mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-19 11:07:43 +00:00
Added more info to the default sig types to extensions map. Also make sure to convert to lowercase before comparing.
This commit is contained in:
Samuel H. Kenyon
parent
b423d0038a
commit
7d29ae3be8
@ -103,11 +103,37 @@ public class FileExtMismatchIngestModule extends org.sleuthkit.autopsy.ingest.In
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set up default mapping (eventually this will be loaded from a config file)
|
// Set up default mapping (eventually this will be loaded from a config file)
|
||||||
String[] exts = {"doc", "docx", "dot", "dotx", "xls", "xlsx", "ppt", "pot", "pptx", "potx"};
|
// For now, since we don't detect specific MS office openxml formats, we just assume that
|
||||||
SigTypeToExtMap.put("application/x-msoffice", exts);
|
// those will get caught under "application/x-msoffice".
|
||||||
String[] exts2 = {"jpg","jpeg"};
|
SigTypeToExtMap.put("application/x-msoffice", new String[] {"doc", "docx", "docm", "dotm", "dot", "dotx", "xls", "xlt", "xla", "xlsx", "xlsm", "xltm", "xlam", "xlsb", "ppt", "pot", "pps","ppa", "pptx", "potx", "ppam", "pptm", "potm", "ppsm"});
|
||||||
SigTypeToExtMap.put("image/jpeg", exts2);
|
SigTypeToExtMap.put("application/msword", new String[]{"doc","dot"});
|
||||||
|
SigTypeToExtMap.put("application/vnd.ms-excel", new String[]{"xls","xlt","xla"});
|
||||||
|
SigTypeToExtMap.put("application/vnd.ms-powerpoint", new String[]{"ppt","pot","pps","ppa"});
|
||||||
|
|
||||||
|
SigTypeToExtMap.put("application/pdf", new String[]{"pdf"});
|
||||||
|
SigTypeToExtMap.put("application/rtf", new String[]{"rtf"});
|
||||||
|
SigTypeToExtMap.put("text/plain", new String[]{"txt"});
|
||||||
|
SigTypeToExtMap.put("text/html", new String[]{"htm", "html", "htx", "htmls"});
|
||||||
|
//todo application/xhtml+xml
|
||||||
|
|
||||||
|
SigTypeToExtMap.put("image/jpeg", new String[]{"jpg","jpeg"});
|
||||||
|
SigTypeToExtMap.put("image/tiff", new String[]{"tiff", "tif"});
|
||||||
|
SigTypeToExtMap.put("image/png", new String[]{"png"});
|
||||||
|
SigTypeToExtMap.put("image/gif", new String[]{"gif"});
|
||||||
|
SigTypeToExtMap.put("image/x-ms-bmp", new String[]{"bmp"});
|
||||||
|
SigTypeToExtMap.put("image/bmp", new String[]{"bmp", "bm"});
|
||||||
|
SigTypeToExtMap.put("image/x-icon", new String[]{"ico"});
|
||||||
|
|
||||||
|
SigTypeToExtMap.put("video/mp4", new String[]{"mp4"});
|
||||||
|
SigTypeToExtMap.put("video/quicktime", new String[]{"mov"});
|
||||||
|
SigTypeToExtMap.put("video/3gpp", new String[]{"3gp"});
|
||||||
|
SigTypeToExtMap.put("video/x-msvideo", new String[]{"avi"});
|
||||||
|
SigTypeToExtMap.put("video/x-ms-wmv", new String[]{"wmv"});
|
||||||
|
SigTypeToExtMap.put("video/mpeg", new String[]{"mpeg","mpg"});
|
||||||
|
SigTypeToExtMap.put("video/x-flv", new String[]{"flv"});
|
||||||
|
|
||||||
|
SigTypeToExtMap.put("application/zip", new String[]{"zip"});
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -149,37 +175,38 @@ public class FileExtMismatchIngestModule extends org.sleuthkit.autopsy.ingest.In
|
|||||||
|
|
||||||
private boolean compareSigTypeToExt(AbstractFile abstractFile) {
|
private boolean compareSigTypeToExt(AbstractFile abstractFile) {
|
||||||
try {
|
try {
|
||||||
|
String extStr = "";
|
||||||
int i = abstractFile.getName().lastIndexOf(".");
|
int i = abstractFile.getName().lastIndexOf(".");
|
||||||
if ((i > -1) && ((i + 1) < abstractFile.getName().length())) {
|
if ((i > -1) && ((i + 1) < abstractFile.getName().length())) {
|
||||||
String extStr = abstractFile.getName().substring(i + 1);
|
extStr = abstractFile.getName().substring(i + 1).toLowerCase();
|
||||||
|
}
|
||||||
|
|
||||||
// find file_sig value.
|
// find file_sig value.
|
||||||
// getArtifacts by type doesn't seem to work, so get all artifacts
|
// getArtifacts by type doesn't seem to work, so get all artifacts
|
||||||
ArrayList<BlackboardArtifact> artList = abstractFile.getAllArtifacts();
|
ArrayList<BlackboardArtifact> artList = abstractFile.getAllArtifacts();
|
||||||
|
|
||||||
for (BlackboardArtifact art : artList) {
|
|
||||||
List<BlackboardAttribute> atrList = art.getAttributes();
|
|
||||||
for (BlackboardAttribute att : atrList) {
|
|
||||||
if (att.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID()) {
|
|
||||||
|
|
||||||
//get known allowed values from the map for this type
|
|
||||||
String[] slist = SigTypeToExtMap.get(att.getValueString());
|
|
||||||
if (slist != null) {
|
|
||||||
List<String> allowedExtList = Arrays.asList(slist);
|
|
||||||
|
|
||||||
// see if the filename ext is in the allowed list
|
for (BlackboardArtifact art : artList) {
|
||||||
if (allowedExtList != null) {
|
List<BlackboardAttribute> atrList = art.getAttributes();
|
||||||
for (String e : allowedExtList) {
|
for (BlackboardAttribute att : atrList) {
|
||||||
if (e.equals(extStr)) {
|
if (att.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID()) {
|
||||||
return false;
|
|
||||||
}
|
//get known allowed values from the map for this type
|
||||||
|
String[] slist = SigTypeToExtMap.get(att.getValueString());
|
||||||
|
if (slist != null) {
|
||||||
|
List<String> allowedExtList = Arrays.asList(slist);
|
||||||
|
|
||||||
|
// see if the filename ext is in the allowed list
|
||||||
|
if (allowedExtList != null) {
|
||||||
|
for (String e : allowedExtList) {
|
||||||
|
if (e.equals(extStr)) {
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
return true; //potential mismatch
|
|
||||||
}
|
}
|
||||||
|
return true; //potential mismatch
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} catch (TskCoreException ex) {
|
} catch (TskCoreException ex) {
|
||||||
Exceptions.printStackTrace(ex);
|
Exceptions.printStackTrace(ex);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user