mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 07:56:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle '@' character better; cleanup.

Browse Source
This commit is contained in:
U-BASIS\dgrove 2018-10-12 23:55:20 -04:00
parent 2582ede1c4
commit 36b64926fa
2 changed files with 71 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -144,9 +144,11 @@ class ExtractIE extends Extract {
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"ExtractIE.parentModuleName.noSpace"), "ExtractIE.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "ExtractIE.moduleName.text"))); NbBundle.getMessage(this.getClass(), "ExtractIE.moduleName.text")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, if (domain != null && domain.isEmpty() == false) {
NbBundle.getMessage(this.getClass(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
"ExtractIE.parentModuleName.noSpace"), domain)); NbBundle.getMessage(this.getClass(),
"ExtractIE.parentModuleName.noSpace"), domain));
}
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, fav, bbattributes); BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, fav, bbattributes);
if (bbart != null) { if (bbart != null) {
@ -260,9 +262,11 @@ class ExtractIE extends Extract {
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"ExtractIE.parentModuleName.noSpace"), "ExtractIE.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "ExtractIE.moduleName.text"))); NbBundle.getMessage(this.getClass(), "ExtractIE.moduleName.text")));
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, if (domain != null && domain.isEmpty() == false) {
NbBundle.getMessage(this.getClass(), bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
"ExtractIE.parentModuleName.noSpace"), domain)); NbBundle.getMessage(this.getClass(),
"ExtractIE.parentModuleName.noSpace"), domain));
}
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes); BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes);
if (bbart != null) { if (bbart != null) {
bbartifacts.add(bbart); bbartifacts.add(bbart);
@ -474,7 +478,7 @@ class ExtractIE extends Extract {
String actime = lineBuff[3]; String actime = lineBuff[3];
Long ftime = (long) 0; Long ftime = (long) 0;
String user = null; String user = "";
String realurl = null; String realurl = null;
String domain; String domain;
@ -484,26 +488,42 @@ class ExtractIE extends Extract {
*/ */
if (lineBuff[1].contains("@")) { if (lineBuff[1].contains("@")) {
String url[] = lineBuff[1].split("@", 2); String url[] = lineBuff[1].split("@", 2);
user = url[0];
user = user.replace("Visited:", ""); //NON-NLS /*
user = user.replace(":Host:", ""); //NON-NLS * Verify the left portion of the URL is valid.
user = user.replaceAll("(:)(.*?)(:)", ""); */
user = user.trim(); domain = Util.extractDomain(url[0]);
realurl = url[1];
realurl = realurl.replace("Visited:", ""); //NON-NLS if (domain != null && domain.isEmpty() == false) {
realurl = realurl.replaceAll(":(.*?):", ""); /*
realurl = realurl.replace(":Host:", ""); //NON-NLS * Use the entire input for the URL.
realurl = realurl.trim(); */
realurl = lineBuff[1].trim();
} else {
/*
* Use the left portion of the input for the user, and the
* right portion for the host.
*/
user = url[0];
user = user.replace("Visited:", ""); //NON-NLS
user = user.replace(":Host:", ""); //NON-NLS
user = user.replaceAll("(:)(.*?)(:)", "");
user = user.trim();
realurl = url[1];
realurl = realurl.replace("Visited:", ""); //NON-NLS
realurl = realurl.replaceAll(":(.*?):", "");
realurl = realurl.replace(":Host:", ""); //NON-NLS
realurl = realurl.trim();
domain = Util.extractDomain(realurl);
}
} else { } else {
/* /*
* Use the entire input for the URL. * Use the entire input for the URL.
*/ */
user = "";
realurl = lineBuff[1].trim(); realurl = lineBuff[1].trim();
domain = Util.extractDomain(realurl);
} }
domain = Util.extractDomain(realurl);
if (!actime.isEmpty()) { if (!actime.isEmpty()) {
try { try {
Long epochtime = dateFormatter.parse(actime).getTime(); Long epochtime = dateFormatter.parse(actime).getTime();
@ -536,8 +556,7 @@ class ExtractIE extends Extract {
"ExtractIE.parentModuleName.noSpace"), "ExtractIE.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"ExtractIE.moduleName.text"))); "ExtractIE.moduleName.text")));
if (domain != null && domain.isEmpty() == false) {
if (isIgnoredUrl(lineBuff[1]) == false) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"ExtractIE.parentModuleName.noSpace"), domain)); "ExtractIE.parentModuleName.noSpace"), domain));
@ -571,24 +590,25 @@ class ExtractIE extends Extract {
} }
/** /**
* Determine if the URL should be ignored. * Extract the domain from the supplied URL. This method does additional
* checks to detect invalid URLs.
* *
* @param url The URL to test. * @param url The URL from which to extract the domain.
* *
* @return True if the URL should be ignored; otherwise false. * @return The domain.
*/ */
private boolean isIgnoredUrl(String url) { private String extractDomain(String url) {
if (url == null || url.isEmpty()) { if (url == null || url.isEmpty()) {
return true; return url;
} }
if (url.toLowerCase().startsWith(RESOURCE_URL_PREFIX)) { if (url.toLowerCase().startsWith(RESOURCE_URL_PREFIX)) {
/* /*
* Ignore URLs that begin with the matched text. * Ignore URLs that begin with the matched text.
*/ */
return true; return null;
} }
return false; return Util.extractDomain(url);
} }
} }

39
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -157,10 +157,11 @@ class Firefox extends Extract {
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "Firefox.moduleName"))); NbBundle.getMessage(this.getClass(), "Firefox.moduleName")));
if (isIgnoredUrl(url) == false) { String domain = extractDomain(url);
if (domain != null && domain.isEmpty() == false) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), Util.extractDomain(url))); //NON-NLS "Firefox.parentModuleName.noSpace"), domain)); //NON-NLS
} }
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes); BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
@ -252,11 +253,12 @@ class Firefox extends Extract {
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "Firefox.moduleName"))); NbBundle.getMessage(this.getClass(), "Firefox.moduleName")));
if (isIgnoredUrl(url) == false) { String domain = extractDomain(url);
if (domain != null && domain.isEmpty() == false) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
Util.extractDomain(url))); //NON-NLS domain)); //NON-NLS
} }
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bookmarkFile, bbattributes); BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bookmarkFile, bbattributes);
@ -365,8 +367,8 @@ class Firefox extends Extract {
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
(Long.valueOf(result.get("creationTime").toString())))); //NON-NLS (Long.valueOf(result.get("creationTime").toString())))); //NON-NLS
} }
if (isIgnoredUrl(host) == false) { String domain = extractDomain(host);
String domain = Util.extractDomain(host); //NON-NLS if (domain != null && domain.isEmpty() == false) {
domain = domain.replaceFirst("^\\.+(?!$)", ""); domain = domain.replaceFirst("^\\.+(?!$)", "");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
@ -493,11 +495,12 @@ class Firefox extends Extract {
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "Firefox.moduleName"))); NbBundle.getMessage(this.getClass(), "Firefox.moduleName")));
if (isIgnoredUrl(source) == false) { String domain = extractDomain(source);
if (domain != null && domain.isEmpty() == false) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
Util.extractDomain(source))); //NON-NLS domain)); //NON-NLS
} }
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes); BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
@ -619,11 +622,12 @@ class Firefox extends Extract {
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "Firefox.moduleName"))); NbBundle.getMessage(this.getClass(), "Firefox.moduleName")));
if (isIgnoredUrl(url) == false) { String domain = extractDomain(url);
if (domain != null && domain.isEmpty() == false) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN, bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(), NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), "Firefox.parentModuleName.noSpace"),
Util.extractDomain(url))); //NON-NLS domain)); //NON-NLS
} }
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes); BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
@ -646,24 +650,25 @@ class Firefox extends Extract {
} }
/** /**
* Determine if the URL should be ignored. * Extract the domain from the supplied URL. This method does additional
* checks to detect invalid URLs.
* *
* @param url The URL to test. * @param url The URL from which to extract the domain.
* *
* @return True if the URL should be ignored; otherwise false. * @return The domain.
*/ */
private boolean isIgnoredUrl(String url) { private String extractDomain(String url) {
if (url == null || url.isEmpty()) { if (url == null || url.isEmpty()) {
return true; return url;
} }
if (url.toLowerCase().startsWith(PLACE_URL_PREFIX)) { if (url.toLowerCase().startsWith(PLACE_URL_PREFIX)) {
/* /*
* Ignore URLs that begin with the matched text. * Ignore URLs that begin with the matched text.
*/ */
return true; return null;
} }
return false; return Util.extractDomain(url);
} }
} }