mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-14 08:56:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

parsing reports and derived files works

Browse Source
This commit is contained in:
Samuel H. Kenyon 2014-04-27 21:33:14 -04:00
parent 2cac84a4fe
commit 27e574174a
3 changed files with 105 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Core/src/org/sleuthkit/autopsy/modules/externalresults/ExternalResultsIngestModule.java
View File

@ -22,7 +22,6 @@ package org.sleuthkit.autopsy.modules.externalresults;
import java.io.File;
import java.io.IOException;
import java.io.Writer;
import java.util.logging.Level;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
@ -48,10 +47,10 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements
private static final String IMPORT_DIR = "import";
private long jobId;
private String importPath;
private String importFilePath;
private String cmdPath;
private String cmdName;
String dataSourcePath;
private Process thirdPartyProc = null;
String dataSourceLocalPath;
DataSourceIngestModuleProgress progressBar;
/**
@ -76,6 +75,9 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements
throw new IngestModuleException(message);
}
}
///@todo use a standard name or search for an XML file
importFilePath = importPath + File.separator + "ext-test3.xml";
}
}
@ -91,10 +93,9 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements
progressBar.switchToDeterminate(2);
try {
dataSourcePath = dataSource.getUniquePath();
String foo[] = dataSource.getImage().getPaths();
dataSourceLocalPath = dataSource.getImage().getPaths()[0];
} catch (TskCoreException ex) {
String msgstr = NbBundle.getMessage(this.getClass(), "ExternalResultsIngestModule.process.exception.datasourcepath");
String msgstr = NbBundle.getMessage(this.getClass(), "ExternalResultsIngestModule.process.exception.dataSourceLocalPath");
logger.log(Level.SEVERE, msgstr);
return ProcessResult.ERROR;
}
@ -140,7 +141,7 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements
final String[] cmdArgs = {
cmdName,
importPath,
dataSourcePath };
dataSourceLocalPath };
//File workingDirFile = new File(cmdPath);
@ -153,7 +154,7 @@ public class ExternalResultsIngestModule extends IngestModuleAdapter implements
private void importResults() {
// execution is done, look for results to import
ExternalResultsXML parser = new ExternalResultsXML(importPath);
ExternalResultsXML parser = new ExternalResultsXML(importFilePath);
ExternalResultsUtility.importResults(parser);
progressBar.progress(1);
}

67
Core/src/org/sleuthkit/autopsy/modules/externalresults/ExternalResultsXML.java
View File

@ -34,7 +34,6 @@ import org.w3c.dom.NodeList;
public class ExternalResultsXML implements ExternalResultsParser {
private static final Logger logger = Logger.getLogger(ExternalResultsXML.class.getName());
private static final String ENCODING = "UTF-8"; //NON-NLS
private static final String XSDFILE = "autopsy_external_results.xsd"; //NON-NLS
private static final String ROOT_EL = "autopsy_results"; //NON-NLS
@ -56,16 +55,15 @@ public class ExternalResultsXML implements ExternalResultsParser {
private static final String TYPE_ATTR = "type"; //NON-NLS
private static final String NAME_ATTR = "name"; //NON-NLS
private String reportFilePath;
private String importFilePath;
private ResultsData resultsData = null;
/**
*
* @param reportPath
* @param importFilePath
*/
ExternalResultsXML(String reportPath) {
///@todo find an xml file to parse
reportFilePath = reportPath + File.separator + "ext-test2.xml";
ExternalResultsXML(String importFilePath) {
this.importFilePath = importFilePath;
}
/**
@ -77,7 +75,7 @@ public class ExternalResultsXML implements ExternalResultsParser {
resultsData = new ResultsData();
try
{
final Document doc = XMLUtil.loadDoc(ExternalResultsXML.class, reportFilePath, XSDFILE);
final Document doc = XMLUtil.loadDoc(ExternalResultsXML.class, importFilePath, XSDFILE);
if (doc == null) {
return null;
}
@ -214,13 +212,38 @@ public class ExternalResultsXML implements ExternalResultsParser {
*
* @param root
*/
private void parseReports(Element root ) {
private void parseReports(Element root ) throws Exception {
NodeList nodeList = root.getElementsByTagName(REPORTLIST_EL);
final int numNodes = nodeList.getLength();
for(int index = 0; index < numNodes; ++index) {
// for each reports list (normally there should be just 1)
for(int index = 0; index < nodeList.getLength(); ++index) {
Element el = (Element)nodeList.item(index);
NodeList subNodeList = el.getElementsByTagName(REPORT_EL);
// for each report
for(int subIndex = 0; subIndex < subNodeList.getLength(); ++subIndex) {
Element subEl = (Element)subNodeList.item(subIndex);
String displayName = "";
String localPath = "";
NodeList nameNodeList = subEl.getElementsByTagName(DISPLAYNAME_EL);
if (nameNodeList.getLength() > 0) {
// we only use the first occurence
Element nameEl = (Element)nameNodeList.item(0);
displayName = nameEl.getTextContent();
}
NodeList pathNodeList = subEl.getElementsByTagName(LOCALPATH_EL);
if (pathNodeList.getLength() > 0) {
// we only use the first occurence
Element pathEl = (Element)pathNodeList.item(0);
localPath = pathEl.getTextContent();
}
if ((!displayName.isEmpty()) && (!localPath.isEmpty())) {
resultsData.addReport(displayName, localPath);
} else {
// error to have a file element without a path element
throw new Exception("report element is missing display_name or local_path.");
}
}
}
}
@ -228,13 +251,31 @@ public class ExternalResultsXML implements ExternalResultsParser {
*
* @param root
*/
private void parseDerivedFiles(Element root ) {
private void parseDerivedFiles(Element root ) throws Exception {
NodeList nodeList = root.getElementsByTagName(DERIVEDLIST_EL);
final int numNodes = nodeList.getLength();
for(int index = 0; index < numNodes; ++index) {
// for each derived files list (normally there should be just 1)
for(int index = 0; index < nodeList.getLength(); ++index) {
Element el = (Element)nodeList.item(index);
NodeList subNodeList = el.getElementsByTagName(DERIVED_EL);
// for each derived file
for(int subIndex = 0; subIndex < subNodeList.getLength(); ++subIndex) {
Element subEl = (Element)subNodeList.item(subIndex);
String localPath = "";
NodeList pathNodeList = subEl.getElementsByTagName(LOCALPATH_EL);
if (pathNodeList.getLength() > 0) {
// we only use the first occurence
Element pathEl = (Element)pathNodeList.item(0);
localPath = pathEl.getTextContent();
}
if (!localPath.isEmpty()) {
resultsData.addDerivedFile(localPath);
} else {
// error to have a file element without a path element
throw new Exception("derived_files element is missing local_path.");
}
}
}
}
}

49
Core/src/org/sleuthkit/autopsy/modules/externalresults/ResultsData.java
View File

@ -27,10 +27,26 @@ import java.util.List;
*
*/
public class ResultsData {
private List<String> dataSources = new ArrayList<>();
private List<ArtifactData> artifacts = new ArrayList<>();
private List<ReportData> reports = new ArrayList<>();
private List<DerivedFileData> derivedFiles = new ArrayList<>();
private final List<String> dataSources = new ArrayList<>();
private final List<ArtifactData> artifacts = new ArrayList<>();
private final List<ReportData> reports = new ArrayList<>();
private final List<DerivedFileData> derivedFiles = new ArrayList<>();
public List<String> getDataSources() {
return dataSources;
}
public List<ArtifactData> getArtifacts() {
return artifacts;
}
public List<ReportData> getReports() {
return reports;
}
public List<DerivedFileData> getDerivedFiles() {
return derivedFiles;
}
public void addDataSource(String dataSrc) {
dataSources.add(dataSrc);
@ -80,15 +96,28 @@ public class ResultsData {
return art.files.size() - 1;
}
// Internal data structures
public void addReport(String displayName, String localPath) {
ReportData d = new ReportData();
d.displayName = displayName;
d.localPath = localPath;
reports.add(d);
}
private static class ArtifactData {
public void addDerivedFile(String localPath) {
DerivedFileData d = new DerivedFileData();
d.localPath = localPath;
derivedFiles.add(d);
}
// Data structures
public static class ArtifactData {
private String typeStr;
private List<AttributeData> attributes = new ArrayList<>();
private List<FileData> files = new ArrayList<>();
}
private static class AttributeData {
public static class AttributeData {
private String typeStr;
private String valueType = "text"; //default if not specified
private String valueStr; //valueType determines how to interpret it
@ -96,16 +125,16 @@ public class ResultsData {
private String context;
}
private static class FileData {
public static class FileData {
private String path;
}
private static class ReportData {
public static class ReportData {
private String displayName;
private String localPath;
}
private static class DerivedFileData {
public static class DerivedFileData {
private String localPath;
}
}