From d7eab852ed545308be47505fd0088acaf2b82c40 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Mon, 30 Jan 2017 17:43:07 -0500 Subject: [PATCH 1/8] 1903 - Bug fix for file Ingest Filters --- .../autopsy/ingest/IngestTasksScheduler.java | 31 +++++++++++++------ .../interestingitems/Bundle.properties | 2 +- .../interestingitems/Bundle_ja.properties | 1 - .../interestingitems/FilesSetDefsPanel.form | 10 +++--- .../interestingitems/FilesSetDefsPanel.java | 22 +++++++------ .../interestingitems/FilesSetRulePanel.java | 14 +++++++-- 6 files changed, 52 insertions(+), 28 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestTasksScheduler.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestTasksScheduler.java index 834f475ffd..d776f3a41e 100755 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestTasksScheduler.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestTasksScheduler.java @@ -370,7 +370,7 @@ final class IngestTasksScheduler { // first appearance of this task in the queues. this.tasksInProgress.add(childTask); this.directoryTasks.add(childTask); - } else if (shouldEnqueueFileTask(childTask)) { + } else if (shouldEnqueueTerminalFileTask(childTask)) { // Found a file, put the task directly into the // pending file tasks queue. this.tasksInProgress.add(childTask); @@ -385,6 +385,26 @@ final class IngestTasksScheduler { } } + + /** + * Check whether a file task with no children should be enqueued by checking + * if the file meets any of the rules of the selected file ingest filter. + */ + private static boolean shouldEnqueueTerminalFileTask(final FileIngestTask task) { + final AbstractFile file = task.getFile(); + + /** + * Check if the file is a member of the file ingest filter that is being + * applied to the current run of ingest, checks if unallocated space + * should be processed inside call to fileIsMemberOf + */ + if (task.getIngestJob().getFileIngestFilter().fileIsMemberOf(file) == null) { + return false; + } else { + return shouldEnqueueFileTask(task); + } + } + /** * Examines the file associated with a file ingest task to determine whether * or not the file should be processed and therefore whether or not the task @@ -404,15 +424,6 @@ final class IngestTasksScheduler { return false; } - /** - * Check if the file is a member of the file ingest filter that is being - * applied to the current run of ingest, checks if unallocated space - * should be processed inside call to fileIsMemberOf - */ - if ((task.getIngestJob().getFileIngestFilter().fileIsMemberOf(file)) == null) { - return false; - } - // Skip the task if the file is one of a select group of special, large // NTFS or FAT file system files. if (file instanceof org.sleuthkit.datamodel.File) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties index 405269afb6..5f5cb66cd1 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties @@ -65,7 +65,6 @@ FilesSetDefsPanel.jLabel1.text=Rule Details FilesSetDefsPanel.dirsRadioButton.text=Directories FilesSetDefsPanel.jLabel2.text=File Type: FilesSetDefsPanel.deleteRuleButton.text=Delete Rule -FilesSetDefsPanel.bothRadioButton.text=Files and Directories FilesSetDefsPanel.fileNameRegexCheckbox.text=Regex FilesSetDefsPanel.ignoreKnownFilesCheckbox.text=Ignore Known Files FilesSetDefsPanel.rulePathConditionTextField.text= @@ -80,3 +79,4 @@ FilesSetDefsPanel.filesRadioButton.text=Files FilesSetRulePanel.allRadioButton.text=All FilesSetDefsPanel.ingoreUnallocCheckbox.text=Ignore Unallocated Space FilesSetDefsPanel.ingoreUnallocCheckbox.toolTipText=Ignores unallocated space, such as deleted files. May run faster but produce less complete results. +FilesSetDefsPanel.allRadioButton.text=All diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle_ja.properties b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle_ja.properties index 078be65eb0..e2fdeb5f9c 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle_ja.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle_ja.properties @@ -39,7 +39,6 @@ FilesSetDefsPanel.jLabel1.text=\u30eb\u30fc\u30eb\u8a73\u7d30 FilesSetDefsPanel.dirsRadioButton.text=\u30c7\u30a3\u30ec\u30af\u30c8\u30ea FilesSetDefsPanel.jLabel2.text=\u30d5\u30a1\u30a4\u30eb\u30bf\u30a4\u30d7\uff1a FilesSetDefsPanel.deleteRuleButton.text=\u30eb\u30fc\u30eb\u3092\u524a\u9664 -FilesSetDefsPanel.bothRadioButton.text=\u30d5\u30a1\u30a4\u30eb\u304a\u3088\u3073\u30c7\u30a3\u30ec\u30af\u30c8\u30ea FilesSetDefsPanel.fileNameRegexCheckbox.text=\u6b63\u898f\u8868\u73fe FilesSetDefsPanel.ignoreKnownFilesCheckbox.text=\u65e2\u77e5\u30d5\u30a1\u30a4\u30eb\u3092\u7121\u8996 FilesSetDefsPanel.fileNameRadioButton.text=\u30d5\u30a1\u30a4\u30eb\u540d diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form index 4565237aa8..b6d81d331f 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.form @@ -88,7 +88,7 @@ - + @@ -222,7 +222,7 @@ - + @@ -589,18 +589,18 @@ - + - + - + diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java index 2afc136613..b334e68651 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java @@ -97,6 +97,10 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp this.jLabel8.setVisible(false); this.equalitySignComboBox.setVisible(false); this.ignoreKnownFilesCheckbox.setVisible(false); + this.jLabel2.setVisible(false); + this.filesRadioButton.setVisible(false); + this.dirsRadioButton.setVisible(false); + this.allRadioButton.setVisible(false); this.jTextArea1.setText(org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.ingest.jTextArea1.text")); // NOI18N org.openide.awt.Mnemonics.setLocalizedText(setsListLabel, org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.ingest.setsListLabel.text")); // NOI18N org.openide.awt.Mnemonics.setLocalizedText(editSetButton, org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.ingest.editSetButton.text")); // NOI18N @@ -331,7 +335,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp FilesSetDefsPanel.this.dirsRadioButton.setSelected(true); break; case FILES_AND_DIRECTORIES: - FilesSetDefsPanel.this.bothRadioButton.setSelected(true); + FilesSetDefsPanel.this.allRadioButton.setSelected(true); break; } if (pathCondition != null) { @@ -544,7 +548,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp fileNameRegexCheckbox = new javax.swing.JCheckBox(); separator = new javax.swing.JSeparator(); setsListLabel = new javax.swing.JLabel(); - bothRadioButton = new javax.swing.JRadioButton(); + allRadioButton = new javax.swing.JRadioButton(); deleteSetButton = new javax.swing.JButton(); deleteRuleButton = new javax.swing.JButton(); newSetButton = new javax.swing.JButton(); @@ -673,10 +677,10 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp setsListLabel.setFont(setsListLabel.getFont().deriveFont(setsListLabel.getFont().getStyle() & ~java.awt.Font.BOLD, 11)); org.openide.awt.Mnemonics.setLocalizedText(setsListLabel, org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.interesting.setsListLabel.text")); // NOI18N - typeButtonGroup.add(bothRadioButton); - bothRadioButton.setFont(bothRadioButton.getFont().deriveFont(bothRadioButton.getFont().getStyle() & ~java.awt.Font.BOLD, 11)); - org.openide.awt.Mnemonics.setLocalizedText(bothRadioButton, org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.bothRadioButton.text")); // NOI18N - bothRadioButton.setEnabled(false); + typeButtonGroup.add(allRadioButton); + allRadioButton.setFont(allRadioButton.getFont().deriveFont(allRadioButton.getFont().getStyle() & ~java.awt.Font.BOLD, 11)); + org.openide.awt.Mnemonics.setLocalizedText(allRadioButton, org.openide.util.NbBundle.getMessage(FilesSetDefsPanel.class, "FilesSetDefsPanel.allRadioButton.text")); // NOI18N + allRadioButton.setEnabled(false); deleteSetButton.setFont(deleteSetButton.getFont().deriveFont(deleteSetButton.getFont().getStyle() & ~java.awt.Font.BOLD, 11)); deleteSetButton.setIcon(new javax.swing.ImageIcon(getClass().getResource("/org/sleuthkit/autopsy/images/delete16.png"))); // NOI18N @@ -785,7 +789,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addComponent(dirsRadioButton) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(bothRadioButton)) + .addComponent(allRadioButton)) .addGroup(jPanel1Layout.createSequentialGroup() .addGap(105, 105, 105) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) @@ -895,7 +899,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp .addComponent(jLabel2) .addComponent(filesRadioButton) .addComponent(dirsRadioButton) - .addComponent(bothRadioButton)) + .addComponent(allRadioButton)) .addGap(16, 16, 16) .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(jLabel3) @@ -997,7 +1001,7 @@ public final class FilesSetDefsPanel extends IngestModuleGlobalSettingsPanel imp }//GEN-LAST:event_newRuleButtonActionPerformed // Variables declaration - do not modify//GEN-BEGIN:variables - private javax.swing.JRadioButton bothRadioButton; + private javax.swing.JRadioButton allRadioButton; private javax.swing.JButton deleteRuleButton; private javax.swing.JButton deleteSetButton; private javax.swing.JRadioButton dirsRadioButton; diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java index f53700c34e..bb3d8d6bb1 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java @@ -67,7 +67,8 @@ final class FilesSetRulePanel extends javax.swing.JPanel { * Constructs a files set rule panel in create rule mode. */ FilesSetRulePanel(JButton okButton, JButton cancelButton, PANEL_TYPE panelType) { - initComponents(); + initComponents(); + populateComponentsWithDefaultValues(); if (panelType == FilesSetDefsPanel.PANEL_TYPE.FILE_INGEST_FILTERS) { //Hide the mimetype settings when this is displaying a FileSet rule instead of a interesting item rule mimeTypeComboBox.setVisible(false); mimeCheck.setVisible(false); @@ -75,12 +76,18 @@ final class FilesSetRulePanel extends javax.swing.JPanel { fileSizeCheck.setVisible(false); equalitySymbolComboBox.setVisible(false); fileSizeSpinner.setVisible(false); + jLabel1.setVisible(false); + + allRadioButton.setSelected(true); //Force selection of the all option when doing File Ingest Filter Rules + filesRadioButton.setVisible(false); + dirsRadioButton.setVisible(false); + allRadioButton.setVisible(false); org.openide.awt.Mnemonics.setLocalizedText(jLabel5, org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.ingest.jLabel5.text")); // NOI18N } else { populateMimeTypesComboBox(); } - populateComponentsWithDefaultValues(); + this.setButtons(okButton, cancelButton); } @@ -98,6 +105,9 @@ final class FilesSetRulePanel extends javax.swing.JPanel { fileSizeCheck.setVisible(false); equalitySymbolComboBox.setVisible(false); fileSizeSpinner.setVisible(false); + filesRadioButton.setVisible(false); + dirsRadioButton.setVisible(false); + allRadioButton.setVisible(false); } else { populateMimeTypesComboBox(); populateMimeConditionComponents(rule); From aad6983e752f4abe0292bb7ce495256704363964 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Mon, 30 Jan 2017 17:59:28 -0500 Subject: [PATCH 2/8] Minor formatting fix for FilesSetRulePanel.java --- .../modules/interestingitems/FilesSetRulePanel.java | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java index bb3d8d6bb1..ceff7c17df 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java @@ -39,8 +39,7 @@ import org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector; import org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.PANEL_TYPE; /** - * A panel that allows a user to create and edit files set - * membership rules. + * A panel that allows a user to create and edit files set membership rules. */ final class FilesSetRulePanel extends javax.swing.JPanel { @@ -67,7 +66,7 @@ final class FilesSetRulePanel extends javax.swing.JPanel { * Constructs a files set rule panel in create rule mode. */ FilesSetRulePanel(JButton okButton, JButton cancelButton, PANEL_TYPE panelType) { - initComponents(); + initComponents(); populateComponentsWithDefaultValues(); if (panelType == FilesSetDefsPanel.PANEL_TYPE.FILE_INGEST_FILTERS) { //Hide the mimetype settings when this is displaying a FileSet rule instead of a interesting item rule mimeTypeComboBox.setVisible(false); @@ -77,7 +76,6 @@ final class FilesSetRulePanel extends javax.swing.JPanel { equalitySymbolComboBox.setVisible(false); fileSizeSpinner.setVisible(false); jLabel1.setVisible(false); - allRadioButton.setSelected(true); //Force selection of the all option when doing File Ingest Filter Rules filesRadioButton.setVisible(false); dirsRadioButton.setVisible(false); @@ -87,7 +85,7 @@ final class FilesSetRulePanel extends javax.swing.JPanel { } else { populateMimeTypesComboBox(); } - + this.setButtons(okButton, cancelButton); } @@ -305,8 +303,8 @@ final class FilesSetRulePanel extends javax.swing.JPanel { /** * Returns whether or not the data entered in the panel constitutes a valid - * files set membership rule definition, displaying a dialog - * explaining the deficiency if the definition is invalid. + * files set membership rule definition, displaying a dialog explaining the + * deficiency if the definition is invalid. * * @return True if the definition is valid, false otherwise. */ From a6f0766c0a70053c0a0d020e6683a91794a08493 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Tue, 31 Jan 2017 11:21:01 -0500 Subject: [PATCH 3/8] 1903 Fixed bug with top level components not being filtered --- .../sleuthkit/autopsy/ingest/IngestTasksScheduler.java | 2 +- .../autopsy/modules/interestingitems/FilesSetPanel.java | 6 +++--- .../modules/interestingitems/FilesSetRulePanel.java | 9 ++++++++- 3 files changed, 12 insertions(+), 5 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestTasksScheduler.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestTasksScheduler.java index d776f3a41e..70b1dbc704 100755 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestTasksScheduler.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestTasksScheduler.java @@ -348,7 +348,7 @@ final class IngestTasksScheduler { // Try to add the most recently added directory from the // directory tasks queue to the pending file tasks queue. FileIngestTask directoryTask = this.directoryTasks.remove(this.directoryTasks.size() - 1); - if (shouldEnqueueFileTask(directoryTask)) { + if (shouldEnqueueTerminalFileTask(directoryTask)) { addToPendingFileTasksQueue(directoryTask); } else { this.tasksInProgress.remove(directoryTask); diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetPanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetPanel.java index 733902b1ec..d813f31102 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetPanel.java @@ -28,8 +28,9 @@ import org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.PANEL_TY * definitions. */ public class FilesSetPanel extends javax.swing.JPanel { - @NbBundle.Messages({"FilesSetPanel.ingest.title=File Ingest Filter", "FilesSetPanel.ingest.createNewFilter=Create new file ingest filter..."}) - + + @NbBundle.Messages({"FilesSetPanel.ingest.title=File Ingest Filter", "FilesSetPanel.ingest.createNewFilter=Create/Edit file ingest filter(s)..."}) + private static final String CREATE_NEW_FILE_INGEST_FILTER = Bundle.FilesSetPanel_ingest_createNewFilter(); /** @@ -39,7 +40,6 @@ public class FilesSetPanel extends javax.swing.JPanel { return CREATE_NEW_FILE_INGEST_FILTER; } - /** * Construct a files set panel in create mode. */ diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java index ceff7c17df..78b897d2a4 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java @@ -556,7 +556,7 @@ final class FilesSetRulePanel extends javax.swing.JPanel { private void setComponentsForSearchType() { if (!this.filesRadioButton.isSelected()) { this.fullNameRadioButton.setSelected(true); - this.extensionRadioButton.setEnabled(false); + this.mimeTypeComboBox.setEnabled(false); this.mimeTypeComboBox.setSelectedIndex(0); this.equalitySymbolComboBox.setEnabled(false); @@ -567,6 +567,11 @@ final class FilesSetRulePanel extends javax.swing.JPanel { this.fileSizeCheck.setSelected(false); this.mimeCheck.setEnabled(false); this.mimeCheck.setSelected(false); + if (this.filesRadioButton.isVisible()) { //If the filesRadioButton is not visibile then we can let the user do extension based rules + this.extensionRadioButton.setEnabled(false); + } else { + this.extensionRadioButton.setEnabled(true); + } } else { if (this.nameCheck.isSelected()) { @@ -839,6 +844,8 @@ final class FilesSetRulePanel extends javax.swing.JPanel { this.fullNameRadioButton.setEnabled(true); if (this.filesRadioButton.isSelected()) { this.extensionRadioButton.setEnabled(true); + } else if (!this.filesRadioButton.isVisible()) { //If the filesRadioButton is not visibile then we can let the user do extension based rules + this.extensionRadioButton.setEnabled(true); } this.nameRegexCheckbox.setEnabled(true); } From 816725a70b3cc27d450993e318161a0b386635f1 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Tue, 31 Jan 2017 11:28:06 -0500 Subject: [PATCH 4/8] typo with message text --- .../autopsy/modules/interestingitems/FilesSetPanel.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetPanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetPanel.java index d813f31102..4c47601b68 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetPanel.java @@ -29,7 +29,7 @@ import org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.PANEL_TY */ public class FilesSetPanel extends javax.swing.JPanel { - @NbBundle.Messages({"FilesSetPanel.ingest.title=File Ingest Filter", "FilesSetPanel.ingest.createNewFilter=Create/Edit file ingest filter(s)..."}) + @NbBundle.Messages({"FilesSetPanel.ingest.title=File Ingest Filter", "FilesSetPanel.ingest.createNewFilter=Create/edit file ingest filter(s)..."}) private static final String CREATE_NEW_FILE_INGEST_FILTER = Bundle.FilesSetPanel_ingest_createNewFilter(); From 725f0905a82b7206c876912c47be408800d5aae6 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Tue, 31 Jan 2017 15:00:56 -0500 Subject: [PATCH 5/8] 1903 re-implementation of isFile() check before checking membership --- .../autopsy/ingest/IngestTasksScheduler.java | 34 +++++++------------ .../interestingitems/FilesSetRulePanel.java | 15 ++------ 2 files changed, 15 insertions(+), 34 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestTasksScheduler.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestTasksScheduler.java index 70b1dbc704..f22ef93d94 100755 --- a/Core/src/org/sleuthkit/autopsy/ingest/IngestTasksScheduler.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestTasksScheduler.java @@ -348,7 +348,7 @@ final class IngestTasksScheduler { // Try to add the most recently added directory from the // directory tasks queue to the pending file tasks queue. FileIngestTask directoryTask = this.directoryTasks.remove(this.directoryTasks.size() - 1); - if (shouldEnqueueTerminalFileTask(directoryTask)) { + if (shouldEnqueueFileTask(directoryTask)) { addToPendingFileTasksQueue(directoryTask); } else { this.tasksInProgress.remove(directoryTask); @@ -370,7 +370,7 @@ final class IngestTasksScheduler { // first appearance of this task in the queues. this.tasksInProgress.add(childTask); this.directoryTasks.add(childTask); - } else if (shouldEnqueueTerminalFileTask(childTask)) { + } else if (shouldEnqueueFileTask(childTask)) { // Found a file, put the task directly into the // pending file tasks queue. this.tasksInProgress.add(childTask); @@ -385,26 +385,6 @@ final class IngestTasksScheduler { } } - - /** - * Check whether a file task with no children should be enqueued by checking - * if the file meets any of the rules of the selected file ingest filter. - */ - private static boolean shouldEnqueueTerminalFileTask(final FileIngestTask task) { - final AbstractFile file = task.getFile(); - - /** - * Check if the file is a member of the file ingest filter that is being - * applied to the current run of ingest, checks if unallocated space - * should be processed inside call to fileIsMemberOf - */ - if (task.getIngestJob().getFileIngestFilter().fileIsMemberOf(file) == null) { - return false; - } else { - return shouldEnqueueFileTask(task); - } - } - /** * Examines the file associated with a file ingest task to determine whether * or not the file should be processed and therefore whether or not the task @@ -420,10 +400,20 @@ final class IngestTasksScheduler { // Skip the task if the file is actually the pseudo-file for the parent // or current directory. String fileName = file.getName(); + if (fileName.equals(".") || fileName.equals("..")) { return false; } + /** + * Check if the file is a member of the file ingest filter that is being + * applied to the current run of ingest, checks if unallocated space + * should be processed inside call to fileIsMemberOf + */ + if (file.isFile() && task.getIngestJob().getFileIngestFilter().fileIsMemberOf(file) == null) { + return false; + } + // Skip the task if the file is one of a select group of special, large // NTFS or FAT file system files. if (file instanceof org.sleuthkit.datamodel.File) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java index 78b897d2a4..822c24dfeb 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java @@ -67,7 +67,6 @@ final class FilesSetRulePanel extends javax.swing.JPanel { */ FilesSetRulePanel(JButton okButton, JButton cancelButton, PANEL_TYPE panelType) { initComponents(); - populateComponentsWithDefaultValues(); if (panelType == FilesSetDefsPanel.PANEL_TYPE.FILE_INGEST_FILTERS) { //Hide the mimetype settings when this is displaying a FileSet rule instead of a interesting item rule mimeTypeComboBox.setVisible(false); mimeCheck.setVisible(false); @@ -76,7 +75,6 @@ final class FilesSetRulePanel extends javax.swing.JPanel { equalitySymbolComboBox.setVisible(false); fileSizeSpinner.setVisible(false); jLabel1.setVisible(false); - allRadioButton.setSelected(true); //Force selection of the all option when doing File Ingest Filter Rules filesRadioButton.setVisible(false); dirsRadioButton.setVisible(false); allRadioButton.setVisible(false); @@ -85,7 +83,7 @@ final class FilesSetRulePanel extends javax.swing.JPanel { } else { populateMimeTypesComboBox(); } - + populateComponentsWithDefaultValues(); this.setButtons(okButton, cancelButton); } @@ -103,6 +101,7 @@ final class FilesSetRulePanel extends javax.swing.JPanel { fileSizeCheck.setVisible(false); equalitySymbolComboBox.setVisible(false); fileSizeSpinner.setVisible(false); + jLabel1.setVisible(false); filesRadioButton.setVisible(false); dirsRadioButton.setVisible(false); allRadioButton.setVisible(false); @@ -556,7 +555,7 @@ final class FilesSetRulePanel extends javax.swing.JPanel { private void setComponentsForSearchType() { if (!this.filesRadioButton.isSelected()) { this.fullNameRadioButton.setSelected(true); - + this.extensionRadioButton.setEnabled(false); this.mimeTypeComboBox.setEnabled(false); this.mimeTypeComboBox.setSelectedIndex(0); this.equalitySymbolComboBox.setEnabled(false); @@ -567,12 +566,6 @@ final class FilesSetRulePanel extends javax.swing.JPanel { this.fileSizeCheck.setSelected(false); this.mimeCheck.setEnabled(false); this.mimeCheck.setSelected(false); - if (this.filesRadioButton.isVisible()) { //If the filesRadioButton is not visibile then we can let the user do extension based rules - this.extensionRadioButton.setEnabled(false); - } else { - this.extensionRadioButton.setEnabled(true); - } - } else { if (this.nameCheck.isSelected()) { this.extensionRadioButton.setEnabled(true); @@ -844,8 +837,6 @@ final class FilesSetRulePanel extends javax.swing.JPanel { this.fullNameRadioButton.setEnabled(true); if (this.filesRadioButton.isSelected()) { this.extensionRadioButton.setEnabled(true); - } else if (!this.filesRadioButton.isVisible()) { //If the filesRadioButton is not visibile then we can let the user do extension based rules - this.extensionRadioButton.setEnabled(true); } this.nameRegexCheckbox.setEnabled(true); } From 8140486b9da3db25efe4d127aec85389aac3abb3 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Tue, 31 Jan 2017 18:07:11 -0500 Subject: [PATCH 6/8] Modified FilesSet rules to use same isFile() comparrison as sleuthkit --- .../sleuthkit/autopsy/modules/interestingitems/FilesSet.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java index 403ab31be7..b5d9e6b96a 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java +++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java @@ -535,7 +535,7 @@ public final class FilesSet implements Serializable { public boolean passes(AbstractFile file) { switch (this.type) { case FILES: - return file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG; + return file.isFile(); case DIRECTORIES: return file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR; case FILES_AND_DIRECTORIES: From f29a0ee1542a0903102b0996ea819276f83114d4 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Wed, 1 Feb 2017 13:56:59 -0500 Subject: [PATCH 7/8] mime type tree now able display the existing slack file nodes --- .../autopsy/datamodel/FileTypesByMimeType.java | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/FileTypesByMimeType.java b/Core/src/org/sleuthkit/autopsy/datamodel/FileTypesByMimeType.java index bbd46ddd12..2a4ad47e74 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/FileTypesByMimeType.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/FileTypesByMimeType.java @@ -46,6 +46,7 @@ import org.sleuthkit.datamodel.Directory; import org.sleuthkit.datamodel.File; import org.sleuthkit.datamodel.LayoutFile; import org.sleuthkit.datamodel.LocalFile; +import org.sleuthkit.datamodel.SlackFile; import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskData; @@ -129,6 +130,7 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi allDistinctMimeTypesQuery.append(" AND (type IN (").append(TskData.TSK_DB_FILES_TYPE_ENUM.FS.ordinal()).append(","); //NON-NLS allDistinctMimeTypesQuery.append(TskData.TSK_DB_FILES_TYPE_ENUM.CARVED.ordinal()).append(","); allDistinctMimeTypesQuery.append(TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED.ordinal()).append(","); + allDistinctMimeTypesQuery.append(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK.ordinal()).append(","); allDistinctMimeTypesQuery.append(TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL.ordinal()).append("))"); synchronized (existingMimeTypes) { existingMimeTypes.clear(); @@ -448,6 +450,7 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi query.append(" AND (type IN (").append(TskData.TSK_DB_FILES_TYPE_ENUM.FS.ordinal()).append(","); //NON-NLS query.append(TskData.TSK_DB_FILES_TYPE_ENUM.CARVED.ordinal()).append(","); query.append(TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED.ordinal()).append(","); + query.append(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK.ordinal()).append(","); query.append(TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL.ordinal()).append("))"); if (UserPreferences.hideKnownFilesInViewsTree()) { query.append(" AND (known IS NULL OR known != ").append(TskData.FileKnown.KNOWN.getFileKnownValue()).append(")"); //NON-NLS @@ -495,7 +498,12 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi public LocalFileNode visit(LocalFile lf) { return new LocalFileNode(lf); } - + + @Override + public SlackFileNode visit(SlackFile sf) { + return new SlackFileNode(sf, false); + } + @Override protected AbstractNode defaultVisit(Content di) { throw new UnsupportedOperationException(NbBundle.getMessage(this.getClass(), "FileTypeChildren.exception.notSupported.msg", di.toString())); From 124eeffb4ef503079dbf8d17378a9a591bb6cf61 Mon Sep 17 00:00:00 2001 From: William Schaefer Date: Wed, 1 Feb 2017 14:42:38 -0500 Subject: [PATCH 8/8] Fixed count of files for mime tree when slack files hidden --- .../datamodel/FileTypesByMimeType.java | 40 +++++++++++-------- 1 file changed, 24 insertions(+), 16 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/FileTypesByMimeType.java b/Core/src/org/sleuthkit/autopsy/datamodel/FileTypesByMimeType.java index 2a4ad47e74..cbe842ec70 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/FileTypesByMimeType.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/FileTypesByMimeType.java @@ -1,15 +1,15 @@ /* * Autopsy Forensic Browser - * + * * Copyright 2011-2016 Basis Technology Corp. * Contact: carrier sleuthkit org - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -76,8 +76,8 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi } /* - * The pcl is in the class because it has the easiest mechanisms to add - * and remove itself during its life cycles. + * The pcl is in the class because it has the easiest mechanisms to add and + * remove itself during its life cycles. */ private final PropertyChangeListener pcl = (PropertyChangeEvent evt) -> { String eventType = evt.getPropertyName(); @@ -109,7 +109,7 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi * Retrieve the media types by retrieving the keyset from the hashmap. * * @return mediaTypes - a list of strings representing all distinct media - * types of files for this case + * types of files for this case */ private List getMediaTypeList() { synchronized (existingMimeTypes) { @@ -130,7 +130,9 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi allDistinctMimeTypesQuery.append(" AND (type IN (").append(TskData.TSK_DB_FILES_TYPE_ENUM.FS.ordinal()).append(","); //NON-NLS allDistinctMimeTypesQuery.append(TskData.TSK_DB_FILES_TYPE_ENUM.CARVED.ordinal()).append(","); allDistinctMimeTypesQuery.append(TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED.ordinal()).append(","); - allDistinctMimeTypesQuery.append(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK.ordinal()).append(","); + if (!UserPreferences.hideSlackFilesInViewsTree()) { + allDistinctMimeTypesQuery.append(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK.ordinal()).append(","); + } allDistinctMimeTypesQuery.append(TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL.ordinal()).append("))"); synchronized (existingMimeTypes) { existingMimeTypes.clear(); @@ -180,8 +182,9 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi * empty. * * @param node the Node which you wish to check. + * * @return True if originNode is an instance of ByMimeTypeNode and is empty, - * false otherwise. + * false otherwise. */ public static boolean isEmptyMimeTypeNode(Node node) { boolean isEmptyMimeNode = false; @@ -348,7 +351,7 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi * of files which it represents. * * @param mimeType - the complete MimeType, needed for accurate query - * results + * results */ private void updateDisplayName(String mimeType) { @@ -403,7 +406,7 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi * Get children count without actually loading all nodes * * @return count(*) - the number of items that will be shown in this - * items Directory Listing + * items Directory Listing */ private long calculateItems(SleuthkitCase sleuthkitCase, String mime_type) { try { @@ -420,7 +423,8 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi * which match this mime type and their information. * * @param list - will contain all files and their attributes from the - * tsk_files table where mime_type matches the one specified + * tsk_files table where mime_type matches the one specified + * * @return true */ @Override @@ -441,8 +445,9 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi * tsk_files. * * @param mimeType - the complete mimetype of the file mediatype/subtype + * * @return query.toString - portion of SQL query which will follow a - * WHERE clause. + * WHERE clause. */ private String createQuery(String mime_type) { StringBuilder query = new StringBuilder(); @@ -450,7 +455,9 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi query.append(" AND (type IN (").append(TskData.TSK_DB_FILES_TYPE_ENUM.FS.ordinal()).append(","); //NON-NLS query.append(TskData.TSK_DB_FILES_TYPE_ENUM.CARVED.ordinal()).append(","); query.append(TskData.TSK_DB_FILES_TYPE_ENUM.DERIVED.ordinal()).append(","); - query.append(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK.ordinal()).append(","); + if (!UserPreferences.hideSlackFilesInViewsTree()) { + query.append(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK.ordinal()).append(","); + } query.append(TskData.TSK_DB_FILES_TYPE_ENUM.LOCAL.ordinal()).append("))"); if (UserPreferences.hideKnownFilesInViewsTree()) { query.append(" AND (known IS NULL OR known != ").append(TskData.FileKnown.KNOWN.getFileKnownValue()).append(")"); //NON-NLS @@ -469,6 +476,7 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi * each file * * @param key + * * @return */ @Override @@ -498,12 +506,12 @@ public final class FileTypesByMimeType extends Observable implements AutopsyVisi public LocalFileNode visit(LocalFile lf) { return new LocalFileNode(lf); } - + @Override public SlackFileNode visit(SlackFile sf) { return new SlackFileNode(sf, false); } - + @Override protected AbstractNode defaultVisit(Content di) { throw new UnsupportedOperationException(NbBundle.getMessage(this.getClass(), "FileTypeChildren.exception.notSupported.msg", di.toString()));