mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2869 from millmanorama/2706-regex-hit-count

Browse Source 
2706 regex hit count
This commit is contained in:
Richard Cordovano 2017-06-22 11:58:46 -04:00 committed by GitHub
commit 7394ac1244
1 changed files with 111 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
Core/src/org/sleuthkit/autopsy/datamodel/KeywordHits.java
View File

@ -1,7 +1,7 @@
/* /*
* Autopsy Forensic Browser * Autopsy Forensic Browser
* *
* Copyright 2011-2016 Basis Technology Corp. * Copyright 2011-2017 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org * Contact: carrier <at> sleuthkit <dot> org
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
@ -33,6 +33,8 @@ import java.util.Observable;
import java.util.Observer; import java.util.Observer;
import java.util.Set; import java.util.Set;
import java.util.logging.Level; import java.util.logging.Level;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.openide.nodes.ChildFactory; import org.openide.nodes.ChildFactory;
import org.openide.nodes.Children; import org.openide.nodes.Children;
import org.openide.nodes.Node; import org.openide.nodes.Node;
@ -74,12 +76,12 @@ public class KeywordHits implements AutopsyVisitableItem {
keywordResults = new KeywordResults(); keywordResults = new KeywordResults();
} }
/* All of these maps and code assume the following: /*
* Regexps will have an 'instance' layer that shows the specific words that matched the regexp * All of these maps and code assume the following: Regexps will have an
* Exact match and substring will not have the instance layer and instead will have the specific hits * 'instance' layer that shows the specific words that matched the regexp
* below their term. * Exact match and substring will not have the instance layer and instead
* will have the specific hits below their term.
*/ */
private final class KeywordResults extends Observable { private final class KeywordResults extends Observable {
// Map from listName/Type to Map of keywords/regexp to Map of instance terms to Set of artifact Ids // Map from listName/Type to Map of keywords/regexp to Map of instance terms to Set of artifact Ids
@ -104,10 +106,11 @@ public class KeywordHits implements AutopsyVisitableItem {
} }
/** /**
* Get keywords used in a given list. Will be regexp patterns for regexps * Get keywords used in a given list. Will be regexp patterns for
* and search term for non-regexps. * regexps and search term for non-regexps.
* *
* @param listName Keyword list name * @param listName Keyword list name
*
* @return * @return
*/ */
List<String> getKeywords(String listName) { List<String> getKeywords(String listName) {
@ -120,12 +123,13 @@ public class KeywordHits implements AutopsyVisitableItem {
} }
/** /**
* Get specific keyword terms that were found for a given list * Get specific keyword terms that were found for a given list and
* and keyword combination. For example, a specific phone number for a * keyword combination. For example, a specific phone number for a phone
* phone number regexp. Will be the default instance for non-regexp searches. * number regexp. Will be the default instance for non-regexp searches.
* *
* @param listName Keyword list name * @param listName Keyword list name
* @param keyword search term (regexp pattern or exact match term) * @param keyword search term (regexp pattern or exact match term)
*
* @return * @return
*/ */
List<String> getKeywordInstances(String listName, String keyword) { List<String> getKeywordInstances(String listName, String keyword) {
@ -139,9 +143,13 @@ public class KeywordHits implements AutopsyVisitableItem {
/** /**
* Get artifact ids for a given list, keyword, and instance triple * Get artifact ids for a given list, keyword, and instance triple
*
* @param listName Keyword list name * @param listName Keyword list name
* @param keyword search term (regexp pattern or exact match term) * @param keyword search term (regexp pattern or exact match
* @param keywordInstance specific term that matched (or default instance name) * term)
* @param keywordInstance specific term that matched (or default
* instance name)
*
* @return * @return
*/ */
Set<Long> getArtifactIds(String listName, String keyword, String keywordInstance) { Set<Long> getArtifactIds(String listName, String keyword, String keywordInstance) {
@ -152,7 +160,9 @@ public class KeywordHits implements AutopsyVisitableItem {
/** /**
* Add a hit for a regexp to the internal data structure. * Add a hit for a regexp to the internal data structure.
* @param listMap Maps keywords/regexp to instances to artifact IDs *
* @param listMap Maps keywords/regexp to instances to artifact
* IDs
* @param regExp Regular expression that was used in search * @param regExp Regular expression that was used in search
* @param keywordInstance Specific term that matched regexp * @param keywordInstance Specific term that matched regexp
* @param artifactId Artifact id of file that had hit * @param artifactId Artifact id of file that had hit
@ -172,9 +182,10 @@ public class KeywordHits implements AutopsyVisitableItem {
instanceMap.get(keywordInstance).add(artifactId); instanceMap.get(keywordInstance).add(artifactId);
} }
/** /**
* Add a hit for a exactmatch (or substring) to the internal data structure. * Add a hit for a exactmatch (or substring) to the internal data
* structure.
*
* @param listMap Maps keywords/regexp to instances to artifact IDs * @param listMap Maps keywords/regexp to instances to artifact IDs
* @param keyWord Term that was hit * @param keyWord Term that was hit
* @param artifactId Artifact id of file that had hit * @param artifactId Artifact id of file that had hit
@ -193,8 +204,11 @@ public class KeywordHits implements AutopsyVisitableItem {
} }
/** /**
* Populate data structure for the tree based on the keyword hit artifacts * Populate data structure for the tree based on the keyword hit
* @param artifactIds Maps Artifact ID to map of attribute types to attribute values * artifacts
*
* @param artifactIds Maps Artifact ID to map of attribute types to
* attribute values
*/ */
void populateTreeMaps(Map<Long, Map<Long, String>> artifactIds) { void populateTreeMaps(Map<Long, Map<Long, String>> artifactIds) {
synchronized (topLevelMap) { synchronized (topLevelMap) {
@ -241,8 +255,7 @@ public class KeywordHits implements AutopsyVisitableItem {
} else { } else {
addNonRegExpMatchToList(listMap, word, id); addNonRegExpMatchToList(listMap, word, id);
} }
} } else if (reg != null) {
else if (reg != null) {
addRegExpToList(listMap, reg, word, id); addRegExpToList(listMap, reg, word, id);
} else { } else {
addNonRegExpMatchToList(listMap, word, id); addNonRegExpMatchToList(listMap, word, id);
@ -299,9 +312,9 @@ public class KeywordHits implements AutopsyVisitableItem {
long artifactId = resultSet.getLong("artifact_id"); //NON-NLS long artifactId = resultSet.getLong("artifact_id"); //NON-NLS
long typeId = resultSet.getLong("attribute_type_id"); //NON-NLS long typeId = resultSet.getLong("attribute_type_id"); //NON-NLS
if (!artifactIds.containsKey(artifactId)) { if (!artifactIds.containsKey(artifactId)) {
artifactIds.put(artifactId, new LinkedHashMap<Long, String>()); artifactIds.put(artifactId, new LinkedHashMap<>());
} }
if (valueStr != null && !valueStr.equals("")) { if (StringUtils.isNotEmpty(valueStr)) {
artifactIds.get(artifactId).put(typeId, valueStr); artifactIds.get(artifactId).put(typeId, valueStr);
} else { } else {
// Keyword Search Type is an int // Keyword Search Type is an int
@ -459,7 +472,8 @@ public class KeywordHits implements AutopsyVisitableItem {
} }
/** /**
* Represents the keyword search lists (or default groupings if list was not given) * Represents the keyword search lists (or default groupings if list was not
* given)
*/ */
public class ListNode extends DisplayableItemNode implements Observer { public class ListNode extends DisplayableItemNode implements Observer {
@ -583,17 +597,17 @@ public class KeywordHits implements AutopsyVisitableItem {
this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/keyword_hits.png"); //NON-NLS this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/keyword_hits.png"); //NON-NLS
updateDisplayName(); updateDisplayName();
keywordResults.addObserver(this); keywordResults.addObserver(this);
} }
private void updateDisplayName() { private void updateDisplayName() {
int totalDescendants = 0; super.setDisplayName(keyword + " (" + countTotalDescendants() + ")");
for (String instance : keywordResults.getKeywordInstances(setName, keyword)) {
Set<Long> ids = keywordResults.getArtifactIds(setName, keyword, instance);
totalDescendants += ids.size();
} }
super.setDisplayName(keyword + " (" + totalDescendants + ")"); private int countTotalDescendants() {
return keywordResults.getKeywordInstances(setName, keyword).stream()
.mapToInt(instance -> keywordResults.getArtifactIds(setName, keyword, instance).size())
.sum();
} }
@Override @Override
@ -605,12 +619,7 @@ public class KeywordHits implements AutopsyVisitableItem {
public boolean isLeafTypeNode() { public boolean isLeafTypeNode() {
List<String> instances = keywordResults.getKeywordInstances(setName, keyword); List<String> instances = keywordResults.getKeywordInstances(setName, keyword);
// is this an exact/substring match (i.e. did we use the DEFAULT name)? // is this an exact/substring match (i.e. did we use the DEFAULT name)?
if (instances.size() == 1 && instances.get(0).equals(DEFAULT_INSTANCE_NAME)) { return instances.size() == 1 && instances.get(0).equals(DEFAULT_INSTANCE_NAME);
return true;
}
else {
return false;
}
} }
@Override @Override
@ -635,7 +644,7 @@ public class KeywordHits implements AutopsyVisitableItem {
ss.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "KeywordHits.createSheet.filesWithHits.name"), ss.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "KeywordHits.createSheet.filesWithHits.name"),
NbBundle.getMessage(this.getClass(), "KeywordHits.createSheet.filesWithHits.displayName"), NbBundle.getMessage(this.getClass(), "KeywordHits.createSheet.filesWithHits.displayName"),
NbBundle.getMessage(this.getClass(), "KeywordHits.createSheet.filesWithHits.desc"), NbBundle.getMessage(this.getClass(), "KeywordHits.createSheet.filesWithHits.desc"),
keywordResults.getKeywordInstances(setName, keyword).size())); countTotalDescendants()));
return s; return s;
} }
@ -650,37 +659,45 @@ public class KeywordHits implements AutopsyVisitableItem {
// as they keys for different types of nodes at the // as they keys for different types of nodes at the
// same level. Probably a better way to do this, but // same level. Probably a better way to do this, but
// it works. // it works.
class RegExpInstanceKey { private class RegExpInstanceKey {
private final boolean isRegExp; private final boolean isRegExp;
private String strKey; private String strKey;
private Long longKey; private Long longKey;
public RegExpInstanceKey(String key) {
RegExpInstanceKey(String key) {
isRegExp = true; isRegExp = true;
strKey = key; strKey = key;
} }
public RegExpInstanceKey(Long key) {
RegExpInstanceKey(Long key) {
isRegExp = false; isRegExp = false;
longKey = key; longKey = key;
} }
boolean isRegExp() { boolean isRegExp() {
return isRegExp; return isRegExp;
} }
Long getIdKey() { Long getIdKey() {
return longKey; return longKey;
} }
String getRegExpKey() { String getRegExpKey() {
return strKey; return strKey;
} }
} }
/** /**
* Creates the nodes for a given regexp that represent the specific terms that were found * Creates the nodes for a given regexp that represent the specific terms
* that were found
*/ */
public class RegExpInstancesFactory extends ChildFactory.Detachable<RegExpInstanceKey> implements Observer { public class RegExpInstancesFactory extends ChildFactory.Detachable<RegExpInstanceKey> implements Observer {
private final String keyword; private final String keyword;
private final String setName; private final String setName;
private Map<RegExpInstanceKey, DisplayableItemNode > nodesMap = new HashMap<>(); private final Map<RegExpInstanceKey, DisplayableItemNode> nodesMap = new HashMap<>();
public RegExpInstancesFactory(String setName, String keyword) { public RegExpInstancesFactory(String setName, String keyword) {
super(); super();
@ -739,6 +756,7 @@ public class KeywordHits implements AutopsyVisitableItem {
} }
} }
@Override @Override
public void update(Observable o, Object arg) { public void update(Observable o, Object arg) {
refresh(true); refresh(true);
@ -756,7 +774,7 @@ public class KeywordHits implements AutopsyVisitableItem {
private final String instance; private final String instance;
public RegExpInstanceNode(String setName, String keyword, String instance) { public RegExpInstanceNode(String setName, String keyword, String instance) {
super(Children.create(new HitsFactory(setName, keyword, instance), true), Lookups.singleton(keyword)); super(Children.create(new HitsFactory(setName, keyword, instance), true), Lookups.singleton(instance));
super.setName(instance); //the instance represents the name of the keyword hit at this point as the keyword is the regex super.setName(instance); //the instance represents the name of the keyword hit at this point as the keyword is the regex
this.setName = setName; this.setName = setName;
this.keyword = keyword; this.keyword = keyword;
@ -803,7 +821,7 @@ public class KeywordHits implements AutopsyVisitableItem {
ss.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "KeywordHits.createSheet.filesWithHits.name"), ss.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "KeywordHits.createSheet.filesWithHits.name"),
NbBundle.getMessage(this.getClass(), "KeywordHits.createSheet.filesWithHits.displayName"), NbBundle.getMessage(this.getClass(), "KeywordHits.createSheet.filesWithHits.displayName"),
NbBundle.getMessage(this.getClass(), "KeywordHits.createSheet.filesWithHits.desc"), NbBundle.getMessage(this.getClass(), "KeywordHits.createSheet.filesWithHits.desc"),
keywordResults.getKeywordInstances(setName, keyword).size())); keywordResults.getArtifactIds(setName, keyword, instance).size()));
return s; return s;
} }
@ -816,7 +834,9 @@ public class KeywordHits implements AutopsyVisitableItem {
/** /**
* Create a blackboard node for the given Keyword Hit artifact * Create a blackboard node for the given Keyword Hit artifact
*
* @param artifactId * @param artifactId
*
* @return Node or null on error * @return Node or null on error
*/ */
private BlackboardArtifactNode createBlackboardArtifactNode(Long artifactId) { private BlackboardArtifactNode createBlackboardArtifactNode(Long artifactId) {
@ -879,7 +899,7 @@ public class KeywordHits implements AutopsyVisitableItem {
private final String setName; private final String setName;
private final String instance; private final String instance;
private Map<Long, BlackboardArtifactNode > nodesMap = new HashMap<>(); private final Map<Long, BlackboardArtifactNode> nodesMap = new HashMap<>();
public HitsFactory(String setName, String keyword, String instance) { public HitsFactory(String setName, String keyword, String instance) {
super(); super();