mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-20 03:24:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix based on configuration

Browse Source
This commit is contained in:
Greg DiCristofaro 2022-01-26 14:15:15 -05:00
parent 260f26bf7f
commit bb0421bf9b
2 changed files with 19 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
Core/src/org/sleuthkit/autopsy/mainui/datamodel/AnalysisResultDAO.java
View File

@ -659,6 +659,7 @@ public class AnalysisResultDAO extends BlackboardArtifactDAO {
String query = "res.search_term,\n" String query = "res.search_term,\n"
+ " res.search_type,\n" + " res.search_type,\n"
// this should be unique for each one
+ " MIN(res.configuration) AS configuration,\n" + " MIN(res.configuration) AS configuration,\n"
+ " SUM(res.count) AS count,\n" + " SUM(res.count) AS count,\n"
+ " -- when there are multiple keyword groupings, return true for has children\n" + " -- when there are multiple keyword groupings, return true for has children\n"
@ -1152,15 +1153,21 @@ public class AnalysisResultDAO extends BlackboardArtifactDAO {
} }
/** /**
* Returns all the configurations for keyword hits for the given filtering parameters. * Returns all the configurations for keyword hits for the given filtering
* @param setName The set name as defined by TSK_SET_NAME. If null, assumed to be ad hoc result. * parameters.
* @param regex The TSK_KEYWORD_REGEXP value. If null, no filtering by regex occurs. *
* @param searchType The TSK_KEYWORD_SEARCH_TYPE value. If null, no filtering by search type occurs. * @param setName The set name as defined by TSK_SET_NAME. If null,
* @param dataSourceId The data source object id. If null, no filtering by data source occurs. * assumed to be ad hoc result.
* @param dataSourceId The data source object id. If null, no filtering by
* data source occurs.
*
* @return The distinct configurations. * @return The distinct configurations.
* @throws ExecutionException *
* @throws ExecutionException
*/ */
public List<String> getKeywordHitConfigurations(String setName, String regex, TskData.KeywordSearchQueryType searchType, Long dataSourceId) throws ExecutionException { public List<String> getKeywordHitConfigurations(String setName, Long dataSourceId) throws ExecutionException {
String kwHitClause = "art.artifact_type_id = " + BlackboardArtifact.Type.TSK_KEYWORD_HIT.getTypeID();
String setNameClause = setName == null String setNameClause = setName == null
// if set name is null, then there should be no set name attribute associated with this // if set name is null, then there should be no set name attribute associated with this
? "(SELECT " ? "(SELECT "
@ -1175,27 +1182,11 @@ public class AnalysisResultDAO extends BlackboardArtifactDAO {
+ " AND attr.attribute_type_id = " + BlackboardAttribute.Type.TSK_SET_NAME.getTypeID() + " AND attr.attribute_type_id = " + BlackboardAttribute.Type.TSK_SET_NAME.getTypeID()
+ " )"; + " )";
String regexClause = regex == null
? null
: "? IN (SELECT attr.value_text FROM blackboard_attributes attr "
+ " WHERE attr.artifact_id = art.artifact_id "
+ " AND attr.attribute_type_id = " + BlackboardAttribute.Type.TSK_KEYWORD_REGEXP.getTypeID()
+ " )";
String searchTypeClause = searchType == null
? null
: "? IN (SELECT attr.value_int32 FROM blackboard_attributes attr "
+ " WHERE attr.artifact_id = art.artifact_id "
+ " AND attr.attribute_type_id = " + BlackboardAttribute.Type.TSK_KEYWORD_SEARCH_TYPE.getTypeID()
+ " )";
String dataSourceClause = dataSourceId == null String dataSourceClause = dataSourceId == null
? null ? null
: "art.data_source_obj_id = ?"; : "art.data_source_obj_id = ?";
String kwHitClause = "art.artifact_type_id = " + BlackboardArtifact.Type.TSK_KEYWORD_HIT.getTypeID(); String clauses = Stream.of(kwHitClause, setNameClause, dataSourceClause)
String clauses = Stream.of(kwHitClause, setNameClause, regexClause, searchTypeClause, dataSourceClause)
.filter(s -> s != null) .filter(s -> s != null)
.map(s -> " (" + s + ") ") .map(s -> " (" + s + ") ")
.collect(Collectors.joining("AND\n")); .collect(Collectors.joining("AND\n"));
@ -1214,14 +1205,6 @@ public class AnalysisResultDAO extends BlackboardArtifactDAO {
preparedStatement.setString(++paramIdx, setName); preparedStatement.setString(++paramIdx, setName);
} }
if (regex != null) {
preparedStatement.setString(++paramIdx, regex);
}
if (searchType != null) {
preparedStatement.setInt(++paramIdx, searchType.getType());
}
if (dataSourceId != null) { if (dataSourceId != null) {
preparedStatement.setLong(++paramIdx, dataSourceId); preparedStatement.setLong(++paramIdx, dataSourceId);
} }
@ -1236,15 +1219,13 @@ public class AnalysisResultDAO extends BlackboardArtifactDAO {
logger.log(Level.WARNING, "An error occurred while fetching results from result set.", ex); logger.log(Level.WARNING, "An error occurred while fetching results from result set.", ex);
} }
}); });
return configurations; return configurations;
} catch (SQLException | NoCurrentCaseException | TskCoreException ex) { } catch (SQLException | NoCurrentCaseException | TskCoreException ex) {
throw new ExecutionException(MessageFormat.format( throw new ExecutionException(MessageFormat.format(
"An error occurred while fetching configurations for counts where setName = {0} regex = {1} and search type = {2}", "An error occurred while fetching configurations for counts where setName = {0}",
setName == null ? "<null>" : setName, setName == null ? "<null>" : setName),
regex == null ? "<null>" : regex,
searchType == null ? "<null>" : searchType.name()),
ex); ex);
} }
} }

15
Core/src/org/sleuthkit/autopsy/mainui/nodes/AnalysisResultTypeFactory.java
View File

@ -557,20 +557,7 @@ public class AnalysisResultTypeFactory extends TreeChildFactory<AnalysisResultSe
@Override @Override
public List<String> getAnalysisResultConfigurations() { public List<String> getAnalysisResultConfigurations() {
KeywordSearchTermParams searchParams = this.getItemData().getSearchParams(); return Collections.singletonList(this.getItemData().getSearchParams().getConfiguration());
if (searchParams.hasChildren()) {
try {
return MainDAO.getInstance().getAnalysisResultDAO().getKeywordHitConfigurations(
searchParams.getSetName(), searchParams.getRegex(), searchParams.getSearchType(),
searchParams.getDataSourceId());
} catch (ExecutionException ex) {
logger.log(Level.WARNING, "An exception occurred while fetching configurations.", ex);
return Collections.emptyList();
}
} else {
return Collections.singletonList(searchParams.getConfiguration());
}
} }
} }