From 42d99e31d6304ac4a51f8a72e70f3ec48bb48ef6 Mon Sep 17 00:00:00 2001 From: millmanorama Date: Mon, 19 Sep 2016 14:54:45 +0200 Subject: [PATCH] cleanup and commenting --- .../sleuthkit/autopsy/datamodel/Accounts.java | 7 +- .../sleuthkit/autopsy/report/ReportHTML.java | 6 ++ .../autopsy/report/TableReportGenerator.java | 73 +++++++++++-------- .../keywordsearch/TermComponentQuery.java | 8 +- 4 files changed, 60 insertions(+), 34 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/Accounts.java b/Core/src/org/sleuthkit/autopsy/datamodel/Accounts.java index 666b4f91cc..046534f773 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/Accounts.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/Accounts.java @@ -80,6 +80,11 @@ public class Accounts extends Observable implements AutopsyVisitableItem { @NbBundle.Messages("AccountsRootNode.name=Accounts") final public static String NAME = Bundle.AccountsRootNode_name(); + /** + * This is a secret handshake with + * org.sleuthkit.autopsy.keywordsearch.TermComponentQuery + */ + private static final String CREDIT_CARD_NUMBER_ACCOUNT_TYPE = "Credit Card Number"; /** * Range Map from a (ranges of) B/IINs to data model object with details of * the B/IIN, ie, bank name, phone, url, visa/amex/mastercard/..., @@ -771,7 +776,7 @@ public class Accounts extends Observable implements AutopsyVisitableItem { + " AND solr_attribute.attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SOLR_DOCUMENT_ID.getTypeID() //NON-NLS + " LEFT JOIN blackboard_attributes as account_type ON blackboard_artifacts.artifact_id = account_type.artifact_id " //NON-NLS + " AND account_type.attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE.getTypeID() //NON-NLS - + " AND account_type.value_text = 'credit_card'" //NON-NLS + + " AND account_type.value_text = '" + CREDIT_CARD_NUMBER_ACCOUNT_TYPE + "'" //NON-NLS + " WHERE blackboard_artifacts.artifact_type_id = " + BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT.getTypeID() //NON-NLS + getRejectedArtifactFilterClause() + " GROUP BY blackboard_artifacts.obj_id, solr_document_id " //NON-NLS diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java b/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java index 6065d72237..d04f96ff0b 100644 --- a/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java +++ b/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java @@ -265,6 +265,12 @@ class ReportHTML implements TableReportModule { break; } } else if (dataType.startsWith(ARTIFACT_TYPE.TSK_ACCOUNT.getDisplayName())) { + /* TSK_ACCOUNT artifacts get separated by their TSK_ACCOUNT_TYPE + * attribute, with a compund dataType name, so they are not caught + * by the switch statement above. For now we just give them all the + * general account icon, but we could do soemthing else in the + * future. + */ in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/account_menu.png"); //NON-NLS iconFileName = "account_menu.png"; //NON-NLS iconFilePath = path + File.separator + iconFileName; diff --git a/Core/src/org/sleuthkit/autopsy/report/TableReportGenerator.java b/Core/src/org/sleuthkit/autopsy/report/TableReportGenerator.java index f4262f9d57..7d0a41fd43 100755 --- a/Core/src/org/sleuthkit/autopsy/report/TableReportGenerator.java +++ b/Core/src/org/sleuthkit/autopsy/report/TableReportGenerator.java @@ -18,12 +18,14 @@ */ package org.sleuthkit.autopsy.report; +import com.google.common.collect.Lists; import java.sql.ResultSet; import java.sql.SQLException; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.Collections; +import java.util.Comparator; import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; @@ -121,10 +123,10 @@ class TableReportGenerator { */ private void makeBlackboardArtifactTables() { // Make a comment string describing the tag names filter in effect. - StringBuilder comment = new StringBuilder(); + String comment = ""; if (!tagNamesFilter.isEmpty()) { - comment.append(NbBundle.getMessage(this.getClass(), "ReportGenerator.artifactTable.taggedResults.text")); - comment.append(makeCommaSeparatedList(tagNamesFilter)); + comment += NbBundle.getMessage(this.getClass(), "ReportGenerator.artifactTable.taggedResults.text"); + comment += makeCommaSeparatedList(tagNamesFilter); } // Add a table to the report for every enabled blackboard artifact type. @@ -141,10 +143,10 @@ class TableReportGenerator { // Keyword hits and hashset hit artifacts get special handling. if (type.getTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) { - writeKeywordHits(tableReport, comment.toString(), tagNamesFilter); + writeKeywordHits(tableReport, comment, tagNamesFilter); continue; } else if (type.getTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) { - writeHashsetHits(tableReport, comment.toString(), tagNamesFilter); + writeHashsetHits(tableReport, comment, tagNamesFilter); continue; } @@ -154,54 +156,67 @@ class TableReportGenerator { continue; } + /* TSK_ACCOUNT artifacts get grouped by their TSK_ACCOUNT_TYPE + * attribute, and then handed off the default method for writing + * tables. */ if (type.getTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT.getTypeID()) { - Map> collect = artifactList.stream().collect(Collectors.groupingBy((ArtifactData t) -> { + Map> collect = artifactList.stream().collect(Collectors.groupingBy((ArtifactData artifactData) -> { try { - return t.getArtifact().getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE)).getValueString(); + return artifactData.getArtifact().getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE)).getValueString(); } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Unable to get value of TSK_ACCOUNT_TYPE attribute.", ex); - return ""; + logger.log(Level.SEVERE, "Unable to get value of TSK_ACCOUNT_TYPE attribute. Defaulting to \"unknown\"", ex); + return "unknown"; } })); for (Map.Entry> x : collect.entrySet()) { - writeDataType(x.getValue(), type, BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT.getDisplayName() + ": " + x.getKey(), comment); + writeTableForDataType(x.getValue(), type, BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT.getDisplayName() + ": " + x.getKey(), comment); } } else { - writeDataType(artifactList, type, type.getDisplayName(), comment); + writeTableForDataType(artifactList, type, type.getDisplayName(), comment); } } } - private void writeDataType(List artifactList, BlackboardArtifact.Type type, String dataType, StringBuilder comment) { + /** + * + * Write the given list of artifacts to the table for the given type. + * + * @param artifactList The List of artifacts to include in the table. + * @param type The Type of artifacts included in the table. All the + * artifacts in artifactList should be of this type. + * @param tableName The name of the table. + * @param comment A comment to put in the header. + */ + private void writeTableForDataType(List artifactList, BlackboardArtifact.Type type, String tableName, String comment) { /* - * Gets all of the attribute types of this artifact type by adding all - * of the types to a set + * Make a sorted set of all of the attribute types that are on any of + * the given artifacts. */ - Set attrTypeSet = new TreeSet<>((BlackboardAttribute.Type o1, BlackboardAttribute.Type o2) -> o1.getDisplayName().compareTo(o2.getDisplayName())); + Set attrTypeSet = new TreeSet<>(Comparator.comparing(BlackboardAttribute.Type::getDisplayName)); for (ArtifactData data : artifactList) { List attributes = data.getAttributes(); for (BlackboardAttribute attribute : attributes) { attrTypeSet.add(attribute.getAttributeType()); } } - // Get the columns appropriate for the artifact type. This is - // used to get the data that will be in the cells below based on - // type, and display the column headers. + /* Get the columns appropriate for the artifact type. This is used to + * get the data that will be in the cells below based on type, and + * display the column headers. + */ List columns = getArtifactTableColumns(type.getTypeID(), attrTypeSet); if (columns.isEmpty()) { return; } columnHeaderMap.put(type.getTypeID(), columns); - // The artifact list is sorted now, as getting the row data is - // dependent on having the columns, which is necessary for - // sorting. + + /* The artifact list is sorted now, as getting the row data is dependent + * on having the columns, which is necessary for sorting. + */ Collections.sort(artifactList); - List columnHeaderNames = new ArrayList<>(); - for (Column currColumn : columns) { - columnHeaderNames.add(currColumn.getColumnHeader()); - } - tableReport.startDataType(dataType, comment.toString()); - tableReport.startTable(columnHeaderNames); + + tableReport.startDataType(tableName, comment); + tableReport.startTable(Lists.transform(columns, Column::getColumnHeader)); + for (ArtifactData artifactData : artifactList) { // Get the row data for this artifact, and has the // module add it. @@ -1663,10 +1678,6 @@ class TableReportGenerator { @Override public String getCellData(ArtifactData artData) { return getFileUniquePath(artData.getContent()); - /* else if - * (this.columnHeader.equals(NbBundle.getMessage(this.getClass(), - * "ReportGenerator.artTableColHdr.tags"))) { return - * makeCommaSeparatedList(artData.getTags()); } return ""; */ } @Override diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java index a52bc7ce7f..7e855b57a1 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java @@ -55,7 +55,11 @@ final class TermComponentQuery implements KeywordSearchQuery { private static final BlackboardAttribute.Type SOLR_DOCUMENT_ID_TYPE = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_SOLR_DOCUMENT_ID); private static final BlackboardAttribute.Type ACCOUNT_NUMBER_TYPE = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_CREDIT_CARD_NUMBER); private static final BlackboardAttribute.Type ACOUNT_TYPE_TYPE = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE); - private static final String CREDIT_CARD_NUMBER = "Credit Card Number"; + + /** + * This is a secret handshake with org.sleuthkit.autopsy.datamodel.Accounts + */ + private static final String CREDIT_CARD_NUMBER_ACCOUNT_TYPE = "Credit Card Number"; //TODO: move these regex and the luhn check to a new class, something like: CreditCardNumberValidator /* @@ -190,7 +194,7 @@ final class TermComponentQuery implements KeywordSearchQuery { //if the keyword hit matched the credit card number keyword/regex... if (keyword.getType() == ATTRIBUTE_TYPE.TSK_CREDIT_CARD_NUMBER) { newArtifact = hit.getContent().newArtifact(ARTIFACT_TYPE.TSK_ACCOUNT); - newArtifact.addAttribute(new BlackboardAttribute(ACOUNT_TYPE_TYPE, MODULE_NAME, CREDIT_CARD_NUMBER)); + newArtifact.addAttribute(new BlackboardAttribute(ACOUNT_TYPE_TYPE, MODULE_NAME, CREDIT_CARD_NUMBER_ACCOUNT_TYPE)); // make account artifact //try to match it against the track 1 regex