mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-13 08:26:15 +00:00
Slightly simplified the XRY parser refactor
This commit is contained in:
U-BASIS\dsmyda
parent
44408269f6
commit
8ed0e48efd
@ -202,40 +202,24 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
|
||||
switch (xryKey) {
|
||||
case TEL:
|
||||
case NUMBER:
|
||||
//Apply the namespace
|
||||
switch (xryNamespace) {
|
||||
case FROM:
|
||||
if (callerId != null) {
|
||||
otherAttributes.add(new BlackboardAttribute(
|
||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
|
||||
PARSER_NAME, pair.getValue()));
|
||||
} else {
|
||||
// Apply namespace or direction
|
||||
if (xryNamespace == XryNamespace.FROM || direction == CommunicationDirection.INCOMING) {
|
||||
callerId = pair.getValue();
|
||||
}
|
||||
break;
|
||||
case TO:
|
||||
} else if (xryNamespace == XryNamespace.TO || direction == CommunicationDirection.OUTGOING) {
|
||||
calleeList.add(pair.getValue());
|
||||
break;
|
||||
default:
|
||||
} else {
|
||||
otherAttributes.add(new BlackboardAttribute(
|
||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER,
|
||||
PARSER_NAME, pair.getValue()));
|
||||
}
|
||||
break;
|
||||
//Although confusing, as these are also 'name spaces', it appears
|
||||
//later versions of XRY realized having standardized lines was easier
|
||||
//to read.
|
||||
// Although confusing, as these are also 'name spaces', it appears
|
||||
// later versions of XRY just made these standardized lines.
|
||||
case TO:
|
||||
calleeList.add(pair.getValue());
|
||||
break;
|
||||
case FROM:
|
||||
if (callerId != null) {
|
||||
otherAttributes.add(new BlackboardAttribute(
|
||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
|
||||
PARSER_NAME, pair.getValue()));
|
||||
} else {
|
||||
callerId = pair.getValue();
|
||||
}
|
||||
break;
|
||||
case TIME:
|
||||
try {
|
||||
@ -256,6 +240,14 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
|
||||
direction = CommunicationDirection.OUTGOING;
|
||||
}
|
||||
break;
|
||||
case TYPE:
|
||||
String typeString = pair.getValue();
|
||||
if (typeString.equalsIgnoreCase("received")) {
|
||||
direction = CommunicationDirection.INCOMING;
|
||||
} else if (typeString.equalsIgnoreCase("dialed")) {
|
||||
direction = CommunicationDirection.OUTGOING;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
//Otherwise, the XryKey enum contains the correct BlackboardAttribute
|
||||
//type.
|
||||
@ -295,7 +287,7 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
|
||||
// If the DIRECTION check failed, just manually create accounts
|
||||
// for these phones. Note, there is no need to create relationships.
|
||||
// If both callerId and calleeList were non-null/non-empty, then
|
||||
// the check above would have directed us to the else block.
|
||||
// it would have been a valid combination.
|
||||
if (callerId != null) {
|
||||
currentCase.getCommunicationsManager().createAccountFileInstance(
|
||||
Account.Type.PHONE, callerId, PARSER_NAME, parent);
|
||||
|
||||
@ -40,6 +40,7 @@ import java.util.logging.Level;
|
||||
import org.sleuthkit.autopsy.coreutils.Logger;
|
||||
import org.sleuthkit.datamodel.Account;
|
||||
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||
import org.sleuthkit.datamodel.Content;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||
@ -313,37 +314,23 @@ final class XRYMessagesFileParser implements XRYFileParser {
|
||||
switch (key) {
|
||||
case TEL:
|
||||
case NUMBER:
|
||||
switch (namespace) {
|
||||
case FROM:
|
||||
if(senderId != null) {
|
||||
otherAttributes.add(new BlackboardAttribute(
|
||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
|
||||
PARSER_NAME, pair.getValue()));
|
||||
} else {
|
||||
// Apply namespace or direction
|
||||
if(namespace == XryNamespace.FROM || direction == CommunicationDirection.INCOMING) {
|
||||
senderId = pair.getValue();
|
||||
}
|
||||
break;
|
||||
case TO:
|
||||
case PARTICIPANT:
|
||||
} else if(namespace == XryNamespace.TO || direction == CommunicationDirection.OUTGOING) {
|
||||
recipientIdsList.add(pair.getValue());
|
||||
break;
|
||||
default:
|
||||
} else {
|
||||
currentCase.getCommunicationsManager().createAccountFileInstance(
|
||||
Account.Type.PHONE, pair.getValue(), PARSER_NAME, parent);
|
||||
otherAttributes.add(new BlackboardAttribute(
|
||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER,
|
||||
PARSER_NAME, pair.getValue()));
|
||||
}
|
||||
break;
|
||||
//Although confusing, as these are also 'name spaces', it appears
|
||||
//later versions of XRY realized having standardized lines was easier
|
||||
//to read.
|
||||
// Although confusing, as these are also 'name spaces', it appears
|
||||
// later versions of XRY just made these standardized lines.
|
||||
case FROM:
|
||||
if(senderId != null) {
|
||||
otherAttributes.add(new BlackboardAttribute(
|
||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
|
||||
PARSER_NAME, pair.getValue()));
|
||||
} else {
|
||||
senderId = pair.getValue();
|
||||
}
|
||||
break;
|
||||
case TO:
|
||||
recipientIdsList.add(pair.getValue());
|
||||
@ -405,12 +392,16 @@ final class XRYMessagesFileParser implements XRYFileParser {
|
||||
text = pair.getValue();
|
||||
break;
|
||||
case DIRECTION:
|
||||
if (normalizedValue.equals("incoming")) {
|
||||
switch (normalizedValue) {
|
||||
case "incoming":
|
||||
direction = CommunicationDirection.INCOMING;
|
||||
} else if (normalizedValue.equals("outgoing")) {
|
||||
break;
|
||||
case "outgoing":
|
||||
direction = CommunicationDirection.OUTGOING;
|
||||
} else {
|
||||
break;
|
||||
default:
|
||||
direction = CommunicationDirection.UNKNOWN;
|
||||
break;
|
||||
}
|
||||
break;
|
||||
default:
|
||||
@ -428,6 +419,41 @@ final class XRYMessagesFileParser implements XRYFileParser {
|
||||
}
|
||||
}
|
||||
|
||||
// Make sure we have the required fields.
|
||||
// This combination is invalid.
|
||||
if(senderId == null && recipientIdsList.isEmpty()) {
|
||||
// Create the artifact manually..
|
||||
if (direction != CommunicationDirection.UNKNOWN) {
|
||||
otherAttributes.add(new BlackboardAttribute(
|
||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION,
|
||||
PARSER_NAME, direction.getDisplayName()));
|
||||
}
|
||||
|
||||
if (dateTime > 0L) {
|
||||
otherAttributes.add(new BlackboardAttribute(
|
||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START,
|
||||
PARSER_NAME, dateTime));
|
||||
}
|
||||
|
||||
if(readStatus != MessageReadStatus.UNKNOWN) {
|
||||
otherAttributes.add(new BlackboardAttribute(
|
||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_READ_STATUS,
|
||||
PARSER_NAME, (readStatus == MessageReadStatus.READ) ? 1 : 0));
|
||||
}
|
||||
|
||||
if(text != null) {
|
||||
otherAttributes.add(new BlackboardAttribute(
|
||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT,
|
||||
PARSER_NAME, text));
|
||||
}
|
||||
|
||||
if (!otherAttributes.isEmpty()) {
|
||||
BlackboardArtifact artifact = parent.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE);
|
||||
artifact.addAttributes(otherAttributes);
|
||||
|
||||
currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME);
|
||||
}
|
||||
} else {
|
||||
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
|
||||
currentCase, PARSER_NAME, parent, Account.Type.PHONE);
|
||||
|
||||
@ -435,6 +461,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
|
||||
dateTime, readStatus, subject, text, threadId, otherAttributes);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Extracts all pairs from the XRY Entity. This function
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user