From a46bbb81a3c20358212870aad3be8f150ec3274c Mon Sep 17 00:00:00 2001 From: Kelly Kelly Date: Thu, 6 May 2021 14:19:26 -0400 Subject: [PATCH 1/2] Fixed RA NPE --- .../recentactivity/ExtractRegistry.java | 32 +++++++++++-------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index 5951ac504c..80e784aaa7 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -742,7 +742,7 @@ class ExtractRegistry extends Extract { } else { results.get(0).addAttributes(bbattributes); } - for (Map.Entry userMap : userNameMap.entrySet()) { + for (Map.Entry userMap : getUserNameMap().entrySet()) { String sid = ""; try{ sid = (String)userMap.getKey(); @@ -1116,17 +1116,6 @@ class ExtractRegistry extends Extract { accountMgr.newOsAccountInstance(osAccount, (DataSource)dataSource, OsAccountInstance.OsAccountInstanceType.LAUNCHED); updateOsAccount(osAccount, userInfo, groupMap.get(userInfo.get(SID_KEY)), regAbstractFile); } - - // Get a mapping of user sids to user names and save globally so it can be used for other areas - // of the registry, ie: BAM key - try { - userNameMap = makeUserNameMap(dataSource); - } catch (TskCoreException ex) { - logger.log(Level.WARNING, "Unable to create OS Account user name map", ex); - // This is not the end of the world we will just continue without - // user names - userNameMap = new HashMap<>(); - } return true; } catch (FileNotFoundException ex) { logger.log(Level.WARNING, "Error finding the registry file.", ex); //NON-NLS @@ -1261,7 +1250,7 @@ class ExtractRegistry extends Extract { // We can add the S- back to the string that we split on since S- is a valid beginning of a User SID String fileNameSid[] = tokens[4].split("\\s+\\(S-"); String userSid = "S-" + fileNameSid[1].substring(0, fileNameSid[1].length() - 1); - String userName = userNameMap.get(userSid); + String userName = getUserNameMap().get(userSid); if (userName == null) { userName = userSid; } @@ -1738,6 +1727,23 @@ class ExtractRegistry extends Extract { return map; } + + private Map getUserNameMap() { + if(userNameMap == null) { + // Get a mapping of user sids to user names and save globally so it can be used for other areas + // of the registry, ie: BAM key + try { + userNameMap = makeUserNameMap(dataSource); + } catch (TskCoreException ex) { + logger.log(Level.WARNING, "Unable to create OS Account user name map", ex); + // This is not the end of the world we will just continue without + // user names + userNameMap = new HashMap<>(); + } + } + + return userNameMap; + } /** * Gets the attribute for the given type from the given artifact. From 6b39909199f55cf77935bc6d80811e181a216e28 Mon Sep 17 00:00:00 2001 From: Kelly Kelly Date: Thu, 6 May 2021 14:22:13 -0400 Subject: [PATCH 2/2] Added method header --- .../sleuthkit/autopsy/recentactivity/ExtractRegistry.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java index 80e784aaa7..b0d7fe08c3 100644 --- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java +++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java @@ -1728,6 +1728,11 @@ class ExtractRegistry extends Extract { return map; } + /** + * Returns a mapping of user sids to user names. + * + * @return username man or empty list if none where found. + */ private Map getUserNameMap() { if(userNameMap == null) { // Get a mapping of user sids to user names and save globally so it can be used for other areas