mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4344 from wschaeferB/4487-AddOptionNotToCreateCrProps

Browse Source 
4487 add setting to allow users not to add results to central repository
This commit is contained in:
Richard Cordovano 2018-12-10 13:00:26 -05:00 committed by GitHub
commit dd23a69ba0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 114 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
View File

@ -62,6 +62,7 @@ public class IngestEventsListener {
private static int correlationModuleInstanceCount;
private static boolean flagNotableItems;
private static boolean flagSeenDevices;
private static boolean createCrProperties;
private final ExecutorService jobProcessingExecutor;
private static final String INGEST_EVENT_THREAD_NAME = "Ingest-Event-Listener-%d";
private final PropertyChangeListener pcl1 = new IngestModuleEventListener();
@ -145,6 +146,15 @@ public class IngestEventsListener {
return flagSeenDevices;
}
/**
* Are correlation properties being created
*
* @return True if creating correlation properties; otherwise false.
*/
public synchronized static boolean shouldCreateCrProperties() {
return createCrProperties;
}
/**
* Configure the listener to flag notable items or not.
*
@ -163,6 +173,15 @@ public class IngestEventsListener {
flagSeenDevices = value;
}
/**
* Configure the listener to create correlation properties
*
* @param value True to create properties; otherwise false.
*/
public synchronized static void setCreateCrProperties(boolean value) {
createCrProperties = value;
}
@NbBundle.Messages({"IngestEventsListener.prevTaggedSet.text=Previously Tagged As Notable (Central Repository)",
"IngestEventsListener.prevCaseComment.text=Previous Case: ",
"IngestEventsListener.ingestmodule.name=Correlation Engine"})
@ -271,7 +290,8 @@ public class IngestEventsListener {
//if ingest isn't running create the interesting items otherwise use the ingest module setting to determine if we create interesting items
boolean flagNotable = !IngestManager.getInstance().isIngestRunning() || isFlagNotableItems();
boolean flagPrevious = !IngestManager.getInstance().isIngestRunning() || isFlagSeenDevices();
jobProcessingExecutor.submit(new DataAddedTask(dbManager, evt, flagNotable, flagPrevious));
boolean createAttributes = !IngestManager.getInstance().isIngestRunning() || shouldCreateCrProperties();
jobProcessingExecutor.submit(new DataAddedTask(dbManager, evt, flagNotable, flagPrevious, createAttributes));
break;
}
}
@ -311,12 +331,14 @@ public class IngestEventsListener {
private final PropertyChangeEvent event;
private final boolean flagNotableItemsEnabled;
private final boolean flagPreviousItemsEnabled;
private final boolean createCorrelationAttributes;
private DataAddedTask(EamDb db, PropertyChangeEvent evt, boolean flagNotableItemsEnabled, boolean flagPreviousItemsEnabled) {
private DataAddedTask(EamDb db, PropertyChangeEvent evt, boolean flagNotableItemsEnabled, boolean flagPreviousItemsEnabled, boolean createCorrelationAttributes) {
dbManager = db;
event = evt;
this.flagNotableItemsEnabled = flagNotableItemsEnabled;
this.flagPreviousItemsEnabled = flagPreviousItemsEnabled;
this.createCorrelationAttributes = createCorrelationAttributes;
}
@Override
@ -369,8 +391,10 @@ public class IngestEventsListener {
LOGGER.log(Level.INFO, String.format("Unable to flag notable item: %s.", eamArtifact.toString()), ex);
}
}
if (createCorrelationAttributes) {
eamArtifacts.add(eamArtifact);
}
}
} catch (EamDbException ex) {
LOGGER.log(Level.SEVERE, "Error counting notable artifacts.", ex);
}

1
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/Bundle.properties
View File

@ -1,3 +1,4 @@
IngestSettingsPanel.ingestSettingsLabel.text=Ingest Settings
IngestSettingsPanel.flagTaggedNotableItemsCheckbox.text=Flag items previously tagged as notable
IngestSettingsPanel.flagPreviouslySeenDevicesCheckbox.text=Flag previously seen devices
IngestSettingsPanel.createCorrelationPropertiesCheckbox.text=Create correlation properties

14
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java
View File

@ -65,6 +65,7 @@ final class CentralRepoIngestModule implements FileIngestModule {
static final boolean DEFAULT_FLAG_TAGGED_NOTABLE_ITEMS = true;
static final boolean DEFAULT_FLAG_PREVIOUS_DEVICES = true;
static final boolean DEFAULT_CREATE_CR_PROPERTIES = true;
private final static Logger logger = Logger.getLogger(CentralRepoIngestModule.class.getName());
private final IngestServices services = IngestServices.getInstance();
@ -77,6 +78,7 @@ final class CentralRepoIngestModule implements FileIngestModule {
private CorrelationAttributeInstance.Type filesType;
private final boolean flagTaggedNotableItems;
private final boolean flagPreviouslySeenDevices;
private final boolean createCorrelationProperties;
/**
* Instantiate the Correlation Engine ingest module.
@ -86,6 +88,7 @@ final class CentralRepoIngestModule implements FileIngestModule {
CentralRepoIngestModule(IngestSettings settings) {
flagTaggedNotableItems = settings.isFlagTaggedNotableItems();
flagPreviouslySeenDevices = settings.isFlagPreviousDevices();
createCorrelationProperties = settings.shouldCreateCorrelationProperties();
}
@Override
@ -149,13 +152,14 @@ final class CentralRepoIngestModule implements FileIngestModule {
} catch (EamDbException ex) {
logger.log(Level.SEVERE, "Error searching database for artifact.", ex); // NON-NLS
return ProcessResult.ERROR;
} catch (CorrelationAttributeNormalizationException ex){
} catch (CorrelationAttributeNormalizationException ex) {
logger.log(Level.INFO, "Error searching database for artifact.", ex); // NON-NLS
return ProcessResult.ERROR;
}
}
// insert this file into the central repository
if (createCorrelationProperties) {
try {
CorrelationAttributeInstance cefi = new CorrelationAttributeInstance(
filesType,
@ -165,7 +169,8 @@ final class CentralRepoIngestModule implements FileIngestModule {
abstractFile.getParentPath() + abstractFile.getName(),
null,
TskData.FileKnown.UNKNOWN // NOTE: Known status in the CR is based on tagging, not hashes like the Case Database.
, abstractFile.getId());
,
abstractFile.getId());
dbManager.addAttributeInstanceBulk(cefi);
} catch (EamDbException ex) {
logger.log(Level.SEVERE, "Error adding artifact to bulk artifacts.", ex); // NON-NLS
@ -174,7 +179,7 @@ final class CentralRepoIngestModule implements FileIngestModule {
logger.log(Level.INFO, "Error adding artifact to bulk artifacts.", ex); // NON-NLS
return ProcessResult.ERROR;
}
}
return ProcessResult.OK;
}
@ -237,6 +242,9 @@ final class CentralRepoIngestModule implements FileIngestModule {
if (IngestEventsListener.getCeModuleInstanceCount() == 1 || !IngestEventsListener.isFlagSeenDevices()) {
IngestEventsListener.setFlagSeenDevices(flagPreviouslySeenDevices);
}
if (IngestEventsListener.getCeModuleInstanceCount() == 1 || !IngestEventsListener.shouldCreateCrProperties()) {
IngestEventsListener.setCreateCrProperties(createCorrelationProperties);
}
if (EamDb.isEnabled() == false) {
/*

23
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettings.java
View File

@ -27,8 +27,9 @@ final class IngestSettings implements IngestModuleIngestJobSettings {
private static final long serialVersionUID = 1L;
private boolean flagTaggedNotableItems;
private boolean flagPreviousDevices;
private final boolean flagTaggedNotableItems;
private final boolean flagPreviousDevices;
private final boolean createCorrelationProperties;
/**
* Instantiate the ingest job settings with default values.
@ -36,17 +37,22 @@ final class IngestSettings implements IngestModuleIngestJobSettings {
IngestSettings() {
this.flagTaggedNotableItems = CentralRepoIngestModule.DEFAULT_FLAG_TAGGED_NOTABLE_ITEMS;
this.flagPreviousDevices = CentralRepoIngestModule.DEFAULT_FLAG_PREVIOUS_DEVICES;
this.createCorrelationProperties = CentralRepoIngestModule.DEFAULT_CREATE_CR_PROPERTIES;
}
/**
* Instantiate the ingest job settings.
*
* @param flagTaggedNotableItems Flag previously tagged notable items.
* @param flagPreviousDevices Flag devices which exist already in the Central Repository
* @param flagPreviousDevices Flag devices which exist already in
* the Central Repository
* @param createCorrelationProperties Create correlation properties in the
* central repository
*/
IngestSettings(boolean flagTaggedNotableItems, boolean flagPreviousDevices) {
IngestSettings(boolean flagTaggedNotableItems, boolean flagPreviousDevices, boolean createCorrelationProperties) {
this.flagTaggedNotableItems = flagTaggedNotableItems;
this.flagPreviousDevices = flagPreviousDevices;
this.createCorrelationProperties = createCorrelationProperties;
}
@Override
@ -71,4 +77,13 @@ final class IngestSettings implements IngestModuleIngestJobSettings {
boolean isFlagPreviousDevices() {
return flagPreviousDevices;
}
/**
* Should correlation properties be created
*
* @return True if creating; otherwise false.
*/
boolean shouldCreateCorrelationProperties() {
return createCorrelationProperties;
}
}

20
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettingsPanel.form
View File

@ -22,9 +22,10 @@
<Component id="ingestSettingsLabel" min="-2" max="-2" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<EmptySpace min="10" pref="10" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="flagPreviouslySeenDevicesCheckbox" min="-2" max="-2" attributes="0"/>
<Component id="flagTaggedNotableItemsCheckbox" min="-2" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" max="-2" attributes="0">
<Component id="flagTaggedNotableItemsCheckbox" max="32767" attributes="0"/>
<Component id="flagPreviouslySeenDevicesCheckbox" alignment="0" max="32767" attributes="0"/>
<Component id="createCorrelationPropertiesCheckbox" alignment="0" max="32767" attributes="0"/>
</Group>
</Group>
</Group>
@ -37,11 +38,13 @@
<Group type="102" alignment="0" attributes="0">
<EmptySpace max="-2" attributes="0"/>
<Component id="ingestSettingsLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="9" max="-2" attributes="0"/>
<Component id="createCorrelationPropertiesCheckbox" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="flagTaggedNotableItemsCheckbox" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="flagPreviouslySeenDevicesCheckbox" min="-2" max="-2" attributes="0"/>
<EmptySpace pref="222" max="32767" attributes="0"/>
<EmptySpace pref="197" max="32767" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
@ -71,5 +74,12 @@
</Property>
</Properties>
</Component>
<Component class="javax.swing.JCheckBox" name="createCorrelationPropertiesCheckbox">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/centralrepository/ingestmodule/Bundle.properties" key="IngestSettingsPanel.createCorrelationPropertiesCheckbox.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
</SubComponents>
</Form>

20
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettingsPanel.java
View File

@ -43,11 +43,12 @@ final class IngestSettingsPanel extends IngestModuleIngestJobSettingsPanel {
private void customizeComponents(IngestSettings settings) {
flagTaggedNotableItemsCheckbox.setSelected(settings.isFlagTaggedNotableItems());
flagPreviouslySeenDevicesCheckbox.setSelected(settings.isFlagPreviousDevices());
createCorrelationPropertiesCheckbox.setSelected(settings.shouldCreateCorrelationProperties());
}
@Override
public IngestModuleIngestJobSettings getSettings() {
return new IngestSettings(flagTaggedNotableItemsCheckbox.isSelected(), flagPreviouslySeenDevicesCheckbox.isSelected());
return new IngestSettings(flagTaggedNotableItemsCheckbox.isSelected(), flagPreviouslySeenDevicesCheckbox.isSelected(), createCorrelationPropertiesCheckbox.isSelected());
}
/**
@ -62,6 +63,7 @@ final class IngestSettingsPanel extends IngestModuleIngestJobSettingsPanel {
ingestSettingsLabel = new javax.swing.JLabel();
flagTaggedNotableItemsCheckbox = new javax.swing.JCheckBox();
flagPreviouslySeenDevicesCheckbox = new javax.swing.JCheckBox();
createCorrelationPropertiesCheckbox = new javax.swing.JCheckBox();
ingestSettingsLabel.setFont(new java.awt.Font("Tahoma", 1, 11)); // NOI18N
org.openide.awt.Mnemonics.setLocalizedText(ingestSettingsLabel, org.openide.util.NbBundle.getMessage(IngestSettingsPanel.class, "IngestSettingsPanel.ingestSettingsLabel.text")); // NOI18N
@ -70,6 +72,8 @@ final class IngestSettingsPanel extends IngestModuleIngestJobSettingsPanel {
org.openide.awt.Mnemonics.setLocalizedText(flagPreviouslySeenDevicesCheckbox, org.openide.util.NbBundle.getMessage(IngestSettingsPanel.class, "IngestSettingsPanel.flagPreviouslySeenDevicesCheckbox.text")); // NOI18N
org.openide.awt.Mnemonics.setLocalizedText(createCorrelationPropertiesCheckbox, org.openide.util.NbBundle.getMessage(IngestSettingsPanel.class, "IngestSettingsPanel.createCorrelationPropertiesCheckbox.text")); // NOI18N
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
this.setLayout(layout);
layout.setHorizontalGroup(
@ -80,9 +84,10 @@ final class IngestSettingsPanel extends IngestModuleIngestJobSettingsPanel {
.addComponent(ingestSettingsLabel)
.addGroup(layout.createSequentialGroup()
.addGap(10, 10, 10)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(flagPreviouslySeenDevicesCheckbox)
.addComponent(flagTaggedNotableItemsCheckbox))))
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
.addComponent(flagTaggedNotableItemsCheckbox, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(flagPreviouslySeenDevicesCheckbox, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(createCorrelationPropertiesCheckbox, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))))
.addContainerGap(65, Short.MAX_VALUE))
);
layout.setVerticalGroup(
@ -90,15 +95,18 @@ final class IngestSettingsPanel extends IngestModuleIngestJobSettingsPanel {
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addComponent(ingestSettingsLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addGap(9, 9, 9)
.addComponent(createCorrelationPropertiesCheckbox)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(flagTaggedNotableItemsCheckbox)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(flagPreviouslySeenDevicesCheckbox)
.addContainerGap(222, Short.MAX_VALUE))
.addContainerGap(197, Short.MAX_VALUE))
);
}// </editor-fold>//GEN-END:initComponents
// Variables declaration - do not modify//GEN-BEGIN:variables
private javax.swing.JCheckBox createCorrelationPropertiesCheckbox;
private javax.swing.JCheckBox flagPreviouslySeenDevicesCheckbox;
private javax.swing.JCheckBox flagTaggedNotableItemsCheckbox;
private javax.swing.JLabel ingestSettingsLabel;