mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-13 08:26:15 +00:00
Reduce public API of FileTypeDetector back to what it was
This commit is contained in:
Richard Cordovano
parent
e0614436a7
commit
e7773e5489
@ -6,4 +6,4 @@ OpenIDE-Module-Name=ExifParser
|
||||
OpenIDE-Module-Short-Description=Exif metadata ingest module
|
||||
ExifParserFileIngestModule.moduleName.text=Exif Parser
|
||||
ExifParserFileIngestModule.getDesc.text=Ingests JPEG files and retrieves their EXIF metadata.
|
||||
ExifParserFileIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the File Type Detector.
|
||||
ExifParserFileIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector.
|
||||
@ -1,7 +1,7 @@
|
||||
/*
|
||||
* Autopsy Forensic Browser
|
||||
*
|
||||
* Copyright 2011-2014 Basis Technology Corp.
|
||||
* Copyright 2011-2015 Basis Technology Corp.
|
||||
* Contact: carrier <at> sleuthkit <dot> org
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -60,7 +60,7 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(ExifParserFileIngestModule.class.getName());
|
||||
private final IngestServices services = IngestServices.getInstance();
|
||||
private AtomicInteger filesProcessed = new AtomicInteger(0);
|
||||
private final AtomicInteger filesProcessed = new AtomicInteger(0);
|
||||
private volatile boolean filesToFire = false;
|
||||
private long jobId;
|
||||
private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter();
|
||||
@ -76,12 +76,10 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
|
||||
try {
|
||||
fileTypeDetector = new FileTypeDetector();
|
||||
} catch (FileTypeDetector.FileTypeDetectorInitException ex) {
|
||||
logger.log(Level.SEVERE, NbBundle.getMessage(this.getClass(), "ExifParserFileIngestModule.startUp.fileTypeDetectorInitializationException.msg"), ex);
|
||||
throw new IngestModuleException(NbBundle.getMessage(this.getClass(), "ExifParserFileIngestModule.startUp.fileTypeDetectorInitializationException.msg"));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public ProcessResult process(AbstractFile content) {
|
||||
//skip unalloc
|
||||
@ -205,7 +203,12 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
|
||||
* @return true if to be processed
|
||||
*/
|
||||
private boolean parsableFormat(AbstractFile f) {
|
||||
return fileTypeDetector.getFileType(f).equals("image/jpeg");
|
||||
try {
|
||||
return fileTypeDetector.detect(f).equals("image/jpeg");
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.SEVERE, "Failed to detect file type", ex); //NON-NLS
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@ -44,3 +44,5 @@ FileTypeIdGlobalSettingsPanel.newTypeButton.text=New
|
||||
FileTypeIdGlobalSettingsPanel.jLabel1.text=Custom File Types
|
||||
FileTypeIdGlobalSettingsPanel.jLabel2.text=MIME Types:
|
||||
FileTypeIdGlobalSettingsPanel.jLabel3.text=Autopsy can automatically detect many file types. Add your custom file types here.
|
||||
FileTypeIdGlobalSettingsPanel.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector.
|
||||
|
||||
|
||||
@ -21,11 +21,9 @@ package org.sleuthkit.autopsy.modules.filetypeid;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Map;
|
||||
import java.util.SortedSet;
|
||||
import java.util.logging.Level;
|
||||
import org.apache.tika.Tika;
|
||||
import org.apache.tika.mime.MediaType;
|
||||
import org.apache.tika.mime.MimeTypes;
|
||||
import org.sleuthkit.autopsy.coreutils.Logger;
|
||||
import org.sleuthkit.datamodel.AbstractFile;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||
@ -41,7 +39,6 @@ public class FileTypeDetector {
|
||||
private static final int BUFFER_SIZE = 64 * 1024;
|
||||
private final byte buffer[] = new byte[BUFFER_SIZE];
|
||||
private final Map<String, FileType> userDefinedFileTypes;
|
||||
private static final Logger logger = Logger.getLogger(FileTypeDetector.class.getName());
|
||||
|
||||
/**
|
||||
* Constructs an object that detects the type of a file by an inspection of
|
||||
@ -98,47 +95,6 @@ public class FileTypeDetector {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* This method returns a string representing the mimetype of the provided
|
||||
* abstractFile. Blackboard-lookup is performed to check if the mimetype has
|
||||
* been already detected. If not, mimetype is determined using Apache Tika.
|
||||
*
|
||||
* @param abstractFile the file whose mimetype is to be determined.
|
||||
* @return mimetype of the abstractFile is returned. Empty String returned
|
||||
* in case of error.
|
||||
*/
|
||||
public String getFileType(AbstractFile abstractFile) {
|
||||
String identifiedFileType = "";
|
||||
|
||||
// check BB
|
||||
try {
|
||||
ArrayList<BlackboardAttribute> attributes = abstractFile.getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG);
|
||||
for (BlackboardAttribute attribute : attributes) {
|
||||
identifiedFileType = attribute.getValueString();
|
||||
break;
|
||||
}
|
||||
if (identifiedFileType != null && !identifiedFileType.isEmpty()) {
|
||||
return identifiedFileType;
|
||||
}
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.WARNING, "Error performing mimetype blackboard-lookup for " + abstractFile.getName(), ex);
|
||||
}
|
||||
|
||||
try {
|
||||
// check UDF and TDF
|
||||
identifiedFileType = detectAndPostToBlackboard(abstractFile);
|
||||
if (identifiedFileType != null && !identifiedFileType.isEmpty()) {
|
||||
return identifiedFileType;
|
||||
}
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.WARNING, "Error determining the mimetype for " + abstractFile.getName(), ex); // NON-NLS
|
||||
return ""; // NON-NLS
|
||||
}
|
||||
|
||||
logger.log(Level.WARNING, "Unable to determine the mimetype for {0}", abstractFile.getName()); // NON-NLS
|
||||
return ""; // NON-NLS
|
||||
}
|
||||
|
||||
/**
|
||||
* Detect the MIME type of a file, posting it to the blackboard if detection
|
||||
* succeeds.
|
||||
@ -148,9 +104,11 @@ public class FileTypeDetector {
|
||||
* @throws TskCoreException if there is an error posting to the blackboard.
|
||||
*/
|
||||
public String detectAndPostToBlackboard(AbstractFile file) throws TskCoreException {
|
||||
|
||||
String mimeType;
|
||||
mimeType = detect(file);
|
||||
String mimeType = lookupFileType(file);
|
||||
if (null != mimeType) {
|
||||
return mimeType;
|
||||
}
|
||||
mimeType = detectFileType(file);
|
||||
if (null != mimeType) {
|
||||
/**
|
||||
* Add the file type attribute to the general info artifact. Note
|
||||
@ -169,10 +127,42 @@ public class FileTypeDetector {
|
||||
* Detect the MIME type of a file.
|
||||
*
|
||||
* @param file The file to test.
|
||||
* @return The MIME type name id detection was successful, null otherwise.
|
||||
* @return The MIME type name if detection was successful, null otherwise.
|
||||
*/
|
||||
public String detect(AbstractFile file) throws TskCoreException {
|
||||
// Consistently mark unallocated and unused space as file type application/octet-stream
|
||||
String mimeType = lookupFileType(file);
|
||||
if (null != mimeType) {
|
||||
return mimeType;
|
||||
}
|
||||
return detectFileType(file);
|
||||
}
|
||||
|
||||
/**
|
||||
* Look up the MIME type of a file on the blackboard.
|
||||
*
|
||||
* @param file The file to test.
|
||||
* @return The MIME type name if look up was successful, null otherwise.
|
||||
*/
|
||||
private String lookupFileType(AbstractFile file) throws TskCoreException {
|
||||
String fileType = null;
|
||||
ArrayList<BlackboardAttribute> attributes = file.getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG);
|
||||
for (BlackboardAttribute attribute : attributes) {
|
||||
/**
|
||||
* There should be at most TSK_FILE_TYPE_SIG attribute.
|
||||
*/
|
||||
fileType = attribute.getValueString();
|
||||
break;
|
||||
}
|
||||
return fileType;
|
||||
}
|
||||
|
||||
/**
|
||||
* Detect the MIME type of a file.
|
||||
*
|
||||
* @param file The file to test.
|
||||
* @return The MIME type name if detection was successful, null otherwise.
|
||||
*/
|
||||
private String detectFileType(AbstractFile file) throws TskCoreException {
|
||||
if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)
|
||||
|| (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS)
|
||||
|| (file.isFile() == false)) {
|
||||
@ -224,17 +214,17 @@ public class FileTypeDetector {
|
||||
if (fileType.matches(file)) {
|
||||
if (fileType.alertOnMatch()) {
|
||||
BlackboardArtifact artifact;
|
||||
artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
|
||||
BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), FileTypeIdModuleFactory.getModuleName(), fileType.getFilesSetName());
|
||||
artifact.addAttribute(setNameAttribute);
|
||||
artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
|
||||
BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), FileTypeIdModuleFactory.getModuleName(), fileType.getFilesSetName());
|
||||
artifact.addAttribute(setNameAttribute);
|
||||
|
||||
/**
|
||||
* Use the MIME type as the category, i.e., the rule
|
||||
* that determined this file belongs to the interesting
|
||||
* files set.
|
||||
*/
|
||||
BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType());
|
||||
artifact.addAttribute(ruleNameAttribute);
|
||||
/**
|
||||
* Use the MIME type as the category, i.e., the rule that
|
||||
* determined this file belongs to the interesting files
|
||||
* set.
|
||||
*/
|
||||
BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType());
|
||||
artifact.addAttribute(ruleNameAttribute);
|
||||
}
|
||||
return fileType.getMimeType();
|
||||
}
|
||||
|
||||
@ -82,9 +82,7 @@ public class FileTypeIdIngestModule implements FileIngestModule {
|
||||
try {
|
||||
fileTypeDetector = new FileTypeDetector();
|
||||
} catch (FileTypeDetector.FileTypeDetectorInitException ex) {
|
||||
String errorMessage = "Failed to create file type detector"; //NON-NLS
|
||||
logger.log(Level.SEVERE, errorMessage, ex);
|
||||
throw new IngestModuleException(errorMessage);
|
||||
throw new IngestModuleException(NbBundle.getMessage(this.getClass(), "FileTypeIdIngestModule.startUp.fileTypeDetectorInitializationException.msg"));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -29,4 +29,4 @@ SevenZipIngestModule.unpack.encrFileDetected.msg=Encrypted files in archive dete
|
||||
SevenZipIngestModule.unpack.encrFileDetected.details=Some files in archive\: {0} are encrypted. {1} extractor was unable to extract all files from this archive.
|
||||
SevenZipIngestModule.UnpackStream.write.exception.msg=Error writing unpacked file to\: {0}
|
||||
SevenZipIngestModule.UnpackedTree.exception.msg=Error adding a derived file to db\:{0}
|
||||
SevenZipIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the File Type Detector.
|
||||
SevenZipIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector.
|
||||
|
||||
@ -103,7 +103,6 @@ public final class SevenZipIngestModule implements FileIngestModule {
|
||||
try {
|
||||
fileTypeDetector = new FileTypeDetector();
|
||||
} catch (FileTypeDetector.FileTypeDetectorInitException ex) {
|
||||
logger.log(Level.SEVERE, NbBundle.getMessage(this.getClass(), "SevenZipIngestModule.startUp.fileTypeDetectorInitializationException.msg"), ex);
|
||||
throw new IngestModuleException(NbBundle.getMessage(this.getClass(), "SevenZipIngestModule.startUp.fileTypeDetectorInitializationException.msg"));
|
||||
}
|
||||
|
||||
@ -288,7 +287,7 @@ public final class SevenZipIngestModule implements FileIngestModule {
|
||||
}
|
||||
|
||||
if (detectedFormat == null) {
|
||||
logger.log(Level.WARNING, "Could not detect format for file: " + archiveFile); //NON-NLS
|
||||
logger.log(Level.WARNING, "Could not detect format for file: {0}", archiveFile); //NON-NLS
|
||||
|
||||
// if we don't have attribute info then use file extension
|
||||
String extension = archiveFile.getNameExtension();
|
||||
@ -661,7 +660,12 @@ public final class SevenZipIngestModule implements FileIngestModule {
|
||||
* @return true if zip file, false otherwise
|
||||
*/
|
||||
private boolean isZipFileHeader(AbstractFile file) {
|
||||
return fileTypeDetector.getFileType(file).equals("application/zip"); //NON-NLS
|
||||
try {
|
||||
return fileTypeDetector.detect(file).equals("application/zip"); //NON-NLS
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.SEVERE, "Failed to detect file type", ex); //NON-NLS
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -283,4 +283,4 @@ KeywordSearchModuleFactory.createFileIngestModule.exception.msg=Expected setting
|
||||
SearchRunner.Searcher.done.err.msg=Error performing keyword search
|
||||
KeywordSearchGlobalSearchSettingsPanel.timeRadioButton5.toolTipText=Fastest overall, but no results until the end
|
||||
KeywordSearchGlobalSearchSettingsPanel.timeRadioButton5.text=No periodic searches
|
||||
KeywordSearchIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the File Type Detector.
|
||||
KeywordSearchIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector.
|
||||
|
||||
@ -24,6 +24,7 @@ import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.atomic.AtomicInteger;
|
||||
import java.util.logging.Level;
|
||||
import org.openide.util.Exceptions;
|
||||
import org.openide.util.NbBundle;
|
||||
import org.sleuthkit.autopsy.coreutils.Logger;
|
||||
import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
|
||||
@ -37,6 +38,7 @@ import org.sleuthkit.autopsy.ingest.IngestServices;
|
||||
import org.sleuthkit.autopsy.keywordsearch.Ingester.IngesterException;
|
||||
import org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector;
|
||||
import org.sleuthkit.datamodel.AbstractFile;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
import org.sleuthkit.datamodel.TskData;
|
||||
import org.sleuthkit.datamodel.TskData.FileKnown;
|
||||
|
||||
@ -132,7 +134,6 @@ public final class KeywordSearchIngestModule implements FileIngestModule {
|
||||
try {
|
||||
fileTypeDetector = new FileTypeDetector();
|
||||
} catch (FileTypeDetector.FileTypeDetectorInitException ex) {
|
||||
logger.log(Level.SEVERE, NbBundle.getMessage(this.getClass(), "KeywordSearchIngestModule.startUp.fileTypeDetectorInitializationException.msg"), ex);
|
||||
throw new IngestModuleException(NbBundle.getMessage(this.getClass(), "KeywordSearchIngestModule.startUp.fileTypeDetectorInitializationException.msg"));
|
||||
}
|
||||
ingester = Server.getIngester();
|
||||
@ -475,9 +476,11 @@ public final class KeywordSearchIngestModule implements FileIngestModule {
|
||||
return;
|
||||
}
|
||||
|
||||
String detectedFormat = fileTypeDetector.getFileType(aFile);
|
||||
if (detectedFormat == null) {
|
||||
logger.log(Level.WARNING, "Could not detect format using fileTypeDetector for file: {0}", aFile); //NON-NLS
|
||||
String detectedFormat;
|
||||
try {
|
||||
detectedFormat = fileTypeDetector.detectAndPostToBlackboard(aFile);
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.SEVERE, String.format("Could not detect format using fileTypeDetector for file: %s", aFile), ex); //NON-NLS
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user