mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-14 17:06:16 +00:00
first draft; description needs to be done
This commit is contained in:
parent
52a7316d36
commit
d69d7216b5
@ -87,6 +87,8 @@ import org.sleuthkit.autopsy.datamodel.BaseChildFactory;
|
||||
import org.sleuthkit.autopsy.datamodel.BaseChildFactory.PageChangeEvent;
|
||||
import org.sleuthkit.autopsy.datamodel.BaseChildFactory.PageCountChangeEvent;
|
||||
import org.sleuthkit.autopsy.datamodel.BaseChildFactory.PageSizeChangeEvent;
|
||||
import org.sleuthkit.datamodel.Score;
|
||||
import org.sleuthkit.datamodel.Score.Significance;
|
||||
|
||||
/**
|
||||
* A tabular result viewer that displays the children of the given root node
|
||||
@ -1263,6 +1265,29 @@ public class DataResultViewerTable extends AbstractDataResultViewer {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
* Returns the icon denoted by the Score's Significance.
|
||||
* @param significance The Score's Significance.
|
||||
* @return The icon (or null) related to that significance.
|
||||
*/
|
||||
private ImageIcon getIcon(Significance significance) {
|
||||
if (significance == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
switch (significance) {
|
||||
case NOTABLE:
|
||||
return NOTABLE_ICON_SCORE;
|
||||
case LIKELY_NOTABLE:
|
||||
return INTERESTING_SCORE_ICON;
|
||||
case LIKELY_NONE:
|
||||
case NONE:
|
||||
case UNKNOWN:
|
||||
default:
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) {
|
||||
Component component = super.getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column);
|
||||
@ -1283,19 +1308,8 @@ public class DataResultViewerTable extends AbstractDataResultViewer {
|
||||
switchValue = value;
|
||||
}
|
||||
setText("");
|
||||
if ((switchValue instanceof Score)) {
|
||||
|
||||
switch ((Score) switchValue) {
|
||||
case INTERESTING_SCORE:
|
||||
setIcon(INTERESTING_SCORE_ICON);
|
||||
break;
|
||||
case NOTABLE_SCORE:
|
||||
setIcon(NOTABLE_ICON_SCORE);
|
||||
break;
|
||||
case NO_SCORE:
|
||||
default:
|
||||
setIcon(null);
|
||||
}
|
||||
if ((switchValue instanceof org.sleuthkit.datamodel.Score)) {
|
||||
setIcon(getIcon(((org.sleuthkit.datamodel.Score) switchValue).getSignificance()));
|
||||
} else {
|
||||
setIcon(null);
|
||||
}
|
||||
|
@ -46,7 +46,6 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoException;
|
||||
import org.sleuthkit.autopsy.core.UserPreferences;
|
||||
import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
|
||||
import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable.HasCommentStatus;
|
||||
import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable.Score;
|
||||
import org.sleuthkit.autopsy.coreutils.Logger;
|
||||
import static org.sleuthkit.autopsy.datamodel.Bundle.*;
|
||||
import static org.sleuthkit.autopsy.datamodel.AbstractAbstractFileNode.AbstractFilePropertyType.*;
|
||||
@ -59,14 +58,13 @@ import org.sleuthkit.autopsy.texttranslation.NoServiceProviderException;
|
||||
import org.sleuthkit.autopsy.texttranslation.TextTranslationService;
|
||||
import org.sleuthkit.autopsy.texttranslation.TranslationException;
|
||||
import org.sleuthkit.datamodel.AbstractFile;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.Content;
|
||||
import org.sleuthkit.datamodel.ContentTag;
|
||||
import org.sleuthkit.datamodel.Tag;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
import org.sleuthkit.datamodel.TskData;
|
||||
import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
|
||||
import org.sleuthkit.autopsy.texttranslation.utils.FileNameTranslationUtil;
|
||||
import org.sleuthkit.datamodel.Score;
|
||||
|
||||
/**
|
||||
* An abstract node that encapsulates AbstractFile data
|
||||
@ -432,43 +430,6 @@ public abstract class AbstractAbstractFileNode<T extends AbstractFile> extends A
|
||||
return Pair.of(count, description);
|
||||
}
|
||||
|
||||
@NbBundle.Messages({
|
||||
"AbstractAbstractFileNode.createSheet.score.displayName=S",
|
||||
"AbstractAbstractFileNode.createSheet.notableFile.description=File recognized as notable.",
|
||||
"AbstractAbstractFileNode.createSheet.interestingResult.description=File has interesting result associated with it.",
|
||||
"AbstractAbstractFileNode.createSheet.taggedFile.description=File has been tagged.",
|
||||
"AbstractAbstractFileNode.createSheet.notableTaggedFile.description=File tagged with notable tag.",
|
||||
"AbstractAbstractFileNode.createSheet.noScore.description=No score"})
|
||||
@Override
|
||||
protected Pair<DataResultViewerTable.Score, String> getScorePropertyAndDescription(List<Tag> tags) {
|
||||
DataResultViewerTable.Score score = DataResultViewerTable.Score.NO_SCORE;
|
||||
String description = Bundle.AbstractAbstractFileNode_createSheet_noScore_description();
|
||||
if (content.getKnown() == TskData.FileKnown.BAD) {
|
||||
score = DataResultViewerTable.Score.NOTABLE_SCORE;
|
||||
description = Bundle.AbstractAbstractFileNode_createSheet_notableFile_description();
|
||||
}
|
||||
try {
|
||||
if (score == DataResultViewerTable.Score.NO_SCORE && !content.getArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT).isEmpty()) {
|
||||
score = DataResultViewerTable.Score.INTERESTING_SCORE;
|
||||
description = Bundle.AbstractAbstractFileNode_createSheet_interestingResult_description();
|
||||
}
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.WARNING, "Error getting artifacts for file: " + content.getName(), ex);
|
||||
}
|
||||
if (!tags.isEmpty() && (score == DataResultViewerTable.Score.NO_SCORE || score == DataResultViewerTable.Score.INTERESTING_SCORE)) {
|
||||
score = DataResultViewerTable.Score.INTERESTING_SCORE;
|
||||
description = Bundle.AbstractAbstractFileNode_createSheet_taggedFile_description();
|
||||
for (Tag tag : tags) {
|
||||
if (tag.getName().getKnownStatus() == TskData.FileKnown.BAD) {
|
||||
score = DataResultViewerTable.Score.NOTABLE_SCORE;
|
||||
description = Bundle.AbstractAbstractFileNode_createSheet_notableTaggedFile_description();
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
return Pair.of(score, description);
|
||||
}
|
||||
|
||||
@NbBundle.Messages({
|
||||
"AbstractAbstractFileNode.createSheet.comment.displayName=C"})
|
||||
@Override
|
||||
|
@ -340,15 +340,16 @@ public abstract class AbstractContentNode<T extends Content> extends ContentNode
|
||||
*
|
||||
* @return Score property for the underlying content of the node.
|
||||
*/
|
||||
protected Pair<DataResultViewerTable.Score, String> getScorePropertyAndDescription(List<Tag> tags) {
|
||||
Score score = null;
|
||||
protected Pair<Score, String> getScorePropertyAndDescription(List<Tag> tags) {
|
||||
Score score = Score.SCORE_UNKNOWN;
|
||||
try {
|
||||
score = this.content.getAggregateScore();
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.WARNING, "Unable to get aggregate score for content with id: " + this.content.getId(), ex);
|
||||
}
|
||||
|
||||
|
||||
score.getSignificance().getDisplayName();
|
||||
return Pair.of(score, );
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -59,12 +59,10 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeUti
|
||||
import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoException;
|
||||
import org.sleuthkit.autopsy.core.UserPreferences;
|
||||
import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
|
||||
import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable.Score;
|
||||
import org.sleuthkit.autopsy.coreutils.Logger;
|
||||
import static org.sleuthkit.autopsy.datamodel.DisplayableItemNode.findLinked;
|
||||
import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable.HasCommentStatus;
|
||||
import static org.sleuthkit.autopsy.datamodel.AbstractContentNode.backgroundTasksPool;
|
||||
import org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager;
|
||||
import org.sleuthkit.autopsy.timeline.actions.ViewArtifactInTimelineAction;
|
||||
import org.sleuthkit.autopsy.timeline.actions.ViewFileInTimelineAction;
|
||||
import org.sleuthkit.datamodel.AbstractFile;
|
||||
@ -75,12 +73,12 @@ import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
|
||||
import org.sleuthkit.datamodel.Content;
|
||||
import org.sleuthkit.datamodel.Tag;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
import org.sleuthkit.datamodel.TskData;
|
||||
import org.sleuthkit.autopsy.datamodel.utils.IconsUtil;
|
||||
import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
|
||||
import static org.sleuthkit.autopsy.datamodel.AbstractContentNode.NO_DESCR;
|
||||
import org.sleuthkit.autopsy.texttranslation.TextTranslationService;
|
||||
import org.sleuthkit.autopsy.datamodel.utils.FileNameTransTask;
|
||||
import org.sleuthkit.datamodel.Score;
|
||||
|
||||
/**
|
||||
* A BlackboardArtifactNode is an AbstractNode implementation that can be used
|
||||
@ -843,94 +841,6 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
|
||||
return status;
|
||||
}
|
||||
|
||||
/**
|
||||
* Computes the value of the score property ("S" in S, C, O) for the
|
||||
* artifact represented by this node. The score property indicates whether
|
||||
* the artifact or its source content is notable or interesting.
|
||||
*
|
||||
* IMPORTANT: Notability takes precedence when computing the score.
|
||||
*
|
||||
* A red icon will be displayed in the property sheet if the hash of the
|
||||
* source file has been found in a notable hash set or if either the
|
||||
* artifact or its source content has been tagged with a notable tag. A
|
||||
* yellow icon will be displayed if the source file belongs to an
|
||||
* interesting file set or either the artifact or its source content has
|
||||
* been tagged with a non-notable tag.
|
||||
*
|
||||
* @param tags The tags that have been applied to the artifact and its
|
||||
* source content.
|
||||
*
|
||||
* @return The value of the score property as an enum element and a
|
||||
* description string for dislpay in a tool tip.
|
||||
*/
|
||||
@Override
|
||||
protected Pair<DataResultViewerTable.Score, String> getScorePropertyAndDescription(List<Tag> tags) {
|
||||
/*
|
||||
* Is the artifact's source content marked as notable?
|
||||
*/
|
||||
Score score = Score.NO_SCORE;
|
||||
String description = Bundle.BlackboardArtifactNode_createSheet_noScore_description();
|
||||
if (srcContent instanceof AbstractFile) {
|
||||
if (((AbstractFile) srcContent).getKnown() == TskData.FileKnown.BAD) {
|
||||
score = Score.NOTABLE_SCORE;
|
||||
description = Bundle.BlackboardArtifactNode_createSheet_notableFile_description();
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* If the artifact is a hash set hit, is the hash set a notable hashes
|
||||
* hash set?
|
||||
*/
|
||||
if (score == Score.NO_SCORE && artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) {
|
||||
try {
|
||||
BlackboardAttribute attr = artifact.getAttribute(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_SET_NAME));
|
||||
List<HashDbManager.HashDb> notableHashsets = HashDbManager.getInstance().getKnownBadFileHashSets();
|
||||
for (HashDbManager.HashDb hashDb : notableHashsets) {
|
||||
if (hashDb.getHashSetName().equals(attr.getValueString())) {
|
||||
score = Score.NOTABLE_SCORE;
|
||||
description = Bundle.BlackboardArtifactNode_createSheet_notableFile_description();
|
||||
break;
|
||||
}
|
||||
}
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.SEVERE, MessageFormat.format("Error getting TSK_SET_NAME attribute for TSK_HASHSET_HIT artifact (artifact objID={0})", artifact.getId()), ex);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Is the artifact's source content notable?
|
||||
*/
|
||||
if (score == Score.NO_SCORE) {
|
||||
try {
|
||||
if (!srcContent.getArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT).isEmpty()) {
|
||||
score = Score.INTERESTING_SCORE;
|
||||
description = Bundle.BlackboardArtifactNode_createSheet_interestingResult_description();
|
||||
}
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.SEVERE, MessageFormat.format("Error getting TSK_INTERESTING_ARTIFACT_HIT artifacts for source content (artifact objID={0})", artifact.getId()), ex);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Analyze any tags applied to the artifact or its source content. If
|
||||
* there are tags, tha artifact is at least interesting. If one of the
|
||||
* tags is a notable tag, the artifact is notable.
|
||||
*/
|
||||
if (tags.size() > 0 && (score == Score.NO_SCORE || score == Score.INTERESTING_SCORE)) {
|
||||
score = Score.INTERESTING_SCORE;
|
||||
description = Bundle.BlackboardArtifactNode_createSheet_taggedItem_description();
|
||||
for (Tag tag : tags) {
|
||||
if (tag.getName().getKnownStatus() == TskData.FileKnown.BAD) {
|
||||
score = Score.NOTABLE_SCORE;
|
||||
description = Bundle.BlackboardArtifactNode_createSheet_notableTaggedItem_description();
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return Pair.of(score, description);
|
||||
}
|
||||
|
||||
/**
|
||||
* Computes the value of the other occurrences property ("O" in S, C, O) for
|
||||
* the artifact represented by this node. The value of the other occurrences
|
||||
@ -1146,7 +1056,7 @@ public class BlackboardArtifactNode extends AbstractContentNode<BlackboardArtifa
|
||||
"BlackboardArtifactNode.createSheet.noScore.description=No score"})
|
||||
@Deprecated
|
||||
protected final void addScorePropertyAndDescription(Sheet.Set sheetSet, List<Tag> tags) {
|
||||
Pair<DataResultViewerTable.Score, String> scoreAndDescription = getScorePropertyAndDescription(tags);
|
||||
Pair<Score, String> scoreAndDescription = getScorePropertyAndDescription(tags);
|
||||
sheetSet.put(new NodeProperty<>(Bundle.BlackboardArtifactNode_createSheet_score_name(), Bundle.BlackboardArtifactNode_createSheet_score_displayName(), scoreAndDescription.getRight(), scoreAndDescription.getLeft()));
|
||||
}
|
||||
|
||||
|
@ -20,6 +20,7 @@ package org.sleuthkit.autopsy.datamodel;
|
||||
|
||||
import org.apache.commons.lang3.tuple.Pair;
|
||||
import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
|
||||
import org.sleuthkit.datamodel.Score;
|
||||
|
||||
/**
|
||||
* Container to bag the S C & O data for an abstract file node.
|
||||
@ -27,11 +28,11 @@ import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
|
||||
*/
|
||||
class SCOData {
|
||||
|
||||
private Pair<DataResultViewerTable.Score, String> scoreAndDescription = null;
|
||||
private Pair<Score, String> scoreAndDescription = null;
|
||||
private DataResultViewerTable.HasCommentStatus comment = null;
|
||||
private Pair<Long, String> countAndDescription = null;
|
||||
|
||||
Pair<DataResultViewerTable.Score, String> getScoreAndDescription() {
|
||||
Pair<Score, String> getScoreAndDescription() {
|
||||
return scoreAndDescription;
|
||||
}
|
||||
|
||||
@ -43,7 +44,7 @@ class SCOData {
|
||||
return countAndDescription;
|
||||
}
|
||||
|
||||
void setScoreAndDescription(Pair<DataResultViewerTable.Score, String> scoreAndDescription) {
|
||||
void setScoreAndDescription(Pair<Score, String> scoreAndDescription) {
|
||||
this.scoreAndDescription = scoreAndDescription;
|
||||
}
|
||||
void setComment(DataResultViewerTable.HasCommentStatus comment) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user