From f93f65864518a053c215d1e1599ffa04135eae58 Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Wed, 28 Apr 2021 11:44:49 -0400
Subject: [PATCH] bug fixes

---
 .../xry/XRYContactsFileParser.java            |  1 +
 .../xry/XRYDeviceGenInfoFileParser.java       |  3 +-
 .../xry/XRYWebBookmarksFileParser.java        |  3 +-
 .../dsp/AddLogicalImageTask.java              | 31 ++++++++++++-------
 .../DataSourceIntegrityIngestModule.java      |  3 +-
 .../GPX_Module/GPX_Parser_Module.py           |  6 ++--
 .../android/browserlocation.py                |  2 +-
 .../android/cachelocation.py                  |  3 +-
 InternalPythonModules/android/oruxmaps.py     |  3 +-
 InternalPythonModules/android/viber.py        |  3 +-
 pythonExamples/dataSourceIngestModule.py      |  9 +++---
 pythonExamples/fileIngestModule.py            | 10 +++---
 .../ThunderbirdMboxFileIngestModule.java      |  1 +
 13 files changed, 45 insertions(+), 33 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java
index 92cbaa65ec..9f9a821581 100755
--- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java
+++ b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java
@@ -24,6 +24,7 @@ import java.util.List;
 import java.util.logging.Level;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import static org.sleuthkit.autopsy.datasourceprocessors.xry.AbstractSingleEntityParser.PARSER_NAME;
+import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Account;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYDeviceGenInfoFileParser.java b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYDeviceGenInfoFileParser.java
index e174d3ffc4..2cef8e7ab1 100755
--- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYDeviceGenInfoFileParser.java
+++ b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYDeviceGenInfoFileParser.java
@@ -25,6 +25,7 @@ import java.util.Map;
 import java.util.Optional;
 import java.util.logging.Level;
 import org.sleuthkit.autopsy.coreutils.Logger;
+import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardAttribute;
@@ -106,7 +107,7 @@ final class XRYDeviceGenInfoFileParser extends AbstractSingleEntityParser {
         }
         if(!attributes.isEmpty()) {
             if (parent instanceof AbstractFile) {
-                ((AbstractFile) parent).newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO), attributes)
+                ((AbstractFile) parent).newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO), attributes);
             } else {
                 parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO), attributes, null);
             }
diff --git a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYWebBookmarksFileParser.java b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYWebBookmarksFileParser.java
index c8f55f9175..8393d25d64 100755
--- a/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYWebBookmarksFileParser.java
+++ b/Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYWebBookmarksFileParser.java
@@ -23,6 +23,7 @@ import java.util.Map;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Optional;
+import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard.BlackboardException;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.BlackboardArtifact;
@@ -79,7 +80,7 @@ final class XRYWebBookmarksFileParser extends AbstractSingleEntityParser {
         }
         if(!attributes.isEmpty()) {
             if (parent instanceof AbstractFile) {
-                ((AbstractFile) parent).newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK), attributes)
+                ((AbstractFile) parent).newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK), attributes);
             } else {
                 parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK), attributes, null);
             }
diff --git a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java
index 7ee7d7c47e..68bcaaef06 100644
--- a/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java
+++ b/Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java
@@ -37,6 +37,7 @@ import java.util.Map;
 import java.util.logging.Level;
 import javax.annotation.concurrent.GuardedBy;
 import org.apache.commons.io.FileUtils;
+import org.openide.util.Exceptions;
 import org.openide.util.NbBundle.Messages;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
@@ -443,18 +444,24 @@ final class AddLogicalImageTask implements Runnable {
     }
 
     private void addInterestingFileToArtifacts(long fileId, long dataSourceId, String ruleSetName, String ruleName, List<BlackboardArtifact> artifacts) throws TskCoreException {
-        BlackboardArtifact artifact = this.blackboard.newAnalysisResult(
-                INTERESTING_FILE_TYPE,
-                fileId,
-                dataSourceId,
-                Score.SCORE_UNKNOWN,
-                null,
-                null,
-                null,
-                Arrays.asList(
-                        new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, ruleSetName),
-                        new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, ruleName)
-                ));
+        BlackboardArtifact artifact;
+        try {
+            artifact = this.blackboard.newAnalysisResult(
+                    INTERESTING_FILE_TYPE,
+                    fileId,
+                    dataSourceId,
+                    Score.SCORE_UNKNOWN,
+                    null,
+                    null,
+                    null,
+                    Arrays.asList(
+                            new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, ruleSetName),
+                            new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, ruleName)
+                    ))
+                    .getAnalysisResult();
+        } catch (Blackboard.BlackboardException ex) {
+            throw new TskCoreException("Unable to create analysis result.", ex);
+        }
 
         artifacts.add(artifact);
     }
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
index 58553711c2..82a917ce7e 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
@@ -299,7 +299,8 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
                             Score.SCORE_UNKNOWN,
                             null, null, null,
                             Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
-                                    DataSourceIntegrityModuleFactory.getModuleName(), artifactComment)));
+                                    DataSourceIntegrityModuleFactory.getModuleName(), artifactComment)))
+                            .getAnalysisResult();
 
                     Case.getCurrentCase().getServices().getArtifactsBlackboard()
                             .postArtifact(verificationFailedArtifact, DataSourceIntegrityModuleFactory.getModuleName());
diff --git a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py
index 3ee603a243..8f8412ae3d 100644
--- a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py
+++ b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py
@@ -199,9 +199,6 @@ class GPXParserFileIngestModule(FileIngestModule):
             for waypoint in gpx.waypoints:
 
                 try:
-                    art = file.newArtifact(
-                        BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK)
-
                     attributes = ArrayList()
                     attributes.add(BlackboardAttribute(
                         BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(), self.moduleName, waypoint.latitude))
@@ -213,7 +210,8 @@ class GPXParserFileIngestModule(FileIngestModule):
                         BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self.moduleName, waypoint.name))
                     attributes.add(BlackboardAttribute(
                         BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), self.moduleName, "GPXParser"))
-                    art.addAttributes(attributes)
+
+                    artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
 
                     self.blackboard.postArtifact(art, self.moduleName)
 
diff --git a/InternalPythonModules/android/browserlocation.py b/InternalPythonModules/android/browserlocation.py
index c202c36d2a..cbf5a730ef 100644
--- a/InternalPythonModules/android/browserlocation.py
+++ b/InternalPythonModules/android/browserlocation.py
@@ -95,11 +95,11 @@ class BrowserLocationAnalyzer(general.AndroidComponentAnalyzer):
                 longitude = Double.valueOf(resultSet.getString("longitude"))
 
                 attributes = ArrayList()
-                artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK)
                 attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, general.MODULE_NAME, latitude))
                 attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, general.MODULE_NAME, longitude))
                 attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, timestamp))
                 attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME, "Browser Location History"))
+                artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
                 # artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy))
                 # NOTE: originally commented out
 
diff --git a/InternalPythonModules/android/cachelocation.py b/InternalPythonModules/android/cachelocation.py
index 683370dfad..599eb60ca1 100644
--- a/InternalPythonModules/android/cachelocation.py
+++ b/InternalPythonModules/android/cachelocation.py
@@ -91,14 +91,13 @@ class CacheLocationAnalyzer(general.AndroidComponentAnalyzer):
                     i = i + 1
 
                     attributes = ArrayList()
-                    artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK)
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, general.MODULE_NAME, latitude))
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, general.MODULE_NAME, longitude))
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, timestamp))
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME,
                         abstractFile.getName() + " Location History"))
 
-                    artifact.addAttributes(attributes)
+                    artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
                     #Not storing these for now.
                     #    artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy))
                     #    artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence))
diff --git a/InternalPythonModules/android/oruxmaps.py b/InternalPythonModules/android/oruxmaps.py
index 283eab38b2..9365c838b2 100644
--- a/InternalPythonModules/android/oruxmaps.py
+++ b/InternalPythonModules/android/oruxmaps.py
@@ -86,7 +86,6 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
                         altitude = poisResultSet.getDouble("poialt")
 
                         attributes = ArrayList()
-                        artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK)
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, self._MODULE_NAME, time))
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, self._MODULE_NAME, latitude))
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, self._MODULE_NAME, longitude))
@@ -94,6 +93,8 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, self._MODULE_NAME, name))
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, self._MODULE_NAME, self._PROGRAM_NAME))
 						
+                        artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
+
                         artifact.addAttributes(attributes)
                         try:
                             # index the artifact for keyword search
diff --git a/InternalPythonModules/android/viber.py b/InternalPythonModules/android/viber.py
index 1ad418b478..d1c1b50ab5 100644
--- a/InternalPythonModules/android/viber.py
+++ b/InternalPythonModules/android/viber.py
@@ -129,9 +129,8 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
                 elif (not(not contacts_parser.get_contact_name() or contacts_parser.get_contact_name().isspace())):
                     current_case = Case.getCurrentCase().getSleuthkitCase()
                     attributes = ArrayList()
-                    artifact = contacts_db.getDBFile().newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self._PARSER_NAME, contacts_parser.get_contact_name()))
-                    artifact.addAttributes(attributes)
+                    artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), attributes)
                     
                     # Post the artifact to blackboard
                     current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME)
diff --git a/pythonExamples/dataSourceIngestModule.py b/pythonExamples/dataSourceIngestModule.py
index 7e6c5b3d17..c9985dd08d 100644
--- a/pythonExamples/dataSourceIngestModule.py
+++ b/pythonExamples/dataSourceIngestModule.py
@@ -52,7 +52,8 @@ from org.sleuthkit.autopsy.casemodule import Case
 from org.sleuthkit.autopsy.casemodule.services import Services
 from org.sleuthkit.autopsy.casemodule.services import FileManager
 from org.sleuthkit.autopsy.casemodule.services import Blackboard
-
+from org.sleuthkit.autopsy.casemodule.services import Blackboard
+from org.sleuthkit.datamodel import Score
 
 # Factory that defines the name and details of the module and allows Autopsy
 # to create instances of the modules that will do the analysis.
@@ -138,9 +139,9 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
 
             # Make an artifact on the blackboard.  TSK_INTERESTING_FILE_HIT is a generic type of
             # artfiact.  Refer to the developer docs for other examples.
-            art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)
-            att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, SampleJythonDataSourceIngestModuleFactory.moduleName, "Test file")
-            art.addAttribute(att)
+            attrs = ArrayList()
+            attrs.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, SampleJythonDataSourceIngestModuleFactory.moduleName, "Test file"))
+            art = file.newAnalysisResult(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Score.SCORE_UNKNOWN, None, None, None, attrs)
 
             try:
                 # index the artifact for keyword search
diff --git a/pythonExamples/fileIngestModule.py b/pythonExamples/fileIngestModule.py
index 9392f2bc88..2bfa7e24dc 100644
--- a/pythonExamples/fileIngestModule.py
+++ b/pythonExamples/fileIngestModule.py
@@ -54,6 +54,7 @@ from org.sleuthkit.autopsy.casemodule import Case
 from org.sleuthkit.autopsy.casemodule.services import Services
 from org.sleuthkit.autopsy.casemodule.services import FileManager
 from org.sleuthkit.autopsy.casemodule.services import Blackboard
+from org.sleuthkit.datamodel import Score
 
 # Factory that defines the name and details of the module and allows Autopsy
 # to create instances of the modules that will do the anlaysis.
@@ -125,10 +126,11 @@ class SampleJythonFileIngestModule(FileIngestModule):
 
             # Make an artifact on the blackboard.  TSK_INTERESTING_FILE_HIT is a generic type of
             # artifact.  Refer to the developer docs for other examples.
-            art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)
-            att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME,
-                  SampleJythonFileIngestModuleFactory.moduleName, "Text Files")
-            art.addAttribute(att)
+            attrs = ArrayList()
+            attrs.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME,
+                  SampleJythonFileIngestModuleFactory.moduleName, "Text Files"))
+            art = file.newAnalysisResult(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Score.SCORE_UNKNOWN, None, None, None, attrs)
+
 
             try:
                 # index the artifact for keyword search
diff --git a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java
index e46ee74932..f18dfd3ae8 100644
--- a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java
+++ b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java
@@ -21,6 +21,7 @@ package org.sleuthkit.autopsy.thunderbirdparser;
 import java.io.File;
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;