Merge pull request #4015 from rishwanth1995/live_autopsy_warning

warn user for case folder, if they are running autopsy in target system

Core/src/org/sleuthkit/autopsy/casemodule/Bundle.properties

@@ -146,6 +146,8 @@ UpdateRecentCases.menuItem.clearRecentCases.text=Clear Recent Cases
 UpdateRecentCases.menuItem.empty=-Empty-
 AddImageWizardIngestConfigPanel.CANCEL_BUTTON.text=Cancel
 NewCaseVisualPanel1.CaseFolderOnCDriveError.text=Warning: Path to multi-user case folder is on \"C:\" drive
+NewCaseVisualPanel1.CaseFolderOnInternalDriveWindowsError.text=Warning: Path to case folder is on \"C:\" drive. Case folder is created on the target system
+NewCaseVisualPanel1.CaseFolderOnInternalDriveLinuxError.text=Warning: Path to case folder is on the target system. Create case folder in mounted drive.
 CollaborationMonitor.addingDataSourceStatus.msg={0} adding data source
 CollaborationMonitor.analyzingDataSourceStatus.msg={0} analyzing {1}
 MissingImageDialog.lbWarning.text=

Core/src/org/sleuthkit/autopsy/casemodule/ImageFilePanel.java

@@ -319,7 +319,7 @@ public class ImageFilePanel extends JPanel implements DocumentListener {
 
         // Display warning if there is one (but don't disable "next" button)
         try {
-            if (false == PathValidator.isValid(path, Case.getCurrentCaseThrows().getCaseType())) {
+            if (false == PathValidator.isValidForMultiUserCase(path, Case.getCurrentCaseThrows().getCaseType())) {
                 pathErrorLabel.setVisible(true);
                 pathErrorLabel.setText(Bundle.ImageFilePanel_pathValidation_dataSourceOnCDriveError());
             }

Core/src/org/sleuthkit/autopsy/casemodule/LocalFilesPanel.java

@@ -290,7 +290,7 @@ final class LocalFilesPanel extends javax.swing.JPanel {
             final Case.CaseType currentCaseType = Case.getCurrentCaseThrows().getCaseType();
 
             for (String currentPath : pathsList) {
-                if (!PathValidator.isValid(currentPath, currentCaseType)) {
+                if (!PathValidator.isValidForMultiUserCase(currentPath, currentCaseType)) {
                     errorLabel.setVisible(true);
                     errorLabel.setText(Bundle.LocalFilesPanel_pathValidation_dataSourceOnCDriveError());
                     return;

Core/src/org/sleuthkit/autopsy/casemodule/LogicalEvidenceFilePanel.java

@@ -191,7 +191,7 @@ final class LogicalEvidenceFilePanel extends javax.swing.JPanel implements Docum
         }
         // display warning if there is one (but don't disable "next" button)
         try {
-            if (!PathValidator.isValid(path, Case.getCurrentCaseThrows().getCaseType())) {
+            if (!PathValidator.isValidForMultiUserCase(path, Case.getCurrentCaseThrows().getCaseType())) {
                 errorLabel.setVisible(true);
                 errorLabel.setText(Bundle.LogicalEvidenceFilePanel_pathValidation_dataSourceOnCDriveError());
                 return false;

Core/src/org/sleuthkit/autopsy/casemodule/NewCaseVisualPanel1.java

@@ -29,6 +29,7 @@ import javax.swing.event.DocumentListener;
 import org.sleuthkit.autopsy.casemodule.Case.CaseType;
 import org.sleuthkit.autopsy.core.UserPreferences;
 import org.sleuthkit.autopsy.coreutils.PathValidator;
+import org.sleuthkit.autopsy.coreutils.PlatformUtil;
 
 /**
  * The JPanel for the first page of the new case wizard.
@@ -151,10 +152,23 @@ final class NewCaseVisualPanel1 extends JPanel implements DocumentListener {
          */
         caseParentDirWarningLabel.setVisible(false);
         String parentDir = getCaseParentDir();
-        if (!PathValidator.isValid(parentDir, getCaseType())) {
+        if (!PathValidator.isValidForMultiUserCase(parentDir, getCaseType())) {
             caseParentDirWarningLabel.setVisible(true);
             caseParentDirWarningLabel.setText(NbBundle.getMessage(this.getClass(), "NewCaseVisualPanel1.CaseFolderOnCDriveError.text"));
         }
+        
+        /**
+         * Check the base case directory if it can persist data and show a 
+         * warning if it is a wrong choice
+         */
+        if(!PathValidator.isValidForRunningOnTarget(parentDir)){
+            caseParentDirWarningLabel.setVisible(true);
+            if(PlatformUtil.isWindowsOS()){
+                caseParentDirWarningLabel.setText(NbBundle.getMessage(this.getClass(), "NewCaseVisualPanel1.CaseFolderOnInternalDriveWindowsError.text" ));
+            } else if(System.getProperty("os.name").toLowerCase().contains("nux")) {
+                caseParentDirWarningLabel.setText(NbBundle.getMessage(this.getClass(), "NewCaseVisualPanel1.CaseFolderOnInternalDriveLinuxError.text"));
+            }
+        }
 
         /**
          * Enable the "Next" button for the wizard if there is text entered for

Core/src/org/sleuthkit/autopsy/core/AutopsyOptionProcessor.java

@@ -0,0 +1,66 @@
+/*
+ * Autopsy Forensic Browser
+ *
+ * Copyright 2013-2017 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.autopsy.core;
+
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.netbeans.api.sendopts.CommandException;
+import org.netbeans.spi.sendopts.Env;
+import org.netbeans.spi.sendopts.Option;
+import org.netbeans.spi.sendopts.OptionProcessor;
+import org.openide.util.lookup.ServiceProvider;
+import org.sleuthkit.autopsy.coreutils.ModuleSettings;
+import org.sleuthkit.autopsy.coreutils.PlatformUtil;
+
+/**
+ * This class can be used to add command line options to Autopsy
+ * To add more options to autopsy, create a Option variable and add it to the set in getOptions method
+ * Do your logic for that option in the process method
+ */
+@ServiceProvider(service=OptionProcessor.class)
+public class AutopsyOptionProcessor extends OptionProcessor {
+    
+    private static final Logger logger = Logger.getLogger(AutopsyOptionProcessor.class.getName());
+    private final Option liveAutopsyOption = Option.withoutArgument('l', "liveAutopsy");
+    private final static String PROP_BASECASE = "LBL_BaseCase_PATH";
+
+
+    @Override
+    protected Set<Option> getOptions() {
+        Set<Option> set = new HashSet<>();
+        set.add(liveAutopsyOption);
+        return set;
+    }
+
+    @Override
+    protected void process(Env env, Map<Option, String[]> values) throws CommandException {
+       if(values.containsKey(liveAutopsyOption)){
+           try {
+               RuntimeProperties.setRunningInTarget(true);
+               ModuleSettings.setConfigSetting(ModuleSettings.MAIN_SETTINGS, PROP_BASECASE , PlatformUtil.getUserDirectory().toString());
+           } catch (RuntimeProperties.RuntimePropertiesException ex) {
+               logger.log(Level.SEVERE, ex.getMessage(), ex);
+           }
+       }
+    }
+    
+}

Core/src/org/sleuthkit/autopsy/core/RuntimeProperties.java

@@ -26,6 +26,8 @@ public class RuntimeProperties {
 
     private static boolean runningWithGUI = true;
     private static boolean runningWithGUIFlagHasBeenSet = false;
+    private static boolean runningInTarget = false;
+    private static boolean runningInTargetFlagHasBeenSet = false;
 
     /**
      * Sets or unsets a flag indicating whether or not the application is
@@ -44,6 +46,33 @@ public class RuntimeProperties {
             throw new RuntimePropertiesException("The runningWithGUI flag has already been set and cannot be changed");
         }
     }
+    
+    /**
+     * Sets or unsets a flag indicating whether or not the application is running in a target system.
+     * The flag can only be set once per application innvocation
+     * 
+     * @param runningInTarget
+     * 
+     * @throws RuntimePropertiesException if the flag has already been set 
+     */
+    
+    public synchronized static void setRunningInTarget(boolean runningInTarget) throws RuntimePropertiesException{
+        if(!runningInTargetFlagHasBeenSet){
+            RuntimeProperties.runningInTarget = runningInTarget;
+            runningInTargetFlagHasBeenSet = true;
+        } else {
+            throw new RuntimePropertiesException("The runningLive Flag has already been set and cannot be changed");
+        }
+    }
+    
+    /**
+     * Gets a flag indicating whether or not the application is running in a target system
+     * 
+     * @return True or false.
+     */
+    public synchronized static boolean isRunningInTarget() {
+        return runningInTarget;
+    }
 
     /**
      * Gets a flag indicating whether or not the application is running with a

Core/src/org/sleuthkit/autopsy/coreutils/PathValidator.java

@@ -21,6 +21,7 @@ package org.sleuthkit.autopsy.coreutils;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import org.sleuthkit.autopsy.casemodule.Case;
+import org.sleuthkit.autopsy.core.RuntimeProperties;
 
 /**
  * Validates absolute path (e.g. to a data source or case output folder)
@@ -29,8 +30,9 @@ import org.sleuthkit.autopsy.casemodule.Case;
 public final class PathValidator {
 
     private static final Pattern driveLetterPattern = Pattern.compile("^[Cc]:.*$");
+    private static final Pattern unixMediaDrivePattern = Pattern.compile("^\\/(media|mnt)\\/.*$");
 
-    public static boolean isValid(String path, Case.CaseType caseType) {
+    public static boolean isValidForMultiUserCase(String path, Case.CaseType caseType) {
 
         if (caseType == Case.CaseType.MULTI_USER_CASE) {
             // check that path is not on "C:" drive
@@ -39,11 +41,45 @@ public final class PathValidator {
             }
         } else {
             // single user case - no validation needed
-        }
+            }
 
         return true;
     }
-
+    
+    public static boolean isValidForRunningOnTarget(String path) {
+        if(checkForLiveAutopsy()) {
+            if(PlatformUtil.isWindowsOS()) {
+                if(pathOnCDrive(path)){
+                    return false;
+                }
+            }else if(System.getProperty("os.name").toLowerCase().contains("nux") && !pathIsMedia(path)){
+                return false;
+            }
+        }
+        return true;
+    }
+    
+    /**
+     * Checks whether Autopsy is running from the external disk
+     * 
+     * @return true if Autopsy is running from external USB or CD
+     */
+    private static boolean checkForLiveAutopsy() {
+        return RuntimeProperties.isRunningInTarget();
+    }
+    
+    /**
+     * Checks whether a file path contains "/mnt" or "/media"
+     * 
+     * @param filePath Input file absolute path
+     * 
+     * @return true if path matches the pattern, false otherwise 
+     */
+    private static boolean pathIsMedia(String filePath) {
+        Matcher matcher = unixMediaDrivePattern.matcher(filePath);
+        return matcher.find();
+    }
+    
     /**
      * Checks whether a file path contains drive letter defined by pattern.
      *

Core/src/org/sleuthkit/autopsy/datasourceprocessors/RawDSInputPanel.java

@@ -305,7 +305,7 @@ final class RawDSInputPanel extends JPanel implements DocumentListener {
         "RawDSInputPanel.noOpenCase.errMsg=Exception while getting open case."})
     private void warnIfPathIsInvalid(String path) {
         try {
-        if (!PathValidator.isValid(path, Case.getCurrentCaseThrows().getCaseType())) {
+        if (!PathValidator.isValidForMultiUserCase(path, Case.getCurrentCaseThrows().getCaseType())) {
             errorLabel.setVisible(true);
             errorLabel.setText(Bundle.RawDSInputPanel_error_text());
         }

Core/src/org/sleuthkit/autopsy/livetriage/CreateLiveTriageDriveAction.java

@@ -254,7 +254,7 @@ public final class CreateLiveTriageDriveAction extends CallableSystemAction impl
                 + "                echo %appName%\\bin\\%appName%64.exe does not exist\n"
                 + "                goto end\n"
                 + "        )\n"
-                + "        %appName%\\bin\\%appName%64.exe --userdir ..\\configData\\userdir --cachedir ..\\configData\\cachedir -J-Djava.io.tmpdir=..\\configData\\temp\n"
+                + "        %appName%\\bin\\%appName%64.exe --userdir ..\\configData\\userdir --cachedir ..\\configData\\cachedir -J-Djava.io.tmpdir=..\\configData\\temp --liveAutopsy\n"
                 + ") else (\n"
                 + "        echo Could not find %appName% directory\n"
                 + "        goto end\n"

Experimental/src/org/sleuthkit/autopsy/experimental/autoingest/ArchiveFilePanel.java

@@ -218,7 +218,7 @@ class ArchiveFilePanel extends JPanel implements DocumentListener {
 
         // display warning if there is one (but don't disable "next" button)
         try {
-            if (false == PathValidator.isValid(path, Case.getCurrentCaseThrows().getCaseType())) {
+            if (false == PathValidator.isValidForMultiUserCase(path, Case.getCurrentCaseThrows().getCaseType())) {
                 errorLabel.setVisible(true);
                 errorLabel.setText(Bundle.DataSourceOnCDriveError_text());
             }

Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/MemoryDSInputPanel.java

@@ -421,7 +421,7 @@ final class MemoryDSInputPanel extends JPanel implements DocumentListener {
     })
     private void warnIfPathIsInvalid(String path) {
         try {
-            if (!PathValidator.isValid(path, Case.getCurrentCaseThrows().getCaseType())) {
+            if (!PathValidator.isValidForMultiUserCase(path, Case.getCurrentCaseThrows().getCaseType())) {
                 errorLabel.setVisible(true);
                 errorLabel.setText(Bundle.MemoryDSInputPanel_errorMsg_dataSourcePathOnCdrive());
             }