From 0a8ea5a0be13ef1f7cdda9eb67cdef63f2e46b1b Mon Sep 17 00:00:00 2001 From: Ann Priestman Date: Wed, 6 Dec 2017 08:41:00 -0500 Subject: [PATCH] Add correlation type field to reference sets --- .../datamodel/AbstractSqlEamDb.java | 14 +- .../centralrepository/datamodel/EamDb.java | 124 ++++++++++-------- .../datamodel/EamGlobalSet.java | 29 +++- .../datamodel/PostgresEamDbSettings.java | 1 + .../datamodel/SqliteEamDb.java | 6 +- .../datamodel/SqliteEamDbSettings.java | 1 + .../HashDbCreateDatabaseDialog.java | 3 +- .../modules/hashdatabase/HashDbManager.java | 2 +- .../ImportCentralRepoDbProgressDialog.java | 3 +- 9 files changed, 113 insertions(+), 70 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java index 8eda401abe..03aa502350 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java @@ -1608,7 +1608,7 @@ public abstract class AbstractSqlEamDb implements EamDb { PreparedStatement preparedStatement1 = null; PreparedStatement preparedStatement2 = null; ResultSet resultSet = null; - String sql1 = "INSERT INTO reference_sets(org_id, set_name, version, known_status, read_only, import_date) VALUES (?, ?, ?, ?, ?, ?)"; + String sql1 = "INSERT INTO reference_sets(org_id, set_name, version, known_status, read_only, type, import_date) VALUES (?, ?, ?, ?, ?, ?, ?)"; String sql2 = "SELECT id FROM reference_sets WHERE org_id=? AND set_name=? AND version=? AND import_date=? LIMIT 1"; try { @@ -1618,7 +1618,8 @@ public abstract class AbstractSqlEamDb implements EamDb { preparedStatement1.setString(3, eamGlobalSet.getVersion()); preparedStatement1.setInt(4, eamGlobalSet.getFileKnownStatus().getFileKnownValue()); preparedStatement1.setBoolean(5, eamGlobalSet.isReadOnly()); - preparedStatement1.setString(6, eamGlobalSet.getImportDate().toString()); + preparedStatement1.setInt(6, eamGlobalSet.getType().getId()); + preparedStatement1.setString(7, eamGlobalSet.getImportDate().toString()); preparedStatement1.executeUpdate(); @@ -1678,18 +1679,20 @@ public abstract class AbstractSqlEamDb implements EamDb { /** * Get all reference sets * + * @param correlationType Type of sets to return + * * @return List of all reference sets in the central repository * * @throws EamDbException */ @Override - public List getAllReferenceSets() throws EamDbException { + public List getAllReferenceSets(CorrelationAttribute.Type correlationType) throws EamDbException { List results = new ArrayList<>(); Connection conn = connect(); PreparedStatement preparedStatement1 = null; ResultSet resultSet = null; - String sql1 = "SELECT * FROM reference_sets"; + String sql1 = "SELECT * FROM reference_sets WHERE type=" + correlationType.getId(); try { preparedStatement1 = conn.prepareStatement(sql1); @@ -2193,7 +2196,7 @@ public abstract class AbstractSqlEamDb implements EamDb { return eamOrganization; } - private EamGlobalSet getEamGlobalSetFromResultSet(ResultSet resultSet) throws SQLException { + private EamGlobalSet getEamGlobalSetFromResultSet(ResultSet resultSet) throws SQLException, EamDbException { if (null == resultSet) { return null; } @@ -2205,6 +2208,7 @@ public abstract class AbstractSqlEamDb implements EamDb { resultSet.getString("version"), TskData.FileKnown.valueOf(resultSet.getByte("known_status")), resultSet.getBoolean("read_only"), + EamDb.getInstance().getCorrelationTypeById(resultSet.getInt("type")), LocalDate.parse(resultSet.getString("import_date")) ); diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java index f8ab7bfc60..2b05cb1d70 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamDb.java @@ -33,7 +33,7 @@ public interface EamDb { public static final int SCHEMA_VERSION = 1; public static final CaseDbSchemaVersionNumber CURRENT_DB_SCHEMA_VERSION - = new CaseDbSchemaVersionNumber(1, 1); + = new CaseDbSchemaVersionNumber(1, 1); /** * Get the instance @@ -103,7 +103,7 @@ public interface EamDb { /** * Add a new name/value pair in the db_info table. * - * @param name Key to set + * @param name Key to set * @param value Value to set * * @throws EamDbException @@ -124,7 +124,7 @@ public interface EamDb { /** * Update the value for a name in the name/value db_info table. * - * @param name Name to find + * @param name Name to find * @param value Value to assign to name. * * @throws EamDbException @@ -146,8 +146,6 @@ public interface EamDb { * @param autopsyCase The case to add */ CorrelationCase newCase(Case autopsyCase) throws EamDbException; - - /** * Updates an existing Case in the database @@ -158,13 +156,13 @@ public interface EamDb { /** * Retrieves Central Repo case based on an Autopsy Case - * + * * @param autopsyCase Autopsy case to find corresponding CR case for * @return CR Case - * @throws EamDbException + * @throws EamDbException */ CorrelationCase getCase(Case autopsyCase) throws EamDbException; - + /** * Retrieves Case details based on Case UUID * @@ -191,8 +189,8 @@ public interface EamDb { /** * Retrieves Data Source details based on data source device ID * - * @param correlationCase the current CorrelationCase used for ensuring - * uniqueness of DataSource + * @param correlationCase the current CorrelationCase used for ensuring + * uniqueness of DataSource * @param dataSourceDeviceId the data source device ID number * * @return The data source @@ -229,7 +227,7 @@ public interface EamDb { * Retrieves eamArtifact instances from the database that are associated * with the aType and filePath * - * @param aType EamArtifact.Type to search for + * @param aType EamArtifact.Type to search for * @param filePath File path to search for * * @return List of 0 or more EamArtifactInstances @@ -246,7 +244,7 @@ public interface EamDb { * @param value Value to search for * * @return Number of artifact instances having ArtifactType and - * ArtifactValue. + * ArtifactValue. */ Long getCountArtifactInstancesByTypeValue(CorrelationAttribute.Type aType, String value) throws EamDbException; @@ -283,11 +281,11 @@ public interface EamDb { * associated with the caseDisplayName and dataSource of the given * eamArtifact instance. * - * @param caseUUID Case ID to search for + * @param caseUUID Case ID to search for * @param dataSourceID Data source ID to search for * * @return Number of artifact instances having caseDisplayName and - * dataSource + * dataSource */ Long getCountArtifactInstancesByCaseDataSource(String caseUUID, String dataSourceID) throws EamDbException; @@ -349,7 +347,7 @@ public interface EamDb { * @param value Value to search for * * @return List of cases containing this artifact with instances marked as - * bad + * bad * * @throws EamDbException */ @@ -357,14 +355,17 @@ public interface EamDb { /** * Remove a reference set and all values contained in it. + * * @param referenceSetID - * @throws EamDbException + * @throws EamDbException */ public void deleteReferenceSet(int referenceSetID) throws EamDbException; - + /** - * Check whether a reference set with the given parameters exists in the central repository. - * Used to check whether reference sets saved in the settings are still present. + * Check whether a reference set with the given parameters exists in the + * central repository. Used to check whether reference sets saved in the + * settings are still present. + * * @param referenceSetID * @param referenceSetName * @param version @@ -372,36 +373,40 @@ public interface EamDb { * @throws EamDbException */ public boolean referenceSetIsValid(int referenceSetID, String referenceSetName, String version) throws EamDbException; - + /** - * Check whether a reference set with the given name/version is in the central repo. - * Used to check for name collisions when creating reference sets. + * Check whether a reference set with the given name/version is in the + * central repo. Used to check for name collisions when creating reference + * sets. + * * @param referenceSetName * @param version * @return true if a matching set is found - * @throws EamDbException + * @throws EamDbException */ public boolean referenceSetExists(String referenceSetName, String version) throws EamDbException; - + /** - * Check if the given file hash is in this reference set. - * Only searches the reference_files table. + * Check if the given file hash is in this reference set. Only searches the + * reference_files table. + * * @param hash * @param referenceSetID * @return true if the hash is found in the reference set - * @throws EamDbException + * @throws EamDbException */ public boolean isFileHashInReferenceSet(String hash, int referenceSetID) throws EamDbException; - + /** * Check if the given value is in a specific reference set + * * @param value * @param referenceSetID - * @param correlationTypeID + * @param correlationTypeID * @return true if the hash is found in the reference set */ - public boolean isValueInReferenceSet(String value, int referenceSetID, int correlationTypeID) throws EamDbException; - + public boolean isValueInReferenceSet(String value, int referenceSetID, int correlationTypeID) throws EamDbException; + /** * Is the artifact known as bad according to the reference entries? * @@ -418,7 +423,7 @@ public interface EamDb { * @param eamOrg The organization to add * * @return the Organization ID of the newly created organization. - * + * * @throws EamDbException */ long newOrganization(EamOrganization eamOrg) throws EamDbException; @@ -445,9 +450,10 @@ public interface EamDb { /** * Get the organization associated with the given reference set. + * * @param referenceSetID ID of the reference set * @return The organization object - * @throws EamDbException + * @throws EamDbException */ EamOrganization getReferenceSetOrganization(int referenceSetID) throws EamDbException; @@ -455,7 +461,7 @@ public interface EamDb { * Update an existing organization. * * @param updatedOrganization the values the Organization with the same ID - * will be updated to in the database. + * will be updated to in the database. * * @throws EamDbException */ @@ -463,13 +469,13 @@ public interface EamDb { /** * Delete an organization if it is not being used by any case. - * + * * @param organizationToDelete the organization to be deleted - * - * @throws EamDbException + * + * @throws EamDbException */ void deleteOrganization(EamOrganization organizationToDelete) throws EamDbException; - + /** * Add a new Global Set * @@ -491,33 +497,34 @@ public interface EamDb { * @throws EamDbException */ EamGlobalSet getReferenceSetByID(int globalSetID) throws EamDbException; - + /** * Get all reference sets * + * @param correlationType Type of sets to return + * * @return List of all reference sets in the central repository * * @throws EamDbException */ - List getAllReferenceSets() throws EamDbException; + List getAllReferenceSets(CorrelationAttribute.Type correlationType) throws EamDbException; /** * Add a new reference instance * * @param eamGlobalFileInstance The reference instance to add - * @param correlationType Correlation Type that this Reference - * Instance is + * @param correlationType Correlation Type that this Reference Instance is * * @throws EamDbException */ void addReferenceInstance(EamGlobalFileInstance eamGlobalFileInstance, CorrelationAttribute.Type correlationType) throws EamDbException; - + /** * Insert the bulk collection of Global File Instances * * @param globalInstances a Set of EamGlobalFileInstances to insert into the - * db. - * @param contentType the Type of the global instances + * db. + * @param contentType the Type of the global instances * * @throws EamDbException */ @@ -526,7 +533,7 @@ public interface EamDb { /** * Get all reference entries having a given correlation type and value * - * @param aType Type to use for matching + * @param aType Type to use for matching * @param aValue Value to use for matching * * @return List of all global file instances with a type and value @@ -551,7 +558,7 @@ public interface EamDb { * used to correlate artifacts. * * @return List of EamArtifact.Type's. If none are defined in the database, - * the default list will be returned. + * the default list will be returned. * * @throws EamDbException */ @@ -562,7 +569,7 @@ public interface EamDb { * artifacts. * * @return List of enabled EamArtifact.Type's. If none are defined in the - * database, the default list will be returned. + * database, the default list will be returned. * * @throws EamDbException */ @@ -573,7 +580,7 @@ public interface EamDb { * correlate artifacts. * * @return List of supported EamArtifact.Type's. If none are defined in the - * database, the default list will be returned. + * database, the default list will be returned. * * @throws EamDbException */ @@ -598,20 +605,23 @@ public interface EamDb { * @throws EamDbException */ public CorrelationAttribute.Type getCorrelationTypeById(int typeId) throws EamDbException; - + /** * Upgrade the schema of the database (if needed) - * @throws EamDbException + * + * @throws EamDbException */ public void upgradeSchema() throws EamDbException, SQLException; - + /** - * Gets an exclusive lock (if applicable). - * Will return the lock if successful, null if unsuccessful because locking - * isn't supported, and throw an exception if we should have been able to get the - * lock but failed (meaning the database is in use). + * Gets an exclusive lock (if applicable). Will return the lock if + * successful, null if unsuccessful because locking isn't supported, and + * throw an exception if we should have been able to get the lock but failed + * (meaning the database is in use). + * * @return the lock, or null if locking is not supported - * @throws EamDbException if the coordination service is running but we fail to get the lock + * @throws EamDbException if the coordination service is running but we fail + * to get the lock */ public CoordinationService.Lock getExclusiveMultiUserDbLock() throws EamDbException; } diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamGlobalSet.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamGlobalSet.java index 23a4c257ae..a434afb32b 100755 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamGlobalSet.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamGlobalSet.java @@ -32,6 +32,7 @@ public class EamGlobalSet { private String version; private TskData.FileKnown fileKnownStatus; private boolean isReadOnly; + private CorrelationAttribute.Type type; private LocalDate importDate; public EamGlobalSet( @@ -41,6 +42,7 @@ public class EamGlobalSet { String version, TskData.FileKnown knownStatus, boolean isReadOnly, + CorrelationAttribute.Type type, LocalDate importDate) { this.globalSetID = globalSetID; this.orgID = orgID; @@ -48,6 +50,7 @@ public class EamGlobalSet { this.version = version; this.fileKnownStatus = knownStatus; this.isReadOnly = isReadOnly; + this.type = type; this.importDate = importDate; } @@ -57,8 +60,9 @@ public class EamGlobalSet { String version, TskData.FileKnown knownStatus, boolean isReadOnly, + CorrelationAttribute.Type type, LocalDate importDate) { - this(-1, orgID, setName, version, knownStatus, isReadOnly, importDate); + this(-1, orgID, setName, version, knownStatus, isReadOnly, type, importDate); } /** @@ -77,8 +81,9 @@ public class EamGlobalSet { String setName, String version, TskData.FileKnown knownStatus, - boolean isReadOnly) { - this(-1, orgID, setName, version, knownStatus, isReadOnly, LocalDate.now()); + boolean isReadOnly, + CorrelationAttribute.Type type) { + this(-1, orgID, setName, version, knownStatus, isReadOnly, type, LocalDate.now()); } /** @@ -164,6 +169,24 @@ public class EamGlobalSet { public void setFileKnownStatus(TskData.FileKnown fileKnownStatus) { this.fileKnownStatus = fileKnownStatus; } + + /** + * Get the type of reference set + * + * @return the type (files, phone numbers, etc) + */ + public CorrelationAttribute.Type getType() { + return type; + } + + /** + * Sets the type of reference set + * + * @param type + */ + void setType(CorrelationAttribute.Type type) { + this.type = type; + } /** * @return the importDate diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/PostgresEamDbSettings.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/PostgresEamDbSettings.java index f58d313e47..869d13dc70 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/PostgresEamDbSettings.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/PostgresEamDbSettings.java @@ -356,6 +356,7 @@ public final class PostgresEamDbSettings { createReferenceSetsTable.append("version text NOT NULL,"); createReferenceSetsTable.append("known_status integer NOT NULL,"); createReferenceSetsTable.append("read_only boolean NOT NULL,"); + createReferenceSetsTable.append("type integer NOT NULL,"); createReferenceSetsTable.append("import_date text NOT NULL,"); createReferenceSetsTable.append("foreign key (org_id) references organizations(id) ON UPDATE SET NULL ON DELETE SET NULL,"); createReferenceSetsTable.append("CONSTRAINT hash_set_unique UNIQUE (set_name, version)"); diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDb.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDb.java index 55e60dd380..c9931675a8 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDb.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDb.java @@ -807,15 +807,17 @@ public class SqliteEamDb extends AbstractSqlEamDb { /** * Get all reference sets * + * @param correlationType Type of sets to return + * * @return List of all reference sets in the central repository * * @throws EamDbException */ @Override - public List getAllReferenceSets() throws EamDbException{ + public List getAllReferenceSets(CorrelationAttribute.Type correlationType) throws EamDbException { try{ acquireSharedLock(); - return super.getAllReferenceSets(); + return super.getAllReferenceSets(correlationType); } finally { releaseSharedLock(); } diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDbSettings.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDbSettings.java index 9355dbacde..f006cc7e24 100644 --- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDbSettings.java +++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/SqliteEamDbSettings.java @@ -298,6 +298,7 @@ public final class SqliteEamDbSettings { createReferenceSetsTable.append("version text NOT NULL,"); createReferenceSetsTable.append("known_status integer NOT NULL,"); createReferenceSetsTable.append("read_only boolean NOT NULL,"); + createReferenceSetsTable.append("type integer NOT NULL,"); createReferenceSetsTable.append("import_date text NOT NULL,"); createReferenceSetsTable.append("foreign key (org_id) references organizations(id) ON UPDATE SET NULL ON DELETE SET NULL,"); createReferenceSetsTable.append("CONSTRAINT hash_set_unique UNIQUE (set_name, version)"); diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbCreateDatabaseDialog.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbCreateDatabaseDialog.java index 13dd9bcd63..701b2995a8 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbCreateDatabaseDialog.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbCreateDatabaseDialog.java @@ -31,6 +31,7 @@ import javax.swing.JOptionPane; import org.apache.commons.io.FilenameUtils; import org.openide.util.NbBundle; import org.openide.windows.WindowManager; +import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttribute; import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb; import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException; import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbUtil; @@ -527,7 +528,7 @@ final class HashDbCreateDatabaseDialog extends javax.swing.JDialog { try{ int referenceSetID = EamDb.getInstance().newReferenceSet(new EamGlobalSet(selectedOrg.getOrgID(), hashSetNameTextField.getText(), - "", fileKnown, false)); + "", fileKnown, false, EamDb.getInstance().getCorrelationTypeById(CorrelationAttribute.FILES_TYPE_ID))); newHashDb = HashDbManager.getInstance().addExistingCentralRepoHashSet(hashSetNameTextField.getText(), "", referenceSetID, true, sendIngestMessagesCheckbox.isSelected(), type, false); diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java index 34770aa6fa..c032bdc83e 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java @@ -490,7 +490,7 @@ public class HashDbManager implements PropertyChangeListener { List crHashSets = new ArrayList<>(); if(EamDb.isEnabled()){ try{ - List crSets = EamDb.getInstance().getAllReferenceSets(); + List crSets = EamDb.getInstance().getAllReferenceSets(EamDb.getInstance().getCorrelationTypeById(CorrelationAttribute.FILES_TYPE_ID)); for(EamGlobalSet globalSet:crSets){ // Defaults for fields not stored in the central repository: diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/ImportCentralRepoDbProgressDialog.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/ImportCentralRepoDbProgressDialog.java index 37d3a20009..bbcc503b08 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/ImportCentralRepoDbProgressDialog.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/ImportCentralRepoDbProgressDialog.java @@ -237,7 +237,8 @@ class ImportCentralRepoDbProgressDialog extends javax.swing.JDialog implements P // Create an empty hashset in the central repository EamDb dbManager = EamDb.getInstance(); - referenceSetID.set(dbManager.newReferenceSet(new EamGlobalSet(orgId, hashSetName, version, knownStatus, readOnly))); + referenceSetID.set(dbManager.newReferenceSet(new EamGlobalSet(orgId, hashSetName, version, knownStatus, + readOnly, EamDb.getInstance().getCorrelationTypeById(CorrelationAttribute.FILES_TYPE_ID)))); // Get the "FILES" content type. This is a database lookup so we // only want to do it once.