mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-09 06:39:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

4635 fix escaping of single quotes in findfilesWhere query for common files search

Browse Source
This commit is contained in:
William Schaefer 2019-01-30 12:17:18 -05:00
parent e4b458bb5d
commit 6207b64af3
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Core/src/org/sleuthkit/autopsy/commonpropertiessearch/CentralRepoCommonAttributeInstance.java
View File

@ -108,6 +108,7 @@ final public class CentralRepoCommonAttributeInstance extends AbstractCommonAttr
// will try using the file name, parent path and data source id. // will try using the file name, parent path and data source id.
File fileFromPath = new File(currentFullPath); File fileFromPath = new File(currentFullPath);
String fileName = fileFromPath.getName(); String fileName = fileFromPath.getName();
fileName = SleuthkitCase.escapeSingleQuotes(fileName);
// Create the parent path. Make sure not to add a separator if there is already one there. // Create the parent path. Make sure not to add a separator if there is already one there.
String parentPath = fileFromPath.getParent(); String parentPath = fileFromPath.getParent();
@ -115,6 +116,7 @@ final public class CentralRepoCommonAttributeInstance extends AbstractCommonAttr
parentPath += File.separator; parentPath += File.separator;
} }
parentPath = parentPath.replace("\\", "/"); parentPath = parentPath.replace("\\", "/");
parentPath = SleuthkitCase.escapeSingleQuotes(parentPath);
final String whereClause = String.format("lower(name) = '%s' AND lower(parent_path) = '%s' AND data_source_obj_id = %s", fileName, parentPath, dataSource.get().getId()); final String whereClause = String.format("lower(name) = '%s' AND lower(parent_path) = '%s' AND data_source_obj_id = %s", fileName, parentPath, dataSource.get().getId());
List<AbstractFile> potentialAbstractFiles = tskDb.findAllFilesWhere(whereClause); List<AbstractFile> potentialAbstractFiles = tskDb.findAllFilesWhere(whereClause);