mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-14 17:06:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bug fixes for user-defined file types

Browse Source
This commit is contained in:
Richard Cordovano 2014-12-21 23:48:43 -05:00
parent 747486c05c
commit a9ea3d280e
5 changed files with 29 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java
View File

@ -147,6 +147,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
mimeTypeTextField.getDocument().addDocumentListener(listener);
offsetTextField.getDocument().addDocumentListener(listener);
signatureTextField.getDocument().addDocumentListener(listener);
filesSetNameTextField.getDocument().addDocumentListener(listener);
}
/**
@ -186,13 +187,13 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
boolean fileTypeIsSelected = typesList.getSelectedIndex() != -1;
deleteTypeButton.setEnabled(!ingestIsRunning && fileTypeIsSelected);
boolean requiredFieldsPopulated
= !mimeTypeTextField.getText().isEmpty()
&& !offsetTextField.getText().isEmpty()
&& !signatureTextField.getText().isEmpty()
&& postHitCheckBox.isSelected() ? !filesSetNameTextField.getText().isEmpty() : true;
saveTypeButton.setEnabled(!ingestIsRunning && fileTypeIsSelected && requiredFieldsPopulated);
&& (postHitCheckBox.isSelected() ? !filesSetNameTextField.getText().isEmpty() : true);
saveTypeButton.setEnabled(!ingestIsRunning && requiredFieldsPopulated);
ingestRunningWarningLabel.setVisible(ingestIsRunning);
}
@ -234,6 +235,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
Signature signature = fileType.getSignature();
FileType.Signature.Type sigType = signature.getType();
signatureTypeComboBox.setSelectedItem(sigType == FileType.Signature.Type.RAW ? FileTypeIdGlobalSettingsPanel.RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM : FileTypeIdGlobalSettingsPanel.ASCII_SIGNATURE_TYPE_COMBO_BOX_ITEM);
this.signatureTextField.setText(DatatypeConverter.printHexBinary(signature.getSignatureBytes()));
offsetTextField.setText(Long.toString(signature.getOffset()));
postHitCheckBox.setSelected(fileType.alertOnMatch());
filesSetNameTextField.setText(fileType.getFilesSetName());
@ -576,6 +578,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
private void postHitCheckBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_postHitCheckBoxActionPerformed
filesSetNameTextField.setEnabled(postHitCheckBox.isSelected());
enableButtons();
}//GEN-LAST:event_postHitCheckBoxActionPerformed
private void signatureTypeComboBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_signatureTypeComboBoxActionPerformed

6
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java
View File

@ -113,9 +113,9 @@ public class FileTypeIdIngestModule implements FileIngestModule {
* Filter out very small files to minimize false positives.
*/
// RJCTODO: Make this size a setting
if (file.getSize() < MIN_FILE_SIZE) {
return ProcessResult.OK;
}
// if (file.getSize() < MIN_FILE_SIZE) {
// return ProcessResult.OK;
// }
try {
long startTime = System.currentTimeMillis();

1
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdModuleFactory.java
View File

@ -88,6 +88,7 @@ public class FileTypeIdModuleFactory extends IngestModuleFactoryAdapter {
if (null == globalSettingsPanel) {
globalSettingsPanel = new FileTypeIdGlobalSettingsPanel();
}
globalSettingsPanel.load();
return globalSettingsPanel;
}

16
Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypes.xsd
View File

@ -24,22 +24,22 @@
<xs:complexType name="signatureType">
<xs:sequence>
<xs:element name="bytes" type="stringType"/>
<xs:element name="offset" type="xs:nonNegativeInteger"/>
<xs:attribute name="type" type="sigInterpretationType" use="required"/>
<xs:element name="Bytes" type="stringType"/>
<xs:element name="Offset" type="xs:nonNegativeInteger"/>
<xs:attribute name="Type" type="sigInterpretationType" use="required"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="fileType">
<xs:complexType name="FileType">
<xs:sequence>
<xs:element name="mimetype" type="verbatimStringType"/>
<xs:element name="signature" type="signatureType"/>
<xs:element minOccurs="0" maxOccurs="1" name="filesset" type="stringType"/>
<xs:element name="Mimetype" type="verbatimStringType"/>
<xs:element name="Signature" type="signatureType"/>
<xs:element minOccurs="0" maxOccurs="1" name="InterestingFileSset" type="stringType"/>
<xs:attribute name="alert" type="xs:boolean" use="required"/>
</xs:sequence>
</xs:complexType>
<xs:element name="filetypes">
<xs:element name="FileTypes">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" name="filetype" type="fileType">

22
Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java
View File

@ -63,14 +63,14 @@ final class UserDefinedFileTypesManager {
private static final Logger logger = Logger.getLogger(UserDefinedFileTypesManager.class.getName());
private static final String FILE_TYPE_DEFINITIONS_SCHEMA_FILE = "FileTypeDefinitions.xsd"; //NON-NLS
private static final String USER_DEFINED_TYPE_DEFINITIONS_FILE = "UserFileTypeDefinitions.xml"; //NON-NLS
private static final String FILE_TYPES_TAG_NAME = "filetypes"; //NON-NLS
private static final String FILE_TYPE_TAG_NAME = "filetype"; //NON-NLS
private static final String MIME_TYPE_TAG_NAME = "mimetype"; //NON-NLS
private static final String SIGNATURE_TAG_NAME = "signature"; //NON-NLS
private static final String FILE_TYPES_TAG_NAME = "FileTypes"; //NON-NLS
private static final String FILE_TYPE_TAG_NAME = "FileType"; //NON-NLS
private static final String MIME_TYPE_TAG_NAME = "MimeType"; //NON-NLS
private static final String SIGNATURE_TAG_NAME = "Signature"; //NON-NLS
private static final String SIGNATURE_TYPE_ATTRIBUTE = "type"; //NON-NLS
private static final String BYTES_TAG_NAME = "bytes"; //NON-NLS
private static final String OFFSET_TAG_NAME = "offset"; //NON-NLS
private static final String INTERESTING_FILES_SET_TAG_NAME = "filesset"; //NON-NLS
private static final String BYTES_TAG_NAME = "Bytes"; //NON-NLS
private static final String OFFSET_TAG_NAME = "Offset"; //NON-NLS
private static final String INTERESTING_FILES_SET_TAG_NAME = "InterestingFileSset"; //NON-NLS
private static final String ALERT_ATTRIBUTE = "alert"; //NON-NLS
private static final String ENCODING_FOR_XML_FILE = "UTF-8"; //NON-NLS
private static final String ASCII_ENCODING = "US-ASCII"; //NON-NLS
@ -135,7 +135,7 @@ final class UserDefinedFileTypesManager {
/**
* Create a file type that should match $MBR in Small2 image.
*/
FileType fileType = new FileType("predefinedRAW", new Signature(new byte[]{(byte) 0x66, (byte) 0x73, (byte) 0x00}, 8L, FileType.Signature.Type.RAW), "predefinedRAW", true);
FileType fileType = new FileType("predefinedRAW", new Signature(new byte[]{(byte) 0x66, (byte) 0x73, (byte) 0x00}, 8L, FileType.Signature.Type.RAW), "Suspicious", true);
this.addPredefinedFileType(fileType);
/**
@ -143,7 +143,7 @@ final class UserDefinedFileTypesManager {
*/
// RJCTODO: Remove test file type.
try {
fileType = new FileType("predefinedASCII", new Signature("hello".getBytes(UserDefinedFileTypesManager.ASCII_ENCODING), 0L, FileType.Signature.Type.ASCII), "predefinedASCII", true);
fileType = new FileType("predefinedASCII", new Signature("hello".getBytes(UserDefinedFileTypesManager.ASCII_ENCODING), 0L, FileType.Signature.Type.ASCII), "Benign", true);
this.addPredefinedFileType(fileType);
} catch (UnsupportedEncodingException ex) {
UserDefinedFileTypesManager.logger.log(Level.SEVERE, "Unable to create 'predefinedASCII' predefined file type definition", ex); //NON-NLS
@ -422,8 +422,8 @@ final class UserDefinedFileTypesManager {
*/
private static List<FileType> readFileTypes(String filePath) throws IOException, ParserConfigurationException, SAXException {
List<FileType> fileTypes = new ArrayList<>();
Path schemaFilePath = Paths.get(PlatformUtil.getUserConfigDirectory(), UserDefinedFileTypesManager.FILE_TYPE_DEFINITIONS_SCHEMA_FILE);
Document doc = XMLUtil.loadDocument(filePath, UserDefinedFileTypesManager.XmlReader.class, schemaFilePath.toAbsolutePath().toString());
// Document doc = XMLUtil.loadDocument(filePath, UserDefinedFileTypesManager.XmlReader.class, UserDefinedFileTypesManager.FILE_TYPE_DEFINITIONS_SCHEMA_FILE); RJCTODO
Document doc = XMLUtil.loadDocument(filePath);
if (doc != null) {
Element fileTypesElem = doc.getDocumentElement();
if (fileTypesElem != null && fileTypesElem.getNodeName().equals(UserDefinedFileTypesManager.FILE_TYPES_TAG_NAME)) {