19 package org.sleuthkit.autopsy.keywordsearch;
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.HashMap;
24 import java.util.List;
27 import java.util.logging.Level;
28 import java.util.stream.Collectors;
29 import javax.swing.SwingWorker;
30 import org.apache.commons.lang.StringUtils;
31 import org.netbeans.api.progress.ProgressHandle;
32 import org.netbeans.api.progress.aggregate.ProgressContributor;
33 import org.openide.util.NbBundle;
51 private static final Logger logger = Logger.getLogger(QueryResults.class.getName());
52 private static final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();
56 private final KeywordSearchQuery keywordSearchQuery;
61 private final Map<Keyword, List<KeywordHit>> results =
new HashMap<>();
65 QueryResults(KeywordSearchQuery query) {
66 this.keywordSearchQuery = query;
69 void addResult(Keyword keyword, List<KeywordHit> hits) {
70 results.put(keyword, hits);
75 KeywordSearchQuery getQuery() {
76 return keywordSearchQuery;
79 List<KeywordHit> getResults(Keyword keyword) {
80 return results.get(keyword);
83 Set<Keyword> getKeywords() {
84 return results.keySet();
102 Collection<BlackboardArtifact> writeAllHitsToBlackBoard(ProgressHandle progress, ProgressContributor subProgress, SwingWorker<Object, Void> worker,
boolean notifyInbox) {
103 final Collection<BlackboardArtifact> newArtifacts =
new ArrayList<>();
104 if (progress != null) {
105 progress.start(getKeywords().size());
107 int unitProgress = 0;
109 for (
final Keyword keyword : getKeywords()) {
110 if (worker.isCancelled()) {
111 logger.log(Level.INFO,
"Cancel detected, bailing before new keyword processed: {0}", keyword.getSearchTerm());
116 if (progress != null) {
117 progress.progress(keyword.toString(), unitProgress);
119 if (subProgress != null) {
120 String hitDisplayStr = keyword.getSearchTerm();
121 if (hitDisplayStr.length() > 50) {
122 hitDisplayStr = hitDisplayStr.substring(0, 49) +
"...";
124 subProgress.progress(keywordSearchQuery.getKeywordList().getName() +
": " + hitDisplayStr, unitProgress);
127 for (KeywordHit hit : getOneHitPerObject(keyword)) {
128 String termString = keyword.getSearchTerm();
129 String snippet = hit.getSnippet();
130 if (StringUtils.isBlank(snippet)) {
131 final String snippetQuery = KeywordSearchUtil.escapeLuceneQuery(termString);
138 snippet = LuceneQuery.querySnippet(snippetQuery, hit.getSolrObjectId(), hit.getChunkId(), !keywordSearchQuery.isLiteral(),
true);
139 }
catch (NoOpenCoreException e) {
140 logger.log(Level.WARNING,
"Error querying snippet: " + snippetQuery, e);
143 }
catch (Exception e) {
144 logger.log(Level.WARNING,
"Error querying snippet: " + snippetQuery, e);
148 KeywordCachedArtifact writeResult = keywordSearchQuery.writeSingleFileHitsToBlackBoard(keyword, hit, snippet, keywordSearchQuery.getKeywordList().getName());
149 if (writeResult != null) {
150 newArtifacts.add(writeResult.getArtifact());
152 writeSingleFileInboxMessage(writeResult, hit.getContent());
155 logger.log(Level.WARNING,
"BB artifact for keyword hit not written, file: {0}, hit: {1}",
new Object[]{hit.getContent(), keyword.toString()});
162 if (!newArtifacts.isEmpty()) {
163 newArtifacts.stream()
167 .forEach((typeID, artifacts)
168 -> IngestServices.getInstance().fireModuleDataEvent(
new ModuleDataEvent(MODULE_NAME, BlackboardArtifact.ARTIFACT_TYPE.fromID(typeID), artifacts)));
183 private Collection<KeywordHit> getOneHitPerObject(Keyword keyword) {
185 HashMap<Long, KeywordHit> hits =
new HashMap<>();
188 for (KeywordHit hit : getResults(keyword)) {
189 if (!hits.containsKey(hit.getSolrObjectId())) {
190 hits.put(hit.getSolrObjectId(), hit);
191 }
else if (hit.getChunkId() < hits.get(hit.getSolrObjectId()).getChunkId()) {
192 hits.put(hit.getSolrObjectId(), hit);
195 return hits.values();
204 private void writeSingleFileInboxMessage(KeywordCachedArtifact written, Content hitContent) {
205 StringBuilder subjectSb =
new StringBuilder();
206 StringBuilder detailsSb =
new StringBuilder();
208 if (!keywordSearchQuery.isLiteral()) {
209 subjectSb.append(NbBundle.getMessage(
this.getClass(),
"KeywordSearchIngestModule.regExpHitLbl"));
211 subjectSb.append(NbBundle.getMessage(
this.getClass(),
"KeywordSearchIngestModule.kwHitLbl"));
213 String uniqueKey = null;
214 BlackboardAttribute attr = written.getAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD.getTypeID());
216 final String keyword = attr.getValueString();
217 subjectSb.append(keyword);
218 uniqueKey = keyword.toLowerCase();
222 detailsSb.append(
"<table border='0' cellpadding='4' width='280'>");
224 detailsSb.append(
"<tr>");
225 detailsSb.append(NbBundle.getMessage(
this.getClass(),
"KeywordSearchIngestModule.kwHitThLbl"));
226 detailsSb.append(
"<td>").append(EscapeUtil.escapeHtml(attr.getValueString())).append(
"</td>");
227 detailsSb.append(
"</tr>");
230 attr = written.getAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW.getTypeID());
232 detailsSb.append(
"<tr>");
233 detailsSb.append(NbBundle.getMessage(
this.getClass(),
"KeywordSearchIngestModule.previewThLbl"));
234 detailsSb.append(
"<td>").append(EscapeUtil.escapeHtml(attr.getValueString())).append(
"</td>");
235 detailsSb.append(
"</tr>");
239 detailsSb.append(
"<tr>");
240 detailsSb.append(NbBundle.getMessage(
this.getClass(),
"KeywordSearchIngestModule.fileThLbl"));
241 if (hitContent instanceof AbstractFile) {
242 AbstractFile hitFile = (AbstractFile) hitContent;
243 detailsSb.append(
"<td>").append(hitFile.getParentPath()).append(hitFile.getName()).append(
"</td>");
245 detailsSb.append(
"<td>").append(hitContent.getName()).append(
"</td>");
247 detailsSb.append(
"</tr>");
250 attr = written.getAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID());
252 detailsSb.append(
"<tr>");
253 detailsSb.append(NbBundle.getMessage(
this.getClass(),
"KeywordSearchIngestModule.listThLbl"));
254 detailsSb.append(
"<td>").append(attr.getValueString()).append(
"</td>");
255 detailsSb.append(
"</tr>");
258 if (!keywordSearchQuery.isLiteral()) {
259 attr = written.getAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP.getTypeID());
261 detailsSb.append(
"<tr>");
262 detailsSb.append(NbBundle.getMessage(
this.getClass(),
"KeywordSearchIngestModule.regExThLbl"));
263 detailsSb.append(
"<td>").append(attr.getValueString()).append(
"</td>");
264 detailsSb.append(
"</tr>");
267 detailsSb.append(
"</table>");
269 IngestServices.getInstance().postMessage(IngestMessage.createDataMessage(MODULE_NAME, subjectSb.toString(), detailsSb.toString(), uniqueKey, written.getArtifact()));