Autopsy  4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
CorrelationAttributeInstance.java
Go to the documentation of this file.
1 /*
2  * Central Repository
3  *
4  * Copyright 2015-2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.centralrepository.datamodel;
20 
21 import java.io.Serializable;
22 import java.util.ArrayList;
23 import java.util.List;
24 import java.util.Objects;
25 import java.util.regex.Pattern;
26 import org.openide.util.NbBundle.Messages;
27 import org.sleuthkit.datamodel.Account;
28 import org.sleuthkit.datamodel.TskData;
29 
36 @Messages({
37  "EamArtifactInstances.knownStatus.bad=Bad",
38  "EamArtifactInstances.knownStatus.known=Known",
39  "EamArtifactInstances.knownStatus.unknown=Unknown"})
40 public class CorrelationAttributeInstance implements Serializable {
41 
42  private static final long serialVersionUID = 1L;
43 
44  private int ID;
45  private String correlationValue;
49  private String filePath;
50  private String comment;
51  private TskData.FileKnown knownStatus;
52  private Long objectId;
53  private Long accountId;
54 
56  CorrelationAttributeInstance.Type correlationType,
57  String correlationValue,
58  CorrelationCase eamCase,
59  CorrelationDataSource eamDataSource,
60  String filePath,
61  String comment,
62  TskData.FileKnown knownStatus,
64  this(correlationType, correlationValue, -1, eamCase, eamDataSource, filePath, comment, knownStatus, fileObjectId);
65  }
66 
68  Type type,
69  String value,
70  int instanceId,
71  CorrelationCase eamCase,
72  CorrelationDataSource eamDataSource,
73  String filePath,
74  String comment,
75  TskData.FileKnown knownStatus,
76  Long fileObjectId
78  this(type, value, -1, eamCase, eamDataSource, filePath, comment, knownStatus, fileObjectId, (long)-1);
79  }
81  Type type,
82  String value,
83  int instanceId,
84  CorrelationCase eamCase,
85  CorrelationDataSource eamDataSource,
86  String filePath,
87  String comment,
88  TskData.FileKnown knownStatus,
89  Long fileObjectId,
90  Long accountId
92  if (filePath == null) {
93  throw new CentralRepoException("file path is null");
94  }
95 
96  this.correlationType = type;
97  this.correlationValue = CorrelationAttributeNormalizer.normalize(type, value);
98  this.ID = instanceId;
99  this.correlationCase = eamCase;
100  this.correlationDataSource = eamDataSource;
101  // Lower case paths to normalize paths and improve correlation results, if this causes significant issues on case-sensitive file systems, remove
102  this.filePath = filePath.toLowerCase();
103  this.comment = comment;
104  this.knownStatus = knownStatus;
105  this.objectId = fileObjectId;
106  this.accountId = accountId;
107  }
108 
109  public Boolean equals(CorrelationAttributeInstance otherInstance) {
110  return ((this.getID() == otherInstance.getID())
111  && (this.getCorrelationValue().equals(otherInstance.getCorrelationValue()))
112  && (this.getCorrelationType().equals(otherInstance.getCorrelationType()))
113  && (this.getCorrelationCase().equals(otherInstance.getCorrelationCase()))
114  && (this.getCorrelationDataSource().equals(otherInstance.getCorrelationDataSource()))
115  && (this.getFilePath().equals(otherInstance.getFilePath()))
116  && (this.getKnownStatus().equals(otherInstance.getKnownStatus()))
117  && (this.getComment().equals(otherInstance.getComment()))
118  && (this.getAccountId().equals(otherInstance.getAccountId())));
119  }
120 
121  @Override
122  public String toString() {
123  return this.getID()
124  + this.getCorrelationCase().getCaseUUID()
125  + this.getCorrelationDataSource().getDeviceID()
126  + this.getAccountId()
127  + this.getFilePath()
128  + this.getCorrelationType().toString()
129  + this.getCorrelationValue()
130  + this.getKnownStatus()
131  + this.getComment();
132  }
133 
137  public String getCorrelationValue() {
138  return correlationValue;
139  }
140 
145  return correlationType;
146  }
147 
154  public boolean isDatabaseInstance() {
155  return (ID >= 0);
156  }
157 
161  public int getID() {
162  return ID;
163  }
164 
169  return correlationCase;
170  }
171 
176  return correlationDataSource;
177  }
178 
182  public String getFilePath() {
183  return filePath;
184  }
185 
189  public String getComment() {
190  return null == comment ? "" : comment;
191  }
192 
196  public void setComment(String comment) {
197  this.comment = comment;
198  }
199 
206  public TskData.FileKnown getKnownStatus() {
207  return knownStatus;
208  }
209 
217  public void setKnownStatus(TskData.FileKnown knownStatus) {
218  this.knownStatus = knownStatus;
219  }
220 
227  public Long getFileObjectId() {
228  return objectId;
229  }
230 
237  public Long getAccountId() {
238  return accountId;
239  }
240 
245  void setAccountId(Long accountId) {
246  this.accountId = accountId;
247  }
248 
249  // Type ID's for Default Correlation Types
250  public static final int FILES_TYPE_ID = 0;
251  public static final int DOMAIN_TYPE_ID = 1;
252  public static final int EMAIL_TYPE_ID = 2;
253  public static final int PHONE_TYPE_ID = 3;
254  public static final int USBID_TYPE_ID = 4;
255  public static final int SSID_TYPE_ID = 5;
256  public static final int MAC_TYPE_ID = 6;
257  public static final int IMEI_TYPE_ID = 7;
258  public static final int IMSI_TYPE_ID = 8;
259  public static final int ICCID_TYPE_ID = 9;
260  public static final int INSTALLED_PROGS_TYPE_ID = 10;
261  public static final int OSACCOUNT_TYPE_ID = 11;
262 
263  // An offset to assign Ids for additional correlation types.
264  public static final int ADDITIONAL_TYPES_BASE_ID = 1000;
265 
272  @Messages({"CorrelationType.FILES.displayName=File MD5",
273  "CorrelationType.DOMAIN.displayName=Domain",
274  "CorrelationType.EMAIL.displayName=Email Address",
275  "CorrelationType.PHONE.displayName=Phone Number",
276  "CorrelationType.USBID.displayName=USB Device",
277  "CorrelationType.SSID.displayName=Wireless Network",
278  "CorrelationType.MAC.displayName=MAC Address",
279  "CorrelationType.IMEI.displayName=IMEI Number",
280  "CorrelationType.IMSI.displayName=IMSI Number",
281  "CorrelationType.PROG_NAME.displayName=Installed Program",
282  "CorrelationType.ICCID.displayName=ICCID Number",
283  "CorrelationType.OS_ACCOUNT.displayName=Os Account"})
284  public static List<CorrelationAttributeInstance.Type> getDefaultCorrelationTypes() throws CentralRepoException {
285  List<CorrelationAttributeInstance.Type> defaultCorrelationTypes = new ArrayList<>();
286 
287  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(FILES_TYPE_ID, Bundle.CorrelationType_FILES_displayName(), "file", true, true)); // NON-NLS
288  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(DOMAIN_TYPE_ID, Bundle.CorrelationType_DOMAIN_displayName(), "domain", true, true)); // NON-NLS
289  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(EMAIL_TYPE_ID, Bundle.CorrelationType_EMAIL_displayName(), "email_address", true, true)); // NON-NLS
290  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(PHONE_TYPE_ID, Bundle.CorrelationType_PHONE_displayName(), "phone_number", true, true)); // NON-NLS
291  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(USBID_TYPE_ID, Bundle.CorrelationType_USBID_displayName(), "usb_devices", true, true)); // NON-NLS
292  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(SSID_TYPE_ID, Bundle.CorrelationType_SSID_displayName(), "wireless_networks", true, true)); // NON-NLS
293  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(MAC_TYPE_ID, Bundle.CorrelationType_MAC_displayName(), "mac_address", true, true)); //NON-NLS
294  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(IMEI_TYPE_ID, Bundle.CorrelationType_IMEI_displayName(), "imei_number", true, true)); //NON-NLS
295  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(IMSI_TYPE_ID, Bundle.CorrelationType_IMSI_displayName(), "imsi_number", true, true)); //NON-NLS
296  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(ICCID_TYPE_ID, Bundle.CorrelationType_ICCID_displayName(), "iccid_number", true, true)); //NON-NLS
297  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(INSTALLED_PROGS_TYPE_ID, Bundle.CorrelationType_PROG_NAME_displayName(), "installed_programs", true, true)); //NON-NLS
298  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(OSACCOUNT_TYPE_ID, Bundle.CorrelationType_OS_ACCOUNT_displayName(), "os_accounts", true, true)); //NON-NLS
299 
300  // Create Correlation Types for Accounts.
301  int correlationTypeId = ADDITIONAL_TYPES_BASE_ID;
302  for (Account.Type type : Account.Type.PREDEFINED_ACCOUNT_TYPES) {
303  // Skip Device account type - we dont want to correlate on those.
304  // Skip Phone and Email accounts as there are already Correlation types defined for those.
305  if (type != Account.Type.DEVICE && type != Account.Type.EMAIL && type != Account.Type.PHONE) {
306  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(correlationTypeId, type.getDisplayName(), type.getTypeName().toLowerCase() + "_acct", true, true)); //NON-NLS
307  correlationTypeId++;
308  }
309  }
310 
311  return defaultCorrelationTypes;
312  }
313 
317  @SuppressWarnings("serial")
318  public static class Type implements Serializable { // NOPMD Avoid short class names like Type
319 
320  private int typeId;
321  private String displayName;
322  private String dbTableName;
323  private Boolean supported;
324  private Boolean enabled;
325  private final static String DB_NAMES_REGEX = "[a-z][a-z0-9_]*";
326 
338  @Messages({"CorrelationAttributeInstance.nullName.message=Database name is null.",
339  "CorrelationAttributeInstance.invalidName.message=Invalid database table name. Name must start with a lowercase letter and can only contain lowercase letters, numbers, and '_'."})
340  public Type(int typeId, String displayName, String dbTableName, Boolean supported, Boolean enabled) throws CentralRepoException {
341  if (dbTableName == null) {
342  throw new CentralRepoException("dbTableName is null", Bundle.CorrelationAttributeInstance_nullName_message());
343  }
344  this.typeId = typeId;
345  this.displayName = displayName;
346  this.dbTableName = dbTableName;
347  this.supported = supported;
348  this.enabled = enabled;
349  if (!Pattern.matches(DB_NAMES_REGEX, dbTableName)) {
350  throw new CentralRepoException("Invalid database table name. Name must start with a lowercase letter and can only contain lowercase letters, numbers, and '_'.", Bundle.CorrelationAttributeInstance_invalidName_message()); // NON-NLS
351  }
352  }
353 
367  public Type(String displayName, String dbTableName, Boolean supported, Boolean enabled) throws CentralRepoException {
368  this(-1, displayName, dbTableName, supported, enabled);
369  }
370 
378  @Override
379  public boolean equals(Object that) {
380  if (this == that) {
381  return true;
382  } else if (!(that instanceof CorrelationAttributeInstance.Type)) {
383  return false;
384  } else {
385  return ((CorrelationAttributeInstance.Type) that).sameType(this);
386  }
387  }
388 
398  return this.typeId == that.getId()
399  && Objects.equals(this.supported, that.isSupported())
400  && Objects.equals(this.enabled, that.isEnabled());
401  }
402 
403  @Override
404  public int hashCode() {
405  int hash = 7;
406  hash = 67 * hash + Objects.hashCode(this.typeId);
407  hash = 67 * hash + Objects.hashCode(this.supported);
408  hash = 67 * hash + Objects.hashCode(this.enabled);
409  return hash;
410  }
411 
412  @Override
413  public String toString() {
414  StringBuilder str = new StringBuilder(55);
415  str.append("(id=")
416  .append(getId())
417  .append(", displayName=")
418  .append(getDisplayName())
419  .append(", dbTableName=")
420  .append(getDbTableName())
421  .append(", supported=")
422  .append(isSupported().toString())
423  .append(", enabled=")
424  .append(isEnabled().toString())
425  .append(')');
426  return str.toString();
427  }
428 
432  public int getId() {
433  return typeId;
434  }
435 
439  public void setId(int typeId) {
440  this.typeId = typeId;
441  }
442 
448  public Boolean isSupported() {
449  return supported;
450  }
451 
457  public void setSupported(Boolean supported) {
458  this.supported = supported;
459  }
460 
466  public Boolean isEnabled() {
467  return enabled;
468  }
469 
475  public void setEnabled(Boolean enabled) {
476  this.enabled = enabled;
477  }
478 
482  public String getDisplayName() {
483  return displayName;
484  }
485 
489  public void setDisplayName(String displayName) {
490  this.displayName = displayName;
491  }
492 
508  public String getDbTableName() {
509  return dbTableName;
510  }
511 
532  public void setDbTableName(String dbTableName) throws CentralRepoException {
533  if (!Pattern.matches(DB_NAMES_REGEX, dbTableName)) {
534  throw new CentralRepoException("Invalid database table name. Name must start with a lowercase letter and can only contain lowercase letters, numbers, and '_'."); // NON-NLS
535  }
536  this.dbTableName = dbTableName;
537  }
538  }
539 }
Type(String displayName, String dbTableName, Boolean supported, Boolean enabled)
CorrelationAttributeInstance(Type type, String value, int instanceId, CorrelationCase eamCase, CorrelationDataSource eamDataSource, String filePath, String comment, TskData.FileKnown knownStatus, Long fileObjectId, Long accountId)
Type(int typeId, String displayName, String dbTableName, Boolean supported, Boolean enabled)
static String normalize(CorrelationAttributeInstance.Type attributeType, String data)
CorrelationAttributeInstance(CorrelationAttributeInstance.Type correlationType, String correlationValue, CorrelationCase eamCase, CorrelationDataSource eamDataSource, String filePath, String comment, TskData.FileKnown knownStatus, long fileObjectId)

Copyright © 2012-2022 Basis Technology. Generated on: Thu Dec 8 2022
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.