api-docs/4.19.0/_default_domain_categorizer_8java_source.html

 /*

  * Autopsy Forensic Browser

  *

  * Copyright 2020 Basis Technology Corp.

  * Contact: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.autopsy.recentactivity;


 import java.io.BufferedReader;

 import java.io.IOException;

 import java.io.InputStream;

 import java.io.InputStreamReader;

 import java.nio.charset.StandardCharsets;

 import java.util.Arrays;

 import java.util.HashMap;

 import java.util.List;

 import java.util.Map;

 import java.util.logging.Level;

 import org.apache.commons.lang.StringUtils;

 import org.sleuthkit.autopsy.coreutils.Logger;

 import org.sleuthkit.autopsy.url.analytics.DomainCategorizer;

 import org.sleuthkit.autopsy.url.analytics.DomainCategorizerException;

 import org.sleuthkit.autopsy.url.analytics.DomainCategory;


 @SuppressWarnings("try")

 public class DefaultDomainCategorizer implements DomainCategorizer {


     private static final String CSV_DELIMITER = ",";

     private static final String DOMAIN_TYPE_CSV = "default_domain_categories.csv"; //NON-NLS

     private static final Logger logger = Logger.getLogger(DefaultDomainCategorizer.class.getName());


     private static Map<String, String> loadMapping() throws IOException {

         try (InputStream is = DomainCategoryRunner.class.getResourceAsStream(DOMAIN_TYPE_CSV);

                 InputStreamReader isReader = new InputStreamReader(is, StandardCharsets.UTF_8);

                 BufferedReader reader = new BufferedReader(isReader)) {


             Map<String, String> mapping = new HashMap<>();

             int lineNum = 1;

             while (reader.ready()) {

                 String line = reader.readLine();

                 if (!StringUtils.isBlank(line)) {

                     addItem(mapping, line.trim(), lineNum);

                     lineNum++;

                 }

             }


             return mapping;

         }

     }


     private static void addItem(Map<String, String> mapping, String line, int lineNumber) {

         // make sure this isn't a blank line.

         if (StringUtils.isBlank(line)) {

             return;

         }


         String[] csvItems = line.split(CSV_DELIMITER);

         // line should be a key value pair

         if (csvItems.length < 2) {

             logger.log(Level.WARNING, String.format("Unable to properly parse line of \"%s\" at line %d", line, lineNumber));

             return;

         }


         // determine the domain type from the value, and return if can't be determined.

         String domainTypeStr = csvItems[1].trim();

         if (StringUtils.isBlank(domainTypeStr)) {

             logger.log(Level.WARNING, String.format("No category specified for this line: \"%s\" at line %d", line, lineNumber));

             return;

         }


         // determine the host

         String hostSuffix = csvItems[0];

         if (StringUtils.isBlank(hostSuffix)) {

             logger.log(Level.WARNING, String.format("Could not determine host suffix for this line: \"%s\" at line %d", line, lineNumber));

             return;

         }


         mapping.put(hostSuffix.toLowerCase(), domainTypeStr);

     }


     // the host suffix to category mapping.

     private Map<String, String> mapping = null;


     @Override

     public synchronized void initialize() throws DomainCategorizerException {

         if (isInitialized()) {

             return;

         }


         try {

             this.mapping = loadMapping();

         } catch (IOException ex) {

             throw new DomainCategorizerException("Unable to load domain type csv for domain category analysis", ex);

         }

     }


     private synchronized boolean isInitialized() {

         return this.mapping != null;

     }


     @Override

     public synchronized DomainCategory getCategory(String domain, String host) throws DomainCategorizerException {

         if (!isInitialized()) {

             initialize();

         }


         // use host; use domain as fallback if no host provided

         String hostToUse = StringUtils.isBlank(host) ? domain : host;


         if (StringUtils.isBlank(hostToUse)) {

             return null;

         }


         // split the host into tokens and find longest matching suffix

         // (or return null if not found)

         List<String> tokens = Arrays.asList(hostToUse.split("\\."));

         for (int i = 0; i < tokens.size(); i++) {

             String searchString = String.join(".", tokens.subList(i, tokens.size()));

             String category = mapping.get(searchString);

             if (StringUtils.isNotBlank(category)) {

                 return new DomainCategory(searchString, category);

             }

         }


         return null;

     }


     @Override

     public synchronized void close() throws Exception {

         // clear out the mapping to release resources

         mapping = null;

     }

 }

org.sleuthkit.autopsy.recentactivity.DefaultDomainCategorizer.initialize
synchronized void initialize()
Definition: DefaultDomainCategorizer.java:131

org.sleuthkit

org.sleuthkit.autopsy.recentactivity.DefaultDomainCategorizer.addItem
static void addItem(Map< String, String > mapping, String line, int lineNumber)
Definition: DefaultDomainCategorizer.java:97

org

org.sleuthkit.autopsy.url.analytics

org.sleuthkit.autopsy.url

org.sleuthkit.autopsy.recentactivity.DefaultDomainCategorizer.close
synchronized void close()
Definition: DefaultDomainCategorizer.java:180

org.sleuthkit.autopsy.coreutils
Definition: AppSQLiteDB.java:19

org.sleuthkit.autopsy.coreutils.Logger
Definition: Logger.java:36

org.sleuthkit.autopsy.recentactivity.DefaultDomainCategorizer.isInitialized
synchronized boolean isInitialized()
Definition: DefaultDomainCategorizer.java:148

org.sleuthkit.autopsy.url.analytics.DomainCategorizerException
Definition: DomainCategorizerException.java:24

org.sleuthkit.autopsy.recentactivity.DefaultDomainCategorizer.loadMapping
static Map< String, String > loadMapping()
Definition: DefaultDomainCategorizer.java:70

org.sleuthkit.autopsy.recentactivity.DefaultDomainCategorizer.getCategory
synchronized DomainCategory getCategory(String domain, String host)
Definition: DefaultDomainCategorizer.java:153

org.sleuthkit.autopsy.recentactivity.DefaultDomainCategorizer
Definition: DefaultDomainCategorizer.java:57

org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124

org.sleuthkit.autopsy

org.sleuthkit.autopsy.url.analytics.DomainCategory
Definition: DomainCategory.java:27

org.sleuthkit.autopsy.url.analytics.DomainCategorizer
Definition: DomainCategorizer.java:39