From 27e574174ae43efceca9cd9e38251f5894d1e38e Mon Sep 17 00:00:00 2001 From: "Samuel H. Kenyon" Date: Sun, 27 Apr 2014 21:33:14 -0400 Subject: [PATCH] parsing reports and derived files works --- .../ExternalResultsIngestModule.java | 17 +++-- .../externalresults/ExternalResultsXML.java | 73 +++++++++++++++---- .../modules/externalresults/ResultsData.java | 49 ++++++++++--- 3 files changed, 105 insertions(+), 34 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/externalresults/ExternalResultsIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/externalresults/ExternalResultsIngestModule.java index 4770ac6f15..f93561441f 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/externalresults/ExternalResultsIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/externalresults/ExternalResultsIngestModule.java @@ -22,7 +22,6 @@ package org.sleuthkit.autopsy.modules.externalresults; import java.io.File; import java.io.IOException; -import java.io.Writer; import java.util.logging.Level; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.casemodule.Case; @@ -48,10 +47,10 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements private static final String IMPORT_DIR = "import"; private long jobId; private String importPath; + private String importFilePath; private String cmdPath; private String cmdName; - String dataSourcePath; - private Process thirdPartyProc = null; + String dataSourceLocalPath; DataSourceIngestModuleProgress progressBar; /** @@ -76,6 +75,9 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements throw new IngestModuleException(message); } } + + ///@todo use a standard name or search for an XML file + importFilePath = importPath + File.separator + "ext-test3.xml"; } } @@ -91,10 +93,9 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements progressBar.switchToDeterminate(2); try { - dataSourcePath = dataSource.getUniquePath(); - String foo[] = dataSource.getImage().getPaths(); + dataSourceLocalPath = dataSource.getImage().getPaths()[0]; } catch (TskCoreException ex) { - String msgstr = NbBundle.getMessage(this.getClass(), "ExternalResultsIngestModule.process.exception.datasourcepath"); + String msgstr = NbBundle.getMessage(this.getClass(), "ExternalResultsIngestModule.process.exception.dataSourceLocalPath"); logger.log(Level.SEVERE, msgstr); return ProcessResult.ERROR; } @@ -140,7 +141,7 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements final String[] cmdArgs = { cmdName, importPath, - dataSourcePath }; + dataSourceLocalPath }; //File workingDirFile = new File(cmdPath); @@ -153,7 +154,7 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements private void importResults() { // execution is done, look for results to import - ExternalResultsXML parser = new ExternalResultsXML(importPath); + ExternalResultsXML parser = new ExternalResultsXML(importFilePath); ExternalResultsUtility.importResults(parser); progressBar.progress(1); } diff --git a/Core/src/org/sleuthkit/autopsy/modules/externalresults/ExternalResultsXML.java b/Core/src/org/sleuthkit/autopsy/modules/externalresults/ExternalResultsXML.java index ea536cf10f..0f968b5eff 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/externalresults/ExternalResultsXML.java +++ b/Core/src/org/sleuthkit/autopsy/modules/externalresults/ExternalResultsXML.java @@ -34,7 +34,6 @@ import org.w3c.dom.NodeList; public class ExternalResultsXML implements ExternalResultsParser { private static final Logger logger = Logger.getLogger(ExternalResultsXML.class.getName()); - private static final String ENCODING = "UTF-8"; //NON-NLS private static final String XSDFILE = "autopsy_external_results.xsd"; //NON-NLS private static final String ROOT_EL = "autopsy_results"; //NON-NLS @@ -56,16 +55,15 @@ public class ExternalResultsXML implements ExternalResultsParser { private static final String TYPE_ATTR = "type"; //NON-NLS private static final String NAME_ATTR = "name"; //NON-NLS - private String reportFilePath; + private String importFilePath; private ResultsData resultsData = null; /** * - * @param reportPath + * @param importFilePath */ - ExternalResultsXML(String reportPath) { - ///@todo find an xml file to parse - reportFilePath = reportPath + File.separator + "ext-test2.xml"; + ExternalResultsXML(String importFilePath) { + this.importFilePath = importFilePath; } /** @@ -77,7 +75,7 @@ public class ExternalResultsXML implements ExternalResultsParser { resultsData = new ResultsData(); try { - final Document doc = XMLUtil.loadDoc(ExternalResultsXML.class, reportFilePath, XSDFILE); + final Document doc = XMLUtil.loadDoc(ExternalResultsXML.class, importFilePath, XSDFILE); if (doc == null) { return null; } @@ -214,13 +212,38 @@ public class ExternalResultsXML implements ExternalResultsParser { * * @param root */ - private void parseReports(Element root ) { + private void parseReports(Element root ) throws Exception { NodeList nodeList = root.getElementsByTagName(REPORTLIST_EL); - final int numNodes = nodeList.getLength(); - for(int index = 0; index < numNodes; ++index) { + // for each reports list (normally there should be just 1) + for(int index = 0; index < nodeList.getLength(); ++index) { Element el = (Element)nodeList.item(index); - + NodeList subNodeList = el.getElementsByTagName(REPORT_EL); + + // for each report + for(int subIndex = 0; subIndex < subNodeList.getLength(); ++subIndex) { + Element subEl = (Element)subNodeList.item(subIndex); + String displayName = ""; + String localPath = ""; + NodeList nameNodeList = subEl.getElementsByTagName(DISPLAYNAME_EL); + if (nameNodeList.getLength() > 0) { + // we only use the first occurence + Element nameEl = (Element)nameNodeList.item(0); + displayName = nameEl.getTextContent(); + } + NodeList pathNodeList = subEl.getElementsByTagName(LOCALPATH_EL); + if (pathNodeList.getLength() > 0) { + // we only use the first occurence + Element pathEl = (Element)pathNodeList.item(0); + localPath = pathEl.getTextContent(); + } + if ((!displayName.isEmpty()) && (!localPath.isEmpty())) { + resultsData.addReport(displayName, localPath); + } else { + // error to have a file element without a path element + throw new Exception("report element is missing display_name or local_path."); + } + } } } @@ -228,13 +251,31 @@ public class ExternalResultsXML implements ExternalResultsParser { * * @param root */ - private void parseDerivedFiles(Element root ) { + private void parseDerivedFiles(Element root ) throws Exception { NodeList nodeList = root.getElementsByTagName(DERIVEDLIST_EL); - final int numNodes = nodeList.getLength(); - - for(int index = 0; index < numNodes; ++index) { + + // for each derived files list (normally there should be just 1) + for(int index = 0; index < nodeList.getLength(); ++index) { Element el = (Element)nodeList.item(index); - + NodeList subNodeList = el.getElementsByTagName(DERIVED_EL); + + // for each derived file + for(int subIndex = 0; subIndex < subNodeList.getLength(); ++subIndex) { + Element subEl = (Element)subNodeList.item(subIndex); + String localPath = ""; + NodeList pathNodeList = subEl.getElementsByTagName(LOCALPATH_EL); + if (pathNodeList.getLength() > 0) { + // we only use the first occurence + Element pathEl = (Element)pathNodeList.item(0); + localPath = pathEl.getTextContent(); + } + if (!localPath.isEmpty()) { + resultsData.addDerivedFile(localPath); + } else { + // error to have a file element without a path element + throw new Exception("derived_files element is missing local_path."); + } + } } } } diff --git a/Core/src/org/sleuthkit/autopsy/modules/externalresults/ResultsData.java b/Core/src/org/sleuthkit/autopsy/modules/externalresults/ResultsData.java index 0f9efa3c32..692a07cb60 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/externalresults/ResultsData.java +++ b/Core/src/org/sleuthkit/autopsy/modules/externalresults/ResultsData.java @@ -27,10 +27,26 @@ import java.util.List; * */ public class ResultsData { - private List dataSources = new ArrayList<>(); - private List artifacts = new ArrayList<>(); - private List reports = new ArrayList<>(); - private List derivedFiles = new ArrayList<>(); + private final List dataSources = new ArrayList<>(); + private final List artifacts = new ArrayList<>(); + private final List reports = new ArrayList<>(); + private final List derivedFiles = new ArrayList<>(); + + public List getDataSources() { + return dataSources; + } + + public List getArtifacts() { + return artifacts; + } + + public List getReports() { + return reports; + } + + public List getDerivedFiles() { + return derivedFiles; + } public void addDataSource(String dataSrc) { dataSources.add(dataSrc); @@ -80,15 +96,28 @@ public class ResultsData { return art.files.size() - 1; } - // Internal data structures + public void addReport(String displayName, String localPath) { + ReportData d = new ReportData(); + d.displayName = displayName; + d.localPath = localPath; + reports.add(d); + } - private static class ArtifactData { + public void addDerivedFile(String localPath) { + DerivedFileData d = new DerivedFileData(); + d.localPath = localPath; + derivedFiles.add(d); + } + + // Data structures + + public static class ArtifactData { private String typeStr; private List attributes = new ArrayList<>(); private List files = new ArrayList<>(); } - private static class AttributeData { + public static class AttributeData { private String typeStr; private String valueType = "text"; //default if not specified private String valueStr; //valueType determines how to interpret it @@ -96,16 +125,16 @@ public class ResultsData { private String context; } - private static class FileData { + public static class FileData { private String path; } - private static class ReportData { + public static class ReportData { private String displayName; private String localPath; } - private static class DerivedFileData { + public static class DerivedFileData { private String localPath; } }