mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 09:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

2094 fixed support for path, mime, and size conditions

Browse Source
This commit is contained in:
William Schaefer 2017-02-23 15:40:40 -05:00
parent d675e27fcf
commit bdbe1c3275
1 changed files with 219 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

275
Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java
View File

@ -39,6 +39,11 @@ import org.openide.util.io.NbObjectOutputStream;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.coreutils.XMLUtil; import org.sleuthkit.autopsy.coreutils.XMLUtil;
import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileNameCondition;
import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition;
import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition;
import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition;
import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ParentPathCondition;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Element; import org.w3c.dom.Element;
import org.w3c.dom.NodeList; import org.w3c.dom.NodeList;
@ -57,6 +62,7 @@ class InterestingItemsFilesSetSettings implements Serializable {
private static final String RULE_UUID_ATTR = "ruleUUID"; //NON-NLS private static final String RULE_UUID_ATTR = "ruleUUID"; //NON-NLS
private static final String IGNORE_KNOWN_FILES_ATTR = "ignoreKnown"; //NON-NLS private static final String IGNORE_KNOWN_FILES_ATTR = "ignoreKnown"; //NON-NLS
private static final String PATH_REGEX_ATTR = "pathRegex"; //NON-NLS private static final String PATH_REGEX_ATTR = "pathRegex"; //NON-NLS
private static final String TYPE_FILTER_VALUE_ALL = "all";
private static final String TYPE_FILTER_VALUE_FILES_AND_DIRS = "files_and_dirs"; //NON-NLS private static final String TYPE_FILTER_VALUE_FILES_AND_DIRS = "files_and_dirs"; //NON-NLS
private static final String IGNORE_UNALLOCATED_SPACE = "ingoreUnallocated"; //NON-NLS private static final String IGNORE_UNALLOCATED_SPACE = "ingoreUnallocated"; //NON-NLS
private static final String PATH_FILTER_ATTR = "pathFilter"; //NON-NLS private static final String PATH_FILTER_ATTR = "pathFilter"; //NON-NLS
@ -67,6 +73,10 @@ class InterestingItemsFilesSetSettings implements Serializable {
private static final String NAME_RULE_TAG = "NAME"; //NON-NLS private static final String NAME_RULE_TAG = "NAME"; //NON-NLS
private static final String UNNAMED_LEGACY_RULE_PREFIX = "Unnamed Rule "; // NON-NLS private static final String UNNAMED_LEGACY_RULE_PREFIX = "Unnamed Rule "; // NON-NLS
private static final String NAME_ATTR = "name"; //NON-NLS private static final String NAME_ATTR = "name"; //NON-NLS
private static final String MIME_ATTR = "mimeType";
private static final String FS_COMPARATOR_ATTR = "comparatorSymbol";
private static final String FS_SIZE_ATTR = "sizeValue";
private static final String FS_UNITS_ATTR = "sizeUnits";
private static final String TYPE_FILTER_VALUE_FILES = "file"; //NON-NLS private static final String TYPE_FILTER_VALUE_FILES = "file"; //NON-NLS
private static final String XML_ENCODING = "UTF-8"; //NON-NLS private static final String XML_ENCODING = "UTF-8"; //NON-NLS
private static final Logger logger = Logger.getLogger(InterestingItemsFilesSetSettings.class.getName()); private static final Logger logger = Logger.getLogger(InterestingItemsFilesSetSettings.class.getName());
@ -135,20 +145,28 @@ class InterestingItemsFilesSetSettings implements Serializable {
* @return The path condition, or null if there is an error (logged). * @return The path condition, or null if there is an error (logged).
*/ */
private static FilesSet.Rule.ParentPathCondition readPathCondition(Element ruleElement) { private static FilesSet.Rule.ParentPathCondition readPathCondition(Element ruleElement) {
FilesSet.Rule.ParentPathCondition condition = null; // Read in the optional path condition. Null is o.k., but if the attribute
// is there, be sure it is not malformed.
ParentPathCondition pathCondition = null;
if (!ruleElement.getAttribute(PATH_FILTER_ATTR).isEmpty() || !ruleElement.getAttribute(PATH_REGEX_ATTR).isEmpty()) {
String path = ruleElement.getAttribute(InterestingItemsFilesSetSettings.PATH_FILTER_ATTR); String path = ruleElement.getAttribute(InterestingItemsFilesSetSettings.PATH_FILTER_ATTR);
String pathRegex = ruleElement.getAttribute(InterestingItemsFilesSetSettings.PATH_REGEX_ATTR); String pathRegex = ruleElement.getAttribute(InterestingItemsFilesSetSettings.PATH_REGEX_ATTR);
if (!pathRegex.isEmpty() && path.isEmpty()) { if (!pathRegex.isEmpty() && path.isEmpty()) {
try { try {
Pattern pattern = Pattern.compile(pathRegex); Pattern pattern = Pattern.compile(pathRegex);
condition = new FilesSet.Rule.ParentPathCondition(pattern); pathCondition = new FilesSet.Rule.ParentPathCondition(pattern);
} catch (PatternSyntaxException ex) { } catch (PatternSyntaxException ex) {
logger.log(Level.SEVERE, "Error compiling " + InterestingItemsFilesSetSettings.PATH_REGEX_ATTR + " regex, ignoring malformed path condition definition", ex); // NON-NLS logger.log(Level.SEVERE, "Error compiling " + InterestingItemsFilesSetSettings.PATH_REGEX_ATTR + " regex, ignoring malformed path condition definition", ex); // NON-NLS
} }
} else if (!path.isEmpty() && pathRegex.isEmpty()) { } else if (!path.isEmpty() && pathRegex.isEmpty()) {
condition = new FilesSet.Rule.ParentPathCondition(path); pathCondition = new FilesSet.Rule.ParentPathCondition(path);
} }
return condition; if (pathCondition == null) {
// Malformed attribute.
return null;
}
}
return pathCondition;
} }
/** /**
@ -167,117 +185,74 @@ class InterestingItemsFilesSetSettings implements Serializable {
} }
} }
/** private static FilesSet.Rule readRule(Element elem) {
* Construct a FilesSet file name extension rule from the data in an XML
* element.
*
* @param elem The file name extension rule XML element.
*
* @return A file name extension rule, or null if there is an error (the
* error is logged).
*/
private static FilesSet.Rule readFileExtensionRule(Element elem) {
String ruleName = InterestingItemsFilesSetSettings.readRuleName(elem); String ruleName = InterestingItemsFilesSetSettings.readRuleName(elem);
// The content of the rule tag is a file name extension condition. It may FileNameCondition nameCondition = readNameCondition(elem);
// be a regex, or it may be from a TSK Framework rule definition MetaTypeCondition metaCondition = readMetaTypeCondition(elem);
// with a "*" globbing char. ParentPathCondition pathCondition = readPathCondition(elem);
String content = elem.getTextContent(); MimeTypeCondition mimeCondition = readMimeCondition(elem);
FilesSet.Rule.ExtensionCondition extCondition; FileSizeCondition sizeCondition = readSizeCondition(elem);
String regex = elem.getAttribute(InterestingItemsFilesSetSettings.REGEX_ATTR); //if meta type condition or all four types of conditions the user can create are all null then don't make the rule
if ((!regex.isEmpty() && regex.equalsIgnoreCase("true")) || content.contains("*")) { if (metaCondition == null || (nameCondition == null && pathCondition == null && mimeCondition == null && sizeCondition == null)) {
// NON-NLS //WJS-TODOD throw an error
Pattern pattern = compileRegex(content); System.out.println("THIS IS WHEN A RULE SHOULDN'T BE CREATED");
if (pattern != null) {
extCondition = new FilesSet.Rule.ExtensionCondition(pattern);
} else {
logger.log(Level.SEVERE, "Error compiling " + InterestingItemsFilesSetSettings.EXTENSION_RULE_TAG + " regex, ignoring malformed {0} rule definition", ruleName); // NON-NLS
return null;
} }
} else { return new FilesSet.Rule(ruleName, nameCondition, metaCondition, pathCondition, mimeCondition, sizeCondition);
for (String illegalChar : illegalFileNameChars) {
if (content.contains(illegalChar)) {
logger.log(Level.SEVERE, "{0} content has illegal chars, ignoring malformed {1} rule definition", ruleName); // NON-NLS
return null;
}
}
extCondition = new FilesSet.Rule.ExtensionCondition(content);
}
// The rule must have a meta-type condition, unless a TSK Framework
// definitions file is being read.
FilesSet.Rule.MetaTypeCondition metaTypeCondition = null;
if (!elem.getAttribute(InterestingItemsFilesSetSettings.TYPE_FILTER_ATTR).isEmpty()) {
metaTypeCondition = InterestingItemsFilesSetSettings.readMetaTypeCondition(elem);
if (metaTypeCondition == null) {
// Malformed attribute.
return null;
}
} else {
metaTypeCondition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES);
}
// The rule may have a path condition. Null is o.k., but if the attribute
// is there, it must not be malformed.
FilesSet.Rule.ParentPathCondition pathCondition = null;
if (!elem.getAttribute(InterestingItemsFilesSetSettings.PATH_FILTER_ATTR).isEmpty() || !elem.getAttribute(InterestingItemsFilesSetSettings.PATH_REGEX_ATTR).isEmpty()) {
pathCondition = InterestingItemsFilesSetSettings.readPathCondition(elem);
if (pathCondition == null) {
// Malformed attribute.
return null;
}
}
return new FilesSet.Rule(ruleName, extCondition, metaTypeCondition, pathCondition, null, null);
} }
/** private static FileNameCondition readNameCondition(Element elem) {
* Construct a FilesSet file name rule from the data in an XML element. FileNameCondition nameCondition = null;
*
* @param elem The file name rule XML element.
*
* @return A file name rule, or null if there is an error (the error is
* logged).
*/
private static FilesSet.Rule readFileNameRule(Element elem) {
String ruleName = InterestingItemsFilesSetSettings.readRuleName(elem);
// The content of the rule tag is a file name condition. It may be a
// regex, or it may be from a TSK Framework rule definition with a
// "*" globbing char, or it may be simple text.
String content = elem.getTextContent(); String content = elem.getTextContent();
FilesSet.Rule.FullNameCondition nameCondition; String regex = elem.getAttribute(REGEX_ATTR);
String regex = elem.getAttribute(InterestingItemsFilesSetSettings.REGEX_ATTR); if (content != null && !content.isEmpty()) { //if there isn't content this is not a valid name condition
if ((!regex.isEmpty() && regex.equalsIgnoreCase("true")) || content.contains("*")) { if ((!regex.isEmpty() && regex.equalsIgnoreCase("true")) || content.contains("*")) { // NON-NLS
// NON-NLS
Pattern pattern = compileRegex(content); Pattern pattern = compileRegex(content);
if (pattern != null) { if (pattern != null) {
if (elem.getTagName().equals(NAME_RULE_TAG)) {
nameCondition = new FilesSet.Rule.FullNameCondition(pattern); nameCondition = new FilesSet.Rule.FullNameCondition(pattern);
} else if (elem.getTagName().equals(EXTENSION_RULE_TAG)) {
nameCondition = new FilesSet.Rule.ExtensionCondition(pattern);
} else { } else {
logger.log(Level.SEVERE, "Error compiling " + InterestingItemsFilesSetSettings.NAME_RULE_TAG + " regex, ignoring malformed '{0}' rule definition", ruleName); // NON-NLS return null;
}
} else {
logger.log(Level.SEVERE, "Error compiling " + elem.getTagName() + " regex, ignoring malformed '{0}' rule definition", readRuleName(elem)); // NON-NLS
return null; return null;
} }
} else { } else {
for (String illegalChar : illegalFileNameChars) { for (String illegalChar : illegalFileNameChars) {
if (content.contains(illegalChar)) { if (content.contains(illegalChar)) {
logger.log(Level.SEVERE, InterestingItemsFilesSetSettings.NAME_RULE_TAG + " content has illegal chars, ignoring malformed '{0}' rule definition", new Object[]{InterestingItemsFilesSetSettings.NAME_RULE_TAG, ruleName}); // NON-NLS logger.log(Level.SEVERE, elem.getTagName() + " content has illegal chars, ignoring malformed '{0}' rule definition", new Object[]{elem.getTagName(), readRuleName(elem)}); // NON-NLS
return null; return null;
} }
} }
if (elem.getTagName().equals(NAME_RULE_TAG)) {
nameCondition = new FilesSet.Rule.FullNameCondition(content); nameCondition = new FilesSet.Rule.FullNameCondition(content);
} } else if (elem.getTagName().equals(EXTENSION_RULE_TAG)) {
// Read in the type condition. nameCondition = new FilesSet.Rule.ExtensionCondition(content);
FilesSet.Rule.MetaTypeCondition metaTypeCondition = InterestingItemsFilesSetSettings.readMetaTypeCondition(elem);
if (metaTypeCondition == null) {
// Malformed attribute.
return null;
}
// Read in the optional path condition. Null is o.k., but if the attribute
// is there, be sure it is not malformed.
FilesSet.Rule.ParentPathCondition pathCondition = null;
if (!elem.getAttribute(InterestingItemsFilesSetSettings.PATH_FILTER_ATTR).isEmpty() || !elem.getAttribute(InterestingItemsFilesSetSettings.PATH_REGEX_ATTR).isEmpty()) {
pathCondition = InterestingItemsFilesSetSettings.readPathCondition(elem);
if (pathCondition == null) {
// Malformed attribute.
return null;
} }
} }
return new FilesSet.Rule(ruleName, nameCondition, metaTypeCondition, pathCondition, null, null); }
return nameCondition;
}
private static MimeTypeCondition readMimeCondition(Element elem) {
MimeTypeCondition mimeCondition = null;
if (!elem.getAttribute(MIME_ATTR).isEmpty()) {
mimeCondition = new MimeTypeCondition(elem.getAttribute(MIME_ATTR));
}
return mimeCondition;
}
private static FileSizeCondition readSizeCondition(Element elem) {
FileSizeCondition sizeCondition = null;
if (!elem.getAttribute(FS_COMPARATOR_ATTR).isEmpty() && !elem.getAttribute(FS_SIZE_ATTR).isEmpty() && !elem.getAttribute(FS_UNITS_ATTR).isEmpty()) {
FileSizeCondition.COMPARATOR comparator = FileSizeCondition.COMPARATOR.fromSymbol(elem.getAttribute(FS_COMPARATOR_ATTR));
FileSizeCondition.SIZE_UNIT sizeUnit = FileSizeCondition.SIZE_UNIT.fromName(elem.getAttribute(FS_UNITS_ATTR));
int size = Integer.parseInt(elem.getAttribute(FS_SIZE_ATTR));
sizeCondition = new FileSizeCondition(comparator, sizeUnit, size);
}
return sizeCondition;
} }
/** /**
@ -314,13 +289,14 @@ class InterestingItemsFilesSetSettings implements Serializable {
if (!ignoreUnallocated.isEmpty()) { if (!ignoreUnallocated.isEmpty()) {
ignoreUnallocatedSpace = Boolean.parseBoolean(ignoreUnallocated); ignoreUnallocatedSpace = Boolean.parseBoolean(ignoreUnallocated);
} }
// Read file name set membership rules, if any. // Read the set membership rules, if any.
InterestingItemsFilesSetSettings.unnamedLegacyRuleCounter = 1; InterestingItemsFilesSetSettings.unnamedLegacyRuleCounter = 1;
Map<String, FilesSet.Rule> rules = new HashMap<>(); Map<String, FilesSet.Rule> rules = new HashMap<>();
NodeList nameRuleElems = setElem.getElementsByTagName(InterestingItemsFilesSetSettings.NAME_RULE_TAG); NodeList allRuleElems = setElem.getChildNodes();
for (int j = 0; j < nameRuleElems.getLength(); ++j) { for (int j = 0; j < allRuleElems.getLength(); ++j) {
Element elem = (Element) nameRuleElems.item(j); if (allRuleElems.item(j) instanceof Element) { //not all the children are elements
FilesSet.Rule rule = InterestingItemsFilesSetSettings.readFileNameRule(elem); Element elem = (Element) allRuleElems.item(j);
FilesSet.Rule rule = readRule(elem);
if (rule != null) { if (rule != null) {
if (!rules.containsKey(rule.getUuid())) { if (!rules.containsKey(rule.getUuid())) {
rules.put(rule.getUuid(), rule); rules.put(rule.getUuid(), rule);
@ -332,34 +308,21 @@ class InterestingItemsFilesSetSettings implements Serializable {
logger.log(Level.SEVERE, "Found malformed rule for set named {0} in FilesSet definition file at {1}, discarding malformed set", new Object[]{setName, filePath}); // NON-NLS logger.log(Level.SEVERE, "Found malformed rule for set named {0} in FilesSet definition file at {1}, discarding malformed set", new Object[]{setName, filePath}); // NON-NLS
return; return;
} }
}
// Read file extension set membership rules, if any.
NodeList extRuleElems = setElem.getElementsByTagName(InterestingItemsFilesSetSettings.EXTENSION_RULE_TAG);
for (int j = 0; j < extRuleElems.getLength(); ++j) {
Element elem = (Element) extRuleElems.item(j);
FilesSet.Rule rule = InterestingItemsFilesSetSettings.readFileExtensionRule(elem);
if (rule != null) {
if (!rules.containsKey(rule.getUuid())) {
rules.put(rule.getUuid(), rule);
} else { } else {
logger.log(Level.SEVERE, "Found duplicate rule {0} for set named {1} in FilesSet definition file at {2}, discarding malformed set", new Object[]{rule.getUuid(), setName, filePath}); //NOI18N NON-NLS System.out.println("NOT AN ELEMENT: " + allRuleElems.item(j).getNodeName() + " To String:" + allRuleElems.item(j).toString());
return;
}
} else {
logger.log(Level.SEVERE, "Found malformed rule for set named {0} in FilesSet definition file at {1}, discarding malformed set", new Object[]{setName, filePath}); //NOI18N NON-NLS
return;
} }
} }
// Make the files set. Note that degenerate sets with no rules are // Make the files set. Note that degenerate sets with no rules are
// allowed to facilitate the separation of set definition and rule // allowed to facilitate the separation of set definition and rule
// definitions. A set without rules is simply the empty set. // definitions. A set without rules is simply the empty set.
FilesSet set = new FilesSet(setName, description, ignoreKnownFiles, ignoreUnallocatedSpace, rules); FilesSet set = new FilesSet(setName, description, ignoreKnownFiles, ignoreUnallocatedSpace, rules);
filesSets.put(set.getName(), set); filesSets.put(set.getName(), set);
} }
// Note: This method takes a file path to support the possibility of // Note: This method takes a file path to support the possibility of
// multiple intersting files set definition files, e.g., one for // multiple intersting files set definition files, e.g., one for
// definitions that ship with Autopsy and one for user definitions. // definitions that ship with Autopsy and one for user definitions.
/** /**
* Reads FilesSet definitions from Serialized file or XML file. * Reads FilesSet definitions from Serialized file or XML file.
* *
@ -403,6 +366,7 @@ class InterestingItemsFilesSetSettings implements Serializable {
if (!xmlFile.canRead()) { if (!xmlFile.canRead()) {
logger.log(Level.SEVERE, "FilesSet definition file at {0} exists, but cannot be read", xmlFile.getPath()); // NON-NLS logger.log(Level.SEVERE, "FilesSet definition file at {0} exists, but cannot be read", xmlFile.getPath()); // NON-NLS
return filesSets; return filesSets;
} }
// Parse the XML in the file. // Parse the XML in the file.
Document doc = XMLUtil.loadDoc(InterestingItemsFilesSetSettings.class, xmlFile.getPath()); Document doc = XMLUtil.loadDoc(InterestingItemsFilesSetSettings.class, xmlFile.getPath());
@ -443,8 +407,7 @@ class InterestingItemsFilesSetSettings implements Serializable {
return true; return true;
} }
static boolean exportXmlDefinitionsFile(File xmlFile, Map<String, FilesSet> interestingFilesSets) {
static boolean exportXmlDefinitionsFile(File xmlFile, Map<String, FilesSet> interestingFilesSets){
DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
try { try {
// Create the new XML document. // Create the new XML document.
@ -465,22 +428,29 @@ class InterestingItemsFilesSetSettings implements Serializable {
for (FilesSet.Rule rule : set.getRules().values()) { for (FilesSet.Rule rule : set.getRules().values()) {
// Add a rule element with the appropriate name Condition // Add a rule element with the appropriate name Condition
// type tag. // type tag.
FilesSet.Rule.FileNameCondition nameCondition = rule.getFileNameCondition();
Element ruleElement; Element ruleElement;
FileNameCondition nameCondition = rule.getFileNameCondition();
//The element type is just being used as another attribute for
//the name condition in legacy xmls.
//For rules which don't contain a name condition it doesn't matter
//what type of element it is
if (nameCondition instanceof FilesSet.Rule.FullNameCondition) { if (nameCondition instanceof FilesSet.Rule.FullNameCondition) {
ruleElement = doc.createElement(NAME_RULE_TAG); ruleElement = doc.createElement(NAME_RULE_TAG);
} else { } else {
ruleElement = doc.createElement(EXTENSION_RULE_TAG); ruleElement = doc.createElement(EXTENSION_RULE_TAG);
} }
// Add the optional rule name attribute.
// Add the rule name attribute.
ruleElement.setAttribute(NAME_ATTR, rule.getName()); ruleElement.setAttribute(NAME_ATTR, rule.getName());
if (nameCondition != null) {
// Add the name Condition regex attribute // Add the name Condition regex attribute
ruleElement.setAttribute(REGEX_ATTR, Boolean.toString(nameCondition.isRegex())); ruleElement.setAttribute(REGEX_ATTR, Boolean.toString(nameCondition.isRegex()));
// Add the name Condition text as the rule element content.
ruleElement.setTextContent(nameCondition.getTextToMatch());
}
// Add the type Condition attribute. // Add the type Condition attribute.
FilesSet.Rule.MetaTypeCondition typeCondition = rule.getMetaTypeCondition(); MetaTypeCondition typeCondition = rule.getMetaTypeCondition();
switch (typeCondition.getMetaType()) { switch (typeCondition.getMetaType()) {
case FILES: case FILES:
ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_FILES); ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_FILES);
@ -489,26 +459,36 @@ class InterestingItemsFilesSetSettings implements Serializable {
ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_DIRS); ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_DIRS);
break; break;
default: default:
ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_FILES_AND_DIRS); ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_ALL);
break; break;
} }
// Add the optional path Condition. // Add the optional path Condition.
FilesSet.Rule.ParentPathCondition pathFilter = rule.getPathCondition(); ParentPathCondition pathCondition = rule.getPathCondition();
if (pathFilter != null) { if (pathCondition != null) {
if (pathFilter.isRegex()) { if (pathCondition.isRegex()) {
ruleElement.setAttribute(PATH_REGEX_ATTR, pathFilter.getTextToMatch()); ruleElement.setAttribute(PATH_REGEX_ATTR, pathCondition.getTextToMatch());
} else { } else {
ruleElement.setAttribute(PATH_FILTER_ATTR, pathFilter.getTextToMatch()); ruleElement.setAttribute(PATH_FILTER_ATTR, pathCondition.getTextToMatch());
} }
} }
// Add the name Condition text as the rule element content. //Add the optional MIME type condition
ruleElement.setTextContent(nameCondition.getTextToMatch()); MimeTypeCondition mimeCondition = rule.getMimeTypeCondition();
if (mimeCondition != null) {
ruleElement.setAttribute(MIME_ATTR, mimeCondition.getMimeType());
}
//Add the optional file size condition
FileSizeCondition sizeCondition = rule.getFileSizeCondition();
if (sizeCondition != null) {
ruleElement.setAttribute(FS_COMPARATOR_ATTR, sizeCondition.getComparator().getSymbol());
ruleElement.setAttribute(FS_SIZE_ATTR, Integer.toString(sizeCondition.getSizeValue()));
ruleElement.setAttribute(FS_UNITS_ATTR, sizeCondition.getUnit().getName());
}
setElement.appendChild(ruleElement); setElement.appendChild(ruleElement);
} }
rootElement.appendChild(setElement); rootElement.appendChild(setElement);
} }
// Overwrite the previous definitions file. Note that the utility // Overwrite the previous definitions file. Note that the utility
// method logs an error on failure. // method logs an error on failure.
@ -519,6 +499,7 @@ class InterestingItemsFilesSetSettings implements Serializable {
return false; return false;
} }
} }
/** /**
* Construct a meta-type condition for a FilesSet membership rule from data * Construct a meta-type condition for a FilesSet membership rule from data
* in an XML element. * in an XML element.
@ -528,19 +509,24 @@ class InterestingItemsFilesSetSettings implements Serializable {
* @return The meta-type condition, or null if there is an error (logged). * @return The meta-type condition, or null if there is an error (logged).
*/ */
private static FilesSet.Rule.MetaTypeCondition readMetaTypeCondition(Element ruleElement) { private static FilesSet.Rule.MetaTypeCondition readMetaTypeCondition(Element ruleElement) {
FilesSet.Rule.MetaTypeCondition condition = null; FilesSet.Rule.MetaTypeCondition metaCondition = null;
// The rule must have a meta-type condition, unless a TSK Framework
// definitions file is being read.
if (!ruleElement.getAttribute(TYPE_FILTER_ATTR).isEmpty()) {
String conditionAttribute = ruleElement.getAttribute(InterestingItemsFilesSetSettings.TYPE_FILTER_ATTR); String conditionAttribute = ruleElement.getAttribute(InterestingItemsFilesSetSettings.TYPE_FILTER_ATTR);
if (!conditionAttribute.isEmpty()) { if (!conditionAttribute.isEmpty()) {
switch (conditionAttribute) { switch (conditionAttribute) {
case InterestingItemsFilesSetSettings.TYPE_FILTER_VALUE_FILES: case TYPE_FILTER_VALUE_FILES:
condition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES); metaCondition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES);
break; break;
case InterestingItemsFilesSetSettings.TYPE_FILTER_VALUE_DIRS: case TYPE_FILTER_VALUE_DIRS:
condition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.DIRECTORIES); metaCondition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.DIRECTORIES);
break; break;
case InterestingItemsFilesSetSettings.TYPE_FILTER_VALUE_FILES_AND_DIRS: case TYPE_FILTER_VALUE_ALL:
condition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES_AND_DIRECTORIES); case TYPE_FILTER_VALUE_FILES_AND_DIRS: //converts legacy xmls to current metaCondition terms
metaCondition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.ALL);
break; break;
default: default:
logger.log(Level.SEVERE, "Found {0} " + InterestingItemsFilesSetSettings.TYPE_FILTER_ATTR + " attribute with unrecognized value ''{0}'', ignoring malformed rule definition", conditionAttribute); // NON-NLS logger.log(Level.SEVERE, "Found {0} " + InterestingItemsFilesSetSettings.TYPE_FILTER_ATTR + " attribute with unrecognized value ''{0}'', ignoring malformed rule definition", conditionAttribute); // NON-NLS
break; break;
@ -548,8 +534,15 @@ class InterestingItemsFilesSetSettings implements Serializable {
} else { } else {
// Accept TSK Framework FilesSet definitions, // Accept TSK Framework FilesSet definitions,
// default to files. // default to files.
condition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES); metaCondition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES);
} }
return condition; if (metaCondition == null) {
// Malformed attribute.
return null;
}
} else {
metaCondition = new MetaTypeCondition(MetaTypeCondition.Type.FILES);
}
return metaCondition;
} }
} }