mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

formatting, guid fixes

Browse Source
This commit is contained in:
Greg DiCristofaro 2021-05-07 11:23:12 -04:00
parent 46c4017fe7
commit e2c0a08ac4
1 changed files with 26 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
test/script/tskdbdiff.py
View File

@ -443,6 +443,7 @@ class TskGuidUtils:
""" """
guid_files = TskGuidUtils._get_guid_dict(db_conn, "SELECT obj_id, parent_path, name FROM tsk_files") guid_files = TskGuidUtils._get_guid_dict(db_conn, "SELECT obj_id, parent_path, name FROM tsk_files")
guid_vs_parts = TskGuidUtils._get_guid_dict(db_conn, "SELECT obj_id, addr, start FROM tsk_vs_parts", "_") guid_vs_parts = TskGuidUtils._get_guid_dict(db_conn, "SELECT obj_id, addr, start FROM tsk_vs_parts", "_")
guid_vs_info = TskGuidUtils._get_guid_dict(db_conn, "SELECT obj_id, vs_type, img_offset FROM tsk_vs_info", "_")
guid_fs_info = TskGuidUtils._get_guid_dict(db_conn, "SELECT obj_id, img_offset, fs_type FROM tsk_fs_info", "_") guid_fs_info = TskGuidUtils._get_guid_dict(db_conn, "SELECT obj_id, img_offset, fs_type FROM tsk_fs_info", "_")
guid_image_names = TskGuidUtils._get_guid_dict(db_conn, "SELECT obj_id, name FROM tsk_image_names " guid_image_names = TskGuidUtils._get_guid_dict(db_conn, "SELECT obj_id, name FROM tsk_image_names "
"WHERE sequence=0") "WHERE sequence=0")
@ -450,13 +451,21 @@ class TskGuidUtils:
guid_reports = TskGuidUtils._get_guid_dict(db_conn, "SELECT obj_id, path FROM reports") guid_reports = TskGuidUtils._get_guid_dict(db_conn, "SELECT obj_id, path FROM reports")
objid_artifacts = TskGuidUtils._get_guid_dict(db_conn, objid_artifacts = TskGuidUtils._get_guid_dict(db_conn,
"SELECT " "SELECT blackboard_artifacts.artifact_obj_id, "
"blackboard_artifacts.artifact_obj_id, " "blackboard_artifact_types.type_name "
"blackboard_artifact_types.type_name FROM " "FROM blackboard_artifacts "
"blackboard_artifacts INNER JOIN blackboard_artifact_types " "INNER JOIN blackboard_artifact_types "
"ON blackboard_artifact_types.artifact_type_id = " "ON blackboard_artifact_types.artifact_type_id = "
"blackboard_artifacts.artifact_type_id") "blackboard_artifacts.artifact_type_id")
artifact_objid_artifacts = TskGuidUtils._get_guid_dict(db_conn,
"SELECT blackboard_artifacts.artifact_id, "
"blackboard_artifact_types.type_name "
"FROM blackboard_artifacts "
"INNER JOIN blackboard_artifact_types "
"ON blackboard_artifact_types.artifact_type_id = "
"blackboard_artifacts.artifact_type_id")
cursor = db_conn.cursor() cursor = db_conn.cursor()
cursor.execute("SELECT obj_id, par_obj_id FROM tsk_objects") cursor.execute("SELECT obj_id, par_obj_id FROM tsk_objects")
par_obj_objects = dict([(row[0], row[1]) for row in cursor]) par_obj_objects = dict([(row[0], row[1]) for row in cursor])
@ -476,9 +485,10 @@ class TskGuidUtils:
guid_artifacts[k] = "/".join([path, v]) guid_artifacts[k] = "/".join([path, v])
return TskGuidUtils( return TskGuidUtils(
obj_id_guids={**guid_files, **guid_reports, **guid_os_accounts, **guid_vs_parts, # aggregate all the object id dictionaries together
obj_id_guids={**guid_files, **guid_reports, **guid_os_accounts, **guid_vs_parts, **guid_vs_info,
**guid_fs_info, **guid_fs_info, **guid_image_names, **guid_artifacts}, **guid_fs_info, **guid_fs_info, **guid_image_names, **guid_artifacts},
artifact_types=objid_artifacts) artifact_types=artifact_objid_artifacts)
artifact_types: Dict[int, str] artifact_types: Dict[int, str]
obj_id_guids: Dict[int, any] obj_id_guids: Dict[int, any]
@ -506,11 +516,11 @@ class TskGuidUtils:
return self.obj_id_guids[obj_id] if obj_id in self.obj_id_guids else omitted_value return self.obj_id_guids[obj_id] if obj_id in self.obj_id_guids else omitted_value
def get_guid_for_file_objid(self, obj_id, omitted_value: Union[str, None] = 'Object ID Omitted'): def get_guid_for_file_objid(self, obj_id, omitted_value: Union[str, None] = 'Object ID Omitted'):
# TODO this is just an alias; could probably be removed # this method is just an alias for get_guid_for_objid
return self.get_guid_for_objid(obj_id, omitted_value) return self.get_guid_for_objid(obj_id, omitted_value)
def get_guid_for_accountid(self, account_id, omitted_value: Union[str, None] = 'Account ID Omitted'): def get_guid_for_accountid(self, account_id, omitted_value: Union[str, None] = 'Account ID Omitted'):
# TODO this is just an alias; could probably be removed # this method is just an alias for get_guid_for_objid
return self.get_guid_for_objid(account_id, omitted_value) return self.get_guid_for_objid(account_id, omitted_value)
def get_guid_for_artifactid(self, artifact_id, omitted_value: Union[str, None] = 'Artifact ID Omitted'): def get_guid_for_artifactid(self, artifact_id, omitted_value: Union[str, None] = 'Artifact ID Omitted'):
@ -859,7 +869,7 @@ def normalize_regripper_files(path_str: Union[str, None]) -> Union[str, None]:
""" """
# takes a file name like "regripper-12345-full" and removes the id to become "regripper-full" # takes a file name like "regripper-12345-full" and removes the id to become "regripper-full"
return re.sub(r'regripper\-[0-9]+\-full', 'regripper-full', path_str) if path_str else None return re.sub(r'regripper-[0-9]+-full', 'regripper-full', path_str) if path_str else None
def normalize_tsk_files(guid_util: TskGuidUtils, row: Dict[str, any]) -> Dict[str, any]: def normalize_tsk_files(guid_util: TskGuidUtils, row: Dict[str, any]) -> Dict[str, any]:
@ -1088,19 +1098,19 @@ def write_normalized(guid_utils: TskGuidUtils, output_file, db_conn, table: str,
output_file.write(insert_statement) output_file.write(insert_statement)
def db_connect(db_file, isMultiUser, pgSettings=None): def db_connect(db_file, is_multi_user, pg_settings=None):
if isMultiUser: # use PostgreSQL if is_multi_user: # use PostgreSQL
try: try:
return psycopg2.connect("dbname=" + db_file + " user=" + pgSettings.username + " host=" + return psycopg2.connect("dbname=" + db_file + " user=" + pg_settings.username + " host=" +
pgSettings.pgHost + " password=" + pgSettings.password), None pg_settings.pgHost + " password=" + pg_settings.password), None
except: except:
print("Failed to connect to the database: " + db_file) print("Failed to connect to the database: " + db_file)
else: # Sqlite else: # Sqlite
# Make a copy that we can modify # Make a copy that we can modify
backup_db_file = TskDbDiff._get_tmp_file("tsk_backup_db", ".db") backup_db_file = TskDbDiff._get_tmp_file("tsk_backup_db", ".db")
shutil.copy(db_file, backup_db_file) shutil.copy(db_file, backup_db_file)
# We sometimes get situations with messed up permissions # We sometimes get situations with messed up permissions
os.chmod (backup_db_file, 0o777) os.chmod(backup_db_file, 0o777)
return sqlite3.connect(backup_db_file), backup_db_file return sqlite3.connect(backup_db_file), backup_db_file
@ -1113,7 +1123,7 @@ def main():
print("usage: tskdbdiff [OUTPUT DB PATH] [GOLD DB PATH]") print("usage: tskdbdiff [OUTPUT DB PATH] [GOLD DB PATH]")
sys.exit(1) sys.exit(1)
db_diff = TskDbDiff(output_db, gold_db, output_dir=".") db_diff = TskDbDiff(output_db, gold_db, output_dir=".")
dump_passed, bb_dump_passed = db_diff.run_diff() dump_passed, bb_dump_passed = db_diff.run_diff()
if dump_passed and bb_dump_passed: if dump_passed and bb_dump_passed: