mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-12 16:06:15 +00:00
Merge pull request #5439 from markmckinnon/5679-Allow-Plaso-to-more-silently-fail-for-non-images
5679-Allow-Plaso-to-more-silently-fail-for-non-images
This commit is contained in:
Richard Cordovano
GitHub
commit
5f58ac294b
@ -103,8 +103,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
|
||||
|
||||
@NbBundle.Messages({
|
||||
"PlasoIngestModule.executable.not.found=Plaso Executable Not Found.",
|
||||
"PlasoIngestModule.requires.windows=Plaso module requires windows.",
|
||||
"PlasoIngestModule.dataSource.not.an.image=Datasource is not an Image."})
|
||||
"PlasoIngestModule.requires.windows=Plaso module requires windows."})
|
||||
@Override
|
||||
public void startUp(IngestJobContext context) throws IngestModuleException {
|
||||
this.context = context;
|
||||
@ -121,11 +120,6 @@ public class PlasoIngestModule implements DataSourceIngestModule {
|
||||
throw new IngestModuleException(Bundle.PlasoIngestModule_executable_not_found(), exception);
|
||||
}
|
||||
|
||||
Content dataSource = context.getDataSource();
|
||||
if (!(dataSource instanceof Image)) {
|
||||
throw new IngestModuleException(Bundle.PlasoIngestModule_dataSource_not_an_image());
|
||||
}
|
||||
image = (Image) dataSource;
|
||||
}
|
||||
|
||||
@NbBundle.Messages({
|
||||
@ -138,11 +132,20 @@ public class PlasoIngestModule implements DataSourceIngestModule {
|
||||
"PlasoIngestModule.psort.cancelled=psort run was canceled",
|
||||
"PlasoIngestModule.bad.imageFile=Cannot find image file name and path",
|
||||
"PlasoIngestModule.completed=Plaso Processing Completed",
|
||||
"PlasoIngestModule.has.run=Plaso Plugin has been run.",
|
||||
"PlasoIngestModule.psort.fail=Plaso returned an error when sorting events. Results are not complete."})
|
||||
"PlasoIngestModule.has.run=Plaso",
|
||||
"PlasoIngestModule.psort.fail=Plaso returned an error when sorting events. Results are not complete.",
|
||||
"PlasoIngestModule.dataSource.not.an.image=Skipping non-disk image datasource"})
|
||||
@Override
|
||||
public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
|
||||
assert dataSource.equals(image);
|
||||
|
||||
if (!(dataSource instanceof Image)) {
|
||||
IngestMessage message = IngestMessage.createMessage(IngestMessage.MessageType.DATA,
|
||||
Bundle.PlasoIngestModule_has_run(),
|
||||
Bundle.PlasoIngestModule_dataSource_not_an_image());
|
||||
IngestServices.getInstance().postMessage(message);
|
||||
return ProcessResult.OK;
|
||||
} else {
|
||||
image = (Image) dataSource;
|
||||
|
||||
statusHelper.switchToDeterminate(100);
|
||||
currentCase = Case.getCurrentCase();
|
||||
@ -213,6 +216,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
|
||||
IngestServices.getInstance().postMessage(message);
|
||||
return ProcessResult.OK;
|
||||
}
|
||||
}
|
||||
|
||||
private ProcessBuilder buildLog2TimeLineCommand(Path moduleOutputPath, Image image) {
|
||||
//make a csv list of disabled parsers.
|
||||
@ -240,8 +244,10 @@ public class PlasoIngestModule implements DataSourceIngestModule {
|
||||
|
||||
static private ProcessBuilder buildProcessWithRunAsInvoker(String... commandLine) {
|
||||
ProcessBuilder processBuilder = new ProcessBuilder(commandLine);
|
||||
/* Add an environment variable to force log2timeline/psort to run with
|
||||
* the same permissions Autopsy uses. */
|
||||
/*
|
||||
* Add an environment variable to force log2timeline/psort to run with
|
||||
* the same permissions Autopsy uses.
|
||||
*/
|
||||
processBuilder.environment().put("__COMPAT_LAYER", "RunAsInvoker"); //NON-NLS
|
||||
return processBuilder;
|
||||
}
|
||||
@ -277,8 +283,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
|
||||
"PlasoIngestModule.create.artifacts.cancelled=Cancelled Plaso Artifact Creation ",
|
||||
"# {0} - file that events are from",
|
||||
"PlasoIngestModule.artifact.progress=Adding events to case: {0}",
|
||||
"PlasoIngestModule.info.empty.database=Plaso database was empty.",
|
||||
})
|
||||
"PlasoIngestModule.info.empty.database=Plaso database was empty.",})
|
||||
private void createPlasoArtifacts(String plasoDb, DataSourceIngestModuleProgress statusHelper) {
|
||||
Blackboard blackboard = currentCase.getSleuthkitCase().getBlackboard();
|
||||
|
||||
@ -320,7 +325,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
|
||||
|
||||
// If the description is empty use the event type display name
|
||||
// as the description.
|
||||
if ( description == null || description.isEmpty() ) {
|
||||
if (description == null || description.isEmpty()) {
|
||||
if (eventType != TimelineEventType.OTHER) {
|
||||
description = eventType.getDisplayName();
|
||||
} else {
|
||||
@ -343,9 +348,11 @@ public class PlasoIngestModule implements DataSourceIngestModule {
|
||||
BlackboardArtifact bbart = resolvedFile.newArtifact(TSK_TL_EVENT);
|
||||
bbart.addAttributes(bbattributes);
|
||||
try {
|
||||
/* Post the artifact which will index the artifact for
|
||||
/*
|
||||
* Post the artifact which will index the artifact for
|
||||
* keyword search, and fire an event to notify UI of
|
||||
* this new artifact */
|
||||
* this new artifact
|
||||
*/
|
||||
blackboard.postArtifact(bbart, MODULE_NAME);
|
||||
} catch (BlackboardException ex) {
|
||||
logger.log(Level.SEVERE, "Error Posting Artifact.", ex);//NON-NLS
|
||||
@ -356,7 +363,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
|
||||
}
|
||||
|
||||
// Check if there is data the db
|
||||
if( !dbHasData ) {
|
||||
if (!dbHasData) {
|
||||
logger.log(Level.INFO, String.format("PlasoDB was empty: %s", plasoDb));
|
||||
MessageNotifyUtil.Notify.info(MODULE_NAME, Bundle.PlasoIngestModule_info_empty_database());
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user