Merge pull request #7481 from APriestman/8255_creditCardEvents

8255 Include ingest job in credit card account creation
2025-07-06 21:00:22 +00:00 · 2021-12-17 17:57:16 -05:00 · 2021-12-17 17:57:16 -05:00 · 5eb6c49667
commit 5eb6c49667
parent 87a922f2be 0cba3a6c2f
5 changed files with 32 additions and 12 deletions
--- a/Core/src/org/sleuthkit/autopsy/ingest/IngestJobExecutor.java
+++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestJobExecutor.java
@ -722,10 +722,31 @@ final class IngestJobExecutor {
     */
    void addDataArtifacts(List<DataArtifact> artifacts) {
        if (!isCancelled() && ingestModuleTiers.get(moduleTierIndex).hasDataArtifactIngestModules()) {
-            if (jobState.equals(IngestJobState.ACCEPTING_STREAMED_CONTENT_AND_ANALYZING) || jobState.equals(IngestJobState.ANALYZING)) {
-                taskScheduler.scheduleDataArtifactIngestTasks(this, artifacts);
-            } else {
-                logErrorMessage(Level.SEVERE, "Attempt to add data artifacts to job during stage " + jobState.toString() + " not supported");
+            switch (jobState) {
+                case ACCEPTING_STREAMED_CONTENT_AND_ANALYZING:
+                case ANALYZING:
+                    taskScheduler.scheduleDataArtifactIngestTasks(this, artifacts);
+                    break;
+                case PIPELINES_SHUTTING_DOWN:
+                    /*
+                    * Don't log an error if there is an attempt to add an
+                    * data artifact ingest task in a pipeline shut down
+                    * state. This is a work around for dealing with data
+                    * artifacts generated by a final keyword search carried out
+                    * during ingest module shut down by simply ignoring them.
+                    * (Currently these are credit card accounts generated by 
+                    * keyword search). Other ideas were to add 
+                    * a startShutDown() phase to the ingest module 
+                    * life cycle (complicated), or to add a flag
+                    * to keyword hit processing to suppress posting the keyword
+                    * hit analysis results / data artifacts to the blackboard during a final
+                    * search (API changes required to allow firing of the event
+                    * to make any GUI refresh).
+                    */
+                    break;
+                default:
+                    logErrorMessage(Level.SEVERE, "Attempt to add data artifacts to job during stage " + jobState.toString() + " not supported");
+                    break;
            }
        }
    }
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchQuery.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchQuery.java
@ -116,5 +116,5 @@ interface KeywordSearchQuery {
     * @return The newly created artifact or null if there was a problem
     *         creating it.
     */
-    BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName);
+    BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId);
 }
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java
@ -233,7 +233,7 @@ class LuceneQuery implements KeywordSearchQuery {
     *         creating it.
     */
    @Override
-    public BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName) {
+    public BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId) {
        final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();

        Collection<BlackboardAttribute> attributes = new ArrayList<>();
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/QueryResults.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/QueryResults.java
@ -36,7 +36,6 @@ import org.sleuthkit.autopsy.coreutils.EscapeUtil;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.autopsy.ingest.IngestMessage;
 import org.sleuthkit.autopsy.ingest.IngestServices;
-;
 import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
@ -194,7 +193,7 @@ class QueryResults {
                    /*
                     * Post an artifact for the hit to the blackboard.
                     */
-                    BlackboardArtifact artifact = query.createKeywordHitArtifact(content, keyword, hit, snippet, query.getKeywordList().getName());
+                    BlackboardArtifact artifact = query.createKeywordHitArtifact(content, keyword, hit, snippet, query.getKeywordList().getName(), ingestJobId);

                    /*
                     * Send an ingest inbox message for the hit.
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RegexQuery.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RegexQuery.java
@ -572,7 +572,7 @@ final class RegexQuery implements KeywordSearchQuery {
     *         creating it.
     */
    @Override
-    public BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName) {
+    public BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId) {
        final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();

        if (content == null) {
@ -584,7 +584,7 @@ final class RegexQuery implements KeywordSearchQuery {
         * Credit Card number hits are handled differently
         */
        if (originalKeyword.getArtifactAttributeType() == ATTRIBUTE_TYPE.TSK_CARD_NUMBER) {
-            createCCNAccount(content, foundKeyword, hit, snippet, listName);
+            createCCNAccount(content, foundKeyword, hit, snippet, listName, ingestJobId);
            return null;
        }

@ -625,7 +625,7 @@ final class RegexQuery implements KeywordSearchQuery {
        }
    }

-    private void createCCNAccount(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName) {
+    private void createCCNAccount(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId) {

        final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();

@ -720,7 +720,7 @@ final class RegexQuery implements KeywordSearchQuery {
         * Create an account instance.
         */
        try {
-            AccountFileInstance ccAccountInstance = Case.getCurrentCaseThrows().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.CREDIT_CARD, ccnAttribute.getValueString(), MODULE_NAME, content);
+            AccountFileInstance ccAccountInstance = Case.getCurrentCaseThrows().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.CREDIT_CARD, ccnAttribute.getValueString(), MODULE_NAME, content, ingestJobId);

            ccAccountInstance.addAttributes(attributes);