diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java index aba9b34ead..1c350b691e 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java @@ -127,7 +127,7 @@ abstract class AbstractContentChildren extends Keys { @Override public AbstractNode visit(SearchFilters sf) { - return new SearchFiltersNode(sf.getSleuthkitCase(), true); + return new SearchFiltersNode(sf.getSleuthkitCase(), null); } @Override diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyItemVisitor.java b/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyItemVisitor.java index 8cba2b24ae..389b696fe2 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyItemVisitor.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyItemVisitor.java @@ -28,6 +28,7 @@ public interface AutopsyItemVisitor { T visit(SearchFilters sf); T visit(SearchFilters.FileSearchFilter fsf); T visit(SearchFilters.DocumentFilter df); + T visit(SearchFilters.ExecutableFilter ef); T visit(RecentFiles rf); T visit(RecentFiles.RecentFilesFilter rff); T visit(DeletedContent dc); @@ -64,6 +65,11 @@ public interface AutopsyItemVisitor { return defaultVisit(df); } + @Override + public T visit(SearchFilters.ExecutableFilter ef) { + return defaultVisit(ef); + } + @Override public T visit(DeletedContent dc) { return defaultVisit(dc); diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/FileSearchFilterChildren.java b/Core/src/org/sleuthkit/autopsy/datamodel/FileSearchFilterChildren.java index 01d4a052f9..e6ca58c9ad 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/FileSearchFilterChildren.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/FileSearchFilterChildren.java @@ -30,7 +30,6 @@ import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.ContentVisitor; import org.sleuthkit.datamodel.DerivedFile; import org.sleuthkit.datamodel.File; -import org.sleuthkit.datamodel.FsContent; import org.sleuthkit.datamodel.LocalFile; import org.sleuthkit.datamodel.LayoutFile; import org.sleuthkit.datamodel.SleuthkitCase; diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/FileSearchFilterNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/FileSearchFilterNode.java index 8de20e0a40..ac1c82ac60 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/FileSearchFilterNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/FileSearchFilterNode.java @@ -18,11 +18,9 @@ */ package org.sleuthkit.autopsy.datamodel; -import org.openide.nodes.AbstractNode; import org.openide.nodes.Children; import org.openide.nodes.Sheet; import org.openide.util.lookup.Lookups; -import org.sleuthkit.autopsy.datamodel.SearchFilters.FileSearchFilter; import org.sleuthkit.datamodel.SleuthkitCase; /** diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/SearchFilters.java b/Core/src/org/sleuthkit/autopsy/datamodel/SearchFilters.java index 31266dc4f8..b3ab484aaf 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/SearchFilters.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/SearchFilters.java @@ -33,8 +33,9 @@ public class SearchFilters implements AutopsyVisitableItem { TSK_IMAGE_FILTER(0, "TSK_IMAGE_FILTER", "Images", FileTypeExtensions.getImageExtensions()), TSK_VIDEO_FILTER(1, "TSK_VIDEO_FILTER", "Videos", FileTypeExtensions.getVideoExtensions()), TSK_AUDIO_FILTER(2, "TSK_AUDIO_FILTER", "Audio", FileTypeExtensions.getAudioExtensions()), + TSK_ARCHIVE_FILTER(3, "TSK_ARCHIVE_FILTER", "Archives", FileTypeExtensions.getArchiveExtensions()), TSK_DOCUMENT_FILTER(3, "TSK_DOCUMENT_FILTER", "Documents", Arrays.asList(".doc", ".docx", ".pdf", ".xls", ".rtf", ".txt")), - TSK_ARCHIVE_FILTER(3, "TSK_ARCHIVE_FILTER", "Archives", FileTypeExtensions.getArchiveExtensions()); + TSK_EXECUTABLE_FILTER(3, "TSK_EXECUTABLE_FILTER", "Executable", Arrays.asList(".exe", ".dll", ".bat", ".cmd", ".com")); private int id; private String name; @@ -82,10 +83,10 @@ public class SearchFilters implements AutopsyVisitableItem { AUT_DOC_TXT(3, "AUT_DOC_TXT", "Plain Text", Arrays.asList(".txt")), AUT_DOC_RTF(4, "AUT_DOC_RTF", "Rich Text", Arrays.asList(".rtf")); - int id; - String name; - String displayName; - List filter; + private int id; + private String name; + private String displayName; + private List filter; private DocumentFilter(int id, String name, String displayName, List filter){ this.id = id; @@ -119,6 +120,52 @@ public class SearchFilters implements AutopsyVisitableItem { return this.filter; } } + + + public enum ExecutableFilter implements AutopsyVisitableItem,SearchFilterInterface { + ExecutableFilter_EXE(0, "ExecutableFilter_EXE", ".exe", Arrays.asList(".exe")), + ExecutableFilter_DLL(0, "ExecutableFilter_DLL", ".dll", Arrays.asList(".dll")), + ExecutableFilter_BAT(0, "ExecutableFilter_BAT", ".bat", Arrays.asList(".bat")), + ExecutableFilter_CMD(0, "ExecutableFilter_CMD", ".cmd", Arrays.asList(".cmd")), + ExecutableFilter_COM(0, "ExecutableFilter_COM", ".com", Arrays.asList(".com")); + + private int id; + private String name; + private String displayName; + private List filter; + + private ExecutableFilter(int id, String name, String displayName, List filter){ + this.id = id; + this.name = name; + this.displayName = displayName; + this.filter = filter; + } + + @Override + public T accept(AutopsyItemVisitor v) { + return v.visit(this); + } + + @Override + public String getName(){ + return this.name; + } + + @Override + public int getId(){ + return this.id; + } + + @Override + public String getDisplayName(){ + return this.displayName; + } + + @Override + public List getFilter(){ + return this.filter; + } + } public SearchFilters(SleuthkitCase skCase){ this.skCase = skCase; diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/SearchFiltersChildren.java b/Core/src/org/sleuthkit/autopsy/datamodel/SearchFiltersChildren.java index 95e928d6d4..cdc1109a47 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/SearchFiltersChildren.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/SearchFiltersChildren.java @@ -31,28 +31,38 @@ import org.sleuthkit.datamodel.SleuthkitCase; class SearchFiltersChildren extends ChildFactory { private SleuthkitCase skCase; - private boolean root; + private SearchFilters.FileSearchFilter filter; - public SearchFiltersChildren(SleuthkitCase skCase, boolean root) { + public SearchFiltersChildren(SleuthkitCase skCase, SearchFilters.FileSearchFilter filter) { this.skCase = skCase; - this.root = root; + this.filter = filter; } @Override protected boolean createKeys(List list) { - if(root) + if (filter == null) { list.addAll(Arrays.asList(FileSearchFilter.values())); - else + } + else if (filter.equals(FileSearchFilter.TSK_DOCUMENT_FILTER) ){ list.addAll(Arrays.asList(SearchFilters.DocumentFilter.values())); + } + else if (filter.equals(FileSearchFilter.TSK_EXECUTABLE_FILTER) ){ + list.addAll(Arrays.asList(SearchFilters.ExecutableFilter.values())); + } return true; } @Override protected Node createNodeForKey(SearchFilters.SearchFilterInterface key){ if(key.getName().equals(SearchFilters.FileSearchFilter.TSK_DOCUMENT_FILTER.getName())){ - return new SearchFiltersNode(skCase, false); + return new SearchFiltersNode(skCase, SearchFilters.FileSearchFilter.TSK_DOCUMENT_FILTER); + } + else if(key.getName().equals(SearchFilters.FileSearchFilter.TSK_EXECUTABLE_FILTER.getName())){ + return new SearchFiltersNode(skCase, SearchFilters.FileSearchFilter.TSK_EXECUTABLE_FILTER); + } + else { + return new FileSearchFilterNode(key, skCase); } - return new FileSearchFilterNode(key, skCase); } } diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/SearchFiltersNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/SearchFiltersNode.java index 50b5731a58..6eabf8cc79 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/SearchFiltersNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/SearchFiltersNode.java @@ -18,7 +18,6 @@ */ package org.sleuthkit.autopsy.datamodel; -import org.openide.nodes.AbstractNode; import org.openide.nodes.Children; import org.openide.nodes.Sheet; import org.openide.util.lookup.Lookups; @@ -30,17 +29,16 @@ import org.sleuthkit.datamodel.SleuthkitCase; public class SearchFiltersNode extends DisplayableItemNode { private static final String FNAME = "File Types"; - private static final String DNAME = "Documents"; - SleuthkitCase skCase; + private SleuthkitCase skCase; - SearchFiltersNode(SleuthkitCase skCase, boolean root) { - super(Children.create(new SearchFiltersChildren(skCase, root), true), Lookups.singleton(root ? FNAME : DNAME)); - if (root) { + SearchFiltersNode(SleuthkitCase skCase, SearchFilters.FileSearchFilter filter) { + super(Children.create(new SearchFiltersChildren(skCase, filter), true), Lookups.singleton(filter == null ? FNAME : filter.getName())); + if (filter == null) { super.setName(FNAME); super.setDisplayName(FNAME); } else { - super.setName(DNAME); - super.setDisplayName(DNAME); + super.setName(filter.getName()); + super.setDisplayName(filter.getDisplayName()); } this.skCase = skCase; this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/file_types.png");