Autopsy  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
ObservableResult.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2013 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.stix;
20 
21 import java.util.List;
22 import java.util.ArrayList;
23 
24 import org.mitre.cybox.cybox_2.OperatorTypeEnum;
25 
29 class ObservableResult {
30 
31  public enum ObservableState {
32 
33  TRUE("true "), //NON-NLS
34  FALSE("false "), //NON-NLS
35  INDETERMINATE("indeterminate"); //NON-NLS
36 
37  private final String label;
38 
39  private ObservableState(String s) {
40  label = s;
41  }
42 
43  @Override
44  public String toString() {
45  return label;
46  }
47  }
48 
49  private ObservableState state = null;
50  private String description = "";
51  private List<StixArtifactData> artifacts;
52 
53  public ObservableResult(String a_id, String a_desc, String a_spacing,
54  ObservableState a_state, List<StixArtifactData> a_artifacts) {
55  state = a_state;
56  description = a_spacing + a_id + "\t" + a_state + "\t" + a_desc + "\r\n";
57  artifacts = a_artifacts;
58  }
59 
60  public ObservableResult(OperatorTypeEnum a_operator, String a_spacing) {
61  state = ObservableState.INDETERMINATE;
62  description = a_spacing + a_operator + "\r\n";
63  artifacts = new ArrayList<StixArtifactData>();
64  }
65 
66  public ObservableState getState() {
67  return state;
68  }
69 
78  public boolean isTrue() {
79  return (state == ObservableState.TRUE);
80  }
81 
90  public boolean isFalse() {
91  return (state == ObservableState.FALSE);
92  }
93 
94  public String getDescription() {
95  return description;
96  }
97 
98  public List<StixArtifactData> getArtifacts() {
99  return artifacts;
100  }
101 
108  public void addResult(ObservableResult a_result, OperatorTypeEnum a_operator) {
109  addResult(a_result.getDescription(), a_result.getState(),
110  a_result.getArtifacts(), a_operator);
111  }
112 
120  private void addResult(String a_description, ObservableState a_state,
121  List<StixArtifactData> a_artifacts, OperatorTypeEnum a_operator) {
122 
123  addToDesc(a_description);
124 
125  if (a_operator == OperatorTypeEnum.AND) {
126 
127  if (a_state == ObservableState.FALSE) {
128  // If we now have a false, the whole thing is false regardless of previous state.
129  // Clear out any existing artifacts.
130  state = ObservableState.FALSE;
131  artifacts.clear();
132  } else if (a_state == ObservableState.INDETERMINATE) {
133  // Don't change the current state, and don't save the new artifacts
134  // (though there probably wouldn't be any)
135  } else {
136  if (state == ObservableState.FALSE) {
137  // Previous state false + new state true => stay false
138  } else if (state == ObservableState.TRUE) {
139  // Previous state true + new state true => stay true and add artifacts
140  if ((artifacts == null) && (a_artifacts != null)) {
141  artifacts = new ArrayList<StixArtifactData>();
142  }
143  if (a_artifacts != null) {
144  artifacts.addAll(a_artifacts);
145  }
146  } else {
147  // If the previous state was indeterminate, change it to true and add artifacts
148  state = ObservableState.TRUE;
149  if ((artifacts == null) && (a_artifacts != null)) {
150  artifacts = new ArrayList<StixArtifactData>();
151  }
152  if (a_artifacts != null) {
153  artifacts.addAll(a_artifacts);
154  }
155  }
156  }
157  } else {
158  if (a_state == ObservableState.TRUE) {
159  // If we now have a true, the whole thing is true regardless of previous state.
160  // Add the new artifacts.
161  state = ObservableState.TRUE;
162  if ((artifacts == null) && (a_artifacts != null)) {
163  artifacts = new ArrayList<StixArtifactData>();
164  }
165  if (a_artifacts != null) {
166  artifacts.addAll(a_artifacts);
167  }
168  } else if (a_state == ObservableState.INDETERMINATE) {
169  // Don't change the current state and don't record it to the
170  // description string (later we should save these in some way)
171  } else {
172  if (state == ObservableState.FALSE) {
173  // Previous state false + new state false => stay false
174  } else if (state == ObservableState.TRUE) {
175  // Previous state true + new state false => stay true
176  } else {
177  // Previous state indeterminate + new state false => change to false
178  state = ObservableState.FALSE;
179  }
180  }
181  }
182 
183  }
184 
191  private void addToDesc(String a_desc) {
192  if (description == null) {
193  description = a_desc;
194  } else {
195  description += a_desc;
196  }
197  }
198 }

Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.