mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7481 from APriestman/8255_creditCardEvents

Browse Source 
8255 Include ingest job in credit card account creation
This commit is contained in:
Ann Priestman 2021-12-17 17:57:16 -05:00 committed by GitHub
commit 5eb6c49667
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 32 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
Core/src/org/sleuthkit/autopsy/ingest/IngestJobExecutor.java
View File

@ -722,10 +722,31 @@ final class IngestJobExecutor {
*/ */
void addDataArtifacts(List<DataArtifact> artifacts) { void addDataArtifacts(List<DataArtifact> artifacts) {
if (!isCancelled() && ingestModuleTiers.get(moduleTierIndex).hasDataArtifactIngestModules()) { if (!isCancelled() && ingestModuleTiers.get(moduleTierIndex).hasDataArtifactIngestModules()) {
if (jobState.equals(IngestJobState.ACCEPTING_STREAMED_CONTENT_AND_ANALYZING) || jobState.equals(IngestJobState.ANALYZING)) { switch (jobState) {
taskScheduler.scheduleDataArtifactIngestTasks(this, artifacts); case ACCEPTING_STREAMED_CONTENT_AND_ANALYZING:
} else { case ANALYZING:
logErrorMessage(Level.SEVERE, "Attempt to add data artifacts to job during stage " + jobState.toString() + " not supported"); taskScheduler.scheduleDataArtifactIngestTasks(this, artifacts);
break;
case PIPELINES_SHUTTING_DOWN:
/*
* Don't log an error if there is an attempt to add an
* data artifact ingest task in a pipeline shut down
* state. This is a work around for dealing with data
* artifacts generated by a final keyword search carried out
* during ingest module shut down by simply ignoring them.
* (Currently these are credit card accounts generated by
* keyword search). Other ideas were to add
* a startShutDown() phase to the ingest module
* life cycle (complicated), or to add a flag
* to keyword hit processing to suppress posting the keyword
* hit analysis results / data artifacts to the blackboard during a final
* search (API changes required to allow firing of the event
* to make any GUI refresh).
*/
break;
default:
logErrorMessage(Level.SEVERE, "Attempt to add data artifacts to job during stage " + jobState.toString() + " not supported");
break;
} }
} }
} }

2
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchQuery.java
View File

@ -116,5 +116,5 @@ interface KeywordSearchQuery {
* @return The newly created artifact or null if there was a problem * @return The newly created artifact or null if there was a problem
* creating it. * creating it.
*/ */
BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName); BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId);
} }

2
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java
View File

@ -233,7 +233,7 @@ class LuceneQuery implements KeywordSearchQuery {
* creating it. * creating it.
*/ */
@Override @Override
public BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName) { public BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId) {
final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName(); final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();
Collection<BlackboardAttribute> attributes = new ArrayList<>(); Collection<BlackboardAttribute> attributes = new ArrayList<>();

3
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/QueryResults.java
View File

@ -36,7 +36,6 @@ import org.sleuthkit.autopsy.coreutils.EscapeUtil;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.ingest.IngestServices;
;
import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.Blackboard;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
@ -194,7 +193,7 @@ class QueryResults {
/* /*
* Post an artifact for the hit to the blackboard. * Post an artifact for the hit to the blackboard.
*/ */
BlackboardArtifact artifact = query.createKeywordHitArtifact(content, keyword, hit, snippet, query.getKeywordList().getName()); BlackboardArtifact artifact = query.createKeywordHitArtifact(content, keyword, hit, snippet, query.getKeywordList().getName(), ingestJobId);
/* /*
* Send an ingest inbox message for the hit. * Send an ingest inbox message for the hit.

8
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RegexQuery.java
View File

@ -572,7 +572,7 @@ final class RegexQuery implements KeywordSearchQuery {
* creating it. * creating it.
*/ */
@Override @Override
public BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName) { public BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId) {
final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName(); final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();
if (content == null) { if (content == null) {
@ -584,7 +584,7 @@ final class RegexQuery implements KeywordSearchQuery {
* Credit Card number hits are handled differently * Credit Card number hits are handled differently
*/ */
if (originalKeyword.getArtifactAttributeType() == ATTRIBUTE_TYPE.TSK_CARD_NUMBER) { if (originalKeyword.getArtifactAttributeType() == ATTRIBUTE_TYPE.TSK_CARD_NUMBER) {
createCCNAccount(content, foundKeyword, hit, snippet, listName); createCCNAccount(content, foundKeyword, hit, snippet, listName, ingestJobId);
return null; return null;
} }
@ -625,7 +625,7 @@ final class RegexQuery implements KeywordSearchQuery {
} }
} }
private void createCCNAccount(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName) { private void createCCNAccount(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId) {
final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName(); final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();
@ -720,7 +720,7 @@ final class RegexQuery implements KeywordSearchQuery {
* Create an account instance. * Create an account instance.
*/ */
try { try {
AccountFileInstance ccAccountInstance = Case.getCurrentCaseThrows().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.CREDIT_CARD, ccnAttribute.getValueString(), MODULE_NAME, content); AccountFileInstance ccAccountInstance = Case.getCurrentCaseThrows().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.CREDIT_CARD, ccnAttribute.getValueString(), MODULE_NAME, content, ingestJobId);
ccAccountInstance.addAttributes(attributes); ccAccountInstance.addAttributes(attributes);