mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-09 06:39:33 +00:00
Update ThunderbirdMboxFileIngestModule.java
Check threaded messageId if null and skip it if it is. Format code also.
This commit is contained in:
Mark McKinnon
parent
57ba69c4d2
commit
f73eb23ad9
@ -65,6 +65,7 @@ import org.sleuthkit.datamodel.TskException;
|
||||
* structure and metadata.
|
||||
*/
|
||||
public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName());
|
||||
private final IngestServices services = IngestServices.getInstance();
|
||||
private FileManager fileManager;
|
||||
@ -80,7 +81,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
}
|
||||
|
||||
@Override
|
||||
@Messages ({"ThunderbirdMboxFileIngestModule.noOpenCase.errMsg=Exception while getting open case."})
|
||||
@Messages({"ThunderbirdMboxFileIngestModule.noOpenCase.errMsg=Exception while getting open case."})
|
||||
public void startUp(IngestJobContext context) throws IngestModuleException {
|
||||
this.context = context;
|
||||
try {
|
||||
@ -103,8 +104,8 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
}
|
||||
|
||||
//skip unalloc
|
||||
if ((abstractFile.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)) ||
|
||||
(abstractFile.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK))) {
|
||||
if ((abstractFile.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS))
|
||||
|| (abstractFile.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK))) {
|
||||
return ProcessResult.OK;
|
||||
}
|
||||
|
||||
@ -160,7 +161,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
String fileName;
|
||||
try {
|
||||
fileName = getTempPath() + File.separator + abstractFile.getName()
|
||||
+ "-" + String.valueOf(abstractFile.getId());
|
||||
+ "-" + String.valueOf(abstractFile.getId());
|
||||
} catch (NoCurrentCaseException ex) {
|
||||
logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
|
||||
return ProcessResult.ERROR;
|
||||
@ -188,11 +189,11 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
PstParser parser = new PstParser(services);
|
||||
PstParser.ParseResult result = parser.open(file, abstractFile.getId());
|
||||
|
||||
switch( result) {
|
||||
switch (result) {
|
||||
case OK:
|
||||
Iterator<EmailMessage> pstMsgIterator = parser.getEmailMessageIterator();
|
||||
if (pstMsgIterator != null) {
|
||||
processEmails(parser.getPartialEmailMessages(), pstMsgIterator , abstractFile);
|
||||
processEmails(parser.getPartialEmailMessages(), pstMsgIterator, abstractFile);
|
||||
} else {
|
||||
// sometimes parser returns ParseResult=OK but there are no messages
|
||||
postErrorMessage(
|
||||
@ -273,7 +274,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
String fileName;
|
||||
try {
|
||||
fileName = getTempPath() + File.separator + abstractFile.getName()
|
||||
+ "-" + String.valueOf(abstractFile.getId());
|
||||
+ "-" + String.valueOf(abstractFile.getId());
|
||||
} catch (NoCurrentCaseException ex) {
|
||||
logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
|
||||
return ProcessResult.ERROR;
|
||||
@ -298,12 +299,12 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
return ProcessResult.OK;
|
||||
}
|
||||
|
||||
MboxParser emailIterator = MboxParser.getEmailIterator( emailFolder, file, abstractFile.getId());
|
||||
MboxParser emailIterator = MboxParser.getEmailIterator(emailFolder, file, abstractFile.getId());
|
||||
List<EmailMessage> emails = new ArrayList<>();
|
||||
if(emailIterator != null) {
|
||||
while(emailIterator.hasNext()) {
|
||||
if (emailIterator != null) {
|
||||
while (emailIterator.hasNext()) {
|
||||
EmailMessage emailMessage = emailIterator.next();
|
||||
if(emailMessage != null) {
|
||||
if (emailMessage != null) {
|
||||
emails.add(emailMessage);
|
||||
}
|
||||
}
|
||||
@ -315,7 +316,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
abstractFile.getName()), errors);
|
||||
}
|
||||
}
|
||||
processEmails(emails, MboxParser.getEmailIterator( emailFolder, file, abstractFile.getId()), abstractFile);
|
||||
processEmails(emails, MboxParser.getEmailIterator(emailFolder, file, abstractFile.getId()), abstractFile);
|
||||
|
||||
if (file.delete() == false) {
|
||||
logger.log(Level.INFO, "Failed to delete temp file: {0}", file.getName()); //NON-NLS
|
||||
@ -438,35 +439,37 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
|
||||
// Putting try/catch around this to catch any exception and still allow
|
||||
// the creation of the artifacts to continue.
|
||||
try{
|
||||
try {
|
||||
EmailMessageThreader.threadMessages(partialEmailsForThreading);
|
||||
} catch(Exception ex) {
|
||||
} catch (Exception ex) {
|
||||
logger.log(Level.WARNING, String.format("Exception thrown parsing emails from %s", abstractFile.getName()), ex);
|
||||
}
|
||||
|
||||
List<AbstractFile> derivedFiles = new ArrayList<>();
|
||||
|
||||
int msgCnt = 0;
|
||||
while(fullMessageIterator.hasNext()) {
|
||||
while (fullMessageIterator.hasNext()) {
|
||||
EmailMessage current = fullMessageIterator.next();
|
||||
|
||||
if(current == null) {
|
||||
if (current == null) {
|
||||
continue;
|
||||
}
|
||||
|
||||
if(partialEmailsForThreading.size() > msgCnt) {
|
||||
if (partialEmailsForThreading.size() > msgCnt) {
|
||||
EmailMessage threaded = partialEmailsForThreading.get(msgCnt++);
|
||||
|
||||
if(threaded.getMessageID().equals(current.getMessageID()) &&
|
||||
threaded.getSubject().equals(current.getSubject())) {
|
||||
current.setMessageThreadID(threaded.getMessageThreadID());
|
||||
if (threaded.getMessageID() != null) {
|
||||
if (threaded.getMessageID().equals(current.getMessageID())
|
||||
&& threaded.getSubject().equals(current.getSubject())) {
|
||||
current.setMessageThreadID(threaded.getMessageThreadID());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
BlackboardArtifact msgArtifact = addEmailArtifact(current, abstractFile);
|
||||
|
||||
if ((msgArtifact != null) && (current.hasAttachment())) {
|
||||
derivedFiles.addAll(handleAttachments(current.getAttachments(), abstractFile, msgArtifact ));
|
||||
if ((msgArtifact != null) && (current.hasAttachment())) {
|
||||
derivedFiles.addAll(handleAttachments(current.getAttachments(), abstractFile, msgArtifact));
|
||||
}
|
||||
}
|
||||
|
||||
@ -477,6 +480,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
}
|
||||
context.addFilesToJob(derivedFiles);
|
||||
}
|
||||
|
||||
/**
|
||||
* Add the given attachments as derived files and reschedule them for
|
||||
* ingest.
|
||||
@ -517,7 +521,8 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
}
|
||||
|
||||
/**
|
||||
* Finds and returns a set of unique email addresses found in the input string
|
||||
* Finds and returns a set of unique email addresses found in the input
|
||||
* string
|
||||
*
|
||||
* @param input - input string, like the To/CC line from an email header
|
||||
*
|
||||
@ -525,11 +530,11 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
*/
|
||||
private Set<String> findEmailAddresess(String input) {
|
||||
Pattern p = Pattern.compile("\\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\\.[A-Z]{2,4}\\b",
|
||||
Pattern.CASE_INSENSITIVE);
|
||||
Pattern.CASE_INSENSITIVE);
|
||||
Matcher m = p.matcher(input);
|
||||
Set<String> emailAddresses = new HashSet<>();
|
||||
while (m.find()) {
|
||||
emailAddresses.add( m.group());
|
||||
emailAddresses.add(m.group());
|
||||
}
|
||||
return emailAddresses;
|
||||
}
|
||||
@ -570,13 +575,11 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
senderAddress = senderAddressList.get(0);
|
||||
try {
|
||||
senderAccountInstance = currentCase.getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.EMAIL, senderAddress, EmailParserModuleFactory.getModuleName(), abstractFile);
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.WARNING, "Failed to create account for email address " + senderAddress, ex); //NON-NLS
|
||||
}
|
||||
catch(TskCoreException ex) {
|
||||
logger.log(Level.WARNING, "Failed to create account for email address " + senderAddress, ex); //NON-NLS
|
||||
}
|
||||
}
|
||||
else {
|
||||
logger.log(Level.WARNING, "Failed to find sender address, from = {0}", from); //NON-NLS
|
||||
} else {
|
||||
logger.log(Level.WARNING, "Failed to find sender address, from = {0}", from); //NON-NLS
|
||||
}
|
||||
|
||||
List<String> recipientAddresses = new ArrayList<>();
|
||||
@ -587,12 +590,11 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
List<AccountFileInstance> recipientAccountInstances = new ArrayList<>();
|
||||
recipientAddresses.forEach((addr) -> {
|
||||
try {
|
||||
AccountFileInstance recipientAccountInstance =
|
||||
currentCase.getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.EMAIL, addr,
|
||||
EmailParserModuleFactory.getModuleName(), abstractFile);
|
||||
AccountFileInstance recipientAccountInstance
|
||||
= currentCase.getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.EMAIL, addr,
|
||||
EmailParserModuleFactory.getModuleName(), abstractFile);
|
||||
recipientAccountInstances.add(recipientAccountInstance);
|
||||
}
|
||||
catch(TskCoreException ex) {
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.WARNING, "Failed to create account for email address " + addr, ex); //NON-NLS
|
||||
}
|
||||
});
|
||||
@ -618,18 +620,17 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
addArtifactAttribute(rtf, ATTRIBUTE_TYPE.TSK_EMAIL_CONTENT_RTF, bbattributes);
|
||||
addArtifactAttribute(threadID, ATTRIBUTE_TYPE.TSK_THREAD_ID, bbattributes);
|
||||
|
||||
|
||||
try {
|
||||
|
||||
bbart = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG);
|
||||
bbart.addAttributes(bbattributes);
|
||||
|
||||
// Add account relationships
|
||||
currentCase.getSleuthkitCase().getCommunicationsManager().addRelationships(senderAccountInstance, recipientAccountInstances, bbart,Relationship.Type.MESSAGE, dateL);
|
||||
currentCase.getSleuthkitCase().getCommunicationsManager().addRelationships(senderAccountInstance, recipientAccountInstances, bbart, Relationship.Type.MESSAGE, dateL);
|
||||
|
||||
try {
|
||||
// index the artifact for keyword search
|
||||
blackboard.postArtifact(bbart, EmailParserModuleFactory.getModuleName());
|
||||
blackboard.postArtifact(bbart, EmailParserModuleFactory.getModuleName());
|
||||
} catch (Blackboard.BlackboardException ex) {
|
||||
logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bbart.getArtifactID(), ex); //NON-NLS
|
||||
MessageNotifyUtil.Notify.error(Bundle.ThunderbirdMboxFileIngestModule_addArtifact_indexError_message(), bbart.getDisplayName());
|
||||
@ -644,7 +645,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
|
||||
/**
|
||||
* Add an attribute of a specified type to a supplied Collection.
|
||||
*
|
||||
* @param stringVal The attribute value.
|
||||
* @param stringVal The attribute value.
|
||||
* @param attrType The type of attribute to be added.
|
||||
* @param bbattributes The Collection to which the attribute will be added.
|
||||
*/
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user