mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

7917 hopefully working SCO changes after 7852

Browse Source
This commit is contained in:
William Schaefer 2021-09-10 16:02:20 -04:00
parent d0b6ff4683
commit c296fbbdd2
13 changed files with 231 additions and 381 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CentralRepository.java
View File

@ -170,7 +170,9 @@ public interface CentralRepository {
* user is not found in the examiner table.
*
* @param examinerLoginName user name to look for.
*
* @return CentralRepoExaminer for the given user name.
*
* @throws CentralRepoException If there is an error in looking up or
* inserting the user in the examiners table.
*/
@ -373,6 +375,19 @@ public interface CentralRepository {
*/
Long getCountUniqueCaseDataSourceTuplesHavingTypeValue(CorrelationAttributeInstance.Type aType, String value) throws CentralRepoException, CorrelationAttributeNormalizationException;
/**
* Retrieves number of unique cases which have correlation attributes other
* which are not associated with the specified file with the same type and
* value.
*
* @param instance The instance having its cases with other occurrences
* counted.
*
* @return Number of cases with additional instances of this attribute type
* and value.
*/
public Long getCountCasesWithOtherInstances(CorrelationAttributeInstance instance) throws CentralRepoException, CorrelationAttributeNormalizationException;
/**
* Retrieves number of data sources in the database.
*
@ -449,7 +464,8 @@ public interface CentralRepository {
* @param type The type of instance.
* @param correlationCase The case tied to the instance.
* @param correlationDataSource The data source tied to the instance.
* @param objectID The object id of the file tied to the instance.
* @param objectID The object id of the file tied to the
* instance.
*
* @return The correlation attribute if it exists; otherwise null.
*
@ -690,7 +706,8 @@ public interface CentralRepository {
* Add a new reference instance
*
* @param eamGlobalFileInstance The reference instance to add
* @param correlationType Correlation Type that this Reference Instance is
* @param correlationType Correlation Type that this Reference
* Instance is
*
* @throws CentralRepoException
*/
@ -861,7 +878,9 @@ public interface CentralRepository {
* Get account type by type name.
*
* @param accountTypeName account type name to look for
*
* @return CR account type (if found)
*
* @throws CentralRepoException
*/
Optional<CentralRepoAccountType> getAccountTypeByName(String accountTypeName) throws CentralRepoException;
@ -881,9 +900,11 @@ public interface CentralRepository {
*
* @param crAccountType CR account type to look for or create
* @param accountUniqueID type specific unique account id
*
* @return CR account
*
* @throws CentralRepoException If there is an error accessing Central Repository.
* @throws CentralRepoException If there is an error accessing Central
* Repository.
* @throws InvalidAccountIDException If the account identifier is not valid.
*/
CentralRepoAccount getOrCreateAccount(CentralRepoAccount.CentralRepoAccountType crAccountType, String accountUniqueID) throws InvalidAccountIDException, CentralRepoException;
@ -897,7 +918,8 @@ public interface CentralRepository {
*
* @return CR account, if found, null otherwise.
*
* @throws CentralRepoException If there is an error accessing Central Repository.
* @throws CentralRepoException If there is an error accessing Central
* Repository.
* @throws InvalidAccountIDException If the account identifier is not valid.
*/
CentralRepoAccount getAccount(CentralRepoAccount.CentralRepoAccountType crAccountType, String accountUniqueID) throws InvalidAccountIDException, CentralRepoException;

1
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/PostgresCentralRepo.java
View File

@ -269,4 +269,5 @@ final class PostgresCentralRepo extends RdbmsCentralRepo {
return columnExists;
}
}

58
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/RdbmsCentralRepo.java
View File

@ -1099,7 +1099,6 @@ abstract class RdbmsCentralRepo implements CentralRepository {
throw new CentralRepoException(String.format("Cannot add account to currently selected CR database platform %s", CentralRepoDbManager.getSavedDbChoice().getDbPlatform())); //NON-NLS
}
try (Connection connection = connect();
PreparedStatement preparedStatement = connection.prepareStatement(insertSQL);) {
@ -1193,7 +1192,8 @@ abstract class RdbmsCentralRepo implements CentralRepository {
* @return CentralRepoAccount for the give type/id. May return null if not
* found.
*
* @throws CentralRepoException If there is an error accessing Central Repository.
* @throws CentralRepoException If there is an error accessing Central
* Repository.
* @throws InvalidAccountIDException If the account identifier is not valid.
*/
@Override
@ -1496,6 +1496,59 @@ abstract class RdbmsCentralRepo implements CentralRepository {
return instanceCount;
}
@Override
public Long getCountCasesWithOtherInstances(CorrelationAttributeInstance instance) throws CentralRepoException, CorrelationAttributeNormalizationException {
Long instanceCount = 0L;
if (instance != null) {
Long sourceObjID = instance.getFileObjectId();
//We know that instances have a correlation case but that correlation case may have a null ID if it is not in the CR, although it should be.
int correlationCaseId = instance.getCorrelationCase().getID();
String normalizedValue = CorrelationAttributeNormalizer.normalize(instance.getCorrelationType(), instance.getCorrelationValue());
Connection conn = connect();
PreparedStatement preparedStatement = null;
String tableName = CentralRepoDbUtil.correlationTypeToInstanceTableName(instance.getCorrelationType());
ResultSet resultSet = null;
try {
if (correlationCaseId > 0 && sourceObjID != null) {
//the current case is in the CR we can ignore this case source file to ensure we don't count the current item
//this will also work regardless of the instance itself being a database instance
String sql
= "SELECT count(*) FROM (SELECT DISTINCT case_id FROM "
+ tableName
+ " WHERE value=? AND NOT (file_obj_id=? AND case_id=?)) AS "
+ tableName
+ "_other_case_count";
preparedStatement = conn.prepareStatement(sql);
preparedStatement.setString(1, normalizedValue);
preparedStatement.setLong(2, sourceObjID);
preparedStatement.setInt(3, correlationCaseId);
} else {
//the current case is not in the CR so the current instance can't be so we can just count all other cases with the instance
//we won't know if it exists elsewhere in this case because this case is not in the CR
String sql
= "SELECT count(*) FROM (SELECT DISTINCT case_id FROM "
+ tableName
+ " WHERE value=? AS "
+ tableName
+ "_other_case_count";
preparedStatement = conn.prepareStatement(sql);
preparedStatement.setString(1, normalizedValue);
}
resultSet = preparedStatement.executeQuery();
resultSet.next();
instanceCount = resultSet.getLong(1);
} catch (SQLException ex) {
throw new CentralRepoException("Error counting unique caseDisplayName/dataSource tuples having artifactType and artifactValue.", ex); // NON-NLS
} finally {
CentralRepoDbUtil.closeStatement(preparedStatement);
CentralRepoDbUtil.closeResultSet(resultSet);
CentralRepoDbUtil.closeConnection(conn);
}
}
return instanceCount;
}
@Override
public Long getCountUniqueDataSources() throws CentralRepoException {
Connection conn = connect();
@ -2582,7 +2635,6 @@ abstract class RdbmsCentralRepo implements CentralRepository {
throw new CentralRepoException("Query callback is null");
}
try (Connection conn = connect();) {
PreparedStatement preparedStatement = conn.prepareStatement(sql);

10
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteCentralRepo.java
View File

@ -625,6 +625,16 @@ final class SqliteCentralRepo extends RdbmsCentralRepo {
}
}
@Override
public Long getCountCasesWithOtherInstances(CorrelationAttributeInstance instance) throws CentralRepoException, CorrelationAttributeNormalizationException {
try {
acquireSharedLock();
return super.getCountCasesWithOtherInstances(instance);
} finally {
releaseSharedLock();
}
}
@Override
public Long getCountUniqueDataSources() throws CentralRepoException {
try {

28
Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java
View File

@ -182,9 +182,9 @@ public abstract class AbstractAbstractFileNode<T extends AbstractFile> extends A
Pair<Score, String> scorePropAndDescr = getScorePropertyAndDescription(tags);
Score value = scorePropAndDescr.getLeft();
String descr = scorePropAndDescr.getRight();
CorrelationAttributeInstance attribute = getCorrelationAttributeInstance();
CorrelationAttributeInstance corInstance = getFirstCorrelationAttributeInstance();
updateSheet(new NodeProperty<>(SCORE.toString(), SCORE.toString(), descr, value),
new NodeProperty<>(COMMENT.toString(), COMMENT.toString(), NO_DESCR, getCommentProperty(tags, attribute))
new NodeProperty<>(COMMENT.toString(), COMMENT.toString(), NO_DESCR, getCommentProperty(tags, corInstance))
);
}
} else if (eventType.equals(Case.Events.CONTENT_TAG_DELETED.toString())) {
@ -194,17 +194,17 @@ public abstract class AbstractAbstractFileNode<T extends AbstractFile> extends A
Pair<Score, String> scorePropAndDescr = getScorePropertyAndDescription(tags);
Score value = scorePropAndDescr.getLeft();
String descr = scorePropAndDescr.getRight();
CorrelationAttributeInstance attribute = getCorrelationAttributeInstance();
CorrelationAttributeInstance corInstance = getFirstCorrelationAttributeInstance();
updateSheet(new NodeProperty<>(SCORE.toString(), SCORE.toString(), descr, value),
new NodeProperty<>(COMMENT.toString(), COMMENT.toString(), NO_DESCR, getCommentProperty(tags, attribute))
new NodeProperty<>(COMMENT.toString(), COMMENT.toString(), NO_DESCR, getCommentProperty(tags, corInstance))
);
}
} else if (eventType.equals(Case.Events.CR_COMMENT_CHANGED.toString())) {
CommentChangedEvent event = (CommentChangedEvent) evt;
if (event.getContentID() == content.getId()) {
List<Tag> tags = getAllTagsFromDatabase();
CorrelationAttributeInstance attribute = getCorrelationAttributeInstance();
updateSheet(new NodeProperty<>(COMMENT.toString(), COMMENT.toString(), NO_DESCR, getCommentProperty(tags, attribute)));
CorrelationAttributeInstance corInstance = getFirstCorrelationAttributeInstance();
updateSheet(new NodeProperty<>(COMMENT.toString(), COMMENT.toString(), NO_DESCR, getCommentProperty(tags, corInstance)));
}
} else if (eventType.equals(NodeSpecificEvents.TRANSLATION_AVAILABLE.toString())) {
this.setDisplayName(evt.getNewValue().toString());
@ -411,16 +411,15 @@ public abstract class AbstractAbstractFileNode<T extends AbstractFile> extends A
"# {0} - occurrenceCount",
"AbstractAbstractFileNode.createSheet.count.description=There were {0} datasource(s) found with occurrences of the MD5 correlation value"})
@Override
protected Pair<Long, String> getCountPropertyAndDescription(CorrelationAttributeInstance.Type attributeType, String attributeValue,
String defaultDescription) {
protected Pair<Long, String> getCountPropertyAndDescription(CorrelationAttributeInstance attributeInstance, String defaultDescription) {
Long count = -1L; //The column renderer will not display negative values, negative value used when count unavailble to preserve sorting
String description = defaultDescription;
try {
//don't perform the query if there is no correlation value
if (attributeType != null && StringUtils.isNotBlank(attributeValue)) {
count = CentralRepository.getInstance().getCountUniqueCaseDataSourceTuplesHavingTypeValue(attributeType, attributeValue);
if (attributeInstance != null && StringUtils.isNotBlank(attributeInstance.getCorrelationValue())) {
count = CentralRepository.getInstance().getCountCasesWithOtherInstances(attributeInstance);
description = Bundle.AbstractAbstractFileNode_createSheet_count_description(count);
} else if (attributeType != null) {
} else if (attributeInstance != null) {
description = Bundle.AbstractAbstractFileNode_createSheet_count_hashLookupNotRun_description();
}
} catch (CentralRepoException ex) {
@ -491,10 +490,13 @@ public abstract class AbstractAbstractFileNode<T extends AbstractFile> extends A
}
@Override
protected CorrelationAttributeInstance getCorrelationAttributeInstance() {
protected CorrelationAttributeInstance getFirstCorrelationAttributeInstance() {
CorrelationAttributeInstance attribute = null;
if (CentralRepository.isEnabled() && !UserPreferences.getHideSCOColumns()) {
attribute = CorrelationAttributeUtil.getCorrAttrForFile(content);
List<CorrelationAttributeInstance> listOfPossibleAttributes = CorrelationAttributeUtil.makeCorrAttrsForSearch(content);
if (!listOfPossibleAttributes.isEmpty()) {
attribute = listOfPossibleAttributes.get(0);
}
}
return attribute;
}

34
Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java
View File

@ -326,13 +326,17 @@ public abstract class AbstractContentNode<T extends Content> extends ContentNode
abstract protected List<Tag> getAllTagsFromDatabase();
/**
* Returns correlation attribute instance for the underlying content of the
* node.
* Returns the first correlation attribute instance for the underlying
* content of the node.
*
* @return correlation attribute instance for the underlying content of the
* node.
* Default implementation is a null implementation.
*
* @return The first correlation attribute instance for the underlying
* content of the node.
*/
abstract protected CorrelationAttributeInstance getCorrelationAttributeInstance();
protected CorrelationAttributeInstance getFirstCorrelationAttributeInstance() {
return null;
}
/**
* Returns Score property for the node.
@ -361,22 +365,30 @@ public abstract class AbstractContentNode<T extends Content> extends ContentNode
/**
* Returns comment property for the node.
*
* Default implementation is a null implementation.
*
* @param tags list of tags
* @param attribute correlation attribute instance
*
* @return Comment property for the underlying content of the node.
*/
abstract protected DataResultViewerTable.HasCommentStatus getCommentProperty(List<Tag> tags, CorrelationAttributeInstance attribute);
protected DataResultViewerTable.HasCommentStatus getCommentProperty(List<Tag> tags, CorrelationAttributeInstance attribute) {
return DataResultViewerTable.HasCommentStatus.NO_COMMENT;
}
/**
* Returns occurrences/count property for the node.
*
* @param attributeType the type of the attribute to count
* @param attributeValue the value of the attribute to count
* @param defaultDescription a description to use when none is determined by
* the getCountPropertyAndDescription method
* Default implementation is a null implementation.
*
* @param attribute The correlation attribute for which data will
* be retrieved.
* @param defaultDescription A description to use when none is determined by
* the getCountPropertyAndDescription method.
*
* @return count property for the underlying content of the node.
*/
abstract protected Pair<Long, String> getCountPropertyAndDescription(Type attributeType, String attributeValue, String defaultDescription);
protected Pair<Long, String> getCountPropertyAndDescription(CorrelationAttributeInstance attribute, String defaultDescription) {
return Pair.of(-1L, NO_DESCR);
}
}

60
Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
View File

@ -53,7 +53,6 @@ import org.sleuthkit.autopsy.casemodule.events.CommentChangedEvent;
import org.sleuthkit.autopsy.casemodule.events.ContentTagAddedEvent;
import org.sleuthkit.autopsy.casemodule.events.ContentTagDeletedEvent;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.Type;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeUtil;
import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoException;
@ -830,20 +829,21 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
}
/**
* Gets the correlation attribute for the MD5 hash of the source file of the
* artifact represented by this node. The correlation attribute instance can
* only be returned if the central repository is enabled and the source
* content is a file.
* Gets the first correlation attribute instance associated with the
* artifact this node represents.
*
* @return The correlation attribute instance, may be null.
* @return The first correlation attribute instance, may be null.
*/
@Override
protected final CorrelationAttributeInstance getCorrelationAttributeInstance() {
CorrelationAttributeInstance correlationAttribute = null;
if (CentralRepository.isEnabled() && srcContent instanceof AbstractFile) {
correlationAttribute = CorrelationAttributeUtil.getCorrAttrForFile((AbstractFile) srcContent);
protected CorrelationAttributeInstance getFirstCorrelationAttributeInstance() {
CorrelationAttributeInstance attribute = null;
if (CentralRepository.isEnabled() && !UserPreferences.getHideSCOColumns()) {
List<CorrelationAttributeInstance> listOfPossibleAttributes = CorrelationAttributeUtil.makeCorrAttrsForSearch(content);
if (!listOfPossibleAttributes.isEmpty()) {
attribute = listOfPossibleAttributes.get(0);
}
return correlationAttribute;
}
return attribute;
}
/**
@ -856,7 +856,7 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
* repository.
*
* @param tags The tags applied to the artifact and its source content.
* @param attribute A correlation attribute instance Ffor the central
* @param attribute A correlation attribute instance for the central
* repository lookup.
*
* @return The value of the comment property.
@ -891,39 +891,21 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
return status;
}
/**
* Computes the value of the other occurrences property ("O" in S, C, O) for
* the artifact represented by this node. The value of the other occurrences
* property is the number of other data sources this artifact appears in
* according to a correlation attribute instance lookup in the central
* repository, plus one for the data source for this instance of the
* artifact.
*
* @param corrAttrType The correlation attribute instance type to use
* for the central repsoitory lookup.
* @param attributeValue The correlation attribute instane value to use
* for the central repsoitory lookup.
* @param defaultDescription A default description.
*
* @return The value of the occurrences property as a data sources count and
* a description string.
*
*/
@Override
protected Pair<Long, String> getCountPropertyAndDescription(Type corrAttrType, String attributeValue, String defaultDescription) {
protected Pair<Long, String> getCountPropertyAndDescription(CorrelationAttributeInstance attribute, String defaultDescription) {
Long count = -1L;
String description = defaultDescription;
try {
if (corrAttrType != null && StringUtils.isNotBlank(attributeValue)) {
count = CentralRepository.getInstance().getCountUniqueCaseDataSourceTuplesHavingTypeValue(corrAttrType, attributeValue);
description = Bundle.BlackboardArtifactNode_createSheet_count_description(count, corrAttrType.getDisplayName());
} else if (corrAttrType != null) {
if (attribute != null && StringUtils.isNotBlank(attribute.getCorrelationValue())) {
count = CentralRepository.getInstance().getCountCasesWithOtherInstances(attribute);
description = Bundle.BlackboardArtifactNode_createSheet_count_description(count, attribute.getCorrelationType().getDisplayName());
} else if (attribute != null) {
description = Bundle.BlackboardArtifactNode_createSheet_count_noCorrelationValues_description();
}
} catch (CentralRepoException ex) {
logger.log(Level.SEVERE, MessageFormat.format("Error querying central repository for other occurences count (artifact objID={0}, corrAttrType={1}, corrAttrValue={2})", artifact.getId(), corrAttrType, attributeValue), ex);
logger.log(Level.SEVERE, MessageFormat.format("Error querying central repository for other occurences count (artifact objID={0}, corrAttrType={1}, corrAttrValue={2})", artifact.getId(), attribute.getCorrelationType(), attribute.getCorrelationValue()), ex);
} catch (CorrelationAttributeNormalizationException ex) {
logger.log(Level.SEVERE, MessageFormat.format("Error normalizing correlation attribute for central repository query (artifact objID={0}, corrAttrType={2}, corrAttrValue={3})", artifact.getId(), corrAttrType, attributeValue), ex);
logger.log(Level.SEVERE, MessageFormat.format("Error normalizing correlation attribute for central repository query (artifact objID={0}, corrAttrType={2}, corrAttrValue={3})", artifact.getId(), attribute.getCorrelationType(), attribute.getCorrelationValue()), ex);
}
return Pair.of(count, description);
}
@ -956,7 +938,7 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
}
/**
* Adds a "custom" property to the property sheet of this node, indepoendent
* Adds a "custom" property to the property sheet of this node, independent
* of the artifact this node represents or its source content.
*
* @param property The custom property.
@ -1171,7 +1153,7 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
"BlackboardArtifactNode.createSheet.count.description=There were {0} datasource(s) found with occurrences of the correlation value of type {1}"})
@Deprecated
protected final void addCountProperty(Sheet.Set sheetSet, CorrelationAttributeInstance attribute) {
Pair<Long, String> countAndDescription = getCountPropertyAndDescription(attribute.getCorrelationType(), attribute.getCorrelationValue(), Bundle.BlackboardArtifactNode_createSheet_count_noCorrelationAttributes_description());
Pair<Long, String> countAndDescription = getCountPropertyAndDescription(attribute, Bundle.BlackboardArtifactNode_createSheet_count_noCorrelationAttributes_description());
sheetSet.put(new NodeProperty<>(Bundle.BlackboardArtifactNode_createSheet_count_name(), Bundle.BlackboardArtifactNode_createSheet_count_displayName(), countAndDescription.getRight(), countAndDescription.getLeft()));
}

20
Core/src/org/sleuthkit/autopsy/datamodel/GetSCOTask.java
View File

@ -24,8 +24,6 @@ import java.lang.ref.WeakReference;
import java.util.List;
import org.openide.util.NbBundle.Messages;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.Type;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeUtil;
import org.sleuthkit.autopsy.core.UserPreferences;
import org.sleuthkit.autopsy.events.AutopsyEvent;
import org.sleuthkit.datamodel.Tag;
@ -58,27 +56,15 @@ class GetSCOTask implements Runnable {
}
// get the SCO column values
List<Tag> tags = contentNode.getAllTagsFromDatabase();
SCOData scoData = new SCOData();
scoData.setScoreAndDescription(contentNode.getScorePropertyAndDescription(tags));
//getting the correlation attribute and setting the comment column is done before the eamdb isEnabled check
//because the Comment column will reflect the presence of comments in the CR when the CR is enabled, but reflect tag comments regardless
CorrelationAttributeInstance fileAttribute = contentNode.getCorrelationAttributeInstance();
scoData.setComment(contentNode.getCommentProperty(tags, fileAttribute));
CorrelationAttributeInstance corInstance = contentNode.getFirstCorrelationAttributeInstance();
scoData.setComment(contentNode.getCommentProperty(tags, corInstance));
if (CentralRepository.isEnabled()) {
Type type = null;
String value = null;
String description = Bundle.GetSCOTask_occurrences_defaultDescription();
List<CorrelationAttributeInstance> listOfPossibleAttributes = CorrelationAttributeUtil.makeCorrAttrsForSearch(contentNode.getContent());
if (listOfPossibleAttributes.size() > 1) {
//Don't display anything if there is more than 1 correlation property for an artifact but let the user know
description = Bundle.GetSCOTask_occurrences_multipleProperties();
} else if (!listOfPossibleAttributes.isEmpty()) {
//there should only be one item in the list
type = listOfPossibleAttributes.get(0).getCorrelationType();
value = listOfPossibleAttributes.get(0).getCorrelationValue();
}
scoData.setCountAndDescription(contentNode.getCountPropertyAndDescription(type, value, description));
scoData.setCountAndDescription(contentNode.getCountPropertyAndDescription(corInstance, description));
}
// signal SCO data is available.

49
Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java
View File

@ -27,15 +27,12 @@ import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import javax.swing.Action;
import org.apache.commons.lang3.tuple.Pair;
import org.openide.nodes.Sheet;
import org.openide.util.NbBundle;
import org.openide.util.NbBundle.Messages;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.DeleteDataSourceAction;
import org.sleuthkit.autopsy.datasourcesummary.ui.ViewSummaryInformationAction;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.directorytree.ExplorerNodeActionVisitor;
import org.sleuthkit.autopsy.directorytree.FileSearchAction;
@ -256,50 +253,4 @@ public class ImageNode extends AbstractContentNode<Image> {
protected List<Tag> getAllTagsFromDatabase() {
return new ArrayList<>();
}
/**
* Returns correlation attribute instance for the underlying content of the
* node.
*
* Null implementation of an abstract method.
*
* @return correlation attribute instance for the underlying content of the
* node.
*/
@Override
protected CorrelationAttributeInstance getCorrelationAttributeInstance() {
return null;
}
/**
* Returns comment property for the node.
*
* Null implementation of an abstract method.
*
* @param tags list of tags
* @param attribute correlation attribute instance
*
* @return Comment property for the underlying content of the node.
*/
@Override
protected DataResultViewerTable.HasCommentStatus getCommentProperty(List<Tag> tags, CorrelationAttributeInstance attribute) {
return DataResultViewerTable.HasCommentStatus.NO_COMMENT;
}
/**
* Returns occurrences/count property for the node.
*
* Null implementation of an abstract method.
*
* @param attributeType the type of the attribute to count
* @param attributeValue the value of the attribute to coun
* @param defaultDescription a description to use when none is determined by
* the getCountPropertyAndDescription method
*
* @return count property for the underlying content of the node.
*/
@Override
protected Pair<Long, String> getCountPropertyAndDescription(CorrelationAttributeInstance.Type attributeType, String attributeValue, String defaultDescription) {
return Pair.of(-1L, NO_DESCR);
}
}

18
Core/src/org/sleuthkit/autopsy/datamodel/OsAccounts.java
View File

@ -30,7 +30,6 @@ import java.util.List;
import java.util.Optional;
import java.util.logging.Level;
import javax.swing.Action;
import org.apache.commons.lang3.tuple.Pair;
import org.openide.nodes.ChildFactory;
import org.openide.nodes.Children;
import org.openide.nodes.Node;
@ -40,8 +39,6 @@ import org.openide.util.NbBundle.Messages;
import org.openide.util.WeakListeners;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.events.OsAccountsUpdatedEvent;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.TimeZoneUtils;
import static org.sleuthkit.autopsy.datamodel.AbstractContentNode.backgroundTasksPool;
@ -335,21 +332,6 @@ public final class OsAccounts implements AutopsyVisitableItem {
throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
}
@Override
protected CorrelationAttributeInstance getCorrelationAttributeInstance() {
return null;
}
@Override
protected DataResultViewerTable.HasCommentStatus getCommentProperty(List<Tag> tags, CorrelationAttributeInstance attribute) {
return DataResultViewerTable.HasCommentStatus.NO_COMMENT;
}
@Override
protected Pair<Long, String> getCountPropertyAndDescription(CorrelationAttributeInstance.Type attributeType, String attributeValue, String defaultDescription) {
return null;
}
@Override
public <T> T accept(ContentNodeVisitor<T> visitor) {
return visitor.visit(this);

52
Core/src/org/sleuthkit/autopsy/datamodel/PoolNode.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2019 Basis Technology Corp.
* Copyright 2019-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -21,12 +21,8 @@ package org.sleuthkit.autopsy.datamodel;
import java.util.ArrayList;
import java.util.List;
import javax.swing.Action;
import org.apache.commons.lang3.tuple.Pair;
import org.openide.nodes.Sheet;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
import static org.sleuthkit.autopsy.datamodel.AbstractContentNode.NO_DESCR;
import org.sleuthkit.datamodel.Pool;
import org.sleuthkit.datamodel.Tag;
@ -141,50 +137,4 @@ public class PoolNode extends AbstractContentNode<Pool> {
protected List<Tag> getAllTagsFromDatabase() {
return new ArrayList<>();
}
/**
* Returns correlation attribute instance for the underlying content of the
* node.
*
* Null implementation of an abstract method.
*
* @return correlation attribute instance for the underlying content of the
* node.
*/
@Override
protected CorrelationAttributeInstance getCorrelationAttributeInstance() {
return null;
}
/**
* Returns comment property for the node.
*
* Null implementation of an abstract method.
*
* @param tags list of tags
* @param attribute correlation attribute instance
*
* @return Comment property for the underlying content of the node.
*/
@Override
protected DataResultViewerTable.HasCommentStatus getCommentProperty(List<Tag> tags, CorrelationAttributeInstance attribute) {
return DataResultViewerTable.HasCommentStatus.NO_COMMENT;
}
/**
* Returns occurrences/count property for the node.
*
* Null implementation of an abstract method.
*
* @param attributeType the type of the attribute to count
* @param attributeValue the value of the attribute to coun
* @param defaultDescription a description to use when none is determined by
* the getCountPropertyAndDescription method
*
* @return count property for the underlying content of the node.
*/
@Override
protected Pair<Long, String> getCountPropertyAndDescription(CorrelationAttributeInstance.Type attributeType, String attributeValue, String defaultDescription) {
return Pair.of(-1L, NO_DESCR);
}
}

55
Core/src/org/sleuthkit/autopsy/datamodel/UnsupportedContentNode.java
View File

@ -21,12 +21,8 @@ package org.sleuthkit.autopsy.datamodel;
import java.util.ArrayList;
import java.util.List;
import javax.swing.Action;
import org.apache.commons.lang3.tuple.Pair;
import org.openide.nodes.Sheet;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
import static org.sleuthkit.autopsy.datamodel.AbstractContentNode.NO_DESCR;
import org.sleuthkit.datamodel.UnsupportedContent;
import org.sleuthkit.datamodel.Tag;
@ -40,8 +36,7 @@ public class UnsupportedContentNode extends AbstractContentNode<UnsupportedConte
* @param unsupportedContent underlying Content instance
*/
@NbBundle.Messages({
"UnsupportedContentNode.displayName=Unsupported Content",
})
"UnsupportedContentNode.displayName=Unsupported Content",})
public UnsupportedContentNode(UnsupportedContent unsupportedContent) {
super(unsupportedContent);
@ -73,8 +68,7 @@ public class UnsupportedContentNode extends AbstractContentNode<UnsupportedConte
@NbBundle.Messages({
"UnsupportedContentNode.createSheet.name.name=Name",
"UnsupportedContentNode.createSheet.name.displayName=Name",
"UnsupportedContentNode.createSheet.name.desc=no description",
})
"UnsupportedContentNode.createSheet.name.desc=no description",})
@Override
protected Sheet createSheet() {
Sheet sheet = super.createSheet();
@ -124,49 +118,4 @@ public class UnsupportedContentNode extends AbstractContentNode<UnsupportedConte
return new ArrayList<>();
}
/**
* Returns correlation attribute instance for the underlying content of the
* node.
*
* Null implementation of an abstract method.
*
* @return correlation attribute instance for the underlying content of the
* node.
*/
@Override
protected CorrelationAttributeInstance getCorrelationAttributeInstance() {
return null;
}
/**
* Returns comment property for the node.
*
* Null implementation of an abstract method.
*
* @param tags list of tags
* @param attribute correlation attribute instance
*
* @return Comment property for the underlying content of the node.
*/
@Override
protected DataResultViewerTable.HasCommentStatus getCommentProperty(List<Tag> tags, CorrelationAttributeInstance attribute) {
return DataResultViewerTable.HasCommentStatus.NO_COMMENT;
}
/**
* Returns occurrences/count property for the node.
*
* Null implementation of an abstract method.
*
* @param attributeType the type of the attribute to count
* @param attributeValue the value of the attribute to coun
* @param defaultDescription a description to use when none is determined by
* the getCountPropertyAndDescription method
*
* @return count property for the underlying content of the node.
*/
@Override
protected Pair<Long, String> getCountPropertyAndDescription(CorrelationAttributeInstance.Type attributeType, String attributeValue, String defaultDescription) {
return Pair.of(-1L, NO_DESCR);
}
}

55
Core/src/org/sleuthkit/autopsy/datamodel/VolumeNode.java
View File

@ -1,7 +1,7 @@
/*
* Autopsy Forensic Browser
*
* Copyright 2011-2019 Basis Technology Corp.
* Copyright 2011-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@ -26,14 +26,10 @@ import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import javax.swing.Action;
import org.apache.commons.lang3.tuple.Pair;
import org.openide.nodes.Sheet;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
import org.sleuthkit.autopsy.coreutils.Logger;
import static org.sleuthkit.autopsy.datamodel.AbstractContentNode.NO_DESCR;
import org.sleuthkit.autopsy.datamodel.BaseChildFactory.NoSuchEventBusException;
import org.sleuthkit.autopsy.directorytree.ExplorerNodeActionVisitor;
import org.sleuthkit.autopsy.directorytree.NewWindowViewAction;
@ -82,8 +78,8 @@ public class VolumeNode extends AbstractContentNode<Volume> {
// If this is a pool volume use a custom display name
try {
if (vol.getParent() != null &&
vol.getParent().getParent() instanceof Pool) {
if (vol.getParent() != null
&& vol.getParent().getParent() instanceof Pool) {
// Pool volumes are not contiguous so printing a range of blocks is inaccurate
tempVolName = volName + " (" + vol.getDescription() + ": " + vol.getStart() + ")";
}
@ -244,49 +240,4 @@ public class VolumeNode extends AbstractContentNode<Volume> {
return new ArrayList<>();
}
/**
* Returns correlation attribute instance for the underlying content of the
* node.
*
* Null implementation of an abstract method.
*
* @return correlation attribute instance for the underlying content of the
* node.
*/
@Override
protected CorrelationAttributeInstance getCorrelationAttributeInstance() {
return null;
}
/**
* Returns comment property for the node.
*
* Null implementation of an abstract method.
*
* @param tags list of tags
* @param attribute correlation attribute instance
*
* @return Comment property for the underlying content of the node.
*/
@Override
protected DataResultViewerTable.HasCommentStatus getCommentProperty(List<Tag> tags, CorrelationAttributeInstance attribute) {
return DataResultViewerTable.HasCommentStatus.NO_COMMENT;
}
/**
* Returns occurrences/count property for the node.
*
* Null implementation of an abstract method.
*
* @param attributeType the type of the attribute to count
* @param attributeValue the value of the attribute to coun
* @param defaultDescription a description to use when none is determined by
* the getCountPropertyAndDescription method
*
* @return count property for the underlying content of the node.
*/
@Override
protected Pair<Long, String> getCountPropertyAndDescription(CorrelationAttributeInstance.Type attributeType, String attributeValue, String defaultDescription) {
return Pair.of(-1L, NO_DESCR);
}
}