From a135973c9972e92dbd5cb17cf62e941d2abf10f7 Mon Sep 17 00:00:00 2001 From: Kelly Kelly Date: Fri, 6 Dec 2019 11:18:15 -0500 Subject: [PATCH 1/2] Initial commit of changes --- .../Bundle.properties-MERGED | 5 +- .../ingestmodule/CentralRepoIngestModule.java | 92 ++++++++++++------- 2 files changed, 61 insertions(+), 36 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/centralrepository/Bundle.properties-MERGED index 75866a79d0..007af703c5 100755 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/Bundle.properties-MERGED +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/Bundle.properties-MERGED @@ -5,7 +5,10 @@ CentralRepoCommentDialog.title.addEditCentralRepoComment=Add/Edit Central Reposi OpenIDE-Module-Name=Central Repository OpenIDE-Module-Display-Category=Ingest Module OpenIDE-Module-Short-Description=Correlation Engine Ingest Module -OpenIDE-Module-Long-Description=Correlation Engine ingest module and central database. \n\nThe Correlation Engine ingest module stores attributes of artifacts matching selected correlation types into a central database.\nStored attributes are used in future cases to correlate and analyzes files and artifacts during ingest. +OpenIDE-Module-Long-Description=\ + Correlation Engine ingest module and central database. \n\n\ + The Correlation Engine ingest module stores attributes of artifacts matching selected correlation types into a central database.\n\ + Stored attributes are used in future cases to correlate and analyzes files and artifacts during ingest. CentralRepoCommentDialog.commentLabel.text=Comment: CentralRepoCommentDialog.okButton.text=&OK CentralRepoCommentDialog.cancelButton.text=C&ancel diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java index 792a3f2ebb..54f667e808 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java @@ -355,7 +355,7 @@ final class CentralRepoIngestModule implements FileIngestModule { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS } // send inbox message - sendBadFileInboxMessage(tifArtifact, abstractFile.getName(), abstractFile.getMd5Hash()); + sendBadFileInboxMessage(tifArtifact, abstractFile.getName(), abstractFile.getMd5Hash(), caseDisplayNames); } } catch (TskCoreException ex) { logger.log(Level.SEVERE, "Failed to create BlackboardArtifact.", ex); // NON-NLS @@ -363,6 +363,28 @@ final class CentralRepoIngestModule implements FileIngestModule { logger.log(Level.SEVERE, "Failed to create BlackboardAttribute.", ex); // NON-NLS } } + + @Messages({ + "CentralRepoIngestModule_notable_message_header=A file in this data source was previously seen and tagged as Notable.
", + "CentralRepoIngestModel_name_header=Name:
", + "CentralRepoIngestModel_previous_case_header=
Previous Cases:
" + + }) + private void sendBadFileInboxMessage(BlackboardArtifact artifact, String name, String md5Hash, List caseDisplayNames) { + StringBuilder detailsSb = new StringBuilder(); + + detailsSb.append(Bundle.CentralRepoIngestModule_notable_message_header()).append(Bundle.CentralRepoIngestModel_name_header()); + detailsSb.append(name).append(Bundle.CentralRepoIngestModel_previous_case_header()); + for(String str: caseDisplayNames) { + detailsSb.append(str).append("
"); + } + detailsSb.append(""); + services.postMessage(IngestMessage.createDataMessage(CentralRepoIngestModuleFactory.getModuleName(), + Bundle.CentralRepoIngestModule_postToBB_knownBadMsg(name), + detailsSb.toString(), + name + md5Hash, + artifact)); + } /** * Post a message to the ingest inbox alerting the user that a bad file was @@ -379,39 +401,39 @@ final class CentralRepoIngestModule implements FileIngestModule { "# {0} - Name of file that is Notable", "CentralRepoIngestModule.postToBB.knownBadMsg=Notable: {0}"}) public void sendBadFileInboxMessage(BlackboardArtifact artifact, String name, String md5Hash) { - StringBuilder detailsSb = new StringBuilder(); - //details - detailsSb.append(""); //NON-NLS - //hit - detailsSb.append(""); //NON-NLS - detailsSb.append(""); //NON-NLS - detailsSb.append(""); //NON-NLS - detailsSb.append(""); //NON-NLS - - detailsSb.append(""); //NON-NLS - detailsSb.append(""); //NON-NLS - detailsSb.append(""); //NON-NLS - detailsSb.append(""); //NON-NLS - - detailsSb.append(""); //NON-NLS - detailsSb.append(""); //NON-NLS - detailsSb.append(""); //NON-NLS - detailsSb.append(""); //NON-NLS - - detailsSb.append("
") //NON-NLS - .append(Bundle.CentralRepoIngestModule_postToBB_fileName()) - .append("") //NON-NLS - .append(name) - .append("
") //NON-NLS - .append(Bundle.CentralRepoIngestModule_postToBB_md5Hash()) - .append("").append(md5Hash).append("
") //NON-NLS - .append(Bundle.CentralRepoIngestModule_postToBB_hashSetSource()) - .append("").append(Bundle.CentralRepoIngestModule_postToBB_eamHit()).append("
"); //NON-NLS - - services.postMessage(IngestMessage.createDataMessage(CentralRepoIngestModuleFactory.getModuleName(), - Bundle.CentralRepoIngestModule_postToBB_knownBadMsg(name), - detailsSb.toString(), - name + md5Hash, - artifact)); +// StringBuilder detailsSb = new StringBuilder(); +// //details +// detailsSb.append(""); //NON-NLS +// //hit +// detailsSb.append(""); //NON-NLS +// detailsSb.append(""); //NON-NLS +// detailsSb.append(""); //NON-NLS +// detailsSb.append(""); //NON-NLS +// +// detailsSb.append(""); //NON-NLS +// detailsSb.append(""); //NON-NLS +// detailsSb.append(""); //NON-NLS +// detailsSb.append(""); //NON-NLS +// +// detailsSb.append(""); //NON-NLS +// detailsSb.append(""); //NON-NLS +// detailsSb.append(""); //NON-NLS +// detailsSb.append(""); //NON-NLS +// +// detailsSb.append("
") //NON-NLS +// .append(Bundle.CentralRepoIngestModule_postToBB_fileName()) +// .append("") //NON-NLS +// .append(name) +// .append("
") //NON-NLS +// .append(Bundle.CentralRepoIngestModule_postToBB_md5Hash()) +// .append("").append(md5Hash).append("
") //NON-NLS +// .append(Bundle.CentralRepoIngestModule_postToBB_hashSetSource()) +// .append("").append(Bundle.CentralRepoIngestModule_postToBB_eamHit()).append("
"); //NON-NLS +// +// services.postMessage(IngestMessage.createDataMessage(CentralRepoIngestModuleFactory.getModuleName(), +// Bundle.CentralRepoIngestModule_postToBB_knownBadMsg(name), +// detailsSb.toString(), +// name + md5Hash, +// artifact)); } } From a6e5a3e95efe673f7e1e08d9aa4eb18d83620f3e Mon Sep 17 00:00:00 2001 From: Kelly Kelly Date: Mon, 9 Dec 2019 11:02:15 -0500 Subject: [PATCH 2/2] Cleaned up code for pr --- .../ingestmodule/CentralRepoIngestModule.java | 79 +++++-------------- 1 file changed, 18 insertions(+), 61 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java index 54f667e808..bee0edfcaf 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java @@ -18,7 +18,6 @@ */ package org.sleuthkit.autopsy.centralrepository.ingestmodule; -import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.List; @@ -54,7 +53,6 @@ import org.sleuthkit.datamodel.BlackboardAttribute; import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT; import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME; import org.sleuthkit.datamodel.HashUtility; -import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskData; @@ -276,7 +274,7 @@ final class CentralRepoIngestModule implements FileIngestModule { // Don't allow sqlite central repo databases to be used for multi user cases if ((autopsyCase.getCaseType() == Case.CaseType.MULTI_USER_CASE) - && (EamDbPlatformEnum.getSelectedPlatform() == EamDbPlatformEnum.SQLITE)) { + && (EamDbPlatformEnum.getSelectedPlatform() == EamDbPlatformEnum.SQLITE)) { logger.log(Level.SEVERE, "Cannot run correlation engine on a multi-user case with a SQLite central repository."); throw new IngestModuleException("Cannot run on a multi-user case with a SQLite central repository."); // NON-NLS } @@ -302,7 +300,7 @@ final class CentralRepoIngestModule implements FileIngestModule { } catch (EamDbException ex) { throw new IngestModuleException("Unable to get case from central repository database ", ex); } - + try { eamDataSource = CorrelationDataSource.fromTSKDataSource(eamCase, context.getDataSource()); } catch (EamDbException ex) { @@ -313,7 +311,7 @@ final class CentralRepoIngestModule implements FileIngestModule { // if we are the first thread / module for this job, then make sure the case // and image exist in the DB before we associate artifacts with it. if (refCounter.incrementAndGet(jobId) - == 1) { + == 1) { // ensure we have this data source in the EAM DB try { if (null == centralRepoDb.getDataSource(eamCase, eamDataSource.getDataSourceObjectID())) { @@ -363,19 +361,29 @@ final class CentralRepoIngestModule implements FileIngestModule { logger.log(Level.SEVERE, "Failed to create BlackboardAttribute.", ex); // NON-NLS } } - + @Messages({ "CentralRepoIngestModule_notable_message_header=A file in this data source was previously seen and tagged as Notable.
", "CentralRepoIngestModel_name_header=Name:
", "CentralRepoIngestModel_previous_case_header=
Previous Cases:
" - + }) + + /** + * Post a message to the ingest inbox alerting the user that a bad file was + * found. + * + * @param artifact badFile Blackboard Artifact + * @param name badFile's name + * @param md5Hash badFile's md5 hash + * @param caseDisplayNames List of cases that the artifact appears in. + */ private void sendBadFileInboxMessage(BlackboardArtifact artifact, String name, String md5Hash, List caseDisplayNames) { - StringBuilder detailsSb = new StringBuilder(); - + StringBuilder detailsSb = new StringBuilder(1024); + detailsSb.append(Bundle.CentralRepoIngestModule_notable_message_header()).append(Bundle.CentralRepoIngestModel_name_header()); detailsSb.append(name).append(Bundle.CentralRepoIngestModel_previous_case_header()); - for(String str: caseDisplayNames) { + for (String str : caseDisplayNames) { detailsSb.append(str).append("
"); } detailsSb.append(""); @@ -385,55 +393,4 @@ final class CentralRepoIngestModule implements FileIngestModule { name + md5Hash, artifact)); } - - /** - * Post a message to the ingest inbox alerting the user that a bad file was - * found. - * - * @param artifact badFile Blackboard Artifact - * @param name badFile's name - * @param md5Hash badFile's md5 hash - */ - @Messages({"CentralRepoIngestModule.postToBB.fileName=File Name", - "CentralRepoIngestModule.postToBB.md5Hash=MD5 Hash", - "CentralRepoIngestModule.postToBB.hashSetSource=Source of Hash", - "CentralRepoIngestModule.postToBB.eamHit=Central Repository", - "# {0} - Name of file that is Notable", - "CentralRepoIngestModule.postToBB.knownBadMsg=Notable: {0}"}) - public void sendBadFileInboxMessage(BlackboardArtifact artifact, String name, String md5Hash) { -// StringBuilder detailsSb = new StringBuilder(); -// //details -// detailsSb.append(""); //NON-NLS -// //hit -// detailsSb.append(""); //NON-NLS -// detailsSb.append(""); //NON-NLS -// detailsSb.append(""); //NON-NLS -// detailsSb.append(""); //NON-NLS -// -// detailsSb.append(""); //NON-NLS -// detailsSb.append(""); //NON-NLS -// detailsSb.append(""); //NON-NLS -// detailsSb.append(""); //NON-NLS -// -// detailsSb.append(""); //NON-NLS -// detailsSb.append(""); //NON-NLS -// detailsSb.append(""); //NON-NLS -// detailsSb.append(""); //NON-NLS -// -// detailsSb.append("
") //NON-NLS -// .append(Bundle.CentralRepoIngestModule_postToBB_fileName()) -// .append("") //NON-NLS -// .append(name) -// .append("
") //NON-NLS -// .append(Bundle.CentralRepoIngestModule_postToBB_md5Hash()) -// .append("").append(md5Hash).append("
") //NON-NLS -// .append(Bundle.CentralRepoIngestModule_postToBB_hashSetSource()) -// .append("").append(Bundle.CentralRepoIngestModule_postToBB_eamHit()).append("
"); //NON-NLS -// -// services.postMessage(IngestMessage.createDataMessage(CentralRepoIngestModuleFactory.getModuleName(), -// Bundle.CentralRepoIngestModule_postToBB_knownBadMsg(name), -// detailsSb.toString(), -// name + md5Hash, -// artifact)); - } }