mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup

Browse Source
This commit is contained in:
Ann Priestman 2017-11-01 13:19:42 -04:00
parent 95cf6fb95f
commit 2e128fcbbd
6 changed files with 21 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
View File

@ -121,16 +121,6 @@ class IngestModule implements FileIngestModule {
}
}
// Make a TSK_HASHSET_HIT blackboard artifact for global notable files
try {
if (dbManager.isArtifactlKnownBadByReference(filesType, md5)) {
postCorrelatedHashHitToBlackboard(af);
}
} catch (EamDbException ex) {
LOGGER.log(Level.SEVERE, "Error retrieving global known status.", ex); // NON-NLS
return ProcessResult.ERROR;
}
try {
CorrelationAttribute eamArtifact = new CorrelationAttribute(filesType, md5);
CorrelationAttributeInstance cefi = new CorrelationAttributeInstance(
@ -307,33 +297,6 @@ class IngestModule implements FileIngestModule {
}
}
private void postCorrelatedHashHitToBlackboard(AbstractFile abstractFile) {
try {
String MODULE_NAME = IngestModuleFactory.getModuleName();
BlackboardArtifact tifArtifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT);
BlackboardAttribute att = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
Bundle.IngestModule_prevCaseComment_text());
tifArtifact.addAttribute(att);
try {
// index the artifact for keyword search
blackboard.indexArtifact(tifArtifact);
} catch (Blackboard.BlackboardException ex) {
LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS
}
// send inbox message
sendBadFileInboxMessage(tifArtifact, abstractFile.getName(), abstractFile.getMd5Hash());
// fire event to notify UI of this new artifact
services.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT));
} catch (TskCoreException ex) {
LOGGER.log(Level.SEVERE, "Failed to create BlackboardArtifact.", ex); // NON-NLS
} catch (IllegalStateException ex) {
LOGGER.log(Level.SEVERE, "Failed to create BlackboardAttribute.", ex); // NON-NLS
}
}
/**
* Post a message to the ingest inbox alerting the user that a bad file was
* found.

17
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbImportDatabaseDialog.java
View File

@ -37,6 +37,7 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamOrganization;
import org.sleuthkit.autopsy.centralrepository.optionspanel.AddNewOrganizationDialog;
import org.sleuthkit.autopsy.centralrepository.optionspanel.ManageOrganizationsDialog;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.ModuleSettings;
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
@ -127,6 +128,7 @@ final class HashDbImportDatabaseDialog extends javax.swing.JDialog {
readOnlyCheckbox.setEnabled(! isFileType);
}
@NbBundle.Messages({"HashDbImportDatabaseDialog.populateOrgsError.message=Failure loading organizations."})
private void populateCombobox() {
orgComboBox.removeAllItems();
try {
@ -139,8 +141,8 @@ final class HashDbImportDatabaseDialog extends javax.swing.JDialog {
selectedOrg = orgs.get(0);
}
} catch (EamDbException ex) {
ex.printStackTrace();
//LOGGER.log(Level.SEVERE, "Failure populating combobox with organizations.", ex);
JOptionPane.showMessageDialog(null, Bundle.HashDbImportDatabaseDialog_populateOrgsError_message());
Logger.getLogger(ImportCentralRepoDbProgressDialog.class.getName()).log(Level.SEVERE, "Failure loading organizations", ex);
}
}
@ -530,18 +532,19 @@ final class HashDbImportDatabaseDialog extends javax.swing.JDialog {
}//GEN-LAST:event_centralRepoRadioButtonActionPerformed
private void orgButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_orgButtonActionPerformed
AddNewOrganizationDialog dialogO = new AddNewOrganizationDialog();
ManageOrganizationsDialog dialog = new ManageOrganizationsDialog();
// update the combobox options
if (dialogO.isChanged()) {
if (dialog.isChanged()) {
populateCombobox();
}
}//GEN-LAST:event_orgButtonActionPerformed
private void orgComboBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_orgComboBoxActionPerformed
JComboBox<String> cb = (JComboBox<String>)evt.getSource();
String orgName = (String)cb.getSelectedItem();
if (null == orgName) return;
//JComboBox<String> cb = (JComboBox<String>)evt.getSource();
//String orgName = (String)cb.getSelectedItem();
if (null == orgComboBox.getSelectedItem()) return;
String orgName = this.orgComboBox.getSelectedItem().toString();
for (EamOrganization org : orgs) {
if (org.getName().equals(orgName)) {
selectedOrg = org;

104
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java
View File

@ -246,16 +246,6 @@ public class HashDbManager implements PropertyChangeListener {
return hashDb;
}
static HashDatabase convertHashDbInfo(HashDbInfo info, int handle) throws TskCoreException{
if(info.isFileDatabaseType()){
return new HashDb(handle, info.getHashSetName(), info.getSearchDuringIngest(), info.getSendIngestMessages(),
info.getKnownFilesType());
} else if(info.isCentralRepoDatabaseType()){
throw new TskCoreException("Not implemented yet");
}
throw new TskCoreException("Invalid database type in HashDbInfo");
}
private HashDb addFileTypeHashDatabase(int handle, String hashSetName, boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType) throws TskCoreException {
// Wrap an object around the handle.
HashDb hashDb = new HashDb(handle, hashSetName, searchDuringIngest, sendIngestMessages, knownFilesType);
@ -322,93 +312,6 @@ public class HashDbManager implements PropertyChangeListener {
return db;
}
/*
public CentralRepoHashDb importCentralRepoHashSet(String hashSetName, String version, int orgId,
boolean searchDuringIngest, boolean sendIngestMessages, HashDb.KnownFilesType knownFilesType,
String importFile) throws TskCoreException {
int crIndex;
try{
// Create an empty hashset in the central repository
crIndex = EamDb.getInstance().newReferenceSet(orgId, hashSetName, version);
} catch (EamDbException ex){
throw new TskCoreException(ex.getLocalizedMessage());
}
try{
// Import the hashes
TskData.FileKnown knownStatus;
if (knownFilesType.equals(HashDb.KnownFilesType.KNOWN)) {
knownStatus = TskData.FileKnown.KNOWN;
} else {
knownStatus = TskData.FileKnown.BAD;
}
// Future, make UI handle more than the "FILES" type.
EamDb dbManager = EamDb.getInstance();
CorrelationAttribute.Type contentType = dbManager.getCorrelationTypeById(CorrelationAttribute.FILES_TYPE_ID); // get "FILES" type
BufferedReader reader = new BufferedReader(new FileReader(importFile));
String line;
Set<EamGlobalFileInstance> globalInstances = new HashSet<>();
long totalLines = Files.lines(new File(importFile).toPath()).count();
int numLines = 0;
while ((line = reader.readLine()) != null) {
String[] parts = line.split("\\|");
// Header lines start with a 41 character dummy hash, 1 character longer than a SHA-1 hash
if (parts.length != 2 || parts[0].length() == 41) {
continue;
}
EamGlobalFileInstance eamGlobalFileInstance = new EamGlobalFileInstance(
crIndex,
parts[0].toLowerCase(),
knownStatus,
"");
globalInstances.add(eamGlobalFileInstance);
if(numLines % 1000 == 0){
dbManager.bulkInsertReferenceTypeEntries(globalInstances, contentType);
globalInstances.clear();
}
}
dbManager.bulkInsertReferenceTypeEntries(globalInstances, contentType);
// this should wait until after init
CentralRepoHashDb hashDb = new CentralRepoHashDb(hashSetName, version, crIndex,
searchDuringIngest, sendIngestMessages, knownFilesType);
// Add the hash database to the collection
hashSets.add(hashDb);
// Let any external listeners know that there's a new set
try {
changeSupport.firePropertyChange(SetEvt.DB_ADDED.toString(), null, hashSetName);
} catch (Exception e) {
logger.log(Level.SEVERE, "HashDbManager listener threw exception", e); //NON-NLS
MessageNotifyUtil.Notify.show(
NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErr"),
NbBundle.getMessage(this.getClass(), "HashDbManager.moduleErrorListeningToUpdatesMsg"),
MessageNotifyUtil.MessageType.ERROR);
}
return hashDb;
} catch (Exception ex){
// TODO
ex.printStackTrace();
throw new TskCoreException(ex.getLocalizedMessage());
}
}*/
synchronized void indexHashDatabase(HashDb hashDb) {
hashDb.addPropertyChangeListener(this);
@ -668,7 +571,7 @@ public class HashDbManager implements PropertyChangeListener {
globalSet.getGlobalSetID(), globalSet.getKnownStatus(), globalSet.isReadOnly(), false, sendIngestMessages));
}
} catch (EamDbException ex){
ex.printStackTrace();
Logger.getLogger(HashDbManager.class.getName()).log(Level.SEVERE, "Error loading central repository hash sets", ex); //NON-NLS
}
}
return crHashSets;
@ -1486,14 +1389,15 @@ public class HashDbManager implements PropertyChangeListener {
* @throws TskCoreException
*/
@Override
public boolean isValid() throws TskCoreException {
public boolean isValid() {
if(! EamDb.isEnabled()) {
return false;
}
try{
return EamDb.getInstance().referenceSetIsValid(this.centralRepoIndex, this.hashSetName, this.version);
} catch (EamDbException ex){
throw new TskCoreException(ex.getLocalizedMessage());
Logger.getLogger(CentralRepoHashDb.class.getName()).log(Level.SEVERE, "Error validating hash database " + hashSetName, ex); //NON-NLS
return false;
}
}

8
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupModuleSettingsPanel.java
View File

@ -174,13 +174,13 @@ public final class HashLookupModuleSettingsPanel extends IngestModuleIngestJobSe
}
private boolean isHashDbValid(HashDatabase hashDb) {
boolean indexed = false;
boolean isValid = false;
try {
indexed = hashDb.isValid();
isValid = hashDb.isValid();
} catch (TskCoreException ex) {
Logger.getLogger(HashLookupModuleSettingsPanel.class.getName()).log(Level.SEVERE, "Error getting indexed status info for hash set (name = " + hashDb.getHashSetName() + ")", ex); //NON-NLS
Logger.getLogger(HashLookupModuleSettingsPanel.class.getName()).log(Level.SEVERE, "Error checking validity for hash set (name = " + hashDb.getHashSetName() + ")", ex); //NON-NLS
}
return indexed;
return isValid;
}
private static final class HashSetModel {

6
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashLookupSettings.java
View File

@ -358,7 +358,7 @@ final class HashLookupSettings implements Serializable {
} else {
this.path = fileTypeDb.getDatabasePath();
}
} else {// if(db instanceof HashDbManager.CentralRepoHashDb){
} else {
HashDbManager.CentralRepoHashDb centralRepoDb = (HashDbManager.CentralRepoHashDb)db;
this.hashSetName = centralRepoDb.getHashSetName();
this.version = centralRepoDb.getVersion();
@ -369,9 +369,7 @@ final class HashLookupSettings implements Serializable {
this.path = "";
this.centralRepoIndex = centralRepoDb.getCentralRepoIndex();
this.dbType = DatabaseType.CENTRAL_REPOSITORY;
} //else {
// throw new TskCoreException("Unknown hash database type");
//}
}
}
/**

2
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/ImportCentralRepoDbProgressDialog.java
View File

@ -172,7 +172,7 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P
*/
final long getEstimatedTotalHashes(){
long fileSize = importFile.length();
return (fileSize / 0x33); // IDX file lines are generally 0x33 bytes long
return (fileSize / 0x33 + 1); // IDX file lines are generally 0x33 bytes long, and we don't want this to be zero
}
@Override