mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-06 21:00:22 +00:00
Fixes to support expanded KeywordHitSearchParam
This commit is contained in:
Eugene Livis
parent
ded8901af0
commit
62be745314
@ -62,6 +62,7 @@ import org.sleuthkit.autopsy.datamodel.Artifacts.UpdatableCountTypeNode;
|
||||
import org.sleuthkit.autopsy.mainui.datamodel.KeywordHitSearchParam;
|
||||
import org.sleuthkit.autopsy.corecomponents.SelectionResponder;
|
||||
import org.sleuthkit.datamodel.AnalysisResult;
|
||||
import org.sleuthkit.datamodel.TskData;
|
||||
|
||||
/**
|
||||
* Keyword hits node support
|
||||
@ -304,12 +305,9 @@ public class KeywordHits implements AutopsyVisitableItem {
|
||||
// get or create list entry
|
||||
Map<String, Map<String, Set<Long>>> listMap = listsMap.computeIfAbsent(listName, ln -> new LinkedHashMap<>());
|
||||
|
||||
if ("1".equals(kwType) || reg == null) { //literal, substring or exact
|
||||
if (Integer.parseInt(kwType) == TskData.KeywordSearchQueryType.SUBSTRING.getType() || reg == null) { //literal, substring or exact
|
||||
/*
|
||||
* Substring, treated same as exact match. "1" is
|
||||
* the ordinal value for substring as defined in
|
||||
* KeywordSearch.java. The original term should be
|
||||
* stored in reg
|
||||
* Substring, treated same as exact match.
|
||||
*/
|
||||
word = (reg != null) ? reg : word; //use original term if it there.
|
||||
addNonRegExpMatchToList(listMap, word, id);
|
||||
@ -317,12 +315,9 @@ public class KeywordHits implements AutopsyVisitableItem {
|
||||
addRegExpToList(listMap, reg, word, id);
|
||||
}
|
||||
} else {//single term
|
||||
if ("1".equals(kwType) || reg == null) { //literal, substring or exact
|
||||
if (Integer.parseInt(kwType) == TskData.KeywordSearchQueryType.SUBSTRING.getType() || reg == null) { //literal, substring or exact
|
||||
/*
|
||||
* Substring, treated same as exact match. "1" is
|
||||
* the ordinal value for substring as defined in
|
||||
* KeywordSearch.java. The original term should be
|
||||
* stored in reg
|
||||
* Substring, treated same as exact match.
|
||||
*/
|
||||
word = (reg != null) ? reg : word; //use original term if it there.
|
||||
addNonRegExpMatchToList(literalMap, word, id);
|
||||
@ -813,7 +808,7 @@ public class KeywordHits implements AutopsyVisitableItem {
|
||||
public void respondSelection(DataResultTopComponent dataResultPanel) {
|
||||
dataResultPanel.displayKeywordHits(new KeywordHitSearchParam(
|
||||
filteringDSObjId > 0 ? filteringDSObjId : null,
|
||||
setName, keyword, instance));
|
||||
setName, keyword, instance, TskData.KeywordSearchQueryType.REGEX));
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -576,7 +576,7 @@ public class AnalysisResultDAO extends BlackboardArtifactDAO {
|
||||
|
||||
items.add(new TreeItemDTO<>(
|
||||
"KEYWORD_SEARCH_TERMS",
|
||||
new KeywordSearchTermParams(setName, searchTerm, searchType, hasChildren, dataSourceId),
|
||||
new KeywordSearchTermParams(setName, searchTerm, TskData.KeywordSearchQueryType.valueOf(searchType), hasChildren, dataSourceId),
|
||||
searchTermModified,
|
||||
searchTermModified,
|
||||
count
|
||||
@ -608,7 +608,7 @@ public class AnalysisResultDAO extends BlackboardArtifactDAO {
|
||||
* @throws IllegalArgumentException
|
||||
* @throws ExecutionException
|
||||
*/
|
||||
public TreeResultsDTO<? extends KeywordMatchParams> getKeywordMatchCounts(String setName, String regexStr, int searchType, Long dataSourceId) throws IllegalArgumentException, ExecutionException {
|
||||
public TreeResultsDTO<? extends KeywordMatchParams> getKeywordMatchCounts(String setName, String regexStr, TskData.KeywordSearchQueryType searchType, Long dataSourceId) throws IllegalArgumentException, ExecutionException {
|
||||
if (dataSourceId != null && dataSourceId <= 0) {
|
||||
throw new IllegalArgumentException("Expected data source id to be > 0");
|
||||
}
|
||||
@ -655,7 +655,7 @@ public class AnalysisResultDAO extends BlackboardArtifactDAO {
|
||||
}
|
||||
|
||||
preparedStatement.setString(++paramIdx, regexStr);
|
||||
preparedStatement.setInt(++paramIdx, searchType);
|
||||
preparedStatement.setInt(++paramIdx, searchType.ordinal());
|
||||
|
||||
List<TreeItemDTO<KeywordMatchParams>> items = new ArrayList<>();
|
||||
getCase().getCaseDbAccessManager().select(preparedStatement, (resultSet) -> {
|
||||
|
||||
@ -20,6 +20,7 @@ package org.sleuthkit.autopsy.mainui.datamodel;
|
||||
|
||||
import java.util.Objects;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.TskData;
|
||||
|
||||
/**
|
||||
* Key for keyword hits in order to retrieve data from DAO.
|
||||
@ -28,11 +29,13 @@ public class KeywordHitSearchParam extends AnalysisResultSetSearchParam {
|
||||
|
||||
private final String keyword;
|
||||
private final String regex;
|
||||
private final TskData.KeywordSearchQueryType searchType;
|
||||
|
||||
public KeywordHitSearchParam(Long dataSourceId, String setName, String keyword, String regex) {
|
||||
public KeywordHitSearchParam(Long dataSourceId, String setName, String keyword, String regex, TskData.KeywordSearchQueryType searchType) {
|
||||
super(BlackboardArtifact.Type.TSK_KEYWORD_HIT, dataSourceId, setName);
|
||||
this.keyword = keyword;
|
||||
this.regex = regex;
|
||||
this.searchType = searchType;
|
||||
}
|
||||
|
||||
public String getRegex() {
|
||||
@ -42,12 +45,17 @@ public class KeywordHitSearchParam extends AnalysisResultSetSearchParam {
|
||||
public String getKeyword() {
|
||||
return keyword;
|
||||
}
|
||||
|
||||
public TskData.KeywordSearchQueryType getSearchType() {
|
||||
return searchType;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int hashCode() {
|
||||
int hash = 3;
|
||||
hash = 29 * hash + Objects.hashCode(this.keyword);
|
||||
hash = 29 * hash + Objects.hashCode(this.regex);
|
||||
hash = 29 * hash + Objects.hashCode(this.searchType);
|
||||
hash = 29 * hash + super.hashCode();
|
||||
return hash;
|
||||
}
|
||||
@ -70,6 +78,9 @@ public class KeywordHitSearchParam extends AnalysisResultSetSearchParam {
|
||||
if (!Objects.equals(this.regex, other.regex)) {
|
||||
return false;
|
||||
}
|
||||
if (this.searchType != other.searchType) {
|
||||
return false;
|
||||
}
|
||||
return super.equals(obj);
|
||||
}
|
||||
|
||||
|
||||
@ -18,6 +18,8 @@
|
||||
*/
|
||||
package org.sleuthkit.autopsy.mainui.datamodel;
|
||||
|
||||
import org.sleuthkit.datamodel.TskData;
|
||||
|
||||
/**
|
||||
* Parameters for a keyword match found in files.
|
||||
*/
|
||||
@ -27,7 +29,7 @@ public class KeywordMatchParams {
|
||||
private final String searchTerm;
|
||||
private final String keywordMatch;
|
||||
private final Long dataSourceId;
|
||||
private final int searchType;
|
||||
private final TskData.KeywordSearchQueryType searchType;
|
||||
|
||||
/**
|
||||
* Main constructor.
|
||||
@ -38,7 +40,7 @@ public class KeywordMatchParams {
|
||||
* @param searchType The keyword search type.
|
||||
* @param dataSourceId The data source id or null.
|
||||
*/
|
||||
public KeywordMatchParams(String setName, String searchTerm, String keywordMatch, int searchType, Long dataSourceId) {
|
||||
public KeywordMatchParams(String setName, String searchTerm, String keywordMatch, TskData.KeywordSearchQueryType searchType, Long dataSourceId) {
|
||||
this.setName = setName;
|
||||
this.searchTerm = searchTerm;
|
||||
this.keywordMatch = keywordMatch;
|
||||
@ -77,7 +79,7 @@ public class KeywordMatchParams {
|
||||
/**
|
||||
* @return The type of keyword search performed.
|
||||
*/
|
||||
public int getSearchType() {
|
||||
public TskData.KeywordSearchQueryType getSearchType() {
|
||||
return searchType;
|
||||
}
|
||||
}
|
||||
|
||||
@ -18,6 +18,8 @@
|
||||
*/
|
||||
package org.sleuthkit.autopsy.mainui.datamodel;
|
||||
|
||||
import org.sleuthkit.datamodel.TskData;
|
||||
|
||||
/**
|
||||
* Parameters for a keyword search term.
|
||||
*/
|
||||
@ -27,7 +29,7 @@ public class KeywordSearchTermParams {
|
||||
private final String searchTerm;
|
||||
private final boolean hasChildren;
|
||||
private final Long dataSourceId;
|
||||
private final int searchType;
|
||||
private final TskData.KeywordSearchQueryType searchType;
|
||||
|
||||
/**
|
||||
* Main constructor.
|
||||
@ -40,7 +42,7 @@ public class KeywordSearchTermParams {
|
||||
* into different urls).
|
||||
* @param dataSourceId The data source id or null.
|
||||
*/
|
||||
public KeywordSearchTermParams(String setName, String searchTerm, int searchType, boolean hasChildren, Long dataSourceId) {
|
||||
public KeywordSearchTermParams(String setName, String searchTerm, TskData.KeywordSearchQueryType searchType, boolean hasChildren, Long dataSourceId) {
|
||||
this.setName = setName;
|
||||
this.searchTerm = searchTerm;
|
||||
this.searchType = searchType;
|
||||
@ -80,7 +82,7 @@ public class KeywordSearchTermParams {
|
||||
/**
|
||||
* @return The keyword search type value.
|
||||
*/
|
||||
public int getSearchType() {
|
||||
public TskData.KeywordSearchQueryType getSearchType() {
|
||||
return searchType;
|
||||
}
|
||||
}
|
||||
|
||||
@ -363,7 +363,8 @@ public class AnalysisResultTypeFactory extends TreeChildFactory<AnalysisResultSe
|
||||
searchParams.getDataSourceId(),
|
||||
searchParams.getSetName(),
|
||||
null, // ELTODO this should be set for exact match (searchParams.searchtype == 0) instead of regex
|
||||
searchParams.getSearchTerm()));
|
||||
searchParams.getSearchTerm(),
|
||||
searchParams.getSearchType()));
|
||||
} else {
|
||||
super.respondSelection(dataResultPanel);
|
||||
}
|
||||
@ -434,7 +435,8 @@ public class AnalysisResultTypeFactory extends TreeChildFactory<AnalysisResultSe
|
||||
searchParams.getDataSourceId(),
|
||||
searchParams.getSetName(),
|
||||
searchParams.getKeywordMatch(),
|
||||
searchParams.getSearchTerm()));
|
||||
searchParams.getSearchTerm(),
|
||||
searchParams.getSearchType()));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -367,6 +367,7 @@ public class TableSearchTest extends NbTestCase {
|
||||
attrs.clear();
|
||||
attrs.add(new BlackboardAttribute(BlackboardAttribute.Type.TSK_SET_NAME, MODULE_NAME, KEYWORD_SET_1));
|
||||
attrs.add(new BlackboardAttribute(BlackboardAttribute.Type.TSK_KEYWORD, MODULE_NAME, "keyword1"));
|
||||
attrs.add(new BlackboardAttribute(BlackboardAttribute.Type.TSK_KEYWORD_SEARCH_TYPE, MODULE_NAME, TskData.KeywordSearchQueryType.LITERAL.getType()));
|
||||
fileA1.newAnalysisResult(
|
||||
BlackboardArtifact.Type.TSK_KEYWORD_HIT, Score.SCORE_NOTABLE,
|
||||
null, KEYWORD_SET_1, null, attrs);
|
||||
@ -374,6 +375,7 @@ public class TableSearchTest extends NbTestCase {
|
||||
attrs.clear();
|
||||
attrs.add(new BlackboardAttribute(BlackboardAttribute.Type.TSK_SET_NAME, MODULE_NAME, KEYWORD_SET_2));
|
||||
attrs.add(new BlackboardAttribute(BlackboardAttribute.Type.TSK_KEYWORD, MODULE_NAME, "keyword2"));
|
||||
attrs.add(new BlackboardAttribute(BlackboardAttribute.Type.TSK_KEYWORD_SEARCH_TYPE, MODULE_NAME, TskData.KeywordSearchQueryType.LITERAL.getType()));
|
||||
fileA3.newAnalysisResult(
|
||||
BlackboardArtifact.Type.TSK_KEYWORD_HIT, Score.SCORE_NOTABLE,
|
||||
null, KEYWORD_SET_2, null, attrs);
|
||||
@ -968,13 +970,13 @@ public class TableSearchTest extends NbTestCase {
|
||||
try {
|
||||
// Test keyword set hits
|
||||
AnalysisResultDAO analysisResultDAO = MainDAO.getInstance().getAnalysisResultDAO();
|
||||
KeywordHitSearchParam kwParam = new KeywordHitSearchParam(null, KEYWORD_SET_1, "", "");
|
||||
KeywordHitSearchParam kwParam = new KeywordHitSearchParam(null, KEYWORD_SET_1, "", "", TskData.KeywordSearchQueryType.LITERAL);
|
||||
AnalysisResultTableSearchResultsDTO results = analysisResultDAO.getKeywordHitsForTable(kwParam, 0, null, false);
|
||||
assertEquals(BlackboardArtifact.Type.TSK_KEYWORD_HIT, results.getArtifactType());
|
||||
assertEquals(2, results.getTotalResultsCount());
|
||||
assertEquals(2, results.getItems().size());
|
||||
|
||||
kwParam = new KeywordHitSearchParam(dataSource2.getId(), KEYWORD_SET_1, "", "");
|
||||
kwParam = new KeywordHitSearchParam(dataSource2.getId(), KEYWORD_SET_1, "", "", TskData.KeywordSearchQueryType.LITERAL);
|
||||
results = analysisResultDAO.getKeywordHitsForTable(kwParam, 0, null, false);
|
||||
assertEquals(BlackboardArtifact.Type.TSK_KEYWORD_HIT, results.getArtifactType());
|
||||
assertEquals(1, results.getTotalResultsCount());
|
||||
|
||||
@ -252,9 +252,9 @@ class LuceneQuery implements KeywordSearchQuery {
|
||||
}
|
||||
|
||||
if (originalKeyword.searchTermIsWholeWord()) {
|
||||
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE, MODULE_NAME, TskData.KeywordSearchQueryType.LITERAL.ordinal()));
|
||||
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE, MODULE_NAME, TskData.KeywordSearchQueryType.LITERAL.getType()));
|
||||
} else {
|
||||
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE, MODULE_NAME, TskData.KeywordSearchQueryType.SUBSTRING.ordinal()));
|
||||
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE, MODULE_NAME, TskData.KeywordSearchQueryType.SUBSTRING.getType()));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -714,7 +714,7 @@ final class RegexQuery implements KeywordSearchQuery {
|
||||
-> attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, MODULE_NAME, artifactID))
|
||||
);
|
||||
|
||||
attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE, MODULE_NAME, TskData.KeywordSearchQueryType.REGEX.ordinal()));
|
||||
attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE, MODULE_NAME, TskData.KeywordSearchQueryType.REGEX.getType()));
|
||||
|
||||
/*
|
||||
* Create an account instance.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user