4380 Validation / normalization code for new Correlation Attributes

2025-07-13 16:36:15 +00:00 · 2018-11-27 16:29:16 -05:00 · 2018-11-27 16:29:16 -05:00 · ae67041ca3
commit ae67041ca3
parent 044df7c1d7
1 changed files with 179 additions and 39 deletions
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java
@ -25,14 +25,19 @@ import org.apache.commons.validator.routines.DomainValidator;
 import org.apache.commons.validator.routines.EmailValidator;
 /**
- * Provides functions for normalizing data by attribute type before insertion or querying.
+ * Provides functions for normalizing data by attribute type before insertion or
 * querying.
 */
 final public class CorrelationAttributeNormalizer {
    //common seperators that may be removed for normalizing
    private static final String SEPERATORS_REGEX = "[\\s-:]";
    /**
     * This is a utility class - no need for constructing or subclassing, etc...
     */
-    private CorrelationAttributeNormalizer() { }
+    private CorrelationAttributeNormalizer() {
    }
    /**
     * Normalize the data. Converts text to lower case, and ensures that the
@ -64,15 +69,15 @@ final public class CorrelationAttributeNormalizer {
            case CorrelationAttributeInstance.USBID_TYPE_ID:
                return normalizeUsbId(data);
            case CorrelationAttributeInstance.SSID_TYPE_ID:
-                return data;
+                return verifySsid(data);
            case CorrelationAttributeInstance.MAC_TYPE_ID:
-                return data;
+                return normalizeMac(data);
            case CorrelationAttributeInstance.IMEI_TYPE_ID:
-                return data;
+                return normalizeImei(data);
            case CorrelationAttributeInstance.IMSI_TYPE_ID:
-                return data;
+                return normalizeImsi(data);
            case CorrelationAttributeInstance.ICCID_TYPE_ID:
-                return data;
+                return normalizeIccid(data);
            default:
                final String errorMessage = String.format(
                        "Validator function not found for attribute type: %s",
@ -82,8 +87,8 @@ final public class CorrelationAttributeNormalizer {
    }
    /**
-     * Validate the data.  Converts text to lower case, and ensures that the
+     * Validate the data. Converts text to lower case, and ensures that the data
-     * data is a valid string of the format expected given the attributeType.
+     * is a valid string of the format expected given the attributeType.
     *
     * @param attributeTypeId correlation type of data
     * @param data            data to normalize
@ -120,7 +125,8 @@ final public class CorrelationAttributeNormalizer {
    }
    /**
-     * Verify there are no slashes or invalid domain name characters (such as '?' or \: ). Normalize to lower case.
+     * Verify there are no slashes or invalid domain name characters (such as
     * '?' or \: ). Normalize to lower case.
     */
    private static String normalizeDomain(String data) throws CorrelationAttributeNormalizationException {
        DomainValidator validator = DomainValidator.getInstance(true);
@ -137,7 +143,8 @@ final public class CorrelationAttributeNormalizer {
    }
    /**
-     *  Verify that there is an '@' and no invalid characters. Should normalize to lower case.
+     * Verify that there is an '@' and no invalid characters. Should normalize
     * to lower case.
     */
    private static String normalizeEmail(String data) throws CorrelationAttributeNormalizationException {
        EmailValidator validator = EmailValidator.getInstance(true, true);
@ -167,4 +174,137 @@ final public class CorrelationAttributeNormalizer {
        //TODO replace with correct usb id validation at a later date
        return data;
    }
    /**
     * Verify the wireless network name is valid
     *
     * SSIDs for wireless networks can be at most 32 characters, are case
     * sensitive, and allow special characters.
     *
     * @param data The string to normalize and validate
     *
     * @return the unmodified data if the data was a valid length to be an SSID
     *
     * @throws CorrelationAttributeNormalizationException if the data was not a
     *                                                    valid SSID
     */
    private static String verifySsid(String data) throws CorrelationAttributeNormalizationException {
        if (data.length() <= 32) {
            return data;
        } else {
            throw new CorrelationAttributeNormalizationException("Name provided was longer than the maximum valid SSID (32 characters). Name: " + data);
        }
    }
    /**
     * Verify the ICCID (Integrated Circuit Card Identifier) number and
     * normalize format.
     *
     * E.118 defines as up to 22 digits long including luhn check digit while
     * GSM Phase 1 defines it as a 20 digit operator specific structure. They
     * begin with 89 which is the ISO 7812 Major Industry Identifier for
     * telecommunication, followed by a contry code of 1-3 digits as definted by
     * ITU-T E.164, followed by issuer identifier 1-4 digits, followed by 1 luhn
     * checksum digit (sometimes omitted). The hexidecimal digit F is used as
     * filler when necessary in GSM Phase 1 specification.
     *
     * 18 digits appears to be the shortest ICCID in use.
     *
     * @param data The string to normalize and validate
     *
     * @return the data with common number seperators removed and lower cased if
     *         the data was determined to be a possible ICCID
     *
     * @throws CorrelationAttributeNormalizationException if the data was not a
     *                                                    valid ICCID
     */
    private static String normalizeIccid(String data) throws CorrelationAttributeNormalizationException {
        final String validIccidRegex = "^([8][9][f0-9]{17,22})$";
        final String iccidWithoutSeperators = data.toLowerCase().replaceAll(SEPERATORS_REGEX, "");
        if (iccidWithoutSeperators.matches(validIccidRegex)) {
            return iccidWithoutSeperators;
        } else {
            throw new CorrelationAttributeNormalizationException("Data provided was not a valid ICCID. : " + data);
        }
    }
    /**
     * Verify the IMSI (International mobile subscriber identity) number and
     * normalize format.
     *
     * First 3 digits Mobile Country Code 2-3 digits Mobile Network Code Up to
     * 10 digits for mobile subscriber identification number MSIN
     *
     * Length will be 14 or 15 digits total
     *
     * @param data The string to normalize and validate
     *
     * @return the data with common number seperators removed if the data was
     *         determined to be a possible IMSI
     *
     * @throws CorrelationAttributeNormalizationException if the data was not a
     *                                                    valid IMSI
     */
    private static String normalizeImsi(String data) throws CorrelationAttributeNormalizationException {
        final String validImsiRegex = "^[0-9]{14,15}$";
        final String imsiWithoutSeperators = data.replaceAll(SEPERATORS_REGEX, "");
        if (imsiWithoutSeperators.matches(validImsiRegex)) {
            return imsiWithoutSeperators;
        } else {
            throw new CorrelationAttributeNormalizationException("Data provided was not a valid Imsi. : " + data);
        }
    }
    /**
     * Verify the MAC (media access control) address and normalize format.
     *
     * A 12 or 16 Hexadecimal digits long depending on standard (Possible
     * standards EUI-48, MAC-48, EUI-64)
     *
     * @param data The string to normalize and validate
     *
     * @return the data with common number seperators removed and lowercased if
     *         the data was determined to be a possible MAC
     *
     * @throws CorrelationAttributeNormalizationException if the data was not a
     *                                                    valid MAC
     */
    private static String normalizeMac(String data) throws CorrelationAttributeNormalizationException {
        final String validMacRegex = "^([a-f0-9]{12}|[a-f0-9]{16})$";
        final String macWithoutSeperators = data.toLowerCase().replaceAll(SEPERATORS_REGEX, "");
        if (macWithoutSeperators.matches(validMacRegex)) {
            return macWithoutSeperators;
        } else {
            throw new CorrelationAttributeNormalizationException("Data provided was not a valid Imsi. : " + data);
        }
    }
    /**
     * Verify the IMEI (International Mobile Equipment Identity) number and
     * normalize format.
     *
     * 14 to 16 digits digits 1 through 6 are TAC (Type Allocation Code) digits
     * 7 and 8 are also part of the TAC in phones made in 2003 or later digits 7
     * and 8 are FAC (Final Assembly Code) in phones made prior to 2003 digits 9
     * through 14 are the serial number digits 15 and 16 if present represent an
     * optional luhn checksum (or software version number when dealing with an
     * IMEI software version)
     *
     * @param data The string to normalize and validate
     *
     * @return the data with common number seperators removed if the data was
     *         determined to be a possible IMEI
     *
     * @throws CorrelationAttributeNormalizationException if the data was not a
     *                                                    valid IMEI
     */
    private static String normalizeImei(String data) throws CorrelationAttributeNormalizationException {
        final String validImeiRegex = "^[0-9]{14,16}$";
        final String imeiWithoutSeperators = data.replaceAll(SEPERATORS_REGEX, "");
        if (imeiWithoutSeperators.matches(validImeiRegex)) {
            return imeiWithoutSeperators;
        } else {
            throw new CorrelationAttributeNormalizationException("Data provided was not a valid Imsi. : " + data);
        }
    }
 }