mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 02:07:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2230 from BasisOlivers/2146-3

Browse Source 
Ingest tracking changes in autopsy
This commit is contained in:
Richard Cordovano 2016-06-13 17:53:57 -04:00 committed by GitHub
commit 98a6fa6b57
3 changed files with 95 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
Core/src/org/sleuthkit/autopsy/ingest/DataSourceIngestJob.java
View File

@ -32,9 +32,17 @@ import javax.swing.JOptionPane;
import org.netbeans.api.progress.ProgressHandle;
import org.openide.util.Cancellable;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.NetworkUtils;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.IngestJobInfo;
import org.sleuthkit.datamodel.IngestJobInfo.IngestJobStatusType;
import org.sleuthkit.datamodel.IngestModuleInfo;
import org.sleuthkit.datamodel.IngestModuleInfo.IngestModuleType;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
/**
* Encapsulates a data source and the ingest module pipelines used to process
@ -151,6 +159,8 @@ final class DataSourceIngestJob {
private ProgressHandle fileIngestProgress;
private String currentFileIngestModule = "";
private String currentFileIngestTask = "";
private List<IngestModuleInfo> ingestModules = new ArrayList<>();
private IngestJobInfo ingestJob;
/**
* A data source ingest job uses this field to report its creation time.
@ -243,6 +253,20 @@ final class DataSourceIngestJob {
*/
Thread.currentThread().interrupt();
}
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
try {
this.addIngestModules(firstStageDataSourceModuleTemplates, IngestModuleType.DATA_SOURCE_LEVEL, skCase);
this.addIngestModules(fileIngestModuleTemplates, IngestModuleType.FILE_LEVEL, skCase);
this.addIngestModules(secondStageDataSourceModuleTemplates, IngestModuleType.DATA_SOURCE_LEVEL, skCase);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Failed to add ingest modules to database.", ex);
}
}
private void addIngestModules(List<IngestModuleTemplate> templates, IngestModuleType type, SleuthkitCase skCase) throws TskCoreException {
for (IngestModuleTemplate module : templates) {
ingestModules.add(skCase.addIngestModule(module.getModuleName(), FactoryClassNameNormalizer.normalize(module.getModuleFactory().getClass().getCanonicalName()), type, module.getModuleFactory().getModuleVersionNumber()));
}
}
/**
@ -365,6 +389,11 @@ final class DataSourceIngestJob {
logger.log(Level.INFO, "Starting second stage analysis for {0} (jobId={1}), no first stage configured", new Object[]{dataSource.getName(), this.id}); //NON-NLS
this.startSecondStage();
}
try {
this.ingestJob = Case.getCurrentCase().getSleuthkitCase().addIngestJob(dataSource, NetworkUtils.getLocalHostName(), ingestModules, new Date(this.createTime), new Date(0), IngestJobStatusType.STARTED, "");
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Failed to add ingest job to database.", ex);
}
}
return errors;
}
@ -641,8 +670,26 @@ final class DataSourceIngestJob {
}
}
}
if (this.cancelled) {
try {
ingestJob.setIngestJobStatus(IngestJobStatusType.CANCELLED);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Failed to set ingest status for ingest job in database.", ex);
}
} else {
try {
ingestJob.setIngestJobStatus(IngestJobStatusType.COMPLETED);
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Failed to set ingest status for ingest job in database.", ex);
}
}
try {
this.ingestJob.setEndDateTime(new Date());
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Failed to set end date for ingest job in database.", ex);
}
this.parentJob.dataSourceJobFinished(this);
}
/**

42
Core/src/org/sleuthkit/autopsy/ingest/FactoryClassNameNormalizer.java Executable file
View File

@ -0,0 +1,42 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.sleuthkit.autopsy.ingest;
import org.sleuthkit.autopsy.coreutils.Logger;
/**
* Used to strip python ids on factory class names.
*/
class FactoryClassNameNormalizer {
private static final CharSequence pythonModuleSettingsPrefixCS = "org.python.proxies.".subSequence(0, "org.python.proxies.".length() - 1); //NON-NLS
private static final Logger logger = Logger.getLogger(FactoryClassNameNormalizer.class.getName());
static String normalize(String canonicalClassName) {
if (isPythonModuleSettingsFile(canonicalClassName)) {
// compiled python modules have variable instance number as a part of their file name.
// This block of code gets rid of that variable instance number and helps maitains constant module name over multiple runs.
String moduleClassName = canonicalClassName.replaceAll("[$][\\d]", ""); //NON-NLS NON-NLS
return moduleClassName;
}
return canonicalClassName;
}
/**
* Determines if the moduleSettingsFilePath is that of a serialized jython
* instance. Serialized Jython instances (settings saved on the disk)
* contain "org.python.proxies." in their fileName based on the current
* implementation.
*
* @param moduleSettingsFilePath path to the module settings file.
*
* @return True or false
*/
private static boolean isPythonModuleSettingsFile(String moduleSettingsFilePath) {
return moduleSettingsFilePath.contains(pythonModuleSettingsPrefixCS);
}
}

18
Core/src/org/sleuthkit/autopsy/ingest/IngestJobSettings.java
View File

@ -33,10 +33,10 @@ import java.util.logging.Level;
import org.openide.util.NbBundle;
import org.openide.util.io.NbObjectInputStream;
import org.openide.util.io.NbObjectOutputStream;
import org.python.util.PythonObjectInputStream;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.ModuleSettings;
import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.python.util.PythonObjectInputStream;
/**
* Encapsulates the ingest job settings for a particular execution context.
@ -467,17 +467,9 @@ public class IngestJobSettings {
* @param settings The ingest job settings for the ingest module
*/
private void saveModuleSettings(IngestModuleFactory factory, IngestModuleIngestJobSettings settings) {
try {
String moduleSettingsFilePath = getModuleSettingsFilePath(factory);
// compiled python modules have substring org.python.proxies. It can be used to identify them.
if (isPythonModuleSettingsFile(moduleSettingsFilePath)) {
// compiled python modules have variable instance number as a part of their file name.
// This block of code gets rid of that variable instance number and helps maitains constant module name over multiple runs.
moduleSettingsFilePath = moduleSettingsFilePath.replaceAll("[$][\\d]+.settings$", "\\$.settings"); //NON-NLS NON-NLS
}
try (NbObjectOutputStream out = new NbObjectOutputStream(new FileOutputStream(moduleSettingsFilePath))) {
out.writeObject(settings);
}
String moduleSettingsFilePath = Paths.get(this.moduleSettingsFolderPath, FactoryClassNameNormalizer.normalize(factory.getClass().getCanonicalName()) + MODULE_SETTINGS_FILE_EXT).toString();
try (NbObjectOutputStream out = new NbObjectOutputStream(new FileOutputStream(moduleSettingsFilePath))) {
out.writeObject(settings);
} catch (IOException ex) {
String warning = NbBundle.getMessage(IngestJobSettings.class, "IngestJobSettings.moduleSettingsSave.warning", factory.getModuleDisplayName(), this.executionContext); //NON-NLS
logger.log(Level.SEVERE, warning, ex);