mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 09:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Check in partial implementation of user defined file type sigs

Browse Source
This commit is contained in:
Richard Cordovano 2014-11-21 07:57:04 -05:00
parent 4658dac1c3
commit 60f33f61bb
1 changed files with 171 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

171
Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypeDetector.java Normal file
View File

@ -0,0 +1,171 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2014 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.modules.filetypeid;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.TskCoreException;
/**
* RJCTODO
*/
class UserDefinedFileTypeDetector {
private final List<SignatureMatcher> matchers;
private String detectedType;
static UserDefinedFileTypeDetector createDetector(String sigFilePath) {
UserDefinedFileTypeDetector detector = new UserDefinedFileTypeDetector();
detector.loadSignatures(sigFilePath);
return detector;
}
/**
* RJCTODO
*
* @param sigFilePath
*/
UserDefinedFileTypeDetector() {
this.matchers = new ArrayList<>();
}
/**
* RJCTODO
*/
private void loadSignatures(String sigFilePath) {
// RJCTODO: Load signature file, creating
}
/**
*
* @param file
* @return
*/
boolean detect(AbstractFile file) {
for (SignatureMatcher matcher : this.matchers) {
if (matcher.matched(file)) {
this.detectedType = matcher.getMatchType();
return true;
}
}
this.detectedType = ""; // RJCTODO: Wrap this stuff in a class
return false;
}
/**
* RJCTODO
* @return
*/
String getDetectedType() {
// RJCTODO
return "";
}
/**
*
*/
private static class SignatureMatcher {
private final List<Matcher> matchers;
private final String matchType;
/**
* RJCTODO
*
* @param matchType
*/
SignatureMatcher(String matchType) {
this.matchType = matchType;
this.matchers = new ArrayList<>();
}
/**
* RJCTODO
*
* @param file
* @return
*/
boolean matched(AbstractFile file) {
for (Matcher matcher : this.matchers) {
if (!matcher.matched(file)) {
return false;
}
}
return true;
}
/**
* RJCTODO
*
* @return
*/
String getMatchType() {
return this.matchType;
}
}
private static interface Matcher {
/**
* RJCTODO
*
* @param file
* @return
*/
boolean matched(AbstractFile file);
}
/**
* A signature matcher that looks for a sequence of bytes at a specified
* offset.
*/
private static class ByteMatcher implements Matcher {
private final long offset;
private final byte[] signature;
private final byte[] buffer;
private ByteMatcher(long offset, byte[] signature) {
this.offset = offset;
this.signature = signature;
this.buffer = new byte[signature.length];
}
/**
* @inheritDoc
*/
@Override
public boolean matched(AbstractFile file) {
try {
// RJCTODO: Confirm this logic
int bytesRead = file.read(this.buffer, offset, buffer.length);
return bytesRead == buffer.length ? Arrays.equals(this.buffer, this.signature) : false;
} catch (TskCoreException ex) {
// RJCTODO
return false;
}
}
}
}