mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 10:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5733-implement-XRY-report-parsing' into 5734-implement-XRY-DSP

Browse Source
This commit is contained in:
U-BASIS\dsmyda 2019-11-14 14:30:44 -05:00
commit f7acbe4cb6
5 changed files with 34 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/AbstractSingleKeyValueParser.java
View File

@ -45,7 +45,7 @@ abstract class AbstractSingleKeyValueParser implements XRYFileParser {
@Override
public void parse(XRYFileReader reader, Content parent) throws IOException, TskCoreException {
Path reportPath = reader.getReportPath();
logger.log(Level.INFO, String.format("XRY DSP: Processing report at [ %s ]", reportPath.toString()));
logger.log(Level.INFO, String.format("[XRY DSP] Processing report at [ %s ]", reportPath.toString()));
while (reader.hasNextEntity()) {
String xryEntity = reader.nextEntity();
@ -55,7 +55,7 @@ abstract class AbstractSingleKeyValueParser implements XRYFileParser {
//First line of the entity is the title.
if (xryLines.length > 0) {
logger.log(Level.INFO, String.format("XRY DSP: Processing [ %s ]", xryLines[0]));
logger.log(Level.INFO, String.format("[XRY DSP] Processing [ %s ]", xryLines[0]));
}
String namespace = "";
@ -75,7 +75,7 @@ abstract class AbstractSingleKeyValueParser implements XRYFileParser {
//the start of the line and the first delimiter.
int keyDelimiter = xryLine.indexOf(KEY_VALUE_DELIMITER);
if (keyDelimiter == -1) {
logger.log(Level.SEVERE, String.format("XRY DSP: Expected a key value "
logger.log(Level.SEVERE, String.format("[XRY DSP] Expected a key value "
+ "pair on this line (in brackets) [ %s ], but one was not detected."
+ " Here is the previous line [ %s ]. What does this mean?", xryLine, xryLines[i - 1]));
continue;
@ -84,14 +84,14 @@ abstract class AbstractSingleKeyValueParser implements XRYFileParser {
String value = xryLine.substring(keyDelimiter + 1).trim();
if (!isKey(key)) {
logger.log(Level.SEVERE, String.format("XRY DSP: The following key, "
logger.log(Level.SEVERE, String.format("[XRY DSP] The following key, "
+ "value pair (in brackets, respectively) [ %s ], [ %s ] was not recognized. Discarding..."
+ " Here is the previous line [ %s ] for context. What does this key mean?", key, value, xryLines[i - 1]));
continue;
}
if (value.isEmpty()) {
logger.log(Level.SEVERE, String.format("XRY DSP: The following key "
logger.log(Level.SEVERE, String.format("[XRY DSP] The following key "
+ "(in brackets) [ %s ] was recognized, but the value was empty. Discarding..."
+ " Here is the previous line for context [ %s ]. What does this mean?", key, xryLines[i - 1]));
continue;

8
Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java
View File

@ -89,10 +89,10 @@ final class XRYCallsFileParser extends AbstractSingleKeyValueParser {
try {
String dateTime = removeDateTimeLocale(value);
String normalizedDateTime = dateTime.trim();
long dateTimeInEpoch = calculateMsSinceEpoch(normalizedDateTime);
long dateTimeInEpoch = calculateSecondsSinceEpoch(normalizedDateTime);
return new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START, PARSER_NAME, dateTimeInEpoch);
} catch (DateTimeParseException ex) {
logger.log(Level.SEVERE, String.format("XRY DSP: Assumption about the date time "
logger.log(Level.SEVERE, String.format("[XRY DSP] Assumption about the date time "
+ "formatting of call logs is not right. Here is the value [ %s ]", value), ex);
return null;
}
@ -167,9 +167,9 @@ final class XRYCallsFileParser extends AbstractSingleKeyValueParser {
* @param dateTime
* @return
*/
private long calculateMsSinceEpoch(String dateTime) {
private long calculateSecondsSinceEpoch(String dateTime) {
LocalDateTime localDateTime = LocalDateTime.parse(dateTime, DATE_TIME_PARSER);
//Assume dates have no offset.
return localDateTime.toInstant(ZoneOffset.UTC).toEpochMilli();
return localDateTime.toInstant(ZoneOffset.UTC).getEpochSecond();
}
}

12
Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYDeviceGenInfoFileParser.java
View File

@ -83,7 +83,7 @@ final class XRYDeviceGenInfoFileParser implements XRYFileParser {
@Override
public void parse(XRYFileReader reader, Content parent) throws IOException, TskCoreException {
Path reportPath = reader.getReportPath();
logger.log(Level.INFO, String.format("XRY DSP: Processing report at [ %s ]", reportPath.toString()));
logger.log(Level.INFO, String.format("[XRY DSP] Processing report at [ %s ]", reportPath.toString()));
while (reader.hasNextEntity()) {
String xryEntity = reader.nextEntity();
@ -93,7 +93,7 @@ final class XRYDeviceGenInfoFileParser implements XRYFileParser {
//First line of the entity is the title.
if (xryLines.length > 0) {
logger.log(Level.INFO, String.format("XRY DSP: Processing [ %s ]", xryLines[0]));
logger.log(Level.INFO, String.format("[XRY DSP] Processing [ %s ]", xryLines[0]));
}
for (int i = 1; i < xryLines.length; i++) {
@ -101,7 +101,7 @@ final class XRYDeviceGenInfoFileParser implements XRYFileParser {
//Expecting to see a "Data" key.
if (!hasDataKey(xryLine)) {
logger.log(Level.SEVERE, String.format("XRY DSP: Expected a 'Data' key "
logger.log(Level.SEVERE, String.format("[XRY DSP] Expected a 'Data' key "
+ "on this line (in brackets) [ %s ], but none was found. "
+ "Discarding... Here is the previous line for context [ %s ]. "
+ "What does this mean?", xryLine, xryLines[i - 1]));
@ -109,7 +109,7 @@ final class XRYDeviceGenInfoFileParser implements XRYFileParser {
}
if (i + 1 == xryLines.length) {
logger.log(Level.SEVERE, String.format("XRY DSP: Found a 'Data' key "
logger.log(Level.SEVERE, String.format("[XRY DSP] Found a 'Data' key "
+ "but no corresponding 'Attribute' key. Discarding... Here "
+ "is the 'Data' line (in brackets) [ %s ]. Here is the previous "
+ "line for context [ %s ]. What does this mean?", xryLine, xryLines[i - 1]));
@ -123,7 +123,7 @@ final class XRYDeviceGenInfoFileParser implements XRYFileParser {
//Expecting to see an "Attribute" key
if (!hasAttributeKey(nextXryLine)) {
logger.log(Level.SEVERE, String.format("XRY DSP: Expected an 'Attribute' "
logger.log(Level.SEVERE, String.format("[XRY DSP] Expected an 'Attribute' "
+ "key on this line (in brackets) [ %s ], but none was found. "
+ "Discarding... Here is the previous line for context [ %s ]. "
+ "What does this mean?", nextXryLine, xryLine));
@ -139,7 +139,7 @@ final class XRYDeviceGenInfoFileParser implements XRYFileParser {
//All of the attribute types in the map expect a string.
attributes.add(new BlackboardAttribute(KEY_TO_TYPE.get(normalizedAttributeValue), PARSER_NAME, dataValue));
} else {
logger.log(Level.SEVERE, String.format("XRY DSP: Attribute type (in brackets) "
logger.log(Level.SEVERE, String.format("[XRY DSP] Attribute type (in brackets) "
+ "[ %s ] was not recognized. Discarding... Here is the "
+ "previous line for context [ %s ]. What does this mean?", nextXryLine, xryLine));
}

2
Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYFileParserFactory.java
View File

@ -42,7 +42,7 @@ final class XRYFileParserFactory {
throw new IllegalArgumentException("Report type cannot be null");
}
switch (reportType.toLowerCase()) {
switch (reportType.trim().toLowerCase()) {
case "calls":
return new XRYCallsFileParser();
case "contacts/contacts":

36
Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java
View File

@ -118,7 +118,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
@Override
public void parse(XRYFileReader reader, Content parent) throws IOException, TskCoreException {
Path reportPath = reader.getReportPath();
logger.log(Level.INFO, String.format("XRY DSP: Processing report at [ %s ]", reportPath.toString()));
logger.log(Level.INFO, String.format("[XRY DSP] Processing report at [ %s ]", reportPath.toString()));
//Keep track of the reference numbers that have been parsed.
Set<Integer> referenceNumbersSeen = new HashSet<>();
@ -129,7 +129,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
//First line of the entity is the title.
if (xryLines.length > 0) {
logger.log(Level.INFO, String.format("XRY DSP: Processing [ %s ]", xryLines[0]));
logger.log(Level.INFO, String.format("[XRY DSP] Processing [ %s ]", xryLines[0]));
}
List<BlackboardAttribute> attributes = new ArrayList<>();
@ -147,7 +147,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
//Find the XRY key on this line.
int keyDelimiter = xryLine.indexOf(KEY_VALUE_DELIMITER);
if (keyDelimiter == -1) {
logger.log(Level.SEVERE, String.format("XRY DSP: Expected a key value "
logger.log(Level.SEVERE, String.format("[XRY DSP] Expected a key value "
+ "pair on this line (in brackets) [ %s ], but one was not detected."
+ " Is this the continuation of a previous line?"
+ " Here is the previous line (in brackets) [ %s ]. "
@ -167,7 +167,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
}
if (!XRY_KEYS.contains(normalizedKey)) {
logger.log(Level.SEVERE, String.format("XRY DSP: The following key, "
logger.log(Level.SEVERE, String.format("[XRY DSP] The following key, "
+ "value pair (in brackets, respectively) [ %s ], [ %s ] "
+ "was not recognized. Discarding... Here is the previous line "
+ "[ %s ] for context. What does this key mean?", key, value, xryLines[i - 1]));
@ -175,7 +175,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
}
if (value.isEmpty()) {
logger.log(Level.SEVERE, String.format("XRY DSP: The following key "
logger.log(Level.SEVERE, String.format("[XRY DSP] The following key "
+ "(in brackets) [ %s ] was recognized, but the value "
+ "was empty. Discarding... Here is the previous line "
+ "for context [ %s ]. Is this a continuation of this line? "
@ -186,7 +186,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
//Assume text is the only field that can span multiple lines.
if (normalizedKey.equals(TEXT_KEY)) {
//Build up multiple lines.
for (; i + 1 < xryLines.length
for (; (i + 1) < xryLines.length
&& !hasKey(xryLines[i + 1])
&& !hasNamespace(xryLines[i + 1]); i++) {
String continuedValue = xryLines[i + 1].trim();
@ -198,15 +198,15 @@ final class XRYMessagesFileParser implements XRYFileParser {
//Check if there is any segmented text. Min val is used to
//signify that no reference number was found.
if (referenceNumber != Integer.MIN_VALUE) {
logger.log(Level.INFO, String.format("XRY DSP: Message entity "
logger.log(Level.INFO, String.format("[XRY DSP] Message entity "
+ "appears to be segmented with reference number [ %d ]", referenceNumber));
if (referenceNumbersSeen.contains(referenceNumber)) {
logger.log(Level.SEVERE, "XRY DSP: This reference has already "
logger.log(Level.SEVERE, String.format("[XRY DSP] This reference [ %d ] has already "
+ "been seen. This means that the segments are not "
+ "contiguous. Any segments contiguous with this "
+ "one will be aggregated and another "
+ "(otherwise duplicate) artifact will be created.");
+ "(otherwise duplicate) artifact will be created.", referenceNumber));
}
referenceNumbersSeen.add(referenceNumber);
@ -269,12 +269,12 @@ final class XRYMessagesFileParser implements XRYFileParser {
//Extract the text key from the entity, which is potentially
//multi-lined.
if (nextEntityLines.length > 0) {
logger.log(Level.INFO, String.format("XRY DSP: Processing [ %s ] "
logger.log(Level.INFO, String.format("[XRY DSP] Processing [ %s ] "
+ "segment with reference number [ %d ]", nextEntityLines[0], referenceNumber));
}
if (nextSegmentNumber != currentSegmentNumber + 1) {
logger.log(Level.SEVERE, String.format("XRY DSP: Contiguous "
logger.log(Level.SEVERE, String.format("[XRY DSP] Contiguous "
+ "segments are not ascending incrementally. Encountered "
+ "segment [ %d ] after segment [ %d ]. This means the reconstructed "
+ "text will be out of order.", nextSegmentNumber, currentSegmentNumber));
@ -365,7 +365,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
try {
return Integer.parseInt(value);
} catch (NumberFormatException ex) {
logger.log(Level.SEVERE, String.format("XRY DSP: Value [ %s ] for "
logger.log(Level.SEVERE, String.format("[XRY DSP] Value [ %s ] for "
+ "meta key [ %s ] was not an integer.", value, metaKey), ex);
}
}
@ -395,10 +395,10 @@ final class XRYMessagesFileParser implements XRYFileParser {
try {
String dateTime = removeDateTimeLocale(value);
String normalizedDateTime = dateTime.trim();
long dateTimeInEpoch = calculateMsSinceEpoch(normalizedDateTime);
long dateTimeInEpoch = calculateSecondsSinceEpoch(normalizedDateTime);
return new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, PARSER_NAME, dateTimeInEpoch);
} catch (DateTimeParseException ex) {
logger.log(Level.SEVERE, String.format("XRY DSP: Assumption "
logger.log(Level.SEVERE, String.format("[XRY DSP] Assumption "
+ "about the date time formatting of messages is not "
+ "right. Here is the value [ %s ].", value), ex);
return null;
@ -423,7 +423,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
//Ignore for now.
return null;
default:
logger.log(Level.SEVERE, String.format("XRY DSP: Unrecognized "
logger.log(Level.SEVERE, String.format("[XRY DSP] Unrecognized "
+ "status value [ %s ].", value));
return null;
}
@ -439,7 +439,7 @@ final class XRYMessagesFileParser implements XRYFileParser {
//Ignore for now.
return null;
default:
logger.log(Level.SEVERE, String.format("XRY DSP: Unrecognized "
logger.log(Level.SEVERE, String.format("[XRY DSP] Unrecognized "
+ "type value [ %s ]", value));
return null;
}
@ -495,9 +495,9 @@ final class XRYMessagesFileParser implements XRYFileParser {
* @param dateTime
* @return
*/
private long calculateMsSinceEpoch(String dateTime) {
private long calculateSecondsSinceEpoch(String dateTime) {
LocalDateTime localDateTime = LocalDateTime.parse(dateTime, DATE_TIME_PARSER);
//Assume dates have no offset.
return localDateTime.toInstant(ZoneOffset.UTC).toEpochMilli();
return localDateTime.toInstant(ZoneOffset.UTC).getEpochSecond();
}
}