mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-06 21:00:22 +00:00
Merge branch 'develop' of github.com:sleuthkit/autopsy into solr-8-upgrade
This commit is contained in:
Eugene Livis
commit
27b419c5a1
@ -123,8 +123,8 @@
|
||||
tofile="${ext.dir}/sleuthkit-${TSK_VERSION}.jar"/>
|
||||
<copy file="${env.TSK_HOME}/bindings/java/lib/sqlite-jdbc-3.25.2.jar"
|
||||
tofile="${ext.dir}/sqlite-jdbc-3.25.2.jar"/>
|
||||
<copy file="${env.TSK_HOME}/bindings/java/lib/postgresql-9.4.1211.jre7.jar"
|
||||
tofile="${ext.dir}/postgresql-9.4.1211.jre7.jar"/>
|
||||
<copy file="${env.TSK_HOME}/bindings/java/lib/postgresql-42.2.18.jar"
|
||||
tofile="${ext.dir}/postgresql-42.2.18.jar"/>
|
||||
<copy file="${env.TSK_HOME}/bindings/java/lib/mchange-commons-java-0.2.9.jar"
|
||||
tofile="${ext.dir}/mchange-commons-java-0.2.9.jar"/>
|
||||
<copy file="${env.TSK_HOME}/bindings/java/lib/c3p0-0.9.5.jar"
|
||||
|
||||
@ -99,7 +99,7 @@ file.reference.opencensus-api-0.19.2.jar=release\\modules\\ext\\opencensus-api-0
|
||||
file.reference.opencensus-contrib-grpc-metrics-0.19.2.jar=release\\modules\\ext\\opencensus-contrib-grpc-metrics-0.19.2.jar
|
||||
file.reference.opencensus-contrib-http-util-0.19.2.jar=release\\modules\\ext\\opencensus-contrib-http-util-0.19.2.jar
|
||||
file.reference.opennlp-tools-1.9.1.jar=release\\modules\\ext\\opennlp-tools-1.9.1.jar
|
||||
file.reference.postgresql-9.4.1211.jre7.jar=release\\modules\\ext\\postgresql-9.4.1211.jre7.jar
|
||||
file.reference.postgresql-42.2.18.jar=release\\modules\\ext\\postgresql-42.2.18.jar
|
||||
file.reference.proto-google-cloud-translate-v3beta1-0.53.0.jar=release\\modules\\ext\\proto-google-cloud-translate-v3beta1-0.53.0.jar
|
||||
file.reference.proto-google-common-protos-1.15.0.jar=release\\modules\\ext\\proto-google-common-protos-1.15.0.jar
|
||||
file.reference.proto-google-iam-v1-0.12.0.jar=release\\modules\\ext\\proto-google-iam-v1-0.12.0.jar
|
||||
@ -118,7 +118,7 @@ file.reference.StixLib.jar=release\\modules\\ext\\StixLib.jar
|
||||
file.reference.threetenbp-1.3.3.jar=release\\modules\\ext\\threetenbp-1.3.3.jar
|
||||
file.reference.webp-imageio-sejda-0.1.0.jar=release\\modules\\ext\\webp-imageio-sejda-0.1.0.jar
|
||||
file.reference.xmpcore-5.1.3.jar=release\\modules\\ext\\xmpcore-5.1.3.jar
|
||||
file.reference.YaraJNIWrapper.jar=release\\modules\\ext\\YaraJNIWrapper.jar
|
||||
file.reference.YaraJNIWrapper.jar=release/modules/ext/YaraJNIWrapper.jar
|
||||
file.reference.zookeeper-3.4.6.jar=release\\modules\\ext\\zookeeper-3.4.6.jar
|
||||
javac.source=1.8
|
||||
javac.compilerargs=-Xlint -Xlint:-serial
|
||||
|
||||
@ -436,6 +436,10 @@
|
||||
<runtime-relative-path>ext/commons-codec-1.11.jar</runtime-relative-path>
|
||||
<binary-origin>release\modules\ext\commons-codec-1.11.jar</binary-origin>
|
||||
</class-path-extension>
|
||||
<class-path-extension>
|
||||
<runtime-relative-path>ext/postgresql-42.2.18.jar</runtime-relative-path>
|
||||
<binary-origin>release\modules\ext\postgresql-42.2.18.jar</binary-origin>
|
||||
</class-path-extension>
|
||||
<class-path-extension>
|
||||
<runtime-relative-path>ext/commons-pool2-2.4.2.jar</runtime-relative-path>
|
||||
<binary-origin>release\modules\ext\commons-pool2-2.4.2.jar</binary-origin>
|
||||
@ -724,10 +728,6 @@
|
||||
<runtime-relative-path>ext/jai_imageio-1.1.jar</runtime-relative-path>
|
||||
<binary-origin>release\modules\ext\jai_imageio-1.1.jar</binary-origin>
|
||||
</class-path-extension>
|
||||
<class-path-extension>
|
||||
<runtime-relative-path>ext/postgresql-9.4.1211.jre7.jar</runtime-relative-path>
|
||||
<binary-origin>release\modules\ext\postgresql-9.4.1211.jre7.jar</binary-origin>
|
||||
</class-path-extension>
|
||||
<class-path-extension>
|
||||
<runtime-relative-path>ext/junit-3.8.1.jar</runtime-relative-path>
|
||||
<binary-origin>release\modules\ext\junit-3.8.1.jar</binary-origin>
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
Yara_Module_Description=With the YARA ingest module you use YARA rule files to search files for textual or binary patterns.
|
||||
Yara_Module_Name=YARA
|
||||
Yara_Module_Description=The YARA Analyzer uses YARA to search files for textual or binary patterns.
|
||||
Yara_Module_Name=YARA Analyzer
|
||||
YaraIngestModule_no_ruleSets=Unable to run YARA ingest, list of YARA rule sets was empty.
|
||||
YaraIngestModule_windows_error_msg=The YARA ingest module is only available on 64bit Windows.
|
||||
YaraIngestModule_yarac_not_found=Unable to compile YARA rules files. Unable to find executable at.
|
||||
|
||||
@ -37,8 +37,8 @@ import org.sleuthkit.autopsy.modules.yara.ui.YaraIngestSettingsPanel;
|
||||
public class YaraIngestModuleFactory extends IngestModuleFactoryAdapter {
|
||||
|
||||
@Messages({
|
||||
"Yara_Module_Name=YARA",
|
||||
"Yara_Module_Description=With the YARA ingest module you use YARA rule files to search files for textual or binary patterns."
|
||||
"Yara_Module_Name=YARA Analyzer",
|
||||
"Yara_Module_Description=The YARA Analyzer uses YARA to search files for textual or binary patterns."
|
||||
})
|
||||
|
||||
@Override
|
||||
|
||||
@ -41,6 +41,8 @@ import java.sql.ResultSet;
|
||||
import java.sql.SQLException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
@ -60,6 +62,7 @@ import org.sleuthkit.autopsy.coreutils.FileTypeUtils.FileTypeCategory;
|
||||
import org.sleuthkit.autopsy.report.ReportProgressPanel;
|
||||
import org.sleuthkit.caseuco.CaseUcoExporter;
|
||||
import org.sleuthkit.datamodel.AbstractFile;
|
||||
import org.sleuthkit.datamodel.Account;
|
||||
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifactTag;
|
||||
@ -81,6 +84,9 @@ import org.sleuthkit.datamodel.TskDataException;
|
||||
import org.sleuthkit.datamodel.TskData;
|
||||
import org.sleuthkit.datamodel.Volume;
|
||||
import org.sleuthkit.datamodel.VolumeSystem;
|
||||
import org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper;
|
||||
import org.sleuthkit.datamodel.blackboardutils.attributes.BlackboardJsonAttrUtil;
|
||||
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments;
|
||||
|
||||
/**
|
||||
* Creates a portable case from tagged files
|
||||
@ -883,6 +889,9 @@ public class PortableCaseReportModule implements ReportModule {
|
||||
|
||||
// Copy the artifact
|
||||
BlackboardArtifact newArtifact = copyArtifact(newContentId, tag.getArtifact());
|
||||
|
||||
// Copy any attachments
|
||||
copyAttachments(newArtifact, tag.getArtifact(), portableSkCase.getAbstractFileById(newContentId));
|
||||
|
||||
// Tag the artfiact
|
||||
if (!oldTagNameToNewTagName.containsKey(tag.getName())) {
|
||||
@ -932,6 +941,11 @@ public class PortableCaseReportModule implements ReportModule {
|
||||
if (oldAttr.getAttributeType().getTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT.getTypeID()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// Attachments will be handled later
|
||||
if (oldAttr.getAttributeType().getTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ATTACHMENTS.getTypeID()) {
|
||||
continue;
|
||||
}
|
||||
|
||||
BlackboardAttribute.Type newAttributeType = getNewAttributeType(oldAttr);
|
||||
switch (oldAttr.getValueType()) {
|
||||
@ -1142,6 +1156,61 @@ public class PortableCaseReportModule implements ReportModule {
|
||||
newIdToContent.put(newContent.getId(), newContent);
|
||||
return oldIdToNewContent.get(content.getId()).getId();
|
||||
}
|
||||
|
||||
/**
|
||||
* Copy attachments to the portable case.
|
||||
*
|
||||
* @param newArtifact The new artifact in the portable case. Should be complete apart from the TSK_ATTACHMENTS attribute.
|
||||
* @param oldArtifact The old artifact.
|
||||
* @param newFile The new file in the portable case associated with the artifact.
|
||||
*
|
||||
* @throws TskCoreException
|
||||
*/
|
||||
private void copyAttachments(BlackboardArtifact newArtifact, BlackboardArtifact oldArtifact, AbstractFile newFile) throws TskCoreException {
|
||||
// Get the attachments from TSK_ATTACHMENTS attribute.
|
||||
BlackboardAttribute attachmentsAttr = oldArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ATTACHMENTS));
|
||||
if (attachmentsAttr != null) {
|
||||
try {
|
||||
MessageAttachments msgAttachments = BlackboardJsonAttrUtil.fromAttribute(attachmentsAttr, MessageAttachments.class);
|
||||
|
||||
Collection<MessageAttachments.FileAttachment> oldFileAttachments = msgAttachments.getFileAttachments();
|
||||
List<MessageAttachments.FileAttachment> newFileAttachments = new ArrayList<>();
|
||||
for (MessageAttachments.FileAttachment oldFileAttachment : oldFileAttachments) {
|
||||
long attachedFileObjId = oldFileAttachment.getObjectId();
|
||||
if (attachedFileObjId >= 0) {
|
||||
// Copy the attached file and save to the MessageAttachments object
|
||||
AbstractFile attachedFile = currentCase.getSleuthkitCase().getAbstractFileById(attachedFileObjId);
|
||||
if (attachedFile == null) {
|
||||
throw new TskCoreException("Error loading file with object ID " + attachedFileObjId + " from portable case");
|
||||
}
|
||||
long newFileID = copyContent(attachedFile);
|
||||
newFileAttachments.add(new MessageAttachments.FileAttachment(portableSkCase.getAbstractFileById(newFileID)));
|
||||
}
|
||||
}
|
||||
|
||||
// Get the name of the module(s) that created the attachment
|
||||
String newSourceStr = "";
|
||||
List<String> oldSources = attachmentsAttr.getSources();
|
||||
if (! oldSources.isEmpty()) {
|
||||
newSourceStr = String.join(",", oldSources);
|
||||
}
|
||||
|
||||
// Add the attachment. The account type specified in the constructor will not be used.
|
||||
CommunicationArtifactsHelper communicationArtifactsHelper = new CommunicationArtifactsHelper(currentCase.getSleuthkitCase(),
|
||||
newSourceStr, newFile, Account.Type.EMAIL);
|
||||
communicationArtifactsHelper.addAttachments(newArtifact, new MessageAttachments(newFileAttachments, msgAttachments.getUrlAttachments()));
|
||||
}
|
||||
catch (BlackboardJsonAttrUtil.InvalidJsonException ex) {
|
||||
throw new TskCoreException(String.format("Unable to parse json for MessageAttachments object in artifact: %s", oldArtifact.getName()), ex);
|
||||
}
|
||||
} else { // backward compatibility - email message attachments are derived files, children of the message.
|
||||
for (Content childContent : oldArtifact.getChildren()) {
|
||||
if (childContent instanceof AbstractFile) {
|
||||
copyContent(childContent);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the subfolder name for this file based on MIME type
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
</configurations>
|
||||
<dependencies>
|
||||
<dependency conf="experimental->default" org="com.github.lgooddatepicker" name="LGoodDatePicker" rev="10.3.1"/>
|
||||
<dependency conf="experimental->default" org="org.postgresql" name="postgresql" rev="9.4-1201-jdbc41"/>
|
||||
<dependency conf="experimental->default" org="org.postgresql" name="postgresql" rev="42.2.18"/>
|
||||
<dependency conf="experimental->default" org="com.mchange" name="c3p0" rev="0.9.5"/>
|
||||
<dependency conf="experimental->default" org="com.fasterxml.jackson.core" name="jackson-core" rev="2.7.0"/>
|
||||
<dependency conf="experimental->default" org="org.swinglabs.swingx" name="swingx-all" rev="1.6.4"/>
|
||||
|
||||
@ -5,6 +5,7 @@ file.reference.commons-lang3-3.8.1.jar=release/modules/ext/commons-lang3-3.8.1.j
|
||||
file.reference.apache-mime4j-core-0.8.0.jar=release/modules/ext/apache-mime4j-core-0.8.0-SNAPSHOT.jar
|
||||
file.reference.apache-mime4j-dom-0.8.0.jar=release/modules/ext/apache-mime4j-dom-0.8.0-SNAPSHOT.jar
|
||||
file.reference.apache-mime4j-mbox-iterator-0.8.0.jar=release/modules/ext/apache-mime4j-mbox-iterator-0.8.0-SNAPSHOT.jar
|
||||
file.reference.commons-validator-1.6.jar=release/modules/ext/commons-validator-1.6.jar
|
||||
file.reference.guava-19.0.jar=release/modules/ext/guava-19.0.jar
|
||||
file.reference.java-libpst-1.0-SNAPSHOT.jar=release/modules/ext/java-libpst-1.0-SNAPSHOT.jar
|
||||
file.reference.ez-vcard-0.10.5.jar=release/modules/ext/ez-vcard-0.10.5.jar
|
||||
|
||||
@ -100,6 +100,10 @@
|
||||
<runtime-relative-path>ext/vinnie-2.0.2.jar</runtime-relative-path>
|
||||
<binary-origin>release/modules/ext/vinnie-2.0.2.jar</binary-origin>
|
||||
</class-path-extension>
|
||||
<class-path-extension>
|
||||
<runtime-relative-path>ext/commons-validator-1.6.jar</runtime-relative-path>
|
||||
<binary-origin>release/modules/ext/commons-validator-1.6.jar</binary-origin>
|
||||
</class-path-extension>
|
||||
</data>
|
||||
</configuration>
|
||||
</project>
|
||||
|
||||
@ -40,6 +40,7 @@ import org.apache.james.mime4j.mboxiterator.CharBufferWrapper;
|
||||
import org.apache.james.mime4j.mboxiterator.MboxIterator;
|
||||
import org.apache.tika.parser.txt.CharsetDetector;
|
||||
import org.apache.tika.parser.txt.CharsetMatch;
|
||||
import org.apache.commons.validator.routines.EmailValidator;
|
||||
import org.openide.util.NbBundle;
|
||||
|
||||
/**
|
||||
@ -56,7 +57,13 @@ class MboxParser extends MimeJ4MessageParser implements Iterator<EmailMessage> {
|
||||
}
|
||||
|
||||
static boolean isValidMimeTypeMbox(byte[] buffer) {
|
||||
return (new String(buffer)).startsWith("From "); //NON-NLS
|
||||
String mboxHeaderLine = new String(buffer);
|
||||
if (mboxHeaderLine.startsWith("From ")) {
|
||||
String[] mboxLineValues = mboxHeaderLine.split(" ");
|
||||
EmailValidator validator = EmailValidator.getInstance(true, true);
|
||||
return validator.isValid(mboxLineValues[1]);
|
||||
}
|
||||
return false; //NON-NLS
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user