mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-15 01:07:42 +00:00
added comments, minor refactoring as part of reviewing hash db code for memory leaks. No logic changes
This commit is contained in:
Brian Carrier
parent
6687457705
commit
9ae538438b
@ -68,6 +68,10 @@ final class FileIngestPipeline {
|
|||||||
return modules.isEmpty();
|
return modules.isEmpty();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Start up all of the modules in the pipeline.
|
||||||
|
* @return List of errors or empty list if no errors
|
||||||
|
*/
|
||||||
List<IngestModuleError> startUp() {
|
List<IngestModuleError> startUp() {
|
||||||
List<IngestModuleError> errors = new ArrayList<>();
|
List<IngestModuleError> errors = new ArrayList<>();
|
||||||
for (FileIngestModuleDecorator module : modules) {
|
for (FileIngestModuleDecorator module : modules) {
|
||||||
@ -80,6 +84,13 @@ final class FileIngestPipeline {
|
|||||||
return errors;
|
return errors;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Process the file down the pipeline of modules.
|
||||||
|
* Startup must have been called before this is called.
|
||||||
|
*
|
||||||
|
* @param file File to analyze
|
||||||
|
* @return List of errors or empty list if no errors
|
||||||
|
*/
|
||||||
List<IngestModuleError> process(AbstractFile file) {
|
List<IngestModuleError> process(AbstractFile file) {
|
||||||
List<IngestModuleError> errors = new ArrayList<>();
|
List<IngestModuleError> errors = new ArrayList<>();
|
||||||
for (FileIngestModuleDecorator module : modules) {
|
for (FileIngestModuleDecorator module : modules) {
|
||||||
|
|||||||
@ -21,6 +21,10 @@ package org.sleuthkit.autopsy.ingest;
|
|||||||
import java.util.Objects;
|
import java.util.Objects;
|
||||||
import org.sleuthkit.datamodel.AbstractFile;
|
import org.sleuthkit.datamodel.AbstractFile;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Represents a single file analysis task, which is defined
|
||||||
|
* by a file to analyze and the InjestJob/Pipeline to run it on.
|
||||||
|
*/
|
||||||
final class FileIngestTask extends IngestTask {
|
final class FileIngestTask extends IngestTask {
|
||||||
|
|
||||||
private final AbstractFile file;
|
private final AbstractFile file;
|
||||||
|
|||||||
@ -32,6 +32,10 @@ import org.sleuthkit.autopsy.coreutils.Logger;
|
|||||||
import org.sleuthkit.datamodel.AbstractFile;
|
import org.sleuthkit.datamodel.AbstractFile;
|
||||||
import org.sleuthkit.datamodel.Content;
|
import org.sleuthkit.datamodel.Content;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* InjestJobs store all settings and data associated with the user selecting a
|
||||||
|
* datasource and running a set of ingest modules on it.
|
||||||
|
*/
|
||||||
final class IngestJob {
|
final class IngestJob {
|
||||||
|
|
||||||
private static final Logger logger = Logger.getLogger(IngestManager.class.getName());
|
private static final Logger logger = Logger.getLogger(IngestManager.class.getName());
|
||||||
@ -102,6 +106,11 @@ final class IngestJob {
|
|||||||
return processUnallocatedSpace;
|
return processUnallocatedSpace;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create the file and data source pipelines.
|
||||||
|
* @param ingestModuleTemplates
|
||||||
|
* @throws InterruptedException
|
||||||
|
*/
|
||||||
private void createIngestPipelines(List<IngestModuleTemplate> ingestModuleTemplates) throws InterruptedException {
|
private void createIngestPipelines(List<IngestModuleTemplate> ingestModuleTemplates) throws InterruptedException {
|
||||||
IngestJobContext context = new IngestJobContext(this);
|
IngestJobContext context = new IngestJobContext(this);
|
||||||
dataSourceIngestPipeline = new DataSourceIngestPipeline(context, ingestModuleTemplates);
|
dataSourceIngestPipeline = new DataSourceIngestPipeline(context, ingestModuleTemplates);
|
||||||
@ -118,6 +127,11 @@ final class IngestJob {
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Start both the data source and file ingest pipelines
|
||||||
|
* @return
|
||||||
|
* @throws InterruptedException
|
||||||
|
*/
|
||||||
private List<IngestModuleError> start() throws InterruptedException {
|
private List<IngestModuleError> start() throws InterruptedException {
|
||||||
List<IngestModuleError> errors = startUpIngestPipelines();
|
List<IngestModuleError> errors = startUpIngestPipelines();
|
||||||
if (errors.isEmpty()) {
|
if (errors.isEmpty()) {
|
||||||
@ -142,6 +156,14 @@ final class IngestJob {
|
|||||||
return errors;
|
return errors;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Startup each of the file and data source ingest modules to collect
|
||||||
|
* possible errors.
|
||||||
|
*
|
||||||
|
* @return
|
||||||
|
* @throws InterruptedException
|
||||||
|
*/
|
||||||
private List<IngestModuleError> startUpIngestPipelines() throws InterruptedException {
|
private List<IngestModuleError> startUpIngestPipelines() throws InterruptedException {
|
||||||
List<IngestModuleError> errors = new ArrayList<>();
|
List<IngestModuleError> errors = new ArrayList<>();
|
||||||
errors.addAll(dataSourceIngestPipeline.startUp());
|
errors.addAll(dataSourceIngestPipeline.startUp());
|
||||||
|
|||||||
@ -44,7 +44,7 @@ import org.sleuthkit.datamodel.TskException;
|
|||||||
import org.sleuthkit.autopsy.hashdatabase.HashDbManager.HashDb;
|
import org.sleuthkit.autopsy.hashdatabase.HashDbManager.HashDb;
|
||||||
import org.sleuthkit.autopsy.ingest.FileIngestModule;
|
import org.sleuthkit.autopsy.ingest.FileIngestModule;
|
||||||
import org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter;
|
import org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter;
|
||||||
import org.sleuthkit.datamodel.HashInfo;
|
import org.sleuthkit.datamodel.HashHitInfo;
|
||||||
|
|
||||||
public class HashDbIngestModule implements FileIngestModule {
|
public class HashDbIngestModule implements FileIngestModule {
|
||||||
private static final Logger logger = Logger.getLogger(HashDbIngestModule.class.getName());
|
private static final Logger logger = Logger.getLogger(HashDbIngestModule.class.getName());
|
||||||
@ -82,8 +82,8 @@ public class HashDbIngestModule implements FileIngestModule {
|
|||||||
@Override
|
@Override
|
||||||
public void startUp(org.sleuthkit.autopsy.ingest.IngestJobContext context) throws IngestModuleException {
|
public void startUp(org.sleuthkit.autopsy.ingest.IngestJobContext context) throws IngestModuleException {
|
||||||
jobId = context.getJobId();
|
jobId = context.getJobId();
|
||||||
getEnabledHashSets(hashDbManager.getKnownBadFileHashSets(), knownBadHashSets);
|
updateEnabledHashSets(hashDbManager.getKnownBadFileHashSets(), knownBadHashSets);
|
||||||
getEnabledHashSets(hashDbManager.getKnownFileHashSets(), knownHashSets);
|
updateEnabledHashSets(hashDbManager.getKnownFileHashSets(), knownHashSets);
|
||||||
|
|
||||||
if (refCounter.incrementAndGet(jobId) == 1) {
|
if (refCounter.incrementAndGet(jobId) == 1) {
|
||||||
// if first module for this job then post error msgs if needed
|
// if first module for this job then post error msgs if needed
|
||||||
@ -108,9 +108,14 @@ public class HashDbIngestModule implements FileIngestModule {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void getEnabledHashSets(List<HashDb> hashSets, List<HashDb> enabledHashSets) {
|
/**
|
||||||
|
* Cycle through list of hashsets and return the subset that is enabled.
|
||||||
|
* @param allHashSets List of all hashsets from DB manager
|
||||||
|
* @param enabledHashSets List of enabled ones to return.
|
||||||
|
*/
|
||||||
|
private void updateEnabledHashSets(List<HashDb> allHashSets, List<HashDb> enabledHashSets) {
|
||||||
enabledHashSets.clear();
|
enabledHashSets.clear();
|
||||||
for (HashDb db : hashSets) {
|
for (HashDb db : allHashSets) {
|
||||||
if (settings.isHashSetEnabled(db.getHashSetName())) {
|
if (settings.isHashSetEnabled(db.getHashSetName())) {
|
||||||
try {
|
try {
|
||||||
if (db.hasIndex()) {
|
if (db.hasIndex()) {
|
||||||
@ -178,7 +183,7 @@ public class HashDbIngestModule implements FileIngestModule {
|
|||||||
for (HashDb db : knownBadHashSets) {
|
for (HashDb db : knownBadHashSets) {
|
||||||
try {
|
try {
|
||||||
long lookupstart = System.currentTimeMillis();
|
long lookupstart = System.currentTimeMillis();
|
||||||
HashInfo hashInfo = db.lookUp(file);
|
HashHitInfo hashInfo = db.lookupMD5(file);
|
||||||
if (null != hashInfo) {
|
if (null != hashInfo) {
|
||||||
foundBad = true;
|
foundBad = true;
|
||||||
totals.totalKnownBadCount.incrementAndGet();
|
totals.totalKnownBadCount.incrementAndGet();
|
||||||
@ -239,7 +244,7 @@ public class HashDbIngestModule implements FileIngestModule {
|
|||||||
for (HashDb db : knownHashSets) {
|
for (HashDb db : knownHashSets) {
|
||||||
try {
|
try {
|
||||||
long lookupstart = System.currentTimeMillis();
|
long lookupstart = System.currentTimeMillis();
|
||||||
if (db.hasMd5HashOf(file)) {
|
if (db.lookupMD5Quick(file)) {
|
||||||
try {
|
try {
|
||||||
skCase.setKnown(file, TskData.FileKnown.KNOWN);
|
skCase.setKnown(file, TskData.FileKnown.KNOWN);
|
||||||
break;
|
break;
|
||||||
|
|||||||
@ -49,7 +49,7 @@ import org.netbeans.api.progress.ProgressHandleFactory;
|
|||||||
import org.sleuthkit.autopsy.coreutils.Logger;
|
import org.sleuthkit.autopsy.coreutils.Logger;
|
||||||
import org.sleuthkit.datamodel.AbstractFile;
|
import org.sleuthkit.datamodel.AbstractFile;
|
||||||
import org.sleuthkit.datamodel.Content;
|
import org.sleuthkit.datamodel.Content;
|
||||||
import org.sleuthkit.datamodel.HashInfo;
|
import org.sleuthkit.datamodel.HashHitInfo;
|
||||||
import org.sleuthkit.datamodel.HashEntry;
|
import org.sleuthkit.datamodel.HashEntry;
|
||||||
import org.sleuthkit.datamodel.SleuthkitJNI;
|
import org.sleuthkit.datamodel.SleuthkitJNI;
|
||||||
import org.sleuthkit.datamodel.TskCoreException;
|
import org.sleuthkit.datamodel.TskCoreException;
|
||||||
@ -883,7 +883,13 @@ public class HashDbManager implements PropertyChangeListener {
|
|||||||
SleuthkitJNI.addToHashDatabase(hashes, handle);
|
SleuthkitJNI.addToHashDatabase(hashes, handle);
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean hasMd5HashOf(Content content) throws TskCoreException {
|
/**
|
||||||
|
* Perform a basic boolean lookup of the file's hash.
|
||||||
|
* @param content
|
||||||
|
* @return True if file's MD5 is in the hash database
|
||||||
|
* @throws TskCoreException
|
||||||
|
*/
|
||||||
|
public boolean lookupMD5Quick(Content content) throws TskCoreException {
|
||||||
boolean result = false;
|
boolean result = false;
|
||||||
assert content instanceof AbstractFile;
|
assert content instanceof AbstractFile;
|
||||||
if (content instanceof AbstractFile) {
|
if (content instanceof AbstractFile) {
|
||||||
@ -895,8 +901,14 @@ public class HashDbManager implements PropertyChangeListener {
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
public HashInfo lookUp(Content content) throws TskCoreException {
|
/**
|
||||||
HashInfo result = null;
|
* Lookup hash value in DB and provide details on file.
|
||||||
|
* @param content
|
||||||
|
* @return null if file is not in database.
|
||||||
|
* @throws TskCoreException
|
||||||
|
*/
|
||||||
|
public HashHitInfo lookupMD5(Content content) throws TskCoreException {
|
||||||
|
HashHitInfo result = null;
|
||||||
// This only works for AbstractFiles and MD5 hashes at present.
|
// This only works for AbstractFiles and MD5 hashes at present.
|
||||||
assert content instanceof AbstractFile;
|
assert content instanceof AbstractFile;
|
||||||
if (content instanceof AbstractFile) {
|
if (content instanceof AbstractFile) {
|
||||||
@ -907,6 +919,7 @@ public class HashDbManager implements PropertyChangeListener {
|
|||||||
}
|
}
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
boolean hasIndex() throws TskCoreException {
|
boolean hasIndex() throws TskCoreException {
|
||||||
return SleuthkitJNI.hashDatabaseHasLookupIndex(handle);
|
return SleuthkitJNI.hashDatabaseHasLookupIndex(handle);
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user