MessageAttachments.java

Go to the documentation of this file.

/*
 * Sleuth Kit Data Model
 *
 * Copyright 2019-2020 Basis Technology Corp.
 * Contact: carrier <at> sleuthkit <dot> org
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.sleuthkit.datamodel.blackboardutils.attributes;

import com.google.common.collect.ImmutableList;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.DerivedFile;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData;

public final class MessageAttachments {
        
        public interface Attachment {

                String getLocation();

                /*
                 * Returns object id of the attachment file.
                 *
                 * @return Object id of attachment, may be null if not available or not
                 * applicable.
                 */
                Long getObjId();

        }

        public static class URLAttachment implements Attachment {

                private final String url;

                public URLAttachment(String url) {
                        this.url = url;
                }

                public String getURL() {
                        return url;
                }

                @Override
                public String getLocation() {
                        return this.url;
                }

                @Override
                public Long getObjId() {
                        // no real object available. 
                        return null;
                }

        }
        
        public static final class FileAttachment implements Attachment {

                private final String path;
                private final long objectID;

                // Mobile phones often create mount points to refer to SD Cards or other 
                // fixed/removable storage media.
                //
                // Applications use these mount points when referring files. But they may
                // not exist physically in the data source.
                //
                // Common, wellknown mount points are stripped from the file paths to
                // accurately search for the file in the image.
                transient private static final List<String> KNOWN_MOUNTPOINTS
                                = ImmutableList.of(
                                                "/data/", // NON-NLS
                                                "/storage/emulated/"); //NON-NLS

                public FileAttachment(SleuthkitCase caseDb, Content dataSource, String pathName) throws TskCoreException {

                        //normalize the slashes.
                        this.path = normalizePath(pathName);

                        String fileName = path.substring(path.lastIndexOf('/') + 1);
                        if (fileName.isEmpty()) {
                                throw new TskCoreException(String.format("No file name specified for attachment file: %s, on data source = %d", path, dataSource.getId()));
                        }

                        String parentPathSubString = (path.lastIndexOf('/') < 0) ? "" : path.substring(0, path.lastIndexOf('/'));

                        // find the attachment file 
                        objectID = findAttachmentFile(caseDb, fileName, parentPathSubString, dataSource);
                }

                public FileAttachment(DerivedFile derivedFile) {
                        objectID = derivedFile.getId();
                        path = derivedFile.getLocalAbsPath() + "/" + derivedFile.getName();
                }

                public FileAttachment(AbstractFile abstractFile) {
                        objectID = abstractFile.getId();
                        path = abstractFile.getParentPath() + "/" + abstractFile.getName();
                }

                public String getPathName() {
                        return path;
                }

                public long getObjectId() {
                        return objectID;
                }

                private String normalizePath(String path) {
                        //normalize the slashes, replace encoded space
                        String adjustedPath = path.replace("\\", "/").replace("%20", " ");

                        // Strip common known mountpoints.
                        for (String mountPoint : KNOWN_MOUNTPOINTS) {
                                if (adjustedPath.toLowerCase().startsWith(mountPoint)) {
                                        adjustedPath = ("/").concat(adjustedPath.substring(mountPoint.length()));
                                        break;
                                }
                        }

                        return adjustedPath;
                }

                private long findAttachmentFile(SleuthkitCase caseDb, String fileName, String parentPathSubstring, Content dataSource) throws TskCoreException {

                        // Find all files with matching name and parent path substring
                        String whereClause = String.format("LOWER(name) = LOWER('%s') AND LOWER(parent_path) LIKE LOWER('%%%s%%')", fileName, parentPathSubstring);
                        List<AbstractFile> matchedFiles = caseDb.findAllFilesWhere(whereClause);

                        // separate the matching files into allocated files on same datsource, 
                        // allocated files on other data sources, and unallocated files.
                        List<Long> allocFileMatchesOnSameDatasource = new ArrayList<>();
                        List<Long> allocFileMatchesOnOtherDatasources = new ArrayList<>();
                        List<Long> unallocFileMatches = new ArrayList<>();

                        for (AbstractFile file : matchedFiles) {
                                if (file.isMetaFlagSet(TskData.TSK_FS_META_FLAG_ENUM.ALLOC)) {
                                        if (dataSource.getId() == file.getDataSource().getId()) {
                                                allocFileMatchesOnSameDatasource.add(file.getId());
                                        } else {
                                                allocFileMatchesOnOtherDatasources.add(file.getId());
                                        }
                                } else {        // unallocated file 
                                        unallocFileMatches.add(file.getId());
                                }
                        }

                        // pick the best match from the 3 lists.
                        return pickBestMatchFile(allocFileMatchesOnSameDatasource, allocFileMatchesOnOtherDatasources, unallocFileMatches);
                }

                private long pickBestMatchFile(List<Long> allocFileMatchesOnSameDatasource,
                                List<Long> allocFileMatchesOnOtherDatasources,
                                List<Long> unallocFileMatches) {

                        // check if there's an allocated file match on the same data source
                        if (!allocFileMatchesOnSameDatasource.isEmpty() && allocFileMatchesOnSameDatasource.size() == 1) {
                                return allocFileMatchesOnSameDatasource.get(0);
                        }
                        // if no match found yet,check if there's an allocated file match on other data sources.
                        if (!allocFileMatchesOnOtherDatasources.isEmpty()
                                        && allocFileMatchesOnOtherDatasources.size() == 1) {
                                return allocFileMatchesOnOtherDatasources.get(0);
                        }
                        // if no match found yet, check if there is an unallocated file that matches.
                        if (!unallocFileMatches.isEmpty()
                                        && unallocFileMatches.size() == 1) {
                                return unallocFileMatches.get(0);
                        }
                        // no single suitable match found
                        return -1;

                }

                @Override
                public String getLocation() {
                        return this.path;
                }

                @Override
                public Long getObjId() {
                        return this.objectID;
                }
        }


        private final Collection<FileAttachment> fileAttachments;
        private final Collection<URLAttachment> urlAttachments;

        public MessageAttachments(Collection<FileAttachment> fileAttachments, Collection<URLAttachment> urlAttachments) {
                this.fileAttachments = fileAttachments;
                this.urlAttachments = urlAttachments;
        }

        public Collection<FileAttachment> getFileAttachments() {
                return Collections.unmodifiableCollection(fileAttachments);
        }

        public Collection<URLAttachment> getUrlAttachments() {
                return Collections.unmodifiableCollection(urlAttachments);
        }

        public int getAttachmentsCount() {
                return (fileAttachments.size() + urlAttachments.size());
        }
}