mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-14 17:06:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

parsing reports and derived files works

Browse Source
This commit is contained in:
Samuel H. Kenyon 2014-04-27 21:33:14 -04:00
parent 2cac84a4fe
commit 27e574174a
3 changed files with 105 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Core/src/org/sleuthkit/autopsy/modules/externalresults/ExternalResultsIngestModule.java
View File

@ -22,7 +22,6 @@ package org.sleuthkit.autopsy.modules.externalresults;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.Writer;
import java.util.logging.Level; import java.util.logging.Level;
import org.openide.util.NbBundle; import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
@ -48,10 +47,10 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements
private static final String IMPORT_DIR = "import"; private static final String IMPORT_DIR = "import";
private long jobId; private long jobId;
private String importPath; private String importPath;
private String importFilePath;
private String cmdPath; private String cmdPath;
private String cmdName; private String cmdName;
String dataSourcePath; String dataSourceLocalPath;
private Process thirdPartyProc = null;
DataSourceIngestModuleProgress progressBar; DataSourceIngestModuleProgress progressBar;
/** /**
@ -76,6 +75,9 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements
throw new IngestModuleException(message); throw new IngestModuleException(message);
} }
} }
///@todo use a standard name or search for an XML file
importFilePath = importPath + File.separator + "ext-test3.xml";
} }
} }
@ -91,10 +93,9 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements
progressBar.switchToDeterminate(2); progressBar.switchToDeterminate(2);
try { try {
dataSourcePath = dataSource.getUniquePath(); dataSourceLocalPath = dataSource.getImage().getPaths()[0];
String foo[] = dataSource.getImage().getPaths();
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
String msgstr = NbBundle.getMessage(this.getClass(), "ExternalResultsIngestModule.process.exception.datasourcepath"); String msgstr = NbBundle.getMessage(this.getClass(), "ExternalResultsIngestModule.process.exception.dataSourceLocalPath");
logger.log(Level.SEVERE, msgstr); logger.log(Level.SEVERE, msgstr);
return ProcessResult.ERROR; return ProcessResult.ERROR;
} }
@ -140,7 +141,7 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements
final String[] cmdArgs = { final String[] cmdArgs = {
cmdName, cmdName,
importPath, importPath,
dataSourcePath }; dataSourceLocalPath };
//File workingDirFile = new File(cmdPath); //File workingDirFile = new File(cmdPath);
@ -153,7 +154,7 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements
private void importResults() { private void importResults() {
// execution is done, look for results to import // execution is done, look for results to import
ExternalResultsXML parser = new ExternalResultsXML(importPath); ExternalResultsXML parser = new ExternalResultsXML(importFilePath);
ExternalResultsUtility.importResults(parser); ExternalResultsUtility.importResults(parser);
progressBar.progress(1); progressBar.progress(1);
} }

67
Core/src/org/sleuthkit/autopsy/modules/externalresults/ExternalResultsXML.java
View File

@ -34,7 +34,6 @@ import org.w3c.dom.NodeList;
public class ExternalResultsXML implements ExternalResultsParser { public class ExternalResultsXML implements ExternalResultsParser {
private static final Logger logger = Logger.getLogger(ExternalResultsXML.class.getName()); private static final Logger logger = Logger.getLogger(ExternalResultsXML.class.getName());
private static final String ENCODING = "UTF-8"; //NON-NLS
private static final String XSDFILE = "autopsy_external_results.xsd"; //NON-NLS private static final String XSDFILE = "autopsy_external_results.xsd"; //NON-NLS
private static final String ROOT_EL = "autopsy_results"; //NON-NLS private static final String ROOT_EL = "autopsy_results"; //NON-NLS
@ -56,16 +55,15 @@ public class ExternalResultsXML implements ExternalResultsParser {
private static final String TYPE_ATTR = "type"; //NON-NLS private static final String TYPE_ATTR = "type"; //NON-NLS
private static final String NAME_ATTR = "name"; //NON-NLS private static final String NAME_ATTR = "name"; //NON-NLS
private String reportFilePath; private String importFilePath;
private ResultsData resultsData = null; private ResultsData resultsData = null;
/** /**
* *
* @param reportPath * @param importFilePath
*/ */
ExternalResultsXML(String reportPath) { ExternalResultsXML(String importFilePath) {
///@todo find an xml file to parse this.importFilePath = importFilePath;
reportFilePath = reportPath + File.separator + "ext-test2.xml";
} }
/** /**
@ -77,7 +75,7 @@ public class ExternalResultsXML implements ExternalResultsParser {
resultsData = new ResultsData(); resultsData = new ResultsData();
try try
{ {
final Document doc = XMLUtil.loadDoc(ExternalResultsXML.class, reportFilePath, XSDFILE); final Document doc = XMLUtil.loadDoc(ExternalResultsXML.class, importFilePath, XSDFILE);
if (doc == null) { if (doc == null) {
return null; return null;
} }
@ -214,13 +212,38 @@ public class ExternalResultsXML implements ExternalResultsParser {
* *
* @param root * @param root
*/ */
private void parseReports(Element root ) { private void parseReports(Element root ) throws Exception {
NodeList nodeList = root.getElementsByTagName(REPORTLIST_EL); NodeList nodeList = root.getElementsByTagName(REPORTLIST_EL);
final int numNodes = nodeList.getLength();
for(int index = 0; index < numNodes; ++index) { // for each reports list (normally there should be just 1)
for(int index = 0; index < nodeList.getLength(); ++index) {
Element el = (Element)nodeList.item(index); Element el = (Element)nodeList.item(index);
NodeList subNodeList = el.getElementsByTagName(REPORT_EL);
// for each report
for(int subIndex = 0; subIndex < subNodeList.getLength(); ++subIndex) {
Element subEl = (Element)subNodeList.item(subIndex);
String displayName = "";
String localPath = "";
NodeList nameNodeList = subEl.getElementsByTagName(DISPLAYNAME_EL);
if (nameNodeList.getLength() > 0) {
// we only use the first occurence
Element nameEl = (Element)nameNodeList.item(0);
displayName = nameEl.getTextContent();
}
NodeList pathNodeList = subEl.getElementsByTagName(LOCALPATH_EL);
if (pathNodeList.getLength() > 0) {
// we only use the first occurence
Element pathEl = (Element)pathNodeList.item(0);
localPath = pathEl.getTextContent();
}
if ((!displayName.isEmpty()) && (!localPath.isEmpty())) {
resultsData.addReport(displayName, localPath);
} else {
// error to have a file element without a path element
throw new Exception("report element is missing display_name or local_path.");
}
}
} }
} }
@ -228,13 +251,31 @@ public class ExternalResultsXML implements ExternalResultsParser {
* *
* @param root * @param root
*/ */
private void parseDerivedFiles(Element root ) { private void parseDerivedFiles(Element root ) throws Exception {
NodeList nodeList = root.getElementsByTagName(DERIVEDLIST_EL); NodeList nodeList = root.getElementsByTagName(DERIVEDLIST_EL);
final int numNodes = nodeList.getLength();
for(int index = 0; index < numNodes; ++index) { // for each derived files list (normally there should be just 1)
for(int index = 0; index < nodeList.getLength(); ++index) {
Element el = (Element)nodeList.item(index); Element el = (Element)nodeList.item(index);
NodeList subNodeList = el.getElementsByTagName(DERIVED_EL);
// for each derived file
for(int subIndex = 0; subIndex < subNodeList.getLength(); ++subIndex) {
Element subEl = (Element)subNodeList.item(subIndex);
String localPath = "";
NodeList pathNodeList = subEl.getElementsByTagName(LOCALPATH_EL);
if (pathNodeList.getLength() > 0) {
// we only use the first occurence
Element pathEl = (Element)pathNodeList.item(0);
localPath = pathEl.getTextContent();
}
if (!localPath.isEmpty()) {
resultsData.addDerivedFile(localPath);
} else {
// error to have a file element without a path element
throw new Exception("derived_files element is missing local_path.");
}
}
} }
} }
} }

49
Core/src/org/sleuthkit/autopsy/modules/externalresults/ResultsData.java
View File

@ -27,10 +27,26 @@ import java.util.List;
* *
*/ */
public class ResultsData { public class ResultsData {
private List<String> dataSources = new ArrayList<>(); private final List<String> dataSources = new ArrayList<>();
private List<ArtifactData> artifacts = new ArrayList<>(); private final List<ArtifactData> artifacts = new ArrayList<>();
private List<ReportData> reports = new ArrayList<>(); private final List<ReportData> reports = new ArrayList<>();
private List<DerivedFileData> derivedFiles = new ArrayList<>(); private final List<DerivedFileData> derivedFiles = new ArrayList<>();
public List<String> getDataSources() {
return dataSources;
}
public List<ArtifactData> getArtifacts() {
return artifacts;
}
public List<ReportData> getReports() {
return reports;
}
public List<DerivedFileData> getDerivedFiles() {
return derivedFiles;
}
public void addDataSource(String dataSrc) { public void addDataSource(String dataSrc) {
dataSources.add(dataSrc); dataSources.add(dataSrc);
@ -80,15 +96,28 @@ public class ResultsData {
return art.files.size() - 1; return art.files.size() - 1;
} }
// Internal data structures public void addReport(String displayName, String localPath) {
ReportData d = new ReportData();
d.displayName = displayName;
d.localPath = localPath;
reports.add(d);
}
private static class ArtifactData { public void addDerivedFile(String localPath) {
DerivedFileData d = new DerivedFileData();
d.localPath = localPath;
derivedFiles.add(d);
}
// Data structures
public static class ArtifactData {
private String typeStr; private String typeStr;
private List<AttributeData> attributes = new ArrayList<>(); private List<AttributeData> attributes = new ArrayList<>();
private List<FileData> files = new ArrayList<>(); private List<FileData> files = new ArrayList<>();
} }
private static class AttributeData { public static class AttributeData {
private String typeStr; private String typeStr;
private String valueType = "text"; //default if not specified private String valueType = "text"; //default if not specified
private String valueStr; //valueType determines how to interpret it private String valueStr; //valueType determines how to interpret it
@ -96,16 +125,16 @@ public class ResultsData {
private String context; private String context;
} }
private static class FileData { public static class FileData {
private String path; private String path;
} }
private static class ReportData { public static class ReportData {
private String displayName; private String displayName;
private String localPath; private String localPath;
} }
private static class DerivedFileData { public static class DerivedFileData {
private String localPath; private String localPath;
} }
} }