mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-09 06:39:33 +00:00
4354 insert object id into instance tables when correlation instance created
This commit is contained in:
William Schaefer
parent
79189f3a44
commit
eef08cf50e
@ -808,9 +808,9 @@ abstract class AbstractSqlEamDb implements EamDb {
|
|||||||
String sql
|
String sql
|
||||||
= "INSERT INTO "
|
= "INSERT INTO "
|
||||||
+ tableName
|
+ tableName
|
||||||
+ "(case_id, data_source_id, value, file_path, known_status, comment) "
|
+ "(case_id, data_source_id, value, file_path, known_status, comment, object_id) "
|
||||||
+ "VALUES ((SELECT id FROM cases WHERE case_uid=? LIMIT 1), "
|
+ "VALUES ((SELECT id FROM cases WHERE case_uid=? LIMIT 1), "
|
||||||
+ "(SELECT id FROM data_sources WHERE device_id=? AND case_id=? LIMIT 1), ?, ?, ?, ?) "
|
+ "(SELECT id FROM data_sources WHERE device_id=? AND case_id=? LIMIT 1), ?, ?, ?, ?, ?) "
|
||||||
+ getConflictClause();
|
+ getConflictClause();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@ -824,12 +824,14 @@ abstract class AbstractSqlEamDb implements EamDb {
|
|||||||
preparedStatement.setString(4, eamArtifact.getCorrelationValue());
|
preparedStatement.setString(4, eamArtifact.getCorrelationValue());
|
||||||
preparedStatement.setString(5, eamArtifact.getFilePath().toLowerCase());
|
preparedStatement.setString(5, eamArtifact.getFilePath().toLowerCase());
|
||||||
preparedStatement.setByte(6, eamArtifact.getKnownStatus().getFileKnownValue());
|
preparedStatement.setByte(6, eamArtifact.getKnownStatus().getFileKnownValue());
|
||||||
|
|
||||||
if ("".equals(eamArtifact.getComment())) {
|
if ("".equals(eamArtifact.getComment())) {
|
||||||
preparedStatement.setNull(7, Types.INTEGER);
|
preparedStatement.setNull(7, Types.INTEGER);
|
||||||
} else {
|
} else {
|
||||||
preparedStatement.setString(7, eamArtifact.getComment());
|
preparedStatement.setString(7, eamArtifact.getComment());
|
||||||
}
|
}
|
||||||
|
preparedStatement.setLong(8, eamArtifact.getFileObjectId());
|
||||||
|
|
||||||
preparedStatement.executeUpdate();
|
preparedStatement.executeUpdate();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1233,9 +1235,9 @@ abstract class AbstractSqlEamDb implements EamDb {
|
|||||||
String sql
|
String sql
|
||||||
= "INSERT INTO "
|
= "INSERT INTO "
|
||||||
+ tableName
|
+ tableName
|
||||||
+ " (case_id, data_source_id, value, file_path, known_status, comment) "
|
+ " (case_id, data_source_id, value, file_path, known_status, comment, object_id) "
|
||||||
+ "VALUES ((SELECT id FROM cases WHERE case_uid=? LIMIT 1), "
|
+ "VALUES ((SELECT id FROM cases WHERE case_uid=? LIMIT 1), "
|
||||||
+ "(SELECT id FROM data_sources WHERE device_id=? AND case_id=? LIMIT 1), ?, ?, ?, ?) "
|
+ "(SELECT id FROM data_sources WHERE device_id=? AND case_id=? LIMIT 1), ?, ?, ?, ?, ?) "
|
||||||
+ getConflictClause();
|
+ getConflictClause();
|
||||||
|
|
||||||
bulkPs = conn.prepareStatement(sql);
|
bulkPs = conn.prepareStatement(sql);
|
||||||
@ -1279,6 +1281,7 @@ abstract class AbstractSqlEamDb implements EamDb {
|
|||||||
} else {
|
} else {
|
||||||
bulkPs.setString(7, eamArtifact.getComment());
|
bulkPs.setString(7, eamArtifact.getComment());
|
||||||
}
|
}
|
||||||
|
bulkPs.setLong(8, eamArtifact.getFileObjectId());
|
||||||
bulkPs.addBatch();
|
bulkPs.addBatch();
|
||||||
} else {
|
} else {
|
||||||
logger.log(Level.WARNING, ("Artifact value too long for central repository."
|
logger.log(Level.WARNING, ("Artifact value too long for central repository."
|
||||||
|
|||||||
@ -225,62 +225,6 @@ public class EamArtifactUtil {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Retrieve CorrelationAttribute from the given Content.
|
|
||||||
*
|
|
||||||
* @param content The content object
|
|
||||||
*
|
|
||||||
* @return The new CorrelationAttribute, or null if retrieval failed.
|
|
||||||
*/
|
|
||||||
public static CorrelationAttributeInstance getInstanceFromContent2(Content content) {
|
|
||||||
|
|
||||||
if (!(content instanceof AbstractFile)) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
final AbstractFile file = (AbstractFile) content;
|
|
||||||
|
|
||||||
if (!isSupportedAbstractFileType(file)) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
CorrelationAttributeInstance.Type type;
|
|
||||||
CorrelationCase correlationCase;
|
|
||||||
CorrelationDataSource correlationDataSource;
|
|
||||||
String value;
|
|
||||||
String filePath;
|
|
||||||
|
|
||||||
try {
|
|
||||||
type = EamDb.getInstance().getCorrelationTypeById(CorrelationAttributeInstance.FILES_TYPE_ID);
|
|
||||||
correlationCase = EamDb.getInstance().getCase(Case.getCurrentCaseThrows());
|
|
||||||
if (null == correlationCase) {
|
|
||||||
//if the correlationCase is not in the Central repo then attributes generated in relation to it will not be
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
correlationDataSource = CorrelationDataSource.fromTSKDataSource(correlationCase, file.getDataSource());
|
|
||||||
value = file.getMd5Hash();
|
|
||||||
filePath = (file.getParentPath() + file.getName()).toLowerCase();
|
|
||||||
} catch (TskCoreException | EamDbException ex) {
|
|
||||||
logger.log(Level.SEVERE, "Error retrieving correlation attribute.", ex);
|
|
||||||
return null;
|
|
||||||
} catch (NoCurrentCaseException ex) {
|
|
||||||
logger.log(Level.SEVERE, "Case is closed.", ex);
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
CorrelationAttributeInstance correlationAttributeInstance;
|
|
||||||
try {
|
|
||||||
correlationAttributeInstance = EamDb.getInstance().getCorrelationAttributeInstance(type, correlationCase, correlationDataSource, value, filePath);
|
|
||||||
} catch (EamDbException | CorrelationAttributeNormalizationException ex) {
|
|
||||||
logger.log(Level.WARNING, String.format(
|
|
||||||
"Correlation attribute could not be retrieved for '%s' (id=%d): %s",
|
|
||||||
content.getName(), content.getId(), ex.getMessage()));
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
return correlationAttributeInstance;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Retrieve CorrelationAttribute from the given Content.
|
* Retrieve CorrelationAttribute from the given Content.
|
||||||
*
|
*
|
||||||
@ -322,7 +266,7 @@ public class EamArtifactUtil {
|
|||||||
|
|
||||||
CorrelationAttributeInstance correlationAttributeInstance;
|
CorrelationAttributeInstance correlationAttributeInstance;
|
||||||
try {
|
try {
|
||||||
correlationAttributeInstance = EamDb.getInstance().getCorrelationAttributeInstance(type, correlationCase, correlationDataSource, content.getId());
|
correlationAttributeInstance = EamDb.getInstance().getCorrelationAttributeInstance(type, correlationCase, correlationDataSource, file.getId());
|
||||||
} catch (EamDbException | CorrelationAttributeNormalizationException ex) {
|
} catch (EamDbException | CorrelationAttributeNormalizationException ex) {
|
||||||
logger.log(Level.WARNING, String.format(
|
logger.log(Level.WARNING, String.format(
|
||||||
"Correlation attribute could not be retrieved for '%s' (id=%d): %s",
|
"Correlation attribute could not be retrieved for '%s' (id=%d): %s",
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user