mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-14 17:06:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4041 from briangsweeney/3868-normalize-cr

Browse Source 
3868 normalize cr
This commit is contained in:
Richard Cordovano 2018-09-13 11:02:09 -04:00 committed by GitHub
commit 94a079c2b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 1179 additions and 402 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Core/ivy.xml
View File

@ -7,12 +7,8 @@
</configurations>
<dependencies >
<dependency conf="core->default" org="com.github.jgraph" name="jgraphx" rev="v3.8.0"/>
<dependency conf="core->default" org="org.apache.activemq" name="activemq-all" rev="5.11.1"/>
<dependency conf="core->default" org="org.apache.curator" name="curator-client" rev="2.8.0"/>
<dependency conf="core->default" org="org.apache.curator" name="curator-framework" rev="2.8.0"/>
@ -27,6 +23,7 @@
<dependency conf="core->default" org="com.adobe.xmp" name="xmpcore" rev="5.1.2"/>
<dependency conf="core->default" org="org.apache.zookeeper" name="zookeeper" rev="3.4.6"/>
<dependency conf="core->default" org="org.apache.commons" name="commons-dbcp2" rev="2.1.1"/>
<dependency conf="core->default" org="org.apache.commons" name="commons-pool2" rev="2.4.2"/>
<dependency org="com.monitorjbl" name="xlsx-streamer" rev="1.2.1"/>
@ -34,5 +31,7 @@
<dependency conf="core->default" org="org.jsoup" name="jsoup" rev="1.10.3"/>
<dependency conf="core->default" org="com.googlecode.plist" name="dd-plist" rev="1.20"/>
<dependency conf="core->default" org="commons-validator" name="commons-validator" rev="1.6"/>
</dependencies>
</ivy-module>

1
Core/nbproject/project.properties
View File

@ -40,6 +40,7 @@ file.reference.xmpcore-5.1.3.jar=release/modules/ext/xmpcore-5.1.3.jar
file.reference.xz-1.6.jar=release/modules/ext/xz-1.6.jar
file.reference.zookeeper-3.4.6.jar=release/modules/ext/zookeeper-3.4.6.jar
file.reference.SparseBitSet-1.1.jar=release/modules/ext/SparseBitSet-1.1.jar
file.reference.commons-validator-1.6.jar=release/modules/ext/commons-validator-1.6.jar
javac.source=1.8
javac.compilerargs=-Xlint -Xlint:-serial
license.file=../LICENSE-2.0.txt

4
Core/nbproject/project.xml
View File

@ -356,6 +356,10 @@
<runtime-relative-path>ext/cxf-rt-transports-http-3.0.16.jar</runtime-relative-path>
<binary-origin>release/modules/ext/cxf-rt-transports-http-3.0.16.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/commons-validator-1.6.jar</runtime-relative-path>
<binary-origin>release/modules/ext/commons-validator-1.6.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/curator-framework-2.8.0.jar</runtime-relative-path>
<binary-origin>release/modules/ext/curator-framework-2.8.0.jar</binary-origin>

5
Core/src/org/sleuthkit/autopsy/centralrepository/AddEditCentralRepoCommentAction.java
View File

@ -38,7 +38,8 @@ import org.sleuthkit.datamodel.AbstractFile;
@Messages({"AddEditCentralRepoCommentAction.menuItemText.addEditCentralRepoComment=Add/Edit Central Repository Comment"})
public final class AddEditCentralRepoCommentAction extends AbstractAction {
private static final Logger logger = Logger.getLogger(AddEditCentralRepoCommentAction.class.getName());
private static final Logger LOGGER = Logger.getLogger(AddEditCentralRepoCommentAction.class.getName());
private static final long serialVersionUID = 1L;
private boolean addToDatabase;
private CorrelationAttributeInstance correlationAttributeInstance;
@ -101,7 +102,7 @@ public final class AddEditCentralRepoCommentAction extends AbstractAction {
comment = centralRepoCommentDialog.getComment();
} catch (EamDbException ex) {
logger.log(Level.SEVERE, "Error adding comment", ex);
LOGGER.log(Level.SEVERE, "Error adding comment", ex);
NotifyDescriptor notifyDescriptor = new NotifyDescriptor.Message(
"An error occurred while trying to save the comment to the central repository.",
NotifyDescriptor.ERROR_MESSAGE);

4
Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.form
View File

@ -80,7 +80,7 @@
</DimensionLayout>
<DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0">
<Component id="otherCasesPanel" pref="59" max="32767" attributes="0"/>
<Component id="otherCasesPanel" pref="58" max="32767" attributes="0"/>
</Group>
</DimensionLayout>
</Layout>
@ -106,7 +106,7 @@
<EmptySpace min="0" pref="483" max="32767" attributes="0"/>
<Group type="103" rootIndex="1" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<Component id="tableContainerPanel" pref="59" max="32767" attributes="0"/>
<Component id="tableContainerPanel" pref="58" max="32767" attributes="0"/>
<EmptySpace min="-2" pref="0" max="-2" attributes="0"/>
</Group>
</Group>

106
Core/src/org/sleuthkit/autopsy/centralrepository/contentviewer/DataContentViewerOtherCases.java
View File

@ -52,11 +52,13 @@ import javax.swing.table.TableColumn;
import org.joda.time.DateTimeZone;
import org.joda.time.LocalDateTime;
import org.openide.nodes.Node;
import org.openide.util.Exceptions;
import org.openide.util.NbBundle.Messages;
import org.openide.util.lookup.ServiceProvider;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.centralrepository.AddEditCentralRepoCommentAction;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException;
import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamArtifactUtil;
@ -86,7 +88,7 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
private static final long serialVersionUID = -1L;
private static final Logger logger = Logger.getLogger(DataContentViewerOtherCases.class.getName());
private static final Logger LOGGER = Logger.getLogger(DataContentViewerOtherCases.class.getName());
private static final int DEFAULT_MIN_CELL_WIDTH = 15;
private static final int CELL_TEXT_WIDTH_PADDING = 5;
@ -123,7 +125,7 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
try {
saveToCSV();
} catch (NoCurrentCaseException ex) {
logger.log(Level.SEVERE, "Exception while getting open case.", ex); // NON-NLS
LOGGER.log(Level.SEVERE, "Exception while getting open case.", ex); // NON-NLS
}
} else if (jmi.equals(showCommonalityMenuItem)) {
showCommonalityDetails();
@ -138,7 +140,7 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
otherCasesTable.repaint();
}
} catch (EamDbException ex) {
logger.log(Level.SEVERE, "Error performing Add/Edit Central Repository Comment action", ex);
LOGGER.log(Level.SEVERE, "Error performing Add/Edit Comment action", ex); //NON-NLS
}
}
}
@ -179,17 +181,21 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
try {
EamDb dbManager = EamDb.getInstance();
for (CorrelationAttributeInstance eamArtifact : correlationAttributes) {
percentage = dbManager.getFrequencyPercentage(eamArtifact);
msg.append(Bundle.DataContentViewerOtherCases_correlatedArtifacts_byType(percentage,
eamArtifact.getCorrelationType().getDisplayName(),
eamArtifact.getCorrelationValue()));
try {
percentage = dbManager.getFrequencyPercentage(eamArtifact);
msg.append(Bundle.DataContentViewerOtherCases_correlatedArtifacts_byType(percentage,
eamArtifact.getCorrelationType().getDisplayName(),
eamArtifact.getCorrelationValue()));
} catch (CorrelationAttributeNormalizationException ex) {
LOGGER.log(Level.WARNING, String.format("Error getting commonality details for artifact with ID: %s.", eamArtifact.getID()), ex);
}
}
JOptionPane.showConfirmDialog(showCommonalityMenuItem,
msg.toString(),
Bundle.DataContentViewerOtherCases_correlatedArtifacts_title(),
DEFAULT_OPTION, PLAIN_MESSAGE);
} catch (EamDbException ex) {
logger.log(Level.SEVERE, "Error getting commonality details.", ex);
LOGGER.log(Level.SEVERE, "Error getting commonality details.", ex);
JOptionPane.showConfirmDialog(showCommonalityMenuItem,
Bundle.DataContentViewerOtherCases_correlatedArtifacts_failed(),
Bundle.DataContentViewerOtherCases_correlatedArtifacts_title(),
@ -242,7 +248,7 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
DEFAULT_OPTION, PLAIN_MESSAGE);
}
} catch (EamDbException ex) {
logger.log(Level.SEVERE, "Error loading case details", ex);
LOGGER.log(Level.SEVERE, "Error loading case details", ex);
JOptionPane.showConfirmDialog(showCaseDetailsMenuItem,
Bundle.DataContentViewerOtherCases_caseDetailsDialog_noDetails(),
caseDisplayName,
@ -305,7 +311,7 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
}
} catch (IOException ex) {
logger.log(Level.SEVERE, "Error writing selected rows to CSV.", ex);
LOGGER.log(Level.SEVERE, "Error writing selected rows to CSV.", ex);
}
}
@ -397,7 +403,7 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
try {
content = nodeBbArtifact.getSleuthkitCase().getContentById(nodeBbArtifact.getObjectID());
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error retrieving blackboard artifact", ex); // NON-NLS
LOGGER.log(Level.SEVERE, "Error retrieving blackboard artifact", ex); // NON-NLS
return null;
}
@ -427,9 +433,9 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
if (bbArtifact != null && EamDb.isEnabled()) {
ret.addAll(EamArtifactUtil.makeInstancesFromBlackboardArtifact(bbArtifact, false));
}
// we can correlate based on the MD5 if it is enabled
if (this.file != null && EamDb.isEnabled()) {
if (this.file != null && EamDb.isEnabled()) {
try {
List<CorrelationAttributeInstance.Type> artifactTypes = EamDb.getInstance().getDefinedCorrelationTypes();
@ -438,33 +444,47 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
for (CorrelationAttributeInstance.Type aType : artifactTypes) {
if (aType.getId() == CorrelationAttributeInstance.FILES_TYPE_ID) {
CorrelationCase corCase = EamDb.getInstance().getCase(Case.getCurrentCase());
ret.add(new CorrelationAttributeInstance(
md5,
aType,
corCase,
CorrelationDataSource.fromTSKDataSource(corCase, file.getDataSource()),
file.getParentPath() + file.getName(),
"",
file.getKnown()));
try {
ret.add(new CorrelationAttributeInstance(
md5,
aType,
corCase,
CorrelationDataSource.fromTSKDataSource(corCase, file.getDataSource()),
file.getParentPath() + file.getName(),
"",
file.getKnown()));
} catch (CorrelationAttributeNormalizationException ex) {
LOGGER.log(Level.INFO, String.format("Unable to check create CorrelationAttribtueInstance for value %s and type %s.", md5, aType.toString()), ex);
}
break;
}
}
}
} catch (EamDbException | TskCoreException ex) {
logger.log(Level.SEVERE, "Error connecting to DB", ex); // NON-NLS
}
LOGGER.log(Level.SEVERE, "Error connecting to DB", ex); // NON-NLS
}
} else {
try {
// If EamDb not enabled, get the Files default correlation type to allow Other Occurances to be enabled.
if (this.file != null) {
String md5 = this.file.getMd5Hash();
if (md5 != null && !md5.isEmpty()) {
ret.add(new CorrelationAttributeInstance(CorrelationAttributeInstance.getDefaultCorrelationTypes().get(0), md5));
// If EamDb not enabled, get the Files default correlation type to allow Other Occurances to be enabled.
if (this.file != null) {
String md5 = this.file.getMd5Hash();
if (md5 != null && !md5.isEmpty()) {
try {
final CorrelationAttributeInstance.Type fileAttributeType
= CorrelationAttributeInstance.getDefaultCorrelationTypes()
.stream()
.filter(attrType -> attrType.getId() == CorrelationAttributeInstance.FILES_TYPE_ID)
.findAny()
.get();
ret.add(new CorrelationAttributeInstance(fileAttributeType, md5));
} catch (EamDbException ex) {
LOGGER.log(Level.SEVERE, "Error connecting to DB", ex); // NON-NLS
} catch (CorrelationAttributeNormalizationException ex) {
LOGGER.log(Level.INFO, String.format("Unable to create CorrelationAttributeInstance for value %s", md5), ex); // NON-NLS
}
}
} catch (EamDbException ex) {
logger.log(Level.SEVERE, "Error connecting to DB", ex); // NON-NLS
}
}
@ -496,9 +516,9 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
}
} catch (EamDbException ex) {
logger.log(Level.SEVERE, "Error getting list of cases from database.", ex); // NON-NLS
LOGGER.log(Level.SEVERE, "Error getting list of cases from database.", ex); // NON-NLS
} catch (ParseException ex) {
logger.log(Level.SEVERE, "Error parsing date of cases from database.", ex); // NON-NLS
LOGGER.log(Level.SEVERE, "Error parsing date of cases from database.", ex); // NON-NLS
}
}
@ -511,9 +531,9 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
* artifact. If the central repo is not enabled, this will only return files
* from the current case with matching MD5 hashes.
*
* @param corAttr CorrelationAttribute to query for
* @param corAttr CorrelationAttribute to query for
* @param dataSourceName Data source to filter results
* @param deviceId Device Id to filter results
* @param deviceId Device Id to filter results
*
* @return A collection of correlated artifact instances
*/
@ -558,13 +578,15 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
return nodeDataMap;
} catch (EamDbException ex) {
logger.log(Level.SEVERE, "Error getting artifact instances from database.", ex); // NON-NLS
LOGGER.log(Level.SEVERE, "Error getting artifact instances from database.", ex); // NON-NLS
} catch (CorrelationAttributeNormalizationException ex) {
LOGGER.log(Level.INFO, "Error getting artifact instances from database.", ex); // NON-NLS
} catch (NoCurrentCaseException ex) {
logger.log(Level.SEVERE, "Exception while getting open case.", ex); // NON-NLS
LOGGER.log(Level.SEVERE, "Exception while getting open case.", ex); // NON-NLS
} catch (TskCoreException ex) {
// do nothing.
// @@@ Review this behavior
logger.log(Level.SEVERE, "Exception while querying open case.", ex); // NON-NLS
LOGGER.log(Level.SEVERE, "Exception while querying open case.", ex); // NON-NLS
}
return new HashMap<>(0);
@ -574,7 +596,7 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
* Get all other abstract files in the current case with the same MD5 as the
* selected node.
*
* @param corAttr The CorrelationAttribute containing the MD5 to search for
* @param corAttr The CorrelationAttribute containing the MD5 to search for
* @param openCase The current case
*
* @return List of matching AbstractFile objects
@ -708,7 +730,6 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
correlatedNodeDataMap.values().forEach((nodeData) -> {
tableModel.addNodeData(nodeData);
});
}
@ -728,8 +749,8 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
* Adjust a given column for the text provided.
*
* @param columnIndex The index of the column to adjust.
* @param text The text whose length will be used to adjust the
* column width.
* @param text The text whose length will be used to adjust the column
* width.
*/
private void setColumnWidthToText(int columnIndex, String text) {
TableColumn column = otherCasesTable.getColumnModel().getColumn(columnIndex);
@ -993,5 +1014,4 @@ public class DataContentViewerOtherCases extends JPanel implements DataContentVi
return dataSourceID;
}
}
}

130
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java
View File

@ -652,7 +652,7 @@ abstract class AbstractSqlEamDb implements EamDb {
preparedStatement.setString(1, eamArtifact.getCorrelationCase().getCaseUUID());
preparedStatement.setString(2, eamArtifact.getCorrelationDataSource().getDeviceID());
preparedStatement.setInt(3, eamArtifact.getCorrelationDataSource().getCaseID());
preparedStatement.setString(4, eamArtifact.getCorrelationValue().toLowerCase());
preparedStatement.setString(4, eamArtifact.getCorrelationValue());
preparedStatement.setString(5, eamArtifact.getFilePath().toLowerCase());
preparedStatement.setByte(6, eamArtifact.getKnownStatus().getFileKnownValue());
if ("".equals(eamArtifact.getComment())) {
@ -712,10 +712,10 @@ abstract class AbstractSqlEamDb implements EamDb {
* @throws EamDbException
*/
@Override
public List<CorrelationAttributeInstance> getArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
if (aType == null) {
throw new EamDbException("Correlation type is null");
}
public List<CorrelationAttributeInstance> getArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
String normalizedValue = CorrelationAttributeNormalizer.normalize(aType, value);
Connection conn = connect();
List<CorrelationAttributeInstance> artifactInstances = new ArrayList<>();
@ -743,7 +743,7 @@ abstract class AbstractSqlEamDb implements EamDb {
try {
preparedStatement = conn.prepareStatement(sql);
preparedStatement.setString(1, value);
preparedStatement.setString(1, normalizedValue);
resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
artifactInstance = getEamArtifactInstanceFromResultSet(resultSet, aType);
@ -809,8 +809,12 @@ abstract class AbstractSqlEamDb implements EamDb {
preparedStatement.setString(1, filePath.toLowerCase());
resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
artifactInstance = getEamArtifactInstanceFromResultSet(resultSet, aType);
artifactInstances.add(artifactInstance);
try {
artifactInstance = getEamArtifactInstanceFromResultSet(resultSet, aType);
artifactInstances.add(artifactInstance);
} catch (CorrelationAttributeNormalizationException ex) {
logger.log(Level.INFO, "Unable to get artifact instance from resultset.", ex);
}
}
} catch (SQLException ex) {
throw new EamDbException("Error getting artifact instances by artifactType and artifactValue.", ex); // NON-NLS
@ -834,13 +838,8 @@ abstract class AbstractSqlEamDb implements EamDb {
* ArtifactValue.
*/
@Override
public Long getCountArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
if (aType == null) {
throw new EamDbException("Correlation type is null");
}
if (value == null) {
throw new EamDbException("Correlation value is null");
}
public Long getCountArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
String normalizedValue = CorrelationAttributeNormalizer.normalize(aType, value);
Connection conn = connect();
@ -856,7 +855,7 @@ abstract class AbstractSqlEamDb implements EamDb {
try {
preparedStatement = conn.prepareStatement(sql);
preparedStatement.setString(1, value.toLowerCase());
preparedStatement.setString(1, normalizedValue);
resultSet = preparedStatement.executeQuery();
resultSet.next();
instanceCount = resultSet.getLong(1);
@ -872,7 +871,7 @@ abstract class AbstractSqlEamDb implements EamDb {
}
@Override
public int getFrequencyPercentage(CorrelationAttributeInstance corAttr) throws EamDbException {
public int getFrequencyPercentage(CorrelationAttributeInstance corAttr) throws EamDbException, CorrelationAttributeNormalizationException {
if (corAttr == null) {
throw new EamDbException("CorrelationAttribute is null");
}
@ -893,10 +892,8 @@ abstract class AbstractSqlEamDb implements EamDb {
* @return Number of unique tuples
*/
@Override
public Long getCountUniqueCaseDataSourceTuplesHavingTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
if (aType == null) {
throw new EamDbException("Correlation type is null");
}
public Long getCountUniqueCaseDataSourceTuplesHavingTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
String normalizedValue = CorrelationAttributeNormalizer.normalize(aType, value);
Connection conn = connect();
@ -914,7 +911,7 @@ abstract class AbstractSqlEamDb implements EamDb {
try {
preparedStatement = conn.prepareStatement(sql);
preparedStatement.setString(1, value);
preparedStatement.setString(1, normalizedValue);
resultSet = preparedStatement.executeQuery();
resultSet.next();
instanceCount = resultSet.getLong(1);
@ -1262,7 +1259,7 @@ abstract class AbstractSqlEamDb implements EamDb {
preparedQuery.setString(1, eamArtifact.getComment());
preparedQuery.setString(2, eamArtifact.getCorrelationCase().getCaseUUID());
preparedQuery.setString(3, eamArtifact.getCorrelationDataSource().getDeviceID());
preparedQuery.setString(4, eamArtifact.getCorrelationValue().toLowerCase());
preparedQuery.setString(4, eamArtifact.getCorrelationValue());
preparedQuery.setString(5, eamArtifact.getFilePath().toLowerCase());
preparedQuery.executeUpdate();
} catch (SQLException ex) {
@ -1289,20 +1286,14 @@ abstract class AbstractSqlEamDb implements EamDb {
*/
@Override
public CorrelationAttributeInstance getCorrelationAttributeInstance(CorrelationAttributeInstance.Type type, CorrelationCase correlationCase,
CorrelationDataSource correlationDataSource, String value, String filePath) throws EamDbException {
if (type == null) {
throw new EamDbException("Correlation type is null");
}
CorrelationDataSource correlationDataSource, String value, String filePath) throws EamDbException, CorrelationAttributeNormalizationException {
if (correlationCase == null) {
throw new EamDbException("Correlation case is null");
}
if (correlationDataSource == null) {
throw new EamDbException("Correlation data source is null");
}
if (value == null) {
throw new EamDbException("Correlation value is null");
}
if (filePath == null) {
throw new EamDbException("Correlation file path is null");
}
@ -1314,6 +1305,8 @@ abstract class AbstractSqlEamDb implements EamDb {
CorrelationAttributeInstance correlationAttributeInstance = null;
try {
String normalizedValue = CorrelationAttributeNormalizer.normalize(type, value);
String tableName = EamDbUtil.correlationTypeToInstanceTableName(type);
String sql
= "SELECT id, known_status, comment FROM "
@ -1326,7 +1319,7 @@ abstract class AbstractSqlEamDb implements EamDb {
preparedStatement = conn.prepareStatement(sql);
preparedStatement.setInt(1, correlationCase.getID());
preparedStatement.setInt(2, correlationDataSource.getID());
preparedStatement.setString(3, value.toLowerCase());
preparedStatement.setString(3, normalizedValue);
preparedStatement.setString(4, filePath.toLowerCase());
resultSet = preparedStatement.executeQuery();
if (resultSet.next()) {
@ -1457,10 +1450,8 @@ abstract class AbstractSqlEamDb implements EamDb {
* @return List with 0 or more matching eamArtifact instances.
*/
@Override
public List<CorrelationAttributeInstance> getArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
if (aType == null) {
throw new EamDbException("Correlation type is null");
}
public List<CorrelationAttributeInstance> getArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
String normalizedValue = CorrelationAttributeNormalizer.normalize(aType, value);
Connection conn = connect();
@ -1489,7 +1480,7 @@ abstract class AbstractSqlEamDb implements EamDb {
try {
preparedStatement = conn.prepareStatement(sql);
preparedStatement.setString(1, value);
preparedStatement.setString(1, normalizedValue);
preparedStatement.setByte(2, TskData.FileKnown.BAD.getFileKnownValue());
resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
@ -1552,8 +1543,12 @@ abstract class AbstractSqlEamDb implements EamDb {
preparedStatement.setByte(1, TskData.FileKnown.BAD.getFileKnownValue());
resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
artifactInstance = getEamArtifactInstanceFromResultSet(resultSet, aType);
artifactInstances.add(artifactInstance);
try {
artifactInstance = getEamArtifactInstanceFromResultSet(resultSet, aType);
artifactInstances.add(artifactInstance);
} catch (CorrelationAttributeNormalizationException ex) {
logger.log(Level.INFO, "Unable to get artifact instance from resultset.", ex);
}
}
} catch (SQLException ex) {
throw new EamDbException("Error getting notable artifact instances.", ex); // NON-NLS
@ -1575,10 +1570,9 @@ abstract class AbstractSqlEamDb implements EamDb {
* @return Number of matching eamArtifacts
*/
@Override
public Long getCountArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
if (aType == null) {
throw new EamDbException("Correlation type is null");
}
public Long getCountArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
String normalizedValue = CorrelationAttributeNormalizer.normalize(aType, value);
Connection conn = connect();
@ -1594,7 +1588,7 @@ abstract class AbstractSqlEamDb implements EamDb {
try {
preparedStatement = conn.prepareStatement(sql);
preparedStatement.setString(1, value);
preparedStatement.setString(1, normalizedValue);
preparedStatement.setByte(2, TskData.FileKnown.BAD.getFileKnownValue());
resultSet = preparedStatement.executeQuery();
resultSet.next();
@ -1623,10 +1617,9 @@ abstract class AbstractSqlEamDb implements EamDb {
* @throws EamDbException
*/
@Override
public List<String> getListCasesHavingArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
if (aType == null) {
throw new EamDbException("Correlation type is null");
}
public List<String> getListCasesHavingArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
String normalizedValue = CorrelationAttributeNormalizer.normalize(aType, value);
Connection conn = connect();
@ -1649,7 +1642,7 @@ abstract class AbstractSqlEamDb implements EamDb {
try {
preparedStatement = conn.prepareStatement(sql);
preparedStatement.setString(1, value);
preparedStatement.setString(1, normalizedValue);
preparedStatement.setByte(2, TskData.FileKnown.BAD.getFileKnownValue());
resultSet = preparedStatement.executeQuery();
while (resultSet.next()) {
@ -1768,7 +1761,7 @@ abstract class AbstractSqlEamDb implements EamDb {
* @throws EamDbException
*/
@Override
public boolean isFileHashInReferenceSet(String hash, int referenceSetID) throws EamDbException {
public boolean isFileHashInReferenceSet(String hash, int referenceSetID) throws EamDbException, CorrelationAttributeNormalizationException {
return isValueInReferenceSet(hash, referenceSetID, CorrelationAttributeInstance.FILES_TYPE_ID);
}
@ -1782,8 +1775,10 @@ abstract class AbstractSqlEamDb implements EamDb {
* @return true if the value is found in the reference set
*/
@Override
public boolean isValueInReferenceSet(String value, int referenceSetID, int correlationTypeID) throws EamDbException {
public boolean isValueInReferenceSet(String value, int referenceSetID, int correlationTypeID) throws EamDbException, CorrelationAttributeNormalizationException {
String normalizeValued = CorrelationAttributeNormalizer.normalize(this.getCorrelationTypeById(correlationTypeID), value);
Connection conn = connect();
Long matchingInstances = 0L;
@ -1795,13 +1790,13 @@ abstract class AbstractSqlEamDb implements EamDb {
try {
preparedStatement = conn.prepareStatement(String.format(sql, fileTableName));
preparedStatement.setString(1, value);
preparedStatement.setString(1, normalizeValued);
preparedStatement.setInt(2, referenceSetID);
resultSet = preparedStatement.executeQuery();
resultSet.next();
matchingInstances = resultSet.getLong(1);
} catch (SQLException ex) {
throw new EamDbException("Error determining if value (" + value + ") is in reference set " + referenceSetID, ex); // NON-NLS
throw new EamDbException("Error determining if value (" + normalizeValued + ") is in reference set " + referenceSetID, ex); // NON-NLS
} finally {
EamDbUtil.closeStatement(preparedStatement);
EamDbUtil.closeResultSet(resultSet);
@ -1820,11 +1815,11 @@ abstract class AbstractSqlEamDb implements EamDb {
* @return Global known status of the artifact
*/
@Override
public boolean isArtifactKnownBadByReference(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
if (aType == null) {
throw new EamDbException("Correlation type is null");
}
public boolean isArtifactKnownBadByReference(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
//this should be done here so that we can be certain that aType and value are valid before we proceed
String normalizeValued = CorrelationAttributeNormalizer.normalize(aType, value);
// TEMP: Only support file correlation type
if (aType.getId() != CorrelationAttributeInstance.FILES_TYPE_ID) {
return false;
@ -1837,9 +1832,9 @@ abstract class AbstractSqlEamDb implements EamDb {
ResultSet resultSet = null;
String sql = "SELECT count(*) FROM %s WHERE value=? AND known_status=?";
try {
try {
preparedStatement = conn.prepareStatement(String.format(sql, EamDbUtil.correlationTypeToReferenceTableName(aType)));
preparedStatement.setString(1, value);
preparedStatement.setString(1, normalizeValued);
preparedStatement.setByte(2, TskData.FileKnown.BAD.getFileKnownValue());
resultSet = preparedStatement.executeQuery();
resultSet.next();
@ -2420,10 +2415,8 @@ abstract class AbstractSqlEamDb implements EamDb {
* @throws EamDbException
*/
@Override
public List<EamGlobalFileInstance> getReferenceInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String aValue) throws EamDbException {
if (aType == null) {
throw new EamDbException("Correlation type is null");
}
public List<EamGlobalFileInstance> getReferenceInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String aValue) throws EamDbException, CorrelationAttributeNormalizationException {
String normalizeValued = CorrelationAttributeNormalizer.normalize(aType, aValue);
Connection conn = connect();
@ -2434,12 +2427,11 @@ abstract class AbstractSqlEamDb implements EamDb {
try {
preparedStatement1 = conn.prepareStatement(String.format(sql1, EamDbUtil.correlationTypeToReferenceTableName(aType)));
preparedStatement1.setString(1, aValue);
preparedStatement1.setString(1, normalizeValued);
resultSet = preparedStatement1.executeQuery();
while (resultSet.next()) {
globalFileInstances.add(getEamGlobalFileInstanceFromResultSet(resultSet));
}
return globalFileInstances;
} catch (SQLException ex) {
throw new EamDbException("Error getting reference instances by type and value.", ex); // NON-NLS
@ -2448,6 +2440,8 @@ abstract class AbstractSqlEamDb implements EamDb {
EamDbUtil.closeResultSet(resultSet);
EamDbUtil.closeConnection(conn);
}
return globalFileInstances;
}
/**
@ -2828,7 +2822,7 @@ abstract class AbstractSqlEamDb implements EamDb {
*
* @throws SQLException when an expected column name is not in the resultSet
*/
private CorrelationAttributeInstance getEamArtifactInstanceFromResultSet(ResultSet resultSet, CorrelationAttributeInstance.Type aType) throws SQLException, EamDbException {
private CorrelationAttributeInstance getEamArtifactInstanceFromResultSet(ResultSet resultSet, CorrelationAttributeInstance.Type aType) throws SQLException, EamDbException, CorrelationAttributeNormalizationException {
if (null == resultSet) {
return null;
}
@ -2876,7 +2870,7 @@ abstract class AbstractSqlEamDb implements EamDb {
);
}
private EamGlobalFileInstance getEamGlobalFileInstanceFromResultSet(ResultSet resultSet) throws SQLException, EamDbException {
private EamGlobalFileInstance getEamGlobalFileInstanceFromResultSet(ResultSet resultSet) throws SQLException, EamDbException, CorrelationAttributeNormalizationException {
if (null == resultSet) {
return null;
}

16
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java
View File

@ -55,7 +55,7 @@ public class CorrelationAttributeInstance implements Serializable {
CorrelationCase eamCase,
CorrelationDataSource eamDataSource,
String filePath
) throws EamDbException {
) throws EamDbException, CorrelationAttributeNormalizationException {
this(correlationType, correlationValue, -1, eamCase, eamDataSource, filePath, null, TskData.FileKnown.UNKNOWN);
}
@ -67,7 +67,7 @@ public class CorrelationAttributeInstance implements Serializable {
String filePath,
String comment,
TskData.FileKnown knownStatus
) throws EamDbException {
) throws EamDbException, CorrelationAttributeNormalizationException {
this(correlationType, correlationValue, -1, eamCase, eamDataSource, filePath, comment, knownStatus);
}
@ -76,7 +76,7 @@ public class CorrelationAttributeInstance implements Serializable {
String correlationValue,
CorrelationCase correlationCase,
CorrelationDataSource fromTSKDataSource,
String string) throws EamDbException {
String string) throws EamDbException, CorrelationAttributeNormalizationException {
this(correlationType, correlationValue, -1, correlationCase, fromTSKDataSource, string, "", TskData.FileKnown.UNKNOWN);
}
@ -86,7 +86,7 @@ public class CorrelationAttributeInstance implements Serializable {
* @param aType CorrelationAttributeInstance.Type
* @param value correlation value
*/
public CorrelationAttributeInstance(Type aType, String value) throws EamDbException {
public CorrelationAttributeInstance(Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
this(aType, value, -1, null, null, "", "", TskData.FileKnown.UNKNOWN);
}
@ -99,17 +99,13 @@ public class CorrelationAttributeInstance implements Serializable {
String filePath,
String comment,
TskData.FileKnown knownStatus
) throws EamDbException {
) throws EamDbException, CorrelationAttributeNormalizationException {
if (filePath == null) {
throw new EamDbException("file path is null");
}
if (value == null) {
throw new EamDbException("correlation value is null");
}
this.correlationType = type;
this.correlationValue = value;
this.correlationValue = CorrelationAttributeNormalizer.normalize(type, value);
this.ID = instanceId;
this.correlationCase = eamCase;
this.correlationDataSource = eamDataSource;

53
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizationException.java Normal file
View File

@ -0,0 +1,53 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2018 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.centralrepository.datamodel;
/**
* Thrown when a given value is not in the expected format.
*/
public class CorrelationAttributeNormalizationException extends Exception {
private static final long serialVersionUID = 1L;
/**
* Construct an exception with the given message.
* @param message error message
*/
public CorrelationAttributeNormalizationException(String message){
super(message);
}
/**
* Construct an exception with the given message and inner exception.
* @param message error message
* @param cause inner exception
*/
public CorrelationAttributeNormalizationException(String message, Throwable cause){
super(message, cause);
}
/**
* Construct an exception with the given inner exception.
* @param cause inner exception
*/
public CorrelationAttributeNormalizationException(Throwable cause){
super(cause);
}
}

160
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java Normal file
View File

@ -0,0 +1,160 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2018 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.centralrepository.datamodel;
import java.util.List;
import java.util.Optional;
import org.apache.commons.validator.routines.DomainValidator;
import org.apache.commons.validator.routines.EmailValidator;
/**
* Provides functions for normalizing data by attribute type before insertion or querying.
*/
final public class CorrelationAttributeNormalizer {
/**
* This is a utility class - no need for constructing or subclassing, etc...
*/
private CorrelationAttributeNormalizer() { }
/**
* Normalize the data. Converts text to lower case, and ensures that the
* data is a valid string of the format expected given the attributeType.
*
* @param attributeType correlation type of data
* @param data data to normalize
*
* @return normalized data
*/
public static String normalize(CorrelationAttributeInstance.Type attributeType, String data) throws CorrelationAttributeNormalizationException {
if(attributeType == null){
throw new CorrelationAttributeNormalizationException("Attribute type was null.");
}
if(data == null){
throw new CorrelationAttributeNormalizationException("Data was null.");
}
switch(attributeType.getId()){
case CorrelationAttributeInstance.FILES_TYPE_ID:
return normalizeMd5(data);
case CorrelationAttributeInstance.DOMAIN_TYPE_ID:
return normalizeDomain(data);
case CorrelationAttributeInstance.EMAIL_TYPE_ID:
return normalizeEmail(data);
case CorrelationAttributeInstance.PHONE_TYPE_ID:
return normalizePhone(data);
case CorrelationAttributeInstance.USBID_TYPE_ID:
return normalizeUsbId(data);
default:
final String errorMessage = String.format(
"Validator function not found for attribute type: %s",
attributeType.getDisplayName());
throw new CorrelationAttributeNormalizationException(errorMessage);
}
}
/**
* Validate the data. Converts text to lower case, and ensures that the
* data is a valid string of the format expected given the attributeType.
*
* @param attributeTypeId correlation type of data
* @param data data to normalize
*
* @return normalized data
*/
public static String normalize(int attributeTypeId, String data) throws CorrelationAttributeNormalizationException {
try {
List<CorrelationAttributeInstance.Type> defaultTypes = CorrelationAttributeInstance.getDefaultCorrelationTypes();
Optional<CorrelationAttributeInstance.Type> typeOption = defaultTypes.stream().filter(attributeType -> attributeType.getId() == attributeTypeId).findAny();
if(typeOption.isPresent()){
CorrelationAttributeInstance.Type type = typeOption.get();
return CorrelationAttributeNormalizer.normalize(type, data);
} else {
throw new CorrelationAttributeNormalizationException(String.format("Given attributeTypeId did not correspond to any known Attribute: %s", attributeTypeId));
}
} catch (EamDbException ex) {
throw new CorrelationAttributeNormalizationException(ex);
}
}
/**
* Verify MD5 is the correct length and values. Make lower case.
*/
private static String normalizeMd5(String data) throws CorrelationAttributeNormalizationException {
final String validMd5Regex = "^[a-f0-9]{32}$";
final String dataLowered = data.toLowerCase();
if(dataLowered.matches(validMd5Regex)){
return dataLowered;
} else {
throw new CorrelationAttributeNormalizationException(String.format("Data purporting to be an MD5 was found not to comform to expected format: %s", data));
}
}
/**
* Verify there are no slashes or invalid domain name characters (such as '?' or \: ). Normalize to lower case.
*/
private static String normalizeDomain(String data) throws CorrelationAttributeNormalizationException {
DomainValidator validator = DomainValidator.getInstance(true);
if(validator.isValid(data)){
return data.toLowerCase();
} else {
final String validIpAddressRegex = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$";
if(data.matches(validIpAddressRegex)){
return data;
} else {
throw new CorrelationAttributeNormalizationException(String.format("Data was expected to be a valid domain: %s", data));
}
}
}
/**
* Verify that there is an '@' and no invalid characters. Should normalize to lower case.
*/
private static String normalizeEmail(String data) throws CorrelationAttributeNormalizationException {
EmailValidator validator = EmailValidator.getInstance(true, true);
if(validator.isValid(data)){
return data.toLowerCase();
} else {
throw new CorrelationAttributeNormalizationException(String.format("Data was expected to be a valid email address: %s", data));
}
}
/**
* Verify it is only numbers and '+'. Strip spaces, dashes, and parentheses.
*/
private static String normalizePhone(String data) throws CorrelationAttributeNormalizationException {
if(data.matches("\\+?[0-9()\\-\\s]+")){
String phoneNumber = data.replaceAll("[^0-9\\+]", "");
return phoneNumber;
} else {
throw new CorrelationAttributeNormalizationException(String.format("Data was expected to be a valid phone number: %s", data));
}
}
/**
* Vacuous - will be replaced with something reasonable later.
*/
private static String normalizeUsbId(String data) throws CorrelationAttributeNormalizationException {
//TODO replace with correct usb id validation at a later date
return data;
}
}

6
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamArtifactUtil.java
View File

@ -213,7 +213,7 @@ public class EamArtifactUtil {
TskData.FileKnown.UNKNOWN
);
} catch (TskCoreException | EamDbException ex) {
} catch (TskCoreException | EamDbException | CorrelationAttributeNormalizationException ex) {
logger.log(Level.SEVERE, "Error creating artifact instance.", ex); // NON-NLS
return null;
} catch (NoCurrentCaseException ex) {
@ -267,7 +267,7 @@ public class EamArtifactUtil {
CorrelationAttributeInstance correlationAttributeInstance;
try {
correlationAttributeInstance = EamDb.getInstance().getCorrelationAttributeInstance(type, correlationCase, correlationDataSource, value, filePath);
} catch (EamDbException ex) {
} catch (EamDbException | CorrelationAttributeNormalizationException ex) {
logger.log(Level.WARNING, String.format(
"Correlation attribute could not be retrieved for '%s' (id=%d): %s",
content.getName(), content.getId(), ex.getMessage()));
@ -322,7 +322,7 @@ public class EamArtifactUtil {
CorrelationDataSource.fromTSKDataSource(correlationCase, af.getDataSource()),
af.getParentPath() + af.getName());
} catch (TskCoreException | EamDbException ex) {
} catch (TskCoreException | EamDbException | CorrelationAttributeNormalizationException ex) {
logger.log(Level.SEVERE, "Error making correlation attribute.", ex);
return null;
} catch (NoCurrentCaseException ex) {

24
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java
View File

@ -244,7 +244,7 @@ public interface EamDb {
*
* @return List of artifact instances for a given type/value
*/
List<CorrelationAttributeInstance> getArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException;
List<CorrelationAttributeInstance> getArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException;
/**
* Retrieves eamArtifact instances from the database that are associated
@ -269,7 +269,7 @@ public interface EamDb {
* @return Number of artifact instances having ArtifactType and
* ArtifactValue.
*/
Long getCountArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException;
Long getCountArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException;
/**
* Calculate the percentage of data sources that have this attribute value.
@ -278,7 +278,7 @@ public interface EamDb {
*
* @return Int between 0 and 100
*/
int getFrequencyPercentage(CorrelationAttributeInstance corAttr) throws EamDbException;
int getFrequencyPercentage(CorrelationAttributeInstance corAttr) throws EamDbException, CorrelationAttributeNormalizationException;
/**
* Retrieves number of unique caseDisplayName / dataSource tuples in the
@ -290,7 +290,7 @@ public interface EamDb {
*
* @return Number of unique tuples
*/
Long getCountUniqueCaseDataSourceTuplesHavingTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException;
Long getCountUniqueCaseDataSourceTuplesHavingTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException;
/**
* Retrieves number of data sources in the database.
@ -358,7 +358,7 @@ public interface EamDb {
* @throws EamDbException
*/
CorrelationAttributeInstance getCorrelationAttributeInstance(CorrelationAttributeInstance.Type type, CorrelationCase correlationCase,
CorrelationDataSource correlationDataSource, String value, String filePath) throws EamDbException;
CorrelationDataSource correlationDataSource, String value, String filePath) throws EamDbException, CorrelationAttributeNormalizationException;
/**
* Sets an eamArtifact instance to the given known status. If eamArtifact
@ -378,7 +378,7 @@ public interface EamDb {
*
* @return List with 0 or more matching eamArtifact instances.
*/
List<CorrelationAttributeInstance> getArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException;
List<CorrelationAttributeInstance> getArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException;
/**
* Gets list of matching eamArtifact instances that have knownStatus =
@ -397,7 +397,7 @@ public interface EamDb {
*
* @return Number of matching eamArtifacts
*/
Long getCountArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException;
Long getCountArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException;
/**
* Gets list of distinct case display names, where each case has 1+ Artifact
@ -411,7 +411,7 @@ public interface EamDb {
*
* @throws EamDbException
*/
List<String> getListCasesHavingArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException;
List<String> getListCasesHavingArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException;
/**
* Remove a reference set and all values contained in it.
@ -462,7 +462,7 @@ public interface EamDb {
*
* @throws EamDbException
*/
public boolean isFileHashInReferenceSet(String hash, int referenceSetID) throws EamDbException;
public boolean isFileHashInReferenceSet(String hash, int referenceSetID) throws EamDbException, CorrelationAttributeNormalizationException;
/**
* Check if the given value is in a specific reference set
@ -473,7 +473,7 @@ public interface EamDb {
*
* @return true if the hash is found in the reference set
*/
public boolean isValueInReferenceSet(String value, int referenceSetID, int correlationTypeID) throws EamDbException;
public boolean isValueInReferenceSet(String value, int referenceSetID, int correlationTypeID) throws EamDbException, CorrelationAttributeNormalizationException;
/**
* Is the artifact known as bad according to the reference entries?
@ -483,7 +483,7 @@ public interface EamDb {
*
* @return Global known status of the artifact
*/
boolean isArtifactKnownBadByReference(CorrelationAttributeInstance.Type aType, String value) throws EamDbException;
boolean isArtifactKnownBadByReference(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException;
/**
* Add a new organization
@ -611,7 +611,7 @@ public interface EamDb {
*
* @throws EamDbException
*/
List<EamGlobalFileInstance> getReferenceInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String aValue) throws EamDbException;
List<EamGlobalFileInstance> getReferenceInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String aValue) throws EamDbException, CorrelationAttributeNormalizationException;
/**
* Add a new EamArtifact.Type to the db.

19
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamGlobalFileInstance.java
View File

@ -36,7 +36,7 @@ public class EamGlobalFileInstance {
int globalSetID,
String MD5Hash,
TskData.FileKnown knownStatus,
String comment) throws EamDbException {
String comment) throws EamDbException, CorrelationAttributeNormalizationException {
this(-1, globalSetID, MD5Hash, knownStatus, comment);
}
@ -45,17 +45,14 @@ public class EamGlobalFileInstance {
int globalSetID,
String MD5Hash,
TskData.FileKnown knownStatus,
String comment) throws EamDbException {
if(MD5Hash == null){
throw new EamDbException("null MD5 hash");
}
String comment) throws EamDbException, CorrelationAttributeNormalizationException {
if(knownStatus == null){
throw new EamDbException("null known status");
}
this.instanceID = instanceID;
this.globalSetID = globalSetID;
// Normalize hashes by lower casing
this.MD5Hash = MD5Hash.toLowerCase();
this.MD5Hash = CorrelationAttributeNormalizer.normalize(CorrelationAttributeInstance.FILES_TYPE_ID, MD5Hash);
this.knownStatus = knownStatus;
this.comment = comment;
}
@ -117,12 +114,8 @@ public class EamGlobalFileInstance {
/**
* @param MD5Hash the MD5Hash to set
*/
public void setMD5Hash(String MD5Hash) throws EamDbException {
if(MD5Hash == null){
throw new EamDbException("null MD5 hash");
}
// Normalize hashes by lower casing
this.MD5Hash = MD5Hash.toLowerCase();
public void setMD5Hash(String MD5Hash) throws CorrelationAttributeNormalizationException {
this.MD5Hash = CorrelationAttributeNormalizer.normalize(CorrelationAttributeInstance.FILES_TYPE_ID, MD5Hash);
}
/**

20
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDb.java
View File

@ -447,7 +447,7 @@ final class SqliteEamDb extends AbstractSqlEamDb {
* @return List of artifact instances for a given type/value
*/
@Override
public List<CorrelationAttributeInstance> getArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
public List<CorrelationAttributeInstance> getArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
try {
acquireSharedLock();
return super.getArtifactInstancesByTypeValue(aType, value);
@ -489,7 +489,7 @@ final class SqliteEamDb extends AbstractSqlEamDb {
* @throws EamDbException
*/
@Override
public Long getCountArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
public Long getCountArtifactInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
try {
acquireSharedLock();
return super.getCountArtifactInstancesByTypeValue(aType, value);
@ -499,7 +499,7 @@ final class SqliteEamDb extends AbstractSqlEamDb {
}
@Override
public int getFrequencyPercentage(CorrelationAttributeInstance corAttr) throws EamDbException {
public int getFrequencyPercentage(CorrelationAttributeInstance corAttr) throws EamDbException, CorrelationAttributeNormalizationException {
try {
acquireSharedLock();
return super.getFrequencyPercentage(corAttr);
@ -520,7 +520,7 @@ final class SqliteEamDb extends AbstractSqlEamDb {
* @throws EamDbException
*/
@Override
public Long getCountUniqueCaseDataSourceTuplesHavingTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
public Long getCountUniqueCaseDataSourceTuplesHavingTypeValue(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
try {
acquireSharedLock();
return super.getCountUniqueCaseDataSourceTuplesHavingTypeValue(aType, value);
@ -617,7 +617,7 @@ final class SqliteEamDb extends AbstractSqlEamDb {
* @return List with 0 or more matching eamArtifact instances.
*/
@Override
public List<CorrelationAttributeInstance> getArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
public List<CorrelationAttributeInstance> getArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
try {
acquireSharedLock();
return super.getArtifactInstancesKnownBad(aType, value);
@ -654,7 +654,7 @@ final class SqliteEamDb extends AbstractSqlEamDb {
* @return Number of matching eamArtifacts
*/
@Override
public Long getCountArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
public Long getCountArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
try {
acquireSharedLock();
return super.getCountArtifactInstancesKnownBad(aType, value);
@ -676,7 +676,7 @@ final class SqliteEamDb extends AbstractSqlEamDb {
* @throws EamDbException
*/
@Override
public List<String> getListCasesHavingArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
public List<String> getListCasesHavingArtifactInstancesKnownBad(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
try {
acquireSharedLock();
return super.getListCasesHavingArtifactInstancesKnownBad(aType, value);
@ -710,7 +710,7 @@ final class SqliteEamDb extends AbstractSqlEamDb {
* @return true if the hash is found in the reference set
*/
@Override
public boolean isValueInReferenceSet(String value, int referenceSetID, int correlationTypeID) throws EamDbException {
public boolean isValueInReferenceSet(String value, int referenceSetID, int correlationTypeID) throws EamDbException, CorrelationAttributeNormalizationException {
try {
acquireSharedLock();
return super.isValueInReferenceSet(value, referenceSetID, correlationTypeID);
@ -782,7 +782,7 @@ final class SqliteEamDb extends AbstractSqlEamDb {
* @return Global known status of the artifact
*/
@Override
public boolean isArtifactKnownBadByReference(CorrelationAttributeInstance.Type aType, String value) throws EamDbException {
public boolean isArtifactKnownBadByReference(CorrelationAttributeInstance.Type aType, String value) throws EamDbException, CorrelationAttributeNormalizationException {
try {
acquireSharedLock();
return super.isArtifactKnownBadByReference(aType, value);
@ -967,7 +967,7 @@ final class SqliteEamDb extends AbstractSqlEamDb {
* @throws EamDbException
*/
@Override
public List<EamGlobalFileInstance> getReferenceInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String aValue) throws EamDbException {
public List<EamGlobalFileInstance> getReferenceInstancesByTypeValue(CorrelationAttributeInstance.Type aType, String aValue) throws EamDbException, CorrelationAttributeNormalizationException {
try {
acquireSharedLock();
return super.getReferenceInstancesByTypeValue(aType, aValue);

24
Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
View File

@ -34,6 +34,7 @@ import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.casemodule.services.Blackboard;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.ingest.IngestServices;
@ -123,19 +124,19 @@ public class IngestEventsListener {
public synchronized static int getCeModuleInstanceCount() {
return correlationModuleInstanceCount;
}
/**
* Are notable items being flagged?
*
*
* @return True if flagging notable items; otherwise false.
*/
public synchronized static boolean isFlagNotableItems() {
return flagNotableItems;
}
/**
* Configure the listener to flag notable items or not.
*
*
* @param value True to flag notable items; otherwise false.
*/
public synchronized static void setFlagNotableItems(boolean value) {
@ -259,13 +260,18 @@ public class IngestEventsListener {
if (recentlyAddedCeArtifacts.add(eamArtifact.toString())) {
// Was it previously marked as bad?
// query db for artifact instances having this TYPE/VALUE and knownStatus = "Bad".
// if gettKnownStatus() is "Unknown" and this artifact instance was marked bad in a previous case,
// if getKnownStatus() is "Unknown" and this artifact instance was marked bad in a previous case,
// create TSK_INTERESTING_ARTIFACT_HIT artifact on BB.
if (flagNotableItemsEnabled) {
List<String> caseDisplayNames = dbManager.getListCasesHavingArtifactInstancesKnownBad(eamArtifact.getCorrelationType(), eamArtifact.getCorrelationValue());
if (!caseDisplayNames.isEmpty()) {
postCorrelatedBadArtifactToBlackboard(bbArtifact,
caseDisplayNames);
List<String> caseDisplayNames;
try {
caseDisplayNames = dbManager.getListCasesHavingArtifactInstancesKnownBad(eamArtifact.getCorrelationType(), eamArtifact.getCorrelationValue());
if (!caseDisplayNames.isEmpty()) {
postCorrelatedBadArtifactToBlackboard(bbArtifact,
caseDisplayNames);
}
} catch (CorrelationAttributeNormalizationException ex) {
LOGGER.log(Level.INFO, String.format("Unable to flag notable item: %s.", eamArtifact.toString()), ex);
}
}
eamArtifacts.add(eamArtifact);

7
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
View File

@ -28,6 +28,7 @@ import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.casemodule.services.Blackboard;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException;
import org.sleuthkit.autopsy.core.RuntimeProperties;
import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
import org.sleuthkit.autopsy.ingest.FileIngestModule;
@ -143,6 +144,9 @@ final class IngestModule implements FileIngestModule {
} catch (EamDbException ex) {
logger.log(Level.SEVERE, "Error searching database for artifact.", ex); // NON-NLS
return ProcessResult.ERROR;
} catch (CorrelationAttributeNormalizationException ex){
logger.log(Level.INFO, "Error searching database for artifact.", ex); // NON-NLS
return ProcessResult.ERROR;
}
}
@ -161,6 +165,9 @@ final class IngestModule implements FileIngestModule {
} catch (EamDbException ex) {
logger.log(Level.SEVERE, "Error adding artifact to bulk artifacts.", ex); // NON-NLS
return ProcessResult.ERROR;
} catch (CorrelationAttributeNormalizationException ex) {
logger.log(Level.INFO, "Error adding artifact to bulk artifacts.", ex); // NON-NLS
return ProcessResult.ERROR;
}
return ProcessResult.OK;

2
Core/src/org/sleuthkit/autopsy/commonfilesearch/CaseDBCommonAttributeInstanceNode.java
View File

@ -88,4 +88,4 @@ public class CaseDBCommonAttributeInstanceNode extends FileNode {
return sheet;
}
}
}

27
Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributeSearchResults.java
View File

@ -25,9 +25,12 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import java.util.logging.Level;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
import org.sleuthkit.autopsy.coreutils.Logger;
/**
* Stores the results from the various types of common attribute searching
@ -35,6 +38,8 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
*/
final public class CommonAttributeSearchResults {
private static final Logger LOGGER = Logger.getLogger(CommonAttributeSearchResults.class.getName());
// maps instance count to list of attribute values.
private final Map<Integer, CommonAttributeValueList> instanceCountToAttributeValues;
@ -86,7 +91,7 @@ final public class CommonAttributeSearchResults {
* search.
*
* Remove results which are not found in the portion of available data
sources described by maximumPercentageThreshold.
* sources described by maximumPercentageThreshold.
*
* @return metadata
*/
@ -113,16 +118,20 @@ final public class CommonAttributeSearchResults {
for(CommonAttributeValue value : values.getDelayedMetadataList()){ // Need the real metadata
int frequencyPercentage = eamDb.getFrequencyPercentage(new CorrelationAttributeInstance(fileAttributeType, value.getValue()));
try {
int frequencyPercentage = eamDb.getFrequencyPercentage(new CorrelationAttributeInstance(fileAttributeType, value.getValue()));
if(frequencyPercentage > maximumPercentageThreshold){
if(itemsToRemove.containsKey(key)){
itemsToRemove.get(key).add(value);
} else {
List<CommonAttributeValue> toRemove = new ArrayList<>();
toRemove.add(value);
itemsToRemove.put(key, toRemove);
if(frequencyPercentage > maximumPercentageThreshold){
if(itemsToRemove.containsKey(key)){
itemsToRemove.get(key).add(value);
} else {
List<CommonAttributeValue> toRemove = new ArrayList<>();
toRemove.add(value);
itemsToRemove.put(key, toRemove);
}
}
} catch(CorrelationAttributeNormalizationException ex){
LOGGER.log(Level.WARNING, "Unable to determine frequency percentage attribute - frequency filter may not be accurate for these results.", ex);
}
}
}

15
Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCaseSearchResultsProcessor.java
View File

@ -26,6 +26,7 @@ import java.util.Map;
import java.util.logging.Level;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationCase;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
@ -220,11 +221,15 @@ final class InterCaseSearchResultsProcessor {
while (resultSet.next()) {
CorrelationCase correlationCase = DbManager.getCaseById(InstanceTableCallback.getCaseId(resultSet));
CorrelationDataSource dataSource = DbManager.getDataSourceById(correlationCase, InstanceTableCallback.getDataSourceId(resultSet));
correlationAttributeInstance = DbManager.getCorrelationAttributeInstance(fileType,
correlationCase,
dataSource,
InstanceTableCallback.getValue(resultSet),
InstanceTableCallback.getFilePath(resultSet));
try {
correlationAttributeInstance = DbManager.getCorrelationAttributeInstance(fileType,
correlationCase,
dataSource,
InstanceTableCallback.getValue(resultSet),
InstanceTableCallback.getFilePath(resultSet));
} catch (CorrelationAttributeNormalizationException ex) {
LOGGER.log(Level.INFO, "Unable to get CorrelationAttributeInstance.", ex); // NON-NLS
}
}
} catch (SQLException | EamDbException ex) {

11
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java
View File

@ -39,6 +39,7 @@ import org.netbeans.api.progress.ProgressHandle;
import org.openide.util.NbBundle;
import org.openide.util.NbBundle.Messages;
import org.openide.windows.WindowManager;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
@ -1238,8 +1239,8 @@ public class HashDbManager implements PropertyChangeListener {
EamGlobalFileInstance fileInstance = new EamGlobalFileInstance(referenceSetID, file.getMd5Hash(),
type, comment);
EamDb.getInstance().addReferenceInstance(fileInstance,EamDb.getInstance().getCorrelationTypeById(CorrelationAttributeInstance.FILES_TYPE_ID));
} catch (EamDbException ex){
throw new TskCoreException("Error adding hashes to " + getDisplayName(), ex);
} catch (EamDbException | CorrelationAttributeNormalizationException ex){
throw new TskCoreException("Error adding hashes to " + getDisplayName(), ex); //NON-NLS
}
}
}
@ -1264,7 +1265,7 @@ public class HashDbManager implements PropertyChangeListener {
}
try {
globalFileInstances.add(new EamGlobalFileInstance(referenceSetID, hashEntry.getMd5Hash(), type, hashEntry.getComment()));
} catch (EamDbException ex){
} catch (EamDbException | CorrelationAttributeNormalizationException ex){
throw new TskCoreException("Error adding hashes to " + getDisplayName(), ex);
}
}
@ -1295,7 +1296,7 @@ public class HashDbManager implements PropertyChangeListener {
if (null != file.getMd5Hash()) {
try{
return EamDb.getInstance().isFileHashInReferenceSet(file.getMd5Hash(), this.referenceSetID);
} catch (EamDbException ex){
} catch (EamDbException | CorrelationAttributeNormalizationException ex){
Logger.getLogger(SleuthkitHashSet.class.getName()).log(Level.SEVERE, "Error performing central reposiotry hash lookup for hash "
+ file.getMd5Hash() + " in reference set " + referenceSetID, ex); //NON-NLS
throw new TskCoreException("Error performing central reposiotry hash lookup", ex);
@ -1327,7 +1328,7 @@ public class HashDbManager implements PropertyChangeListener {
// Make a bare-bones HashHitInfo for now
result = new HashHitInfo(file.getMd5Hash(), "", "");
}
} catch (EamDbException ex){
} catch (EamDbException | CorrelationAttributeNormalizationException ex){
Logger.getLogger(SleuthkitHashSet.class.getName()).log(Level.SEVERE, "Error performing central reposiotry hash lookup for hash "
+ file.getMd5Hash() + " in reference set " + referenceSetID, ex); //NON-NLS
throw new TskCoreException("Error performing central reposiotry hash lookup", ex);

625
Core/test/qa-functional/src/org/sleuthkit/autopsy/centralrepository/datamodel/CentralRepoDatamodelTest.java
View File

File diff suppressed because it is too large Load Diff

315
Core/test/qa-functional/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizerTest.java Normal file
View File

@ -0,0 +1,315 @@
/*
*
* Autopsy Forensic Browser
*
* Copyright 2018 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.sleuthkit.autopsy.centralrepository.datamodel;
import junit.framework.Test;
import org.junit.Assert;
import org.netbeans.junit.NbModuleSuite;
import org.netbeans.junit.NbTestCase;
import org.openide.util.Exceptions;
/**
* Tests for validation on each correlation attribute type.
*/
public class CorrelationAttributeNormalizerTest extends NbTestCase {
public static Test suite() {
NbModuleSuite.Configuration conf = NbModuleSuite.createConfiguration(CorrelationAttributeNormalizerTest.class).
clusters(".*").
enableModules(".*");
return conf.suite();
}
public CorrelationAttributeNormalizerTest(String name) {
super(name);
}
public void testValidateMd5() {
final String aValidHash = "e34a8899ef6468b74f8a1048419ccc8b"; //should pass
final String anInValidHash = "e34asdfa8899ef6468b74f8a1048419ccc8b"; //should fail
final String aValidHashWithCaps = "E34A8899EF6468B74F8A1048419CCC8B"; //should pass and be lowered
final String emptyHash = ""; //should fail
final String nullHash = null; //should fail
final int FILES_TYPE_ID = CorrelationAttributeInstance.FILES_TYPE_ID;
try {
assertTrue("This hash should just work", CorrelationAttributeNormalizer.normalize(FILES_TYPE_ID, aValidHash).equals(aValidHash));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
try {
assertTrue("This hash just needs to be converted to lower case", CorrelationAttributeNormalizer.normalize(CorrelationAttributeInstance.FILES_TYPE_ID, aValidHashWithCaps).equals(aValidHash));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
try {
CorrelationAttributeNormalizer.normalize(FILES_TYPE_ID, anInValidHash);
fail(THIS_SHOULD_HAVE_THROWN_AN_EXCEPTION);
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try {
CorrelationAttributeNormalizer.normalize(FILES_TYPE_ID, emptyHash);
fail(THIS_SHOULD_HAVE_THROWN_AN_EXCEPTION);
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try {
CorrelationAttributeNormalizer.normalize(FILES_TYPE_ID, nullHash);
fail(THIS_SHOULD_HAVE_THROWN_AN_EXCEPTION);
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
}
private static final String WE_EXPECT_AN_EXCEPTION_HERE = "We expect an exception here.";
private static final String THIS_SHOULD_HAVE_THROWN_AN_EXCEPTION = "This should have thrown an exception.";
public void testValidateDomain() {
final String goodDomainOne = "www.test.com"; //should pass
final String badDomainTwo = "http://www.test.com"; //should fail (includes protocol)
final String goodDomainThree = "test.com"; //should pass
final String badDomainFour = "http://1270.0.1"; //should fail
final String badDomainFive = "?>\\/)(*&.com"; //should fail
final String badDomainSix = null; //should fail
final String badDomainSeven = ""; //should fail
final String badDomainEight = "HTTP://tests.com"; //should fail
final String badDomainNine = "http://www.test.com/aPage?aQuestion=aParam&anotherQuestion=anotherParam"; //should fail
final String goodDomainTen = "WWW.TEST.COM"; //should pass but be lowered
final String goodDomainEleven = "TEST.COM"; //should pass but be lowered
final int DOMAIN_TYPE_ID = CorrelationAttributeInstance.DOMAIN_TYPE_ID;
try {
assertTrue(THIS_DOMAIN_SHOULD_PASS, CorrelationAttributeNormalizer.normalize(DOMAIN_TYPE_ID, goodDomainOne).equals(goodDomainOne));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
try {
CorrelationAttributeNormalizer.normalize(DOMAIN_TYPE_ID, badDomainTwo);
fail(THIS_SHOULD_HAVE_THROWN_AN_EXCEPTION);
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try {
assertTrue(THIS_DOMAIN_SHOULD_PASS, CorrelationAttributeNormalizer.normalize(DOMAIN_TYPE_ID, goodDomainThree).equals(goodDomainThree));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
try {
assertTrue(THIS_DOMAIN_SHOULD_PASS, CorrelationAttributeNormalizer.normalize(DOMAIN_TYPE_ID, badDomainFour).equals(badDomainFour));
fail(THIS_SHOULD_HAVE_THROWN_AN_EXCEPTION);
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try {
CorrelationAttributeNormalizer.normalize(DOMAIN_TYPE_ID, badDomainFive);
fail(THIS_SHOULD_HAVE_THROWN_AN_EXCEPTION);
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try {
CorrelationAttributeNormalizer.normalize(DOMAIN_TYPE_ID, badDomainSix);
fail(THIS_SHOULD_HAVE_THROWN_AN_EXCEPTION);
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try {
CorrelationAttributeNormalizer.normalize(DOMAIN_TYPE_ID, badDomainSeven);
fail(THIS_SHOULD_HAVE_THROWN_AN_EXCEPTION);
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try {
CorrelationAttributeNormalizer.normalize(DOMAIN_TYPE_ID, badDomainEight);
fail("This should have thrown an exception");
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try {
CorrelationAttributeNormalizer.normalize(DOMAIN_TYPE_ID, badDomainNine);
fail("This should have thrown an exception");
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try {
assertTrue(THIS_DOMAIN_SHOULD_PASS, CorrelationAttributeNormalizer.normalize(DOMAIN_TYPE_ID, goodDomainTen).equals(goodDomainTen.toLowerCase()));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
try {
assertTrue(THIS_DOMAIN_SHOULD_PASS, CorrelationAttributeNormalizer.normalize(DOMAIN_TYPE_ID, goodDomainEleven).equals(goodDomainEleven.toLowerCase()));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
}
private static final String THIS_DOMAIN_SHOULD_PASS = "This domain should pass.";
public void testValidateEmail() {
final String goodEmailOne = "bsweeney@cipehrtechsolutions.com"; //should pass
final String goodEmailTwo = "BSWEENEY@ciphertechsolutions.com"; //should pass and be lowered
final String badEmailThree = ""; //should fail
final String badEmailFour = null; //should fail
final String badEmailFive = "asdf"; //should fail
final String goodEmailSix = "asdf@asdf"; //TODO looks bad but the lib accepts it...
final String badEmailSeven = "asdf.asdf"; //should
final int EMAIL_TYPE_ID = CorrelationAttributeInstance.EMAIL_TYPE_ID;
try {
assertTrue("This email should pass.", CorrelationAttributeNormalizer.normalize(EMAIL_TYPE_ID, goodEmailOne).equals(goodEmailOne));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
try {
assertTrue("This email should pass.", CorrelationAttributeNormalizer.normalize(EMAIL_TYPE_ID, goodEmailTwo).equals(goodEmailTwo.toLowerCase()));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
try {
CorrelationAttributeNormalizer.normalize(EMAIL_TYPE_ID, badEmailThree);
fail(THIS_SHOULD_HAVE_THROWN_AN_EXCEPTION);
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try {
CorrelationAttributeNormalizer.normalize(EMAIL_TYPE_ID, badEmailFour);
fail(THIS_SHOULD_HAVE_THROWN_AN_EXCEPTION);
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try {
CorrelationAttributeNormalizer.normalize(EMAIL_TYPE_ID, badEmailFive);
fail(THIS_SHOULD_HAVE_THROWN_AN_EXCEPTION);
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try { //TODO consider a better library?
assertTrue("This email should pass", CorrelationAttributeNormalizer.normalize(EMAIL_TYPE_ID, goodEmailSix).equals(goodEmailSix));
} catch (CorrelationAttributeNormalizationException ex) {
fail(ex.getMessage());
}
try {
CorrelationAttributeNormalizer.normalize(EMAIL_TYPE_ID, badEmailSeven);
fail(THIS_SHOULD_HAVE_THROWN_AN_EXCEPTION);
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
}
public void testValidatePhone() {
final String goodPnOne = "19784740486";
final String goodPnTwo = "1(978) 474-0486";
final String goodPnThree = "+19784740486";
final String goodPnFour = "1 978-474-0486";
final String badPnFive = "9879879819784740486";
final String goodPnSix = "+1(978) 474-0486";
final String goodPnSeven = "+1(978) 474-0486";
final String badPnEight = "asdfasdfasdf";
final String badPnNine = "asdf19784740486adsf";
final int PHONE_TYPE_ID = CorrelationAttributeInstance.PHONE_TYPE_ID;
try {
assertTrue(THIS_PHONE_NUMBER_SHOULD_PASS, CorrelationAttributeNormalizer.normalize(PHONE_TYPE_ID, goodPnOne).equals(goodPnOne));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
try {
assertTrue(THIS_PHONE_NUMBER_SHOULD_PASS, CorrelationAttributeNormalizer.normalize(PHONE_TYPE_ID, goodPnTwo).equals(goodPnOne));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
try {
assertTrue(THIS_PHONE_NUMBER_SHOULD_PASS, CorrelationAttributeNormalizer.normalize(PHONE_TYPE_ID, goodPnThree).equals(goodPnThree));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
try {
assertTrue(THIS_PHONE_NUMBER_SHOULD_PASS, CorrelationAttributeNormalizer.normalize(PHONE_TYPE_ID, goodPnFour).equals(goodPnOne));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
try {
CorrelationAttributeNormalizer.normalize(PHONE_TYPE_ID, badPnFive);
//fail("This should have thrown an exception."); //this will eventually pass when we do a better job at this
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try {
assertTrue(THIS_PHONE_NUMBER_SHOULD_PASS, CorrelationAttributeNormalizer.normalize(PHONE_TYPE_ID, goodPnSix).equals(goodPnThree));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
try {
assertTrue(THIS_PHONE_NUMBER_SHOULD_PASS, CorrelationAttributeNormalizer.normalize(PHONE_TYPE_ID, goodPnSeven).equals(goodPnThree));
} catch (CorrelationAttributeNormalizationException ex) {
Exceptions.printStackTrace(ex);
fail(ex.getMessage());
}
try {
CorrelationAttributeNormalizer.normalize(PHONE_TYPE_ID, badPnEight);
fail("This should have thrown an exception.");
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
try {
CorrelationAttributeNormalizer.normalize(PHONE_TYPE_ID, badPnNine);
fail("This should have thrown an exception.");
} catch (CorrelationAttributeNormalizationException ex) {
assertTrue(WE_EXPECT_AN_EXCEPTION_HERE, true);
}
}
private static final String THIS_PHONE_NUMBER_SHOULD_PASS = "This phone number should pass.";
public void testValidateUsbId() {
//TODO will need to be updated once usb validation does somethign interesting
final String goodIdOne = "0202:AAFF"; //should pass
/*final String goodIdTwo = "0202:aaff"; //should pass
final String badIdThree = "0202:axxf"; //should fail
final String badIdFour = ""; //should fail
final String badIdFive = null; //should fail
final String goodIdSix = "0202 AAFF"; //should pass
final String goodIdSeven = "0202AAFF"; //should pass
final String goodIdEight = "0202-AAFF"; //should pass*/
final int USBID_TYPE_ID = CorrelationAttributeInstance.USBID_TYPE_ID;
try {
assertTrue(THIS_USB_ID_SHOULD_PASS, CorrelationAttributeNormalizer.normalize(USBID_TYPE_ID, goodIdOne).equals(goodIdOne));
} catch (CorrelationAttributeNormalizationException ex) {
Assert.fail(ex.getMessage());
}
}
private static final String THIS_USB_ID_SHOULD_PASS = "This USB ID should pass.";
}