mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 07:56:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Handle '@' character better; cleanup.

Browse Source
This commit is contained in:
U-BASIS\dgrove 2018-10-12 23:55:20 -04:00
parent 2582ede1c4
commit 36b64926fa
2 changed files with 71 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
View File

@ -144,9 +144,11 @@ class ExtractIE extends Extract {
NbBundle.getMessage(this.getClass(),
"ExtractIE.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "ExtractIE.moduleName.text")));
if (domain != null && domain.isEmpty() == false) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(),
"ExtractIE.parentModuleName.noSpace"), domain));
}
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, fav, bbattributes);
if (bbart != null) {
@ -260,9 +262,11 @@ class ExtractIE extends Extract {
NbBundle.getMessage(this.getClass(),
"ExtractIE.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "ExtractIE.moduleName.text")));
if (domain != null && domain.isEmpty() == false) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(),
"ExtractIE.parentModuleName.noSpace"), domain));
}
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_COOKIE, cookiesFile, bbattributes);
if (bbart != null) {
bbartifacts.add(bbart);
@ -474,7 +478,7 @@ class ExtractIE extends Extract {
String actime = lineBuff[3];
Long ftime = (long) 0;
String user = null;
String user = "";
String realurl = null;
String domain;
@ -484,6 +488,22 @@ class ExtractIE extends Extract {
*/
if (lineBuff[1].contains("@")) {
String url[] = lineBuff[1].split("@", 2);
/*
* Verify the left portion of the URL is valid.
*/
domain = Util.extractDomain(url[0]);
if (domain != null && domain.isEmpty() == false) {
/*
* Use the entire input for the URL.
*/
realurl = lineBuff[1].trim();
} else {
/*
* Use the left portion of the input for the user, and the
* right portion for the host.
*/
user = url[0];
user = user.replace("Visited:", ""); //NON-NLS
user = user.replace(":Host:", ""); //NON-NLS
@ -494,15 +514,15 @@ class ExtractIE extends Extract {
realurl = realurl.replaceAll(":(.*?):", "");
realurl = realurl.replace(":Host:", ""); //NON-NLS
realurl = realurl.trim();
domain = Util.extractDomain(realurl);
}
} else {
/*
* Use the entire input for the URL.
*/
user = "";
realurl = lineBuff[1].trim();
}
domain = Util.extractDomain(realurl);
}
if (!actime.isEmpty()) {
try {
@ -536,8 +556,7 @@ class ExtractIE extends Extract {
"ExtractIE.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(),
"ExtractIE.moduleName.text")));
if (isIgnoredUrl(lineBuff[1]) == false) {
if (domain != null && domain.isEmpty() == false) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(),
"ExtractIE.parentModuleName.noSpace"), domain));
@ -571,24 +590,25 @@ class ExtractIE extends Extract {
}
/**
* Determine if the URL should be ignored.
* Extract the domain from the supplied URL. This method does additional
* checks to detect invalid URLs.
*
* @param url The URL to test.
* @param url The URL from which to extract the domain.
*
* @return True if the URL should be ignored; otherwise false.
* @return The domain.
*/
private boolean isIgnoredUrl(String url) {
private String extractDomain(String url) {
if (url == null || url.isEmpty()) {
return true;
return url;
}
if (url.toLowerCase().startsWith(RESOURCE_URL_PREFIX)) {
/*
* Ignore URLs that begin with the matched text.
*/
return true;
return null;
}
return false;
return Util.extractDomain(url);
}
}

39
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
View File

@ -157,10 +157,11 @@ class Firefox extends Extract {
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "Firefox.moduleName")));
if (isIgnoredUrl(url) == false) {
String domain = extractDomain(url);
if (domain != null && domain.isEmpty() == false) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"), Util.extractDomain(url))); //NON-NLS
"Firefox.parentModuleName.noSpace"), domain)); //NON-NLS
}
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_HISTORY, historyFile, bbattributes);
@ -252,11 +253,12 @@ class Firefox extends Extract {
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "Firefox.moduleName")));
if (isIgnoredUrl(url) == false) {
String domain = extractDomain(url);
if (domain != null && domain.isEmpty() == false) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
Util.extractDomain(url))); //NON-NLS
domain)); //NON-NLS
}
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_BOOKMARK, bookmarkFile, bbattributes);
@ -365,8 +367,8 @@ class Firefox extends Extract {
"Firefox.parentModuleName.noSpace"),
(Long.valueOf(result.get("creationTime").toString())))); //NON-NLS
}
if (isIgnoredUrl(host) == false) {
String domain = Util.extractDomain(host); //NON-NLS
String domain = extractDomain(host);
if (domain != null && domain.isEmpty() == false) {
domain = domain.replaceFirst("^\\.+(?!$)", "");
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(),
@ -493,11 +495,12 @@ class Firefox extends Extract {
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "Firefox.moduleName")));
if (isIgnoredUrl(source) == false) {
String domain = extractDomain(source);
if (domain != null && domain.isEmpty() == false) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
Util.extractDomain(source))); //NON-NLS
domain)); //NON-NLS
}
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
@ -619,11 +622,12 @@ class Firefox extends Extract {
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
NbBundle.getMessage(this.getClass(), "Firefox.moduleName")));
if (isIgnoredUrl(url) == false) {
String domain = extractDomain(url);
if (domain != null && domain.isEmpty() == false) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DOMAIN,
NbBundle.getMessage(this.getClass(),
"Firefox.parentModuleName.noSpace"),
Util.extractDomain(url))); //NON-NLS
domain)); //NON-NLS
}
BlackboardArtifact bbart = this.addArtifact(ARTIFACT_TYPE.TSK_WEB_DOWNLOAD, downloadsFile, bbattributes);
@ -646,24 +650,25 @@ class Firefox extends Extract {
}
/**
* Determine if the URL should be ignored.
* Extract the domain from the supplied URL. This method does additional
* checks to detect invalid URLs.
*
* @param url The URL to test.
* @param url The URL from which to extract the domain.
*
* @return True if the URL should be ignored; otherwise false.
* @return The domain.
*/
private boolean isIgnoredUrl(String url) {
private String extractDomain(String url) {
if (url == null || url.isEmpty()) {
return true;
return url;
}
if (url.toLowerCase().startsWith(PLACE_URL_PREFIX)) {
/*
* Ignore URLs that begin with the matched text.
*/
return true;
return null;
}
return false;
return Util.extractDomain(url);
}
}