Merge pull request #6627 from markmckinnon/7213-fixes-in-xml-for-aleapp

7213-fixes-in-xml-for-aleapp

Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java

@@ -268,10 +268,12 @@ public final class LeappFileProcessor {
 
         String[] columnValues;
 
-        // Check to see if the 2 values are equal, they may not be equal if there is no corresponding data in the line.
+        // Check to see if the 2 values are equal, they may not be equal if there is no corresponding data in the line
+        // or if the size of the line to split  is not equal to the column numbers we are looking to process. This
+        // can happen when the last value of the tsv line has no data in it.
         // If this happens then adding an empty value(s) for each columnValue where data does not exist
         Integer maxColumnNumber = Collections.max(columnNumberToProcess.keySet());
-        if (maxColumnNumber > line.split("\\t").length) {
+        if ((maxColumnNumber > line.split("\\t").length) || (columnNumberToProcess.size() > line.split("\\t").length)) {
             columnValues = Arrays.copyOf(line.split("\\t"), maxColumnNumber + 1);
         } else {
             columnValues = line.split("\\t");
@@ -283,6 +285,7 @@ public final class LeappFileProcessor {
             Integer columnNumber = columnToProcess.getKey();
             String attributeName = columnToProcess.getValue();
 
+            if (columnValues[columnNumber] != null) {
                 try {
                     BlackboardAttribute.Type attributeType = Case.getCurrentCase().getSleuthkitCase().getAttributeType(attributeName.toUpperCase());
                     if (attributeType == null) {
@@ -294,6 +297,7 @@ public final class LeappFileProcessor {
                     throw new IngestModuleException(String.format("Error getting Attribute type for Attribute Name %s", attributeName), ex); //NON-NLS
                 }
             }
+        }
 
         if (tsvFileArtifactComments.containsKey(fileName)) {
             bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, tsvFileArtifactComments.get(fileName)));
@@ -466,13 +470,12 @@ public final class LeappFileProcessor {
     /**
      * Generic method for creating a blackboard artifact with attributes
      *
-     * @param type         is a blackboard.artifact_type enum to determine which
-     *                     type the artifact should be
+     * @param type is a blackboard.artifact_type enum to determine which type
+     * the artifact should be
      * @param abstractFile is the AbstractFile object that needs to have the
      * artifact added for it
      * @param bbattributes is the collection of blackboard attributes that need
-     *                     to be added to the artifact after the artifact has
-     *                     been created
+     * to be added to the artifact after the artifact has been created
      *
      * @return The newly-created artifact, or null on error
      */
@@ -490,13 +493,12 @@ public final class LeappFileProcessor {
     /**
      * Generic method for creating a blackboard artifact with attributes
      *
-     * @param type         is a blackboard.artifact_type enum to determine which
-     *                     type the artifact should be
+     * @param type is a blackboard.artifact_type enum to determine which type
+     * the artifact should be
      * @param dataSource is the Content object that needs to have the artifact
      * added for it
      * @param bbattributes is the collection of blackboard attributes that need
-     *                     to be added to the artifact after the artifact has
-     *                     been created
+     * to be added to the artifact after the artifact has been created
      *
      * @return The newly-created artifact, or null on error
      */

Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/aleap-artifact-attribute-reference.xml

@@ -66,7 +66,7 @@
 
         <FileName filename="Browser cookies.tsv" description="Browser Cookies">
             <ArtifactName artifactname="TSK_WEB_COOKIE" comment="Browser Cookies">
-                <AttributeName attributename="TSK_DATETIME_ACCESS" columnName="Last Access Date" required="yes" />
+                <AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Access Date" required="yes" />
                 <AttributeName attributename="TSK_DOMAIN" columnName="Host" required="yes" />
                 <AttributeName attributename="TSK_NAME" columnName="Name" required="yes" />
                 <AttributeName attributename="TSK_VALUE" columnName="Value" required="yes" />
@@ -163,7 +163,7 @@
 
     <FileName filename="Chrome cookies.tsv" description="Chrome Cookies">
         <ArtifactName artifactname="TSK_WEB_COOKIE" comment="Chrome Cookies">
-            <AttributeName attributename="TSK_DATETIME_ACCESS" columnName="Last Access Date" required="yes" />
+            <AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Access Date" required="yes" />
             <AttributeName attributename="TSK_DOMAIN" columnName="Host" required="yes" />
             <AttributeName attributename="TSK_NAME" columnName="Name" required="yes" />
             <AttributeName attributename="TSK_VALUE" columnName="Value" required="yes" />
@@ -224,6 +224,79 @@
         </ArtifactName>
     </FileName>
 
+    <FileName filename="Edge Bookmarks.tsv" description="Edge Bookmarks">
+        <ArtifactName artifactname="TSK_WEB_BOOKMARK" comment="Chrome Bookmarks">
+            <AttributeName attributename="TSK_DATETIME_CREATED" columnName="Added Date" required="yes" />
+            <AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
+            <AttributeName attributename="TSK_TITLE" columnName="Name" required="yes" />
+            <AttributeName attributename="null" columnName="Parent" required="no" />
+            <AttributeName attributename="null" columnName="Type" required="no" />
+        </ArtifactName>
+    </FileName>
+
+    <FileName filename="Edge cookies.tsv" description="Edge Cookies">
+        <ArtifactName artifactname="TSK_WEB_COOKIE" comment="Edge Cookies">
+            <AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Access Date" required="yes" />
+            <AttributeName attributename="TSK_DOMAIN" columnName="Host" required="yes" />
+            <AttributeName attributename="TSK_NAME" columnName="Name" required="yes" />
+            <AttributeName attributename="TSK_VALUE" columnName="Value" required="yes" />
+            <AttributeName attributename="TSK_DATETIME_CREATED" columnName="Created Date" required="yes" />
+            <AttributeName attributename="TSK_DATETIME_END" columnName="Expiration Date" required="yes" />
+            <AttributeName attributename="TSK_PATH" columnName="Path" required="yes" />
+        </ArtifactName>
+    </FileName>
+
+    <FileName filename="Edge History.tsv" description="Edge History">
+        <ArtifactName artifactname="TSK_WEB_HISTORY" comment="Edge History">
+            <AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
+            <AttributeName attributename="TSK_URL" columnName="URL" required="yes"/>
+            <AttributeName attributename="TSK_TITLE" columnName="Title" required="yes"/>
+            <AttributeName attributename="null" columnName="Visit Count" required="no"/>
+            <AttributeName attributename="null" columnName="Hidden" required="no"/>
+        </ArtifactName>
+    </FileName>
+
+    <FileName filename="Edge login data.tsv" description="Edge Login Data">
+        <ArtifactName artifactname="TSK_SERVICE_ACCOUNT" comment="Edge Login">
+            <AttributeName attributename="TSK_DATETIME_CREATED" columnName="Created Time" required="yes" />
+            <AttributeName attributename="TSK_USER_NAME" columnName="Username" required="yes" />
+            <AttributeName attributename="TSK_PASSWORD" columnName="Password" required="yes" />
+            <AttributeName attributename="TSK_URL" columnName="Origin URL" required="no" />
+            <AttributeName attributename="null" columnName="Blacklisted by User" required="no" />
+        </ArtifactName>
+    </FileName>
+
+    <FileName filename="Edge offline pages.tsv" description="Edge Offline Pages">
+        <ArtifactName artifactname="TSK_WEB_HISTORY" comment="Edge Offline Pages">
+            <AttributeName attributename="TSK_DATETIME_CREATED" columnName="Creation Time" required="yes" />
+            <AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Access Time" required="yes" />
+            <AttributeName attributename="TSK_URL" columnName="Online URL" required="yes" />
+            <AttributeName attributename="null" columnName="File Path" required="no" />
+            <AttributeName attributename="TSK_TITLE" columnName="Title" required="no" />
+            <AttributeName attributename="null" columnName="Access Count" required="no" />
+            <AttributeName attributename="null" columnName="File Size" required="no" />
+        </ArtifactName>
+    </FileName>
+
+    <FileName filename="Edge search terms.tsv" description="Edge Search Terms">
+        <ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Chrome Search Terms">
+            <AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
+            <AttributeName attributename="TSK_TEXT" columnName="Search Term" required="yes"/>
+            <AttributeName attributename="TSK_URL" columnName="URL" required="yes"/>
+            <AttributeName attributename="null" columnName="Title" required="no"/>
+            <AttributeName attributename="null" columnName="Visit Count" required="no"/>
+        </ArtifactName>
+    </FileName>
+
+    <FileName filename="Edge top sites.tsv" description="Edge Top Sites">
+        <ArtifactName artifactname="TSK_WEB_HISTORY" comment="Edge Top Sites">
+            <AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
+            <AttributeName attributename="null" columnName="Rank" required="no" />
+            <AttributeName attributename="TSK_TITLE" columnName="Title" required="no" />
+            <AttributeName attributename="null" columnName="Redirects" required="no" />
+        </ArtifactName>
+    </FileName>
+	
     <FileName filename="google play searches.tsv" description="Google Play Searches">
         <ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Google Play Search">
             <AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Timestamp" required="yes" />
@@ -233,10 +306,11 @@
     </FileName>
 
     <FileName filename="google quick search box.tsv" description="Google quick search box">
-        <ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Google Quick Search Search">
-            <AttributeName attributename="TSK_DATETIME" columnName="File Timestamp" required="yes" />
+        <ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Google Quick Search">
+            <AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="File Timestamp" required="yes" />
             <AttributeName attributename="null" columnName="Type" required="no" />
-            <AttributeName attributename="TSK_TEXT" columnName="Queries	Response" required="yes" />
+            <AttributeName attributename="TSK_TEXT" columnName="Queries" required="yes" />
+            <AttributeName attributename="null" columnName="Response" required="no" />
             <AttributeName attributename="null" columnName="Source File" required="no" />
         </ArtifactName>
     </FileName>
@@ -256,7 +330,7 @@
     </FileName>
     
     <FileName filename="installed apps vending.tsv" description="Installed Apps (Vending)">
-        <ArtifactName artifactname="TSK_INSTALLED_PROG" comment="Installed Apps (VEnding)">
+        <ArtifactName artifactname="TSK_INSTALLED_PROG" comment="Installed Apps (Vending)">
             <AttributeName attributename="TSK_DATETIME" columnName="First Download" required="yes" />
             <AttributeName attributename="TSK_PROG_NAME" columnName="Package Name" required="yes" />
             <AttributeName attributename="TSK_TITLE" columnName="Title" required="yes" />