diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java index 3e6a1e6348..2066fb51ca 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java @@ -144,9 +144,11 @@ class ExtractIE extends Extract { NbBundle.getMessage(this.getClass(), "ExtractIE.parentModuleName.noSpace"), NbBundle.getMessage(this.getClass(), "ExtractIE.moduleName.text"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, - NbBundle.getMessage(this.getClass(), - "ExtractIE.parentModuleName.noSpace"), domain)); + if (domain != null && domain.isEmpty() == false) { + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, + NbBundle.getMessage(this.getClass(), + "ExtractIE.parentModuleName.noSpace"), domain)); + } BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, fav, bbattributes); if (bbart != null) { @@ -260,9 +262,11 @@ class ExtractIE extends Extract { NbBundle.getMessage(this.getClass(), "ExtractIE.parentModuleName.noSpace"), NbBundle.getMessage(this.getClass(), "ExtractIE.moduleName.text"))); - bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, - NbBundle.getMessage(this.getClass(), - "ExtractIE.parentModuleName.noSpace"), domain)); + if (domain != null && domain.isEmpty() == false) { + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, + NbBundle.getMessage(this.getClass(), + "ExtractIE.parentModuleName.noSpace"), domain)); + } BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes); if (bbart != null) { bbartifacts.add(bbart); @@ -474,7 +478,7 @@ class ExtractIE extends Extract { String actime = lineBuff[3]; Long ftime = (long) 0; - String user = null; + String user = ""; String realurl = null; String domain; @@ -484,26 +488,42 @@ class ExtractIE extends Extract { */ if (lineBuff[1].contains("@")) { String url[] = lineBuff[1].split("@", 2); - user = url[0]; - user = user.replace("Visited:", ""); //NON-NLS - user = user.replace(":Host:", ""); //NON-NLS - user = user.replaceAll("(:)(.*?)(:)", ""); - user = user.trim(); - realurl = url[1]; - realurl = realurl.replace("Visited:", ""); //NON-NLS - realurl = realurl.replaceAll(":(.*?):", ""); - realurl = realurl.replace(":Host:", ""); //NON-NLS - realurl = realurl.trim(); + + /* + * Verify the left portion of the URL is valid. + */ + domain = Util.extractDomain(url[0]); + + if (domain != null && domain.isEmpty() == false) { + /* + * Use the entire input for the URL. + */ + realurl = lineBuff[1].trim(); + } else { + /* + * Use the left portion of the input for the user, and the + * right portion for the host. + */ + user = url[0]; + user = user.replace("Visited:", ""); //NON-NLS + user = user.replace(":Host:", ""); //NON-NLS + user = user.replaceAll("(:)(.*?)(:)", ""); + user = user.trim(); + realurl = url[1]; + realurl = realurl.replace("Visited:", ""); //NON-NLS + realurl = realurl.replaceAll(":(.*?):", ""); + realurl = realurl.replace(":Host:", ""); //NON-NLS + realurl = realurl.trim(); + domain = Util.extractDomain(realurl); + } } else { /* * Use the entire input for the URL. */ - user = ""; realurl = lineBuff[1].trim(); + domain = Util.extractDomain(realurl); } - domain = Util.extractDomain(realurl); - if (!actime.isEmpty()) { try { Long epochtime = dateFormatter.parse(actime).getTime(); @@ -536,8 +556,7 @@ class ExtractIE extends Extract { "ExtractIE.parentModuleName.noSpace"), NbBundle.getMessage(this.getClass(), "ExtractIE.moduleName.text"))); - - if (isIgnoredUrl(lineBuff[1]) == false) { + if (domain != null && domain.isEmpty() == false) { bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, NbBundle.getMessage(this.getClass(), "ExtractIE.parentModuleName.noSpace"), domain)); @@ -571,24 +590,25 @@ class ExtractIE extends Extract { } /** - * Determine if the URL should be ignored. + * Extract the domain from the supplied URL. This method does additional + * checks to detect invalid URLs. * - * @param url The URL to test. + * @param url The URL from which to extract the domain. * - * @return True if the URL should be ignored; otherwise false. + * @return The domain. */ - private boolean isIgnoredUrl(String url) { + private String extractDomain(String url) { if (url == null || url.isEmpty()) { - return true; + return url; } if (url.toLowerCase().startsWith(RESOURCE_URL_PREFIX)) { /* * Ignore URLs that begin with the matched text. */ - return true; + return null; } - return false; + return Util.extractDomain(url); } } diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java index 6d0ae54a53..d1874d4010 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java @@ -157,10 +157,11 @@ class Firefox extends Extract { NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName.noSpace"), NbBundle.getMessage(this.getClass(), "Firefox.moduleName"))); - if (isIgnoredUrl(url) == false) { + String domain = extractDomain(url); + if (domain != null && domain.isEmpty() == false) { bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, NbBundle.getMessage(this.getClass(), - "Firefox.parentModuleName.noSpace"), Util.extractDomain(url))); //NON-NLS + "Firefox.parentModuleName.noSpace"), domain)); //NON-NLS } BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes); @@ -252,11 +253,12 @@ class Firefox extends Extract { NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName.noSpace"), NbBundle.getMessage(this.getClass(), "Firefox.moduleName"))); - if (isIgnoredUrl(url) == false) { + String domain = extractDomain(url); + if (domain != null && domain.isEmpty() == false) { bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName.noSpace"), - Util.extractDomain(url))); //NON-NLS + domain)); //NON-NLS } BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bookmarkFile, bbattributes); @@ -365,8 +367,8 @@ class Firefox extends Extract { "Firefox.parentModuleName.noSpace"), (Long.valueOf(result.get("creationTime").toString())))); //NON-NLS } - if (isIgnoredUrl(host) == false) { - String domain = Util.extractDomain(host); //NON-NLS + String domain = extractDomain(host); + if (domain != null && domain.isEmpty() == false) { domain = domain.replaceFirst("^\\.+(?!$)", ""); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, NbBundle.getMessage(this.getClass(), @@ -493,11 +495,12 @@ class Firefox extends Extract { NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName.noSpace"), NbBundle.getMessage(this.getClass(), "Firefox.moduleName"))); - if (isIgnoredUrl(source) == false) { + String domain = extractDomain(source); + if (domain != null && domain.isEmpty() == false) { bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName.noSpace"), - Util.extractDomain(source))); //NON-NLS + domain)); //NON-NLS } BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes); @@ -619,11 +622,12 @@ class Firefox extends Extract { NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName.noSpace"), NbBundle.getMessage(this.getClass(), "Firefox.moduleName"))); - if (isIgnoredUrl(url) == false) { + String domain = extractDomain(url); + if (domain != null && domain.isEmpty() == false) { bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, NbBundle.getMessage(this.getClass(), "Firefox.parentModuleName.noSpace"), - Util.extractDomain(url))); //NON-NLS + domain)); //NON-NLS } BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes); @@ -646,24 +650,25 @@ class Firefox extends Extract { } /** - * Determine if the URL should be ignored. + * Extract the domain from the supplied URL. This method does additional + * checks to detect invalid URLs. * - * @param url The URL to test. + * @param url The URL from which to extract the domain. * - * @return True if the URL should be ignored; otherwise false. + * @return The domain. */ - private boolean isIgnoredUrl(String url) { + private String extractDomain(String url) { if (url == null || url.isEmpty()) { - return true; + return url; } if (url.toLowerCase().startsWith(PLACE_URL_PREFIX)) { /* * Ignore URLs that begin with the matched text. */ - return true; + return null; } - return false; + return Util.extractDomain(url); } }