mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make tskdbdiff.py handle attr value types correctly

Browse Source
This commit is contained in:
Richard Cordovano 2016-01-27 17:29:29 -05:00
parent c52929c017
commit 6893e1c35b
1 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
test/script/tskdbdiff.py
View File

@ -208,7 +208,7 @@ class TskDbDiff(object):
try: try:
art_id = "" art_id = ""
art_id = str(row["artifact_id"]) art_id = str(row["artifact_id"])
attribute_cursor.execute("SELECT blackboard_attributes.source, blackboard_attribute_types.display_name, blackboard_attributes.value_type, blackboard_attributes.value_text, blackboard_attributes.value_int32, blackboard_attributes.value_int64, blackboard_attributes.value_double FROM blackboard_attributes INNER JOIN blackboard_attribute_types ON blackboard_attributes.attribute_type_id = blackboard_attribute_types.attribute_type_id WHERE artifact_id =? ORDER BY blackboard_attributes.source, blackboard_attribute_types.display_name, blackboard_attributes.value_type, blackboard_attributes.value_text, blackboard_attributes.value_int32, blackboard_attributes.value_int64, blackboard_attributes.value_double", [art_id]) attribute_cursor.execute("SELECT blackboard_attributes.source, blackboard_attribute_types.display_name, blackboard_attributes.value_type, blackboard_attributes.value_text, blackboard_attributes.value_int32, blackboard_attributes.value_int64, blackboard_attributes.value_double, blackboard_attributes.value_byte FROM blackboard_attributes INNER JOIN blackboard_attribute_types ON blackboard_attributes.attribute_type_id = blackboard_attribute_types.attribute_type_id WHERE artifact_id =? ORDER BY blackboard_attributes.source, blackboard_attribute_types.display_name, blackboard_attributes.value_type, blackboard_attributes.value_text, blackboard_attributes.value_int32, blackboard_attributes.value_int64, blackboard_attributes.value_double", [art_id])
attributes = attribute_cursor.fetchall() attributes = attribute_cursor.fetchall()
# Print attributes # Print attributes
@ -220,7 +220,6 @@ class TskDbDiff(object):
src = attributes[0][0] src = attributes[0][0]
for attr in attributes: for attr in attributes:
attr_value_index = 3 + attr["value_type"]
numvals = 0 numvals = 0
for x in range(3, 6): for x in range(3, 6):
if(attr[x] != None): if(attr[x] != None):
@ -232,11 +231,20 @@ class TskDbDiff(object):
msg = "There were inconsistent sources for artifact with id #" + str(row["artifact_id"]) + ".\n" msg = "There were inconsistent sources for artifact with id #" + str(row["artifact_id"]) + ".\n"
try: try:
attr_value_as_string = str(attr[attr_value_index]) if attr["value_type"] == 0:
attr_value_as_string = str(attr["value_text"])
elif attr["value_type"] == 1:
attr_value_as_string = str(attr["value_int32"])
elif attr["value_type"] == 2:
attr_value_as_string = str(attr["value_int64"])
elif attr["value_type"] == 3:
attr_value_as_string = str(attr["value_double"])
elif attr["value_type"] == 4:
attr_value_as_string = "bytes"
elif attr["value_type"] == 5:
attr_value_as_string = str(attr["value_int64"])
if attr["display_name"] == "Associated Artifact": if attr["display_name"] == "Associated Artifact":
attr_value_as_string = getAssociatedArtifactType(db_file, attr_value_as_string) attr_value_as_string = getAssociatedArtifactType(db_file, attr_value_as_string)
#if((type(attr_value_as_string) != 'unicode') or (type(attr_value_as_string) != 'str')):
# attr_value_as_string = str(attr_value_as_string)
patrn = re.compile("[\n\0\a\b\r\f]") patrn = re.compile("[\n\0\a\b\r\f]")
attr_value_as_string = re.sub(patrn, ' ', attr_value_as_string) attr_value_as_string = re.sub(patrn, ' ', attr_value_as_string)
database_log.write('<attribute source="' + attr["source"] + '" type="' + attr["display_name"] + '" value="' + attr_value_as_string + '" />') database_log.write('<attribute source="' + attr["source"] + '" type="' + attr["display_name"] + '" value="' + attr_value_as_string + '" />')