Sleuth Kit Java Bindings (JNI)  4.8.0
Java bindings for using The Sleuth Kit
TimelineFilter.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2018-2019 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel;
20 
21 import com.google.common.annotations.VisibleForTesting;
22 import com.google.common.collect.Lists;
23 import com.google.common.net.MediaType;
24 import java.util.ArrayList;
25 import java.util.Arrays;
26 import static java.util.Arrays.asList;
27 import java.util.Collection;
28 import java.util.HashSet;
29 import java.util.List;
30 import java.util.Objects;
31 import java.util.Set;
32 import java.util.stream.Collectors;
33 import static java.util.stream.Collectors.joining;
34 import java.util.stream.Stream;
35 import static org.apache.commons.lang3.ObjectUtils.notEqual;
36 import org.apache.commons.lang3.StringUtils;
37 import static org.sleuthkit.datamodel.SleuthkitCase.escapeSingleQuotes;
38 
44 public abstract class TimelineFilter {
45 
51  public abstract String getDisplayName();
52 
62  abstract String getSQLWhere(TimelineManager manager);
63 
69  public abstract TimelineFilter copyOf();
70 
71  @SuppressWarnings("unchecked")
72  static <S extends TimelineFilter, T extends CompoundFilter<S>> T copySubFilters(T from, T to) {
73  from.getSubFilters().forEach(subFilter -> to.addSubFilter((S) subFilter.copyOf()));
74  return to;
75  }
76 
83  public static class IntersectionFilter<SubFilterType extends TimelineFilter> extends CompoundFilter<SubFilterType> {
84 
91  @VisibleForTesting
92  public IntersectionFilter(List<SubFilterType> subFilters) {
93  super(subFilters);
94  }
95 
96  @Override
97  public IntersectionFilter<SubFilterType> copyOf() {
98  @SuppressWarnings("unchecked")
99  List<SubFilterType> subfilters = Lists.transform(getSubFilters(), f -> (SubFilterType) f.copyOf()); //make copies of all the subfilters.
100  return new IntersectionFilter<>(subfilters);
101  }
102 
103  @Override
104  public String getDisplayName() {
105  String subFilterDisplayNames = getSubFilters().stream()
106  .map(TimelineFilter::getDisplayName)
107  .collect(joining(","));
108  return BundleProvider.getBundle().getString("IntersectionFilter.displayName.text") + "[" + subFilterDisplayNames + "]";
109  }
110 
111  @Override
112  String getSQLWhere(TimelineManager manager) {
113  String trueLiteral = manager.getSQLWhere(null);
114  String join = this.getSubFilters().stream()
115  .filter(Objects::nonNull)
116  .map(filter -> filter.getSQLWhere(manager))
117  .filter(sqlString -> notEqual(sqlString, trueLiteral))
118  .collect(Collectors.joining(" AND "));
119  return join.isEmpty() ? trueLiteral : "(" + join + ")";
120  }
121 
122  }
123 
130  public static final class EventTypeFilter extends UnionFilter<EventTypeFilter> {
131 
132  private final TimelineEventType rootEventType;
133 
147  private EventTypeFilter(TimelineEventType rootEventType, boolean recursive) {
148  super(new ArrayList<>());
149  this.rootEventType = rootEventType;
150  if (recursive) {
151  // add subfilters for each subtype
152  for (TimelineEventType subType : rootEventType.getChildren()) {
153  addSubFilter(new EventTypeFilter(subType));
154  }
155  }
156  }
157 
168  public EventTypeFilter(TimelineEventType rootEventType) {
169  this(rootEventType, true);
170  }
171 
178  public TimelineEventType getRootEventType() {
179  return rootEventType;
180  }
181 
182  @Override
183  public String getDisplayName() {
184  return (TimelineEventType.ROOT_EVENT_TYPE.equals(rootEventType)) ? BundleProvider.getBundle().getString("TypeFilter.displayName.text") : rootEventType.getDisplayName();
185  }
186 
187  @Override
188  public EventTypeFilter copyOf() {
189  //make a nonrecursive copy of this filter, and then copy subfilters
190  // RC (10/1/19): Why?
191  return copySubFilters(this, new EventTypeFilter(rootEventType, false));
192  }
193 
194  @Override
195  public int hashCode() {
196  int hash = 7;
197  hash = 17 * hash + Objects.hashCode(this.rootEventType);
198  return hash;
199  }
200 
201  @Override
202  public boolean equals(Object obj) {
203  if (this == obj) {
204  return true;
205  }
206  if (obj == null) {
207  return false;
208  }
209  if (getClass() != obj.getClass()) {
210  return false;
211  }
212  final EventTypeFilter other = (EventTypeFilter) obj;
213  if (notEqual(this.rootEventType, other.getRootEventType())) {
214  return false;
215  }
216  return Objects.equals(this.getSubFilters(), other.getSubFilters());
217  }
218 
219  @Override
220  String getSQLWhere(TimelineManager manager) {
221  return "(tsk_events.event_type_id IN (" + getSubTypeIDs().collect(Collectors.joining(",")) + "))"; //NON-NLS
222  }
223 
224  private Stream<String> getSubTypeIDs() {
225  if (this.getSubFilters().isEmpty()) {
226  return Stream.of(String.valueOf(getRootEventType().getTypeID()));
227  } else {
228  return this.getSubFilters().stream().flatMap(EventTypeFilter::getSubTypeIDs);
229  }
230  }
231 
232  @Override
233  public String toString() {
234  return "EventTypeFilter{" + "rootEventType=" + rootEventType + ", subfilters=" + getSubFilters() + '}';
235  }
236 
237  }
238 
243  public static final class TagsFilter extends TimelineFilter {
244 
245  private boolean eventSourcesAreTagged;
246 
252  public TagsFilter() {
253  }
254 
264  public TagsFilter(boolean eventSourcesAreTagged) {
265  this.eventSourcesAreTagged = eventSourcesAreTagged;
266  }
267 
276  public synchronized void setEventSourcesAreTagged(boolean eventSourcesAreTagged) {
277  this.eventSourcesAreTagged = eventSourcesAreTagged;
278  }
279 
286  public synchronized boolean getEventSourceAreTagged() {
287  return eventSourcesAreTagged;
288  }
289 
290  @Override
291  public String getDisplayName() {
292  return BundleProvider.getBundle().getString("tagsFilter.displayName.text");
293  }
294 
295  @Override
296  public TagsFilter copyOf() {
297  return new TagsFilter(eventSourcesAreTagged);
298  }
299 
300  @Override
301  public boolean equals(Object obj) {
302  if (obj == null || !(obj instanceof TagsFilter)) {
303  return false;
304  }
305 
306  return ((TagsFilter) obj).getEventSourceAreTagged() == getEventSourceAreTagged();
307  }
308 
309  @Override
310  public int hashCode() {
311  int hash = 7;
312  hash = 67 * hash + Objects.hashCode(this.eventSourcesAreTagged);
313  return hash;
314  }
315 
316  @Override
317  String getSQLWhere(TimelineManager manager) {
318  String whereStr;
319  if (eventSourcesAreTagged) {
320  whereStr = "tagged = 1";
321  } else {
322  whereStr = "tagged = 0";
323  }
324 
325  return whereStr;
326  }
327 
328  }
329 
336  public static abstract class UnionFilter<SubFilterType extends TimelineFilter> extends TimelineFilter.CompoundFilter<SubFilterType> {
337 
338  UnionFilter(List<SubFilterType> subFilters) {
339  super(subFilters);
340  }
341 
342  UnionFilter() {
343  super(new ArrayList<SubFilterType>());
344  }
345 
346  @Override
347  public void addSubFilter(SubFilterType subfilter) {
348  super.addSubFilter(subfilter);
349  }
350 
351  @Override
352  String getSQLWhere(TimelineManager manager) {
353  String join = getSubFilters().stream()
354  .map(subFilter -> subFilter.getSQLWhere(manager))
355  .collect(Collectors.joining(" OR "));
356  return join.isEmpty() ? manager.getSQLWhere(null) : "(" + join + ")";
357  }
358 
359  }
360 
365  public static final class TextFilter extends TimelineFilter {
366 
367  private String descriptionSubstring;
368 
374  public TextFilter() {
375  this("");
376  }
377 
386  public TextFilter(String descriptionSubstring) {
387  super();
388  this.descriptionSubstring = descriptionSubstring.trim();
389  }
390 
397  public synchronized void setDescriptionSubstring(String descriptionSubstring) {
398  this.descriptionSubstring = descriptionSubstring.trim();
399  }
400 
401  @Override
402  public String getDisplayName() {
403  return BundleProvider.getBundle().getString("TextFilter.displayName.text");
404  }
405 
412  public synchronized String getDescriptionSubstring() {
413  return descriptionSubstring;
414  }
415 
416  @Override
417  public synchronized TextFilter copyOf() {
418  return new TextFilter(getDescriptionSubstring());
419  }
420 
421  @Override
422  public boolean equals(Object obj) {
423  if (obj == null) {
424  return false;
425  }
426  if (getClass() != obj.getClass()) {
427  return false;
428  }
429  final TextFilter other = (TextFilter) obj;
430  return Objects.equals(getDescriptionSubstring(), other.getDescriptionSubstring());
431  }
432 
433  @Override
434  public int hashCode() {
435  int hash = 5;
436  hash = 29 * hash + Objects.hashCode(this.descriptionSubstring);
437  return hash;
438  }
439 
440  @Override
441  String getSQLWhere(TimelineManager manager) {
442  if (StringUtils.isNotBlank(this.getDescriptionSubstring())) {
443  return "((med_description like '%" + escapeSingleQuotes(this.getDescriptionSubstring()) + "%')" //NON-NLS
444  + " or (full_description like '%" + escapeSingleQuotes(this.getDescriptionSubstring()) + "%')" //NON-NLS
445  + " or (short_description like '%" + escapeSingleQuotes(this.getDescriptionSubstring()) + "%'))"; //NON-NLS
446  } else {
447  return manager.getSQLWhere(null);
448  }
449  }
450 
451  @Override
452  public String toString() {
453  return "TextFilter{" + "textProperty=" + descriptionSubstring + '}';
454  }
455 
456  }
457 
462  public static final class RootFilter extends IntersectionFilter<TimelineFilter> {
463 
464  private final HideKnownFilter knownFilesFilter;
465  private final TagsFilter tagsFilter;
466  private final HashHitsFilter hashSetHitsFilter;
467  private final TextFilter descriptionSubstringFilter;
468  private final EventTypeFilter eventTypesFilter;
469  private final DataSourcesFilter dataSourcesFilter;
470  private final FileTypesFilter fileTypesFilter;
471  private final Set<TimelineFilter> additionalFilters = new HashSet<>();
472 
478  public DataSourcesFilter getDataSourcesFilter() {
479  return dataSourcesFilter;
480  }
481 
487  public TagsFilter getTagsFilter() {
488  return tagsFilter;
489  }
490 
496  public HashHitsFilter getHashHitsFilter() {
497  return hashSetHitsFilter;
498  }
499 
505  public EventTypeFilter getEventTypeFilter() {
506  return eventTypesFilter;
507  }
508 
514  public HideKnownFilter getKnownFilter() {
515  return knownFilesFilter;
516  }
517 
523  public TextFilter getTextFilter() {
524  return descriptionSubstringFilter;
525  }
526 
532  public FileTypesFilter getFileTypesFilter() {
533  return fileTypesFilter;
534  }
535 
561  public RootFilter(
562  HideKnownFilter knownFilesFilter,
563  TagsFilter tagsFilter,
564  HashHitsFilter hashSetHitsFilter,
565  TextFilter descriptionSubstringFilter,
566  EventTypeFilter eventTypesFilter,
567  DataSourcesFilter dataSourcesFilter,
568  FileTypesFilter fileTypesFilter,
569  Collection<TimelineFilter> additionalFilters) {
570 
571  super(Arrays.asList(descriptionSubstringFilter, knownFilesFilter, tagsFilter, dataSourcesFilter, hashSetHitsFilter, fileTypesFilter, eventTypesFilter));
572  getSubFilters().removeIf(Objects::isNull);
573  this.knownFilesFilter = knownFilesFilter;
574  this.tagsFilter = tagsFilter;
575  this.hashSetHitsFilter = hashSetHitsFilter;
576  this.descriptionSubstringFilter = descriptionSubstringFilter;
577  this.eventTypesFilter = eventTypesFilter;
578  this.dataSourcesFilter = dataSourcesFilter;
579  this.fileTypesFilter = fileTypesFilter;
580  this.additionalFilters.addAll(asList(descriptionSubstringFilter, knownFilesFilter, tagsFilter, dataSourcesFilter, hashSetHitsFilter, fileTypesFilter, eventTypesFilter));
581  this.additionalFilters.removeIf(Objects::isNull);
582  additionalFilters.stream().
583  filter(Objects::nonNull).
584  filter(this::hasAdditionalFilter).
585  map(TimelineFilter::copyOf).
586  forEach(anonymousFilter -> getSubFilters().add(anonymousFilter));
587  }
588 
589  @Override
590  public RootFilter copyOf() {
591  Set<TimelineFilter> subFilters = getSubFilters().stream()
592  .filter(this::hasAdditionalFilter)
593  .map(TimelineFilter::copyOf)
594  .collect(Collectors.toSet());
595  return new RootFilter(knownFilesFilter.copyOf(), tagsFilter.copyOf(),
596  hashSetHitsFilter.copyOf(), descriptionSubstringFilter.copyOf(), eventTypesFilter.copyOf(),
597  dataSourcesFilter.copyOf(), fileTypesFilter.copyOf(), subFilters);
598 
599  }
600 
601  private boolean hasAdditionalFilter(TimelineFilter subFilter) {
602  return !(additionalFilters.contains(subFilter));
603  }
604 
605  @Override
606  public String toString() {
607  return "RootFilter{" + "knownFilter=" + knownFilesFilter + ", tagsFilter=" + tagsFilter + ", hashFilter=" + hashSetHitsFilter + ", textFilter=" + descriptionSubstringFilter + ", typeFilter=" + eventTypesFilter + ", dataSourcesFilter=" + dataSourcesFilter + ", fileTypesFilter=" + fileTypesFilter + ", namedSubFilters=" + additionalFilters + '}';
608  }
609 
610  @Override
611  public int hashCode() {
612  int hash = 7;
613  hash = 17 * hash + Objects.hashCode(this.knownFilesFilter);
614  hash = 17 * hash + Objects.hashCode(this.tagsFilter);
615  hash = 17 * hash + Objects.hashCode(this.hashSetHitsFilter);
616  hash = 17 * hash + Objects.hashCode(this.descriptionSubstringFilter);
617  hash = 17 * hash + Objects.hashCode(this.eventTypesFilter);
618  hash = 17 * hash + Objects.hashCode(this.dataSourcesFilter);
619  hash = 17 * hash + Objects.hashCode(this.fileTypesFilter);
620  hash = 17 * hash + Objects.hashCode(this.additionalFilters);
621  return hash;
622  }
623 
624  @Override
625  public boolean equals(Object obj) {
626  if (this == obj) {
627  return true;
628  }
629  if (obj == null) {
630  return false;
631  }
632  if (getClass() != obj.getClass()) {
633  return false;
634  }
635  final RootFilter other = (RootFilter) obj;
636  if (notEqual(this.knownFilesFilter, other.getKnownFilter())) {
637  return false;
638  }
639  if (notEqual(this.tagsFilter, other.getTagsFilter())) {
640  return false;
641  }
642  if (notEqual(this.hashSetHitsFilter, other.getHashHitsFilter())) {
643  return false;
644  }
645  if (notEqual(this.descriptionSubstringFilter, other.getTextFilter())) {
646  return false;
647  }
648  if (notEqual(this.eventTypesFilter, other.getEventTypeFilter())) {
649  return false;
650  }
651  if (notEqual(this.dataSourcesFilter, other.getDataSourcesFilter())) {
652  return false;
653  }
654 
655  if (notEqual(this.fileTypesFilter, other.getFileTypesFilter())) {
656  return false;
657  }
658  return Objects.equals(this.additionalFilters, other.getSubFilters());
659  }
660 
661  }
662 
667  public static final class HideKnownFilter extends TimelineFilter {
668 
669  @Override
670  public String getDisplayName() {
671  return BundleProvider.getBundle().getString("hideKnownFilter.displayName.text");
672  }
673 
674  @Override
675  public HideKnownFilter copyOf() {
676  return new HideKnownFilter();
677  }
678 
679  @Override
680  public int hashCode() {
681  return 7;
682  }
683 
684  @Override
685  public boolean equals(Object obj) {
686  if (obj == null) {
687  return false;
688  }
689  return getClass() == obj.getClass();
690  }
691 
692  @Override
693  String getSQLWhere(TimelineManager manager) {
694  return "(known_state != " + TskData.FileKnown.KNOWN.getFileKnownValue() + ")"; // NON-NLS
695  }
696 
697  @Override
698  public String toString() {
699  return "HideKnownFilter{" + '}';
700  }
701 
702  }
703 
711  public static abstract class CompoundFilter<SubFilterType extends TimelineFilter> extends TimelineFilter {
712 
713  protected void addSubFilter(SubFilterType subfilter) {
714  if (getSubFilters().contains(subfilter) == false) {
715  getSubFilters().add(subfilter);
716  }
717  }
718 
719  private final List<SubFilterType> subFilters = new ArrayList<>();
720 
726  public final List<SubFilterType> getSubFilters() {
727  return subFilters;
728  }
729 
735  public boolean hasSubFilters() {
736  return getSubFilters().isEmpty() == false;
737  }
738 
745  protected CompoundFilter(List<SubFilterType> subFilters) {
746  super();
747  this.subFilters.addAll(subFilters);
748  }
749 
750  @Override
751  public abstract CompoundFilter<SubFilterType> copyOf();
752 
753  @Override
754  public int hashCode() {
755  int hash = 3;
756  hash = 23 * hash + Objects.hashCode(this.subFilters);
757  return hash;
758  }
759 
760  @Override
761  public boolean equals(Object obj) {
762  if (this == obj) {
763  return true;
764  }
765  if (obj == null) {
766  return false;
767  }
768  if (getClass() != obj.getClass()) {
769  return false;
770  }
771  final CompoundFilter<?> other = (CompoundFilter<?>) obj;
772  return Objects.equals(this.getSubFilters(), other.getSubFilters());
773  }
774 
775  @Override
776  public String toString() {
777  return this.getClass().getSimpleName() + "{" + "subFilters=" + subFilters + '}';
778  }
779 
780  }
781 
786  public static final class DataSourceFilter extends TimelineFilter {
787 
788  private final String dataSourceName;
789  private final long dataSourceID;
790 
796  public long getDataSourceID() {
797  return dataSourceID;
798  }
799 
805  public String getDataSourceName() {
806  return dataSourceName;
807  }
808 
816  public DataSourceFilter(String dataSourceName, long dataSourceID) {
817  super();
818  this.dataSourceName = dataSourceName;
819  this.dataSourceID = dataSourceID;
820  }
821 
822  @Override
823  public synchronized DataSourceFilter copyOf() {
824  return new DataSourceFilter(getDataSourceName(), getDataSourceID());
825  }
826 
827  @Override
828  public String getDisplayName() {
829  return getDataSourceName() + " (ID: " + getDataSourceID() + ")";
830  }
831 
832  @Override
833  public int hashCode() {
834  int hash = 3;
835  hash = 47 * hash + Objects.hashCode(this.dataSourceName);
836  hash = 47 * hash + (int) (this.dataSourceID ^ (this.dataSourceID >>> 32));
837  return hash;
838  }
839 
840  @Override
841  public boolean equals(Object obj) {
842  if (this == obj) {
843  return true;
844  }
845  if (obj == null) {
846  return false;
847  }
848  if (getClass() != obj.getClass()) {
849  return false;
850  }
851  final DataSourceFilter other = (DataSourceFilter) obj;
852  if (this.dataSourceID != other.dataSourceID) {
853  return false;
854  }
855  return Objects.equals(this.dataSourceName, other.dataSourceName);
856  }
857 
858  @Override
859  String getSQLWhere(TimelineManager manager) {
860  return "(data_source_obj_id = '" + this.getDataSourceID() + "')"; //NON-NLS
861  }
862 
863  }
864 
871  public static final class HashHitsFilter extends TimelineFilter {
872 
873  private boolean eventSourcesHaveHashSetHits;
874 
880  public HashHitsFilter() {
881  }
882 
892  public HashHitsFilter(boolean eventSourcesHaveHashSetHits) {
893  this.eventSourcesHaveHashSetHits = eventSourcesHaveHashSetHits;
894  }
895 
902  public synchronized void setEventSourcesHaveHashSetHits(boolean eventSourcesHaveHashSetHits) {
903  this.eventSourcesHaveHashSetHits = eventSourcesHaveHashSetHits;
904  }
905 
912  public synchronized boolean getEventSourcesHaveHashSetHits() {
913  return eventSourcesHaveHashSetHits;
914  }
915 
916  @Override
917  public String getDisplayName() {
918  return BundleProvider.getBundle().getString("hashHitsFilter.displayName.text");
919  }
920 
921  @Override
922  public HashHitsFilter copyOf() {
923  return new HashHitsFilter(eventSourcesHaveHashSetHits);
924  }
925 
926  @Override
927  public boolean equals(Object obj) {
928  if (obj == null || !(obj instanceof HashHitsFilter)) {
929  return false;
930  }
931 
932  return ((HashHitsFilter) obj).getEventSourcesHaveHashSetHits() == getEventSourcesHaveHashSetHits();
933  }
934 
935  @Override
936  public int hashCode() {
937  int hash = 7;
938  hash = 67 * hash + Objects.hashCode(this.eventSourcesHaveHashSetHits);
939  return hash;
940  }
941 
942  @Override
943  String getSQLWhere(TimelineManager manager) {
944  String whereStr = "";
945  if (eventSourcesHaveHashSetHits) {
946  whereStr = "hash_hit = 1";
947  } else {
948  whereStr = "hash_hit = 0";
949  }
950 
951  return whereStr;
952  }
953 
954  }
955 
961  static public final class DataSourcesFilter extends UnionFilter<DataSourceFilter> {
962 
963  @Override
964  public DataSourcesFilter copyOf() {
965  return copySubFilters(this, new DataSourcesFilter());
966  }
967 
968  @Override
969  public String getDisplayName() {
970  return BundleProvider.getBundle().getString("DataSourcesFilter.displayName.text");
971  }
972 
973  }
974 
980  static public final class FileTypesFilter extends UnionFilter<FileTypeFilter> {
981 
982  @Override
983  public FileTypesFilter copyOf() {
984  return copySubFilters(this, new FileTypesFilter());
985  }
986 
987  @Override
988  public String getDisplayName() {
989  return BundleProvider.getBundle().getString("FileTypesFilter.displayName.text");
990  }
991 
992  }
993 
998  static public class InverseFileTypeFilter extends FileTypeFilter {
999 
1000  public InverseFileTypeFilter(String displayName, Collection<String> mediaTypes) {
1001  super(displayName, mediaTypes);
1002  }
1003 
1004  @Override
1005  public InverseFileTypeFilter copyOf() {
1006  return new InverseFileTypeFilter(getDisplayName(), super.mediaTypes);
1007  }
1008 
1009  @Override
1010  String getSQLWhere(TimelineManager manager) {
1011  return " NOT " + super.getSQLWhere(manager);
1012  }
1013  }
1014 
1019  public static class FileTypeFilter extends TimelineFilter {
1020 
1021  private final String displayName;
1022  private final String sqlWhere;
1023  Collection<String> mediaTypes = new HashSet<>();
1024 
1025  private FileTypeFilter(String displayName, String sql) {
1026  this.displayName = displayName;
1027  this.sqlWhere = sql;
1028  }
1029 
1039  public FileTypeFilter(String displayName, Collection<String> mediaTypes) {
1040  this(displayName,
1041  mediaTypes.stream()
1042  .map(MediaType::parse)
1043  .map(FileTypeFilter::mediaTypeToSQL)
1044  .collect(Collectors.joining(" OR ", "(", ")")));
1045  this.mediaTypes = mediaTypes;
1046  }
1047 
1048  private static String mediaTypeToSQL(MediaType mediaType) {
1049  return mediaType.hasWildcard()
1050  ? " (tsk_events.mime_type LIKE '" + escapeSingleQuotes(mediaType.type()) + "/_%' ) "
1051  : " (tsk_events.mime_type = '" + escapeSingleQuotes(mediaType.toString()) + "' ) ";
1052  }
1053 
1054  @Override
1055  public String getDisplayName() {
1056  return displayName;
1057  }
1058 
1059  @Override
1060  public FileTypeFilter copyOf() {
1061  return new FileTypeFilter(displayName, sqlWhere);
1062  }
1063 
1064  @Override
1065  public int hashCode() {
1066  int hash = 7;
1067  hash = 17 * hash + Objects.hashCode(this.displayName);
1068  hash = 17 * hash + Objects.hashCode(this.sqlWhere);
1069  return hash;
1070  }
1071 
1072  @Override
1073  public boolean equals(Object obj) {
1074  if (this == obj) {
1075  return true;
1076  }
1077  if (obj == null) {
1078  return false;
1079  }
1080  if (getClass() != obj.getClass()) {
1081  return false;
1082  }
1083  final FileTypeFilter other = (FileTypeFilter) obj;
1084  if (notEqual(this.displayName, other.displayName)) {
1085  return false;
1086  }
1087  return Objects.equals(this.sqlWhere, other.sqlWhere);
1088  }
1089 
1090  @Override
1091  String getSQLWhere(TimelineManager manager) {
1092  return sqlWhere;
1093  }
1094 
1095  @Override
1096  public String toString() {
1097  return "FileTypeFilter{" + "displayName=" + displayName + ", sqlWhere=" + sqlWhere + '}';
1098  }
1099 
1100  }
1101 
1102 }
org.sleuthkit.datamodel.TimelineFilter.InverseFileTypeFilter.InverseFileTypeFilter
InverseFileTypeFilter(String displayName, Collection< String > mediaTypes)
Definition: TimelineFilter.java:1000
org.sleuthkit.datamodel.TimelineFilter.TextFilter.equals
boolean equals(Object obj)
Definition: TimelineFilter.java:422
org.sleuthkit.datamodel.TimelineFilter.TagsFilter.setEventSourcesAreTagged
synchronized void setEventSourcesAreTagged(boolean eventSourcesAreTagged)
Definition: TimelineFilter.java:276
org.sleuthkit.datamodel.TimelineFilter.HashHitsFilter.HashHitsFilter
HashHitsFilter(boolean eventSourcesHaveHashSetHits)
Definition: TimelineFilter.java:892
org.sleuthkit.datamodel.TimelineFilter.TextFilter
Definition: TimelineFilter.java:365
org.sleuthkit.datamodel.TimelineEventType.getChildren
SortedSet<?extends TimelineEventType > getChildren()
org.sleuthkit.datamodel.TimelineFilter.FileTypeFilter.FileTypeFilter
FileTypeFilter(String displayName, Collection< String > mediaTypes)
Definition: TimelineFilter.java:1039
org.sleuthkit.datamodel.TimelineFilter.TextFilter.hashCode
int hashCode()
Definition: TimelineFilter.java:434
org.sleuthkit.datamodel.TimelineFilter.TextFilter.copyOf
synchronized TextFilter copyOf()
Definition: TimelineFilter.java:417
org.sleuthkit.datamodel.TimelineFilter.TextFilter.TextFilter
TextFilter(String descriptionSubstring)
Definition: TimelineFilter.java:386
org.sleuthkit.datamodel.SleuthkitCase.escapeSingleQuotes
static String escapeSingleQuotes(String text)
Definition: SleuthkitCase.java:9409
org.sleuthkit.datamodel.TimelineFilter.HashHitsFilter.setEventSourcesHaveHashSetHits
synchronized void setEventSourcesHaveHashSetHits(boolean eventSourcesHaveHashSetHits)
Definition: TimelineFilter.java:902
org.sleuthkit.datamodel.TimelineFilter.TextFilter.TextFilter
TextFilter()
Definition: TimelineFilter.java:374
org.sleuthkit.datamodel.TimelineFilter.CompoundFilter.copyOf
abstract CompoundFilter< SubFilterType > copyOf()
org.sleuthkit.datamodel.TimelineFilter.TextFilter.setDescriptionSubstring
synchronized void setDescriptionSubstring(String descriptionSubstring)
Definition: TimelineFilter.java:397
org.sleuthkit.datamodel.TimelineFilter.copyOf
abstract TimelineFilter copyOf()
org.sleuthkit.datamodel.TimelineFilter.RootFilter.RootFilter
RootFilter(HideKnownFilter knownFilesFilter, TagsFilter tagsFilter, HashHitsFilter hashSetHitsFilter, TextFilter descriptionSubstringFilter, EventTypeFilter eventTypesFilter, DataSourcesFilter dataSourcesFilter, FileTypesFilter fileTypesFilter, Collection< TimelineFilter > additionalFilters)
Definition: TimelineFilter.java:561
org.sleuthkit.datamodel.TskData.FileKnown.KNOWN
KNOWN
File marked as a known by hash db.
Definition: TskData.java:783
org.sleuthkit.datamodel.TimelineFilter.TextFilter.getDisplayName
String getDisplayName()
Definition: TimelineFilter.java:402
org.sleuthkit.datamodel.TimelineFilter.TextFilter.toString
String toString()
Definition: TimelineFilter.java:452
org.sleuthkit.datamodel.TimelineFilter.TextFilter.getDescriptionSubstring
synchronized String getDescriptionSubstring()
Definition: TimelineFilter.java:412
org.sleuthkit.datamodel.TimelineFilter.DataSourceFilter.DataSourceFilter
DataSourceFilter(String dataSourceName, long dataSourceID)
Definition: TimelineFilter.java:816

Copyright © 2011-2020 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.