From 6687457705f221e583ad92bc5276bbd81f2cfd38 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Thu, 29 May 2014 23:52:01 -0400 Subject: [PATCH] don't hash directories and prevent adding empty file hash value to database --- .../AddContentToHashDbAction.java | 115 ++++++++++-------- .../autopsy/hashdatabase/Bundle.properties | 1 + .../autopsy/hashdatabase/Bundle_ja.properties | 1 + .../hashdatabase/HashDbIngestModule.java | 9 ++ 4 files changed, 72 insertions(+), 54 deletions(-) diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/AddContentToHashDbAction.java b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/AddContentToHashDbAction.java index 81189cc690..f48258e9e7 100755 --- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/AddContentToHashDbAction.java +++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/AddContentToHashDbAction.java @@ -30,9 +30,7 @@ import javax.swing.JOptionPane; import org.openide.util.NbBundle; import org.openide.util.Utilities; -import org.openide.util.Lookup; import org.openide.util.actions.Presenter; -import org.sleuthkit.autopsy.ingest.IngestJobConfigurator; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.TskCoreException; @@ -42,61 +40,61 @@ import org.sleuthkit.autopsy.ingest.IngestManager; /** * Instances of this Action allow users to content to a hash database. */ -final class AddContentToHashDbAction extends AbstractAction implements Presenter.Popup { +final class AddContentToHashDbAction extends AbstractAction implements Presenter.Popup { + private static AddContentToHashDbAction instance; private final static String SINGLE_SELECTION_NAME = NbBundle.getMessage(AddContentToHashDbAction.class, - "AddContentToHashDbAction.singleSelectionName"); + "AddContentToHashDbAction.singleSelectionName"); private final static String MULTIPLE_SELECTION_NAME = NbBundle.getMessage(AddContentToHashDbAction.class, - "AddContentToHashDbAction.multipleSelectionName"); + "AddContentToHashDbAction.multipleSelectionName"); /** - * AddContentToHashDbAction is a singleton to support multi-selection of nodes, since - * org.openide.nodes.NodeOp.findActions(Node[] nodes) will only pick up an Action from a node - * if every node in the nodes array returns a reference to the same action object from - * Node.getActions(boolean). + * AddContentToHashDbAction is a singleton to support multi-selection of + * nodes, since org.openide.nodes.NodeOp.findActions(Node[] nodes) will only + * pick up an Action from a node if every node in the nodes array returns a + * reference to the same action object from Node.getActions(boolean). */ public static synchronized AddContentToHashDbAction getInstance() { if (null == instance) { instance = new AddContentToHashDbAction(); - } + } return instance; } private AddContentToHashDbAction() { } - + @Override - public JMenuItem getPopupPresenter() { + public JMenuItem getPopupPresenter() { return new AddContentToHashDbMenu(); } - + @Override public void actionPerformed(ActionEvent event) { - } - + } + // Instances of this class are used to implement the a pop up menu for this // action. - private final class AddContentToHashDbMenu extends JMenu { + private final class AddContentToHashDbMenu extends JMenu { AddContentToHashDbMenu() { super(SINGLE_SELECTION_NAME); - + // Disable the menu if file ingest is in progress. if (IngestManager.getInstance().isIngestRunning()) { setEnabled(false); return; } - + // Get any AbstractFile objects from the lookup of the currently focused top component. final Collection selectedFiles = Utilities.actionsGlobalContext().lookupAll(AbstractFile.class); if (selectedFiles.isEmpty()) { setEnabled(false); return; - } - else if (selectedFiles.size() > 1) { + } else if (selectedFiles.size() > 1) { setText(MULTIPLE_SELECTION_NAME); } - + // Disable the menu if hashes have not been calculated. for (AbstractFile file : selectedFiles) { if (null == file.getMd5Hash()) { @@ -104,7 +102,7 @@ final class AddContentToHashDbAction extends AbstractAction implements Presenter return; } } - + // Get the current set of updateable hash databases and add each // one to the menu as a separate menu item. Selecting a hash database // adds the selected files to the selected database. @@ -119,21 +117,20 @@ final class AddContentToHashDbAction extends AbstractAction implements Presenter } }); } - } - else { + } else { JMenuItem empty = new JMenuItem( NbBundle.getMessage(this.getClass(), - "AddContentToHashDbAction.ContentMenu.noHashDbsConfigd")); + "AddContentToHashDbAction.ContentMenu.noHashDbsConfigd")); empty.setEnabled(false); - add(empty); + add(empty); } - + // Add a "New Hash Set..." menu item. Selecting this item invokes a // a hash database creation dialog and adds the selected files to the // the new database. addSeparator(); JMenuItem newHashSetItem = new JMenuItem(NbBundle.getMessage(this.getClass(), - "AddContentToHashDbAction.ContentMenu.createDbItem")); + "AddContentToHashDbAction.ContentMenu.createDbItem")); newHashSetItem.addActionListener(new ActionListener() { @Override public void actionPerformed(ActionEvent e) { @@ -141,46 +138,56 @@ final class AddContentToHashDbAction extends AbstractAction implements Presenter if (null != hashDb) { HashDbManager.getInstance().save(); addFilesToHashSet(selectedFiles, hashDb); - } + } } }); - add(newHashSetItem); + add(newHashSetItem); } - + private void addFilesToHashSet(final Collection files, HashDb hashSet) { for (AbstractFile file : files) { String md5Hash = file.getMd5Hash(); if (null != md5Hash) { + // don't let them add the hash for an empty file to the DB + if (md5Hash.toLowerCase().equals("d41d8cd98f00b204e9800998ecf8427e")) { + Logger.getLogger(AddContentToHashDbAction.class.getName()).log(Level.INFO, "Not adding " + file.getName() + " to database (empty content)"); + JOptionPane.showMessageDialog(null, + NbBundle.getMessage(this.getClass(), + "AddContentToHashDbAction.addFilesToHashSet.unableToAddFileEmptyMsg", + file.getName()), + NbBundle.getMessage(this.getClass(), + "AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr"), + JOptionPane.ERROR_MESSAGE); + continue; + } try { hashSet.addHashes(file); - } - catch (TskCoreException ex) { + } catch (TskCoreException ex) { //noinspection HardCodedStringLiteral Logger.getLogger(AddContentToHashDbAction.class.getName()).log(Level.SEVERE, "Error adding to hash database", ex); JOptionPane.showMessageDialog(null, - NbBundle.getMessage(this.getClass(), - "AddContentToHashDbAction.addFilesToHashSet.unableToAddFileMsg", - file.getName()), - NbBundle.getMessage(this.getClass(), - "AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr"), - JOptionPane.ERROR_MESSAGE); - } - } - else { + NbBundle.getMessage(this.getClass(), + "AddContentToHashDbAction.addFilesToHashSet.unableToAddFileMsg", + file.getName()), + NbBundle.getMessage(this.getClass(), + "AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr"), + JOptionPane.ERROR_MESSAGE); + } + } else { JOptionPane.showMessageDialog(null, - NbBundle.getMessage(this.getClass(), - "AddContentToHashDbAction.addFilesToHashSet.unableToAddFileSzMsg", - files.size() > 1 ? NbBundle - .getMessage(this.getClass(), - "AddContentToHashDbAction.addFilesToHashSet.files") : NbBundle - .getMessage(this.getClass(), - "AddContentToHashDbAction.addFilesToHashSet.file")), - NbBundle.getMessage(this.getClass(), - "AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr"), - JOptionPane.ERROR_MESSAGE); + NbBundle.getMessage(this.getClass(), + "AddContentToHashDbAction.addFilesToHashSet.unableToAddFileSzMsg", + files.size() > 1 ? NbBundle + .getMessage(this.getClass(), + "AddContentToHashDbAction.addFilesToHashSet.files") : NbBundle + .getMessage(this.getClass(), + "AddContentToHashDbAction.addFilesToHashSet.file")), + NbBundle.getMessage(this.getClass(), + "AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr"), + JOptionPane.ERROR_MESSAGE); break; } - } + } } - } + } } diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/Bundle.properties b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/Bundle.properties index a3074b96f1..c11643292e 100644 --- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/Bundle.properties +++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/Bundle.properties @@ -47,6 +47,7 @@ AddContentToHashDbAction.ContentMenu.noHashDbsConfigd=No hash databases configur AddContentToHashDbAction.ContentMenu.createDbItem=Create database... AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr=Add to Hash Database Error AddContentToHashDbAction.addFilesToHashSet.unableToAddFileMsg=Unable to add {0} to the hash database. +AddContentToHashDbAction.addFilesToHashSet.unableToAddFileEmptyMsg=Unable to add {0} to the hash database. File has no content. AddContentToHashDbAction.addFilesToHashSet.unableToAddFileSzMsg=Unable to add the {0} to the hash database. Hashes have not been calculated. Please configure and run an appropriate ingest module. HashDatabaseOptionsPanelController.moduleErr=Module Error HashDatabaseOptionsPanelController.moduleErrMsg=A module caused an error listening to HashDatabaseOptionsPanelController updates. See log to determine which module. Some data could be incomplete. diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/Bundle_ja.properties b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/Bundle_ja.properties index b000bc240a..bf97becf35 100644 --- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/Bundle_ja.properties +++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/Bundle_ja.properties @@ -39,6 +39,7 @@ AddContentToHashDbAction.ContentMenu.noHashDbsConfigd=\u30cf\u30c3\u30b7\u30e5\u AddContentToHashDbAction.ContentMenu.createDbItem=\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u3092\u4f5c\u6210... AddContentToHashDbAction.addFilesToHashSet.addToHashDbErr=\u30cf\u30c3\u30b7\u30e5\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u30a8\u30e9\u30fc\u306b\u8ffd\u52a0 AddContentToHashDbAction.addFilesToHashSet.unableToAddFileMsg=\u30cf\u30c3\u30b7\u30e5\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b {0} \u3092\u8ffd\u52a0\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002 +AddContentToHashDbAction.addFilesToHashSet.unableToAddFileEmptyMsg=Unable to add {0} to the hash database. File has no content. AddContentToHashDbAction.addFilesToHashSet.unableToAddFileSzMsg=\u30cf\u30c3\u30b7\u30e5\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b {0} \u3092\u8ffd\u52a0\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u30cf\u30c3\u30b7\u30e5\u5024\u304c\u8a08\u7b97\u3055\u308c\u3066\u3044\u307e\u305b\u3093\u3002\u9069\u5207\u306a\u30a4\u30f3\u30b8\u30a7\u30b9\u30c8\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u8a2d\u5b9a\u3057\u3001\u5b9f\u884c\u3057\u3066\u4e0b\u3055\u3044\u3002 HashDatabaseOptionsPanelController.moduleErr=\u30e2\u30b8\u30e5\u30fc\u30eb\u30a8\u30e9\u30fc HashDatabaseOptionsPanelController.moduleErrMsg=HashDatabaseOptionsPanelController\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u78ba\u8a8d\u4e2d\u306b\u30e2\u30b8\u30e5\u30fc\u30eb\u304c\u30a8\u30e9\u30fc\u3092\u8d77\u3053\u3057\u307e\u3057\u305f\u3002\u3069\u306e\u30e2\u30b8\u30e5\u30fc\u30eb\u304b\u30ed\u30b0\u3067\u78ba\u8a8d\u3057\u3066\u4e0b\u3055\u3044\u3002\u4e00\u90e8\u306e\u30c7\u30fc\u30bf\u304c\u5b8c\u5168\u3067\u306a\u3044\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002 diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java index 484f3a8b8c..e2ee1d7947 100644 --- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java +++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java @@ -131,6 +131,15 @@ public class HashDbIngestModule implements FileIngestModule { return ProcessResult.OK; } + /* Skip directories. One reason for this is because we won't accurately + * calculate hashes of NTFS directories that have content that spans the + * IDX_ROOT and IDX_ALLOC artifacts. So we disable that until a solution for + * it is developed. + */ + if (file.isDir()) { + return ProcessResult.OK; + } + // bail out if we have no hashes set if ((knownHashSets.isEmpty()) && (knownBadHashSets.isEmpty()) && (!settings.shouldCalculateHashes())) { return ProcessResult.OK;