mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-14 17:06:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated to use new mime type field of abstract file

Browse Source
This commit is contained in:
Oliver Spohngellert 2016-01-21 11:05:15 -05:00
parent ad7c704b65
commit b0d69166ca
6 changed files with 53 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java
View File

@ -69,31 +69,6 @@ class SampleFileIngestModule implements FileIngestModule {
public void startUp(IngestJobContext context) throws IngestModuleException { public void startUp(IngestJobContext context) throws IngestModuleException {
this.context = context; this.context = context;
refCounter.incrementAndGet(context.getJobId()); refCounter.incrementAndGet(context.getJobId());
synchronized (SampleFileIngestModule.class) {
if (attrId == -1) {
// For this sample, make a new attribute type to use to post
// results to the blackboard. There are many standard blackboard
// artifact and attribute types and you should use them instead
// creating new ones to facilitate use of your results by other
// modules.
Case autopsyCase = Case.getCurrentCase();
SleuthkitCase sleuthkitCase = autopsyCase.getSleuthkitCase();
try {
// See if the attribute type has already been defined.
attrId = sleuthkitCase.getAttrTypeID("ATTR_SAMPLE");
if (attrId == -1) {
attrId = sleuthkitCase.addAttrType("ATTR_SAMPLE", "Sample Attribute");
}
} catch (TskCoreException ex) {
IngestServices ingestServices = IngestServices.getInstance();
Logger logger = ingestServices.getLogger(SampleIngestModuleFactory.getModuleName());
logger.log(Level.SEVERE, "Failed to create blackboard attribute", ex);
attrId = -1;
throw new IngestModuleException(ex.getLocalizedMessage());
}
}
}
} }
@Override @Override

22
Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java
View File

@ -151,7 +151,7 @@ class SevenZipExtractor {
* @param abstractFile The AbstractFilw whose mimetype is to be determined. * @param abstractFile The AbstractFilw whose mimetype is to be determined.
* *
* @return This method returns true if the file format is currently * @return This method returns true if the file format is currently
* supported. Else it returns false. * supported. Else it returns false.
*/ */
boolean isSevenZipExtractionSupported(AbstractFile abstractFile) { boolean isSevenZipExtractionSupported(AbstractFile abstractFile) {
try { try {
@ -185,7 +185,7 @@ class SevenZipExtractor {
* *
* More heuristics to be added here * More heuristics to be added here
* *
* @param archiveName the parent archive * @param archiveName the parent archive
* @param archiveFileItem the archive item * @param archiveFileItem the archive item
* *
* @return true if potential zip bomb, false otherwise * @return true if potential zip bomb, false otherwise
@ -245,15 +245,7 @@ class SevenZipExtractor {
private ArchiveFormat get7ZipOptions(AbstractFile archiveFile) { private ArchiveFormat get7ZipOptions(AbstractFile archiveFile) {
// try to get the file type from the BB // try to get the file type from the BB
String detectedFormat = null; String detectedFormat = null;
try { detectedFormat = archiveFile.getMIMEType();
ArrayList<BlackboardAttribute> attributes = archiveFile.getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG);
for (BlackboardAttribute attribute : attributes) {
detectedFormat = attribute.getValueString();
break;
}
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Couldn't obtain file attributes for file: " + archiveFile.toString(), ex); //NON-NLS
}
if (detectedFormat == null) { if (detectedFormat == null) {
logger.log(Level.WARNING, "Could not detect format for file: {0}", archiveFile); //NON-NLS logger.log(Level.WARNING, "Could not detect format for file: {0}", archiveFile); //NON-NLS
@ -284,7 +276,7 @@ class SevenZipExtractor {
* Unpack the file to local folder and return a list of derived files * Unpack the file to local folder and return a list of derived files
* *
* @param pipelineContext current ingest context * @param pipelineContext current ingest context
* @param archiveFile file to unpack * @param archiveFile file to unpack
* *
* @return list of unpacked derived files * @return list of unpacked derived files
*/ */
@ -781,8 +773,8 @@ class SevenZipExtractor {
/** /**
* *
* @param localPathRoot Path in module output folder that files will be * @param localPathRoot Path in module output folder that files will be
* saved to * saved to
* @param archiveFile Archive file being extracted * @param archiveFile Archive file being extracted
* @param fileManager * @param fileManager
*/ */
UnpackedTree(String localPathRoot, AbstractFile archiveFile) { UnpackedTree(String localPathRoot, AbstractFile archiveFile) {
@ -1041,7 +1033,7 @@ class SevenZipExtractor {
/** /**
* Add a new archive to track of depth * Add a new archive to track of depth
* *
* @param parent parent archive or null * @param parent parent archive or null
* @param objectId object id of the new archive * @param objectId object id of the new archive
* *
* @return the archive added * @return the archive added

59
Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java
View File

@ -97,7 +97,7 @@ public class FileExtMismatchIngestModule implements FileIngestModule {
@Override @Override
public ProcessResult process(AbstractFile abstractFile) { public ProcessResult process(AbstractFile abstractFile) {
blackboard = Case.getCurrentCase().getServices().getBlackboard(); blackboard = Case.getCurrentCase().getServices().getBlackboard();
// skip non-files // skip non-files
if ((abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) if ((abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)
|| (abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) || (abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS)
@ -121,14 +121,14 @@ public class FileExtMismatchIngestModule implements FileIngestModule {
if (mismatchDetected) { if (mismatchDetected) {
// add artifact // add artifact
BlackboardArtifact bart = abstractFile.newArtifact(ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED); BlackboardArtifact bart = abstractFile.newArtifact(ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED);
try { try {
// index the artifact for keyword search // index the artifact for keyword search
blackboard.indexArtifact(bart); blackboard.indexArtifact(bart);
} catch (Blackboard.BlackboardException ex) { } catch (Blackboard.BlackboardException ex) {
logger.log(Level.SEVERE, NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.error.msg", bart.getDisplayName()), ex); //NON-NLS logger.log(Level.SEVERE, NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.error.msg", bart.getDisplayName()), ex); //NON-NLS
MessageNotifyUtil.Notify.error( MessageNotifyUtil.Notify.error(
NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.exception.msg"), bart.getDisplayName()); NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.exception.msg"), bart.getDisplayName());
} }
services.fireModuleDataEvent(new ModuleDataEvent(FileExtMismatchDetectorModuleFactory.getModuleName(), ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED, Collections.singletonList(bart))); services.fireModuleDataEvent(new ModuleDataEvent(FileExtMismatchDetectorModuleFactory.getModuleName(), ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED, Collections.singletonList(bart)));
@ -148,43 +148,36 @@ public class FileExtMismatchIngestModule implements FileIngestModule {
* @return false if the two match. True if there is a mismatch. * @return false if the two match. True if there is a mismatch.
*/ */
private boolean compareSigTypeToExt(AbstractFile abstractFile) { private boolean compareSigTypeToExt(AbstractFile abstractFile) {
try { String currActualExt = abstractFile.getNameExtension();
String currActualExt = abstractFile.getNameExtension();
// If we are skipping names with no extension // If we are skipping names with no extension
if (settings.skipFilesWithNoExtension() && currActualExt.isEmpty()) { if (settings.skipFilesWithNoExtension() && currActualExt.isEmpty()) {
return false; return false;
} }
// find file_sig value. // find file_sig value.
// check the blackboard for a file type attribute // check the blackboard for a file type attribute
ArrayList<BlackboardAttribute> attributes = abstractFile.getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG); String currActualSigType = abstractFile.getMIMEType();
for (BlackboardAttribute attribute : attributes) { if (settings.skipFilesWithTextPlainMimeType()) {
String currActualSigType = attribute.getValueString(); if (!currActualExt.isEmpty() && currActualSigType.equals("text/plain")) { //NON-NLS
if (settings.skipFilesWithTextPlainMimeType()) { return false;
if (!currActualExt.isEmpty() && currActualSigType.equals("text/plain")) { //NON-NLS }
}
//get known allowed values from the map for this type
String[] allowedExtArray = SigTypeToExtMap.get(currActualSigType);
if (allowedExtArray != null) {
List<String> allowedExtList = Arrays.asList(allowedExtArray);
// see if the filename ext is in the allowed list
if (allowedExtList != null) {
for (String e : allowedExtList) {
if (e.equals(currActualExt)) {
return false; return false;
} }
} }
return true; //potential mismatch
//get known allowed values from the map for this type
String[] allowedExtArray = SigTypeToExtMap.get(currActualSigType);
if (allowedExtArray != null) {
List<String> allowedExtList = Arrays.asList(allowedExtArray);
// see if the filename ext is in the allowed list
if (allowedExtList != null) {
for (String e : allowedExtList) {
if (e.equals(currActualExt)) {
return false;
}
}
return true; //potential mismatch
}
}
} }
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Error while getting file signature from blackboard.", ex); //NON-NLS
} }
return false; return false;

14
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java
View File

@ -122,16 +122,9 @@ public class FileTypeDetector {
* @throws TskCoreException * @throws TskCoreException
*/ */
public String getFileType(AbstractFile file) throws TskCoreException { public String getFileType(AbstractFile file) throws TskCoreException {
String fileType; String fileType = file.getMIMEType();
ArrayList<BlackboardAttribute> attributes = file.getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG); if(null != fileType) {
for (BlackboardAttribute attribute : attributes) { return fileType;
/**
* Get the first TSK_FILE_TYPE_SIG attribute.
*/
fileType = attribute.getValueString();
if (null != fileType && !fileType.isEmpty()) {
return fileType;
}
} }
return detectAndPostToBlackboard(file); return detectAndPostToBlackboard(file);
} }
@ -158,6 +151,7 @@ public class FileTypeDetector {
*/ */
BlackboardArtifact getInfoArt = file.getGenInfoArtifact(); BlackboardArtifact getInfoArt = file.getGenInfoArtifact();
BlackboardAttribute batt = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID(), FileTypeIdModuleFactory.getModuleName(), mimeType); BlackboardAttribute batt = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID(), FileTypeIdModuleFactory.getModuleName(), mimeType);
file.setMIMEType(mimeType);
getInfoArt.addAttribute(batt); getInfoArt.addAttribute(batt);
} }
return mimeType; return mimeType;

34
Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java
View File

@ -138,12 +138,12 @@ class ReportGenerator {
* Create a ReportProgressPanel for each report generation module selected * Create a ReportProgressPanel for each report generation module selected
* by the user. * by the user.
* *
* @param tableModuleStates The enabled/disabled state of each * @param tableModuleStates The enabled/disabled state of each
* TableReportModule * TableReportModule
* @param generalModuleStates The enabled/disabled state of each * @param generalModuleStates The enabled/disabled state of each
* GeneralReportModule * GeneralReportModule
* @param fileListModuleStates The enabled/disabled state of each * @param fileListModuleStates The enabled/disabled state of each
* FileReportModule * FileReportModule
*/ */
private void setupProgressPanels(Map<TableReportModule, Boolean> tableModuleStates, Map<GeneralReportModule, Boolean> generalModuleStates, Map<FileReportModule, Boolean> fileListModuleStates) { private void setupProgressPanels(Map<TableReportModule, Boolean> tableModuleStates, Map<GeneralReportModule, Boolean> generalModuleStates, Map<FileReportModule, Boolean> fileListModuleStates) {
if (null != tableModuleStates) { if (null != tableModuleStates) {
@ -235,9 +235,9 @@ class ReportGenerator {
* Run the TableReportModules using a SwingWorker. * Run the TableReportModules using a SwingWorker.
* *
* @param artifactTypeSelections the enabled/disabled state of the artifact * @param artifactTypeSelections the enabled/disabled state of the artifact
* types to be included in the report * types to be included in the report
* @param tagSelections the enabled/disabled state of the tag names * @param tagSelections the enabled/disabled state of the tag names to be
* to be included in the report * included in the report
*/ */
public void generateTableReports(Map<ARTIFACT_TYPE, Boolean> artifactTypeSelections, Map<String, Boolean> tagNameSelections) { public void generateTableReports(Map<ARTIFACT_TYPE, Boolean> artifactTypeSelections, Map<String, Boolean> tagNameSelections) {
if (!tableProgress.isEmpty() && null != artifactTypeSelections) { if (!tableProgress.isEmpty() && null != artifactTypeSelections) {
@ -250,7 +250,7 @@ class ReportGenerator {
* Run the FileReportModules using a SwingWorker. * Run the FileReportModules using a SwingWorker.
* *
* @param enabledInfo the Information that should be included about each * @param enabledInfo the Information that should be included about each
* file in the report. * file in the report.
*/ */
public void generateFileListReports(Map<FileReportDataTypes, Boolean> enabledInfo) { public void generateFileListReports(Map<FileReportDataTypes, Boolean> enabledInfo) {
if (!fileProgress.isEmpty() && null != enabledInfo) { if (!fileProgress.isEmpty() && null != enabledInfo) {
@ -870,7 +870,7 @@ class ReportGenerator {
* Get a List of the artifacts and data of the given type that pass the * Get a List of the artifacts and data of the given type that pass the
* given Tag Filter. * given Tag Filter.
* *
* @param type The artifact type to get * @param type The artifact type to get
* @param tagNamesFilter The tag names that should be included. * @param tagNamesFilter The tag names that should be included.
* *
* @return a list of the filtered tags. * @return a list of the filtered tags.
@ -1493,10 +1493,10 @@ class ReportGenerator {
* for date/time conversions if a module is supplied. * for date/time conversions if a module is supplied.
* *
* @param attList list of BlackboardAttributes to be mapped * @param attList list of BlackboardAttributes to be mapped
* @param module the TableReportModule the mapping is for * @param module the TableReportModule the mapping is for
* *
* @return Map<Integer, String> of the BlackboardAttributes mapped to their * @return Map<Integer, String> of the BlackboardAttributes mapped to their
* attribute type ID * attribute type ID
*/ */
public Map<Integer, String> getMappedAttributes(List<BlackboardAttribute> attList, TableReportModule... module) { public Map<Integer, String> getMappedAttributes(List<BlackboardAttribute> attList, TableReportModule... module) {
Map<Integer, String> attributes = new HashMap<>(); Map<Integer, String> attributes = new HashMap<>();
@ -1659,7 +1659,7 @@ class ReportGenerator {
* correct order to be written to the report. * correct order to be written to the report.
* *
* @return List<String> row values. Values could be null if attribute is * @return List<String> row values. Values could be null if attribute is
* not defined in artifact * not defined in artifact
* *
* @throws TskCoreException * @throws TskCoreException
*/ */
@ -1841,13 +1841,7 @@ class ReportGenerator {
AbstractFile file = skCase.getAbstractFileById(getObjectID()); AbstractFile file = skCase.getAbstractFileById(getObjectID());
if (file != null) { if (file != null) {
orderedRowData.add(file.getName()); orderedRowData.add(file.getName());
orderedRowData.add(file.getNameExtension()); orderedRowData.add(file.getMIMEType());
List<BlackboardAttribute> attrs = file.getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG);
if (!attrs.isEmpty()) {
orderedRowData.add(attrs.get(0).getValueString());
} else {
orderedRowData.add("");
}
orderedRowData.add(file.getUniquePath()); orderedRowData.add(file.getUniquePath());
} else { } else {
// Make empty rows to make sure the formatting is correct // Make empty rows to make sure the formatting is correct

3
ImageGallery/src/org/sleuthkit/autopsy/imagegallery/datamodel/DrawableFile.java
View File

@ -123,7 +123,8 @@ public abstract class DrawableFile<T extends AbstractFile> extends AbstractFile
file.getGid(), file.getGid(),
file.getMd5Hash(), file.getMd5Hash(),
file.getKnown(), file.getKnown(),
file.getParentPath()); file.getParentPath(),
null);
this.analyzed = new SimpleBooleanProperty(analyzed); this.analyzed = new SimpleBooleanProperty(analyzed);
this.file = file; this.file = file;
} }