mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 18:17:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

changed sql and logic for email node

Browse Source
This commit is contained in:
Greg DiCristofaro 2021-04-05 15:23:22 -04:00
parent 0952403cf4
commit b55755b33e
1 changed files with 40 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
Core/src/org/sleuthkit/autopsy/datamodel/EmailExtracted.java
View File

@ -32,6 +32,7 @@ import java.util.Observable;
import java.util.Observer; import java.util.Observer;
import java.util.Set; import java.util.Set;
import java.util.logging.Level; import java.util.logging.Level;
import org.apache.commons.lang3.tuple.Pair;
import org.openide.nodes.ChildFactory; import org.openide.nodes.ChildFactory;
import org.openide.nodes.Children; import org.openide.nodes.Children;
import org.openide.nodes.Node; import org.openide.nodes.Node;
@ -77,7 +78,7 @@ public class EmailExtracted implements AutopsyVisitableItem {
*/ */
public static final Map<String, String> parsePath(String path) { public static final Map<String, String> parsePath(String path) {
Map<String, String> parsed = new HashMap<>(); Map<String, String> parsed = new HashMap<>();
String[] split = path.split(MAIL_PATH_SEPARATOR); String[] split = path == null ? new String[0] : path.split(MAIL_PATH_SEPARATOR);
if (split.length < 4) { if (split.length < 4) {
parsed.put(MAIL_ACCOUNT, NbBundle.getMessage(EmailExtracted.class, "EmailExtracted.defaultAcct.text")); parsed.put(MAIL_ACCOUNT, NbBundle.getMessage(EmailExtracted.class, "EmailExtracted.defaultAcct.text"));
parsed.put(MAIL_FOLDER, NbBundle.getMessage(EmailExtracted.class, "EmailExtracted.defaultFolder.text")); parsed.put(MAIL_FOLDER, NbBundle.getMessage(EmailExtracted.class, "EmailExtracted.defaultFolder.text"));
@ -146,55 +147,59 @@ public class EmailExtracted implements AutopsyVisitableItem {
} }
@SuppressWarnings("deprecation") @SuppressWarnings("deprecation")
public void update() { public void update() {
synchronized (accounts) { // clear cache if no case
accounts.clear();
}
if (skCase == null) { if (skCase == null) {
synchronized (accounts) {
accounts.clear();
}
return; return;
} }
int artId = BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID(); // get artifact id and path (if present) of all email artifacts
int emailArtifactId = BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID();
int pathAttrId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID(); int pathAttrId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID();
String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " //NON-NLS
+ "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS String query = "SELECT \n" +
+ "attribute_type_id=" + pathAttrId //NON-NLS " art.artifact_id AS artifact_id,\n" +
+ " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS " (SELECT value_text FROM blackboard_attributes attr\n" +
+ " AND blackboard_artifacts.artifact_type_id=" + artId; //NON-NLS " WHERE attr.artifact_id = art.artifact_id AND attr.attribute_type_id = " + pathAttrId + "\n" +
if (filteringDSObjId > 0) { " LIMIT 1) AS value_text\n" +
query += " AND blackboard_artifacts.data_source_obj_id = " + filteringDSObjId; "FROM \n" +
} " blackboard_artifacts art\n" +
" WHERE art.artifact_type_id = " + emailArtifactId + "\n" +
((filteringDSObjId > 0) ? " AND art.data_source_obj_id = " + filteringDSObjId : "");
// form hierarchy of account -> folder -> account id
Map<String, Map<String, List<Long>>> newMapping = new HashMap<>();
try (CaseDbQuery dbQuery = skCase.executeQuery(query)) { try (CaseDbQuery dbQuery = skCase.executeQuery(query)) {
ResultSet resultSet = dbQuery.getResultSet(); ResultSet resultSet = dbQuery.getResultSet();
synchronized (accounts) { while (resultSet.next()) {
while (resultSet.next()) { Long artifactId = resultSet.getLong("artifact_id");
final String path = resultSet.getString("value_text"); //NON-NLS Map<String, String> accountFolderMap = parsePath(resultSet.getString("value_text"));
final long artifactId = resultSet.getLong("artifact_id"); //NON-NLS String account = accountFolderMap.get(MAIL_ACCOUNT);
final Map<String, String> parsedPath = parsePath(path); String folder = accountFolderMap.get(MAIL_FOLDER);
final String account = parsedPath.get(MAIL_ACCOUNT);
final String folder = parsedPath.get(MAIL_FOLDER); Map<String, List<Long>> folders = newMapping.computeIfAbsent(account, (str) -> new LinkedHashMap<>());
List<Long> messages = folders.computeIfAbsent(folder, (str) -> new ArrayList<>());
Map<String, List<Long>> folders = accounts.get(account); messages.add(artifactId);
if (folders == null) {
folders = new LinkedHashMap<>();
accounts.put(account, folders);
}
List<Long> messages = folders.get(folder);
if (messages == null) {
messages = new ArrayList<>();
folders.put(folder, messages);
}
messages.add(artifactId);
}
} }
} catch (TskCoreException | SQLException ex) { } catch (TskCoreException | SQLException ex) {
logger.log(Level.WARNING, "Cannot initialize email extraction: ", ex); //NON-NLS logger.log(Level.WARNING, "Cannot initialize email extraction: ", ex); //NON-NLS
} }
synchronized (accounts) {
accounts.clear();
accounts.putAll(newMapping);
}
setChanged(); setChanged();
notifyObservers(); notifyObservers();
} }
} }
/** /**
* Mail root node grouping all mail accounts, supports account-> folder * Mail root node grouping all mail accounts, supports account-> folder