Autopsy  4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
XmlKeywordSearchList.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.keywordsearch;
20 
21 import java.io.File;
22 import java.text.DateFormat;
23 import java.text.ParseException;
24 import java.text.SimpleDateFormat;
25 import java.util.ArrayList;
26 import java.util.Date;
27 import java.util.List;
28 import java.util.logging.Level;
29 import javax.xml.parsers.DocumentBuilder;
30 import javax.xml.parsers.DocumentBuilderFactory;
31 import javax.xml.parsers.ParserConfigurationException;
35 import org.sleuthkit.datamodel.BlackboardAttribute;
36 import org.w3c.dom.Document;
37 import org.w3c.dom.Element;
38 import org.w3c.dom.NodeList;
39 
44 final class XmlKeywordSearchList extends KeywordSearchList {
45 
46  private static final Logger xmlListslogger = Logger.getLogger(XmlKeywordSearchList.class.getName());
47  private static final String CUR_LISTS_FILE_NAME = "keywords.xml"; //NON-NLS
48  private static final String CUR_LISTS_FILE = PlatformUtil.getUserConfigDirectory() + File.separator + CUR_LISTS_FILE_NAME;
49  private static final String ROOT_EL = "keyword_lists"; //NON-NLS
50  private static final String LIST_EL = "keyword_list"; //NON-NLS
51  private static final String LIST_NAME_ATTR = "name"; //NON-NLS
52  private static final String LIST_CREATE_ATTR = "created"; //NON-NLS
53  private static final String LIST_MOD_ATTR = "modified"; //NON-NLS
54  private static final String LIST_USE_FOR_INGEST = "use_for_ingest"; //NON-NLS
55  private static final String LIST_INGEST_MSGS = "ingest_messages"; //NON-NLS
56  private static final String KEYWORD_EL = "keyword"; //NON-NLS
57  private static final String KEYWORD_LITERAL_ATTR = "literal"; //NON-NLS
58  private static final String KEYWORD_WHOLE_ATTR = "whole"; //NON-NLS
59  private static final String KEYWORD_SELECTOR_ATTR = "selector"; //NON-NLS
60  private static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss"; //NON-NLS
61  private static final String ENCODING = "UTF-8"; //NON-NLS
62  private static XmlKeywordSearchList currentInstance = null;
63  private final DateFormat dateFormatter;
64 
65  static synchronized XmlKeywordSearchList getCurrent() {
66  if (currentInstance == null) {
67  currentInstance = new XmlKeywordSearchList(CUR_LISTS_FILE);
68  currentInstance.reload();
69  }
70  return currentInstance;
71  }
72 
79  XmlKeywordSearchList(String xmlFile) {
80  super(xmlFile);
81  dateFormatter = new SimpleDateFormat(DATE_FORMAT);
82  }
83 
84  @Override
85  public boolean save() {
86  return save(false);
87  }
88 
89  @Override
90  public boolean save(boolean isExport) {
91  boolean success = false;
92 
93  DocumentBuilderFactory dbfac = DocumentBuilderFactory.newInstance();
94 
95  try {
96  DocumentBuilder docBuilder = dbfac.newDocumentBuilder();
97  Document doc = docBuilder.newDocument();
98 
99  Element rootEl = doc.createElement(ROOT_EL);
100  doc.appendChild(rootEl);
101 
102  for (String listName : theLists.keySet()) {
103  if (theLists.get(listName).isEditable() == true) {
104  continue;
105  }
106  KeywordList list = theLists.get(listName);
107  String created = dateFormatter.format(list.getDateCreated());
108  String modified = dateFormatter.format(list.getDateModified());
109  String useForIngest = list.getUseForIngest().toString();
110  String ingestMessages = list.getIngestMessages().toString();
111  List<Keyword> keywords = list.getKeywords();
112 
113  Element listEl = doc.createElement(LIST_EL);
114  listEl.setAttribute(LIST_NAME_ATTR, listName);
115  listEl.setAttribute(LIST_CREATE_ATTR, created);
116  listEl.setAttribute(LIST_MOD_ATTR, modified);
117 
118  // only write the 'useForIngest' and 'ingestMessages' attributes
119  // if we're not exporting the list.
120  if (!isExport) {
121  listEl.setAttribute(LIST_USE_FOR_INGEST, useForIngest);
122  listEl.setAttribute(LIST_INGEST_MSGS, ingestMessages);
123  }
124 
125  for (Keyword keyword : keywords) {
126  Element keywordEl = doc.createElement(KEYWORD_EL);
127  String literal = keyword.searchTermIsLiteral() ? "true" : "false"; //NON-NLS
128  keywordEl.setAttribute(KEYWORD_LITERAL_ATTR, literal);
129  String whole = keyword.searchTermIsWholeWord() ? "true" : "false"; //NON-NLS
130  keywordEl.setAttribute(KEYWORD_WHOLE_ATTR, whole);
131  BlackboardAttribute.ATTRIBUTE_TYPE selectorType = keyword.getArtifactAttributeType();
132  if (selectorType != null) {
133  keywordEl.setAttribute(KEYWORD_SELECTOR_ATTR, selectorType.getLabel());
134  }
135  keywordEl.setTextContent(keyword.getSearchTerm());
136  listEl.appendChild(keywordEl);
137  }
138  rootEl.appendChild(listEl);
139  }
140 
141  success = XMLUtil.saveDoc(XmlKeywordSearchList.class, filePath, ENCODING, doc);
142  } catch (ParserConfigurationException e) {
143  xmlListslogger.log(Level.SEVERE, "Error saving keyword list: can't initialize parser.", e); //NON-NLS
144  }
145  return success;
146  }
147 
151  @Override
152  public boolean load() {
153  final Document doc = XMLUtil.loadDoc(XmlKeywordSearchList.class, filePath);
154  if (doc == null) {
155  return false;
156  }
157 
158  Element root = doc.getDocumentElement();
159  if (root == null) {
160  xmlListslogger.log(Level.SEVERE, "Error loading keyword list: invalid file format."); //NON-NLS
161  return false;
162  }
163  try {
164  NodeList listsNList = root.getElementsByTagName(LIST_EL);
165  int numLists = listsNList.getLength();
166  for (int i = 0; i < numLists; ++i) {
167  Element listEl = (Element) listsNList.item(i);
168  final String name = listEl.getAttribute(LIST_NAME_ATTR);
169  final String created = listEl.getAttribute(LIST_CREATE_ATTR);
170  final String modified = listEl.getAttribute(LIST_MOD_ATTR);
171 
172  //set these bools to true by default, if they don't exist in XML
173  Boolean useForIngestBool;
174  Boolean ingestMessagesBool;
175 
176  if (listEl.hasAttribute(LIST_USE_FOR_INGEST)) {
177  useForIngestBool = Boolean.parseBoolean(listEl.getAttribute(LIST_USE_FOR_INGEST));
178  } else {
179  useForIngestBool = true;
180  }
181 
182  if (listEl.hasAttribute(LIST_INGEST_MSGS)) {
183  ingestMessagesBool = Boolean.parseBoolean(listEl.getAttribute(LIST_INGEST_MSGS));
184  } else {
185  ingestMessagesBool = true;
186  }
187 
188  Date createdDate = dateFormatter.parse(created);
189  Date modDate = dateFormatter.parse(modified);
190 
191  List<Keyword> words = new ArrayList<>();
192  KeywordList list = new KeywordList(name, createdDate, modDate, useForIngestBool, ingestMessagesBool, words);
193 
194  //parse all words
195  NodeList wordsNList = listEl.getElementsByTagName(KEYWORD_EL);
196  final int numKeywords = wordsNList.getLength();
197  for (int j = 0; j < numKeywords; ++j) {
198  Element wordEl = (Element) wordsNList.item(j);
199  String literal = wordEl.getAttribute(KEYWORD_LITERAL_ATTR);
200  boolean isLiteral = literal.equals("true"); //NON-NLS
201  Keyword keyword;
202  String whole = wordEl.getAttribute(KEYWORD_WHOLE_ATTR);
203  if (whole.equals("")) {
204  keyword = new Keyword(wordEl.getTextContent(), isLiteral, true);
205  } else {
206  boolean isWhole = whole.equals("true");
207  keyword = new Keyword(wordEl.getTextContent(), isLiteral, isWhole);
208  }
209  String selector = wordEl.getAttribute(KEYWORD_SELECTOR_ATTR);
210  if (!selector.equals("")) {
211  BlackboardAttribute.ATTRIBUTE_TYPE selectorType = BlackboardAttribute.ATTRIBUTE_TYPE.fromLabel(selector);
212  keyword.setArtifactAttributeType(selectorType);
213  }
214  words.add(keyword);
215  }
216  theLists.put(name, list);
217  }
218  } catch (ParseException e) {
219  //error parsing dates
220  xmlListslogger.log(Level.SEVERE, "Error loading keyword list: can't parse dates.", e); //NON-NLS
221  return false;
222  }
223  return true;
224  }
225 }

Copyright © 2012-2022 Basis Technology. Generated on: Tue Jun 27 2023
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.