mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 09:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Bug fixes for user-defined file types

Browse Source
This commit is contained in:
Richard Cordovano 2014-12-21 23:48:43 -05:00
parent 747486c05c
commit a9ea3d280e
5 changed files with 29 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java
View File

@ -147,6 +147,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
mimeTypeTextField.getDocument().addDocumentListener(listener); mimeTypeTextField.getDocument().addDocumentListener(listener);
offsetTextField.getDocument().addDocumentListener(listener); offsetTextField.getDocument().addDocumentListener(listener);
signatureTextField.getDocument().addDocumentListener(listener); signatureTextField.getDocument().addDocumentListener(listener);
filesSetNameTextField.getDocument().addDocumentListener(listener);
} }
/** /**
@ -191,8 +192,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
= !mimeTypeTextField.getText().isEmpty() = !mimeTypeTextField.getText().isEmpty()
&& !offsetTextField.getText().isEmpty() && !offsetTextField.getText().isEmpty()
&& !signatureTextField.getText().isEmpty() && !signatureTextField.getText().isEmpty()
&& postHitCheckBox.isSelected() ? !filesSetNameTextField.getText().isEmpty() : true; && (postHitCheckBox.isSelected() ? !filesSetNameTextField.getText().isEmpty() : true);
saveTypeButton.setEnabled(!ingestIsRunning && fileTypeIsSelected && requiredFieldsPopulated); saveTypeButton.setEnabled(!ingestIsRunning && requiredFieldsPopulated);
ingestRunningWarningLabel.setVisible(ingestIsRunning); ingestRunningWarningLabel.setVisible(ingestIsRunning);
} }
@ -234,6 +235,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
Signature signature = fileType.getSignature(); Signature signature = fileType.getSignature();
FileType.Signature.Type sigType = signature.getType(); FileType.Signature.Type sigType = signature.getType();
signatureTypeComboBox.setSelectedItem(sigType == FileType.Signature.Type.RAW ? FileTypeIdGlobalSettingsPanel.RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM : FileTypeIdGlobalSettingsPanel.ASCII_SIGNATURE_TYPE_COMBO_BOX_ITEM); signatureTypeComboBox.setSelectedItem(sigType == FileType.Signature.Type.RAW ? FileTypeIdGlobalSettingsPanel.RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM : FileTypeIdGlobalSettingsPanel.ASCII_SIGNATURE_TYPE_COMBO_BOX_ITEM);
this.signatureTextField.setText(DatatypeConverter.printHexBinary(signature.getSignatureBytes()));
offsetTextField.setText(Long.toString(signature.getOffset())); offsetTextField.setText(Long.toString(signature.getOffset()));
postHitCheckBox.setSelected(fileType.alertOnMatch()); postHitCheckBox.setSelected(fileType.alertOnMatch());
filesSetNameTextField.setText(fileType.getFilesSetName()); filesSetNameTextField.setText(fileType.getFilesSetName());
@ -576,6 +578,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
private void postHitCheckBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_postHitCheckBoxActionPerformed private void postHitCheckBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_postHitCheckBoxActionPerformed
filesSetNameTextField.setEnabled(postHitCheckBox.isSelected()); filesSetNameTextField.setEnabled(postHitCheckBox.isSelected());
enableButtons();
}//GEN-LAST:event_postHitCheckBoxActionPerformed }//GEN-LAST:event_postHitCheckBoxActionPerformed
private void signatureTypeComboBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_signatureTypeComboBoxActionPerformed private void signatureTypeComboBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_signatureTypeComboBoxActionPerformed

6
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java
View File

@ -113,9 +113,9 @@ public class FileTypeIdIngestModule implements FileIngestModule {
* Filter out very small files to minimize false positives. * Filter out very small files to minimize false positives.
*/ */
// RJCTODO: Make this size a setting // RJCTODO: Make this size a setting
if (file.getSize() < MIN_FILE_SIZE) { // if (file.getSize() < MIN_FILE_SIZE) {
return ProcessResult.OK; // return ProcessResult.OK;
} // }
try { try {
long startTime = System.currentTimeMillis(); long startTime = System.currentTimeMillis();

1
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdModuleFactory.java
View File

@ -88,6 +88,7 @@ public class FileTypeIdModuleFactory extends IngestModuleFactoryAdapter {
if (null == globalSettingsPanel) { if (null == globalSettingsPanel) {
globalSettingsPanel = new FileTypeIdGlobalSettingsPanel(); globalSettingsPanel = new FileTypeIdGlobalSettingsPanel();
} }
globalSettingsPanel.load();
return globalSettingsPanel; return globalSettingsPanel;
} }

16
Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypes.xsd
View File

@ -24,22 +24,22 @@
<xs:complexType name="signatureType"> <xs:complexType name="signatureType">
<xs:sequence> <xs:sequence>
<xs:element name="bytes" type="stringType"/> <xs:element name="Bytes" type="stringType"/>
<xs:element name="offset" type="xs:nonNegativeInteger"/> <xs:element name="Offset" type="xs:nonNegativeInteger"/>
<xs:attribute name="type" type="sigInterpretationType" use="required"/> <xs:attribute name="Type" type="sigInterpretationType" use="required"/>
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
<xs:complexType name="fileType"> <xs:complexType name="FileType">
<xs:sequence> <xs:sequence>
<xs:element name="mimetype" type="verbatimStringType"/> <xs:element name="Mimetype" type="verbatimStringType"/>
<xs:element name="signature" type="signatureType"/> <xs:element name="Signature" type="signatureType"/>
<xs:element minOccurs="0" maxOccurs="1" name="filesset" type="stringType"/> <xs:element minOccurs="0" maxOccurs="1" name="InterestingFileSset" type="stringType"/>
<xs:attribute name="alert" type="xs:boolean" use="required"/> <xs:attribute name="alert" type="xs:boolean" use="required"/>
</xs:sequence> </xs:sequence>
</xs:complexType> </xs:complexType>
<xs:element name="filetypes"> <xs:element name="FileTypes">
<xs:complexType> <xs:complexType>
<xs:sequence> <xs:sequence>
<xs:element minOccurs="0" maxOccurs="unbounded" name="filetype" type="fileType"> <xs:element minOccurs="0" maxOccurs="unbounded" name="filetype" type="fileType">

22
Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java
View File

@ -63,14 +63,14 @@ final class UserDefinedFileTypesManager {
private static final Logger logger = Logger.getLogger(UserDefinedFileTypesManager.class.getName()); private static final Logger logger = Logger.getLogger(UserDefinedFileTypesManager.class.getName());
private static final String FILE_TYPE_DEFINITIONS_SCHEMA_FILE = "FileTypeDefinitions.xsd"; //NON-NLS private static final String FILE_TYPE_DEFINITIONS_SCHEMA_FILE = "FileTypeDefinitions.xsd"; //NON-NLS
private static final String USER_DEFINED_TYPE_DEFINITIONS_FILE = "UserFileTypeDefinitions.xml"; //NON-NLS private static final String USER_DEFINED_TYPE_DEFINITIONS_FILE = "UserFileTypeDefinitions.xml"; //NON-NLS
private static final String FILE_TYPES_TAG_NAME = "filetypes"; //NON-NLS private static final String FILE_TYPES_TAG_NAME = "FileTypes"; //NON-NLS
private static final String FILE_TYPE_TAG_NAME = "filetype"; //NON-NLS private static final String FILE_TYPE_TAG_NAME = "FileType"; //NON-NLS
private static final String MIME_TYPE_TAG_NAME = "mimetype"; //NON-NLS private static final String MIME_TYPE_TAG_NAME = "MimeType"; //NON-NLS
private static final String SIGNATURE_TAG_NAME = "signature"; //NON-NLS private static final String SIGNATURE_TAG_NAME = "Signature"; //NON-NLS
private static final String SIGNATURE_TYPE_ATTRIBUTE = "type"; //NON-NLS private static final String SIGNATURE_TYPE_ATTRIBUTE = "type"; //NON-NLS
private static final String BYTES_TAG_NAME = "bytes"; //NON-NLS private static final String BYTES_TAG_NAME = "Bytes"; //NON-NLS
private static final String OFFSET_TAG_NAME = "offset"; //NON-NLS private static final String OFFSET_TAG_NAME = "Offset"; //NON-NLS
private static final String INTERESTING_FILES_SET_TAG_NAME = "filesset"; //NON-NLS private static final String INTERESTING_FILES_SET_TAG_NAME = "InterestingFileSset"; //NON-NLS
private static final String ALERT_ATTRIBUTE = "alert"; //NON-NLS private static final String ALERT_ATTRIBUTE = "alert"; //NON-NLS
private static final String ENCODING_FOR_XML_FILE = "UTF-8"; //NON-NLS private static final String ENCODING_FOR_XML_FILE = "UTF-8"; //NON-NLS
private static final String ASCII_ENCODING = "US-ASCII"; //NON-NLS private static final String ASCII_ENCODING = "US-ASCII"; //NON-NLS
@ -135,7 +135,7 @@ final class UserDefinedFileTypesManager {
/** /**
* Create a file type that should match $MBR in Small2 image. * Create a file type that should match $MBR in Small2 image.
*/ */
FileType fileType = new FileType("predefinedRAW", new Signature(new byte[]{(byte) 0x66, (byte) 0x73, (byte) 0x00}, 8L, FileType.Signature.Type.RAW), "predefinedRAW", true); FileType fileType = new FileType("predefinedRAW", new Signature(new byte[]{(byte) 0x66, (byte) 0x73, (byte) 0x00}, 8L, FileType.Signature.Type.RAW), "Suspicious", true);
this.addPredefinedFileType(fileType); this.addPredefinedFileType(fileType);
/** /**
@ -143,7 +143,7 @@ final class UserDefinedFileTypesManager {
*/ */
// RJCTODO: Remove test file type. // RJCTODO: Remove test file type.
try { try {
fileType = new FileType("predefinedASCII", new Signature("hello".getBytes(UserDefinedFileTypesManager.ASCII_ENCODING), 0L, FileType.Signature.Type.ASCII), "predefinedASCII", true); fileType = new FileType("predefinedASCII", new Signature("hello".getBytes(UserDefinedFileTypesManager.ASCII_ENCODING), 0L, FileType.Signature.Type.ASCII), "Benign", true);
this.addPredefinedFileType(fileType); this.addPredefinedFileType(fileType);
} catch (UnsupportedEncodingException ex) { } catch (UnsupportedEncodingException ex) {
UserDefinedFileTypesManager.logger.log(Level.SEVERE, "Unable to create 'predefinedASCII' predefined file type definition", ex); //NON-NLS UserDefinedFileTypesManager.logger.log(Level.SEVERE, "Unable to create 'predefinedASCII' predefined file type definition", ex); //NON-NLS
@ -422,8 +422,8 @@ final class UserDefinedFileTypesManager {
*/ */
private static List<FileType> readFileTypes(String filePath) throws IOException, ParserConfigurationException, SAXException { private static List<FileType> readFileTypes(String filePath) throws IOException, ParserConfigurationException, SAXException {
List<FileType> fileTypes = new ArrayList<>(); List<FileType> fileTypes = new ArrayList<>();
Path schemaFilePath = Paths.get(PlatformUtil.getUserConfigDirectory(), UserDefinedFileTypesManager.FILE_TYPE_DEFINITIONS_SCHEMA_FILE); // Document doc = XMLUtil.loadDocument(filePath, UserDefinedFileTypesManager.XmlReader.class, UserDefinedFileTypesManager.FILE_TYPE_DEFINITIONS_SCHEMA_FILE); RJCTODO
Document doc = XMLUtil.loadDocument(filePath, UserDefinedFileTypesManager.XmlReader.class, schemaFilePath.toAbsolutePath().toString()); Document doc = XMLUtil.loadDocument(filePath);
if (doc != null) { if (doc != null) {
Element fileTypesElem = doc.getDocumentElement(); Element fileTypesElem = doc.getDocumentElement();
if (fileTypesElem != null && fileTypesElem.getNodeName().equals(UserDefinedFileTypesManager.FILE_TYPES_TAG_NAME)) { if (fileTypesElem != null && fileTypesElem.getNodeName().equals(UserDefinedFileTypesManager.FILE_TYPES_TAG_NAME)) {