From 0ab97745880720289e48f6d4cfde5ce371c0d86f Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Tue, 18 May 2021 11:21:59 -0400
Subject: [PATCH 1/6] isPreferred changes in DataContentViewerArtifact

---
 .../DataContentViewerArtifact.java            | 57 +++++++++++++------
 1 file changed, 41 insertions(+), 16 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
index b6a1373236..3d16ff8b49 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
@@ -18,6 +18,8 @@
  */
 package org.sleuthkit.autopsy.corecomponents;
 
+import com.google.common.cache.Cache;
+import com.google.common.cache.CacheBuilder;
 import java.awt.Component;
 import java.awt.Cursor;
 import java.util.ArrayList;
@@ -33,15 +35,17 @@ import org.openide.util.lookup.ServiceProvider;
 import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.datamodel.BlackboardArtifact;
-import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskException;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.concurrent.TimeUnit;
+import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.contentviewers.artifactviewers.ArtifactContentViewer;
 import org.sleuthkit.autopsy.contentviewers.artifactviewers.DefaultTableArtifactContentViewer;
+import org.sleuthkit.datamodel.BlackboardArtifact.Category;
 
 /**
  * Instances of this class display the BlackboardArtifacts associated with the
@@ -63,6 +67,8 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
     private final static Logger logger = Logger.getLogger(DataContentViewerArtifact.class.getName());
     private final static String WAIT_TEXT = NbBundle.getMessage(DataContentViewerArtifact.class, "DataContentViewerArtifact.waitText");
     private final static String ERROR_TEXT = NbBundle.getMessage(DataContentViewerArtifact.class, "DataContentViewerArtifact.errorText");
+    
+    private final Cache<String, BlackboardArtifact.Type> artifactTypeCache = CacheBuilder.newBuilder().expireAfterWrite(5, TimeUnit.MINUTES).build();
 
     private Node currentNode; // @@@ Remove this when the redundant setNode() calls problem is fixed. 
     private int currentPage = 1;
@@ -278,6 +284,9 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
         currentNode = null;
 
         artifactContentPanel.removeAll();
+        
+        // reset the cache
+        artifactTypeCache.invalidateAll();
     }
 
     @Override
@@ -345,24 +354,40 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
         return false;
     }
 
+    private static final int LESS_PREFERRED = 3;
+    private static final int MORE_PREFERRED = 6;
+    
+      
     @Override
     public int isPreferred(Node node) {
+        // get the artifact from the lookup
         BlackboardArtifact artifact = node.getLookup().lookup(BlackboardArtifact.class);
-        // low priority if node doesn't have an artifact (meaning it was found from normal directory
-        // browsing, or if the artifact is something that means the user really wants to see the original
-        // file and not more details about the artifact
-        if ((artifact == null)
-                || (artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID())
-                || (artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID())
-                || (artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT.getTypeID())
-                || (artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_OBJECT_DETECTED.getTypeID())
-                || (artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_METADATA_EXIF.getTypeID())
-                || (artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED.getTypeID())
-                || (artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_WEB_DOWNLOAD.getTypeID())
-                || (artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_WEB_CACHE.getTypeID())) {
-            return 3;
-        } else {
-            return 6;
+        
+        // if there is an artifact, get the type
+        BlackboardArtifact.Type artifactType = null;
+        if (artifact != null) {
+            try {
+                artifactType = artifactTypeCache.get(artifact.getArtifactTypeName(), 
+                        () -> Case.getCurrentCaseThrows().getSleuthkitCase().getArtifactType(artifact.getArtifactTypeName()));
+            } catch (ExecutionException ex) {
+                
+            }
+        }
+             
+        // if there is a type, get the category 
+        Category category = artifactType == null ? null : artifactType.getCategory();
+        
+        // return more preferred if analysis result
+        if (category == null) {
+            return LESS_PREFERRED;
+        }
+        
+        switch (category) {
+            case ANALYSIS_RESULT:
+                return MORE_PREFERRED;
+            case DATA_ARTIFACT:
+            default:
+                return LESS_PREFERRED;
         }
     }
 

From 0279f511c49abee81744b3bebbb871e2fe2e02a8 Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Tue, 18 May 2021 12:29:15 -0400
Subject: [PATCH 2/6] fixes

---
 .../DataContentViewerArtifact.java            | 38 ++++++++++++-------
 1 file changed, 24 insertions(+), 14 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
index 3d16ff8b49..740ec9fd23 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
@@ -43,6 +43,7 @@ import java.util.Collections;
 import java.util.HashSet;
 import java.util.concurrent.TimeUnit;
 import org.sleuthkit.autopsy.casemodule.Case;
+import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
 import org.sleuthkit.autopsy.contentviewers.artifactviewers.ArtifactContentViewer;
 import org.sleuthkit.autopsy.contentviewers.artifactviewers.DefaultTableArtifactContentViewer;
 import org.sleuthkit.datamodel.BlackboardArtifact.Category;
@@ -68,7 +69,10 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
     private final static String WAIT_TEXT = NbBundle.getMessage(DataContentViewerArtifact.class, "DataContentViewerArtifact.waitText");
     private final static String ERROR_TEXT = NbBundle.getMessage(DataContentViewerArtifact.class, "DataContentViewerArtifact.errorText");
     
-    private final Cache<String, BlackboardArtifact.Type> artifactTypeCache = CacheBuilder.newBuilder().expireAfterWrite(5, TimeUnit.MINUTES).build();
+    // Value to return in isPreferred if this viewer is less preferred.
+    private static final int LESS_PREFERRED = 3;
+    // Value to return in isPreferred if this viewer is more preferred.
+    private static final int MORE_PREFERRED = 6;
 
     private Node currentNode; // @@@ Remove this when the redundant setNode() calls problem is fixed. 
     private int currentPage = 1;
@@ -284,9 +288,6 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
         currentNode = null;
 
         artifactContentPanel.removeAll();
-        
-        // reset the cache
-        artifactTypeCache.invalidateAll();
     }
 
     @Override
@@ -353,9 +354,6 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
         }
         return false;
     }
-
-    private static final int LESS_PREFERRED = 3;
-    private static final int MORE_PREFERRED = 6;
     
       
     @Override
@@ -367,25 +365,37 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
         BlackboardArtifact.Type artifactType = null;
         if (artifact != null) {
             try {
-                artifactType = artifactTypeCache.get(artifact.getArtifactTypeName(), 
-                        () -> Case.getCurrentCaseThrows().getSleuthkitCase().getArtifactType(artifact.getArtifactTypeName()));
-            } catch (ExecutionException ex) {
-                
+                artifactType = Case.getCurrentCaseThrows().getSleuthkitCase().getArtifactType(artifact.getArtifactTypeName());
+            } catch (NoCurrentCaseException | TskCoreException ex) {
+                logger.log(Level.WARNING, 
+                        String.format("There was an error getting the artifact type for artifact with id: %d and artifact type name: %s",
+                                artifact.getId(), artifact.getArtifactTypeName()), 
+                        ex);
             }
         }
+        
+        // if web download or web cache, less preferred.
+        if (artifactType != null && 
+                (artifactType.getTypeID() == BlackboardArtifact.Type.TSK_WEB_DOWNLOAD.getTypeID() || 
+                artifactType.getTypeID() == BlackboardArtifact.Type.TSK_WEB_CACHE.getTypeID())) {
+            
+            return LESS_PREFERRED;
+        }
              
         // if there is a type, get the category 
         Category category = artifactType == null ? null : artifactType.getCategory();
         
-        // return more preferred if analysis result
+        // if no category, treat as less preferred.
         if (category == null) {
             return LESS_PREFERRED;
         }
         
         switch (category) {
-            case ANALYSIS_RESULT:
-                return MORE_PREFERRED;
+            // data artifacts should be more preferred
             case DATA_ARTIFACT:
+                return MORE_PREFERRED;
+            // everything else is less preferred
+            case ANALYSIS_RESULT:
             default:
                 return LESS_PREFERRED;
         }

From 427b7bc8af8e4b59e86904cff1939e1394762d5c Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Tue, 18 May 2021 15:10:36 -0400
Subject: [PATCH 3/6] update to use getType method

---
 .../autopsy/corecomponents/DataContentViewerArtifact.java  | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
index 740ec9fd23..d735d8b279 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
@@ -365,11 +365,10 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
         BlackboardArtifact.Type artifactType = null;
         if (artifact != null) {
             try {
-                artifactType = Case.getCurrentCaseThrows().getSleuthkitCase().getArtifactType(artifact.getArtifactTypeName());
-            } catch (NoCurrentCaseException | TskCoreException ex) {
+                artifactType = artifact.getType();
+            } catch (TskCoreException ex) {
                 logger.log(Level.WARNING, 
-                        String.format("There was an error getting the artifact type for artifact with id: %d and artifact type name: %s",
-                                artifact.getId(), artifact.getArtifactTypeName()), 
+                        String.format("There was an error getting the artifact type for artifact with id: %d", artifact.getId()), 
                         ex);
             }
         }

From 89fe41ca57a87359b29be22d13ba9e39b8ec9579 Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Wed, 19 May 2021 11:57:24 -0400
Subject: [PATCH 4/6] review changes

---
 .../DataContentViewerArtifact.java            | 57 +++++++------------
 1 file changed, 22 insertions(+), 35 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
index d735d8b279..b92abf0ffb 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
@@ -18,8 +18,6 @@
  */
 package org.sleuthkit.autopsy.corecomponents;
 
-import com.google.common.cache.Cache;
-import com.google.common.cache.CacheBuilder;
 import java.awt.Component;
 import java.awt.Cursor;
 import java.util.ArrayList;
@@ -41,12 +39,8 @@ import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskException;
 import java.util.Collections;
 import java.util.HashSet;
-import java.util.concurrent.TimeUnit;
-import org.sleuthkit.autopsy.casemodule.Case;
-import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
 import org.sleuthkit.autopsy.contentviewers.artifactviewers.ArtifactContentViewer;
 import org.sleuthkit.autopsy.contentviewers.artifactviewers.DefaultTableArtifactContentViewer;
-import org.sleuthkit.datamodel.BlackboardArtifact.Category;
 
 /**
  * Instances of this class display the BlackboardArtifacts associated with the
@@ -68,7 +62,7 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
     private final static Logger logger = Logger.getLogger(DataContentViewerArtifact.class.getName());
     private final static String WAIT_TEXT = NbBundle.getMessage(DataContentViewerArtifact.class, "DataContentViewerArtifact.waitText");
     private final static String ERROR_TEXT = NbBundle.getMessage(DataContentViewerArtifact.class, "DataContentViewerArtifact.errorText");
-    
+
     // Value to return in isPreferred if this viewer is less preferred.
     private static final int LESS_PREFERRED = 3;
     // Value to return in isPreferred if this viewer is more preferred.
@@ -354,42 +348,35 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
         }
         return false;
     }
-    
-      
+
     @Override
     public int isPreferred(Node node) {
         // get the artifact from the lookup
         BlackboardArtifact artifact = node.getLookup().lookup(BlackboardArtifact.class);
-        
-        // if there is an artifact, get the type
+        if (artifact == null) {
+            return LESS_PREFERRED;
+        }
+
+        // get the type of the artifact
         BlackboardArtifact.Type artifactType = null;
-        if (artifact != null) {
-            try {
-                artifactType = artifact.getType();
-            } catch (TskCoreException ex) {
-                logger.log(Level.WARNING, 
-                        String.format("There was an error getting the artifact type for artifact with id: %d", artifact.getId()), 
-                        ex);
-            }
+        try {
+            artifactType = artifact.getType();
+        } catch (TskCoreException ex) {
+            logger.log(Level.SEVERE,
+                    String.format("There was an error getting the artifact type for artifact with id: %d", artifact.getId()),
+                    ex);
         }
-        
-        // if web download or web cache, less preferred.
-        if (artifactType != null && 
-                (artifactType.getTypeID() == BlackboardArtifact.Type.TSK_WEB_DOWNLOAD.getTypeID() || 
-                artifactType.getTypeID() == BlackboardArtifact.Type.TSK_WEB_CACHE.getTypeID())) {
-            
+
+        // if no artifact type/category, treat as less preferred.
+        // if web download or web cache, less preferred since the content is important and not the artifact itself.
+        if (artifactType == null
+                || artifactType.getTypeID() == BlackboardArtifact.Type.TSK_WEB_DOWNLOAD.getTypeID()
+                || artifactType.getTypeID() == BlackboardArtifact.Type.TSK_WEB_CACHE.getTypeID()) {
+
             return LESS_PREFERRED;
         }
-             
-        // if there is a type, get the category 
-        Category category = artifactType == null ? null : artifactType.getCategory();
-        
-        // if no category, treat as less preferred.
-        if (category == null) {
-            return LESS_PREFERRED;
-        }
-        
-        switch (category) {
+
+        switch (artifactType.getCategory()) {
             // data artifacts should be more preferred
             case DATA_ARTIFACT:
                 return MORE_PREFERRED;

From 5801888e0c66cb4d84235a3f420b6fc64137b2cf Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Wed, 19 May 2021 15:39:34 -0400
Subject: [PATCH 5/6] return LESS_PREFERRED from catch

---
 .../autopsy/corecomponents/DataContentViewerArtifact.java      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
index b92abf0ffb..bb62a7f1d8 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
@@ -358,13 +358,14 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
         }
 
         // get the type of the artifact
-        BlackboardArtifact.Type artifactType = null;
+        BlackboardArtifact.Type artifactType;
         try {
             artifactType = artifact.getType();
         } catch (TskCoreException ex) {
             logger.log(Level.SEVERE,
                     String.format("There was an error getting the artifact type for artifact with id: %d", artifact.getId()),
                     ex);
+            return LESS_PREFERRED;
         }
 
         // if no artifact type/category, treat as less preferred.

From e14d8821827300069d1e627b176fd2df992aa9a6 Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Wed, 19 May 2021 16:11:53 -0400
Subject: [PATCH 6/6] no null checking

---
 .../autopsy/corecomponents/DataContentViewerArtifact.java     | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
index bb62a7f1d8..f27ac62a1a 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
@@ -368,10 +368,8 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
             return LESS_PREFERRED;
         }
 
-        // if no artifact type/category, treat as less preferred.
         // if web download or web cache, less preferred since the content is important and not the artifact itself.
-        if (artifactType == null
-                || artifactType.getTypeID() == BlackboardArtifact.Type.TSK_WEB_DOWNLOAD.getTypeID()
+        if (artifactType.getTypeID() == BlackboardArtifact.Type.TSK_WEB_DOWNLOAD.getTypeID()
                 || artifactType.getTypeID() == BlackboardArtifact.Type.TSK_WEB_CACHE.getTypeID()) {
 
             return LESS_PREFERRED;