From d8f04fce98363b13a3701feb073393c9c42b19bf Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Fri, 7 Jun 2019 17:19:49 -0400
Subject: [PATCH 1/2] Warn user if a comma is present in an extension regex

---
 .../interestingitems/Bundle.properties-MERGED      |  2 ++
 .../interestingitems/FilesSetRulePanel.java        | 14 +++++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties-MERGED
index 7ca4901b1b..a1b97a0f54 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties-MERGED
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties-MERGED
@@ -37,6 +37,8 @@ FilesSetPanel.ingest.createNewFilter=Create/edit file ingest filters...
 FilesSetPanel.ingest.messages.filtersMustBeNamed=File ingest filters must be named.
 FilesSetPanel.rule.title=File Filter Rule
 FilesSetRulePanel.bytes=Bytes
+#{0} - regex
+FilesSetRulePanel.CommaInRegexWarning=Warning: Comma(s) in the file extension field will be interpreted as part of a regex and will not split the entry into multiple extensions (Entered: "{0}")
 FilesSetRulePanel.DaysIncludedEmptyError=Number of days included cannot be empty.
 FilesSetRulePanel.DaysIncludedInvalidError=Number of days included must be a positive integer.
 FilesSetRulePanel.gigaBytes=Gigabytes
diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java
index 9744b0c5bf..12339b54f6 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java
@@ -57,7 +57,9 @@ final class FilesSetRulePanel extends javax.swing.JPanel {
         "FilesSetRulePanel.NoPathError=Path cannot be empty",
         "FilesSetRulePanel.DaysIncludedEmptyError=Number of days included cannot be empty.",
         "FilesSetRulePanel.DaysIncludedInvalidError=Number of days included must be a positive integer.",
-        "FilesSetRulePanel.ZeroFileSizeError=File size condition value must not be 0 (Unless = is selected)."
+        "FilesSetRulePanel.ZeroFileSizeError=File size condition value must not be 0 (Unless = is selected).",
+        "#{0} - regex",
+        "FilesSetRulePanel.CommaInRegexWarning=Warning: Comma(s) in the file extension field will be interpreted as part of a regex and will not split the entry into multiple extensions (Entered: \"{0}\")",
     })
 
     private static final long serialVersionUID = 1L;
@@ -358,6 +360,16 @@ final class FilesSetRulePanel extends javax.swing.JPanel {
                 return false;
             }
             if (this.nameRegexCheckbox.isSelected()) {
+                
+                // If extension is also selected and the regex contains a comma, display a warning
+                // since it is unclear whether the comma is part of a regex or is separating extensions.
+                if (this.extensionRadioButton.isSelected() && this.nameTextField.getText().contains(",")) {
+                    NotifyDescriptor notifyDesc = new NotifyDescriptor.Message(
+                            Bundle.FilesSetRulePanel_CommaInRegexWarning(this.nameTextField.getText()),
+                            NotifyDescriptor.WARNING_MESSAGE);
+                    DialogDisplayer.getDefault().notify(notifyDesc);
+                }
+                
                 try {
                     Pattern.compile(this.nameTextField.getText());
                 } catch (PatternSyntaxException ex) {

From 9af1fc4d0908c1cef6282913af8a887c171b84f8 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Fri, 7 Jun 2019 17:21:42 -0400
Subject: [PATCH 2/2] Update doc

---
 docs/doxygen-user/interesting_files.dox | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/doxygen-user/interesting_files.dox b/docs/doxygen-user/interesting_files.dox
index 080b1072af..7e4147a66f 100644
--- a/docs/doxygen-user/interesting_files.dox
+++ b/docs/doxygen-user/interesting_files.dox
@@ -42,7 +42,7 @@ The top line allows you to choose whether you want to match only files, only dir
 Each rule must have at least one condition. To create conditions, check the box to the left of the condition you want to enable. The following is a description of each condition, with some full examples after.
 
 <ul>
-<li><b>Name</b> - Enter either the full file name or one or more extensions, and select whether this is an exact match or a substring/regex match. If substring/regex match is enabled, it will automatically add wildcards to the beginning and end of the text. If you're only matching directories, this will match the directory name. If you're using a comma-separated list of extensions, make sure the regex checkbox is disabled - the two features do not work together. The following table shows some examples of what the different combinations can be used for.
+<li><b>Name</b> - Enter either the full file name or one or more extensions, and select whether this is an exact match or a substring/regex match. If substring/regex match is enabled, it will automatically add wildcards to the beginning and end of the text. If you're only matching directories, this will match the directory name. If you're using a comma-separated list of extensions, make sure the regex checkbox is disabled - the entire contents will be interpreted as one regex when the checkbox is selected. The following table shows some examples of what the different combinations can be used for.
 
 <table>
 <tr><th>Type</th><th>Substring/Regex</th><th>Text</th><th>Description</th><th>Sample match</th></tr>