From b582839795d89a7bbb0d984abc95238ac55d8163 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Wed, 15 May 2019 17:20:43 -0400 Subject: [PATCH 1/2] 5046 don't try to parse date when there is nothing to parse --- .../recentactivity/ExtractRegistry.java | 38 +++++++++++-------- 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index 775ec69933..4b61f71997 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -410,12 +410,15 @@ class ExtractRegistry extends Extract { if (timenodes.getLength() > 0) { Element timenode = (Element) timenodes.item(0); String etime = timenode.getTextContent(); - try { - mtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(etime).getTime(); - String Tempdate = mtime.toString(); - mtime = Long.valueOf(Tempdate) / MS_IN_SEC; - } catch (ParseException ex) { - logger.log(Level.WARNING, "Failed to parse epoch time when parsing the registry.", ex); //NON-NLS + //sometimes etime will be an empty string and therefore can not be parsed into a date + if (!etime.isEmpty()) { + try { + mtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(etime).getTime(); + String Tempdate = mtime.toString(); + mtime = Long.valueOf(Tempdate) / MS_IN_SEC; + } catch (ParseException ex) { + logger.log(Level.WARNING, "Failed to parse epoch time when parsing the registry.", ex); //NON-NLS + } } } @@ -467,13 +470,14 @@ class ExtractRegistry extends Extract { regOrg = value; break; case "InstallDate": //NON-NLS - try { - Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(value).getTime(); - installtime = epochtime; - String Tempdate = installtime.toString(); - installtime = Long.valueOf(Tempdate) / MS_IN_SEC; - } catch (ParseException e) { - logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e); //NON-NLS + if (!value.isEmpty()) { + try { + installtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(value).getTime(); + String Tempdate = installtime.toString(); + installtime = Long.valueOf(Tempdate) / MS_IN_SEC; + } catch (ParseException e) { + logger.log(Level.SEVERE, "RegRipper::Conversion on DateTime -> ", e); //NON-NLS + } } break; default: @@ -651,9 +655,11 @@ class ExtractRegistry extends Extract { case "uninstall": //NON-NLS Long itemMtime = null; try { - Long epochtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(artnode.getAttribute("mtime")).getTime(); //NON-NLS - itemMtime = epochtime; - itemMtime /= MS_IN_SEC; + String mTimeAttr = artnode.getAttribute("mtime"); + if (mTimeAttr != null && !mTimeAttr.isEmpty()) { + itemMtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(mTimeAttr).getTime(); //NON-NLS + itemMtime /= MS_IN_SEC; + } } catch (ParseException e) { logger.log(Level.WARNING, "Failed to parse epoch time for installed program artifact."); //NON-NLS } From 85ff25422ada2a7234ead95d3e35608d1276d0b0 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Wed, 15 May 2019 17:55:16 -0400 Subject: [PATCH 2/2] 5046 perform a bit more null checking surrounding date values --- .../autopsy/recentactivity/ExtractRegistry.java | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index 4b61f71997..bbd8dca95d 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -411,7 +411,7 @@ class ExtractRegistry extends Extract { Element timenode = (Element) timenodes.item(0); String etime = timenode.getTextContent(); //sometimes etime will be an empty string and therefore can not be parsed into a date - if (!etime.isEmpty()) { + if (etime != null && !etime.isEmpty()) { try { mtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(etime).getTime(); String Tempdate = mtime.toString(); @@ -447,8 +447,14 @@ class ExtractRegistry extends Extract { if (artchild.hasAttributes()) { Element artnode = (Element) artchild; - String value = artnode.getTextContent().trim(); + String value = artnode.getTextContent(); + if (value != null) { + value = value.trim(); + } String name = artnode.getAttribute("name"); //NON-NLS + if (name == null) { + continue; + } switch (name) { case "ProductName": // NON-NLS version = value; @@ -470,7 +476,7 @@ class ExtractRegistry extends Extract { regOrg = value; break; case "InstallDate": //NON-NLS - if (!value.isEmpty()) { + if (value != null && !value.isEmpty()) { try { installtime = new SimpleDateFormat("EEE MMM d HH:mm:ss yyyy").parse(value).getTime(); String Tempdate = installtime.toString();