mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-17 10:17:41 +00:00
Merge pull request #1125 from esaunders/rc-211
Replaced calls to SleuthkitCase.runQuery() with calls to SleuthkitCase.e...
This commit is contained in:
Richard Cordovano
commit
eaaa46525e
@ -28,6 +28,7 @@ import org.sleuthkit.datamodel.AbstractFile;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
|
||||
/**
|
||||
@ -228,40 +229,33 @@ public abstract class AbstractAbstractFileNode<T extends AbstractFile> extends A
|
||||
}
|
||||
@SuppressWarnings("deprecation")
|
||||
private static String getHashSetHitsForFile(AbstractFile content) {
|
||||
ResultSet rs = null;
|
||||
String strList = "";
|
||||
SleuthkitCase skCase = content.getSleuthkitCase();
|
||||
long objId = content.getId();
|
||||
|
||||
try {
|
||||
int setNameId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID();
|
||||
int artId = BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID();
|
||||
int setNameId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID();
|
||||
int artId = BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID();
|
||||
|
||||
String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " //NON-NLS
|
||||
+ "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS
|
||||
+ "attribute_type_id=" + setNameId //NON-NLS
|
||||
+ " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS
|
||||
+ " AND blackboard_artifacts.artifact_type_id=" + artId //NON-NLS
|
||||
+ " AND blackboard_artifacts.obj_id=" + objId; //NON-NLS
|
||||
rs = skCase.runQuery(query);
|
||||
String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " //NON-NLS
|
||||
+ "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS
|
||||
+ "attribute_type_id=" + setNameId //NON-NLS
|
||||
+ " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS
|
||||
+ " AND blackboard_artifacts.artifact_type_id=" + artId //NON-NLS
|
||||
+ " AND blackboard_artifacts.obj_id=" + objId; //NON-NLS
|
||||
|
||||
try (CaseDbQuery dbQuery = skCase.executeQuery(query)) {
|
||||
ResultSet resultSet = dbQuery.getResultSet();
|
||||
int i = 0;
|
||||
while (rs.next()) {
|
||||
while (resultSet.next()) {
|
||||
if (i++ > 0) {
|
||||
strList += ", ";
|
||||
}
|
||||
strList += rs.getString("value_text"); //NON-NLS
|
||||
}
|
||||
} catch (SQLException ex) {
|
||||
logger.log(Level.WARNING, "SQL Exception occurred: ", ex); //NON-NLS
|
||||
} finally {
|
||||
if (rs != null) {
|
||||
try {
|
||||
skCase.closeRunQuery(rs);
|
||||
} catch (SQLException ex) {
|
||||
logger.log(Level.WARNING, "Error closing result set after getting hashset hits", ex); //NON-NLS
|
||||
}
|
||||
strList += resultSet.getString("value_text"); //NON-NLS
|
||||
}
|
||||
} catch (TskCoreException | SQLException ex) {
|
||||
logger.log(Level.WARNING, "Error getting hashset hits: ", ex); //NON-NLS
|
||||
}
|
||||
|
||||
return strList;
|
||||
}
|
||||
|
||||
|
||||
@ -44,6 +44,8 @@ import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
import org.sleuthkit.datamodel.TskException;
|
||||
|
||||
/**
|
||||
@ -95,18 +97,19 @@ public class EmailExtracted implements AutopsyVisitableItem {
|
||||
return;
|
||||
}
|
||||
|
||||
try {
|
||||
int artId = BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID();
|
||||
int pathAttrId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID();
|
||||
String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " //NON-NLS
|
||||
+ "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS
|
||||
+ "attribute_type_id=" + pathAttrId //NON-NLS
|
||||
+ " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS
|
||||
+ " AND blackboard_artifacts.artifact_type_id=" + artId; //NON-NLS
|
||||
ResultSet rs = skCase.runQuery(query);
|
||||
while (rs.next()) {
|
||||
final String path = rs.getString("value_text"); //NON-NLS
|
||||
final long artifactId = rs.getLong("artifact_id"); //NON-NLS
|
||||
int artId = BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID();
|
||||
int pathAttrId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH.getTypeID();
|
||||
String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " //NON-NLS
|
||||
+ "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS
|
||||
+ "attribute_type_id=" + pathAttrId //NON-NLS
|
||||
+ " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS
|
||||
+ " AND blackboard_artifacts.artifact_type_id=" + artId; //NON-NLS
|
||||
|
||||
try (CaseDbQuery dbQuery = skCase.executeQuery(query)) {
|
||||
ResultSet resultSet = dbQuery.getResultSet();
|
||||
while (resultSet.next()) {
|
||||
final String path = resultSet.getString("value_text"); //NON-NLS
|
||||
final long artifactId = resultSet.getLong("artifact_id"); //NON-NLS
|
||||
final Map<String, String> parsedPath = parsePath(path);
|
||||
final String account = parsedPath.get(MAIL_ACCOUNT);
|
||||
final String folder = parsedPath.get(MAIL_FOLDER);
|
||||
@ -123,10 +126,8 @@ public class EmailExtracted implements AutopsyVisitableItem {
|
||||
}
|
||||
messages.add(artifactId);
|
||||
}
|
||||
skCase.closeRunQuery(rs);
|
||||
|
||||
} catch (SQLException ex) {
|
||||
logger.log(Level.WARNING, "Cannot initialize email extraction", ex); //NON-NLS
|
||||
} catch (TskCoreException | SQLException ex) {
|
||||
logger.log(Level.WARNING, "Cannot initialize email extraction: ", ex); //NON-NLS
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -46,6 +46,8 @@ import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
import org.sleuthkit.datamodel.TskException;
|
||||
|
||||
/**
|
||||
@ -99,35 +101,28 @@ public class HashsetHits implements AutopsyVisitableItem {
|
||||
return;
|
||||
}
|
||||
|
||||
ResultSet rs = null;
|
||||
try {
|
||||
int setNameId = ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID();
|
||||
int artId = ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID();
|
||||
String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " //NON-NLS
|
||||
+ "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS
|
||||
+ "attribute_type_id=" + setNameId //NON-NLS
|
||||
+ " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS
|
||||
+ " AND blackboard_artifacts.artifact_type_id=" + artId; //NON-NLS
|
||||
rs = skCase.runQuery(query);
|
||||
while (rs.next()) {
|
||||
String setName = rs.getString("value_text"); //NON-NLS
|
||||
long artifactId = rs.getLong("artifact_id"); //NON-NLS
|
||||
int setNameId = ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID();
|
||||
int artId = ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID();
|
||||
String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " //NON-NLS
|
||||
+ "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS
|
||||
+ "attribute_type_id=" + setNameId //NON-NLS
|
||||
+ " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS
|
||||
+ " AND blackboard_artifacts.artifact_type_id=" + artId; //NON-NLS
|
||||
|
||||
try (CaseDbQuery dbQuery = skCase.executeQuery(query)) {
|
||||
ResultSet resultSet = dbQuery.getResultSet();
|
||||
while (resultSet.next()) {
|
||||
String setName = resultSet.getString("value_text"); //NON-NLS
|
||||
long artifactId = resultSet.getLong("artifact_id"); //NON-NLS
|
||||
if (!hashSetHitsMap.containsKey(setName)) {
|
||||
hashSetHitsMap.put(setName, new HashSet<Long>());
|
||||
}
|
||||
hashSetHitsMap.get(setName).add(artifactId);
|
||||
}
|
||||
} catch (SQLException ex) {
|
||||
} catch (TskCoreException | SQLException ex) {
|
||||
logger.log(Level.WARNING, "SQL Exception occurred: ", ex); //NON-NLS
|
||||
} finally {
|
||||
if (rs != null) {
|
||||
try {
|
||||
skCase.closeRunQuery(rs);
|
||||
} catch (SQLException ex) {
|
||||
logger.log(Level.WARNING, "Error closing result set after getting hashset hits", ex); //NON-NLS
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
setChanged();
|
||||
notifyObservers();
|
||||
}
|
||||
|
||||
@ -47,6 +47,7 @@ import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
|
||||
|
||||
@ -94,36 +95,27 @@ public class InterestingHits implements AutopsyVisitableItem {
|
||||
return;
|
||||
}
|
||||
|
||||
ResultSet rs = null;
|
||||
try {
|
||||
int setNameId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID();
|
||||
int artId = artType.getTypeID();
|
||||
String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " //NON-NLS
|
||||
+ "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS
|
||||
+ "attribute_type_id=" + setNameId //NON-NLS
|
||||
+ " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS
|
||||
+ " AND blackboard_artifacts.artifact_type_id=" + artId; //NON-NLS
|
||||
rs = skCase.runQuery(query);
|
||||
while (rs.next()) {
|
||||
String value = rs.getString("value_text"); //NON-NLS
|
||||
long artifactId = rs.getLong("artifact_id"); //NON-NLS
|
||||
int setNameId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID();
|
||||
int artId = artType.getTypeID();
|
||||
String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " //NON-NLS
|
||||
+ "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS
|
||||
+ "attribute_type_id=" + setNameId //NON-NLS
|
||||
+ " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS
|
||||
+ " AND blackboard_artifacts.artifact_type_id=" + artId; //NON-NLS
|
||||
|
||||
try (CaseDbQuery dbQuery = skCase.executeQuery(query)) {
|
||||
ResultSet resultSet = dbQuery.getResultSet();
|
||||
while (resultSet.next()) {
|
||||
String value = resultSet.getString("value_text"); //NON-NLS
|
||||
long artifactId = resultSet.getLong("artifact_id"); //NON-NLS
|
||||
if (!interestingItemsMap.containsKey(value)) {
|
||||
interestingItemsMap.put(value, new HashSet<>());
|
||||
}
|
||||
interestingItemsMap.get(value).add(artifactId);
|
||||
}
|
||||
} catch (SQLException ex) {
|
||||
} catch (TskCoreException | SQLException ex) {
|
||||
logger.log(Level.WARNING, "SQL Exception occurred: ", ex); //NON-NLS
|
||||
}
|
||||
finally {
|
||||
if (rs != null) {
|
||||
try {
|
||||
skCase.closeRunQuery(rs);
|
||||
} catch (SQLException ex) {
|
||||
logger.log(Level.WARNING, "Error closing result set after getting artifacts", ex); //NON-NLS
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -46,6 +46,7 @@ import org.sleuthkit.datamodel.AbstractFile;
|
||||
import org.sleuthkit.datamodel.BlackboardArtifact;
|
||||
import org.sleuthkit.datamodel.BlackboardAttribute;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
import org.sleuthkit.datamodel.TskException;
|
||||
|
||||
@ -163,24 +164,24 @@ public class KeywordHits implements AutopsyVisitableItem {
|
||||
return;
|
||||
}
|
||||
|
||||
ResultSet rs = null;
|
||||
try {
|
||||
int setId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID();
|
||||
int wordId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID();
|
||||
int regexId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP.getTypeID();
|
||||
int artId = BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID();
|
||||
String query = "SELECT blackboard_attributes.value_text,blackboard_attributes.artifact_id," //NON-NLS
|
||||
+ "blackboard_attributes.attribute_type_id FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS
|
||||
+ "(blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id AND " //NON-NLS
|
||||
+ "blackboard_artifacts.artifact_type_id=" + artId //NON-NLS
|
||||
+ ") AND (attribute_type_id=" + setId + " OR " //NON-NLS
|
||||
+ "attribute_type_id=" + wordId + " OR " //NON-NLS
|
||||
+ "attribute_type_id=" + regexId + ")"; //NON-NLS
|
||||
rs = skCase.runQuery(query);
|
||||
while (rs.next()) {
|
||||
String value = rs.getString("value_text"); //NON-NLS
|
||||
long artifactId = rs.getLong("artifact_id"); //NON-NLS
|
||||
long typeId = rs.getLong("attribute_type_id"); //NON-NLS
|
||||
int setId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID();
|
||||
int wordId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID();
|
||||
int regexId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP.getTypeID();
|
||||
int artId = BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID();
|
||||
String query = "SELECT blackboard_attributes.value_text,blackboard_attributes.artifact_id," //NON-NLS
|
||||
+ "blackboard_attributes.attribute_type_id FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS
|
||||
+ "(blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id AND " //NON-NLS
|
||||
+ "blackboard_artifacts.artifact_type_id=" + artId //NON-NLS
|
||||
+ ") AND (attribute_type_id=" + setId + " OR " //NON-NLS
|
||||
+ "attribute_type_id=" + wordId + " OR " //NON-NLS
|
||||
+ "attribute_type_id=" + regexId + ")"; //NON-NLS
|
||||
|
||||
try (CaseDbQuery dbQuery = skCase.executeQuery(query)) {
|
||||
ResultSet resultSet = dbQuery.getResultSet();
|
||||
while (resultSet.next()) {
|
||||
String value = resultSet.getString("value_text"); //NON-NLS
|
||||
long artifactId = resultSet.getLong("artifact_id"); //NON-NLS
|
||||
long typeId = resultSet.getLong("attribute_type_id"); //NON-NLS
|
||||
if (!artifactIds.containsKey(artifactId)) {
|
||||
artifactIds.put(artifactId, new LinkedHashMap<Long, String>());
|
||||
}
|
||||
@ -188,17 +189,10 @@ public class KeywordHits implements AutopsyVisitableItem {
|
||||
artifactIds.get(artifactId).put(typeId, value);
|
||||
}
|
||||
}
|
||||
} catch (SQLException ex) {
|
||||
} catch (TskCoreException | SQLException ex) {
|
||||
logger.log(Level.WARNING, "SQL Exception occurred: ", ex); //NON-NLS
|
||||
} finally {
|
||||
if (rs != null) {
|
||||
try {
|
||||
skCase.closeRunQuery(rs);
|
||||
} catch (SQLException ex) {
|
||||
logger.log(Level.WARNING, "Error closing result set after getting keyword hits", ex); //NON-NLS
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
populateMaps(artifactIds);
|
||||
}
|
||||
}
|
||||
|
||||
@ -29,6 +29,8 @@ import org.sleuthkit.autopsy.coreutils.Logger;
|
||||
import org.openide.nodes.ChildFactory;
|
||||
import org.openide.nodes.Node;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
|
||||
/**
|
||||
*
|
||||
@ -82,21 +84,14 @@ import org.sleuthkit.datamodel.SleuthkitCase;
|
||||
@SuppressWarnings("deprecation")
|
||||
private long runTimeQuery(String query) {
|
||||
long result = 0;
|
||||
ResultSet rs = null;
|
||||
try {
|
||||
rs = skCase.runQuery(query);
|
||||
result = rs.getLong(1);
|
||||
} catch (SQLException ex) {
|
||||
logger.log(Level.WARNING, "Couldn't get recent files results", ex); //NON-NLS
|
||||
} finally {
|
||||
if (rs != null) {
|
||||
try {
|
||||
skCase.closeRunQuery(rs);
|
||||
} catch (SQLException ex) {
|
||||
logger.log(Level.WARNING, "Error closing result set after getting recent files results", ex); //NON-NLS
|
||||
}
|
||||
}
|
||||
|
||||
try (CaseDbQuery dbQuery = skCase.executeQuery(query)) {
|
||||
ResultSet resultSet = dbQuery.getResultSet();
|
||||
result = resultSet.getLong(1);
|
||||
} catch (TskCoreException | SQLException ex) {
|
||||
logger.log(Level.WARNING, "Couldn't get recent files results: ", ex); //NON-NLS
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
||||
|
||||
@ -63,6 +63,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
|
||||
import org.sleuthkit.datamodel.Content;
|
||||
import org.sleuthkit.datamodel.ContentTag;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
import org.sleuthkit.datamodel.TskData;
|
||||
|
||||
@ -888,19 +889,22 @@ import org.sleuthkit.datamodel.TskData;
|
||||
*/
|
||||
@SuppressWarnings("deprecation")
|
||||
private void writeKeywordHits(List<TableReportModule> tableModules, String comment, HashSet<String> tagNamesFilter) {
|
||||
ResultSet listsRs = null;
|
||||
try {
|
||||
// Query for keyword lists-only so that we can tell modules what lists
|
||||
// will exist for their index.
|
||||
// @@@ There is a bug in here. We should use the tags in the below code
|
||||
// so that we only report the lists that we will later provide with real
|
||||
// hits. If no keyord hits are tagged, then we make the page for nothing.
|
||||
listsRs = skCase.runQuery("SELECT att.value_text AS list " + //NON-NLS
|
||||
"FROM blackboard_attributes AS att, blackboard_artifacts AS art " + //NON-NLS
|
||||
"WHERE att.attribute_type_id = " + ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID() + " " + //NON-NLS
|
||||
"AND art.artifact_type_id = " + ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID() + " " + //NON-NLS
|
||||
"AND att.artifact_id = art.artifact_id " + //NON-NLS
|
||||
"GROUP BY list"); //NON-NLS
|
||||
|
||||
// Query for keyword lists-only so that we can tell modules what lists
|
||||
// will exist for their index.
|
||||
// @@@ There is a bug in here. We should use the tags in the below code
|
||||
// so that we only report the lists that we will later provide with real
|
||||
// hits. If no keyord hits are tagged, then we make the page for nothing.
|
||||
String keywordListQuery =
|
||||
"SELECT att.value_text AS list " + //NON-NLS
|
||||
"FROM blackboard_attributes AS att, blackboard_artifacts AS art " + //NON-NLS
|
||||
"WHERE att.attribute_type_id = " + ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID() + " " + //NON-NLS
|
||||
"AND art.artifact_type_id = " + ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID() + " " + //NON-NLS
|
||||
"AND att.artifact_id = art.artifact_id " + //NON-NLS
|
||||
"GROUP BY list"; //NON-NLS
|
||||
|
||||
try (CaseDbQuery dbQuery = skCase.executeQuery(keywordListQuery)) {
|
||||
ResultSet listsRs = dbQuery.getResultSet();
|
||||
List<String> lists = new ArrayList<>();
|
||||
while(listsRs.next()) {
|
||||
String list = listsRs.getString("list"); //NON-NLS
|
||||
@ -919,36 +923,32 @@ import org.sleuthkit.datamodel.TskData;
|
||||
ARTIFACT_TYPE.TSK_KEYWORD_HIT.getDisplayName()));
|
||||
}
|
||||
}
|
||||
catch (SQLException ex) {
|
||||
catch (TskCoreException | SQLException ex) {
|
||||
errorList.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.errList.failedQueryKWLists"));
|
||||
logger.log(Level.SEVERE, "Failed to query keyword lists.", ex); //NON-NLS
|
||||
logger.log(Level.SEVERE, "Failed to query keyword lists: ", ex); //NON-NLS
|
||||
return;
|
||||
} finally {
|
||||
if (listsRs != null) {
|
||||
try {
|
||||
skCase.closeRunQuery(listsRs);
|
||||
} catch (SQLException ex) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ResultSet rs = null;
|
||||
try {
|
||||
// Query for keywords, grouped by list
|
||||
rs = skCase.runQuery("SELECT art.artifact_id, art.obj_id, att1.value_text AS keyword, att2.value_text AS preview, att3.value_text AS list, f.name AS name, f.parent_path AS parent_path " + //NON-NLS
|
||||
"FROM blackboard_artifacts AS art, blackboard_attributes AS att1, blackboard_attributes AS att2, blackboard_attributes AS att3, tsk_files AS f " + //NON-NLS
|
||||
"WHERE (att1.artifact_id = art.artifact_id) " + //NON-NLS
|
||||
"AND (att2.artifact_id = art.artifact_id) " + //NON-NLS
|
||||
"AND (att3.artifact_id = art.artifact_id) " + //NON-NLS
|
||||
"AND (f.obj_id = art.obj_id) " + //NON-NLS
|
||||
"AND (att1.attribute_type_id = " + ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID() + ") " + //NON-NLS
|
||||
"AND (att2.attribute_type_id = " + ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW.getTypeID() + ") " + //NON-NLS
|
||||
"AND (att3.attribute_type_id = " + ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID() + ") " + //NON-NLS
|
||||
"AND (art.artifact_type_id = " + ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID() + ") " + //NON-NLS
|
||||
"ORDER BY list, keyword, parent_path, name"); //NON-NLS
|
||||
// Query for keywords, grouped by list
|
||||
String keywordsQuery =
|
||||
"SELECT art.artifact_id, art.obj_id, att1.value_text AS keyword, att2.value_text AS preview, att3.value_text AS list, f.name AS name, f.parent_path AS parent_path " + //NON-NLS
|
||||
"FROM blackboard_artifacts AS art, blackboard_attributes AS att1, blackboard_attributes AS att2, blackboard_attributes AS att3, tsk_files AS f " + //NON-NLS
|
||||
"WHERE (att1.artifact_id = art.artifact_id) " + //NON-NLS
|
||||
"AND (att2.artifact_id = art.artifact_id) " + //NON-NLS
|
||||
"AND (att3.artifact_id = art.artifact_id) " + //NON-NLS
|
||||
"AND (f.obj_id = art.obj_id) " + //NON-NLS
|
||||
"AND (att1.attribute_type_id = " + ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID() + ") " + //NON-NLS
|
||||
"AND (att2.attribute_type_id = " + ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW.getTypeID() + ") " + //NON-NLS
|
||||
"AND (att3.attribute_type_id = " + ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID() + ") " + //NON-NLS
|
||||
"AND (art.artifact_type_id = " + ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID() + ") " + //NON-NLS
|
||||
"ORDER BY list, keyword, parent_path, name"; //NON-NLS
|
||||
|
||||
try (CaseDbQuery dbQuery = skCase.executeQuery(keywordsQuery)) {
|
||||
ResultSet resultSet = dbQuery.getResultSet();
|
||||
|
||||
String currentKeyword = "";
|
||||
String currentList = "";
|
||||
while (rs.next()) {
|
||||
while (resultSet.next()) {
|
||||
// Check to see if all the TableReportModules have been canceled
|
||||
if (tableModules.isEmpty()) {
|
||||
break;
|
||||
@ -962,16 +962,16 @@ import org.sleuthkit.datamodel.TskData;
|
||||
}
|
||||
|
||||
// Get any tags that associated with this artifact and apply the tag filter.
|
||||
HashSet<String> uniqueTagNames = getUniqueTagNames(rs.getLong("artifact_id")); //NON-NLS
|
||||
HashSet<String> uniqueTagNames = getUniqueTagNames(resultSet.getLong("artifact_id")); //NON-NLS
|
||||
if(failsTagFilter(uniqueTagNames, tagNamesFilter)) {
|
||||
continue;
|
||||
}
|
||||
String tagsList = makeCommaSeparatedList(uniqueTagNames);
|
||||
|
||||
Long objId = rs.getLong("obj_id"); //NON-NLS
|
||||
String keyword = rs.getString("keyword"); //NON-NLS
|
||||
String preview = rs.getString("preview"); //NON-NLS
|
||||
String list = rs.getString("list"); //NON-NLS
|
||||
Long objId = resultSet.getLong("obj_id"); //NON-NLS
|
||||
String keyword = resultSet.getString("keyword"); //NON-NLS
|
||||
String preview = resultSet.getString("preview"); //NON-NLS
|
||||
String list = resultSet.getString("list"); //NON-NLS
|
||||
String uniquePath = "";
|
||||
|
||||
try {
|
||||
@ -1025,16 +1025,9 @@ import org.sleuthkit.datamodel.TskData;
|
||||
tableProgress.get(module).increment();
|
||||
module.endDataType();
|
||||
}
|
||||
} catch (SQLException ex) {
|
||||
} catch (TskCoreException | SQLException ex) {
|
||||
errorList.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.errList.failedQueryKWs"));
|
||||
logger.log(Level.SEVERE, "Failed to query keywords.", ex); //NON-NLS
|
||||
} finally {
|
||||
if (rs != null) {
|
||||
try {
|
||||
skCase.closeRunQuery(rs);
|
||||
} catch (SQLException ex) {
|
||||
}
|
||||
}
|
||||
logger.log(Level.SEVERE, "Failed to query keywords: ", ex); //NON-NLS
|
||||
}
|
||||
}
|
||||
|
||||
@ -1044,15 +1037,17 @@ import org.sleuthkit.datamodel.TskData;
|
||||
*/
|
||||
@SuppressWarnings("deprecation")
|
||||
private void writeHashsetHits(List<TableReportModule> tableModules, String comment, HashSet<String> tagNamesFilter) {
|
||||
ResultSet listsRs = null;
|
||||
try {
|
||||
String hashsetsQuery =
|
||||
"SELECT att.value_text AS list " + //NON-NLS
|
||||
"FROM blackboard_attributes AS att, blackboard_artifacts AS art " + //NON-NLS
|
||||
"WHERE att.attribute_type_id = " + ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID() + " " + //NON-NLS
|
||||
"AND art.artifact_type_id = " + ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID() + " " + //NON-NLS
|
||||
"AND att.artifact_id = art.artifact_id " + //NON-NLS
|
||||
"GROUP BY list"; //NON-NLS
|
||||
|
||||
try (CaseDbQuery dbQuery = skCase.executeQuery(hashsetsQuery)) {
|
||||
// Query for hashsets
|
||||
listsRs = skCase.runQuery("SELECT att.value_text AS list " + //NON-NLS
|
||||
"FROM blackboard_attributes AS att, blackboard_artifacts AS art " + //NON-NLS
|
||||
"WHERE att.attribute_type_id = " + ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID() + " " + //NON-NLS
|
||||
"AND art.artifact_type_id = " + ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID() + " " + //NON-NLS
|
||||
"AND att.artifact_id = art.artifact_id " + //NON-NLS
|
||||
"GROUP BY list"); //NON-NLS
|
||||
ResultSet listsRs = dbQuery.getResultSet();
|
||||
List<String> lists = new ArrayList<>();
|
||||
while(listsRs.next()) {
|
||||
lists.add(listsRs.getString("list")); //NON-NLS
|
||||
@ -1065,31 +1060,26 @@ import org.sleuthkit.datamodel.TskData;
|
||||
NbBundle.getMessage(this.getClass(), "ReportGenerator.progress.processing",
|
||||
ARTIFACT_TYPE.TSK_HASHSET_HIT.getDisplayName()));
|
||||
}
|
||||
} catch (SQLException ex) {
|
||||
} catch (TskCoreException | SQLException ex) {
|
||||
errorList.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.errList.failedQueryHashsetLists"));
|
||||
logger.log(Level.SEVERE, "Failed to query hashset lists.", ex); //NON-NLS
|
||||
logger.log(Level.SEVERE, "Failed to query hashset lists: ", ex); //NON-NLS
|
||||
return;
|
||||
} finally {
|
||||
if (listsRs != null) {
|
||||
try {
|
||||
skCase.closeRunQuery(listsRs);
|
||||
} catch (SQLException ex) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
ResultSet rs = null;
|
||||
try {
|
||||
String hashsetHitsQuery =
|
||||
"SELECT art.artifact_id, art.obj_id, att.value_text AS setname, f.name AS name, f.size AS size, f.parent_path AS parent_path " + //NON-NLS
|
||||
"FROM blackboard_artifacts AS art, blackboard_attributes AS att, tsk_files AS f " + //NON-NLS
|
||||
"WHERE (att.artifact_id = art.artifact_id) " + //NON-NLS
|
||||
"AND (f.obj_id = art.obj_id) " + //NON-NLS
|
||||
"AND (att.attribute_type_id = " + ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID() + ") " + //NON-NLS
|
||||
"AND (art.artifact_type_id = " + ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID() + ") " + //NON-NLS
|
||||
"ORDER BY setname, parent_path, name, size"; //NON-NLS
|
||||
|
||||
try (CaseDbQuery dbQuery = skCase.executeQuery(hashsetHitsQuery)) {
|
||||
// Query for hashset hits
|
||||
rs = skCase.runQuery("SELECT art.artifact_id, art.obj_id, att.value_text AS setname, f.name AS name, f.size AS size, f.parent_path AS parent_path " + //NON-NLS
|
||||
"FROM blackboard_artifacts AS art, blackboard_attributes AS att, tsk_files AS f " + //NON-NLS
|
||||
"WHERE (att.artifact_id = art.artifact_id) " + //NON-NLS
|
||||
"AND (f.obj_id = art.obj_id) " + //NON-NLS
|
||||
"AND (att.attribute_type_id = " + ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID() + ") " + //NON-NLS
|
||||
"AND (art.artifact_type_id = " + ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID() + ") " + //NON-NLS
|
||||
"ORDER BY setname, parent_path, name, size"); //NON-NLS
|
||||
ResultSet resultSet = dbQuery.getResultSet();
|
||||
String currentSet = "";
|
||||
while (rs.next()) {
|
||||
while (resultSet.next()) {
|
||||
// Check to see if all the TableReportModules have been canceled
|
||||
if (tableModules.isEmpty()) {
|
||||
break;
|
||||
@ -1103,15 +1093,15 @@ import org.sleuthkit.datamodel.TskData;
|
||||
}
|
||||
|
||||
// Get any tags that associated with this artifact and apply the tag filter.
|
||||
HashSet<String> uniqueTagNames = getUniqueTagNames(rs.getLong("artifact_id")); //NON-NLS
|
||||
HashSet<String> uniqueTagNames = getUniqueTagNames(resultSet.getLong("artifact_id")); //NON-NLS
|
||||
if(failsTagFilter(uniqueTagNames, tagNamesFilter)) {
|
||||
continue;
|
||||
}
|
||||
String tagsList = makeCommaSeparatedList(uniqueTagNames);
|
||||
|
||||
Long objId = rs.getLong("obj_id"); //NON-NLS
|
||||
String set = rs.getString("setname"); //NON-NLS
|
||||
String size = rs.getString("size"); //NON-NLS
|
||||
Long objId = resultSet.getLong("obj_id"); //NON-NLS
|
||||
String set = resultSet.getString("setname"); //NON-NLS
|
||||
String size = resultSet.getString("size"); //NON-NLS
|
||||
String uniquePath = "";
|
||||
|
||||
try {
|
||||
@ -1152,16 +1142,9 @@ import org.sleuthkit.datamodel.TskData;
|
||||
tableProgress.get(module).increment();
|
||||
module.endDataType();
|
||||
}
|
||||
} catch (SQLException ex) {
|
||||
} catch (TskCoreException | SQLException ex) {
|
||||
errorList.add(NbBundle.getMessage(this.getClass(), "ReportGenerator.errList.failedQueryHashsetHits"));
|
||||
logger.log(Level.SEVERE, "Failed to query hashsets hits.", ex); //NON-NLS
|
||||
} finally {
|
||||
if (rs != null) {
|
||||
try {
|
||||
skCase.closeRunQuery(rs);
|
||||
} catch (SQLException ex) {
|
||||
}
|
||||
}
|
||||
logger.log(Level.SEVERE, "Failed to query hashsets hits: ", ex); //NON-NLS
|
||||
}
|
||||
}
|
||||
|
||||
@ -1874,14 +1857,22 @@ import org.sleuthkit.datamodel.TskData;
|
||||
* @throws SQLException
|
||||
*/
|
||||
@SuppressWarnings("deprecation")
|
||||
private HashSet<String> getUniqueTagNames(long artifactId) throws SQLException {
|
||||
private HashSet<String> getUniqueTagNames(long artifactId) throws TskCoreException {
|
||||
HashSet<String> uniqueTagNames = new HashSet<>();
|
||||
ResultSet tagNameRows = skCase.runQuery("SELECT display_name, artifact_id FROM tag_names AS tn, blackboard_artifact_tags AS bat " + //NON-NLS
|
||||
"WHERE tn.tag_name_id = bat.tag_name_id AND bat.artifact_id = " + artifactId); //NON-NLS
|
||||
while (tagNameRows.next()) {
|
||||
uniqueTagNames.add(tagNameRows.getString("display_name")); //NON-NLS
|
||||
|
||||
String query = "SELECT display_name, artifact_id FROM tag_names AS tn, blackboard_artifact_tags AS bat " + //NON-NLS
|
||||
"WHERE tn.tag_name_id = bat.tag_name_id AND bat.artifact_id = " + artifactId; //NON-NLS
|
||||
|
||||
try (CaseDbQuery dbQuery = skCase.executeQuery(query)) {
|
||||
ResultSet tagNameRows = dbQuery.getResultSet();
|
||||
while (tagNameRows.next()) {
|
||||
uniqueTagNames.add(tagNameRows.getString("display_name")); //NON-NLS
|
||||
}
|
||||
}
|
||||
skCase.closeRunQuery(tagNameRows);
|
||||
catch (TskCoreException | SQLException ex) {
|
||||
throw new TskCoreException("Error getting tag names for artifact: ", ex);
|
||||
}
|
||||
|
||||
return uniqueTagNames;
|
||||
}
|
||||
|
||||
|
||||
@ -78,6 +78,7 @@ import org.sleuthkit.autopsy.timeline.zooming.DescriptionLOD;
|
||||
import org.sleuthkit.autopsy.timeline.zooming.EventTypeZoomLevel;
|
||||
import org.sleuthkit.autopsy.timeline.zooming.ZoomParams;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase;
|
||||
import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
|
||||
/** Controller in the MVC design along with model = {@link FilteredEventsModel}
|
||||
@ -357,13 +358,15 @@ public class TimeLineController {
|
||||
@SuppressWarnings("deprecation")
|
||||
private long getCaseLastArtifactID(final SleuthkitCase sleuthkitCase) {
|
||||
long caseLastArtfId = -1;
|
||||
try (ResultSet runQuery = sleuthkitCase.runQuery("select Max(artifact_id) as max_id from blackboard_artifacts")) { // NON-NLS
|
||||
while (runQuery.next()) {
|
||||
caseLastArtfId = runQuery.getLong("max_id"); // NON-NLS
|
||||
String query = "select Max(artifact_id) as max_id from blackboard_artifacts"; // NON-NLS
|
||||
|
||||
try (CaseDbQuery dbQuery = sleuthkitCase.executeQuery(query)) {
|
||||
ResultSet resultSet = dbQuery.getResultSet();
|
||||
while (resultSet.next()) {
|
||||
caseLastArtfId = resultSet.getLong("max_id"); // NON-NLS
|
||||
}
|
||||
sleuthkitCase.closeRunQuery(runQuery);
|
||||
} catch (SQLException ex) {
|
||||
Exceptions.printStackTrace(ex);
|
||||
} catch (TskCoreException | SQLException ex) {
|
||||
LOGGER.log(Level.SEVERE, "Error getting last artifact id: ", ex); // NON-NLS
|
||||
}
|
||||
return caseLastArtfId;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user