mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-14 17:06:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

format files and remove commented code

Browse Source 
format files and remove commented code
This commit is contained in:
Mark McKinnon 2020-09-03 22:56:40 -04:00
parent b04622d308
commit 641bdab2c4
2 changed files with 135 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

259
Core/src/org/sleuthkit/autopsy/modules/ileappanalyser/ILeappAnalyserIngestModule.java
View File

@ -95,7 +95,7 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
ILeappAnalyserIngestModule() { ILeappAnalyserIngestModule() {
this.tsvFileAttributes = new HashMap<>(); this.tsvFileAttributes = new HashMap<>();
} }
@NbBundle.Messages({ @NbBundle.Messages({
@ -110,7 +110,7 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
} }
configExtractor(); configExtractor();
try { try {
iLeappExecutable = locateExecutable(ILEAPP_EXECUTABLE); iLeappExecutable = locateExecutable(ILEAPP_EXECUTABLE);
} catch (FileNotFoundException exception) { } catch (FileNotFoundException exception) {
@ -136,21 +136,21 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
fileManager = currentCase.getServices().getFileManager(); fileManager = currentCase.getServices().getFileManager();
List<AbstractFile> iLeappFilesToProcess = findiLeappFilesToProcess(dataSource); List<AbstractFile> iLeappFilesToProcess = findiLeappFilesToProcess(dataSource);
statusHelper.switchToDeterminate(iLeappFilesToProcess.size()); statusHelper.switchToDeterminate(iLeappFilesToProcess.size());
try { try {
loadConfigFile(); loadConfigFile();
} catch (IngestModuleException ex) { } catch (IngestModuleException ex) {
logger.log(Level.SEVERE, String.format("Error loading config file %s", XMLFILE), ex); logger.log(Level.SEVERE, String.format("Error loading config file %s", XMLFILE), ex);
return ProcessResult.ERROR; return ProcessResult.ERROR;
} }
Integer filesProcessedCount = 0; Integer filesProcessedCount = 0;
if (!iLeappFilesToProcess.isEmpty()) { if (!iLeappFilesToProcess.isEmpty()) {
// Run iLeapp // Run iLeapp
for (AbstractFile iLeappFile: iLeappFilesToProcess) { for (AbstractFile iLeappFile : iLeappFilesToProcess) {
String currentTime = new SimpleDateFormat("yyyy-MM-dd HH-mm-ss z", Locale.US).format(System.currentTimeMillis());//NON-NLS String currentTime = new SimpleDateFormat("yyyy-MM-dd HH-mm-ss z", Locale.US).format(System.currentTimeMillis());//NON-NLS
Path moduleOutputPath = Paths.get(currentCase.getModuleDirectory(), ILEAPP, currentTime); Path moduleOutputPath = Paths.get(currentCase.getModuleDirectory(), ILEAPP, currentTime);
@ -168,32 +168,32 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
if (result != 0) { if (result != 0) {
logger.log(Level.SEVERE, String.format("Error running iLeapp, error code returned %d", result)); //NON-NLS logger.log(Level.SEVERE, String.format("Error running iLeapp, error code returned %d", result)); //NON-NLS
return ProcessResult.ERROR; return ProcessResult.ERROR;
} }
} catch (IOException ex) { } catch (IOException ex) {
logger.log(Level.SEVERE, String.format("Error when trying to execute iLeapp program against file %s", iLeappFile.getLocalAbsPath()), ex); logger.log(Level.SEVERE, String.format("Error when trying to execute iLeapp program against file %s", iLeappFile.getLocalAbsPath()), ex);
return ProcessResult.ERROR; return ProcessResult.ERROR;
} }
if (context.dataSourceIngestIsCancelled()) { if (context.dataSourceIngestIsCancelled()) {
logger.log(Level.INFO, "ILeapp Analyser ingest module run was canceled"); //NON-NLS logger.log(Level.INFO, "ILeapp Analyser ingest module run was canceled"); //NON-NLS
return ProcessResult.OK; return ProcessResult.OK;
} }
try { try {
List<String> iLeappTsvOutputFiles = findTsvFiles(moduleOutputPath); List<String> iLeappTsvOutputFiles = findTsvFiles(moduleOutputPath);
if (!iLeappTsvOutputFiles.isEmpty()) { if (!iLeappTsvOutputFiles.isEmpty()) {
processiLeappFiles(iLeappTsvOutputFiles, iLeappFile, statusHelper); processiLeappFiles(iLeappTsvOutputFiles, iLeappFile, statusHelper);
} }
} catch (IOException | IngestModuleException ex) { } catch (IOException | IngestModuleException ex) {
logger.log(Level.SEVERE, String.format("Error trying to process iLeapp output files in directory %s. ", moduleOutputPath.toString()), ex); //NON-NLS logger.log(Level.SEVERE, String.format("Error trying to process iLeapp output files in directory %s. ", moduleOutputPath.toString()), ex); //NON-NLS
return ProcessResult.ERROR; return ProcessResult.ERROR;
} }
filesProcessedCount++; filesProcessedCount++;
} }
} }
IngestMessage message = IngestMessage.createMessage(IngestMessage.MessageType.DATA, IngestMessage message = IngestMessage.createMessage(IngestMessage.MessageType.DATA,
Bundle.ILeappAnalyserIngestModule_has_run(), Bundle.ILeappAnalyserIngestModule_has_run(),
Bundle.ILeappAnalyserIngestModule_completed()); Bundle.ILeappAnalyserIngestModule_completed());
@ -203,14 +203,15 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
/** /**
* Find the files to process that will be processed by the iLeapp program * Find the files to process that will be processed by the iLeapp program
* *
* @param dataSource * @param dataSource
*
* @return List of abstract files to process. * @return List of abstract files to process.
*/ */
private List<AbstractFile> findiLeappFilesToProcess(Content dataSource) { private List<AbstractFile> findiLeappFilesToProcess(Content dataSource) {
List<AbstractFile> iLeappFiles = new ArrayList<>(); List<AbstractFile> iLeappFiles = new ArrayList<>();
FileManager fileManager = getCurrentCase().getServices().getFileManager(); FileManager fileManager = getCurrentCase().getServices().getFileManager();
// findFiles use the SQL wildcard # in the file name // findFiles use the SQL wildcard # in the file name
@ -218,21 +219,21 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
iLeappFiles = fileManager.findFiles(dataSource, "%", "/"); //NON-NLS iLeappFiles = fileManager.findFiles(dataSource, "%", "/"); //NON-NLS
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
//Change this //Change this
logger.log(Level.WARNING, "No files found to process"); //NON-NLS logger.log(Level.WARNING, "No files found to process"); //NON-NLS
return iLeappFiles; return iLeappFiles;
} }
List<AbstractFile> iLeappFilesToProcess = new ArrayList<>(); List<AbstractFile> iLeappFilesToProcess = new ArrayList<>();
for (AbstractFile iLeappFile: iLeappFiles) { for (AbstractFile iLeappFile : iLeappFiles) {
if ((iLeappFile.getName().toLowerCase().contains(".zip") || (iLeappFile.getName().toLowerCase().contains(".tar")) if ((iLeappFile.getName().toLowerCase().contains(".zip") || (iLeappFile.getName().toLowerCase().contains(".tar"))
|| iLeappFile.getName().toLowerCase().contains(".tgz"))) { || iLeappFile.getName().toLowerCase().contains(".tgz"))) {
iLeappFilesToProcess.add(iLeappFile); iLeappFilesToProcess.add(iLeappFile);
} }
} }
return iLeappFilesToProcess; return iLeappFilesToProcess;
} }
private ProcessBuilder buildiLeappCommand(Path moduleOutputPath, String sourceFilePath, String iLeappFileSystemType) { private ProcessBuilder buildiLeappCommand(Path moduleOutputPath, String sourceFilePath, String iLeappFileSystemType) {
ProcessBuilder processBuilder = buildProcessWithRunAsInvoker( ProcessBuilder processBuilder = buildProcessWithRunAsInvoker(
@ -265,58 +266,59 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
} }
return exeFile; return exeFile;
} }
@NbBundle.Messages({ @NbBundle.Messages({
"ILeappAnalyserIngestModule.error.reading.iLeapp.directory=Error reading iLeapp Output directory."}) "ILeappAnalyserIngestModule.error.reading.iLeapp.directory=Error reading iLeapp Output directory."})
/** /**
* Find the tsv files in the iLeapp output directory and match them to files we know we want to process * Find the tsv files in the iLeapp output directory and match them to files
* and return the list to process those files. * we know we want to process and return the list to process those files.
*/ */
private List<String> findTsvFiles(Path iLeapOutputDir) throws IngestModuleException { private List<String> findTsvFiles(Path iLeapOutputDir) throws IngestModuleException {
List<String> allTsvFiles = new ArrayList<>(); List<String> allTsvFiles = new ArrayList<>();
List<String> foundTsvFiles = new ArrayList<>(); List<String> foundTsvFiles = new ArrayList<>();
try (Stream<Path> walk = Files.walk(iLeapOutputDir)) { try (Stream<Path> walk = Files.walk(iLeapOutputDir)) {
allTsvFiles = walk.map(x -> x.toString()) allTsvFiles = walk.map(x -> x.toString())
.filter(f -> f.endsWith(".tsv")).collect(Collectors.toList()); .filter(f -> f.endsWith(".tsv")).collect(Collectors.toList());
for (String tsvFile : allTsvFiles) { for (String tsvFile : allTsvFiles) {
if (tsvFiles.containsKey(FilenameUtils.getName(tsvFile))) { if (tsvFiles.containsKey(FilenameUtils.getName(tsvFile))) {
foundTsvFiles.add(tsvFile); foundTsvFiles.add(tsvFile);
} }
} }
} catch (IOException e) { } catch (IOException e) {
throw new IngestModuleException(Bundle.ILeappAnalyserIngestModule_error_reading_iLeapp_directory() + iLeapOutputDir.toString(), e); throw new IngestModuleException(Bundle.ILeappAnalyserIngestModule_error_reading_iLeapp_directory() + iLeapOutputDir.toString(), e);
} }
return foundTsvFiles; return foundTsvFiles;
} }
/** /**
* Process the iLeapp files that were found that match the xml mapping file * Process the iLeapp files that were found that match the xml mapping file
*
* @param iLeappFilesToProcess List of files to process * @param iLeappFilesToProcess List of files to process
* @param iLeappImageFile Abstract file to create artifact for * @param iLeappImageFile Abstract file to create artifact for
* @param statusHelper progress bar update * @param statusHelper progress bar update
*
* @throws FileNotFoundException * @throws FileNotFoundException
* @throws IOException * @throws IOException
*/ */
private void processiLeappFiles(List<String> iLeappFilesToProcess, AbstractFile iLeappImageFile, DataSourceIngestModuleProgress statusHelper) throws FileNotFoundException, IOException, IngestModuleException { private void processiLeappFiles(List<String> iLeappFilesToProcess, AbstractFile iLeappImageFile, DataSourceIngestModuleProgress statusHelper) throws FileNotFoundException, IOException, IngestModuleException {
List<BlackboardArtifact> bbartifacts = new ArrayList<>(); List<BlackboardArtifact> bbartifacts = new ArrayList<>();
for (String iLeappFileName : iLeappFilesToProcess) { for (String iLeappFileName : iLeappFilesToProcess) {
String fileName = FilenameUtils.getName(iLeappFileName); String fileName = FilenameUtils.getName(iLeappFileName);
statusHelper.progress(NbBundle.getMessage(this.getClass(), "ILeappAnalyserIngestModule.parsing.file", fileName)); statusHelper.progress(NbBundle.getMessage(this.getClass(), "ILeappAnalyserIngestModule.parsing.file", fileName));
File iLeappFile = new File(iLeappFileName); File iLeappFile = new File(iLeappFileName);
// List<List<String>> attrList = new ArrayList<>();
if (tsvFileAttributes.containsKey(fileName)) { if (tsvFileAttributes.containsKey(fileName)) {
List<List<String>> attrList = tsvFileAttributes.get(fileName); List<List<String>> attrList = tsvFileAttributes.get(fileName);
try { try {
BlackboardArtifact.Type artifactType = Case.getCurrentCase().getSleuthkitCase().getArtifactType(tsvFileArtifacts.get(fileName)); BlackboardArtifact.Type artifactType = Case.getCurrentCase().getSleuthkitCase().getArtifactType(tsvFileArtifacts.get(fileName));
try (BufferedReader reader = new BufferedReader(new FileReader(iLeappFile))) { try (BufferedReader reader = new BufferedReader(new FileReader(iLeappFile))) {
String line = reader.readLine(); String line = reader.readLine();
// Check first line, if it is null then no heading so nothing to match to, close and go to next file. // Check first line, if it is null then no heading so nothing to match to, close and go to next file.
@ -324,7 +326,6 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
HashMap<Integer, String> columnNumberToProcess = findColumnsToProcess(line, attrList); HashMap<Integer, String> columnNumberToProcess = findColumnsToProcess(line, attrList);
line = reader.readLine(); line = reader.readLine();
while (line != null) { while (line != null) {
// Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
Collection<BlackboardAttribute> bbattributes = processReadLine(line, columnNumberToProcess, fileName); Collection<BlackboardAttribute> bbattributes = processReadLine(line, columnNumberToProcess, fileName);
if (!bbattributes.isEmpty()) { if (!bbattributes.isEmpty()) {
BlackboardArtifact bbartifact = createArtifactWithAttributes(artifactType.getTypeID(), iLeappImageFile, bbattributes); BlackboardArtifact bbartifact = createArtifactWithAttributes(artifactType.getTypeID(), iLeappImageFile, bbattributes);
@ -337,34 +338,36 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
} }
} }
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
// check this // check this
throw new IngestModuleException(String.format("Error getting Blackboard Artifact Type for %s", tsvFileArtifacts.get(fileName)), ex); throw new IngestModuleException(String.format("Error getting Blackboard Artifact Type for %s", tsvFileArtifacts.get(fileName)), ex);
} }
} }
} }
if (!bbartifacts.isEmpty()) { if (!bbartifacts.isEmpty()) {
postArtifacts(bbartifacts); postArtifacts(bbartifacts);
} }
} }
/** /**
* Process the line read and create the necessary attributes for it * Process the line read and create the necessary attributes for it
* @param line a tsv line to process that was read *
* @param line a tsv line to process that was read
* @param columnNumberToProcess Which columns to process in the tsv line * @param columnNumberToProcess Which columns to process in the tsv line
* @return *
* @return
*/ */
private Collection<BlackboardAttribute> processReadLine(String line, HashMap<Integer, String> columnNumberToProcess, String fileName) throws IngestModuleException { private Collection<BlackboardAttribute> processReadLine(String line, HashMap<Integer, String> columnNumberToProcess, String fileName) throws IngestModuleException {
String[] columnValues = line.split("\\t"); String[] columnValues = line.split("\\t");
Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>(); Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
for (Map.Entry<Integer, String> columnToProcess: columnNumberToProcess.entrySet()) { for (Map.Entry<Integer, String> columnToProcess : columnNumberToProcess.entrySet()) {
Integer columnNumber = columnToProcess.getKey(); Integer columnNumber = columnToProcess.getKey();
String attributeName = columnToProcess.getValue(); String attributeName = columnToProcess.getValue();
try { try {
BlackboardAttribute.Type attributeType = Case.getCurrentCase().getSleuthkitCase().getAttributeType(attributeName.toUpperCase()); BlackboardAttribute.Type attributeType = Case.getCurrentCase().getSleuthkitCase().getAttributeType(attributeName.toUpperCase());
if (attributeType == null) { if (attributeType == null) {
@ -374,58 +377,62 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
if (attrType.matches("STRING")) { if (attrType.matches("STRING")) {
bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, columnValues[columnNumber])); bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, columnValues[columnNumber]));
} else if (attrType.matches("INTEGER")) { } else if (attrType.matches("INTEGER")) {
bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Integer.valueOf(columnValues[columnNumber]))); bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Integer.valueOf(columnValues[columnNumber])));
} else if (attrType.matches("LONG")) { } else if (attrType.matches("LONG")) {
bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Long.valueOf(columnValues[columnNumber]))); bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Long.valueOf(columnValues[columnNumber])));
} else if (attrType.matches("DOUBLE")) { } else if (attrType.matches("DOUBLE")) {
bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Double.valueOf(columnValues[columnNumber]))); bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Double.valueOf(columnValues[columnNumber])));
} else if (attrType.matches("BYTE")) { } else if (attrType.matches("BYTE")) {
bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Byte.valueOf(columnValues[columnNumber]))); bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, Byte.valueOf(columnValues[columnNumber])));
} else if (attrType.matches("DATETIME")) { } else if (attrType.matches("DATETIME")) {
// format of data should be the same in all the data and the format is 2020-03-28 01:00:17 // format of data should be the same in all the data and the format is 2020-03-28 01:00:17
SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-d HH:mm:ss", US); SimpleDateFormat dateFormat = new SimpleDateFormat("yyyy-MM-d HH:mm:ss", US);
Long dateLong = Long.valueOf(0); Long dateLong = Long.valueOf(0);
try { try {
Date newDate = dateFormat.parse(columnValues[columnNumber]); Date newDate = dateFormat.parse(columnValues[columnNumber]);
dateLong = newDate.getTime()/1000; dateLong = newDate.getTime() / 1000;
bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, dateLong)); bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, dateLong));
} catch (ParseException ex) { } catch (ParseException ex) {
// catching error and displaying date that could not be parsed // catching error and displaying date that could not be parsed
// we set the timestamp to 0 and continue on processing // we set the timestamp to 0 and continue on processing
logger.log(Level.WARNING, String.format("Failed to parse date/time %s for attribute.", columnValues[columnNumber]), ex); //NON-NLS logger.log(Level.WARNING, String.format("Failed to parse date/time %s for attribute.", columnValues[columnNumber]), ex); //NON-NLS
} }
} else if (attrType.matches("JSON")) { } else if (attrType.matches("JSON")) {
bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, columnValues[columnNumber])); bbattributes.add(new BlackboardAttribute(attributeType, MODULE_NAME, columnValues[columnNumber]));
} else { } else {
// Log this and continue on with processing // Log this and continue on with processing
logger.log(Level.WARNING, String.format("Attribute Type %s not defined.", attrType)); //NON-NLS logger.log(Level.WARNING, String.format("Attribute Type %s not defined.", attrType)); //NON-NLS
} }
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
throw new IngestModuleException(String.format("Error getting Attribute type for Attribute Name %s", attributeName), ex); //NON-NLS throw new IngestModuleException(String.format("Error getting Attribute type for Attribute Name %s", attributeName), ex); //NON-NLS
} }
} }
if (tsvFileArtifactComments.containsKey(fileName)) { if (tsvFileArtifactComments.containsKey(fileName)) {
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, tsvFileArtifactComments.get(fileName))); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, tsvFileArtifactComments.get(fileName)));
} }
return bbattributes; return bbattributes;
} }
/** /**
* Process the first line of the tsv file which has the headings. Match the headings to the columns in the XML * Process the first line of the tsv file which has the headings. Match the
* mapping file so we know which columns to process. * headings to the columns in the XML mapping file so we know which columns
* @param line a tsv heading line of the columns in the file * to process.
*
* @param line a tsv heading line of the columns in the file
* @param attrList the list of headings we want to process * @param attrList the list of headings we want to process
* @return the numbered column(s) and attribute(s) we want to use for the column(s) *
* @return the numbered column(s) and attribute(s) we want to use for the
* column(s)
*/ */
private HashMap<Integer, String> findColumnsToProcess(String line, List<List<String>> attrList) { private HashMap<Integer, String> findColumnsToProcess(String line, List<List<String>> attrList) {
String[] columnNames = line.split("\\t"); String[] columnNames = line.split("\\t");
HashMap<Integer, String> columnsToProcess = new HashMap<>(); HashMap<Integer, String> columnsToProcess = new HashMap<>();
Integer columnPosition = 0; Integer columnPosition = 0;
for (String columnName : columnNames) { for (String columnName : columnNames) {
// for some reason the first column of the line has unprintable characters so removing them // for some reason the first column of the line has unprintable characters so removing them
@ -438,27 +445,26 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
} }
columnPosition++; columnPosition++;
} }
return columnsToProcess; return columnsToProcess;
} }
@NbBundle.Messages({ @NbBundle.Messages({
"ILeappAnalyserIngestModule.cannot.load.artifact.xml=Cannor load xml artifact file.", "ILeappAnalyserIngestModule.cannot.load.artifact.xml=Cannor load xml artifact file.",
"ILeappAnalyserIngestModule.cannotBuildXmlParser=Cannot buld an XML parser.", "ILeappAnalyserIngestModule.cannotBuildXmlParser=Cannot buld an XML parser.",
"ILeappAnalyserIngestModule_cannotParseXml=Cannot Parse XML file.", "ILeappAnalyserIngestModule_cannotParseXml=Cannot Parse XML file.",
"ILeappAnalyserIngestModule.postartifacts_error=Error posting Blackboard Artifact", "ILeappAnalyserIngestModule.postartifacts_error=Error posting Blackboard Artifact",
"ILeappAnalyserIngestModule.error.creating.new.artifacts=Error creating new artifacts." "ILeappAnalyserIngestModule.error.creating.new.artifacts=Error creating new artifacts."
}) })
/** /**
* Read the XML config file and load the mappings into maps * Read the XML config file and load the mappings into maps
*/ */
private void loadConfigFile() throws IngestModuleException { private void loadConfigFile() throws IngestModuleException {
Document xmlinput; Document xmlinput;
try { try {
String path = PlatformUtil.getUserConfigDirectory() + File.separator + XMLFILE; String path = PlatformUtil.getUserConfigDirectory() + File.separator + XMLFILE;
File f = new File(path); File f = new File(path);
logger.log(Level.INFO, "Load successful"); //NON-NLS
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
DocumentBuilder db = dbf.newDocumentBuilder(); DocumentBuilder db = dbf.newDocumentBuilder();
xmlinput = db.parse(f); xmlinput = db.parse(f);
@ -476,49 +482,49 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
for (int i = 0; i < nlist.getLength(); i++) { for (int i = 0; i < nlist.getLength(); i++) {
NamedNodeMap nnm = nlist.item(i).getAttributes(); NamedNodeMap nnm = nlist.item(i).getAttributes();
tsvFiles.put(nnm.getNamedItem("filename").getNodeValue(), nnm.getNamedItem("description").getNodeValue()); tsvFiles.put(nnm.getNamedItem("filename").getNodeValue(), nnm.getNamedItem("description").getNodeValue());
} }
NodeList artifactNlist = xmlinput.getElementsByTagName("ArtifactName"); //NON-NLS NodeList artifactNlist = xmlinput.getElementsByTagName("ArtifactName"); //NON-NLS
for (int k = 0; k < artifactNlist.getLength(); k++) { for (int k = 0; k < artifactNlist.getLength(); k++) {
NamedNodeMap nnm = artifactNlist.item(k).getAttributes(); NamedNodeMap nnm = artifactNlist.item(k).getAttributes();
String artifactName = nnm.getNamedItem("artifactname").getNodeValue(); String artifactName = nnm.getNamedItem("artifactname").getNodeValue();
String comment = nnm.getNamedItem("comment").getNodeValue(); String comment = nnm.getNamedItem("comment").getNodeValue();
String parentName = artifactNlist.item(k).getParentNode().getAttributes().getNamedItem("filename").getNodeValue(); String parentName = artifactNlist.item(k).getParentNode().getAttributes().getNamedItem("filename").getNodeValue();
tsvFileArtifacts.put(parentName, artifactName); tsvFileArtifacts.put(parentName, artifactName);
if (!comment.toLowerCase().matches("null")) { if (!comment.toLowerCase().matches("null")) {
tsvFileArtifactComments.put(parentName, comment); tsvFileArtifactComments.put(parentName, comment);
} }
} }
NodeList attributeNlist = xmlinput.getElementsByTagName("AttributeName"); //NON-NLS NodeList attributeNlist = xmlinput.getElementsByTagName("AttributeName"); //NON-NLS
for (int k = 0; k < attributeNlist.getLength(); k++) { for (int k = 0; k < attributeNlist.getLength(); k++) {
List<String> attributeList = new ArrayList<>(); List<String> attributeList = new ArrayList<>();
NamedNodeMap nnm = attributeNlist.item(k).getAttributes(); NamedNodeMap nnm = attributeNlist.item(k).getAttributes();
String attributeName = nnm.getNamedItem("attributename").getNodeValue(); String attributeName = nnm.getNamedItem("attributename").getNodeValue();
if (!attributeName.toLowerCase().matches("null")) { if (!attributeName.toLowerCase().matches("null")) {
String columnName = nnm.getNamedItem("columnName").getNodeValue(); String columnName = nnm.getNamedItem("columnName").getNodeValue();
String required = nnm.getNamedItem("required").getNodeValue(); String required = nnm.getNamedItem("required").getNodeValue();
String parentName = attributeNlist.item(k).getParentNode().getParentNode().getAttributes().getNamedItem("filename").getNodeValue(); String parentName = attributeNlist.item(k).getParentNode().getParentNode().getAttributes().getNamedItem("filename").getNodeValue();
attributeList.add(attributeName.toLowerCase()); attributeList.add(attributeName.toLowerCase());
attributeList.add(columnName.toLowerCase()); attributeList.add(columnName.toLowerCase());
attributeList.add(required.toLowerCase()); attributeList.add(required.toLowerCase());
if (tsvFileAttributes.containsKey(parentName)) { if (tsvFileAttributes.containsKey(parentName)) {
List<List<String>> attrList = tsvFileAttributes.get(parentName); List<List<String>> attrList = tsvFileAttributes.get(parentName);
attrList.add(attributeList); attrList.add(attributeList);
tsvFileAttributes.replace(parentName, attrList); tsvFileAttributes.replace(parentName, attrList);
} else { } else {
List<List<String>> attrList = new ArrayList<>(); List<List<String>> attrList = new ArrayList<>();
attrList.add(attributeList); attrList.add(attributeList);
tsvFileAttributes.put(parentName, attrList); tsvFileAttributes.put(parentName, attrList);
} }
} }
} }
} }
/** /**
@ -526,11 +532,12 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
* *
* @param type is a blackboard.artifact_type enum to determine which * @param type is a blackboard.artifact_type enum to determine which
* type the artifact should be * type the artifact should be
* @param content is the Content object that needs to have the * @param content is the Content object that needs to have the artifact
* artifact added for it * added for it
* @param bbattributes is the collection of blackboard attributes that need * @param bbattributes is the collection of blackboard attributes that need
* to be added to the artifact after the artifact has * to be added to the artifact after the artifact has
* been created * been created
*
* @return The newly-created artifact, or null on error * @return The newly-created artifact, or null on error
*/ */
protected BlackboardArtifact createArtifactWithAttributes(int type, AbstractFile abstractFile, Collection<BlackboardAttribute> bbattributes) { protected BlackboardArtifact createArtifactWithAttributes(int type, AbstractFile abstractFile, Collection<BlackboardAttribute> bbattributes) {
@ -546,25 +553,26 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
/** /**
* Method to post a list of BlackboardArtifacts to the blackboard. * Method to post a list of BlackboardArtifacts to the blackboard.
* *
* @param artifacts A list of artifacts. IF list is empty or null, the function will return. * @param artifacts A list of artifacts. IF list is empty or null, the
* function will return.
*/ */
void postArtifacts(Collection<BlackboardArtifact> artifacts) { void postArtifacts(Collection<BlackboardArtifact> artifacts) {
if(artifacts == null || artifacts.isEmpty()) { if (artifacts == null || artifacts.isEmpty()) {
return; return;
} }
try{ try {
Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifacts(artifacts, MODULE_NAME); Case.getCurrentCase().getSleuthkitCase().getBlackboard().postArtifacts(artifacts, MODULE_NAME);
} catch (Blackboard.BlackboardException ex) { } catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, Bundle.ILeappAnalyserIngestModule_postartifacts_error(), ex); //NON-NLS logger.log(Level.SEVERE, Bundle.ILeappAnalyserIngestModule_postartifacts_error(), ex); //NON-NLS
} }
} }
/** /**
* Extract the iLeapp config xml file to the user directory to process * Extract the iLeapp config xml file to the user directory to process
* *
* @throws org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException * @throws org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException
*/ */
void configExtractor() throws IngestModuleException { void configExtractor() throws IngestModuleException {
try { try {
@ -576,6 +584,5 @@ public class ILeappAnalyserIngestModule implements DataSourceIngestModule {
} }
} }
} }

4
Core/src/org/sleuthkit/autopsy/modules/ileappanalyser/ILeappAnalyserModuleFactory.java
View File

@ -27,8 +27,8 @@ import org.sleuthkit.autopsy.ingest.IngestModuleFactoryAdapter;
import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings; import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings;
/** /**
* A factory that creates data source ingest modules that will run iLeapp against * A factory that creates data source ingest modules that will run iLeapp
* logical files and saves the output to module output. * against logical files and saves the output to module output.
*/ */
@ServiceProvider(service = IngestModuleFactory.class) @ServiceProvider(service = IngestModuleFactory.class)
public class ILeappAnalyserModuleFactory extends IngestModuleFactoryAdapter { public class ILeappAnalyserModuleFactory extends IngestModuleFactoryAdapter {