mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #446 from shahit2/mismatch

Browse Source 
Mismatch
This commit is contained in:
Richard Cordovano 2014-01-22 10:24:17 -08:00
commit ad47937145
7 changed files with 226 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/Bundle.properties
View File

@ -16,3 +16,4 @@ FileExtMismatchConfigPanel.mimeRemoveErrLabel.text=\
FileExtMismatchConfigPanel.extRemoveErrLabel.text=\ FileExtMismatchConfigPanel.extRemoveErrLabel.text=\
FileExtMismatchConfigPanel.saveMsgLabel.text=\ FileExtMismatchConfigPanel.saveMsgLabel.text=\
FileExtMismatchSimpleConfigPanel.skipNoExtCheckBox.text=Skip Files Without Extensions FileExtMismatchSimpleConfigPanel.skipNoExtCheckBox.text=Skip Files Without Extensions
FileExtMismatchSimpleConfigPanel.SkipTextPlain.text=Skip text/plain MIME type

6
FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchConfigPanel.java
View File

@ -392,7 +392,11 @@ public final class FileExtMismatchConfigPanel extends javax.swing.JPanel impleme
mimeErrLabel.setText("MIME type text is empty!"); mimeErrLabel.setText("MIME type text is empty!");
return; return;
} }
if (newMime.equals( "application/octet-stream")){
mimeErrLabel.setForeground(Color.red);
mimeErrLabel.setText("MIME type not supported!");
return;
}
if (mimeList.contains(newMime)) { if (mimeList.contains(newMime)) {
mimeErrLabel.setForeground(Color.red); mimeErrLabel.setForeground(Color.red);
mimeErrLabel.setText("MIME type already exists!"); mimeErrLabel.setText("MIME type already exists!");

17
FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchIngestModule.java
View File

@ -60,7 +60,8 @@ public class FileExtMismatchIngestModule extends org.sleuthkit.autopsy.ingest.In
private static long numFiles = 0; private static long numFiles = 0;
private static boolean skipKnown = false; private static boolean skipKnown = false;
private static boolean skipNoExt = true; private static boolean skipNoExt = true;
private static boolean skipTextPlain = false;
private int attrId = -1; private int attrId = -1;
private int attrId2 = -1; private int attrId2 = -1;
private FileExtMismatchSimpleConfigPanel simpleConfigPanel; private FileExtMismatchSimpleConfigPanel simpleConfigPanel;
@ -133,7 +134,7 @@ public class FileExtMismatchIngestModule extends org.sleuthkit.autopsy.ingest.In
private boolean compareSigTypeToExt(AbstractFile abstractFile) { private boolean compareSigTypeToExt(AbstractFile abstractFile) {
try { try {
currActualExt = abstractFile.getNameExtension(); currActualExt = abstractFile.getNameExtension();
// If we are skipping names with no extension // If we are skipping names with no extension
if (skipNoExt && currActualExt.isEmpty()) { if (skipNoExt && currActualExt.isEmpty()) {
return false; return false;
@ -148,7 +149,13 @@ public class FileExtMismatchIngestModule extends org.sleuthkit.autopsy.ingest.In
for (BlackboardAttribute att : atrList) { for (BlackboardAttribute att : atrList) {
if (att.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID()) { if (att.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID()) {
currActualSigType = att.getValueString(); currActualSigType = att.getValueString();
if (skipTextPlain)
{
if (!currActualExt.isEmpty()&&currActualSigType.equals("text/plain"))
{
return false;
}
}
//get known allowed values from the map for this type //get known allowed values from the map for this type
String[] slist = SigTypeToExtMap.get(att.getValueString()); String[] slist = SigTypeToExtMap.get(att.getValueString());
if (slist != null) { if (slist != null) {
@ -258,6 +265,8 @@ public class FileExtMismatchIngestModule extends org.sleuthkit.autopsy.ingest.In
public static void setSkipNoExt(boolean flag) { public static void setSkipNoExt(boolean flag) {
skipNoExt = flag; skipNoExt = flag;
} }
public static void setSkipTextPlain(boolean flag) {
skipTextPlain = flag;
}
} }

32
FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchSimpleConfigPanel.form
View File

@ -16,24 +16,26 @@
<Layout> <Layout>
<DimensionLayout dim="0"> <DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0"> <Group type="102" attributes="0">
<EmptySpace min="-2" pref="10" max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" max="-2" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Component id="skipKnownCheckBox" max="32767" attributes="0"/> <Component id="skipTextPlain" min="-2" max="-2" attributes="0"/>
<Component id="skipNoExtCheckBox" max="32767" attributes="0"/> <Component id="skipNoExtCheckBox" alignment="0" min="-2" max="-2" attributes="0"/>
<Component id="skipKnownCheckBox" alignment="0" min="-2" pref="165" max="-2" attributes="0"/>
</Group> </Group>
<EmptySpace pref="127" max="32767" attributes="0"/> <EmptySpace min="0" pref="327" max="32767" attributes="0"/>
</Group> </Group>
</Group> </Group>
</DimensionLayout> </DimensionLayout>
<DimensionLayout dim="1"> <DimensionLayout dim="1">
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0"> <Group type="102" alignment="0" attributes="0">
<EmptySpace min="-2" pref="11" max="-2" attributes="0"/>
<Component id="skipKnownCheckBox" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="skipNoExtCheckBox" min="-2" max="-2" attributes="0"/> <Component id="skipNoExtCheckBox" min="-2" max="-2" attributes="0"/>
<EmptySpace pref="152" max="32767" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Component id="skipTextPlain" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="skipKnownCheckBox" min="-2" max="-2" attributes="0"/>
<EmptySpace pref="72" max="32767" attributes="0"/>
</Group> </Group>
</Group> </Group>
</DimensionLayout> </DimensionLayout>
@ -64,5 +66,15 @@
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="skipNoExtCheckBoxActionPerformed"/> <EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="skipNoExtCheckBoxActionPerformed"/>
</Events> </Events>
</Component> </Component>
<Component class="javax.swing.JCheckBox" name="skipTextPlain">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/fileextmismatch/Bundle.properties" key="FileExtMismatchSimpleConfigPanel.skipTextPlain.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
<Events>
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="skipTextPlainActionPerformed"/>
</Events>
</Component>
</SubComponents> </SubComponents>
</Form> </Form>

34
FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchSimpleConfigPanel.java
View File

@ -46,6 +46,7 @@ public class FileExtMismatchSimpleConfigPanel extends javax.swing.JPanel {
skipKnownCheckBox = new javax.swing.JCheckBox(); skipKnownCheckBox = new javax.swing.JCheckBox();
skipNoExtCheckBox = new javax.swing.JCheckBox(); skipNoExtCheckBox = new javax.swing.JCheckBox();
skipTextPlain = new javax.swing.JCheckBox();
skipKnownCheckBox.setSelected(true); skipKnownCheckBox.setSelected(true);
skipKnownCheckBox.setText(org.openide.util.NbBundle.getMessage(FileExtMismatchSimpleConfigPanel.class, "FileExtMismatchSimpleConfigPanel.skipKnownCheckBox.text")); // NOI18N skipKnownCheckBox.setText(org.openide.util.NbBundle.getMessage(FileExtMismatchSimpleConfigPanel.class, "FileExtMismatchSimpleConfigPanel.skipKnownCheckBox.text")); // NOI18N
@ -64,25 +65,34 @@ public class FileExtMismatchSimpleConfigPanel extends javax.swing.JPanel {
} }
}); });
skipTextPlain.setText(org.openide.util.NbBundle.getMessage(FileExtMismatchSimpleConfigPanel.class, "FileExtMismatchSimpleConfigPanel.skipTextPlain.text")); // NOI18N
skipTextPlain.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
skipTextPlainActionPerformed(evt);
}
});
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this); javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
this.setLayout(layout); this.setLayout(layout);
layout.setHorizontalGroup( layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addGap(10, 10, 10) .addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(skipKnownCheckBox, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) .addComponent(skipTextPlain)
.addComponent(skipNoExtCheckBox, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) .addComponent(skipNoExtCheckBox)
.addContainerGap(127, Short.MAX_VALUE)) .addComponent(skipKnownCheckBox, javax.swing.GroupLayout.PREFERRED_SIZE, 165, javax.swing.GroupLayout.PREFERRED_SIZE))
.addGap(0, 327, Short.MAX_VALUE))
); );
layout.setVerticalGroup( layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addGap(11, 11, 11)
.addComponent(skipKnownCheckBox)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(skipNoExtCheckBox) .addComponent(skipNoExtCheckBox)
.addContainerGap(152, Short.MAX_VALUE)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(skipTextPlain)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(skipKnownCheckBox)
.addContainerGap(72, Short.MAX_VALUE))
); );
}// </editor-fold>//GEN-END:initComponents }// </editor-fold>//GEN-END:initComponents
@ -94,8 +104,14 @@ public class FileExtMismatchSimpleConfigPanel extends javax.swing.JPanel {
FileExtMismatchIngestModule.setSkipNoExt(skipNoExtCheckBox.isSelected()); FileExtMismatchIngestModule.setSkipNoExt(skipNoExtCheckBox.isSelected());
}//GEN-LAST:event_skipNoExtCheckBoxActionPerformed }//GEN-LAST:event_skipNoExtCheckBoxActionPerformed
private void skipTextPlainActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_skipTextPlainActionPerformed
FileExtMismatchIngestModule.setSkipTextPlain(skipTextPlain.isSelected());
}//GEN-LAST:event_skipTextPlainActionPerformed
// Variables declaration - do not modify//GEN-BEGIN:variables // Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JCheckBox skipKnownCheckBox; private javax.swing.JCheckBox skipKnownCheckBox;
private javax.swing.JCheckBox skipNoExtCheckBox; private javax.swing.JCheckBox skipNoExtCheckBox;
private javax.swing.JCheckBox skipTextPlain;
// End of variables declaration//GEN-END:variables // End of variables declaration//GEN-END:variables
} }

8
FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchXML.java
View File

@ -54,7 +54,7 @@ public class FileExtMismatchXML {
private static final String EXT_EL = "ext"; private static final String EXT_EL = "ext";
private static final String SIG_MIMETYPE_ATTR = "mimetype"; private static final String SIG_MIMETYPE_ATTR = "mimetype";
private static final String DEFAULT_CONFIG_FILE_NAME = "mismatch_config.xml"; private static final String DEFAULT_CONFIG_FILE_NAME = "mismatch_config.xml";
protected String filePath; protected String filePath;
@ -79,7 +79,7 @@ public class FileExtMismatchXML {
} }
return defaultInstance; return defaultInstance;
} }
/** /**
* Load and parse XML * Load and parse XML
* *
@ -111,7 +111,7 @@ public class FileExtMismatchXML {
for(int sigIndex = 0; sigIndex < numSigs; ++sigIndex) { for(int sigIndex = 0; sigIndex < numSigs; ++sigIndex) {
Element sigEl = (Element)sigNList.item(sigIndex); Element sigEl = (Element)sigNList.item(sigIndex);
final String mimetype = sigEl.getAttribute(SIG_MIMETYPE_ATTR); final String mimetype = sigEl.getAttribute(SIG_MIMETYPE_ATTR);
NodeList extNList = sigEl.getElementsByTagName(EXT_EL); NodeList extNList = sigEl.getElementsByTagName(EXT_EL);
final int numExts = extNList.getLength(); final int numExts = extNList.getLength();
@ -181,4 +181,6 @@ public class FileExtMismatchXML {
} }
return success; return success;
} }
} }

163
FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/mismatch_config.xml
View File

@ -1,5 +1,6 @@
<?xml version="1.0" encoding="utf-8" standalone="no"?> <?xml version="1.0" encoding="utf-8" standalone="no"?>
<mismatch_config> <mismatch_config>
<!-- Applications/Miscellaneous -->
<signature mimetype="text/plain"> <signature mimetype="text/plain">
<ext>txt</ext> <ext>txt</ext>
<ext>ini</ext> <ext>ini</ext>
@ -36,7 +37,6 @@
<ext>php</ext> <ext>php</ext>
<ext>php3</ext> <ext>php3</ext>
<ext>phtml</ext> <ext>phtml</ext>
<ext>adp</ext>
<ext>h</ext> <ext>h</ext>
<ext>hpp</ext> <ext>hpp</ext>
<ext>hxx</ext> <ext>hxx</ext>
@ -113,7 +113,45 @@
<ext>winprf</ext> <ext>winprf</ext>
<ext>winprf_backup</ext> <ext>winprf_backup</ext>
<ext>svg</ext> <ext>svg</ext>
</signature> <ext>psp</ext>
<ext>jsp</ext>
<ext>oem</ext>
<ext>map</ext>
<ext>det</ext>
<ext>ins</ext>
<ext>ph</ext>
<ext>prx</ext>
<ext>sif</ext>
<ext>idl</ext>
<ext>isl</ext>
<ext>nld</ext>
<ext>sve</ext>
<ext>ita</ext>
<ext>fra</ext>
<ext>esn</ext>
<ext>enu</ext>
<ext>deu</ext>
<ext>sep</ext>
<ext>sve</ext>
<ext>cht</ext>
<ext>chs</ext>
<ext>psm</ext>
<ext>rq0</ext>
<ext>old</ext>
<ext>eng</ext>
<ext>dlg</ext>
<ext>org</ext>
<ext>ic</ext>
<ext>ths</ext>
<ext>sig</ext>
<ext>std</ext>
<ext>cmp</ext>
<ext>stp</ext>
<ext>rst</ext>
<ext>lng</ext>
<ext>xdc</ext>
<ext>tha</ext>
</signature>sys
<signature mimetype="application/x-msoffice"> <signature mimetype="application/x-msoffice">
<ext>doc</ext> <ext>doc</ext>
<ext>docx</ext> <ext>docx</ext>
@ -223,11 +261,22 @@
<ext>hta</ext> <ext>hta</ext>
<ext>wpl</ext> <ext>wpl</ext>
<ext>htt</ext> <ext>htt</ext>
<ext>adp</ext> <ext>shtml</ext>
</signature> </signature>
<!-- Images -->
<signature mimetype="image/jpeg"> <signature mimetype="image/jpeg">
<ext>jpg</ext> <ext>jpg</ext>
<ext>jpeg</ext> <ext>jpeg</ext>
<ext>jpe</ext>
<ext>jif</ext>
<ext>jfif</ext>
<ext>jfi</ext>
</signature>
<signature mimetype="image/vnd.adobe.photoshop">
<ext>psd</ext>
</signature>
<signature mimetype="image/x-raw-nikon">
<ext>nef</ext>
</signature> </signature>
<signature mimetype="image/tiff"> <signature mimetype="image/tiff">
<ext>tif</ext> <ext>tif</ext>
@ -249,14 +298,19 @@
<signature mimetype="image/x-icon"> <signature mimetype="image/x-icon">
<ext>ico</ext> <ext>ico</ext>
</signature> </signature>
<!-- Video -->
<signature mimetype="video/mp4"> <signature mimetype="video/mp4">
<ext>mp4</ext> <ext>mp4</ext>
<ext>m4r</ext>
</signature> </signature>
<signature mimetype="video/quicktime"> <signature mimetype="video/quicktime">
<ext>mov</ext> <ext>mov</ext>
<ext>qt</ext> <ext>qt</ext>
<ext>mp4</ext> <ext>mp4</ext>
</signature> </signature>
<signature mimetype="application/vnd.rn-realmedia">
<ext>rm</ext>
</signature>
<signature mimetype="video/3gpp"> <signature mimetype="video/3gpp">
<ext>3gp</ext> <ext>3gp</ext>
</signature> </signature>
@ -273,6 +327,7 @@
<signature mimetype="video/x-ms-asf"> <signature mimetype="video/x-ms-asf">
<ext>wmv</ext> <ext>wmv</ext>
<ext>asf</ext> <ext>asf</ext>
<ext>wma</ext>
</signature> </signature>
<signature mimetype="audio/x-ms-wma"> <signature mimetype="audio/x-ms-wma">
<ext>wma</ext> <ext>wma</ext>
@ -281,10 +336,17 @@
<signature mimetype="video/mpeg"> <signature mimetype="video/mpeg">
<ext>mpg</ext> <ext>mpg</ext>
<ext>mpeg</ext> <ext>mpeg</ext>
<ext>m1v</ext>
<ext>m2v</ext>
<ext>mpe</ext>
<ext>mpv</ext>
</signature> </signature>
<signature mimetype="video/x-flv"> <signature mimetype="video/x-flv">
<ext>flv</ext> <ext>flv</ext>
</signature> </signature>
<signature mimetype="video/x-m4v">
<ext>m4v</ext>
</signature>
<signature mimetype="application/vnd.rn-realmedia"> <signature mimetype="application/vnd.rn-realmedia">
<ext>rm</ext> <ext>rm</ext>
</signature> </signature>
@ -293,5 +355,90 @@
</signature> </signature>
<signature mimetype="application/x-shockwave-flash"> <signature mimetype="application/x-shockwave-flash">
<ext>swf</ext> <ext>swf</ext>
</signature> </signature>
<!-- Audio -->
<signature mimetype="audio/x-aiff">
<ext>aif</ext>
<ext>aiff</ext>
</signature>
<signature mimetype="audio/aiff">
<ext>aif</ext>
<ext>aiff</ext>
</signature>
<signature mimetype="audio/x-flac">
<ext>flac</ext>
</signature>
<signature mimetype="audio/x-wav">
<ext>wav</ext>
</signature>
<signature mimetype="audio/mp4">
<ext>m4a</ext>
<ext>mp4</ext>
</signature>
<signature mimetype="audio/mpeg">
<ext>mp2</ext>
<ext>mp3</ext>
<ext>mpa</ext>
<ext>m2a</ext>
</signature>
<signature mimetype="audio/x-aac">
<ext>aac</ext>
</signature>
<signature mimetype="audio/mpa">
<ext>mp2</ext>
<ext>mp3</ext>
<ext>mpa</ext>
<ext>m2a</ext>
</signature>
<signature mimetype="audio/x-mpeg">
<ext>mp2</ext>
<ext>mp3</ext>
<ext>mpa</ext>
<ext>m2a</ext>
</signature>
<signature mimetype="audio/x-mpegurl">
<ext>m3u</ext>
</signature>
<signature mimetype="audio/midi">
<ext>mid</ext>
<ext>midi</ext>
</signature>
<signature mimetype="audio/ogg">
<ext>ogg</ext>
</signature>
<!-- File Compression -->
<signature mimetype="application/x-rar-compressed">
<ext>rar</ext>
</signature>
<signature mimetype="application/x-arj">
<ext>arj</ext>
</signature>
<signature mimetype="application/x-tar">
<ext>tar</ext>
</signature>
<signature mimetype="application/x-gzip">
<ext>gz</ext>
<ext>gzip</ext>
<ext>tgz</ext>
</signature>
<signature mimetype="application/x-bzip">
<ext>bzip</ext>
<ext>bz</ext>
</signature>
<signature mimetype="application/vnd.ms-cab-compressed">
<ext>cab</ext>
</signature>
<signature mimetype="application/java-archive">
<ext>jar</ext>
</signature>
<signature mimetype="application/x-bzip2">
<ext>bzip2</ext>
</signature>
<signature mimetype="application/x-cpio">
<ext>cpio</ext>
</signature>
<!-- Executables -->
<signature mimetype="application/x-dosexec">
<ext>exe</ext>
</signature>
</mismatch_config> </mismatch_config>