.removeEventTypeSubscriber(Collections.singleton(Case.Events.OS_ACCOUNT_ADDED), listener);
+            Case.removeEventTypeSubscriber(EnumSet.of(Case.Events.CURRENT_CASE), listener);
        }
        
        @Override
        protected boolean createKeys(List<OsAccount> list) {
-            try {
-                if (filteringDSObjId == 0) {
-                    list.addAll(skCase.getOsAccountManager().getAccounts());
-                } else {
-                    Host host = skCase.getHostManager().getHost(skCase.getDataSource(filteringDSObjId));
-                    list.addAll(skCase.getOsAccountManager().getAccounts(host));
+            if(skCase != null) {
+                try {
+                    if (filteringDSObjId == 0) {
+                        list.addAll(skCase.getOsAccountManager().getAccounts());
+                    } else {
+                        Host host = skCase.getHostManager().getHost(skCase.getDataSource(filteringDSObjId));
+                        list.addAll(skCase.getOsAccountManager().getAccounts(host));
+                    }
+                } catch (TskCoreException | TskDataException ex) {
+                    logger.log(Level.SEVERE, "Unable to retrieve list of OsAccounts for case", ex);
+                    return false;
                }
-            } catch (TskCoreException | TskDataException ex) {
-                logger.log(Level.SEVERE, "Unable to retrieve list of OsAccounts for case", ex);
-                return false;
            }
-
            return true;
        }

--- a/test/script/tskdbdiff.py
+++ b/test/script/tskdbdiff.py
@ -444,6 +444,7 @@ def normalize_db_entry(line, files_table, vs_parts_table, vs_info_table, fs_info
    ig_groups_seen_index = line.find('INSERT INTO "image_gallery_groups_seen"') > -1 or line.find('INSERT INTO image_gallery_groups_seen ') > -1
    os_account_index = line.find('INSERT INTO "tsk_os_accounts"') > -1 or line.find('INSERT INTO tsk_os_accounts') > -1
    os_account_attr_index = line.find('INSERT INTO "tsk_os_account_attributes"') > -1 or line.find('INSERT INTO tsk_os_account_attributes') > -1
+    os_account_instances_index = line.find('INSERT INTO "tsk_os_account_instances"') > -1 or line.find('INSERT INTO tsk_os_account_instances') > -1
    
    parens = line[line.find('(') + 1 : line.rfind(')')]
    no_space_parens = parens.replace(" ", "")
@ -664,6 +665,11 @@ def normalize_db_entry(line, files_table, vs_parts_table, vs_info_table, fs_info
            fields_list[3] = "NULL"
        newLine = ('INSERT INTO "tsk_os_account_attributes" VALUES(' + ','.join(fields_list[1:]) + ');') # remove id
        return newLine
+    elif os_account_instances_index:
+        os_account_id = int(fields_list[1])
+        fields_list[1] = accounts_table[os_account_id]
+        newLine = ('INSERT INTO "tsk_os_account_instances" VALUES(' + ','.join(fields_list[1:]) + ');') # remove id
+        return newLine
    else:
        return line