mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Changes and bug fixes to run reports from command line

Browse Source
This commit is contained in:
Eugene Livis 2019-09-03 10:53:17 -04:00
parent eec7b7b5eb
commit 9b39e9c603
4 changed files with 95 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Core/src/org/sleuthkit/autopsy/report/Bundle.properties-MERGED
View File

@ -33,6 +33,8 @@ PortableCaseReportModule.generateReport.errorCopyingInterestingResults=Error cop
PortableCaseReportModule.generateReport.errorCopyingTags=Error copying tags PortableCaseReportModule.generateReport.errorCopyingTags=Error copying tags
# {0} - attribute type name # {0} - attribute type name
PortableCaseReportModule.generateReport.errorLookingUpAttrType=Error looking up attribute type {0} PortableCaseReportModule.generateReport.errorLookingUpAttrType=Error looking up attribute type {0}
PortableCaseReportModule.generateReport.errorReadingSets=Error while reading interesting items sets from case database
PortableCaseReportModule.generateReport.errorReadingTags=Error while reading tags from case database
PortableCaseReportModule.generateReport.interestingItemError=Error loading intersting items PortableCaseReportModule.generateReport.interestingItemError=Error loading intersting items
PortableCaseReportModule.generateReport.noContentToCopy=No interesting files, results, or tagged items to copy PortableCaseReportModule.generateReport.noContentToCopy=No interesting files, results, or tagged items to copy
# {0} - output folder # {0} - output folder

42
Core/src/org/sleuthkit/autopsy/report/PortableCaseInterestingItemsListPanel.java
View File

@ -23,8 +23,6 @@ import java.awt.event.ItemEvent;
import java.awt.event.ItemListener; import java.awt.event.ItemListener;
import java.awt.event.MouseAdapter; import java.awt.event.MouseAdapter;
import java.awt.event.MouseEvent; import java.awt.event.MouseEvent;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
@ -35,7 +33,6 @@ import java.util.logging.Level;
import javax.swing.JCheckBox; import javax.swing.JCheckBox;
import javax.swing.JLabel; import javax.swing.JLabel;
import javax.swing.JList; import javax.swing.JList;
import javax.swing.JOptionPane;
import javax.swing.ListCellRenderer; import javax.swing.ListCellRenderer;
import javax.swing.ListModel; import javax.swing.ListModel;
import javax.swing.event.ListDataListener; import javax.swing.event.ListDataListener;
@ -43,9 +40,9 @@ import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.report.PortableCaseReportModule.GetInterestingItemSetNamesCallback;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.CaseDbAccessManager;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
/** /**
@ -222,43 +219,6 @@ class PortableCaseInterestingItemsListPanel extends javax.swing.JPanel {
return selectedSetNames; return selectedSetNames;
} }
/**
* Processes the result sets from the interesting item set name query.
*/
private static class GetInterestingItemSetNamesCallback implements CaseDbAccessManager.CaseDbAccessQueryCallback {
private static final java.util.logging.Logger logger = java.util.logging.Logger.getLogger(GetInterestingItemSetNamesCallback.class.getName());
private final Map<String, Long> setCounts = new HashMap<>();
@Override
public void process(ResultSet rs) {
try {
while (rs.next()) {
try {
Long setCount = rs.getLong("set_count"); // NON-NLS
String setName = rs.getString("set_name"); // NON-NLS
setCounts.put(setName, setCount);
} catch (SQLException ex) {
logger.log(Level.WARNING, "Unable to get data_source_obj_id or value from result set", ex); // NON-NLS
}
}
} catch (SQLException ex) {
logger.log(Level.WARNING, "Failed to get next result for values by datasource", ex); // NON-NLS
}
}
/**
* Gets the counts for each interesting items set
*
* @return A map from each set name to the number of items in it
*/
Map<String, Long> getSetCountMap() {
return setCounts;
}
}
/** /**
* This method is called from within the constructor to initialize the form. * This method is called from within the constructor to initialize the form.
* WARNING: Do NOT modify this code. The content of this method is always * WARNING: Do NOT modify this code. The content of this method is always

93
Core/src/org/sleuthkit/autopsy/report/PortableCaseReportModule.java
View File

@ -77,7 +77,7 @@ class PortableCaseReportModule implements ReportModule {
private Case currentCase = null; private Case currentCase = null;
private SleuthkitCase portableSkCase = null; private SleuthkitCase portableSkCase = null;
private String caseName; private String caseName = "";
private File caseFolder = null; private File caseFolder = null;
private File copiedFilesFolder = null; private File copiedFilesFolder = null;
@ -171,6 +171,8 @@ class PortableCaseReportModule implements ReportModule {
"PortableCaseReportModule.generateReport.outputDirIsNotDir=Output folder {0} is not a folder", "PortableCaseReportModule.generateReport.outputDirIsNotDir=Output folder {0} is not a folder",
"PortableCaseReportModule.generateReport.caseClosed=Current case has been closed", "PortableCaseReportModule.generateReport.caseClosed=Current case has been closed",
"PortableCaseReportModule.generateReport.interestingItemError=Error loading intersting items", "PortableCaseReportModule.generateReport.interestingItemError=Error loading intersting items",
"PortableCaseReportModule.generateReport.errorReadingTags=Error while reading tags from case database",
"PortableCaseReportModule.generateReport.errorReadingSets=Error while reading interesting items sets from case database",
"PortableCaseReportModule.generateReport.noContentToCopy=No interesting files, results, or tagged items to copy", "PortableCaseReportModule.generateReport.noContentToCopy=No interesting files, results, or tagged items to copy",
"PortableCaseReportModule.generateReport.errorCopyingTags=Error copying tags", "PortableCaseReportModule.generateReport.errorCopyingTags=Error copying tags",
"PortableCaseReportModule.generateReport.errorCopyingFiles=Error copying tagged files", "PortableCaseReportModule.generateReport.errorCopyingFiles=Error copying tagged files",
@ -216,8 +218,32 @@ class PortableCaseReportModule implements ReportModule {
} }
// Check that there will be something to copy // Check that there will be something to copy
List<TagName> tagNames = options.getSelectedTagNames(); List<TagName> tagNames;
List<String> setNames = options.getSelectedSetNames(); if (options.isAllTagsSelected()) {
try {
tagNames = Case.getCurrentCaseThrows().getServices().getTagsManager().getTagNamesInUse();
} catch (NoCurrentCaseException | TskCoreException ex) {
handleError("Unable to get all tags",
Bundle.PortableCaseReportModule_generateReport_errorReadingTags(), ex, progressPanel); // NON-NLS
return;
}
} else {
tagNames = options.getSelectedTagNames();
}
List<String> setNames;
if (options.isAllSetsSelected()) {
try {
setNames = getAllInterestingItemsSets();
} catch (NoCurrentCaseException | TskCoreException ex) {
handleError("Unable to get all interesting items sets",
Bundle.PortableCaseReportModule_generateReport_errorReadingSets(), ex, progressPanel); // NON-NLS
return;
}
} else {
setNames = options.getSelectedSetNames();
}
if (tagNames.isEmpty() && setNames.isEmpty()) { if (tagNames.isEmpty() && setNames.isEmpty()) {
handleError("No content to copy", handleError("No content to copy",
Bundle.PortableCaseReportModule_generateReport_noContentToCopy(), null, progressPanel); // NON-NLS Bundle.PortableCaseReportModule_generateReport_noContentToCopy(), null, progressPanel); // NON-NLS
@ -393,6 +419,30 @@ class PortableCaseReportModule implements ReportModule {
} }
private List<String> getAllInterestingItemsSets() throws NoCurrentCaseException, TskCoreException {
// Get the set names in use for the current case.
List<String> setNames = new ArrayList<>();
Map<String, Long> setCounts;
// There may not be a case open when configuring report modules for Command Line execution
// Get all SET_NAMEs from interesting item artifacts
String innerSelect = "SELECT (value_text) AS set_name FROM blackboard_attributes WHERE (artifact_type_id = '"
+ BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID() + "' OR artifact_type_id = '"
+ BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT.getTypeID() + "') AND attribute_type_id = '"
+ BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID() + "'"; // NON-NLS
// Get the count of each SET_NAME
String query = "set_name, count(1) AS set_count FROM (" + innerSelect + ") set_names GROUP BY set_name"; // NON-NLS
GetInterestingItemSetNamesCallback callback = new GetInterestingItemSetNamesCallback();
Case.getCurrentCaseThrows().getSleuthkitCase().getCaseDbAccessManager().select(query, callback);
setCounts = callback.getSetCountMap();
setNames.addAll(setCounts.keySet());
return setNames;
}
/** /**
* Create the case directory and case database. * Create the case directory and case database.
* portableSkCase will be set if this completes without error. * portableSkCase will be set if this completes without error.
@ -988,4 +1038,41 @@ class PortableCaseReportModule implements ReportModule {
return exeFile; return exeFile;
} }
/**
* Processes the result sets from the interesting item set name query.
*/
static class GetInterestingItemSetNamesCallback implements CaseDbAccessManager.CaseDbAccessQueryCallback {
private static final java.util.logging.Logger logger = java.util.logging.Logger.getLogger(GetInterestingItemSetNamesCallback.class.getName());
private final Map<String, Long> setCounts = new HashMap<>();
@Override
public void process(ResultSet rs) {
try {
while (rs.next()) {
try {
Long setCount = rs.getLong("set_count"); // NON-NLS
String setName = rs.getString("set_name"); // NON-NLS
setCounts.put(setName, setCount);
} catch (SQLException ex) {
logger.log(Level.WARNING, "Unable to get data_source_obj_id or value from result set", ex); // NON-NLS
}
}
} catch (SQLException ex) {
logger.log(Level.WARNING, "Failed to get next result for values by datasource", ex); // NON-NLS
}
}
/**
* Gets the counts for each interesting items set
*
* @return A map from each set name to the number of items in it
*/
Map<String, Long> getSetCountMap() {
return setCounts;
}
}
} }

4
Core/src/org/sleuthkit/autopsy/report/TableReportGenerator.java
View File

@ -85,8 +85,8 @@ class TableReportGenerator {
private void getAllExistingTags() throws NoCurrentCaseException, TskCoreException { private void getAllExistingTags() throws NoCurrentCaseException, TskCoreException {
List<String> tagNames = new ArrayList<>(); List<String> tagNames = new ArrayList<>();
// get all possible tag names // get all tag names from this case
List<TagName> tagNamesInUse = Case.getCurrentCaseThrows().getServices().getTagsManager().getAllTagNames(); List<TagName> tagNamesInUse = Case.getCurrentCaseThrows().getServices().getTagsManager().getTagNamesInUse();
String notableString = ""; String notableString = "";
for (TagName tagName : tagNamesInUse) { for (TagName tagName : tagNamesInUse) {