mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-14 08:56:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

improve the testing of standard vs. user-defined artifact/attribute types

Browse Source
This commit is contained in:
Samuel H. Kenyon 2014-04-28 14:57:59 -04:00
parent fa33cb2038
commit 3945144087
1 changed files with 44 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
Core/src/org/sleuthkit/autopsy/modules/externalresults/ExternalResultsUtility.java
View File

@ -40,7 +40,7 @@ import org.sleuthkit.datamodel.TskCoreException;
public class ExternalResultsUtility { public class ExternalResultsUtility {
private static final Logger logger = Logger.getLogger(ExternalResultsUtility.class.getName()); private static final Logger logger = Logger.getLogger(ExternalResultsUtility.class.getName());
static public void importResults(ExternalResultsParser parser, Content defaultDataSource) { public static void importResults(ExternalResultsParser parser, Content defaultDataSource) {
// Create temporary data object // Create temporary data object
ResultsData resultsData = parser.parse(); ResultsData resultsData = parser.parse();
@ -48,33 +48,32 @@ public class ExternalResultsUtility {
generateBlackboardItems(resultsData, defaultDataSource); generateBlackboardItems(resultsData, defaultDataSource);
} }
static private void generateBlackboardItems(ResultsData resultsData, Content defaultDataSource) { private static void generateBlackboardItems(ResultsData resultsData, Content defaultDataSource) {
for (ResultsData.ArtifactData art : resultsData.getArtifacts()) { for (ResultsData.ArtifactData art : resultsData.getArtifacts()) {
Content currContent = defaultDataSource; Content currContent = defaultDataSource;
///@todo get associated file (if any) to use as the content ///@todo get associated file (if any) to use as the content
try { try {
int bbArtTypeId; int bbArtTypeId;
BlackboardArtifact.ARTIFACT_TYPE standardArtType = null; BlackboardArtifact.ARTIFACT_TYPE stdArtType = isStandardArtifactType(art.typeStr);
try { if (stdArtType != null) {
standardArtType = BlackboardArtifact.ARTIFACT_TYPE.fromLabel(art.typeStr); bbArtTypeId = stdArtType.getTypeID();
bbArtTypeId = standardArtType.getTypeID(); } else {
} catch (IllegalArgumentException ex) {
// assume it's user defined // assume it's user defined
bbArtTypeId = Case.getCurrentCase().getSleuthkitCase().addArtifactType(art.typeStr, art.typeStr); bbArtTypeId = Case.getCurrentCase().getSleuthkitCase().addArtifactType(art.typeStr, art.typeStr);
} }
Collection<BlackboardAttribute> bbAttributes = new ArrayList<>(); Collection<BlackboardAttribute> bbAttributes = new ArrayList<>();
for (ResultsData.AttributeData attr : art.attributes) { for (ResultsData.AttributeData attr : art.attributes) {
BlackboardAttribute bbAttr = null; BlackboardAttribute bbAttr = null;
int bbAttrTypeId; int bbAttrTypeId;
try { BlackboardAttribute.ATTRIBUTE_TYPE stdAttrType = isStandardAttributeType(attr.typeStr);
BlackboardAttribute.ATTRIBUTE_TYPE bbAttrType = BlackboardAttribute.ATTRIBUTE_TYPE.fromLabel(attr.typeStr); if (stdAttrType != null) {
bbAttrTypeId = bbAttrType.getTypeID(); bbAttrTypeId = stdAttrType.getTypeID();
} catch (IllegalArgumentException ex) { } else {
// assume it's user defined // assume it's user defined
bbAttrTypeId = Case.getCurrentCase().getSleuthkitCase().addAttrType(attr.typeStr, attr.typeStr); bbAttrTypeId = Case.getCurrentCase().getSleuthkitCase().addAttrType(attr.typeStr, attr.typeStr);
} }
switch (attr.valueType) { switch (attr.valueType) {
case "text": //NON-NLS case "text": //NON-NLS
bbAttr = new BlackboardAttribute(bbAttrTypeId, attr.source, attr.context, attr.valueStr); bbAttr = new BlackboardAttribute(bbAttrTypeId, attr.source, attr.context, attr.valueStr);
@ -101,15 +100,43 @@ public class ExternalResultsUtility {
} }
BlackboardArtifact bbArt = currContent.newArtifact(bbArtTypeId); BlackboardArtifact bbArt = currContent.newArtifact(bbArtTypeId);
bbArt.addAttributes(bbAttributes); bbArt.addAttributes(bbAttributes);
if (standardArtType != null) { if (stdArtType != null) {
IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent("External Results", standardArtType)); //NON-NLS IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent("External Results", stdArtType)); //NON-NLS
} }
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
logger.log(Level.SEVERE, ex.getLocalizedMessage()); logger.log(Level.SEVERE, ex.getLocalizedMessage());
} }
} }
} }
/**
*
* @param artTypeStr
* @return valid artifact type or null if the type is not a standard TSK one
*/
private static BlackboardArtifact.ARTIFACT_TYPE isStandardArtifactType(String artTypeStr) {
BlackboardArtifact.ARTIFACT_TYPE[] stdArts = BlackboardArtifact.ARTIFACT_TYPE.values();
for (BlackboardArtifact.ARTIFACT_TYPE art : stdArts) {
if (art.getLabel().equals(artTypeStr)) {
return art;
}
}
return null;
}
/**
*
* @param attrTypeStr
* @return valid attribute type or null if the type is not a standard TSK one
*/
private static BlackboardAttribute.ATTRIBUTE_TYPE isStandardAttributeType(String attrTypeStr) {
BlackboardAttribute.ATTRIBUTE_TYPE[] stdAttrs = BlackboardAttribute.ATTRIBUTE_TYPE.values();
for (BlackboardAttribute.ATTRIBUTE_TYPE attr : stdAttrs) {
if (attr.getLabel().equals(attrTypeStr)) {
return attr;
}
}
return null;
}
} }