From ed9176563ab3d218bc6ca6d8075b78845b6abfa4 Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Thu, 8 Jun 2017 13:36:09 -0400
Subject: [PATCH] 1895 find MD5 matches now disabled for non-relevant files,
 works for carved files

---
 .../hashdatabase/HashDbSearchAction.java      | 21 ++++++++++++++-
 .../KeywordSearchFilterNode.java              | 26 +++++++++++--------
 2 files changed, 35 insertions(+), 12 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbSearchAction.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbSearchAction.java
index 3d567b75ca..ceecbe1d22 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbSearchAction.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbSearchAction.java
@@ -29,6 +29,9 @@ import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.ContentVisitor;
 import org.sleuthkit.datamodel.Directory;
+import org.sleuthkit.datamodel.LayoutFile;
+import org.sleuthkit.datamodel.SlackFile;
+import org.sleuthkit.datamodel.VirtualDirectory;
 
 /**
  * Searches for FsContent Files with the same MD5 hash as the given Node's
@@ -90,6 +93,22 @@ public class HashDbSearchAction extends CallableSystemAction implements HashSear
         protected AbstractFile defaultVisit(Content cntnt) {
             return null;
         }
+
+        @Override
+        public AbstractFile visit(LayoutFile lf) {
+            // layout files do not have times
+            return lf;
+        }
+
+        @Override
+        public AbstractFile visit(SlackFile f) {
+            return f;
+        }
+
+        @Override
+        public AbstractFile visit(VirtualDirectory dir) {
+            return ContentUtils.isDotDirectory(dir) ? null : dir;
+        }
     }
 
     /**
@@ -100,7 +119,7 @@ public class HashDbSearchAction extends CallableSystemAction implements HashSear
     @Override
     public void performAction() {
         // Make sure at least 1 file has an md5 hash
-        if (HashDbSearcher.countFilesMd5Hashed() > 0) {
+        if (file != null && HashDbSearcher.countFilesMd5Hashed() > 0) {
             doSearch();
         } else {
             JOptionPane.showMessageDialog(null,
diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
index f90888b000..7674ee5e34 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
@@ -48,6 +48,7 @@ import org.sleuthkit.datamodel.File;
 import org.sleuthkit.datamodel.LayoutFile;
 import org.sleuthkit.datamodel.LocalFile;
 import org.sleuthkit.datamodel.SlackFile;
+import org.sleuthkit.datamodel.TskData;
 import org.sleuthkit.datamodel.VirtualDirectory;
 
 /**
@@ -109,47 +110,50 @@ class KeywordSearchFilterNode extends FilterNode {
 
         @Override
         public List<Action> visit(File f) {
-            return getFileActions();
+            return getFileActions(true);
         }
 
         @Override
         public List<Action> visit(DerivedFile f) {
-            return getFileActions();
+            return getFileActions(true);
         }
 
         @Override
         public List<Action> visit(Directory d) {
-            return getFileActions();
+            return getFileActions(false);
         }
 
         @Override
         public List<Action> visit(LayoutFile lf) {
-            // layout files do not have times
-            return getFileActions();
+            //we want hashsearch enabled on carved files but not unallocated blocks
+            boolean enableHashSearch = (lf.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.CARVED);
+            return getFileActions(enableHashSearch);
         }
 
         @Override
         public List<Action> visit(LocalFile lf) {
-            return getFileActions();
+            return getFileActions(true);
         }
 
         @Override
         public List<Action> visit(SlackFile f) {
-            return getFileActions();
+            return getFileActions(false);
         }
 
         @Override
         public List<Action> visit(VirtualDirectory dir) {
-            return getFileActions();
+            return getFileActions(false);
         }
 
-        private List<Action> getFileActions() {
+        private List<Action> getFileActions(boolean enableHashSearch) {
             List<Action> actionsList = new ArrayList<>();
             actionsList.add(new NewWindowViewAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.viewInNewWinActionLbl"), KeywordSearchFilterNode.this));
             actionsList.add(new ExternalViewerAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.openExternViewActLbl"), getOriginal()));
             actionsList.add(null);
             actionsList.add(ExtractAction.getInstance());
-            actionsList.add(new HashSearchAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.searchSameMd5"), getOriginal()));
+            Action hashSearchAction = new HashSearchAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.searchSameMd5"), getOriginal());
+            hashSearchAction.setEnabled(enableHashSearch);
+            actionsList.add(hashSearchAction);
             actionsList.add(null); // creates a menu separator
             actionsList.add(AddContentTagAction.getInstance());
 
@@ -165,7 +169,7 @@ class KeywordSearchFilterNode extends FilterNode {
 
         @Override
         protected List<Action> defaultVisit(Content c) {
-            return getFileActions();
+            return getFileActions(false);
         }
     }
 }