mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-06 21:00:22 +00:00
292 lines
8.9 KiB
Perl
292 lines
8.9 KiB
Perl
#
|
|
# View the application layer (HTML, picutures etc.)
|
|
#
|
|
# Brian Carrier [carrier@sleuthkit.org]
|
|
# Copyright (c) 2001-2005 by Brian Carrier. All rights reserved
|
|
#
|
|
# This file is part of the Autopsy Forensic Browser (Autopsy)
|
|
#
|
|
# Autopsy is free software; you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation; either version 2 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Autopsy is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Autopsy; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY AND FITNESS FOR ANY PARTICULAR PURPOSE.
|
|
# IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
|
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
# (INCLUDING, BUT NOT LIMITED TO, LOSS OF USE, DATA, OR PROFITS OR
|
|
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
|
|
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
|
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
# Updated 1/15
|
|
|
|
package Appview;
|
|
|
|
$Appview::CELL_FRAME = 1;
|
|
$Appview::CELL_MENU = 2;
|
|
$Appview::CELL_CONT = 3;
|
|
|
|
sub main {
|
|
|
|
# By default, show the main frame
|
|
$Args::args{'view'} = $Args::enc_args{'view'} = $Appview::CELL_FRAME
|
|
unless (exists $Args::args{'view'});
|
|
|
|
Args::check_view();
|
|
my $view = Args::get_view();
|
|
|
|
# Check Basic Args
|
|
Args::check_vol('vol');
|
|
Args::check_meta('meta');
|
|
Args::check_dir();
|
|
Args::check_recmode();
|
|
|
|
if ($view == $Appview::CELL_FRAME) {
|
|
return cell_frame();
|
|
}
|
|
elsif ($view == $Appview::CELL_CONT) {
|
|
return cell_content();
|
|
}
|
|
elsif ($view == $Appview::CELL_MENU) {
|
|
return cell_menu();
|
|
}
|
|
else {
|
|
Print::print_check_err("Invalid Application Viewing View");
|
|
}
|
|
}
|
|
|
|
#########################################################################
|
|
#
|
|
# CELL - Sanitized Environment
|
|
#
|
|
|
|
my $CELL_MODE_SANIT = 1;
|
|
my $CELL_MODE_NORM = 2;
|
|
|
|
sub cell_frame {
|
|
Print::print_html_header_frameset("Autopsy Cell");
|
|
my $vol = Args::get_vol('vol');
|
|
my $mnt = $Caseman::vol2mnt{$vol};
|
|
|
|
my $fname = "$mnt$Args::args{'dir'}";
|
|
|
|
print "<frameset rows=\"15%,85%\">\n";
|
|
|
|
# if a mode was not given, then choose the Sanitized by default
|
|
$Args::args{'cell_mode'} = $CELL_MODE_SANIT
|
|
unless ((exists $Args::args{'cell_mode'})
|
|
&& ($Args::args{'cell_mode'} =~ /^\d$/));
|
|
|
|
my $url =
|
|
"&$Args::baseargs&meta=$Args::enc_args{'meta'}"
|
|
. "&dir=$Args::enc_args{'dir'}&"
|
|
. "cell_mode=$Args::args{'cell_mode'}&recmode=$Args::args{'recmode'}";
|
|
|
|
print
|
|
"<frame src=\"$::PROGNAME?mod=$::MOD_APPVIEW&view=$Appview::CELL_MENU${url}\">\n"
|
|
. "<frame src=\"$::PROGNAME?mod=$::MOD_APPVIEW&view=$Appview::CELL_CONT${url}\">\n"
|
|
. "</frameset>\n";
|
|
|
|
Print::print_html_footer_frameset();
|
|
return 0;
|
|
}
|
|
|
|
# Print the menu on top. This allows one to export the file and change modes
|
|
sub cell_menu {
|
|
Args::check_cell_mode();
|
|
|
|
Print::print_html_header("Cell Header");
|
|
|
|
my $cell_mode = $Args::args{'cell_mode'};
|
|
|
|
my $url =
|
|
"&$Args::baseargs&meta=$Args::enc_args{'meta'}&"
|
|
. "dir=$Args::enc_args{'dir'}&recmode=$Args::enc_args{'recmode'}";
|
|
|
|
if ($cell_mode == $CELL_MODE_SANIT) {
|
|
|
|
print <<EOF1;
|
|
<center>
|
|
This file is currently being viewed in a <b>sanitized environment</b><br>
|
|
HTML files have been edited to disable scripts and links.
|
|
The script contents will be shown as text.<br>
|
|
Pictures have been replaced by place holders<br>
|
|
|
|
<table width=300 cellspacing=\"0\" cellpadding=\"2\">
|
|
<tr>
|
|
<td align=center>
|
|
<a href=\"$::PROGNAME?mod=$::MOD_APPVIEW&view=$Appview::CELL_FRAME$url&cell_mode=$CELL_MODE_NORM\"
|
|
target=\"_top\">
|
|
<img src=\"pict/sanit_b_norm.jpg\" alt=\"Normal\" border=\"0\">
|
|
</a>
|
|
</td>
|
|
EOF1
|
|
|
|
}
|
|
|
|
elsif ($cell_mode == $CELL_MODE_NORM) {
|
|
print <<EOF2;
|
|
<center>
|
|
This file is currently being viewed in a <b>normal environment</b><br>
|
|
HTML files are being viewed without modification.<br>
|
|
|
|
<table width=300 cellspacing=\"0\" cellpadding=\"2\">
|
|
<tr>
|
|
<td align=center>
|
|
<a href=\"$::PROGNAME?mod=$::MOD_APPVIEW&view=$Appview::CELL_FRAME&$url&cell_mode=$CELL_MODE_SANIT\"
|
|
target=\"_top\">
|
|
<img src=\"pict/sanit_b_san.jpg\" alt=\"Sanitized\" border=\"0\">
|
|
</a>
|
|
</td>
|
|
EOF2
|
|
}
|
|
|
|
# Export the file
|
|
print "<td align=center>\n"
|
|
. "<a href=\"$::PROGNAME?mod=$::MOD_FILE&view=$File::EXPORT&$url\">"
|
|
. "<img src=\"pict/but_export.jpg\" alt=\"export\" border=\"0\" "
|
|
. "width=123 height=20>"
|
|
. "</a></td></tr>\n";
|
|
|
|
print "<tr><td colspan=\"2\" align=\"center\">"
|
|
. "Deleted File Recovery Mode</td></tr>\n"
|
|
if ($Args::enc_args{'recmode'} == $File::REC_YES);
|
|
|
|
print "</table>";
|
|
|
|
Print::print_html_footer();
|
|
return;
|
|
}
|
|
|
|
# Display safe and common things in the browser (pictures, basic html)
|
|
sub cell_content {
|
|
Args::check_meta('meta');
|
|
Args::check_dir();
|
|
Args::check_cell_mode();
|
|
|
|
my $meta = Args::get_meta('meta');
|
|
my $vol = Args::get_vol('vol');
|
|
my $mnt = $Caseman::vol2mnt{$vol};
|
|
|
|
my $ftype = $Caseman::vol2ftype{$vol};
|
|
my $img = $Caseman::vol2path{$vol};
|
|
my $offset = $Caseman::vol2start{$vol};
|
|
my $imgtype = $Caseman::vol2itype{$vol};
|
|
|
|
my $fname = "$mnt$Args::args{'dir'}";
|
|
|
|
my $recflag = "";
|
|
|
|
$recflag = " -r "
|
|
if (Args::get_recmode() == $File::REC_YES);
|
|
|
|
# identify what type it is
|
|
local *OUT;
|
|
Exec::exec_pipe(*OUT,
|
|
"'$::TSKDIR/icat' -f $ftype $recflag -o $offset -i $imgtype $img $meta | '$::FILE_EXE' -z -b -"
|
|
);
|
|
my $file_type = Exec::read_pipe_line(*OUT);
|
|
close(OUT);
|
|
|
|
$file_type = "Error getting file type"
|
|
if ((!defined $file_type) || ($file_type eq ""));
|
|
|
|
if ($file_type =~ /JPEG image data/) {
|
|
Print::log_host_inv("$vol: Viewing $fname ($meta) as JPEG");
|
|
print "Content-type: image/jpeg$::HTTP_NL$::HTTP_NL";
|
|
}
|
|
elsif ($file_type =~ /GIF image data/) {
|
|
Print::log_host_inv("$vol: Viewing $fname ($meta) as GIF");
|
|
print "Content-type: image/gif$::HTTP_NL$::HTTP_NL";
|
|
}
|
|
elsif ($file_type =~ /PNG image data/) {
|
|
Print::log_host_inv("$vol: Viewing $fname ($meta) as PNG");
|
|
print "Content-type: image/png$::HTTP_NL$::HTTP_NL";
|
|
}
|
|
elsif ($file_type =~ /PC bitmap data/) {
|
|
Print::log_host_inv("$vol: Viewing $fname ($meta) as BMP");
|
|
print "Content-type: image/bmp$::HTTP_NL$::HTTP_NL";
|
|
}
|
|
elsif ($file_type =~ /HTML document text/) {
|
|
Print::log_host_inv("$vol: Viewing $fname ($meta) as HTML");
|
|
print "Content-type: text/html$::HTTP_NL$::HTTP_NL";
|
|
}
|
|
else {
|
|
Print::log_host_inv("$vol: Unknown format of meta $meta ");
|
|
Print::print_check_err("Unknown File Type for Viewing: $file_type");
|
|
}
|
|
|
|
local *OUT;
|
|
Exec::exec_pipe(*OUT,
|
|
"'$::TSKDIR/icat' -f $ftype $recflag -o $offset -i $imgtype $img $meta"
|
|
);
|
|
|
|
while ($_ = Exec::read_pipe_line(*OUT)) {
|
|
|
|
# Parse out bad "stuff"
|
|
if ( ($file_type =~ /HTML document text/)
|
|
&& ($Args::args{'cell_mode'} == $CELL_MODE_SANIT))
|
|
{
|
|
$_ =~ s/\bsrc=/src=$::SANITIZE_TAG\?/ig;
|
|
$_ =~ s/\bhref=/href=$::SANITIZE_TAG\?/ig;
|
|
$_ =~ s/<script/<$::SANITIZE_TAG-script/ig;
|
|
$_ =~ s/\bbackground=/background=$::SANITIZE_TAG\?/ig;
|
|
}
|
|
print "$_";
|
|
}
|
|
print "$::HTTP_NL$::HTTP_NL";
|
|
close(OUT);
|
|
return 0;
|
|
}
|
|
|
|
sub sanitize_pict {
|
|
my $url = shift();
|
|
my $lurl = $url;
|
|
$lurl =~ tr/[A-Z]/[a-z]/;
|
|
|
|
print "HTTP/1.0 200 OK$::HTTP_NL";
|
|
if ( ($lurl =~ /.jpg/i)
|
|
|| ($lurl =~ /.jpeg/i)
|
|
|| ($lurl =~ /.gif/i)
|
|
|| ($lurl =~ /.png/i)
|
|
|| ($lurl =~ /.bmp/i))
|
|
{
|
|
|
|
open PICT, "<$::PICTDIR/$::SANITIZE_PICT"
|
|
or die "can not open $::PICTDIR/$::SANITIZE_PICT";
|
|
|
|
print "Content-type: image/jpeg$::HTTP_NL$::HTTP_NL";
|
|
while (<PICT>) {
|
|
print "$_";
|
|
}
|
|
close(PICT);
|
|
print "$::HTTP_NL$::HTTP_NL";
|
|
}
|
|
else {
|
|
$url =~ tr/\+/ /;
|
|
$url =~ s/%([a-f0-9][a-f0-9])/chr( hex( $1 ) )/eig;
|
|
|
|
Print::print_html_header("Denied");
|
|
print "<h1><center>Unable to Complete Request</h1><br>\n"
|
|
. "<tt>Autopsy</tt> will not follow links from "
|
|
. "untrusted HTML pages:<br><tt>$url</tt><br>\n";
|
|
Print::print_html_footer();
|
|
}
|
|
|
|
exit(0);
|
|
}
|
|
|