mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7481 from APriestman/8255_creditCardEvents

Browse Source 
8255 Include ingest job in credit card account creation
This commit is contained in:
Ann Priestman 2021-12-17 17:57:16 -05:00 committed by GitHub
commit 5eb6c49667
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 32 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Core/src/org/sleuthkit/autopsy/ingest/IngestJobExecutor.java
View File

@ -722,10 +722,31 @@ final class IngestJobExecutor {
*/
void addDataArtifacts(List<DataArtifact> artifacts) {
if (!isCancelled() && ingestModuleTiers.get(moduleTierIndex).hasDataArtifactIngestModules()) {
if (jobState.equals(IngestJobState.ACCEPTING_STREAMED_CONTENT_AND_ANALYZING) || jobState.equals(IngestJobState.ANALYZING)) {
switch (jobState) {
case ACCEPTING_STREAMED_CONTENT_AND_ANALYZING:
case ANALYZING:
taskScheduler.scheduleDataArtifactIngestTasks(this, artifacts);
} else {
break;
case PIPELINES_SHUTTING_DOWN:
/*
* Don't log an error if there is an attempt to add an
* data artifact ingest task in a pipeline shut down
* state. This is a work around for dealing with data
* artifacts generated by a final keyword search carried out
* during ingest module shut down by simply ignoring them.
* (Currently these are credit card accounts generated by
* keyword search). Other ideas were to add
* a startShutDown() phase to the ingest module
* life cycle (complicated), or to add a flag
* to keyword hit processing to suppress posting the keyword
* hit analysis results / data artifacts to the blackboard during a final
* search (API changes required to allow firing of the event
* to make any GUI refresh).
*/
break;
default:
logErrorMessage(Level.SEVERE, "Attempt to add data artifacts to job during stage " + jobState.toString() + " not supported");
break;
}
}
}

2
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchQuery.java
View File

@ -116,5 +116,5 @@ interface KeywordSearchQuery {
* @return The newly created artifact or null if there was a problem
* creating it.
*/
BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName);
BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId);
}

2
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java
View File

@ -233,7 +233,7 @@ class LuceneQuery implements KeywordSearchQuery {
* creating it.
*/
@Override
public BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName) {
public BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId) {
final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();
Collection<BlackboardAttribute> attributes = new ArrayList<>();

3
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/QueryResults.java
View File

@ -36,7 +36,6 @@ import org.sleuthkit.autopsy.coreutils.EscapeUtil;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.ingest.IngestMessage;
import org.sleuthkit.autopsy.ingest.IngestServices;
;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Blackboard;
import org.sleuthkit.datamodel.BlackboardArtifact;
@ -194,7 +193,7 @@ class QueryResults {
/*
* Post an artifact for the hit to the blackboard.
*/
BlackboardArtifact artifact = query.createKeywordHitArtifact(content, keyword, hit, snippet, query.getKeywordList().getName());
BlackboardArtifact artifact = query.createKeywordHitArtifact(content, keyword, hit, snippet, query.getKeywordList().getName(), ingestJobId);
/*
* Send an ingest inbox message for the hit.

8
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RegexQuery.java
View File

@ -572,7 +572,7 @@ final class RegexQuery implements KeywordSearchQuery {
* creating it.
*/
@Override
public BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName) {
public BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId) {
final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();
if (content == null) {
@ -584,7 +584,7 @@ final class RegexQuery implements KeywordSearchQuery {
* Credit Card number hits are handled differently
*/
if (originalKeyword.getArtifactAttributeType() == ATTRIBUTE_TYPE.TSK_CARD_NUMBER) {
createCCNAccount(content, foundKeyword, hit, snippet, listName);
createCCNAccount(content, foundKeyword, hit, snippet, listName, ingestJobId);
return null;
}
@ -625,7 +625,7 @@ final class RegexQuery implements KeywordSearchQuery {
}
}
private void createCCNAccount(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName) {
private void createCCNAccount(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId) {
final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();
@ -720,7 +720,7 @@ final class RegexQuery implements KeywordSearchQuery {
* Create an account instance.
*/
try {
AccountFileInstance ccAccountInstance = Case.getCurrentCaseThrows().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.CREDIT_CARD, ccnAttribute.getValueString(), MODULE_NAME, content);
AccountFileInstance ccAccountInstance = Case.getCurrentCaseThrows().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.CREDIT_CARD, ccnAttribute.getValueString(), MODULE_NAME, content, ingestJobId);
ccAccountInstance.addAttributes(attributes);