From d69d7216b51e7030a4de11f6857aa6b2ca28eb08 Mon Sep 17 00:00:00 2001 From: Greg DiCristofaro Date: Mon, 17 May 2021 16:13:14 -0400 Subject: [PATCH] first draft; description needs to be done --- .../corecomponents/DataResultViewerTable.java | 40 +++++--- .../datamodel/AbstractAbstractFileNode.java | 41 +------- .../datamodel/AbstractContentNode.java | 7 +- .../datamodel/BlackboardArtifactNode.java | 94 +------------------ .../sleuthkit/autopsy/datamodel/SCOData.java | 7 +- 5 files changed, 38 insertions(+), 151 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerTable.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerTable.java index 48e7427172..8464969920 100644 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerTable.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerTable.java @@ -87,6 +87,8 @@ import org.sleuthkit.autopsy.datamodel.BaseChildFactory; import org.sleuthkit.autopsy.datamodel.BaseChildFactory.PageChangeEvent; import org.sleuthkit.autopsy.datamodel.BaseChildFactory.PageCountChangeEvent; import org.sleuthkit.autopsy.datamodel.BaseChildFactory.PageSizeChangeEvent; +import org.sleuthkit.datamodel.Score; +import org.sleuthkit.datamodel.Score.Significance; /** * A tabular result viewer that displays the children of the given root node @@ -1263,6 +1265,29 @@ public class DataResultViewerTable extends AbstractDataResultViewer { private static final long serialVersionUID = 1L; + /** + * Returns the icon denoted by the Score's Significance. + * @param significance The Score's Significance. + * @return The icon (or null) related to that significance. + */ + private ImageIcon getIcon(Significance significance) { + if (significance == null) { + return null; + } + + switch (significance) { + case NOTABLE: + return NOTABLE_ICON_SCORE; + case LIKELY_NOTABLE: + return INTERESTING_SCORE_ICON; + case LIKELY_NONE: + case NONE: + case UNKNOWN: + default: + return null; + } + } + @Override public Component getTableCellRendererComponent(JTable table, Object value, boolean isSelected, boolean hasFocus, int row, int column) { Component component = super.getTableCellRendererComponent(table, value, isSelected, hasFocus, row, column); @@ -1283,19 +1308,8 @@ public class DataResultViewerTable extends AbstractDataResultViewer { switchValue = value; } setText(""); - if ((switchValue instanceof Score)) { - - switch ((Score) switchValue) { - case INTERESTING_SCORE: - setIcon(INTERESTING_SCORE_ICON); - break; - case NOTABLE_SCORE: - setIcon(NOTABLE_ICON_SCORE); - break; - case NO_SCORE: - default: - setIcon(null); - } + if ((switchValue instanceof org.sleuthkit.datamodel.Score)) { + setIcon(getIcon(((org.sleuthkit.datamodel.Score) switchValue).getSignificance())); } else { setIcon(null); } diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java index ee862eee96..2bd4e702c3 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java @@ -46,7 +46,6 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoException; import org.sleuthkit.autopsy.core.UserPreferences; import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable; import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable.HasCommentStatus; -import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable.Score; import org.sleuthkit.autopsy.coreutils.Logger; import static org.sleuthkit.autopsy.datamodel.Bundle.*; import static org.sleuthkit.autopsy.datamodel.AbstractAbstractFileNode.AbstractFilePropertyType.*; @@ -59,14 +58,13 @@ import org.sleuthkit.autopsy.texttranslation.NoServiceProviderException; import org.sleuthkit.autopsy.texttranslation.TextTranslationService; import org.sleuthkit.autopsy.texttranslation.TranslationException; import org.sleuthkit.datamodel.AbstractFile; -import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.ContentTag; import org.sleuthkit.datamodel.Tag; import org.sleuthkit.datamodel.TskCoreException; -import org.sleuthkit.datamodel.TskData; import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository; import org.sleuthkit.autopsy.texttranslation.utils.FileNameTranslationUtil; +import org.sleuthkit.datamodel.Score; /** * An abstract node that encapsulates AbstractFile data @@ -432,43 +430,6 @@ public abstract class AbstractAbstractFileNode extends A return Pair.of(count, description); } - @NbBundle.Messages({ - "AbstractAbstractFileNode.createSheet.score.displayName=S", - "AbstractAbstractFileNode.createSheet.notableFile.description=File recognized as notable.", - "AbstractAbstractFileNode.createSheet.interestingResult.description=File has interesting result associated with it.", - "AbstractAbstractFileNode.createSheet.taggedFile.description=File has been tagged.", - "AbstractAbstractFileNode.createSheet.notableTaggedFile.description=File tagged with notable tag.", - "AbstractAbstractFileNode.createSheet.noScore.description=No score"}) - @Override - protected Pair getScorePropertyAndDescription(List tags) { - DataResultViewerTable.Score score = DataResultViewerTable.Score.NO_SCORE; - String description = Bundle.AbstractAbstractFileNode_createSheet_noScore_description(); - if (content.getKnown() == TskData.FileKnown.BAD) { - score = DataResultViewerTable.Score.NOTABLE_SCORE; - description = Bundle.AbstractAbstractFileNode_createSheet_notableFile_description(); - } - try { - if (score == DataResultViewerTable.Score.NO_SCORE && !content.getArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT).isEmpty()) { - score = DataResultViewerTable.Score.INTERESTING_SCORE; - description = Bundle.AbstractAbstractFileNode_createSheet_interestingResult_description(); - } - } catch (TskCoreException ex) { - logger.log(Level.WARNING, "Error getting artifacts for file: " + content.getName(), ex); - } - if (!tags.isEmpty() && (score == DataResultViewerTable.Score.NO_SCORE || score == DataResultViewerTable.Score.INTERESTING_SCORE)) { - score = DataResultViewerTable.Score.INTERESTING_SCORE; - description = Bundle.AbstractAbstractFileNode_createSheet_taggedFile_description(); - for (Tag tag : tags) { - if (tag.getName().getKnownStatus() == TskData.FileKnown.BAD) { - score = DataResultViewerTable.Score.NOTABLE_SCORE; - description = Bundle.AbstractAbstractFileNode_createSheet_notableTaggedFile_description(); - break; - } - } - } - return Pair.of(score, description); - } - @NbBundle.Messages({ "AbstractAbstractFileNode.createSheet.comment.displayName=C"}) @Override diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java index e551a62b14..ee9d4a425e 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentNode.java @@ -340,15 +340,16 @@ public abstract class AbstractContentNode extends ContentNode * * @return Score property for the underlying content of the node. */ - protected Pair getScorePropertyAndDescription(List tags) { - Score score = null; + protected Pair getScorePropertyAndDescription(List tags) { + Score score = Score.SCORE_UNKNOWN; try { score = this.content.getAggregateScore(); } catch (TskCoreException ex) { logger.log(Level.WARNING, "Unable to get aggregate score for content with id: " + this.content.getId(), ex); } - + score.getSignificance().getDisplayName(); + return Pair.of(score, ); } /** diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java index 5bfca75425..8e52e6d8b7 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java @@ -59,12 +59,10 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeUti import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoException; import org.sleuthkit.autopsy.core.UserPreferences; import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable; -import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable.Score; import org.sleuthkit.autopsy.coreutils.Logger; import static org.sleuthkit.autopsy.datamodel.DisplayableItemNode.findLinked; import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable.HasCommentStatus; import static org.sleuthkit.autopsy.datamodel.AbstractContentNode.backgroundTasksPool; -import org.sleuthkit.autopsy.modules.hashdatabase.HashDbManager; import org.sleuthkit.autopsy.timeline.actions.ViewArtifactInTimelineAction; import org.sleuthkit.autopsy.timeline.actions.ViewFileInTimelineAction; import org.sleuthkit.datamodel.AbstractFile; @@ -75,12 +73,12 @@ import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE; import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Tag; import org.sleuthkit.datamodel.TskCoreException; -import org.sleuthkit.datamodel.TskData; import org.sleuthkit.autopsy.datamodel.utils.IconsUtil; import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository; import static org.sleuthkit.autopsy.datamodel.AbstractContentNode.NO_DESCR; import org.sleuthkit.autopsy.texttranslation.TextTranslationService; import org.sleuthkit.autopsy.datamodel.utils.FileNameTransTask; +import org.sleuthkit.datamodel.Score; /** * A BlackboardArtifactNode is an AbstractNode implementation that can be used @@ -843,94 +841,6 @@ public class BlackboardArtifactNode extends AbstractContentNode getScorePropertyAndDescription(List tags) { - /* - * Is the artifact's source content marked as notable? - */ - Score score = Score.NO_SCORE; - String description = Bundle.BlackboardArtifactNode_createSheet_noScore_description(); - if (srcContent instanceof AbstractFile) { - if (((AbstractFile) srcContent).getKnown() == TskData.FileKnown.BAD) { - score = Score.NOTABLE_SCORE; - description = Bundle.BlackboardArtifactNode_createSheet_notableFile_description(); - } - } - - /* - * If the artifact is a hash set hit, is the hash set a notable hashes - * hash set? - */ - if (score == Score.NO_SCORE && artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()) { - try { - BlackboardAttribute attr = artifact.getAttribute(new BlackboardAttribute.Type(ATTRIBUTE_TYPE.TSK_SET_NAME)); - List notableHashsets = HashDbManager.getInstance().getKnownBadFileHashSets(); - for (HashDbManager.HashDb hashDb : notableHashsets) { - if (hashDb.getHashSetName().equals(attr.getValueString())) { - score = Score.NOTABLE_SCORE; - description = Bundle.BlackboardArtifactNode_createSheet_notableFile_description(); - break; - } - } - } catch (TskCoreException ex) { - logger.log(Level.SEVERE, MessageFormat.format("Error getting TSK_SET_NAME attribute for TSK_HASHSET_HIT artifact (artifact objID={0})", artifact.getId()), ex); - } - } - - /* - * Is the artifact's source content notable? - */ - if (score == Score.NO_SCORE) { - try { - if (!srcContent.getArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT).isEmpty()) { - score = Score.INTERESTING_SCORE; - description = Bundle.BlackboardArtifactNode_createSheet_interestingResult_description(); - } - } catch (TskCoreException ex) { - logger.log(Level.SEVERE, MessageFormat.format("Error getting TSK_INTERESTING_ARTIFACT_HIT artifacts for source content (artifact objID={0})", artifact.getId()), ex); - } - } - - /* - * Analyze any tags applied to the artifact or its source content. If - * there are tags, tha artifact is at least interesting. If one of the - * tags is a notable tag, the artifact is notable. - */ - if (tags.size() > 0 && (score == Score.NO_SCORE || score == Score.INTERESTING_SCORE)) { - score = Score.INTERESTING_SCORE; - description = Bundle.BlackboardArtifactNode_createSheet_taggedItem_description(); - for (Tag tag : tags) { - if (tag.getName().getKnownStatus() == TskData.FileKnown.BAD) { - score = Score.NOTABLE_SCORE; - description = Bundle.BlackboardArtifactNode_createSheet_notableTaggedItem_description(); - break; - } - } - } - - return Pair.of(score, description); - } - /** * Computes the value of the other occurrences property ("O" in S, C, O) for * the artifact represented by this node. The value of the other occurrences @@ -1146,7 +1056,7 @@ public class BlackboardArtifactNode extends AbstractContentNode tags) { - Pair scoreAndDescription = getScorePropertyAndDescription(tags); + Pair scoreAndDescription = getScorePropertyAndDescription(tags); sheetSet.put(new NodeProperty<>(Bundle.BlackboardArtifactNode_createSheet_score_name(), Bundle.BlackboardArtifactNode_createSheet_score_displayName(), scoreAndDescription.getRight(), scoreAndDescription.getLeft())); } diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/SCOData.java b/Core/src/org/sleuthkit/autopsy/datamodel/SCOData.java index a9dd99369d..ed9d232034 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/SCOData.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/SCOData.java @@ -20,6 +20,7 @@ package org.sleuthkit.autopsy.datamodel; import org.apache.commons.lang3.tuple.Pair; import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable; +import org.sleuthkit.datamodel.Score; /** * Container to bag the S C & O data for an abstract file node. @@ -27,11 +28,11 @@ import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable; */ class SCOData { - private Pair scoreAndDescription = null; + private Pair scoreAndDescription = null; private DataResultViewerTable.HasCommentStatus comment = null; private Pair countAndDescription = null; - Pair getScoreAndDescription() { + Pair getScoreAndDescription() { return scoreAndDescription; } @@ -43,7 +44,7 @@ class SCOData { return countAndDescription; } - void setScoreAndDescription(Pair scoreAndDescription) { + void setScoreAndDescription(Pair scoreAndDescription) { this.scoreAndDescription = scoreAndDescription; } void setComment(DataResultViewerTable.HasCommentStatus comment) {