mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 09:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

2094 fixed support for path, mime, and size conditions

Browse Source
This commit is contained in:
William Schaefer 2017-02-23 15:40:40 -05:00
parent d675e27fcf
commit bdbe1c3275
1 changed files with 219 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

443
Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java
View File

@ -39,6 +39,11 @@ import org.openide.util.io.NbObjectOutputStream;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.coreutils.XMLUtil; import org.sleuthkit.autopsy.coreutils.XMLUtil;
import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileNameCondition;
import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition;
import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition;
import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition;
import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ParentPathCondition;
import org.w3c.dom.Document; import org.w3c.dom.Document;
import org.w3c.dom.Element; import org.w3c.dom.Element;
import org.w3c.dom.NodeList; import org.w3c.dom.NodeList;
@ -57,6 +62,7 @@ class InterestingItemsFilesSetSettings implements Serializable {
private static final String RULE_UUID_ATTR = "ruleUUID"; //NON-NLS private static final String RULE_UUID_ATTR = "ruleUUID"; //NON-NLS
private static final String IGNORE_KNOWN_FILES_ATTR = "ignoreKnown"; //NON-NLS private static final String IGNORE_KNOWN_FILES_ATTR = "ignoreKnown"; //NON-NLS
private static final String PATH_REGEX_ATTR = "pathRegex"; //NON-NLS private static final String PATH_REGEX_ATTR = "pathRegex"; //NON-NLS
private static final String TYPE_FILTER_VALUE_ALL = "all";
private static final String TYPE_FILTER_VALUE_FILES_AND_DIRS = "files_and_dirs"; //NON-NLS private static final String TYPE_FILTER_VALUE_FILES_AND_DIRS = "files_and_dirs"; //NON-NLS
private static final String IGNORE_UNALLOCATED_SPACE = "ingoreUnallocated"; //NON-NLS private static final String IGNORE_UNALLOCATED_SPACE = "ingoreUnallocated"; //NON-NLS
private static final String PATH_FILTER_ATTR = "pathFilter"; //NON-NLS private static final String PATH_FILTER_ATTR = "pathFilter"; //NON-NLS
@ -67,6 +73,10 @@ class InterestingItemsFilesSetSettings implements Serializable {
private static final String NAME_RULE_TAG = "NAME"; //NON-NLS private static final String NAME_RULE_TAG = "NAME"; //NON-NLS
private static final String UNNAMED_LEGACY_RULE_PREFIX = "Unnamed Rule "; // NON-NLS private static final String UNNAMED_LEGACY_RULE_PREFIX = "Unnamed Rule "; // NON-NLS
private static final String NAME_ATTR = "name"; //NON-NLS private static final String NAME_ATTR = "name"; //NON-NLS
private static final String MIME_ATTR = "mimeType";
private static final String FS_COMPARATOR_ATTR = "comparatorSymbol";
private static final String FS_SIZE_ATTR = "sizeValue";
private static final String FS_UNITS_ATTR = "sizeUnits";
private static final String TYPE_FILTER_VALUE_FILES = "file"; //NON-NLS private static final String TYPE_FILTER_VALUE_FILES = "file"; //NON-NLS
private static final String XML_ENCODING = "UTF-8"; //NON-NLS private static final String XML_ENCODING = "UTF-8"; //NON-NLS
private static final Logger logger = Logger.getLogger(InterestingItemsFilesSetSettings.class.getName()); private static final Logger logger = Logger.getLogger(InterestingItemsFilesSetSettings.class.getName());
@ -135,20 +145,28 @@ class InterestingItemsFilesSetSettings implements Serializable {
* @return The path condition, or null if there is an error (logged). * @return The path condition, or null if there is an error (logged).
*/ */
private static FilesSet.Rule.ParentPathCondition readPathCondition(Element ruleElement) { private static FilesSet.Rule.ParentPathCondition readPathCondition(Element ruleElement) {
FilesSet.Rule.ParentPathCondition condition = null; // Read in the optional path condition. Null is o.k., but if the attribute
String path = ruleElement.getAttribute(InterestingItemsFilesSetSettings.PATH_FILTER_ATTR); // is there, be sure it is not malformed.
String pathRegex = ruleElement.getAttribute(InterestingItemsFilesSetSettings.PATH_REGEX_ATTR); ParentPathCondition pathCondition = null;
if (!pathRegex.isEmpty() && path.isEmpty()) { if (!ruleElement.getAttribute(PATH_FILTER_ATTR).isEmpty() || !ruleElement.getAttribute(PATH_REGEX_ATTR).isEmpty()) {
try { String path = ruleElement.getAttribute(InterestingItemsFilesSetSettings.PATH_FILTER_ATTR);
Pattern pattern = Pattern.compile(pathRegex); String pathRegex = ruleElement.getAttribute(InterestingItemsFilesSetSettings.PATH_REGEX_ATTR);
condition = new FilesSet.Rule.ParentPathCondition(pattern); if (!pathRegex.isEmpty() && path.isEmpty()) {
} catch (PatternSyntaxException ex) { try {
logger.log(Level.SEVERE, "Error compiling " + InterestingItemsFilesSetSettings.PATH_REGEX_ATTR + " regex, ignoring malformed path condition definition", ex); // NON-NLS Pattern pattern = Pattern.compile(pathRegex);
pathCondition = new FilesSet.Rule.ParentPathCondition(pattern);
} catch (PatternSyntaxException ex) {
logger.log(Level.SEVERE, "Error compiling " + InterestingItemsFilesSetSettings.PATH_REGEX_ATTR + " regex, ignoring malformed path condition definition", ex); // NON-NLS
}
} else if (!path.isEmpty() && pathRegex.isEmpty()) {
pathCondition = new FilesSet.Rule.ParentPathCondition(path);
}
if (pathCondition == null) {
// Malformed attribute.
return null;
} }
} else if (!path.isEmpty() && pathRegex.isEmpty()) {
condition = new FilesSet.Rule.ParentPathCondition(path);
} }
return condition; return pathCondition;
} }
/** /**
@ -167,117 +185,74 @@ class InterestingItemsFilesSetSettings implements Serializable {
} }
} }
/** private static FilesSet.Rule readRule(Element elem) {
* Construct a FilesSet file name extension rule from the data in an XML
* element.
*
* @param elem The file name extension rule XML element.
*
* @return A file name extension rule, or null if there is an error (the
* error is logged).
*/
private static FilesSet.Rule readFileExtensionRule(Element elem) {
String ruleName = InterestingItemsFilesSetSettings.readRuleName(elem); String ruleName = InterestingItemsFilesSetSettings.readRuleName(elem);
// The content of the rule tag is a file name extension condition. It may FileNameCondition nameCondition = readNameCondition(elem);
// be a regex, or it may be from a TSK Framework rule definition MetaTypeCondition metaCondition = readMetaTypeCondition(elem);
// with a "*" globbing char. ParentPathCondition pathCondition = readPathCondition(elem);
String content = elem.getTextContent(); MimeTypeCondition mimeCondition = readMimeCondition(elem);
FilesSet.Rule.ExtensionCondition extCondition; FileSizeCondition sizeCondition = readSizeCondition(elem);
String regex = elem.getAttribute(InterestingItemsFilesSetSettings.REGEX_ATTR); //if meta type condition or all four types of conditions the user can create are all null then don't make the rule
if ((!regex.isEmpty() && regex.equalsIgnoreCase("true")) || content.contains("*")) { if (metaCondition == null || (nameCondition == null && pathCondition == null && mimeCondition == null && sizeCondition == null)) {
// NON-NLS //WJS-TODOD throw an error
Pattern pattern = compileRegex(content); System.out.println("THIS IS WHEN A RULE SHOULDN'T BE CREATED");
if (pattern != null) {
extCondition = new FilesSet.Rule.ExtensionCondition(pattern);
} else {
logger.log(Level.SEVERE, "Error compiling " + InterestingItemsFilesSetSettings.EXTENSION_RULE_TAG + " regex, ignoring malformed {0} rule definition", ruleName); // NON-NLS
return null;
}
} else {
for (String illegalChar : illegalFileNameChars) {
if (content.contains(illegalChar)) {
logger.log(Level.SEVERE, "{0} content has illegal chars, ignoring malformed {1} rule definition", ruleName); // NON-NLS
return null;
}
}
extCondition = new FilesSet.Rule.ExtensionCondition(content);
} }
// The rule must have a meta-type condition, unless a TSK Framework return new FilesSet.Rule(ruleName, nameCondition, metaCondition, pathCondition, mimeCondition, sizeCondition);
// definitions file is being read.
FilesSet.Rule.MetaTypeCondition metaTypeCondition = null;
if (!elem.getAttribute(InterestingItemsFilesSetSettings.TYPE_FILTER_ATTR).isEmpty()) {
metaTypeCondition = InterestingItemsFilesSetSettings.readMetaTypeCondition(elem);
if (metaTypeCondition == null) {
// Malformed attribute.
return null;
}
} else {
metaTypeCondition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES);
}
// The rule may have a path condition. Null is o.k., but if the attribute
// is there, it must not be malformed.
FilesSet.Rule.ParentPathCondition pathCondition = null;
if (!elem.getAttribute(InterestingItemsFilesSetSettings.PATH_FILTER_ATTR).isEmpty() || !elem.getAttribute(InterestingItemsFilesSetSettings.PATH_REGEX_ATTR).isEmpty()) {
pathCondition = InterestingItemsFilesSetSettings.readPathCondition(elem);
if (pathCondition == null) {
// Malformed attribute.
return null;
}
}
return new FilesSet.Rule(ruleName, extCondition, metaTypeCondition, pathCondition, null, null);
} }
/** private static FileNameCondition readNameCondition(Element elem) {
* Construct a FilesSet file name rule from the data in an XML element. FileNameCondition nameCondition = null;
*
* @param elem The file name rule XML element.
*
* @return A file name rule, or null if there is an error (the error is
* logged).
*/
private static FilesSet.Rule readFileNameRule(Element elem) {
String ruleName = InterestingItemsFilesSetSettings.readRuleName(elem);
// The content of the rule tag is a file name condition. It may be a
// regex, or it may be from a TSK Framework rule definition with a
// "*" globbing char, or it may be simple text.
String content = elem.getTextContent(); String content = elem.getTextContent();
FilesSet.Rule.FullNameCondition nameCondition; String regex = elem.getAttribute(REGEX_ATTR);
String regex = elem.getAttribute(InterestingItemsFilesSetSettings.REGEX_ATTR); if (content != null && !content.isEmpty()) { //if there isn't content this is not a valid name condition
if ((!regex.isEmpty() && regex.equalsIgnoreCase("true")) || content.contains("*")) { if ((!regex.isEmpty() && regex.equalsIgnoreCase("true")) || content.contains("*")) { // NON-NLS
// NON-NLS Pattern pattern = compileRegex(content);
Pattern pattern = compileRegex(content); if (pattern != null) {
if (pattern != null) { if (elem.getTagName().equals(NAME_RULE_TAG)) {
nameCondition = new FilesSet.Rule.FullNameCondition(pattern); nameCondition = new FilesSet.Rule.FullNameCondition(pattern);
} else { } else if (elem.getTagName().equals(EXTENSION_RULE_TAG)) {
logger.log(Level.SEVERE, "Error compiling " + InterestingItemsFilesSetSettings.NAME_RULE_TAG + " regex, ignoring malformed '{0}' rule definition", ruleName); // NON-NLS nameCondition = new FilesSet.Rule.ExtensionCondition(pattern);
return null; } else {
} return null;
} else { }
for (String illegalChar : illegalFileNameChars) { } else {
if (content.contains(illegalChar)) { logger.log(Level.SEVERE, "Error compiling " + elem.getTagName() + " regex, ignoring malformed '{0}' rule definition", readRuleName(elem)); // NON-NLS
logger.log(Level.SEVERE, InterestingItemsFilesSetSettings.NAME_RULE_TAG + " content has illegal chars, ignoring malformed '{0}' rule definition", new Object[]{InterestingItemsFilesSetSettings.NAME_RULE_TAG, ruleName}); // NON-NLS
return null; return null;
} }
} } else {
nameCondition = new FilesSet.Rule.FullNameCondition(content); for (String illegalChar : illegalFileNameChars) {
} if (content.contains(illegalChar)) {
// Read in the type condition. logger.log(Level.SEVERE, elem.getTagName() + " content has illegal chars, ignoring malformed '{0}' rule definition", new Object[]{elem.getTagName(), readRuleName(elem)}); // NON-NLS
FilesSet.Rule.MetaTypeCondition metaTypeCondition = InterestingItemsFilesSetSettings.readMetaTypeCondition(elem); return null;
if (metaTypeCondition == null) { }
// Malformed attribute. }
return null; if (elem.getTagName().equals(NAME_RULE_TAG)) {
} nameCondition = new FilesSet.Rule.FullNameCondition(content);
// Read in the optional path condition. Null is o.k., but if the attribute } else if (elem.getTagName().equals(EXTENSION_RULE_TAG)) {
// is there, be sure it is not malformed. nameCondition = new FilesSet.Rule.ExtensionCondition(content);
FilesSet.Rule.ParentPathCondition pathCondition = null; }
if (!elem.getAttribute(InterestingItemsFilesSetSettings.PATH_FILTER_ATTR).isEmpty() || !elem.getAttribute(InterestingItemsFilesSetSettings.PATH_REGEX_ATTR).isEmpty()) {
pathCondition = InterestingItemsFilesSetSettings.readPathCondition(elem);
if (pathCondition == null) {
// Malformed attribute.
return null;
} }
} }
return new FilesSet.Rule(ruleName, nameCondition, metaTypeCondition, pathCondition, null, null); return nameCondition;
}
private static MimeTypeCondition readMimeCondition(Element elem) {
MimeTypeCondition mimeCondition = null;
if (!elem.getAttribute(MIME_ATTR).isEmpty()) {
mimeCondition = new MimeTypeCondition(elem.getAttribute(MIME_ATTR));
}
return mimeCondition;
}
private static FileSizeCondition readSizeCondition(Element elem) {
FileSizeCondition sizeCondition = null;
if (!elem.getAttribute(FS_COMPARATOR_ATTR).isEmpty() && !elem.getAttribute(FS_SIZE_ATTR).isEmpty() && !elem.getAttribute(FS_UNITS_ATTR).isEmpty()) {
FileSizeCondition.COMPARATOR comparator = FileSizeCondition.COMPARATOR.fromSymbol(elem.getAttribute(FS_COMPARATOR_ATTR));
FileSizeCondition.SIZE_UNIT sizeUnit = FileSizeCondition.SIZE_UNIT.fromName(elem.getAttribute(FS_UNITS_ATTR));
int size = Integer.parseInt(elem.getAttribute(FS_SIZE_ATTR));
sizeCondition = new FileSizeCondition(comparator, sizeUnit, size);
}
return sizeCondition;
} }
/** /**
@ -314,52 +289,40 @@ class InterestingItemsFilesSetSettings implements Serializable {
if (!ignoreUnallocated.isEmpty()) { if (!ignoreUnallocated.isEmpty()) {
ignoreUnallocatedSpace = Boolean.parseBoolean(ignoreUnallocated); ignoreUnallocatedSpace = Boolean.parseBoolean(ignoreUnallocated);
} }
// Read file name set membership rules, if any. // Read the set membership rules, if any.
InterestingItemsFilesSetSettings.unnamedLegacyRuleCounter = 1; InterestingItemsFilesSetSettings.unnamedLegacyRuleCounter = 1;
Map<String, FilesSet.Rule> rules = new HashMap<>(); Map<String, FilesSet.Rule> rules = new HashMap<>();
NodeList nameRuleElems = setElem.getElementsByTagName(InterestingItemsFilesSetSettings.NAME_RULE_TAG); NodeList allRuleElems = setElem.getChildNodes();
for (int j = 0; j < nameRuleElems.getLength(); ++j) { for (int j = 0; j < allRuleElems.getLength(); ++j) {
Element elem = (Element) nameRuleElems.item(j); if (allRuleElems.item(j) instanceof Element) { //not all the children are elements
FilesSet.Rule rule = InterestingItemsFilesSetSettings.readFileNameRule(elem); Element elem = (Element) allRuleElems.item(j);
if (rule != null) { FilesSet.Rule rule = readRule(elem);
if (!rules.containsKey(rule.getUuid())) { if (rule != null) {
rules.put(rule.getUuid(), rule); if (!rules.containsKey(rule.getUuid())) {
rules.put(rule.getUuid(), rule);
} else {
logger.log(Level.SEVERE, "Found duplicate rule {0} for set named {1} in FilesSet definition file at {2}, discarding malformed set", new Object[]{rule.getUuid(), setName, filePath}); // NON-NLS
return;
}
} else { } else {
logger.log(Level.SEVERE, "Found duplicate rule {0} for set named {1} in FilesSet definition file at {2}, discarding malformed set", new Object[]{rule.getUuid(), setName, filePath}); // NON-NLS logger.log(Level.SEVERE, "Found malformed rule for set named {0} in FilesSet definition file at {1}, discarding malformed set", new Object[]{setName, filePath}); // NON-NLS
return; return;
} }
} else { } else {
logger.log(Level.SEVERE, "Found malformed rule for set named {0} in FilesSet definition file at {1}, discarding malformed set", new Object[]{setName, filePath}); // NON-NLS System.out.println("NOT AN ELEMENT: " + allRuleElems.item(j).getNodeName() + " To String:" + allRuleElems.item(j).toString());
return;
}
}
// Read file extension set membership rules, if any.
NodeList extRuleElems = setElem.getElementsByTagName(InterestingItemsFilesSetSettings.EXTENSION_RULE_TAG);
for (int j = 0; j < extRuleElems.getLength(); ++j) {
Element elem = (Element) extRuleElems.item(j);
FilesSet.Rule rule = InterestingItemsFilesSetSettings.readFileExtensionRule(elem);
if (rule != null) {
if (!rules.containsKey(rule.getUuid())) {
rules.put(rule.getUuid(), rule);
} else {
logger.log(Level.SEVERE, "Found duplicate rule {0} for set named {1} in FilesSet definition file at {2}, discarding malformed set", new Object[]{rule.getUuid(), setName, filePath}); //NOI18N NON-NLS
return;
}
} else {
logger.log(Level.SEVERE, "Found malformed rule for set named {0} in FilesSet definition file at {1}, discarding malformed set", new Object[]{setName, filePath}); //NOI18N NON-NLS
return;
} }
} }
// Make the files set. Note that degenerate sets with no rules are // Make the files set. Note that degenerate sets with no rules are
// allowed to facilitate the separation of set definition and rule // allowed to facilitate the separation of set definition and rule
// definitions. A set without rules is simply the empty set. // definitions. A set without rules is simply the empty set.
FilesSet set = new FilesSet(setName, description, ignoreKnownFiles, ignoreUnallocatedSpace, rules); FilesSet set = new FilesSet(setName, description, ignoreKnownFiles, ignoreUnallocatedSpace, rules);
filesSets.put(set.getName(), set); filesSets.put(set.getName(), set);
} }
// Note: This method takes a file path to support the possibility of // Note: This method takes a file path to support the possibility of
// multiple intersting files set definition files, e.g., one for // multiple intersting files set definition files, e.g., one for
// definitions that ship with Autopsy and one for user definitions. // definitions that ship with Autopsy and one for user definitions.
/** /**
* Reads FilesSet definitions from Serialized file or XML file. * Reads FilesSet definitions from Serialized file or XML file.
* *
@ -403,6 +366,7 @@ class InterestingItemsFilesSetSettings implements Serializable {
if (!xmlFile.canRead()) { if (!xmlFile.canRead()) {
logger.log(Level.SEVERE, "FilesSet definition file at {0} exists, but cannot be read", xmlFile.getPath()); // NON-NLS logger.log(Level.SEVERE, "FilesSet definition file at {0} exists, but cannot be read", xmlFile.getPath()); // NON-NLS
return filesSets; return filesSets;
} }
// Parse the XML in the file. // Parse the XML in the file.
Document doc = XMLUtil.loadDoc(InterestingItemsFilesSetSettings.class, xmlFile.getPath()); Document doc = XMLUtil.loadDoc(InterestingItemsFilesSetSettings.class, xmlFile.getPath());
@ -443,82 +407,99 @@ class InterestingItemsFilesSetSettings implements Serializable {
return true; return true;
} }
static boolean exportXmlDefinitionsFile(File xmlFile, Map<String, FilesSet> interestingFilesSets) {
DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
try {
// Create the new XML document.
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
Document doc = docBuilder.newDocument();
Element rootElement = doc.createElement(FILE_SETS_ROOT_TAG);
doc.appendChild(rootElement);
static boolean exportXmlDefinitionsFile(File xmlFile, Map<String, FilesSet> interestingFilesSets){ // Add the interesting files sets to the document.
DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance(); for (FilesSet set : interestingFilesSets.values()) {
try { // Add the files set element and its attributes.
// Create the new XML document. Element setElement = doc.createElement(FILE_SET_TAG);
DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder(); setElement.setAttribute(NAME_ATTR, set.getName());
Document doc = docBuilder.newDocument(); setElement.setAttribute(DESC_ATTR, set.getDescription());
Element rootElement = doc.createElement(FILE_SETS_ROOT_TAG); setElement.setAttribute(IGNORE_KNOWN_FILES_ATTR, Boolean.toString(set.ignoresKnownFiles()));
doc.appendChild(rootElement);
// Add the interesting files sets to the document. // Add the child elements for the set membership rules.
for (FilesSet set : interestingFilesSets.values()) { for (FilesSet.Rule rule : set.getRules().values()) {
// Add the files set element and its attributes. // Add a rule element with the appropriate name Condition
Element setElement = doc.createElement(FILE_SET_TAG); // type tag.
setElement.setAttribute(NAME_ATTR, set.getName()); Element ruleElement;
setElement.setAttribute(DESC_ATTR, set.getDescription());
setElement.setAttribute(IGNORE_KNOWN_FILES_ATTR, Boolean.toString(set.ignoresKnownFiles()));
// Add the child elements for the set membership rules. FileNameCondition nameCondition = rule.getFileNameCondition();
for (FilesSet.Rule rule : set.getRules().values()) { //The element type is just being used as another attribute for
// Add a rule element with the appropriate name Condition //the name condition in legacy xmls.
// type tag. //For rules which don't contain a name condition it doesn't matter
FilesSet.Rule.FileNameCondition nameCondition = rule.getFileNameCondition(); //what type of element it is
Element ruleElement; if (nameCondition instanceof FilesSet.Rule.FullNameCondition) {
if (nameCondition instanceof FilesSet.Rule.FullNameCondition) { ruleElement = doc.createElement(NAME_RULE_TAG);
ruleElement = doc.createElement(NAME_RULE_TAG); } else {
} else { ruleElement = doc.createElement(EXTENSION_RULE_TAG);
ruleElement = doc.createElement(EXTENSION_RULE_TAG); }
} // Add the optional rule name attribute.
ruleElement.setAttribute(NAME_ATTR, rule.getName());
// Add the rule name attribute. if (nameCondition != null) {
ruleElement.setAttribute(NAME_ATTR, rule.getName());
// Add the name Condition regex attribute // Add the name Condition regex attribute
ruleElement.setAttribute(REGEX_ATTR, Boolean.toString(nameCondition.isRegex())); ruleElement.setAttribute(REGEX_ATTR, Boolean.toString(nameCondition.isRegex()));
// Add the type Condition attribute.
FilesSet.Rule.MetaTypeCondition typeCondition = rule.getMetaTypeCondition();
switch (typeCondition.getMetaType()) {
case FILES:
ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_FILES);
break;
case DIRECTORIES:
ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_DIRS);
break;
default:
ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_FILES_AND_DIRS);
break;
}
// Add the optional path Condition.
FilesSet.Rule.ParentPathCondition pathFilter = rule.getPathCondition();
if (pathFilter != null) {
if (pathFilter.isRegex()) {
ruleElement.setAttribute(PATH_REGEX_ATTR, pathFilter.getTextToMatch());
} else {
ruleElement.setAttribute(PATH_FILTER_ATTR, pathFilter.getTextToMatch());
}
}
// Add the name Condition text as the rule element content. // Add the name Condition text as the rule element content.
ruleElement.setTextContent(nameCondition.getTextToMatch()); ruleElement.setTextContent(nameCondition.getTextToMatch());
}
setElement.appendChild(ruleElement); // Add the type Condition attribute.
MetaTypeCondition typeCondition = rule.getMetaTypeCondition();
switch (typeCondition.getMetaType()) {
case FILES:
ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_FILES);
break;
case DIRECTORIES:
ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_DIRS);
break;
default:
ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_ALL);
break;
}
// Add the optional path Condition.
ParentPathCondition pathCondition = rule.getPathCondition();
if (pathCondition != null) {
if (pathCondition.isRegex()) {
ruleElement.setAttribute(PATH_REGEX_ATTR, pathCondition.getTextToMatch());
} else {
ruleElement.setAttribute(PATH_FILTER_ATTR, pathCondition.getTextToMatch());
}
}
//Add the optional MIME type condition
MimeTypeCondition mimeCondition = rule.getMimeTypeCondition();
if (mimeCondition != null) {
ruleElement.setAttribute(MIME_ATTR, mimeCondition.getMimeType());
}
//Add the optional file size condition
FileSizeCondition sizeCondition = rule.getFileSizeCondition();
if (sizeCondition != null) {
ruleElement.setAttribute(FS_COMPARATOR_ATTR, sizeCondition.getComparator().getSymbol());
ruleElement.setAttribute(FS_SIZE_ATTR, Integer.toString(sizeCondition.getSizeValue()));
ruleElement.setAttribute(FS_UNITS_ATTR, sizeCondition.getUnit().getName());
} }
rootElement.appendChild(setElement); setElement.appendChild(ruleElement);
} }
// Overwrite the previous definitions file. Note that the utility
// method logs an error on failure.
return XMLUtil.saveDoc(InterestingItemsFilesSetSettings.class, xmlFile.getPath(), XML_ENCODING, doc);
} catch (ParserConfigurationException ex) { rootElement.appendChild(setElement);
logger.log(Level.SEVERE, "Error writing interesting files definition file to " + xmlFile.getPath(), ex); // NON-NLS
return false;
} }
// Overwrite the previous definitions file. Note that the utility
// method logs an error on failure.
return XMLUtil.saveDoc(InterestingItemsFilesSetSettings.class, xmlFile.getPath(), XML_ENCODING, doc);
} catch (ParserConfigurationException ex) {
logger.log(Level.SEVERE, "Error writing interesting files definition file to " + xmlFile.getPath(), ex); // NON-NLS
return false;
} }
}
/** /**
* Construct a meta-type condition for a FilesSet membership rule from data * Construct a meta-type condition for a FilesSet membership rule from data
* in an XML element. * in an XML element.
@ -528,28 +509,40 @@ class InterestingItemsFilesSetSettings implements Serializable {
* @return The meta-type condition, or null if there is an error (logged). * @return The meta-type condition, or null if there is an error (logged).
*/ */
private static FilesSet.Rule.MetaTypeCondition readMetaTypeCondition(Element ruleElement) { private static FilesSet.Rule.MetaTypeCondition readMetaTypeCondition(Element ruleElement) {
FilesSet.Rule.MetaTypeCondition condition = null; FilesSet.Rule.MetaTypeCondition metaCondition = null;
String conditionAttribute = ruleElement.getAttribute(InterestingItemsFilesSetSettings.TYPE_FILTER_ATTR); // The rule must have a meta-type condition, unless a TSK Framework
if (!conditionAttribute.isEmpty()) { // definitions file is being read.
switch (conditionAttribute) { if (!ruleElement.getAttribute(TYPE_FILTER_ATTR).isEmpty()) {
case InterestingItemsFilesSetSettings.TYPE_FILTER_VALUE_FILES: String conditionAttribute = ruleElement.getAttribute(InterestingItemsFilesSetSettings.TYPE_FILTER_ATTR);
condition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES); if (!conditionAttribute.isEmpty()) {
break; switch (conditionAttribute) {
case InterestingItemsFilesSetSettings.TYPE_FILTER_VALUE_DIRS: case TYPE_FILTER_VALUE_FILES:
condition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.DIRECTORIES); metaCondition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES);
break; break;
case InterestingItemsFilesSetSettings.TYPE_FILTER_VALUE_FILES_AND_DIRS: case TYPE_FILTER_VALUE_DIRS:
condition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES_AND_DIRECTORIES); metaCondition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.DIRECTORIES);
break; break;
default: case TYPE_FILTER_VALUE_ALL:
logger.log(Level.SEVERE, "Found {0} " + InterestingItemsFilesSetSettings.TYPE_FILTER_ATTR + " attribute with unrecognized value ''{0}'', ignoring malformed rule definition", conditionAttribute); // NON-NLS case TYPE_FILTER_VALUE_FILES_AND_DIRS: //converts legacy xmls to current metaCondition terms
break; metaCondition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.ALL);
break;
default:
logger.log(Level.SEVERE, "Found {0} " + InterestingItemsFilesSetSettings.TYPE_FILTER_ATTR + " attribute with unrecognized value ''{0}'', ignoring malformed rule definition", conditionAttribute); // NON-NLS
break;
}
} else {
// Accept TSK Framework FilesSet definitions,
// default to files.
metaCondition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES);
}
if (metaCondition == null) {
// Malformed attribute.
return null;
} }
} else { } else {
// Accept TSK Framework FilesSet definitions, metaCondition = new MetaTypeCondition(MetaTypeCondition.Type.FILES);
// default to files.
condition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES);
} }
return condition; return metaCondition;
} }
} }