mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 10:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3394 from dgrove727/3447_InterestingFilesRaceCondition

Browse Source 
3447 interesting files race condition
This commit is contained in:
Richard Cordovano 2018-02-12 15:20:25 -05:00 committed by GitHub
commit 6eea6edf34
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 83 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java
View File

@ -19,22 +19,16 @@
package org.sleuthkit.autopsy.modules.filetypeid;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.SortedSet;
import java.util.TreeSet;
import java.util.logging.Level;
import java.util.stream.Collectors;
import org.apache.tika.Tika;
import org.apache.tika.io.TikaInputStream;
import org.apache.tika.mime.MimeTypes;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.services.Blackboard;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.ReadContentInputStream;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData;
@ -278,52 +272,30 @@ public class FileTypeDetector {
}
/**
* Determines whether or not the a file matches a user-defined custom file
* type. If the file matches and corresponds to an interesting files type
* rule, this method has the side effect of creating an interesting files
* hit artifact and indexing that artifact for keyword search.
* Determines whether or not a file matches a user-defined custom file type.
*
* @param file The file to test.
*
* @return The file type name string or null, if no match is detected.
*
* @throws TskCoreException
* @return The MIME type as a string if a match is found; otherwise null.
*/
private String detectUserDefinedType(AbstractFile file) {
String retValue = null;
for (FileType fileType : userDefinedFileTypes) {
if (fileType.matches(file)) {
if (fileType.createInterestingFileHit()) {
try {
BlackboardArtifact artifact;
artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
Collection<BlackboardAttribute> attributes = new ArrayList<>();
BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName());
attributes.add(setNameAttribute);
BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType());
attributes.add(ruleNameAttribute);
artifact.addAttributes(attributes);
try {
Case.getCurrentCase().getServices().getBlackboard().indexArtifact(artifact);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS
}
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, String.format("Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex); //NON-NLS
}
}
return fileType.getMimeType();
retValue = fileType.getMimeType();
break;
}
}
return null;
return retValue;
}
/**
* Determines whether or not the a file matches a custom file type defined
* by Autopsy.
* Determines whether or not a file matches a custom file type defined by Autopsy.
*
* @param file The file to test.
*
* @return The file type name string or null, if no match is detected.
* @return The MIME type as a string if a match is found; otherwise null.
*/
private String detectAutopsyDefinedType(AbstractFile file) {
for (FileType fileType : autopsyDefinedFileTypes) {
@ -395,7 +367,7 @@ public class FileTypeDetector {
*
* @throws TskCoreException if detection is required and there is a problem
* writing the result to the case database.
* @deprecated Use detectMIMEType instead, and call AbstractFile.setMIMEType
* @deprecated Use getMIMEType instead, and call AbstractFile.setMIMEType
* and AbstractFile.save to save the result to the file object and the
* database.
*/
@ -419,7 +391,7 @@ public class FileTypeDetector {
* @throws TskCoreException if detection is required and there is a problem
* writing the result to the case database.
*
* @deprecated Use detectMIMEType instead, and call AbstractFile.setMIMEType
* @deprecated Use getMIMEType instead, and call AbstractFile.setMIMEType
* and AbstractFile.save to save the result to the file object and the
* database.
*/
@ -441,7 +413,7 @@ public class FileTypeDetector {
* were uncertain, octet-stream is returned.
*
* @throws TskCoreException
* @deprecated Use detectMIMEType instead.
* @deprecated Use getMIMEType instead.
*/
@Deprecated
public String detect(AbstractFile file) throws TskCoreException {

78
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java
View File

@ -1,15 +1,15 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2013-2015 Basis Technology Corp.
*
* Copyright 2013-2018 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*
* http://www.apache.org/licenses/LICENSE-2.0
*
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@ -18,9 +18,14 @@
*/
package org.sleuthkit.autopsy.modules.filetypeid;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.logging.Level;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.services.Blackboard;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.ingest.FileIngestModule;
import org.sleuthkit.autopsy.ingest.IngestJobContext;
@ -29,13 +34,16 @@ import org.sleuthkit.autopsy.ingest.IngestServices;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult;
import org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.TskCoreException;
/**
* Detects the type of a file based on signature (magic) values. Posts results
* to the blackboard.
*/
@NbBundle.Messages({
"CannotRunFileTypeDetection=Unable to run file type detection."
"CannotRunFileTypeDetection=Unable to run file type detection."
})
public class FileTypeIdIngestModule implements FileIngestModule {
@ -91,7 +99,12 @@ public class FileTypeIdIngestModule implements FileIngestModule {
*/
try {
long startTime = System.currentTimeMillis();
fileTypeDetector.getMIMEType(file);
String mimeType = fileTypeDetector.getMIMEType(file);
file.setMIMEType(mimeType);
FileType fileType = detectUserDefinedFileType(file);
if (fileType != null && fileType.createInterestingFileHit()) {
createInterestingFileHit(file, fileType);
}
addToTotals(jobId, (System.currentTimeMillis() - startTime));
return ProcessResult.OK;
} catch (Exception e) {
@ -100,6 +113,57 @@ public class FileTypeIdIngestModule implements FileIngestModule {
}
}
/**
* Determines whether or not a file matches a user-defined custom file type.
*
* @param file The file to test.
*
* @return The file type if a match is found; otherwise null.
*
* @throws CustomFileTypesException If there is an issue getting an instance
* of CustomFileTypesManager.
*/
private FileType detectUserDefinedFileType(AbstractFile file) throws CustomFileTypesManager.CustomFileTypesException {
FileType retValue = null;
CustomFileTypesManager customFileTypesManager = CustomFileTypesManager.getInstance();
List<FileType> fileTypesList = customFileTypesManager.getUserDefinedFileTypes();
for (FileType fileType : fileTypesList) {
if (fileType.matches(file)) {
retValue = fileType;
break;
}
}
return retValue;
}
/**
* Create an Interesting File hit using the specified file type rule.
*
* @param file The file from which to generate an artifact.
* @param fileType The file type rule for categorizing the hit.
*/
private void createInterestingFileHit(AbstractFile file, FileType fileType) {
try {
BlackboardArtifact artifact;
artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
Collection<BlackboardAttribute> attributes = new ArrayList<>();
BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName());
attributes.add(setNameAttribute);
BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType());
attributes.add(ruleNameAttribute);
artifact.addAttributes(attributes);
try {
Case.getCurrentCase().getServices().getBlackboard().indexArtifact(artifact);
} catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS
}
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, String.format("Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex); //NON-NLS
}
}
@Override
public void shutDown() {
/**