Autopsy  4.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
KeywordSearchList.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.keywordsearch;
20 
21 import java.beans.PropertyChangeListener;
22 import java.beans.PropertyChangeSupport;
23 import java.io.File;
24 import java.util.ArrayList;
25 import java.util.Date;
26 import java.util.LinkedHashMap;
27 import java.util.List;
28 import java.util.Map;
29 
30 import org.openide.util.NbBundle;
31 import org.sleuthkit.autopsy.coreutils.Logger;
32 import org.sleuthkit.datamodel.BlackboardAttribute;
33 import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
34 import java.util.logging.Level;
35 
39 abstract class KeywordSearchList {
40 
41  protected String filePath;
42  Map<String, KeywordList> theLists; //the keyword data
43  protected static final Logger logger = Logger.getLogger(KeywordSearchList.class.getName());
44  PropertyChangeSupport changeSupport;
45  protected List<String> lockedLists;
46 
47  KeywordSearchList(String filePath) {
48  this.filePath = filePath;
49  theLists = new LinkedHashMap<>();
50  lockedLists = new ArrayList<>();
51  changeSupport = new PropertyChangeSupport(this);
52  }
53 
59  enum ListsEvt {
60 
61  LIST_ADDED, LIST_DELETED, LIST_UPDATED
62  };
63 
64  enum LanguagesEvent {
65 
66  LANGUAGES_CHANGED, ENCODINGS_CHANGED
67  }
68 
69  void fireLanguagesEvent(LanguagesEvent event) {
70  try {
71  changeSupport.firePropertyChange(event.toString(), null, null);
72  } catch (Exception e) {
73  logger.log(Level.SEVERE, "KeywordSearchListsAbstract listener threw exception", e); //NON-NLS
74  }
75  }
76 
77  public void addPropertyChangeListener(PropertyChangeListener listener) {
78  changeSupport.addPropertyChangeListener(listener);
79  }
80 
81  public void removePropertyChangeListener(PropertyChangeListener listener) {
82  changeSupport.removePropertyChangeListener(listener);
83  }
84 
85  private void prepopulateLists() {
86  if (!theLists.isEmpty()) {
87  return;
88  }
89  //phone number
90  List<Keyword> phones = new ArrayList<>();
91  phones.add(new Keyword("[(]{0,1}\\d\\d\\d[)]{0,1}[\\.-]\\d\\d\\d[\\.-]\\d\\d\\d\\d", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER)); //NON-NLS
92  //phones.add(new Keyword("\\d{8,10}", false));
93  //IP address
94  List<Keyword> ips = new ArrayList<>();
95  ips.add(new Keyword("(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IP_ADDRESS));
96  //email
97  List<Keyword> emails = new ArrayList<>();
98  emails.add(new Keyword("(?=.{8})[a-z0-9%+_-]+(?:\\.[a-z0-9%+_-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z]{2,4}(?<!\\.txt|\\.exe|\\.dll|\\.jpg|\\.xml)", //NON-NLS
99  false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL));
100  //emails.add(new Keyword("[A-Z0-9._%-]+@[A-Z0-9.-]+\\.[A-Z]{2,4}",
101  // false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL));
102  //URL
103  List<Keyword> urls = new ArrayList<>();
104  //urls.add(new Keyword("http://|https://|^www\\.", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL));
105  urls.add(new Keyword("((((ht|f)tp(s?))\\://)|www\\.)[a-zA-Z0-9\\-\\.]+\\.([a-zA-Z]{2,5})(\\:[0-9]+)*(/($|[a-zA-Z0-9\\.\\,\\;\\?\\'\\\\+&amp;%\\$#\\=~_\\-]+))*", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL)); //NON-NLS
106 
107  //urls.add(new Keyword("ssh://", false, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL));
108  //disable messages for harcoded/locked lists
109  String name;
110 
111  name = "Phone Numbers"; //NON-NLS
112  lockedLists.add(name);
113  addList(name, phones, false, false, true);
114 
115  name = "IP Addresses"; //NON-NLS
116  lockedLists.add(name);
117  addList(name, ips, false, false, true);
118 
119  name = "Email Addresses"; //NON-NLS
120  lockedLists.add(name);
121  addList(name, emails, true, false, true);
122 
123  name = "URLs"; //NON-NLS
124  lockedLists.add(name);
125  addList(name, urls, false, false, true);
126  }
127 
131  public void reload() {
132  boolean created = false;
133 
134  //theLists.clear();
135  //populate only the first time
136  prepopulateLists();
137 
138  //reset all the lists other than locked lists (we don't save them to XML)
139  //we want to preserve state of locked lists
140  List<String> toClear = new ArrayList<>();
141  for (String list : theLists.keySet()) {
142  if (theLists.get(list).isLocked() == false) {
143  toClear.add(list);
144  }
145  }
146  for (String clearList : toClear) {
147  theLists.remove(clearList);
148  }
149 
150  if (!listFileExists()) {
151  //create new if it doesn't exist
152  save();
153  created = true;
154  }
155 
156  //load, if fails to load create new
157  if (!load() && !created) {
158  //create new if failed to load
159  save();
160  }
161  }
162 
163  public List<KeywordList> getListsL() {
164  List<KeywordList> ret = new ArrayList<>();
165  for (KeywordList list : theLists.values()) {
166  ret.add(list);
167  }
168  return ret;
169  }
170 
171  public List<KeywordList> getListsL(boolean locked) {
172  List<KeywordList> ret = new ArrayList<>();
173  for (KeywordList list : theLists.values()) {
174  if (list.isLocked().equals(locked)) {
175  ret.add(list);
176  }
177  }
178  return ret;
179  }
180 
186  public List<String> getListNames() {
187  return new ArrayList<>(theLists.keySet());
188  }
189 
197  public List<String> getListNames(boolean locked) {
198  ArrayList<String> lists = new ArrayList<>();
199  for (String listName : theLists.keySet()) {
200  KeywordList list = theLists.get(listName);
201  if (locked == list.isLocked()) {
202  lists.add(listName);
203  }
204  }
205 
206  return lists;
207  }
208 
216  public KeywordList getListWithKeyword(String keyword) {
217  KeywordList found = null;
218  for (KeywordList list : theLists.values()) {
219  if (list.hasKeyword(keyword)) {
220  found = list;
221  break;
222  }
223  }
224  return found;
225  }
226 
232  int getNumberLists() {
233  return theLists.size();
234  }
235 
243  public int getNumberLists(boolean locked) {
244  int numLists = 0;
245  for (String listName : theLists.keySet()) {
246  KeywordList list = theLists.get(listName);
247  if (locked == list.isLocked()) {
248  ++numLists;
249  }
250  }
251  return numLists;
252  }
253 
261  public KeywordList getList(String name) {
262  return theLists.get(name);
263  }
264 
272  boolean listExists(String name) {
273  return getList(name) != null;
274  }
275 
286  boolean addList(String name, List<Keyword> newList, boolean useForIngest, boolean ingestMessages, boolean locked) {
287  boolean replaced = false;
288  KeywordList curList = getList(name);
289  final Date now = new Date();
290 
291  if (curList == null) {
292  theLists.put(name, new KeywordList(name, now, now, useForIngest, ingestMessages, newList, locked));
293  try {
294  changeSupport.firePropertyChange(ListsEvt.LIST_ADDED.toString(), null, name);
295  } catch (Exception e) {
296  logger.log(Level.SEVERE, "KeywordSearchListsAbstract listener threw exception", e); //NON-NLS
297  MessageNotifyUtil.Notify.show(
298  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.moduleErr"),
299  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.addList.errMsg1.msg"),
300  MessageNotifyUtil.MessageType.ERROR);
301  }
302  } else {
303  theLists.put(name, new KeywordList(name, curList.getDateCreated(), now, useForIngest, ingestMessages, newList, locked));
304  replaced = true;
305 
306  try {
307  changeSupport.firePropertyChange(ListsEvt.LIST_UPDATED.toString(), null, name);
308  } catch (Exception e) {
309  logger.log(Level.SEVERE, "KeywordSearchListsAbstract listener threw exception", e); //NON-NLS
310  MessageNotifyUtil.Notify.show(
311  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.moduleErr"),
312  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.addList.errMsg2.msg"),
313  MessageNotifyUtil.MessageType.ERROR);
314  }
315  }
316 
317  return replaced;
318  }
319 
320  boolean addList(String name, List<Keyword> newList, boolean useForIngest, boolean ingestMessages) {
321  //make sure that the list is readded as a locked/built in list
322  boolean isLocked = this.lockedLists.contains(name);
323  return addList(name, newList, useForIngest, ingestMessages, isLocked);
324  }
325 
326  boolean addList(String name, List<Keyword> newList) {
327  return addList(name, newList, true, true);
328  }
329 
330  boolean addList(KeywordList list) {
331  return addList(list.getName(), list.getKeywords(), list.getUseForIngest(), list.getIngestMessages(), list.isLocked());
332  }
333 
341  boolean saveLists(List<KeywordList> lists) {
342  List<KeywordList> overwritten = new ArrayList<>();
343  List<KeywordList> newLists = new ArrayList<>();
344  for (KeywordList list : lists) {
345  if (this.listExists(list.getName())) {
346  overwritten.add(list);
347  } else {
348  newLists.add(list);
349  }
350  theLists.put(list.getName(), list);
351  }
352  boolean saved = save(true);
353  if (saved) {
354  for (KeywordList list : newLists) {
355  try {
356  changeSupport.firePropertyChange(ListsEvt.LIST_ADDED.toString(), null, list.getName());
357  } catch (Exception e) {
358  logger.log(Level.SEVERE, "KeywordSearchListsAbstract listener threw exception", e); //NON-NLS
359  MessageNotifyUtil.Notify.show(
360  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.moduleErr"),
361  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.saveList.errMsg1.msg"),
362  MessageNotifyUtil.MessageType.ERROR);
363  }
364  }
365  for (KeywordList over : overwritten) {
366  try {
367  changeSupport.firePropertyChange(ListsEvt.LIST_UPDATED.toString(), null, over.getName());
368  } catch (Exception e) {
369  logger.log(Level.SEVERE, "KeywordSearchListsAbstract listener threw exception", e); //NON-NLS
370  MessageNotifyUtil.Notify.show(
371  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.moduleErr"),
372  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.saveList.errMsg2.msg"),
373  MessageNotifyUtil.MessageType.ERROR);
374  }
375  }
376  }
377 
378  return saved;
379  }
380 
388  boolean writeLists(List<KeywordList> lists) {
389  List<KeywordList> overwritten = new ArrayList<>();
390  List<KeywordList> newLists = new ArrayList<>();
391  for (KeywordList list : lists) {
392  if (this.listExists(list.getName())) {
393  overwritten.add(list);
394  } else {
395  newLists.add(list);
396  }
397  theLists.put(list.getName(), list);
398  }
399 
400  for (KeywordList list : newLists) {
401 
402  try {
403  changeSupport.firePropertyChange(ListsEvt.LIST_ADDED.toString(), null, list.getName());
404  } catch (Exception e) {
405  logger.log(Level.SEVERE, "KeywordSearchListsAbstract listener threw exception", e); //NON-NLS
406  MessageNotifyUtil.Notify.show(
407  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.moduleErr"),
408  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.writeLists.errMsg1.msg"),
409  MessageNotifyUtil.MessageType.ERROR);
410  }
411  }
412 
413  for (KeywordList over : overwritten) {
414 
415  try {
416  changeSupport.firePropertyChange(ListsEvt.LIST_UPDATED.toString(), null, over.getName());
417  } catch (Exception e) {
418  logger.log(Level.SEVERE, "KeywordSearchListsAbstract listener threw exception", e); //NON-NLS
419  MessageNotifyUtil.Notify.show(
420  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.moduleErr"),
421  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.writeLists.errMsg2.msg"),
422  MessageNotifyUtil.MessageType.ERROR);
423  }
424  }
425 
426  return true;
427  }
428 
436  boolean deleteList(String name) {
437  KeywordList delList = getList(name);
438  if (delList != null && !delList.isLocked()) {
439  theLists.remove(name);
440  }
441 
442  try {
443  changeSupport.firePropertyChange(ListsEvt.LIST_DELETED.toString(), null, name);
444  } catch (Exception e) {
445  logger.log(Level.SEVERE, "KeywordSearchListsAbstract listener threw exception", e); //NON-NLS
446  MessageNotifyUtil.Notify.show(
447  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.moduleErr"),
448  NbBundle.getMessage(this.getClass(), "KeywordSearchListsAbstract.deleteList.errMsg1.msg"),
449  MessageNotifyUtil.MessageType.ERROR);
450  }
451 
452  return true;
453  }
454 
458  public abstract boolean save();
459 
466  public abstract boolean save(boolean isExport);
467 
471  public abstract boolean load();
472 
473  private boolean listFileExists() {
474  File f = new File(filePath);
475  return f.exists() && f.canRead() && f.canWrite();
476  }
477 
478  public void setUseForIngest(String key, boolean flag) {
479  theLists.get(key).setUseForIngest(flag);
480  }
481 }

Copyright © 2012-2015 Basis Technology. Generated on: Wed Apr 6 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.