From c9f1ec27991685e1843669fce8e3e4d454fbdd72 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Thu, 11 Jul 2019 11:50:47 -0400 Subject: [PATCH] Revive postArtifact from timeline-event-mgr branch --- .../casemodule/services/Blackboard.java | 59 +++++++------------ .../autopsy/coreutils/SQLiteDBConnect.java | 41 ++++++++----- .../SampleDataSourceIngestModule.java | 3 - .../examples/SampleFileIngestModule.java | 37 ++++++------ .../autopsy/ingest/IngestServices.java | 7 ++- .../autopsy/ingest/ModuleDataEvent.java | 18 +++--- .../FileExtMismatchIngestModule.java | 23 ++++---- .../filetypeid/FileTypeIdIngestModule.java | 51 +++++++++------- .../hashdatabase/HashDbIngestModule.java | 20 +++---- .../modules/plaso/PlasoIngestModule.java | 20 +------ 10 files changed, 133 insertions(+), 146 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/services/Blackboard.java b/Core/src/org/sleuthkit/autopsy/casemodule/services/Blackboard.java index 6e954ce725..52e35041e6 100644 --- a/Core/src/org/sleuthkit/autopsy/casemodule/services/Blackboard.java +++ b/Core/src/org/sleuthkit/autopsy/casemodule/services/Blackboard.java @@ -19,24 +19,22 @@ package org.sleuthkit.autopsy.casemodule.services; import java.io.Closeable; -import java.io.IOException; -import org.openide.util.Lookup; -import org.sleuthkit.autopsy.keywordsearchservice.KeywordSearchService; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.datamodel.TskCoreException; -import org.sleuthkit.datamodel.TskDataException; /** * A representation of the blackboard, a place where artifacts and their * attributes are posted. * * NOTE: This API of this class is under development. + * + * @deprecated Use org.sleuthkit.datamodel.Blackboard instead. */ +@Deprecated public final class Blackboard implements Closeable { - private SleuthkitCase caseDb; + private org.sleuthkit.datamodel.Blackboard delegate; /** * Constructs a representation of the blackboard, a place where artifacts @@ -45,27 +43,24 @@ public final class Blackboard implements Closeable { * @param casedb The case database. */ Blackboard(SleuthkitCase casedb) { - this.caseDb = casedb; + this.delegate = casedb.getBlackboard(); } /** - * Indexes the text associated with the an artifact. + * Indexes the text associated with an artifact. * * @param artifact The artifact to be indexed. * * @throws BlackboardException If there is a problem indexing the artifact. */ public synchronized void indexArtifact(BlackboardArtifact artifact) throws BlackboardException { - if (null == caseDb) { + if (null == delegate) { throw new BlackboardException("Blackboard has been closed"); } - KeywordSearchService searchService = Lookup.getDefault().lookup(KeywordSearchService.class); - if (null == searchService) { - throw new BlackboardException("Keyword search service not found"); - } + try { - searchService.index(artifact); - } catch (TskCoreException ex) { + delegate.postArtifact(artifact, ""); + } catch (org.sleuthkit.datamodel.Blackboard.BlackboardException ex) { throw new BlackboardException("Error indexing artifact", ex); } } @@ -83,19 +78,14 @@ public final class Blackboard implements Closeable { * artifact type. */ public synchronized BlackboardArtifact.Type getOrAddArtifactType(String typeName, String displayName) throws BlackboardException { - if (null == caseDb) { + if (null == delegate) { throw new BlackboardException("Blackboard has been closed"); } + try { - return caseDb.addBlackboardArtifactType(typeName, displayName); - } catch (TskDataException typeExistsEx) { - try { - return caseDb.getArtifactType(typeName); - } catch (TskCoreException ex) { - throw new BlackboardException("Failed to get or add artifact type", ex); - } - } catch (TskCoreException ex) { - throw new BlackboardException("Failed to get or add artifact type", ex); + return delegate.getOrAddArtifactType(typeName, displayName); + } catch (org.sleuthkit.datamodel.Blackboard.BlackboardException ex) { + throw new BlackboardException("Delegate org.sleuthkit.datamodel.Blackboard threw exception.", ex); } } @@ -113,30 +103,23 @@ public final class Blackboard implements Closeable { * attribute type. */ public synchronized BlackboardAttribute.Type getOrAddAttributeType(String typeName, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE valueType, String displayName) throws BlackboardException { - if (null == caseDb) { + if (null == delegate) { throw new BlackboardException("Blackboard has been closed"); } try { - return caseDb.addArtifactAttributeType(typeName, valueType, displayName); - } catch (TskDataException typeExistsEx) { - try { - return caseDb.getAttributeType(typeName); - } catch (TskCoreException ex) { - throw new BlackboardException("Failed to get or add attribute type", ex); - } - } catch (TskCoreException ex) { - throw new BlackboardException("Failed to get or add attribute type", ex); + return delegate.getOrAddAttributeType(typeName, valueType, displayName); + } catch (org.sleuthkit.datamodel.Blackboard.BlackboardException ex) { + throw new BlackboardException("Delegate org.sleuthkit.datamodel.Blackboard threw exception.", ex); } } /** * Closes the blackboard. * - * @throws IOException If there is a problem closing the blackboard. */ @Override - public synchronized void close() throws IOException { - caseDb = null; + public synchronized void close() { + delegate = null; } /** diff --git a/Core/src/org/sleuthkit/autopsy/coreutils/SQLiteDBConnect.java b/Core/src/org/sleuthkit/autopsy/coreutils/SQLiteDBConnect.java index ada674433a..d6c9097cd3 100644 --- a/Core/src/org/sleuthkit/autopsy/coreutils/SQLiteDBConnect.java +++ b/Core/src/org/sleuthkit/autopsy/coreutils/SQLiteDBConnect.java @@ -1,19 +1,19 @@ - /* +/* * * Autopsy Forensic Browser - * - * Copyright 2012 Basis Technology Corp. - * + * + * Copyright 2012-2018 Basis Technology Corp. + * * Copyright 2012 42six Solutions. * Contact: aebadirad 42six com * Project Contact/Architect: carrier sleuthkit org - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -27,12 +27,12 @@ import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; -import org.sleuthkit.autopsy.coreutils.Logger; +import java.util.logging.Level; /** - * Database connection class & utilities * + * Database connection class & utilities. */ -public class SQLiteDBConnect { +public class SQLiteDBConnect implements AutoCloseable { public String sDriver = ""; public String sUrl = null; @@ -52,7 +52,7 @@ public class SQLiteDBConnect { * quick and dirty constructor to test the database passing the * DriverManager name and the fully loaded url to handle */ - /* + /* * NB this will typically be available if you make this class concrete and * not abstract */ @@ -104,9 +104,13 @@ public class SQLiteDBConnect { statement.executeUpdate(instruction); } -// processes an array of instructions e.g. a set of SQL command strings passed from a file -//NB you should ensure you either handle empty lines in files by either removing them or parsing them out -// since they will generate spurious SQLExceptions when they are encountered during the iteration.... + /** processes an array of instructions e.g. a set of SQL command strings + * passed from a file + * + * NB you should ensure you either handle empty lines in files by either + * removing them or parsing them out since they will generate spurious + * SQLExceptions when they are encountered during the iteration.... + */ public void executeStmt(String[] instructionSet) throws SQLException { for (int i = 0; i < instructionSet.length; i++) { executeStmt(instructionSet[i]); @@ -120,7 +124,14 @@ public class SQLiteDBConnect { public void closeConnection() { try { conn.close(); - } catch (Exception ignore) { + } catch (SQLException ex) { + logger.log(Level.WARNING, "Unable to close connection to SQLite DB at " + sUrl, ex); } + //Implementing Autoclosable.close() allows this class to be used in try-with-resources. + } + + @Override + public void close() { + closeConnection(); } } diff --git a/Core/src/org/sleuthkit/autopsy/examples/SampleDataSourceIngestModule.java b/Core/src/org/sleuthkit/autopsy/examples/SampleDataSourceIngestModule.java index 9a1bd96cc7..152df6f55f 100644 --- a/Core/src/org/sleuthkit/autopsy/examples/SampleDataSourceIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/examples/SampleDataSourceIngestModule.java @@ -34,13 +34,10 @@ import java.util.logging.Level; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; import org.sleuthkit.autopsy.casemodule.services.FileManager; -import org.sleuthkit.autopsy.casemodule.services.Services; import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress; import org.sleuthkit.autopsy.ingest.IngestModule; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.Content; -import org.sleuthkit.datamodel.FsContent; -import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.ingest.DataSourceIngestModule; diff --git a/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java index 188d76acde..b3042fb4a5 100644 --- a/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java @@ -1,16 +1,16 @@ /* * Sample module in the public domain. Feel free to use this as a template * for your modules. - * + * * Contact: Brian Carrier [carrier sleuthkit [dot] org] * * This is free and unencumbered software released into the public domain. - * + * * Anyone is free to copy, modify, publish, use, compile, sell, or * distribute this software, either in source code form or as a compiled * binary, for any purpose, commercial or non-commercial, and by any * means. - * + * * In jurisdictions that recognize copyright laws, the author or authors * of this software dedicate any and all copyright interest in the * software to the public domain. We make this dedication for the benefit @@ -18,34 +18,31 @@ * successors. We intend this dedication to be an overt act of * relinquishment in perpetuity of all present and future rights to this * software under copyright law. - * + * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. * IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR - * OTHER DEALINGS IN THE SOFTWARE. + * OTHER DEALINGS IN THE SOFTWARE. */ package org.sleuthkit.autopsy.examples; import java.util.HashMap; import java.util.logging.Level; -import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.ingest.FileIngestModule; -import org.sleuthkit.autopsy.ingest.IngestModule; import org.sleuthkit.autopsy.ingest.IngestJobContext; import org.sleuthkit.autopsy.ingest.IngestMessage; -import org.sleuthkit.autopsy.ingest.IngestServices; -import org.sleuthkit.autopsy.ingest.ModuleDataEvent; +import org.sleuthkit.autopsy.ingest.IngestModule; import org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter; +import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.datamodel.AbstractFile; +import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.TskCoreException; -import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskData; /** @@ -56,7 +53,7 @@ import org.sleuthkit.datamodel.TskData; class SampleFileIngestModule implements FileIngestModule { private static final HashMap artifactCountsForIngestJobs = new HashMap<>(); - private static BlackboardAttribute.ATTRIBUTE_TYPE attrType = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COUNT; + private static final BlackboardAttribute.ATTRIBUTE_TYPE ATTR_TYPE = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COUNT; private final boolean skipKnownFiles; private IngestJobContext context = null; private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter(); @@ -76,8 +73,8 @@ class SampleFileIngestModule implements FileIngestModule { // Skip anything other than actual file system files. if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) - || (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) - || (file.isFile() == false)) { + || (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) + || (file.isFile() == false)) { return IngestModule.ProcessResult.OK; } @@ -101,7 +98,7 @@ class SampleFileIngestModule implements FileIngestModule { // Make an attribute using the ID for the attribute attrType that // was previously created. - BlackboardAttribute attr = new BlackboardAttribute(attrType, SampleIngestModuleFactory.getModuleName(), count); + BlackboardAttribute attr = new BlackboardAttribute(ATTR_TYPE, SampleIngestModuleFactory.getModuleName(), count); // Add the to the general info artifact for the file. In a // real module, you would likely have more complex data types @@ -113,13 +110,15 @@ class SampleFileIngestModule implements FileIngestModule { // management of shared data. addToBlackboardPostCount(context.getJobId(), 1L); - // Fire an event to notify any listeners for blackboard postings. - ModuleDataEvent event = new ModuleDataEvent(SampleIngestModuleFactory.getModuleName(), ARTIFACT_TYPE.TSK_GEN_INFO); - IngestServices.getInstance().fireModuleDataEvent(event); + /* + * post the artifact which will index the artifact for keyword + * search, and fire an event to notify UI of this new artifact + */ + file.getSleuthkitCase().getBlackboard().postArtifact(art, SampleIngestModuleFactory.getModuleName()); return IngestModule.ProcessResult.OK; - } catch (TskCoreException ex) { + } catch (TskCoreException | Blackboard.BlackboardException ex) { IngestServices ingestServices = IngestServices.getInstance(); Logger logger = ingestServices.getLogger(SampleIngestModuleFactory.getModuleName()); logger.log(Level.SEVERE, "Error processing file (id = " + file.getId() + ")", ex); diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestServices.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestServices.java index 386326df10..3117ef2f98 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestServices.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestServices.java @@ -104,9 +104,13 @@ public final class IngestServices { * * @param moduleDataEvent A module data event, i.e., an event that * encapsulates artifact data. + * + * @deprecated use org.sleuthkit.datamodel.Blackboard.postArtifact instead. */ + @Deprecated public void fireModuleDataEvent(ModuleDataEvent moduleDataEvent) { IngestManager.getInstance().fireIngestModuleDataEvent(moduleDataEvent); + } /** @@ -170,10 +174,7 @@ public final class IngestServices { * Sets all of the global configuration settings for an ingest module. * * @param moduleName A unique identifier for the module. - * - * @param moduleName moduleName identifier unique to that module * @param settings A mapping of setting names to setting values. - * */ public void setConfigSettings(String moduleName, Map settings) { ModuleSettings.setConfigSettings(moduleName, settings); diff --git a/Core/src/org/sleuthkit/autopsy/ingest/ModuleDataEvent.java b/Core/src/org/sleuthkit/autopsy/ingest/ModuleDataEvent.java index d78169e251..c463fd69ec 100644 --- a/Core/src/org/sleuthkit/autopsy/ingest/ModuleDataEvent.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/ModuleDataEvent.java @@ -53,7 +53,7 @@ public class ModuleDataEvent extends ChangeEvent { private Collection artifacts; /** - * @param moduleName Module name + * @param moduleName Module name * @param artifactType Type of artifact that was posted to blackboard */ public ModuleDataEvent(String moduleName, ARTIFACT_TYPE artifactType) { @@ -63,9 +63,9 @@ public class ModuleDataEvent extends ChangeEvent { } /** - * @param moduleName Module Name + * @param moduleName Module Name * @param blackboardArtifactType Type of the blackboard artifact posted to - * the blackboard + * the blackboard */ public ModuleDataEvent(String moduleName, BlackboardArtifact.Type blackboardArtifactType) { super(blackboardArtifactType); @@ -74,10 +74,10 @@ public class ModuleDataEvent extends ChangeEvent { } /** - * @param moduleName Module name + * @param moduleName Module name * @param blackboardArtifactType Type of artifact posted to the blackboard - * @param artifacts List of specific artifact ID values that were added to - * blackboard + * @param artifacts List of specific artifact ID values that + * were added to blackboard */ public ModuleDataEvent(String moduleName, BlackboardArtifact.Type blackboardArtifactType, Collection artifacts) { this(moduleName, blackboardArtifactType); @@ -85,10 +85,10 @@ public class ModuleDataEvent extends ChangeEvent { } /** - * @param moduleName Module name + * @param moduleName Module name * @param artifactType Type of artifact that was posted to blackboard - * @param artifacts List of specific artifact values that were added to - * blackboard + * @param artifacts List of specific artifact values that were added to + * blackboard */ public ModuleDataEvent(String moduleName, ARTIFACT_TYPE artifactType, Collection artifacts) { this(moduleName, artifactType); diff --git a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java index 6f2281c45d..0fac779ca4 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java @@ -18,7 +18,6 @@ */ package org.sleuthkit.autopsy.modules.fileextmismatch; -import java.util.Collections; import java.util.HashMap; import java.util.Set; import java.util.logging.Level; @@ -26,7 +25,6 @@ import org.openide.util.NbBundle; import org.openide.util.NbBundle.Messages; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; -import org.sleuthkit.autopsy.casemodule.services.Blackboard; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; import org.sleuthkit.autopsy.ingest.FileIngestModule; @@ -34,10 +32,10 @@ import org.sleuthkit.autopsy.ingest.IngestJobContext; import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter; import org.sleuthkit.autopsy.ingest.IngestServices; -import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchDetectorModuleSettings.CHECK_TYPE; import org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector; import org.sleuthkit.datamodel.AbstractFile; +import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.TskData; @@ -110,7 +108,7 @@ public class FileExtMismatchIngestModule implements FileIngestModule { @Messages({"FileExtMismatchIngestModule.indexError.message=Failed to index file extension mismatch artifact for keyword search."}) public ProcessResult process(AbstractFile abstractFile) { try { - blackboard = Case.getCurrentCaseThrows().getServices().getBlackboard(); + blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard(); } catch (NoCurrentCaseException ex) { logger.log(Level.WARNING, "Exception while getting open case.", ex); //NON-NLS return ProcessResult.ERROR; @@ -121,15 +119,15 @@ public class FileExtMismatchIngestModule implements FileIngestModule { // skip non-files if ((abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) - || (abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) - || (abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.SLACK) - || (abstractFile.isFile() == false)) { + || (abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) + || (abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.SLACK) + || (abstractFile.isFile() == false)) { return ProcessResult.OK; } // deleted files often have content that was not theirs and therefor causes mismatch if ((abstractFile.isMetaFlagSet(TskData.TSK_FS_META_FLAG_ENUM.UNALLOC)) - || (abstractFile.isDirNameFlagSet(TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC))) { + || (abstractFile.isDirNameFlagSet(TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC))) { return ProcessResult.OK; } @@ -145,14 +143,17 @@ public class FileExtMismatchIngestModule implements FileIngestModule { BlackboardArtifact bart = abstractFile.newArtifact(ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED); try { - // index the artifact for keyword search - blackboard.indexArtifact(bart); + /* + * post the artifact which will index the artifact for + * keyword search, and fire an event to notify UI of this + * new artifact + */ + blackboard.postArtifact(bart, FileExtMismatchDetectorModuleFactory.getModuleName()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bart.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error(FileExtMismatchDetectorModuleFactory.getModuleName(), Bundle.FileExtMismatchIngestModule_indexError_message()); } - services.fireModuleDataEvent(new ModuleDataEvent(FileExtMismatchDetectorModuleFactory.getModuleName(), ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED, Collections.singletonList(bart))); } return ProcessResult.OK; } catch (TskException ex) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index f79c10a20c..1af1825c6d 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -18,40 +18,42 @@ */ package org.sleuthkit.autopsy.modules.filetypeid; -import java.util.ArrayList; -import java.util.Collection; +import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.logging.Level; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; -import org.sleuthkit.autopsy.casemodule.services.Blackboard; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.ingest.FileIngestModule; import org.sleuthkit.autopsy.ingest.IngestJobContext; import org.sleuthkit.autopsy.ingest.IngestMessage; -import org.sleuthkit.autopsy.ingest.IngestServices; -import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult; import org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter; +import org.sleuthkit.autopsy.ingest.IngestServices; +import org.sleuthkit.autopsy.modules.filetypeid.CustomFileTypesManager.CustomFileTypesException; +import org.sleuthkit.datamodel.AbstractFile; +import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; +import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT; import org.sleuthkit.datamodel.BlackboardAttribute; +import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY; +import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME; import org.sleuthkit.datamodel.TskCoreException; /** * Detects the type of a file based on signature (magic) values. Posts results * to the blackboard. */ -@NbBundle.Messages({ - "CannotRunFileTypeDetection=Unable to run file type detection." -}) +@NbBundle.Messages({"CannotRunFileTypeDetection=Unable to run file type detection."}) public class FileTypeIdIngestModule implements FileIngestModule { private static final Logger logger = Logger.getLogger(FileTypeIdIngestModule.class.getName()); - private long jobId; private static final HashMap totalsForIngestJobs = new HashMap<>(); private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter(); + + private long jobId; private FileTypeDetector fileTypeDetector; /** @@ -146,26 +148,34 @@ public class FileTypeIdIngestModule implements FileIngestModule { * @param fileType The file type rule for categorizing the hit. */ private void createInterestingFileHit(AbstractFile file, FileType fileType) { + + List attributes = Arrays.asList( + new BlackboardAttribute( + TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), + fileType.getInterestingFilesSetName()), + new BlackboardAttribute( + TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), + fileType.getMimeType())); try { - Collection attributes = new ArrayList<>(); - attributes.add(new BlackboardAttribute( - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName())); - attributes.add(new BlackboardAttribute( - BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType())); - Case currentCase = Case.getCurrentCaseThrows(); - org.sleuthkit.datamodel.Blackboard tskBlackboard = currentCase.getSleuthkitCase().getBlackboard(); + + Blackboard tskBlackboard = currentCase.getSleuthkitCase().getBlackboard(); // Create artifact if it doesn't already exist. - if (!tskBlackboard.artifactExists(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) { - BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT); + if (!tskBlackboard.artifactExists(file, TSK_INTERESTING_FILE_HIT, attributes)) { + BlackboardArtifact artifact = file.newArtifact(TSK_INTERESTING_FILE_HIT); artifact.addAttributes(attributes); - try { - currentCase.getServices().getBlackboard().indexArtifact(artifact); + /* + * post the artifact which will index the artifact for + * keyword search, and fire an event to notify UI of this + * new artifact + */ + tskBlackboard.postArtifact(artifact, FileTypeIdModuleFactory.getModuleName()); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS } } + } catch (TskCoreException ex) { logger.log(Level.SEVERE, String.format("Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex); //NON-NLS } catch (NoCurrentCaseException ex) { @@ -227,5 +237,4 @@ public class FileTypeIdIngestModule implements FileIngestModule { long matchTime = 0; long numFiles = 0; } - } diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java index 23749b8cba..a562ab2a22 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java @@ -21,7 +21,6 @@ package org.sleuthkit.autopsy.modules.hashdatabase; import java.io.IOException; import java.util.ArrayList; import java.util.Collection; -import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.concurrent.atomic.AtomicLong; @@ -30,7 +29,6 @@ import org.openide.util.NbBundle; import org.openide.util.NbBundle.Messages; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; -import org.sleuthkit.autopsy.casemodule.services.Blackboard; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; import org.sleuthkit.autopsy.healthmonitor.HealthMonitor; @@ -39,9 +37,9 @@ import org.sleuthkit.autopsy.ingest.FileIngestModule; import org.sleuthkit.autopsy.ingest.IngestMessage; import org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter; import org.sleuthkit.autopsy.ingest.IngestServices; -import org.sleuthkit.autopsy.ingest.ModuleDataEvent; import org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager.HashDb; import org.sleuthkit.datamodel.AbstractFile; +import org.sleuthkit.datamodel.Blackboard; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; import org.sleuthkit.datamodel.BlackboardAttribute; @@ -102,7 +100,7 @@ public class HashDbIngestModule implements FileIngestModule { * object is used to configure the module. * * @param settings The module settings. - * + * * @throws NoCurrentCaseException If there is no open case. */ HashDbIngestModule(HashLookupModuleSettings settings) throws NoCurrentCaseException { @@ -170,7 +168,7 @@ public class HashDbIngestModule implements FileIngestModule { @Override public ProcessResult process(AbstractFile file) { try { - blackboard = Case.getCurrentCaseThrows().getServices().getBlackboard(); + blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard(); } catch (NoCurrentCaseException ex) { logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS return ProcessResult.ERROR; @@ -178,7 +176,7 @@ public class HashDbIngestModule implements FileIngestModule { // Skip unallocated space files. if ((file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) - || file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK))) { + || file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK))) { return ProcessResult.OK; } @@ -356,8 +354,11 @@ public class HashDbIngestModule implements FileIngestModule { badFile.addAttributes(attributes); try { - // index the artifact for keyword search - blackboard.indexArtifact(badFile); + /* + * post the artifact which will index the artifact for keyword + * search, and fire an event to notify UI of this new artifact + */ + blackboard.postArtifact(badFile, moduleName); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, "Unable to index blackboard artifact " + badFile.getArtifactID(), ex); //NON-NLS MessageNotifyUtil.Notify.error( @@ -400,7 +401,6 @@ public class HashDbIngestModule implements FileIngestModule { abstractFile.getName() + md5Hash, badFile)); } - services.fireModuleDataEvent(new ModuleDataEvent(moduleName, ARTIFACT_TYPE.TSK_HASHSET_HIT, Collections.singletonList(badFile))); } catch (TskException ex) { logger.log(Level.WARNING, "Error creating blackboard artifact", ex); //NON-NLS } @@ -414,7 +414,7 @@ public class HashDbIngestModule implements FileIngestModule { * @param knownHashSets The list of hash sets for "known" files. */ private static synchronized void postSummary(long jobId, - List knownBadHashSets, List knownHashSets) { + List knownBadHashSets, List knownHashSets) { IngestJobTotals jobTotals = getTotalsForIngestJobs(jobId); totalsForIngestJobs.remove(jobId); diff --git a/Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java index 5fd4946a09..abda37b4e0 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java @@ -281,11 +281,9 @@ public class PlasoIngestModule implements DataSourceIngestModule { + " 'WEBHIST') " // bad dates and duplicates with what we have. + " AND sourcetype NOT IN ('UNKNOWN', " + " 'PE Import Time');"; // lots of bad dates //NON-NLS - SQLiteDBConnect tempdbconnect = null; - ResultSet resultSet = null; - try { - tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + plasoDb); //NON-NLS - resultSet = tempdbconnect.executeQry(sqlStatement); + + try (SQLiteDBConnect tempdbconnect = new SQLiteDBConnect("org.sqlite.JDBC", "jdbc:sqlite:" + plasoDb); //NON-NLS + ResultSet resultSet = tempdbconnect.executeQry(sqlStatement)) { while (resultSet.next()) { if (context.dataSourceIngestIsCancelled()) { logger.log(Level.INFO, "Cancelled Plaso Artifact Creation."); //NON-NLS @@ -328,18 +326,6 @@ public class PlasoIngestModule implements DataSourceIngestModule { } } catch (SQLException ex) { logger.log(Level.SEVERE, "Error while trying to read into a sqlite db.", ex);//NON-NLS - } finally { - if(resultSet != null) { - try { - resultSet.close(); - } catch (SQLException ex) { - logger.log(Level.WARNING, "Unable to close ResultSet", ex); - } - } - - if(tempdbconnect != null) { - tempdbconnect.closeConnection(); - } } }