Autopsy  4.13.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
CorrelationAttributeNormalizer.java
Go to the documentation of this file.
1 /*
2  *
3  * Autopsy Forensic Browser
4  *
5  * Copyright 2019 Basis Technology Corp.
6  * Contact: carrier <at> sleuthkit <dot> org
7  *
8  * Licensed under the Apache License, Version 2.0 (the "License");
9  * you may not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing, software
15  * distributed under the License is distributed on an "AS IS" BASIS,
16  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17  * See the License for the specific language governing permissions and
18  * limitations under the License.
19  */
20 package org.sleuthkit.autopsy.centralrepository.datamodel;
21 
22 import java.util.List;
23 import java.util.Optional;
24 import org.apache.commons.validator.routines.DomainValidator;
25 import org.apache.commons.validator.routines.EmailValidator;
26 
31 final public class CorrelationAttributeNormalizer {
32 
33  //common seperators that may be removed for normalizing
34  private static final String SEPERATORS_REGEX = "[\\s-:]";
35 
45  public static String normalize(CorrelationAttributeInstance.Type attributeType, String data) throws CorrelationAttributeNormalizationException {
46 
47  if (attributeType == null) {
48  throw new CorrelationAttributeNormalizationException("Attribute type was null.");
49  }
50  if (data == null) {
51  throw new CorrelationAttributeNormalizationException("Correlation value was null.");
52  }
53 
54  String trimmedData = data.trim();
55 
56  switch (attributeType.getId()) {
57  case CorrelationAttributeInstance.FILES_TYPE_ID:
58  return normalizeMd5(trimmedData);
59  case CorrelationAttributeInstance.DOMAIN_TYPE_ID:
60  return normalizeDomain(trimmedData);
61  case CorrelationAttributeInstance.EMAIL_TYPE_ID:
62  return normalizeEmail(trimmedData);
63  case CorrelationAttributeInstance.PHONE_TYPE_ID:
64  return normalizePhone(trimmedData);
65  case CorrelationAttributeInstance.USBID_TYPE_ID:
66  return normalizeUsbId(trimmedData);
67  case CorrelationAttributeInstance.SSID_TYPE_ID:
68  return verifySsid(trimmedData);
69  case CorrelationAttributeInstance.MAC_TYPE_ID:
70  return normalizeMac(trimmedData);
71  case CorrelationAttributeInstance.IMEI_TYPE_ID:
72  return normalizeImei(trimmedData);
73  case CorrelationAttributeInstance.IMSI_TYPE_ID:
74  return normalizeImsi(trimmedData);
75  case CorrelationAttributeInstance.ICCID_TYPE_ID:
76  return normalizeIccid(trimmedData);
77 
78  default:
79  final String errorMessage = String.format(
80  "Validator function not found for attribute type: %s",
81  attributeType.getDisplayName());
82  throw new CorrelationAttributeNormalizationException(errorMessage);
83  }
84  }
85 
95  public static String normalize(int attributeTypeId, String data) throws CorrelationAttributeNormalizationException {
96  try {
97  List<CorrelationAttributeInstance.Type> defaultTypes = CorrelationAttributeInstance.getDefaultCorrelationTypes();
98  Optional<CorrelationAttributeInstance.Type> typeOption = defaultTypes.stream().filter(attributeType -> attributeType.getId() == attributeTypeId).findAny();
99 
100  if (typeOption.isPresent()) {
101  CorrelationAttributeInstance.Type type = typeOption.get();
102  return CorrelationAttributeNormalizer.normalize(type, data);
103  } else {
104  throw new CorrelationAttributeNormalizationException(String.format("Given attributeTypeId did not correspond to any known Attribute: %s", attributeTypeId));
105  }
106  } catch (EamDbException ex) {
107  throw new CorrelationAttributeNormalizationException(ex);
108  }
109  }
110 
114  private static String normalizeMd5(String data) throws CorrelationAttributeNormalizationException {
115  final String validMd5Regex = "^[a-f0-9]{32}$";
116  final String dataLowered = data.toLowerCase();
117  if (dataLowered.matches(validMd5Regex)) {
118  return dataLowered;
119  } else {
120  throw new CorrelationAttributeNormalizationException(String.format("Data purporting to be an MD5 was found not to comform to expected format: %s", data));
121  }
122  }
123 
128  private static String normalizeDomain(String data) throws CorrelationAttributeNormalizationException {
129  DomainValidator validator = DomainValidator.getInstance(true);
130  if (validator.isValid(data)) {
131  return data.toLowerCase();
132  } else {
133  final String validIpAddressRegex = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$";
134  if (data.matches(validIpAddressRegex)) {
135  return data;
136  } else {
137  throw new CorrelationAttributeNormalizationException(String.format("Data was expected to be a valid domain: %s", data));
138  }
139  }
140  }
141 
146  private static String normalizeEmail(String data) throws CorrelationAttributeNormalizationException {
147  EmailValidator validator = EmailValidator.getInstance(true, true);
148  if (validator.isValid(data)) {
149  return data.toLowerCase();
150  } else {
151  throw new CorrelationAttributeNormalizationException(String.format("Data was expected to be a valid email address: %s", data));
152  }
153  }
154 
158  private static String normalizePhone(String data) throws CorrelationAttributeNormalizationException {
159  if (data.matches("\\+?[0-9()\\-\\s]+")) {
160  String phoneNumber = data.replaceAll("[^0-9\\+]", "");
161  return phoneNumber;
162  } else {
163  throw new CorrelationAttributeNormalizationException(String.format("Data was expected to be a valid phone number: %s", data));
164  }
165  }
166 
170  private static String normalizeUsbId(String data) throws CorrelationAttributeNormalizationException {
171  //TODO replace with correct usb id validation at a later date
172  return data;
173  }
174 
188  private static String verifySsid(String data) throws CorrelationAttributeNormalizationException {
189  if (data.length() <= 32) {
190  return data;
191  } else {
192  throw new CorrelationAttributeNormalizationException("Name provided was longer than the maximum valid SSID (32 characters). Name: " + data);
193  }
194  }
195 
218  private static String normalizeIccid(String data) throws CorrelationAttributeNormalizationException {
219  final String validIccidRegex = "^89[f0-9]{17,22}$";
220  final String iccidWithoutSeperators = data.toLowerCase().replaceAll(SEPERATORS_REGEX, "");
221  if (iccidWithoutSeperators.matches(validIccidRegex)) {
222  return iccidWithoutSeperators;
223  } else {
224  throw new CorrelationAttributeNormalizationException("Data provided was not a valid ICCID. : " + data);
225  }
226  }
227 
245  private static String normalizeImsi(String data) throws CorrelationAttributeNormalizationException {
246  final String validImsiRegex = "^[0-9]{14,15}$";
247  final String imsiWithoutSeperators = data.replaceAll(SEPERATORS_REGEX, "");
248  if (imsiWithoutSeperators.matches(validImsiRegex)) {
249  return imsiWithoutSeperators;
250  } else {
251  throw new CorrelationAttributeNormalizationException("Data provided was not a valid Imsi. : " + data);
252  }
253  }
254 
269  private static String normalizeMac(String data) throws CorrelationAttributeNormalizationException {
270  final String validMacRegex = "^([a-f0-9]{12}|[a-f0-9]{16})$";
271  final String macWithoutSeperators = data.toLowerCase().replaceAll(SEPERATORS_REGEX, "");
272  if (macWithoutSeperators.matches(validMacRegex)) {
273  return macWithoutSeperators;
274  } else {
275  throw new CorrelationAttributeNormalizationException("Data provided was not a valid Imsi. : " + data);
276  }
277  }
278 
298  private static String normalizeImei(String data) throws CorrelationAttributeNormalizationException {
299  final String validImeiRegex = "^[0-9]{14,16}$";
300  final String imeiWithoutSeperators = data.replaceAll(SEPERATORS_REGEX, "");
301  if (imeiWithoutSeperators.matches(validImeiRegex)) {
302  return imeiWithoutSeperators;
303  } else {
304  throw new CorrelationAttributeNormalizationException("Data provided was not a valid Imsi. : " + data);
305  }
306  }
307 
311  private CorrelationAttributeNormalizer() {
312  //Empty constructor
313  }
314 }
org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize
static String normalize(CorrelationAttributeInstance.Type attributeType, String data)
Definition: CorrelationAttributeNormalizer.java:45

Copyright © 2012-2019 Basis Technology. Generated on: Tue Jan 7 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.