mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-08 22:29:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

tsk_objects fix

Browse Source
This commit is contained in:
Greg DiCristofaro 2021-05-07 14:39:57 -04:00
parent 2b54c80b80
commit 32f4492a7b
1 changed files with 27 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
test/script/tskdbdiff.py
View File

@ -929,21 +929,24 @@ def normalize_tsk_files_path(guid_util: TskGuidUtils, row: Dict[str, any]) -> Di
return row_copy return row_copy
def normalize_tsk_objects(guid_util: TskGuidUtils, row: Dict[str, any]) -> Dict[str, any]: def normalize_tsk_objects_path(guid_util: TskGuidUtils, objid: int,
no_path_placeholder: Union[str, None]) -> Union[str, None]:
""" """
Normalizes object table rows. Returns a normalized path to be used in a tsk_objects table row.
Args: Args:
guid_util: Provides guids for ids that may change from run to run. guid_util: The utility for fetching guids.
row: A dictionary mapping column names to values. objid: The object id of the item.
no_path_placeholder: text to return if no path value found.
Returns: The 'no_path_placeholder' text if no path. Otherwise, the normalized path.
Returns: The normalized object table row.
""" """
parent_id = row['par_obj_id'] path = guid_util.get_guid_for_objid(objid, omitted_value=None)
path = guid_util.get_guid_for_objid(row['obj_id'], omitted_value=None)
row_copy = row.copy()
if not path:
return no_path_placeholder
else:
# remove host name (for multi-user) and dates/times from path for reports # remove host name (for multi-user) and dates/times from path for reports
if path is not None:
path_parts = get_path_segs(path) path_parts = get_path_segs(path)
module_output_idx = index_of(path_parts, 'ModuleOutput') module_output_idx = index_of(path_parts, 'ModuleOutput')
if module_output_idx >= 0: if module_output_idx >= 0:
@ -955,30 +958,27 @@ def normalize_tsk_objects(guid_util: TskGuidUtils, row: Dict[str, any]) -> Dict[
path_parts = path_parts[:-1] path_parts = path_parts[:-1]
for idx in range(0, len(path_parts) - 1): for idx in range(0, len(path_parts) - 1):
if path_parts[idx] == "Reports" and path_parts[idx + 1] == "AutopsyTestCase HTML Report": if path_parts[idx].lower() == "reports" and \
path_parts[idx + 1].lower().startswith("autopsytestcase html report"):
path_parts = ["Reports", "AutopsyTestCase HTML Report"] path_parts = ["Reports", "AutopsyTestCase HTML Report"]
path = os.path.join(*path_parts) if len(path_parts) > 0 else '/' path = os.path.join(*path_parts) if len(path_parts) > 0 else '/'
parent_path = guid_util.get_guid_for_objid(parent_id, omitted_value=None) return normalize_regripper_files(normalize_unalloc_files(path))
# Remove host name (for multi-user) from parent_path
if parent_path is not None:
parent_path_parts = get_path_segs(parent_path)
module_output_idx = index_of(parent_path_parts, 'ModuleOutput')
if module_output_idx >= 0:
parent_path_parts = parent_path_parts[module_output_idx:]
parent_path = os.path.join(*parent_path_parts) if len(parent_path_parts) > 0 else '/' def normalize_tsk_objects(guid_util: TskGuidUtils, row: Dict[str, any]) -> Dict[str, any]:
"""
# handle regripper and unalloc file replacements Normalizes object table rows.
if path and parent_path: Args:
row_copy['obj_id'] = normalize_regripper_files(normalize_unalloc_files(path)) guid_util: Provides guids for ids that may change from run to run.
row_copy['par_obj_id'] = normalize_regripper_files(normalize_unalloc_files(parent_path)) row: A dictionary mapping column names to values.
else:
row_copy['obj_id'] = MASKED_OBJ_ID
row_copy['par_obj_id'] = "MASKED_PARENT_OBJ_ID"
Returns: The normalized object table row.
"""
row_copy = row.copy()
row_copy['obj_id'] = normalize_tsk_objects_path(guid_util, row['obj_id'], MASKED_OBJ_ID)
row_copy['par_obj_id'] = normalize_tsk_objects_path(guid_util, row['par_obj_id'], 'MASKED_PARENT_OBJ_ID')
return row_copy return row_copy