mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-19 19:14:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

Working towards a working cancellation policy.

Browse Source
This commit is contained in:
Oliver Spohngellert 2016-05-03 10:21:28 -04:00
parent f5fae2c1c6
commit c29f106d3e
4 changed files with 129 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
Core/src/org/sleuthkit/autopsy/modules/stix/STIXReportModule.java
View File

@ -18,48 +18,45 @@
*/
package org.sleuthkit.autopsy.modules.stix;
import java.io.File;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.List;
import java.util.logging.Level;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import javax.swing.JPanel;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.namespace.QName;
import org.mitre.cybox.cybox_2.ObjectType;
import org.mitre.cybox.cybox_2.Observable;
import org.mitre.cybox.cybox_2.ObservableCompositionType;
import org.mitre.cybox.cybox_2.OperatorTypeEnum;
import org.mitre.cybox.objects.AccountObjectType;
import org.mitre.cybox.objects.Address;
import org.mitre.cybox.objects.DomainName;
import org.mitre.cybox.objects.EmailMessage;
import org.mitre.cybox.objects.FileObjectType;
import org.mitre.cybox.objects.SystemObjectType;
import org.mitre.cybox.objects.URIObjectType;
import org.mitre.cybox.objects.URLHistory;
import org.mitre.cybox.objects.WindowsNetworkShare;
import org.mitre.cybox.objects.WindowsRegistryKey;
import org.mitre.stix.common_1.IndicatorBaseType;
import org.mitre.stix.indicator_2.Indicator;
import org.mitre.stix.stix_1.STIXPackage;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.report.GeneralReportModule;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.report.ReportProgressPanel;
import org.sleuthkit.datamodel.TskCoreException;
import org.mitre.cybox.cybox_2.OperatorTypeEnum;
import org.mitre.cybox.objects.Address;
import org.mitre.cybox.objects.FileObjectType;
import org.mitre.cybox.objects.URIObjectType;
import org.mitre.cybox.objects.EmailMessage;
import org.mitre.cybox.objects.WindowsNetworkShare;
import org.mitre.cybox.objects.AccountObjectType;
import org.mitre.cybox.objects.SystemObjectType;
import org.mitre.cybox.objects.URLHistory;
import org.mitre.cybox.objects.DomainName;
import org.mitre.cybox.objects.WindowsRegistryKey;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
import org.sleuthkit.autopsy.coreutils.ModuleSettings;
import org.sleuthkit.autopsy.report.GeneralReportModule;
import org.sleuthkit.autopsy.report.ReportProgressPanel;
import org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus;
import org.sleuthkit.datamodel.TskCoreException;
/**
*
@ -180,6 +177,9 @@ public class STIXReportModule implements GeneralReportModule {
// Process each STIX file
for (File file : stixFiles) {
if (progressPanel.getStatus() == ReportStatus.CANCELED) {
return;
}
try {
processFile(file.getAbsolutePath(), progressPanel);
} catch (TskCoreException ex) {

123
Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java
View File

@ -223,9 +223,11 @@ class ReportGenerator {
* Run the GeneralReportModules using a SwingWorker.
*/
public void generateGeneralReports() {
if (this.generalReportModule != null) {
GeneralReportsWorker worker = new GeneralReportsWorker();
worker.execute();
}
}
/**
* Run the TableReportModules using a SwingWorker.
@ -684,14 +686,13 @@ class ReportGenerator {
NbBundle.getMessage(this.getClass(), "ReportGenerator.makeBbArtTagTab.taggedRes.msg"));
comment.append(makeCommaSeparatedList(tagNamesFilter));
}
module.startDataType(ARTIFACT_TYPE.TSK_TAG_ARTIFACT.getDisplayName(), comment.toString());
module.startTable(new ArrayList<>(Arrays.asList(
tableReportModule.startDataType(ARTIFACT_TYPE.TSK_TAG_ARTIFACT.getDisplayName(), comment.toString());
tableReportModule.startTable(new ArrayList<>(Arrays.asList(
NbBundle.getMessage(this.getClass(), "ReportGenerator.tagTable.header.resultType"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.tagTable.header.tag"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.tagTable.header.comment"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.tagTable.header.srcFile"))));
// Give the modules the rows for the content tags.
for (BlackboardArtifactTag tag : tags) {
if (passesTagNamesFilter(tag.getName().getDisplayName()) == false) {
@ -699,21 +700,17 @@ class ReportGenerator {
}
List<String> row;
for (TableReportModule module : tableModules) {
row = new ArrayList<>(Arrays.asList(tag.getArtifact().getArtifactTypeName(), tag.getName().getDisplayName(), tag.getComment(), tag.getContent().getName()));
module.addRow(row);
}
tableReportModule.addRow(row);
// check if the tag is an image that we should later make a thumbnail for
checkIfTagHasImage(tag);
}
// The the modules blackboard artifact tags reporting is ended.
for (TableReportModule module : tableModules) {
tableProgress.get(module).increment();
module.endTable();
module.endDataType();
}
progressPanel.increment();
tableReportModule.endTable();
tableReportModule.endDataType();
}
/**
@ -731,17 +728,17 @@ class ReportGenerator {
if (progressPanel.getStatus() == ReportStatus.CANCELED) {
tableReportModule = null;
}
}
/**
* Make a report for the files that were previously found to be images.
*/
private void makeThumbnailTable() {
for (TableReportModule module : tableModules) {
tableProgress.get(module).updateStatusLabel(
progressPanel.updateStatusLabel(
NbBundle.getMessage(this.getClass(), "ReportGenerator.progress.createdThumb.text"));
if (module instanceof ReportHTML) {
ReportHTML htmlModule = (ReportHTML) module;
if (tableReportModule instanceof ReportHTML) {
ReportHTML htmlModule = (ReportHTML) tableReportModule;
htmlModule.startDataType(
NbBundle.getMessage(this.getClass(), "ReportGenerator.thumbnailTable.name"),
NbBundle.getMessage(this.getClass(), "ReportGenerator.thumbnailTable.desc"));
@ -756,7 +753,7 @@ class ReportGenerator {
htmlModule.endTable();
htmlModule.endDataType();
}
}
}
/**
@ -867,7 +864,7 @@ class ReportGenerator {
* @param tableModules modules to report on
*/
@SuppressWarnings("deprecation")
private void writeKeywordHits(List<TableReportModule> tableModules, String comment, HashSet<String> tagNamesFilter) {
private void writeKeywordHits(TableReportModule tableModule, String comment, HashSet<String> tagNamesFilter) {
// Query for keyword lists-only so that we can tell modules what lists
// will exist for their index.
@ -905,13 +902,11 @@ class ReportGenerator {
}
// Make keyword data type and give them set index
for (TableReportModule module : tableModules) {
module.startDataType(ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName(), comment);
module.addSetIndex(lists);
tableProgress.get(module).updateStatusLabel(
tableModule.startDataType(ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName(), comment);
tableModule.addSetIndex(lists);
progressPanel.updateStatusLabel(
NbBundle.getMessage(this.getClass(), "ReportGenerator.progress.processing",
ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName()));
}
} catch (TskCoreException | SQLException ex) {
errorList.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.errList.failedQueryKWLists"));
logger.log(Level.SEVERE, "Failed to query keyword lists: ", ex); //NON-NLS
@ -958,16 +953,9 @@ class ReportGenerator {
String currentList = "";
while (resultSet.next()) {
// Check to see if all the TableReportModules have been canceled
if (tableModules.isEmpty()) {
if (progressPanel.getStatus() == ReportStatus.CANCELED) {
break;
}
Iterator<TableReportModule> iter = tableModules.iterator();
while (iter.hasNext()) {
TableReportModule module = iter.next();
if (tableProgress.get(module).getStatus() == ReportStatus.CANCELED) {
iter.remove();
}
}
// Get any tags that associated with this artifact and apply the tag filter.
HashSet<String> uniqueTagNames = getUniqueTagNames(resultSet.getLong("artifact_id")); //NON-NLS
@ -997,49 +985,37 @@ class ReportGenerator {
if ((!list.equals(currentList) && !list.isEmpty()) || (list.isEmpty() && !currentList.equals(
NbBundle.getMessage(this.getClass(), "ReportGenerator.writeKwHits.userSrchs")))) {
if (!currentList.isEmpty()) {
for (TableReportModule module : tableModules) {
module.endTable();
module.endSet();
}
tableModule.endTable();
tableModule.endSet();
}
currentList = list.isEmpty() ? NbBundle
.getMessage(this.getClass(), "ReportGenerator.writeKwHits.userSrchs") : list;
currentKeyword = ""; // reset the current keyword because it's a new list
for (TableReportModule module : tableModules) {
module.startSet(currentList);
tableProgress.get(module).updateStatusLabel(
tableModule.startSet(currentList);
progressPanel.updateStatusLabel(
NbBundle.getMessage(this.getClass(), "ReportGenerator.progress.processingList",
ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName(), currentList));
}
}
if (!keyword.equals(currentKeyword)) {
if (!currentKeyword.equals("")) {
for (TableReportModule module : tableModules) {
module.endTable();
}
tableModule.endTable();
}
currentKeyword = keyword;
for (TableReportModule module : tableModules) {
module.addSetElement(currentKeyword);
tableModule.addSetElement(currentKeyword);
List<String> columnHeaderNames = new ArrayList<>();
columnHeaderNames.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.preview"));
columnHeaderNames.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.srcFile"));
columnHeaderNames.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tags"));
module.startTable(columnHeaderNames);
}
tableModule.startTable(columnHeaderNames);
}
String previewreplace = EscapeUtil.escapeHtml(preview);
for (TableReportModule module : tableModules) {
module.addRow(Arrays.asList(new String[]{previewreplace.replaceAll("<!", ""), uniquePath, tagsList}));
}
tableModule.addRow(Arrays.asList(new String[]{previewreplace.replaceAll("<!", ""), uniquePath, tagsList}));
}
// Finish the current data type
for (TableReportModule module : tableModules) {
tableProgress.get(module).increment();
module.endDataType();
}
progressPanel.increment();
tableModule.endDataType();
} catch (TskCoreException | SQLException ex) {
errorList.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.errList.failedQueryKWs"));
logger.log(Level.SEVERE, "Failed to query keywords: ", ex); //NON-NLS
@ -1052,7 +1028,7 @@ class ReportGenerator {
* @param tableModules modules to report on
*/
@SuppressWarnings("deprecation")
private void writeHashsetHits(List<TableReportModule> tableModules, String comment, HashSet<String> tagNamesFilter) {
private void writeHashsetHits(TableReportModule tableModule, String comment, HashSet<String> tagNamesFilter) {
String orderByClause;
if (currentCase.getCaseType() == Case.CaseType.MULTI_USER_CASE) {
orderByClause = "ORDER BY convert_to(att.value_text, 'SQL_ASCII') ASC NULLS FIRST"; //NON-NLS
@ -1080,13 +1056,11 @@ class ReportGenerator {
lists.add(listsRs.getString("list")); //NON-NLS
}
for (TableReportModule module : tableModules) {
module.startDataType(ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName(), comment);
module.addSetIndex(lists);
tableProgress.get(module).updateStatusLabel(
tableModule.startDataType(ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName(), comment);
tableModule.addSetIndex(lists);
progressPanel.updateStatusLabel(
NbBundle.getMessage(this.getClass(), "ReportGenerator.progress.processing",
ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName()));
}
} catch (TskCoreException | SQLException ex) {
errorList.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.errList.failedQueryHashsetLists"));
logger.log(Level.SEVERE, "Failed to query hashset lists: ", ex); //NON-NLS
@ -1122,16 +1096,9 @@ class ReportGenerator {
String currentSet = "";
while (resultSet.next()) {
// Check to see if all the TableReportModules have been canceled
if (tableModules.isEmpty()) {
if (progressPanel.getStatus() == ReportStatus.CANCELED) {
break;
}
Iterator<TableReportModule> iter = tableModules.iterator();
while (iter.hasNext()) {
TableReportModule module = iter.next();
if (tableProgress.get(module).getStatus() == ReportStatus.CANCELED) {
iter.remove();
}
}
// Get any tags that associated with this artifact and apply the tag filter.
HashSet<String> uniqueTagNames = getUniqueTagNames(resultSet.getLong("artifact_id")); //NON-NLS
@ -1160,36 +1127,28 @@ class ReportGenerator {
// If the sets aren't the same, we've started a new set
if (!set.equals(currentSet)) {
if (!currentSet.isEmpty()) {
for (TableReportModule module : tableModules) {
module.endTable();
module.endSet();
}
tableModule.endTable();
tableModule.endSet();
}
currentSet = set;
for (TableReportModule module : tableModules) {
module.startSet(currentSet);
tableModule.startSet(currentSet);
List<String> columnHeaderNames = new ArrayList<>();
columnHeaderNames.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.file"));
columnHeaderNames.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.size"));
columnHeaderNames.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.tags"));
module.startTable(columnHeaderNames);
tableProgress.get(module).updateStatusLabel(
tableModule.startTable(columnHeaderNames);
progressPanel.updateStatusLabel(
NbBundle.getMessage(this.getClass(), "ReportGenerator.progress.processingList",
ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName(), currentSet));
}
}
// Add a row for this hit to every module
for (TableReportModule module : tableModules) {
module.addRow(Arrays.asList(new String[]{uniquePath, size, tagsList}));
}
tableModule.addRow(Arrays.asList(new String[]{uniquePath, size, tagsList}));
}
// Finish the current data type
for (TableReportModule module : tableModules) {
tableProgress.get(module).increment();
module.endDataType();
}
progressPanel.increment();
tableModule.endDataType();
} catch (TskCoreException | SQLException ex) {
errorList.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.errList.failedQueryHashsetHits"));
logger.log(Level.SEVERE, "Failed to query hashsets hits: ", ex); //NON-NLS

25
Core/src/org/sleuthkit/autopsy/report/ReportKML.java
View File

@ -19,14 +19,6 @@
*/
package org.sleuthkit.autopsy.report;
import javax.swing.JPanel;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.*;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.BlackboardArtifact;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
@ -37,12 +29,18 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.logging.Level;
import javax.swing.JPanel;
import org.apache.commons.lang.StringEscapeUtils;
import org.jdom2.Document;
import org.jdom2.Element;
import org.jdom2.Namespace;
import org.jdom2.output.Format;
import org.jdom2.output.XMLOutputter;
import org.apache.commons.lang.StringEscapeUtils;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.datamodel.*;
/**
* Generates a KML file based on geo coordinates store in blackboard.
@ -85,6 +83,9 @@ class ReportKML implements GeneralReportModule {
currentCase = Case.getCurrentCase();
skCase = currentCase.getSleuthkitCase();
if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED) {
return;
}
progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportKML.progress.loading"));
// Check if ingest has finished
String ingestwarning = "";
@ -98,6 +99,9 @@ class ReportKML implements GeneralReportModule {
// Why not just print the coordinates as we find them and make some utility methods to do the printing?
// Should pull out time values for all of these points and store in TimeSpan element
try {
if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED) {
return;
}
try (BufferedWriter out = new BufferedWriter(new FileWriter(reportPath2))) {
double lat = 0; // temp latitude
@ -108,6 +112,9 @@ class ReportKML implements GeneralReportModule {
File f;
for (BlackboardArtifact artifact : skCase.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA_EXIF)) {
if (progressPanel.getStatus() == ReportProgressPanel.ReportStatus.CANCELED) {
return;
}
lat = 0;
lon = 0;
geoPath = "";

3
Core/src/org/sleuthkit/autopsy/report/ReportVisualPanel1.java
View File

@ -24,9 +24,7 @@ import java.util.ArrayList;
import java.util.Collections;
import static java.util.Collections.swap;
import java.util.Comparator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import javax.swing.JList;
import javax.swing.JPanel;
@ -164,7 +162,6 @@ final class ReportVisualPanel1 extends JPanel implements ListSelectionListener {
* @return
*/
TableReportModule getTableModule() {
Map<TableReportModule, Boolean> reportModuleStates = new LinkedHashMap<>();
ReportModule mod = getSelectedModule();
if (tableModules.contains(mod)) {
return (TableReportModule) mod;