Autopsy  4.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
SQLHelper.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2013-15 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.timeline.db;
20 
21 import java.util.Collections;
22 import java.util.List;
23 import java.util.Set;
24 import java.util.function.Function;
25 import java.util.stream.Collectors;
26 import java.util.stream.Stream;
27 import javax.annotation.Nonnull;
28 import org.apache.commons.lang3.StringUtils;
29 import org.sleuthkit.autopsy.timeline.datamodel.eventtype.RootEventType;
30 import org.sleuthkit.autopsy.timeline.filters.AbstractFilter;
31 import org.sleuthkit.autopsy.timeline.filters.DataSourceFilter;
32 import org.sleuthkit.autopsy.timeline.filters.DataSourcesFilter;
33 import org.sleuthkit.autopsy.timeline.filters.DescriptionFilter;
34 import org.sleuthkit.autopsy.timeline.filters.Filter;
35 import org.sleuthkit.autopsy.timeline.filters.HashHitsFilter;
36 import org.sleuthkit.autopsy.timeline.filters.HashSetFilter;
37 import org.sleuthkit.autopsy.timeline.filters.HideKnownFilter;
38 import org.sleuthkit.autopsy.timeline.filters.IntersectionFilter;
39 import org.sleuthkit.autopsy.timeline.filters.RootFilter;
40 import org.sleuthkit.autopsy.timeline.filters.TagNameFilter;
41 import org.sleuthkit.autopsy.timeline.filters.TagsFilter;
42 import org.sleuthkit.autopsy.timeline.filters.TextFilter;
43 import org.sleuthkit.autopsy.timeline.filters.TypeFilter;
44 import org.sleuthkit.autopsy.timeline.filters.UnionFilter;
45 import org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD;
46 import static org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.FULL;
47 import static org.sleuthkit.autopsy.timeline.zooming.DescriptionLoD.MEDIUM;
48 import org.sleuthkit.autopsy.timeline.zooming.TimeUnits;
49 import static org.sleuthkit.autopsy.timeline.zooming.TimeUnits.DAYS;
50 import static org.sleuthkit.autopsy.timeline.zooming.TimeUnits.HOURS;
51 import static org.sleuthkit.autopsy.timeline.zooming.TimeUnits.MINUTES;
52 import static org.sleuthkit.autopsy.timeline.zooming.TimeUnits.MONTHS;
53 import static org.sleuthkit.autopsy.timeline.zooming.TimeUnits.SECONDS;
54 import static org.sleuthkit.autopsy.timeline.zooming.TimeUnits.YEARS;
55 import org.sleuthkit.datamodel.TskData;
56 
61 class SQLHelper {
62 
63  static String useHashHitTablesHelper(RootFilter filter) {
64  HashHitsFilter hashHitFilter = filter.getHashHitsFilter();
65  return hashHitFilter.isActive() ? " LEFT JOIN hash_set_hits " : " "; //NON-NLS
66  }
67 
68  static String useTagTablesHelper(RootFilter filter) {
69  TagsFilter tagsFilter = filter.getTagsFilter();
70  return tagsFilter.isActive() ? " LEFT JOIN tags " : " "; //NON-NLS
71  }
72 
85  static <X> Set<X> unGroupConcat(String groupConcat, Function<String, X> mapper) {
86  return StringUtils.isBlank(groupConcat) ? Collections.emptySet()
87  : Stream.of(groupConcat.split(","))
88  .map(mapper::apply)
89  .collect(Collectors.toSet());
90  }
91 
92  private static String getSQLWhere(IntersectionFilter<?> filter) {
93  return filter.getSubFilters().stream()
94  .filter(Filter::isSelected)
95  .map(SQLHelper::getSQLWhere)
96  .collect(Collectors.joining(" and ", "( ", ")")); //NON-NLS
97  }
98 
99  private static String getSQLWhere(UnionFilter<?> filter) {
100  return filter.getSubFilters().stream()
101  .filter(Filter::isSelected).map(SQLHelper::getSQLWhere)
102  .collect(Collectors.joining(" or ", "( ", ")")); //NON-NLS
103  }
104 
105  static String getSQLWhere(RootFilter filter) {
106  return getSQLWhere((IntersectionFilter) filter);
107  }
108 
117  private static String getSQLWhere(Filter filter) {
118  String result = "";
119  if (filter == null) {
120  return "1";
121  } else if (filter instanceof DescriptionFilter) {
122  result = getSQLWhere((DescriptionFilter) filter);
123  } else if (filter instanceof TagsFilter) {
124  result = getSQLWhere((TagsFilter) filter);
125  } else if (filter instanceof HashHitsFilter) {
126  result = getSQLWhere((HashHitsFilter) filter);
127  } else if (filter instanceof DataSourceFilter) {
128  result = getSQLWhere((DataSourceFilter) filter);
129  } else if (filter instanceof DataSourcesFilter) {
130  result = getSQLWhere((DataSourcesFilter) filter);
131  } else if (filter instanceof HideKnownFilter) {
132  result = getSQLWhere((HideKnownFilter) filter);
133  } else if (filter instanceof HashHitsFilter) {
134  result = getSQLWhere((HashHitsFilter) filter);
135  } else if (filter instanceof TextFilter) {
136  result = getSQLWhere((TextFilter) filter);
137  } else if (filter instanceof TypeFilter) {
138  result = getSQLWhere((TypeFilter) filter);
139  } else if (filter instanceof IntersectionFilter) {
140  result = getSQLWhere((IntersectionFilter) filter);
141  } else if (filter instanceof UnionFilter) {
142  result = getSQLWhere((UnionFilter) filter);
143  } else {
144  throw new IllegalArgumentException("getSQLWhere not defined for " + filter.getClass().getCanonicalName());
145  }
146  result = StringUtils.deleteWhitespace(result).equals("(1and1and1)") ? "1" : result; //NON-NLS
147  result = StringUtils.deleteWhitespace(result).equals("()") ? "1" : result;
148  return result;
149  }
150 
151  private static String getSQLWhere(HideKnownFilter filter) {
152  if (filter.isActive()) {
153  return "(known_state IS NOT '" + TskData.FileKnown.KNOWN.getFileKnownValue() + "')"; // NON-NLS
154  } else {
155  return "1";
156  }
157  }
158 
159  private static String getSQLWhere(DescriptionFilter filter) {
160  if (filter.isActive()) {
161  String likeOrNotLike = (filter.getFilterMode() == DescriptionFilter.FilterMode.INCLUDE ? "" : " NOT") + " LIKE '"; //NON-NLS
162  return "(" + getDescriptionColumn(filter.getDescriptionLoD()) + likeOrNotLike + filter.getDescription() + "' )"; // NON-NLS
163  } else {
164  return "1";
165  }
166  }
167 
168  private static String getSQLWhere(TagsFilter filter) {
169  if (filter.isActive()
170  && (filter.getSubFilters().isEmpty() == false)) {
171  String tagNameIDs = filter.getSubFilters().stream()
172  .filter((TagNameFilter t) -> t.isSelected() && !t.isDisabled())
173  .map((TagNameFilter t) -> String.valueOf(t.getTagName().getId()))
174  .collect(Collectors.joining(", ", "(", ")"));
175  return "(events.event_id == tags.event_id AND " //NON-NLS
176  + "tags.tag_name_id IN " + tagNameIDs + ") "; //NON-NLS
177  } else {
178  return "1";
179  }
180 
181  }
182 
183  private static String getSQLWhere(HashHitsFilter filter) {
184  if (filter.isActive()
185  && (filter.getSubFilters().isEmpty() == false)) {
186  String hashSetIDs = filter.getSubFilters().stream()
187  .filter((HashSetFilter t) -> t.isSelected() && !t.isDisabled())
188  .map((HashSetFilter t) -> String.valueOf(t.getHashSetID()))
189  .collect(Collectors.joining(", ", "(", ")"));
190  return "(hash_set_hits.hash_set_id IN " + hashSetIDs + " AND hash_set_hits.event_id == events.event_id)"; //NON-NLS
191  } else {
192  return "1";
193  }
194  }
195 
196  private static String getSQLWhere(DataSourceFilter filter) {
197  if (filter.isActive()) {
198  return "(datasource_id = '" + filter.getDataSourceID() + "')"; //NON-NLS
199  } else {
200  return "1";
201  }
202  }
203 
204  private static String getSQLWhere(DataSourcesFilter filter) {
205  return (filter.isActive()) ? "(datasource_id in (" //NON-NLS
206  + filter.getSubFilters().stream()
207  .filter(AbstractFilter::isActive)
208  .map((dataSourceFilter) -> String.valueOf(dataSourceFilter.getDataSourceID()))
209  .collect(Collectors.joining(", ")) + "))" : "1";
210  }
211 
212  private static String getSQLWhere(TextFilter filter) {
213  if (filter.isActive()) {
214  if (StringUtils.isBlank(filter.getText())) {
215  return "1";
216  }
217  String strippedFilterText = StringUtils.strip(filter.getText());
218  return "((med_description like '%" + strippedFilterText + "%')" //NON-NLS
219  + " or (full_description like '%" + strippedFilterText + "%')" //NON-NLS
220  + " or (short_description like '%" + strippedFilterText + "%'))"; //NON-NLS
221  } else {
222  return "1";
223  }
224  }
225 
234  private static String getSQLWhere(TypeFilter typeFilter) {
235  if (typeFilter.isSelected() == false) {
236  return "0";
237  } else if (typeFilter.getEventType() instanceof RootEventType) {
238  if (typeFilter.getSubFilters().stream()
239  .allMatch(subFilter -> subFilter.isActive() && subFilter.getSubFilters().stream().allMatch(Filter::isActive))) {
240  return "1"; //then collapse clause to true
241  }
242  }
243  return "(sub_type IN (" + StringUtils.join(getActiveSubTypes(typeFilter), ",") + "))"; //NON-NLS
244  }
245 
246  private static List<Integer> getActiveSubTypes(TypeFilter filter) {
247  if (filter.isActive()) {
248  if (filter.getSubFilters().isEmpty()) {
249  return Collections.singletonList(RootEventType.allTypes.indexOf(filter.getEventType()));
250  } else {
251  return filter.getSubFilters().stream().flatMap((Filter t) -> getActiveSubTypes((TypeFilter) t).stream()).collect(Collectors.toList());
252  }
253  } else {
254  return Collections.emptyList();
255  }
256  }
257 
270  static String getStrfTimeFormat(@Nonnull TimeUnits timeUnit) {
271  switch (timeUnit) {
272  case YEARS:
273  return "%Y-01-01T00:00:00"; // NON-NLS
274  case MONTHS:
275  return "%Y-%m-01T00:00:00"; // NON-NLS
276  case DAYS:
277  return "%Y-%m-%dT00:00:00"; // NON-NLS
278  case HOURS:
279  return "%Y-%m-%dT%H:00:00"; // NON-NLS
280  case MINUTES:
281  return "%Y-%m-%dT%H:%M:00"; // NON-NLS
282  case SECONDS:
283  default: //seconds - should never happen
284  return "%Y-%m-%dT%H:%M:%S"; // NON-NLS
285  }
286  }
287 
288  static String getDescriptionColumn(DescriptionLoD lod) {
289  switch (lod) {
290  case FULL:
291  return "full_description"; //NON-NLS
292  case MEDIUM:
293  return "med_description"; //NON-NLS
294  case SHORT:
295  default:
296  return "short_description"; //NON-NLS
297  }
298  }
299 
300  private SQLHelper() {
301  }
302 }
org.sleuthkit.autopsy.timeline.filters.TextFilter
Definition: TextFilter.java:30

Copyright © 2012-2015 Basis Technology. Generated on: Wed Apr 6 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.