check number of segments first

2025-07-06 21:00:22 +00:00 · 2019-03-22 10:29:18 -04:00 · 2019-03-22 10:29:18 -04:00 · 4f1248cc87
commit 4f1248cc87
parent b8c02c6cd3
1 changed files with 19 additions and 20 deletions
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ChromeCacheExtractor.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ChromeCacheExtractor.java
@ -377,25 +377,16 @@ final class ChromeCacheExtractor {
        
        // Get the cache entry and its data segments
        CacheEntry cacheEntry = new CacheEntry(cacheEntryAddress, cacheEntryFile.get() );
+        
        List<CacheData> dataEntries = cacheEntry.getData();
-
-        BlackboardAttribute urlAttr = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
-                                                    moduleName,
-                                                    ((cacheEntry.getKey() != null) ? cacheEntry.getKey() : ""));
-        
-        BlackboardAttribute createTimeAttr = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
-                                                    moduleName,
-                                                    cacheEntry.getCreationTime());
-        
-        BlackboardAttribute hhtpHeaderAttr = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_HEADERS,
-                                                    moduleName,
-                                                    cacheEntry.getHTTPHeaders());
-         
-        
        // Only process the first payload data segment in each entry
        //  first data segement has the HTTP headers, 2nd is the payload
+        if (dataEntries.size() < 2) {
+            return derivedFiles;
+        }
        CacheData dataSegment = dataEntries.get(1);

+
        // name of the file that was downloaded and cached (or data_X if it was saved into there)
        String cachedFileName = dataSegment.getAddress().getFilename();
        Optional<AbstractFile> cachedFileAbstractFile = this.findCacheFile(cachedFileName, cachePath);
@ -404,13 +395,22 @@ final class ChromeCacheExtractor {
            return derivedFiles;
        }        
        
-        
-        
        boolean isBrotliCompressed = false;
        if (dataSegment.getType() != CacheDataTypeEnum.HTTP_HEADER && cacheEntry.isBrotliCompressed() ) {
            isBrotliCompressed = true;
        }

+        // setup some attributes for later use
+        BlackboardAttribute urlAttr = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL,
+                                                    moduleName,
+                                                    ((cacheEntry.getKey() != null) ? cacheEntry.getKey() : ""));
+        BlackboardAttribute createTimeAttr = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED,
+                                                    moduleName,
+                                                    cacheEntry.getCreationTime());
+        BlackboardAttribute httpHeaderAttr = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_HEADERS,
+                                                    moduleName,
+                                                    cacheEntry.getHTTPHeaders());
+        
        Collection<BlackboardAttribute> sourceArtifactAttributes = new ArrayList<>();
        sourceArtifactAttributes.add(urlAttr);
        sourceArtifactAttributes.add(createTimeAttr);
@ -418,8 +418,7 @@ final class ChromeCacheExtractor {
        Collection<BlackboardAttribute> webCacheAttributes = new ArrayList<>();
        webCacheAttributes.add(urlAttr);
        webCacheAttributes.add(createTimeAttr);
-        webCacheAttributes.add(hhtpHeaderAttr);
-
+        webCacheAttributes.add(httpHeaderAttr);

        
        // add artifacts to the f_XXX file