Fix wrapping of text in aLeapp

Fix wrapping of Text in aLeapp program. Added dox for aLeapp module. FIx error in xml mapping of artifacts.
2025-07-06 21:00:22 +00:00 · 2021-01-05 09:52:46 -05:00 · 2021-01-05 09:52:46 -05:00 · 762e74e637
commit 762e74e637
parent a5ed18e948
6 changed files with 37 additions and 5 deletions
--- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ALeappAnalyzerIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ALeappAnalyzerIngestModule.java
@ -318,7 +318,8 @@ public class ALeappAnalyzerIngestModule implements DataSourceIngestModule {
                "\"" + aLeappExecutable + "\"", //NON-NLS
                "-t", aLeappFileSystemType, //NON-NLS
                "-i", sourceFilePath, //NON-NLS
-                "-o", moduleOutputPath.toString()
+                "-o", moduleOutputPath.toString(),
+                "-w"
        );
        processBuilder.redirectError(moduleOutputPath.resolve("aLeapp_err.txt").toFile());  //NON-NLS
        processBuilder.redirectOutput(moduleOutputPath.resolve("aLeapp_out.txt").toFile());  //NON-NLS
--- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java
@ -30,7 +30,9 @@ import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.List;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import static java.util.Locale.US;
@ -239,7 +241,6 @@ public final class LeappFileProcessor {
                    Collection<BlackboardAttribute> bbattributes = processReadLine(line, columnNumberToProcess, fileName);
                    if (artifactType == null) {
                        logger.log(Level.SEVERE, "Error trying to process Leapp output files in directory . "); //NON-NLS
-                        
                    }
                    if (!bbattributes.isEmpty() && !blkBoard.artifactExists(dataSource, BlackboardArtifact.ARTIFACT_TYPE.fromID(artifactType.getTypeID()), bbattributes)) {
                        BlackboardArtifact bbartifact = createArtifactWithAttributes(artifactType.getTypeID(), dataSource, bbattributes);
@ -264,7 +265,17 @@ public final class LeappFileProcessor {
     * @return
     */
    private Collection<BlackboardAttribute> processReadLine(String line, Map<Integer, String> columnNumberToProcess, String fileName) throws IngestModuleException {
-        String[] columnValues = line.split("\\t");
+         
+        String[] columnValues;
+        
+        // Check to see if the 2 values are equal, they may not be equal if there is no corresponding data in the line.
+        // If this happens then adding an empty value(s) for each columnValue where data does not exist
+        Integer maxColumnNumber = Collections.max(columnNumberToProcess.keySet());
+        if (maxColumnNumber > line.split("\\t").length) {
+            columnValues = Arrays.copyOf(line.split("\\t"), maxColumnNumber + 1);
+        } else {
+            columnValues = line.split("\\t");
+        }

        Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();

--- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/aleap-artifact-attribute-reference.xml
+++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/aleap-artifact-attribute-reference.xml
@ -225,7 +225,7 @@
    </FileName>

    <FileName filename="google play searches.tsv" description="Google Play Searches">
-        <ArtifactName artifactname="TSK_WEB_SEARCH" comment="Google Play Search">
+        <ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Google Play Search">
            <AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Timestamp" required="yes" />
            <AttributeName attributename="TSK_PROG_NAME" columnName="Display" required="yes" />
            <AttributeName attributename="TSK_TEXT" columnName="query" required="yes" />
@ -233,7 +233,7 @@
    </FileName>

    <FileName filename="google quick search box.tsv" description="Google quick search box">
-        <ArtifactName artifactname="TSK_WEB_SEARCH" comment="Google Quick Search Search">
+        <ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="Google Quick Search Search">
            <AttributeName attributename="TSK_DATETIME" columnName="File Timestamp" required="yes" />
            <AttributeName attributename="null" columnName="Type" required="no" />
            <AttributeName attributename="TSK_TEXT" columnName="Queries	Response" required="yes" />
--- a/docs/doxygen-user/aleapp.dox
+++ b/docs/doxygen-user/aleapp.dox
@ -0,0 +1,20 @@
+/*! \page aleapp_page Android Analyzer (aLEAPP)
+
+[TOC]
+
+\section aleapp_overview Overview
+
+The Android Analyzer ingest module runs aLEAPP (https://github.com/abrignoni/aLEAPP) and converts the results into results that can be viewed in Autopsy.
+
+\section aleapp_config Using the Module
+
+Select the checkbox in the Ingest Modules settings screen to enable the Android Analzyer (ALEAPP) module. The module will run on .tar/.zip files found in a \ref ds_log "logical files data source" or a \ref ds_img disk image.
+
+\section aleapp_results Seeing Results
+
+Results from the Android Analyzer module will appear in the \ref tree_viewer_page under Results->Extracted Content.
+
+\image html aleapp_main.jpg
+
+
+*/
--- a/docs/doxygen-user/images/aleapp_main.jpg
+++ b/docs/doxygen-user/images/aleapp_main.jpg
--- a/thirdparty/aLeapp/aleapp.exe
+++ b/thirdparty/aLeapp/aleapp.exe