Sleuth Kit Java Bindings (JNI)  4.11.1
Java bindings for using The Sleuth Kit
Report.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2014-2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import java.io.IOException;
22 import java.nio.ByteBuffer;
23 import java.nio.channels.FileChannel;
24 import java.nio.file.Files;
25 import java.nio.file.Path;
26 import java.nio.file.Paths;
27 import static java.nio.file.StandardOpenOption.READ;
28 import java.util.ArrayList;
29 import java.util.Collection;
30 import java.util.Collections;
31 import java.util.List;
32 import java.util.Set;
33 import java.util.logging.Level;
34 import java.util.logging.Logger;
37 
41 public class Report implements Content {
42 
44  static long ID_NOT_SET = -1;
45  private long objectId = ID_NOT_SET;
46  private final String pathAsString;
47  private final Path pathAsPath; // NULL if path is for a URL
48  private final long createdTime;
49  private final String sourceModuleName;
50  private final String reportName;
51 
52  private Content parent; // The object from which the report was generated.
53 
54  private final SleuthkitCase db; // A reference to the database instance.
55  private FileChannel fileChannel = null; // Used to read report content.
56 
57  private static final Logger LOGGER = Logger.getLogger(Report.class.getName());
58 
68  Report(SleuthkitCase db, long id, String path, long createdTime, String sourceModuleName, String reportName, Content parent) {
69  this.db = db;
70  this.objectId = id;
71  this.pathAsString = path;
72  if (path.startsWith("http")) {
73  this.pathAsPath = null;
74  } else {
75  this.pathAsPath = Paths.get(path);
76  }
77 
78  this.createdTime = createdTime;
79  this.sourceModuleName = sourceModuleName;
80  this.reportName = reportName;
81  this.parent = parent;
82  }
83 
84  @Override
85  public long getId() {
86  return objectId;
87  }
88 
94  public String getPath() {
95  return (pathAsPath != null ? pathAsPath.toString() : pathAsString);
96  }
97 
103  public long getCreatedTime() {
104  return createdTime;
105  }
106 
113  public String getSourceModuleName() {
114  return this.sourceModuleName;
115  }
116 
122  public String getReportName() {
123  return reportName;
124  }
125 
126  @Override
127  public int read(byte[] buf, long offset, long len) throws TskCoreException {
128  if (pathAsPath == null || Files.isDirectory(pathAsPath)) {
129  return 0;
130  }
131 
132  int totalBytesRead = 0;
133  ByteBuffer data = ByteBuffer.wrap(buf);
134  try {
135  if (fileChannel == null) {
136  fileChannel = FileChannel.open(pathAsPath, READ);
137  }
138  fileChannel.position(offset);
139  int bytesRead = 0;
140  do {
141  bytesRead = fileChannel.read(data);
142  if (bytesRead != -1) {
143  totalBytesRead += bytesRead;
144  }
145  } while (bytesRead != -1 && data.hasRemaining());
146  } catch (IOException ex) {
147  LOGGER.log(Level.SEVERE, "Failed to read report file.", ex);
148  }
149 
150  return totalBytesRead;
151  }
152 
153  @Override
154  public void close() {
155  try {
156  if (fileChannel != null) {
157  fileChannel.close();
158  }
159  } catch (IOException ex) {
160  LOGGER.log(Level.WARNING, "Failed to close report file.", ex);
161  }
162  }
163 
164  @Override
165  public long getSize() {
166  try {
167  return (pathAsPath != null ? Files.size(pathAsPath) : 0);
168  } catch (IOException ex) {
169  LOGGER.log(Level.SEVERE, "Failed to get size of report.", ex);
170  // If we cannot determine the size of the report, return zero
171  // to prevent attempts to read content.
172  return 0;
173  }
174  }
175 
176  @Override
177  public <T> T accept(ContentVisitor<T> v) {
178  return v.visit(this);
179  }
180 
181  @Override
182  public String getName() {
183  return reportName;
184  }
185 
186  @Override
187  public String getUniquePath() throws TskCoreException {
188  // @@@ This is wrong... we need to use the same logic is in AbstractContent.getUniquePath().
189  return getPath();
190  }
191 
192  @Override
194  if (null == parent) {
195  return null;
196  } else {
197  return parent.getDataSource();
198  }
199  }
200 
201  @Override
202  public List<Content> getChildren() throws TskCoreException {
203  return Collections.<Content>emptyList();
204  }
205 
206  @Override
207  public boolean hasChildren() throws TskCoreException {
208  return false;
209  }
210 
211  @Override
212  public int getChildrenCount() throws TskCoreException {
213  return 0;
214  }
215 
216  @Override
218  if (parent == null) {
219  SleuthkitCase.ObjectInfo parentInfo;
220  parentInfo = db.getParentInfo(this);
221  if (parentInfo == null) {
222  parent = null;
223  } else {
224  parent = db.getContentById(parentInfo.getId());
225  }
226  }
227  return parent;
228  }
229 
230  @Override
231  public List<Long> getChildrenIds() throws TskCoreException {
232  return Collections.<Long>emptyList();
233  }
234 
235  @Deprecated
236  @Override
237  public BlackboardArtifact newArtifact(int artifactTypeID) throws TskCoreException {
238  if (artifactTypeID != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
239  throw new TskCoreException("Reports can only have keyword hit artifacts.");
240  }
241 
242  long fileObjId = getId();
243  long dsObjId = getDataSource() == null ? null : getDataSource().getId();
244 
245  try {
246  return db.getBlackboard().newAnalysisResult(
247  KEYWORD_HIT_TYPE, fileObjId, dsObjId, Score.SCORE_UNKNOWN,
248  null, null, null, Collections.emptyList())
249  .getAnalysisResult();
250  } catch (BlackboardException ex) {
251  throw new TskCoreException("Unable to get analysis result for keword hit.", ex);
252  }
253  }
254 
255  @Override
256  public AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection<BlackboardAttribute> attributesList) throws TskCoreException {
257  // Get the data source before opening the transaction
258  long dataSourceObjId = getDataSource().getId();
259 
260  CaseDbTransaction trans = db.beginTransaction();
261  try {
262  AnalysisResultAdded resultAdded = db.getBlackboard().newAnalysisResult(artifactType, objectId, dataSourceObjId, score, conclusion, configuration, justification, attributesList, trans);
263 
264  trans.commit();
265  return resultAdded;
266  } catch (BlackboardException ex) {
267  trans.rollback();
268  throw new TskCoreException("Error adding analysis result.", ex);
269  }
270  }
271 
272  @Override
273  public AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection<BlackboardAttribute> attributesList, long dataSourceId) throws TskCoreException {
274  CaseDbTransaction trans = db.beginTransaction();
275  try {
276  AnalysisResultAdded resultAdded = db.getBlackboard().newAnalysisResult(artifactType, objectId, dataSourceId, score, conclusion, configuration, justification, attributesList, trans);
277 
278  trans.commit();
279  return resultAdded;
280  } catch (BlackboardException ex) {
281  trans.rollback();
282  throw new TskCoreException("Error adding analysis result.", ex);
283  }
284  }
285 
286  @Override
287  public DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection<BlackboardAttribute> attributesList, Long osAccountId) throws TskCoreException {
288 
289  if (artifactType.getTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID() &&
290  artifactType.getTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT.getTypeID()) {
291  throw new TskCoreException("Reports can only have keyword hit artifacts.");
292  }
293 
294  return db.getBlackboard().newDataArtifact(artifactType, objectId, this.getDataSource().getId(), attributesList, osAccountId);
295  }
296 
297  @Override
298  public DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection<BlackboardAttribute> attributesList, Long osAccountId, long dataSourceId) throws TskCoreException {
299 
300  if (artifactType.getTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID() &&
301  artifactType.getTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT.getTypeID()) {
302  throw new TskCoreException("Reports can only have keyword hit artifacts.");
303  }
304  return db.getBlackboard().newDataArtifact(artifactType, objectId, dataSourceId, attributesList, osAccountId);
305  }
306 
307  @Override
308  public DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection<BlackboardAttribute> attributesList) throws TskCoreException {
309  return newDataArtifact(artifactType, attributesList, null);
310  }
311 
312  @Deprecated
313  @SuppressWarnings("deprecation")
314  @Override
316  return newArtifact(type.getTypeID());
317  }
318 
319  @Override
320  public ArrayList<BlackboardArtifact> getArtifacts(String artifactTypeName) throws TskCoreException {
321  return getArtifacts(db.getBlackboard().getArtifactType(artifactTypeName).getTypeID());
322  }
323 
324  @Override
326  // TSK_GEN_INFO artifact is obsolete.
327  return null;
328  }
329 
330  @Override
332  // TSK_GEN_INFO artifact is obsolete.
333  return null;
334  }
335 
336  @Override
337  public ArrayList<BlackboardAttribute> getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE attr_type) throws TskCoreException {
338  // TSK_GEN_INFO artifact is obsolete.
339  return null;
340  }
341 
342  @Override
343  public ArrayList<BlackboardArtifact> getArtifacts(int artifactTypeID) throws TskCoreException {
344  if (artifactTypeID != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
345  throw new TskCoreException("Reports can only have keyword hit artifacts.");
346  }
347  return db.getBlackboardArtifacts(artifactTypeID, objectId);
348  }
349 
350  @Override
351  public ArrayList<BlackboardArtifact> getArtifacts(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
352  return getArtifacts(type.getTypeID());
353  }
354 
355  @Override
356  public ArrayList<BlackboardArtifact> getAllArtifacts() throws TskCoreException {
357  return db.getMatchingArtifacts("WHERE obj_id = " + objectId); //NON-NLS
358  }
359 
360  @Override
361  public List<AnalysisResult> getAllAnalysisResults() throws TskCoreException {
362  return db.getBlackboard().getAnalysisResults(objectId);
363  }
364 
365  @Override
366  public List<DataArtifact> getAllDataArtifacts() throws TskCoreException {
367  return db.getBlackboard().getDataArtifactsBySource(objectId);
368  }
369 
370  @Override
371  public List<AnalysisResult> getAnalysisResults(BlackboardArtifact.Type artifactType) throws TskCoreException {
372  return db.getBlackboard().getAnalysisResults(objectId, artifactType.getTypeID());
373  }
374 
375  @Override
377  return db.getScoringManager().getAggregateScore(objectId);
378  }
379 
380  @Override
381  public Set<String> getHashSetNames() throws TskCoreException {
382  return Collections.<String>emptySet();
383  }
384 
385  @Override
386  public long getArtifactsCount(String artifactTypeName) throws TskCoreException {
387  return getArtifactsCount(db.getBlackboard().getArtifactType(artifactTypeName).getTypeID());
388  }
389 
390  @Override
391  public long getArtifactsCount(int artifactTypeID) throws TskCoreException {
392  if (artifactTypeID != BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
393  throw new TskCoreException("Reports can only have keyword hit artifacts.");
394  }
395  return db.getBlackboardArtifactsCount(artifactTypeID, objectId);
396  }
397 
398  @Override
400  return getArtifactsCount(type.getTypeID());
401  }
402 
403  @Override
404  public long getAllArtifactsCount() throws TskCoreException {
405  return db.getBlackboardArtifactsCount(objectId);
406  }
407 
408  @Override
409  public <T> T accept(SleuthkitItemVisitor<T> v) {
410  return v.visit(this);
411  }
412 }
static final Score SCORE_UNKNOWN
Definition: Score.java:213
List< Content > getChildren()
Definition: Report.java:202
List< DataArtifact > getAllDataArtifacts()
Definition: Report.java:366
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList)
Definition: Report.java:256
Set< String > getHashSetNames()
Definition: Report.java:381
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList)
Definition: Report.java:308
ArrayList< BlackboardArtifact > getBlackboardArtifacts(int artifactTypeID)
List< AnalysisResult > getAnalysisResults(BlackboardArtifact.Type artifactType)
Definition: Report.java:371
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId, long dataSourceId)
Definition: Report.java:298
long getArtifactsCount(int artifactTypeID)
Definition: Report.java:391
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, long sourceObjId, Long dataSourceObjId, Collection< BlackboardAttribute > attributes, Long osAccountId)
long getArtifactsCount(String artifactTypeName)
Definition: Report.java:386
List< AnalysisResult > getAllAnalysisResults()
Definition: Report.java:361
DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection< BlackboardAttribute > attributesList, Long osAccountId)
Definition: Report.java:287
ArrayList< BlackboardAttribute > getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE attr_type)
Definition: Report.java:337
List< Long > getChildrenIds()
Definition: Report.java:231
ArrayList< BlackboardArtifact > getArtifacts(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: Report.java:351
List< AnalysisResult > getAnalysisResults(long dataSourceObjId, Integer artifactTypeID)
ArrayList< BlackboardArtifact > getMatchingArtifacts(String whereClause)
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList, long dataSourceId)
Definition: Report.java:273
BlackboardArtifact newArtifact(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: Report.java:315
ArrayList< BlackboardArtifact > getArtifacts(String artifactTypeName)
Definition: Report.java:320
BlackboardArtifact.Type getArtifactType(String artTypeName)
BlackboardArtifact newArtifact(int artifactTypeID)
Definition: Report.java:237
int read(byte[] buf, long offset, long len)
Definition: Report.java:127
AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, long objId, Long dataSourceObjId, Score score, String conclusion, String configuration, String justification, Collection< BlackboardAttribute > attributesList)
BlackboardArtifact getGenInfoArtifact()
Definition: Report.java:325
long getArtifactsCount(BlackboardArtifact.ARTIFACT_TYPE type)
Definition: Report.java:399
ArrayList< BlackboardArtifact > getAllArtifacts()
Definition: Report.java:356
ArrayList< BlackboardArtifact > getArtifacts(int artifactTypeID)
Definition: Report.java:343
BlackboardArtifact getGenInfoArtifact(boolean create)
Definition: Report.java:331

Copyright © 2011-2021 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.