use new sleuthkit Account.Type enum

This commit is contained in:
millmanorama 2016-09-24 16:44:28 +02:00
parent 58a90500b9
commit bcdb16638b
3 changed files with 15 additions and 32 deletions

View File

@ -1,15 +0,0 @@
package org.sleuthkit.autopsy.datamodel;
public enum AccountType {
CREDIT_CARD("Credit Card"), OTHER("Other");
public String getDisplayName() {
return displayName;
}
private final String displayName;
private AccountType(String displayName) {
this.displayName = displayName;
}
}

View File

@ -58,6 +58,7 @@ import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.ingest.IngestManager; import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Account;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Content;
@ -75,12 +76,6 @@ public class Accounts extends Observable implements AutopsyVisitableItem {
@NbBundle.Messages("AccountsRootNode.name=Accounts") @NbBundle.Messages("AccountsRootNode.name=Accounts")
final public static String NAME = Bundle.AccountsRootNode_name(); final public static String NAME = Bundle.AccountsRootNode_name();
/**
* This is a secret handshake with
* org.sleuthkit.autopsy.keywordsearch.TermComponentQuery
*/
private static final String CREDIT_CARD_ACCOUNT_TYPE = "Credit Card";
private SleuthkitCase skCase; private SleuthkitCase skCase;
/** /**
@ -459,7 +454,11 @@ public class Accounts extends Observable implements AutopsyVisitableItem {
@Override @Override
protected Node createNodeForKey(String key) { protected Node createNodeForKey(String key) {
if (key.equals(CREDIT_CARD_ACCOUNT_TYPE)) { if (key.equals( /**
* This is a secret handshake with
* org.sleuthkit.autopsy.keywordsearch.TermComponentQuery
*/
Account.Type.CREDIT_CARD.name())) {
return new CreditCardNumberAccountTypeNode(key); return new CreditCardNumberAccountTypeNode(key);
} else { } else {
//Flesh out what happens with other account types here. //Flesh out what happens with other account types here.
@ -708,10 +707,10 @@ public class Accounts extends Observable implements AutopsyVisitableItem {
+ " GROUP_CONCAT(blackboard_artifacts.review_status_id) AS review_status_ids " + " GROUP_CONCAT(blackboard_artifacts.review_status_id) AS review_status_ids "
+ " FROM blackboard_artifacts " //NON-NLS + " FROM blackboard_artifacts " //NON-NLS
+ " LEFT JOIN blackboard_attributes as solr_attribute ON blackboard_artifacts.artifact_id = solr_attribute.artifact_id " //NON-NLS + " LEFT JOIN blackboard_attributes as solr_attribute ON blackboard_artifacts.artifact_id = solr_attribute.artifact_id " //NON-NLS
+ " AND solr_attribute.attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SOLR_DOCUMENT_ID.getTypeID() //NON-NLS + " AND solr_attribute.attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_DOCUMENT_ID.getTypeID() //NON-NLS
+ " LEFT JOIN blackboard_attributes as account_type ON blackboard_artifacts.artifact_id = account_type.artifact_id " //NON-NLS + " LEFT JOIN blackboard_attributes as account_type ON blackboard_artifacts.artifact_id = account_type.artifact_id " //NON-NLS
+ " AND account_type.attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE.getTypeID() //NON-NLS + " AND account_type.attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE.getTypeID() //NON-NLS
+ " AND account_type.value_text = '" + CREDIT_CARD_ACCOUNT_TYPE + "'" //NON-NLS + " AND account_type.value_text = '" + Account.Type.CREDIT_CARD.name() + "'" //NON-NLS
+ " WHERE blackboard_artifacts.artifact_type_id = " + BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT.getTypeID() //NON-NLS + " WHERE blackboard_artifacts.artifact_type_id = " + BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT.getTypeID() //NON-NLS
+ getRejectedArtifactFilterClause() + getRejectedArtifactFilterClause()
+ " GROUP BY blackboard_artifacts.obj_id, solr_document_id " //NON-NLS + " GROUP BY blackboard_artifacts.obj_id, solr_document_id " //NON-NLS

View File

@ -34,10 +34,10 @@ import org.apache.solr.client.solrj.SolrQuery;
import org.apache.solr.client.solrj.response.TermsResponse.Term; import org.apache.solr.client.solrj.response.TermsResponse.Term;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.Version; import org.sleuthkit.autopsy.coreutils.Version;
import org.sleuthkit.autopsy.datamodel.AccountType;
import org.sleuthkit.autopsy.datamodel.Accounts; import org.sleuthkit.autopsy.datamodel.Accounts;
import org.sleuthkit.autopsy.datamodel.BINMap; import org.sleuthkit.autopsy.datamodel.BINMap;
import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Account;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
@ -54,10 +54,9 @@ final class TermComponentQuery implements KeywordSearchQuery {
private static final boolean DEBUG = Version.Type.DEVELOPMENT.equals(Version.getBuildType()); private static final boolean DEBUG = Version.Type.DEVELOPMENT.equals(Version.getBuildType());
private static final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName(); private static final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();
private static final BlackboardAttribute.Type SOLR_DOCUMENT_ID_TYPE = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_SOLR_DOCUMENT_ID); private static final BlackboardAttribute.Type KEYWORD_SEARCH_DOCUMENT_ID = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_DOCUMENT_ID);
private static final BlackboardAttribute.Type ACCOUNT_NUMBER_TYPE = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_CREDIT_CARD_NUMBER); private static final BlackboardAttribute.Type CREDIT_CARD_NUMBER = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_CREDIT_CARD_NUMBER);
private static final BlackboardAttribute.Type ACOUNT_TYPE_TYPE = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE); private static final BlackboardAttribute.Type ACOUNT_TYPE = new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_ACCOUNT_TYPE);
//TODO: move these regex and the luhn check to a new class, something like: CreditCardNumberValidator //TODO: move these regex and the luhn check to a new class, something like: CreditCardNumberValidator
/* /*
@ -192,7 +191,7 @@ final class TermComponentQuery implements KeywordSearchQuery {
//if the keyword hit matched the credit card number keyword/regex... //if the keyword hit matched the credit card number keyword/regex...
if (keyword.getType() == ATTRIBUTE_TYPE.TSK_CREDIT_CARD_NUMBER) { if (keyword.getType() == ATTRIBUTE_TYPE.TSK_CREDIT_CARD_NUMBER) {
newArtifact = hit.getContent().newArtifact(ARTIFACT_TYPE.TSK_ACCOUNT); newArtifact = hit.getContent().newArtifact(ARTIFACT_TYPE.TSK_ACCOUNT);
newArtifact.addAttribute(new BlackboardAttribute(ACOUNT_TYPE_TYPE, MODULE_NAME, AccountType.CREDIT_CARD.name())); newArtifact.addAttribute(new BlackboardAttribute(ACOUNT_TYPE, MODULE_NAME, Account.Type.CREDIT_CARD.name()));
// make account artifact // make account artifact
//try to match it against the track 1 regex //try to match it against the track 1 regex
@ -210,11 +209,11 @@ final class TermComponentQuery implements KeywordSearchQuery {
AbstractFile file = (AbstractFile) hit.getContent(); AbstractFile file = (AbstractFile) hit.getContent();
if (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS if (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS
|| file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) { || file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) {
newArtifact.addAttribute(new BlackboardAttribute(SOLR_DOCUMENT_ID_TYPE, MODULE_NAME, hit.getSolrDocumentId())); newArtifact.addAttribute(new BlackboardAttribute(KEYWORD_SEARCH_DOCUMENT_ID, MODULE_NAME, hit.getSolrDocumentId()));
} }
} }
String ccn = newArtifact.getAttribute(ACCOUNT_NUMBER_TYPE).getValueString(); String ccn = newArtifact.getAttribute(CREDIT_CARD_NUMBER).getValueString();
final int iin = Integer.parseInt(ccn.substring(0, 8)); final int iin = Integer.parseInt(ccn.substring(0, 8));
Accounts.IINInfo iinInfo = BINMap.getIINInfo(iin); Accounts.IINInfo iinInfo = BINMap.getIINInfo(iin);