Sleuth Kit Java Bindings (JNI)  4.11.0
Java bindings for using The Sleuth Kit
Report.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2014-2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.io.IOException;
22 import java.nio.ByteBuffer;
23 import java.nio.channels.FileChannel;
24 import java.nio.file.Files;
25 import java.nio.file.Path;
26 import java.nio.file.Paths;
27 import static java.nio.file.StandardOpenOption.READ;
28 import java.util.ArrayList;
29 import java.util.Collection;
30 import java.util.Collections;
31 import java.util.List;
32 import java.util.Set;
33 import java.util.logging.Level;
34 import java.util.logging.Logger;
35 import org.sleuthkit.datamodel.Blackboard.BlackboardException;
36 import org.sleuthkit.datamodel.SleuthkitCase.CaseDbTransaction;
37 
41 public class Report implements Content {
42 
43  private static final BlackboardArtifact.Type KEYWORD_HIT_TYPE = new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT);
44  static long ID_NOT_SET = -1;
45  private long objectId = ID_NOT_SET;
46  private final String pathAsString;
47  private final Path pathAsPath; // NULL if path is for a URL
48  private final long createdTime;
49  private final String sourceModuleName;
50  private final String reportName;
51 
52  private Content parent; // The object from which the report was generated.
53 
54  private final SleuthkitCase db; // A reference to the database instance.
55  private FileChannel fileChannel = null; // Used to read report content.
56 
57  private static final Logger LOGGER = Logger.getLogger(Report.class.getName());
58 
68  Report(SleuthkitCase db, long id, String path, long createdTime, String sourceModuleName, String reportName, Content parent) {
69  this.db = db;
70  this.objectId = id;
71  this.pathAsString = path;
72  if (path.startsWith("http")) {
73  this.pathAsPath = null;
74  } else {
75  this.pathAsPath = Paths.get(path);
76  }
77 
78  this.createdTime = createdTime;
79  this.sourceModuleName = sourceModuleName;
80  this.reportName = reportName;
81  this.parent = parent;
82  }
83 
84  @Override
85  public long getId() {
86  return objectId;
87  }
88 
94  public String getPath() {
95  return (pathAsPath != null ? pathAsPath.toString() : pathAsString);
96  }
97 
103  public long getCreatedTime() {
104  return createdTime;
105  }
106 
113  public String getSourceModuleName() {
114  return this.sourceModuleName;
115  }
116 
122  public String getReportName() {
123  return reportName;
124  }
125 
126  @Override
127  public int read(byte[] buf, long offset, long len) throws TskCoreException {
128  if (pathAsPath == null || Files.isDirectory(pathAsPath)) {
129  return 0;
130  }
131 
132  int totalBytesRead = 0;
133  ByteBuffer data = ByteBuffer.wrap(buf);
134  try {
135  if (fileChannel == null) {
136  fileChannel = FileChannel.open(pathAsPath, READ);
137  }
138  fileChannel.position(offset);
139  int bytesRead = 0;
140  do {
141  bytesRead = fileChannel.read(data);
142  if (bytesRead != -1) {
143  totalBytesRead += bytesRead;
144  }
145  } while (bytesRead != -1 && data.hasRemaining());
146  } catch (IOException ex) {
147  LOGGER.log(Level.SEVERE, "Failed to read report file.", ex);
148  }
149 
150  return totalBytesRead;
151  }
152 
153  @Override
154  public void close() {
155  try {
156  if (fileChannel != null) {
157  fileChannel.close();
158  }
159  } catch (IOException ex) {
160  LOGGER.log(Level.WARNING, "Failed to close report file.", ex);
161  }
162  }
163 
164  @Override
165  public long getSize() {
166  try {
167  return (pathAsPath != null ? Files.size(pathAsPath) : 0);
168  } catch (IOException ex) {
169  LOGGER.log(Level.SEVERE, "Failed to get size of report.", ex);
170  // If we cannot determine the size of the report, return zero
171  // to prevent attempts to read content.
172  return 0;
173  }
174  }
175 
176  @Override
177  public <T> T accept(ContentVisitor<T> v) {
178  return v.visit(this);
179  }
180 
181  @Override
182  public String getName() {
183  return reportName;
184  }
185 
186  @Override
187  public String getUniquePath() throws TskCoreException {
188  // @@@ This is wrong... we need to use the same logic is in AbstractContent.getUniquePath().
189  return getPath();
190  }
191 
192  @Override
193  public Content getDataSource() throws TskCoreException {
194  if (null == parent) {
195  return null;
196  } else {
197  return parent.getDataSource();
198  }
199  }
200 
201  @Override
202  public List<Content> getChildren() throws TskCoreException {
203  return Collections.<Content>emptyList();
204  }
205 
206  @Override
207  public boolean hasChildren() throws TskCoreException {
208  return false;
209  }
210 
211  @Override
212  public int getChildrenCount() throws TskCoreException {
213  return 0;
214  }
215 
216  @Override
217  public Content getParent() throws TskCoreException {
218  if (parent == null) {
219  SleuthkitCase.ObjectInfo parentInfo;
220  parentInfo = db.getParentInfo(this);
221  if (parentInfo == null) {
222  parent = null;
223  } else {
224  parent = db.getContentById(parentInfo.getId());
225  }
226  }
227  return parent;
228  }
229 
230  @Override
231  public List<Long> getChildrenIds() throws TskCoreException {
232  return Collections.<Long>emptyList();
233  }
234 
235  @Deprecated
236  @Override
237  public BlackboardArtifact newArtifact(int artifactTypeID) throws TskCoreException {
238  if (artifactTypeID != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
239  throw new TskCoreException("Reports can only have keyword hit artifacts.");
240  }
241 
242  long fileObjId = getId();
243  long dsObjId = getDataSource() == null ? null : getDataSource().getId();
244 
245  try {
246  return db.getBlackboard().newAnalysisResult(
247  KEYWORD_HIT_TYPE, fileObjId, dsObjId, Score.SCORE_UNKNOWN,
248  null, null, null, Collections.emptyList())
249  .getAnalysisResult();
250  } catch (BlackboardException ex) {
251  throw new TskCoreException("Unable to get analysis result for keword hit.", ex);
252  }
253  }
254 
255  @Override
256  public AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection<BlackboardAttribute> attributesList) throws TskCoreException {
257  CaseDbTransaction trans = db.beginTransaction();
258  try {
259  AnalysisResultAdded resultAdded = db.getBlackboard().newAnalysisResult(artifactType, objectId, this.getDataSource().getId(), score, conclusion, configuration, justification, attributesList, trans);
260 
261  trans.commit();
262  return resultAdded;
263  } catch (BlackboardException ex) {
264  trans.rollback();
265  throw new TskCoreException("Error adding analysis result.", ex);
266  }
267  }
268 
269  @Override
270  public AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection<BlackboardAttribute> attributesList, long dataSourceId) throws TskCoreException {
271  CaseDbTransaction trans = db.beginTransaction();
272  try {
273  AnalysisResultAdded resultAdded = db.getBlackboard().newAnalysisResult(artifactType, objectId, dataSourceId, score, conclusion, configuration, justification, attributesList, trans);
274 
275  trans.commit();
276  return resultAdded;
277  } catch (BlackboardException ex) {
278  trans.rollback();
279  throw new TskCoreException("Error adding analysis result.", ex);
280  }
281  }
282 
283  @Override
284  public DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection<BlackboardAttribute> attributesList, Long osAccountId) throws TskCoreException {
285 
286  if (artifactType.getTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
287  throw new TskCoreException("Reports can only have keyword hit artifacts.");
288  }
289 
290  return db.getBlackboard().newDataArtifact(artifactType, objectId, this.getDataSource().getId(), attributesList, osAccountId);
291  }
292 
293  @Override
294  public DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection<BlackboardAttribute> attributesList, Long osAccountId, long dataSourceId) throws TskCoreException {
295 
296  if (artifactType.getTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
297  throw new TskCoreException("Reports can only have keyword hit artifacts.");
298  }
299 
300  return db.getBlackboard().newDataArtifact(artifactType, objectId, dataSourceId, attributesList, osAccountId);
301  }
302 
303  @Override
304  public DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection<BlackboardAttribute> attributesList) throws TskCoreException {
305  return newDataArtifact(artifactType, attributesList, null);
306  }
307 
308  @Deprecated
309  @SuppressWarnings("deprecation")
310  @Override
311  public BlackboardArtifact newArtifact(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
312  return newArtifact(type.getTypeID());
313  }
314 
315  @Override
316  public ArrayList<BlackboardArtifact> getArtifacts(String artifactTypeName) throws TskCoreException {
317  return getArtifacts(db.getArtifactType(artifactTypeName).getTypeID());
318  }
319 
320  @Override
321  public BlackboardArtifact getGenInfoArtifact() throws TskCoreException {
322  // TSK_GEN_INFO artifact is obsolete.
323  return null;
324  }
325 
326  @Override
327  public BlackboardArtifact getGenInfoArtifact(boolean create) throws TskCoreException {
328  // TSK_GEN_INFO artifact is obsolete.
329  return null;
330  }
331 
332  @Override
333  public ArrayList<BlackboardAttribute> getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException {
334  // TSK_GEN_INFO artifact is obsolete.
335  return null;
336  }
337 
338  @Override
339  public ArrayList<BlackboardArtifact> getArtifacts(int artifactTypeID) throws TskCoreException {
340  if (artifactTypeID != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
341  throw new TskCoreException("Reports can only have keyword hit artifacts.");
342  }
343  return db.getBlackboardArtifacts(artifactTypeID, objectId);
344  }
345 
346  @Override
347  public ArrayList<BlackboardArtifact> getArtifacts(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
348  return getArtifacts(type.getTypeID());
349  }
350 
351  @Override
352  public ArrayList<BlackboardArtifact> getAllArtifacts() throws TskCoreException {
353  return db.getMatchingArtifacts("WHERE obj_id = " + objectId); //NON-NLS
354  }
355 
356  @Override
357  public List<AnalysisResult> getAllAnalysisResults() throws TskCoreException {
358  return db.getBlackboard().getAnalysisResults(objectId);
359  }
360 
361  @Override
362  public List<DataArtifact> getAllDataArtifacts() throws TskCoreException {
363  return db.getBlackboard().getDataArtifactsBySource(objectId);
364  }
365 
366  @Override
367  public List<AnalysisResult> getAnalysisResults(BlackboardArtifact.Type artifactType) throws TskCoreException {
368  return db.getBlackboard().getAnalysisResults(objectId, artifactType.getTypeID());
369  }
370 
371  @Override
372  public Score getAggregateScore() throws TskCoreException {
373  return db.getScoringManager().getAggregateScore(objectId);
374  }
375 
376  @Override
377  public Set<String> getHashSetNames() throws TskCoreException {
378  return Collections.<String>emptySet();
379  }
380 
381  @Override
382  public long getArtifactsCount(String artifactTypeName) throws TskCoreException {
383  return getArtifactsCount(db.getArtifactType(artifactTypeName).getTypeID());
384  }
385 
386  @Override
387  public long getArtifactsCount(int artifactTypeID) throws TskCoreException {
388  if (artifactTypeID != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
389  throw new TskCoreException("Reports can only have keyword hit artifacts.");
390  }
391  return db.getBlackboardArtifactsCount(artifactTypeID, objectId);
392  }
393 
394  @Override
395  public long getArtifactsCount(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
396  return getArtifactsCount(type.getTypeID());
397  }
398 
399  @Override
400  public long getAllArtifactsCount() throws TskCoreException {
401  return db.getBlackboardArtifactsCount(objectId);
402  }
403 
404  @Override
405  public <T> T accept(SleuthkitItemVisitor<T> v) {
406  return v.visit(this);
407  }
408 }
org.sleuthkit.datamodel.Score.SCORE_UNKNOWN
static final Score SCORE_UNKNOWN
Definition: Score.java:213
org.sleuthkit.datamodel.Report.getChildren
List< Content > getChildren()
Definition: Report.java:202
org.sleuthkit.datamodel.Report.getAllDataArtifacts
List< DataArtifact > getAllDataArtifacts()
Definition: Report.java:362
org.sleuthkit.datamodel.Report.newAnalysisResult
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList)
Definition: Report.java:256
org.sleuthkit.datamodel.Report.getHashSetNames
Set< String > getHashSetNames()
Definition: Report.java:377
org.sleuthkit.datamodel.Report.newDataArtifact
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList)
Definition: Report.java:304
org.sleuthkit.datamodel.SleuthkitCase.getBlackboardArtifacts
ArrayList< BlackboardArtifact > getBlackboardArtifacts(int artifactTypeID)
Definition: SleuthkitCase.java:3493
org.sleuthkit.datamodel.Report.getAnalysisResults
List< AnalysisResult > getAnalysisResults(BlackboardArtifact.Type artifactType)
Definition: Report.java:367
org.sleuthkit.datamodel.Report.newDataArtifact
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId)
Definition: Report.java:294
org.sleuthkit.datamodel.Report.getArtifactsCount
long getArtifactsCount(int artifactTypeID)
Definition: Report.java:387
org.sleuthkit.datamodel.Blackboard.newDataArtifact
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, long sourceObjId, Long dataSourceObjId, Collection< BlackboardAttribute > attributes, Long osAccountId)
Definition: Blackboard.java:1212
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT
TSK_KEYWORD_HIT
Definition: BlackboardArtifact.java:1603
org.sleuthkit.datamodel.Report.getArtifactsCount
long getArtifactsCount(String artifactTypeName)
Definition: Report.java:382
org.sleuthkit.datamodel.Content.getDataSource
Content getDataSource()
org.sleuthkit.datamodel.Report.getAllAnalysisResults
List< AnalysisResult > getAllAnalysisResults()
Definition: Report.java:357
org.sleuthkit.datamodel.Report.newDataArtifact
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId)
Definition: Report.java:284
org.sleuthkit.datamodel.ContentVisitor.visit
T visit(Directory d)
org.sleuthkit.datamodel.Blackboard.getAnalysisResults
List< AnalysisResult > getAnalysisResults(long sourceObjId)
Definition: Blackboard.java:398
org.sleuthkit.datamodel.Report.getGenInfoAttributes
ArrayList< BlackboardAttribute > getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE attr_type)
Definition: Report.java:333
org.sleuthkit.datamodel.Report.getChildrenIds
List< Long > getChildrenIds()
Definition: Report.java:231
org.sleuthkit.datamodel.Report.getArtifacts
ArrayList< BlackboardArtifact > getArtifacts(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: Report.java:347
org.sleuthkit.datamodel.SleuthkitCase.getMatchingArtifacts
ArrayList< BlackboardArtifact > getMatchingArtifacts(String whereClause)
Definition: SleuthkitCase.java:5176
org.sleuthkit.datamodel.Report.newAnalysisResult
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId)
Definition: Report.java:270
org.sleuthkit.datamodel.Report.newArtifact
BlackboardArtifact newArtifact(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: Report.java:311
org.sleuthkit.datamodel.Report.getArtifacts
ArrayList< BlackboardArtifact > getArtifacts(String artifactTypeName)
Definition: Report.java:316
org.sleuthkit.datamodel.Content
Definition: Content.java:33
org.sleuthkit.datamodel.Report.newArtifact
BlackboardArtifact newArtifact(int artifactTypeID)
Definition: Report.java:237
org.sleuthkit.datamodel.Report.read
int read(byte[] buf, long offset, long len)
Definition: Report.java:127
org.sleuthkit.datamodel.ContentVisitor
Definition: ContentVisitor.java:32
org.sleuthkit.datamodel.SleuthkitCase.getArtifactType
BlackboardArtifact.Type getArtifactType(String artTypeName)
Definition: SleuthkitCase.java:4835
org.sleuthkit.datamodel.Content.getId
long getId()
org.sleuthkit.datamodel.Blackboard.newAnalysisResult
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, long objId, Long dataSourceObjId, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList)
Definition: Blackboard.java:178
org.sleuthkit.datamodel.Report.getGenInfoArtifact
BlackboardArtifact getGenInfoArtifact()
Definition: Report.java:321
org.sleuthkit.datamodel.Report.getArtifactsCount
long getArtifactsCount(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: Report.java:395
org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE
Definition: BlackboardAttribute.java:1021
org.sleuthkit.datamodel.Report.getAllArtifacts
ArrayList< BlackboardArtifact > getAllArtifacts()
Definition: Report.java:352
org.sleuthkit.datamodel.Report.getArtifacts
ArrayList< BlackboardArtifact > getArtifacts(int artifactTypeID)
Definition: Report.java:339
org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE
Definition: BlackboardArtifact.java:1547
org.sleuthkit.datamodel.Report.getGenInfoArtifact
BlackboardArtifact getGenInfoArtifact(boolean create)
Definition: Report.java:327

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.