mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Codacy fixes.

Browse Source
This commit is contained in:
U-BASIS\dgrove 2018-06-12 18:26:33 -04:00
parent fc8587cd0d
commit aa7ae523ff
1 changed files with 28 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java
View File

@ -74,8 +74,8 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter
private static final String MIME_TYPE_MSPOWERPOINT = "application/vnd.ms-powerpoint"; private static final String MIME_TYPE_MSPOWERPOINT = "application/vnd.ms-powerpoint";
private static final String MIME_TYPE_MSACCESS = "application/x-msaccess"; private static final String MIME_TYPE_MSACCESS = "application/x-msaccess";
private static final String MIME_TYPE_PDF = "application/pdf"; private static final String MIME_TYPE_PDF = "application/pdf";
private static final String[] FILE_IGNORE_LIST = { "hiberfile.sys", "pagefile.sys" }; private static final String[] FILE_IGNORE_LIST = {"hiberfile.sys", "pagefile.sys"};
private final IngestServices services = IngestServices.getInstance(); private final IngestServices services = IngestServices.getInstance();
private final Logger logger = services.getLogger(EncryptionDetectionModuleFactory.getModuleName()); private final Logger logger = services.getLogger(EncryptionDetectionModuleFactory.getModuleName());
@ -124,51 +124,40 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter
try { try {
/* /*
* Qualify the file type. * Qualify the file type, qualify it against hash databases, and
* verify the file hasn't been deleted.
*/ */
if (!file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) if (!file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)
&& !file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) && !file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS)
&& !file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR) && !file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR)
&& !file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL_DIR) && !file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL_DIR)
&& (!file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK) || slackFilesAllowed)) { && (!file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK) || slackFilesAllowed)
&& !file.getKnown().equals(TskData.FileKnown.KNOWN)
&& !file.isMetaFlagSet(TskData.TSK_FS_META_FLAG_ENUM.UNALLOC)) {
/* /*
* Qualify the file against hash databases. * Is the file in FILE_IGNORE_LIST?
*/ */
if (!file.getKnown().equals(TskData.FileKnown.KNOWN)) { String filePath = file.getParentPath();
/* if (filePath.equals("/")) {
* Has the file been deleted? String fileName = file.getName();
*/ for (String listEntry : FILE_IGNORE_LIST) {
if (!file.isMetaFlagSet(TskData.TSK_FS_META_FLAG_ENUM.UNALLOC)) { if (fileName.equalsIgnoreCase(listEntry)) {
/* // Skip this file.
* Is the file in FILE_IGNORE_LIST? return IngestModule.ProcessResult.OK;
*/
String filePath = file.getParentPath();
if (filePath.equals("/")) {
String fileName = file.getName();
for (String listEntry : FILE_IGNORE_LIST) {
if (fileName.equalsIgnoreCase(listEntry)) {
// Skip this file.
return IngestModule.ProcessResult.OK;
}
}
}
/*
* Qualify the MIME type.
*/
String mimeType = fileTypeDetector.getMIMEType(file);
if (mimeType.equals("application/octet-stream")) {
if (isFileEncryptionSuspected(file)) {
return flagFile(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_SUSPECTED,
String.format(Bundle.EncryptionDetectionFileIngestModule_artifactComment_suspected(), calculatedEntropy));
}
} else {
if (isFilePasswordProtected(file)) {
return flagFile(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED, Bundle.EncryptionDetectionFileIngestModule_artifactComment_password());
}
} }
} }
} }
/*
* Qualify the MIME type.
*/
String mimeType = fileTypeDetector.getMIMEType(file);
if (mimeType.equals("application/octet-stream") && isFileEncryptionSuspected(file)) {
return flagFile(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_SUSPECTED,
String.format(Bundle.EncryptionDetectionFileIngestModule_artifactComment_suspected(), calculatedEntropy));
} else if (isFilePasswordProtected(file)) {
return flagFile(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED, Bundle.EncryptionDetectionFileIngestModule_artifactComment_password());
}
} }
} catch (ReadContentInputStreamException | SAXException | TikaException | UnsupportedCodecException ex) { } catch (ReadContentInputStreamException | SAXException | TikaException | UnsupportedCodecException ex) {
logger.log(Level.WARNING, String.format("Unable to read file '%s'", file.getParentPath() + file.getName()), ex); logger.log(Level.WARNING, String.format("Unable to read file '%s'", file.getParentPath() + file.getName()), ex);
@ -397,7 +386,7 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter
fileSizeQualified = true; fileSizeQualified = true;
} }
} }
if (fileSizeQualified) { if (fileSizeQualified) {
/* /*
* Qualify the entropy. * Qualify the entropy.
@ -407,7 +396,7 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter
possiblyEncrypted = true; possiblyEncrypted = true;
} }
} }
return possiblyEncrypted; return possiblyEncrypted;
} }
} }