From 6802deefe3a5d01e84ebdbf3e58d73b22f712bf9 Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Mon, 29 Mar 2021 15:40:57 -0400
Subject: [PATCH] domain categorization artifacts

---
 .../recentactivity/DomainCategoryRunner.java  | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/DomainCategoryRunner.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/DomainCategoryRunner.java
index f65673b6d0..0102f6e868 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/DomainCategoryRunner.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/DomainCategoryRunner.java
@@ -32,6 +32,7 @@ import java.util.Set;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
+import java.util.stream.Stream;
 import org.apache.commons.lang.StringUtils;
 import org.openide.util.Lookup;
 import org.openide.util.NbBundle.Messages;
@@ -86,6 +87,17 @@ class DomainCategoryRunner extends Extract {
     // NOTE: if CustomWebCategorizer ever changes name, this will need to be changed as well.
     private static final String CUSTOM_CATEGORIZER_PATH = "org.sleuthkit.autopsy.url.analytics.domaincategorization.CustomWebCategorizer";
 
+    // the artifact types to be searched for domain categories
+    private static final List<BlackboardArtifact.Type> DOMAIN_CATEGORIZATION_TYPES = Stream.of(
+            BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK,
+            BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_CACHE,
+            BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_COOKIE,
+            BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_DOWNLOAD,
+            BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_HISTORY,
+            BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_SEARCH_QUERY)
+            .map(BlackboardArtifact.Type::new)
+            .collect(Collectors.toList());
+
     /**
      * Get seconds from epoch from the mapping for the attribute type id.
      *
@@ -168,7 +180,7 @@ class DomainCategoryRunner extends Extract {
      * Main constructor.
      */
     DomainCategoryRunner() {
-        
+
     }
 
     /**
@@ -355,7 +367,7 @@ class DomainCategoryRunner extends Extract {
         Set<String> hostSuffixesSeen = new HashSet<>();
         try {
             List<BlackboardArtifact> listArtifacts = currentCase.getSleuthkitCase().getBlackboard().getArtifacts(
-                    Arrays.asList(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_WEB_HISTORY)),
+                    DOMAIN_CATEGORIZATION_TYPES,
                     Arrays.asList(dataSource.getId()));
 
             logger.log(Level.INFO, "Processing {0} blackboard artifacts.", listArtifacts.size()); //NON-NLS
@@ -364,7 +376,8 @@ class DomainCategoryRunner extends Extract {
             for (BlackboardArtifact artifact : listArtifacts) {
                 // make sure we haven't cancelled
                 if (context.dataSourceIngestIsCancelled()) {
-                    break;       //User cancelled the process.
+                    //User cancelled the process.
+                    break;
                 }
 
                 // get the pertinent details for this artifact.