Merge branch 'develop' of github.com:sleuthkit/autopsy into jdk17_upgrade

2025-07-06 21:00:22 +00:00 · 2023-05-18 22:00:19 -04:00 · 2023-05-18 22:00:19 -04:00 · ef4075f592
commit ef4075f592
parent 5c02c62daa 149939f63b
3 changed files with 14 additions and 9 deletions
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/InlineSearcher.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/InlineSearcher.java
@ -393,7 +393,12 @@ final class InlineSearcher {
                            UniqueKeywordHit hit = hitList.get(0);
                            SleuthkitCase tskCase = Case.getCurrentCase().getSleuthkitCase();
                            Content content = tskCase.getContentById(hit.getContentID());
-                            BlackboardArtifact artifact = RegexQuery.createKeywordHitArtifact(content, originalKeyword, hitKeyword, hit, hit.getSnippet(), hitKeyword.getListName(), sourceId);
+                            BlackboardArtifact artifact;
+                            if (hit.isLiteral() && hit.isWholeWord()) {
+                                artifact = LuceneQuery.createKeywordHitArtifact(content, originalKeyword, hitKeyword, hit, hit.getSnippet(), hitKeyword.getListName(), sourceId);
+                            } else {
+                                artifact = RegexQuery.createKeywordHitArtifact(content, originalKeyword, hitKeyword, hit, hit.getSnippet(), hitKeyword.getListName(), sourceId);
+                            }
                            // createKeywordHitArtifact has the potential to return null
                            // when a CCN account is created.
                            if (artifact != null) {
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java
@ -234,6 +234,10 @@ class LuceneQuery implements KeywordSearchQuery {
     */
    @Override
    public BlackboardArtifact createKeywordHitArtifact(Content content, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId) {
+        return createKeywordHitArtifact(content, originalKeyword, foundKeyword, hit, snippet, listName, ingestJobId);
+    }    
+    
+    public static BlackboardArtifact createKeywordHitArtifact(Content content,  Keyword originalKW, Keyword foundKeyword, KeywordHit hit, String snippet, String listName, Long ingestJobId) {
        final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();

        Collection<BlackboardAttribute> attributes = new ArrayList<>();
@ -245,13 +249,13 @@ class LuceneQuery implements KeywordSearchQuery {
            attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, listName));
        }

-        if (originalKeyword != null) {
-            BlackboardAttribute.ATTRIBUTE_TYPE selType = originalKeyword.getArtifactAttributeType();
+        if (originalKW != null) {
+            BlackboardAttribute.ATTRIBUTE_TYPE selType = originalKW.getArtifactAttributeType();
            if (selType != null) {
                attributes.add(new BlackboardAttribute(selType, MODULE_NAME, foundKeyword.getSearchTerm()));
            }

-            if (originalKeyword.searchTermIsWholeWord()) {
+            if (originalKW.searchTermIsWholeWord()) {
                attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE, MODULE_NAME, KeywordSearch.QueryType.LITERAL.ordinal()));
            } else {
                attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE, MODULE_NAME, KeywordSearch.QueryType.SUBSTRING.ordinal()));
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RegexQuery.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RegexQuery.java
@ -591,11 +591,7 @@ final class RegexQuery implements KeywordSearchQuery {
        );

        if (originalKW.searchTermIsLiteral()) {
-            if(!originalKW.searchTermIsWholeWord()) {
            attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE, MODULE_NAME, KeywordSearch.QueryType.SUBSTRING.ordinal()));
-            } else {
-                attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE, MODULE_NAME, KeywordSearch.QueryType.LITERAL.ordinal()));
-            }
        } else {
            attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_SEARCH_TYPE, MODULE_NAME, KeywordSearch.QueryType.REGEX.ordinal()));
        }