Autopsy  4.10.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
InterestingItemsFilesSetSettings.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.interestingitems;
20 
21 import java.io.File;
22 import java.io.FileInputStream;
23 import java.io.FileOutputStream;
24 import java.io.IOException;
25 import java.io.Serializable;
26 import java.nio.file.Path;
27 import java.nio.file.Paths;
28 import java.util.Arrays;
29 import java.util.HashMap;
30 import java.util.List;
31 import java.util.Map;
32 import java.util.logging.Level;
33 import java.util.regex.Pattern;
34 import java.util.regex.PatternSyntaxException;
35 import javax.xml.parsers.DocumentBuilder;
36 import javax.xml.parsers.DocumentBuilderFactory;
37 import javax.xml.parsers.ParserConfigurationException;
38 import org.openide.util.io.NbObjectInputStream;
39 import org.openide.util.io.NbObjectOutputStream;
40 import org.sleuthkit.autopsy.coreutils.Logger;
41 import org.sleuthkit.autopsy.coreutils.PlatformUtil;
42 import org.sleuthkit.autopsy.coreutils.XMLUtil;
43 import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileNameCondition;
44 import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.FileSizeCondition;
45 import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MetaTypeCondition;
46 import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.MimeTypeCondition;
47 import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.ParentPathCondition;
48 import org.sleuthkit.autopsy.modules.interestingitems.FilesSet.Rule.DateCondition;
49 import org.w3c.dom.Document;
50 import org.w3c.dom.Element;
51 import org.w3c.dom.NodeList;
52 
53 class InterestingItemsFilesSetSettings implements Serializable {
54 
55  private static final long serialVersionUID = 1L;
56  // The following tags and attributes are identical to those used in the
57  // TSK Framework FilesSet definitions file schema.
58  private static final String FILE_SETS_ROOT_TAG = "INTERESTING_FILE_SETS"; //NON-NLS
59  private static final String DESC_ATTR = "description"; //NON-NLS
60  private static final String IGNORE_KNOWN_FILES_ATTR = "ignoreKnown"; //NON-NLS
61  private static final String PATH_REGEX_ATTR = "pathRegex"; //NON-NLS
62  private static final String TYPE_FILTER_VALUE_ALL = "all";
63  private static final String TYPE_FILTER_VALUE_FILES_AND_DIRS = "files_and_dirs"; //NON-NLS
64  private static final String IGNORE_UNALLOCATED_SPACE = "ingoreUnallocated"; //NON-NLS
65  private static final String PATH_FILTER_ATTR = "pathFilter"; //NON-NLS
66  private static final String TYPE_FILTER_VALUE_DIRS = "dir"; //NON-NLS
67  private static final String REGEX_ATTR = "regex"; //NON-NLS
68  private static final List<String> illegalFileNameChars = FilesSetsManager.getIllegalFileNameChars();
69  private static final String FILE_SET_TAG = "INTERESTING_FILE_SET"; //NON-NLS
70  private static final String NAME_RULE_TAG = "NAME"; //NON-NLS
71  private static final String NAME_ATTR = "name"; //NON-NLS
72  private static final String DAYS_INCLUDED_ATTR = "daysIncluded";
73  private static final String MIME_ATTR = "mimeType";
74  private static final String FS_COMPARATOR_ATTR = "comparatorSymbol";
75  private static final String FS_SIZE_ATTR = "sizeValue";
76  private static final String FS_UNITS_ATTR = "sizeUnits";
77  private static final String TYPE_FILTER_VALUE_FILES = "file"; //NON-NLS
78  private static final String XML_ENCODING = "UTF-8"; //NON-NLS
79  private static final Logger logger = Logger.getLogger(InterestingItemsFilesSetSettings.class.getName());
80  private static final String TYPE_FILTER_ATTR = "typeFilter"; //NON-NLS
81  private static final String EXTENSION_RULE_TAG = "EXTENSION"; //NON-NLS
82 
83  private Map<String, FilesSet> filesSets;
84 
85  InterestingItemsFilesSetSettings(Map<String, FilesSet> filesSets) {
86  this.filesSets = filesSets;
87  }
88 
92  Map<String, FilesSet> getFilesSets() {
93  return filesSets;
94  }
95 
103  private static String readRuleName(Element elem) {
104  // The rule must have a name.
105  String ruleName = elem.getAttribute(NAME_ATTR);
106  return ruleName;
107  }
108 
117  private static Map<String, FilesSet> readSerializedDefinitions(String serialFileName) throws FilesSetsManager.FilesSetsManagerException {
118  Path filePath = Paths.get(PlatformUtil.getUserConfigDirectory(), serialFileName);
119  File fileSetFile = filePath.toFile();
120  String filePathStr = filePath.toString();
121  if (fileSetFile.exists()) {
122  try {
123  try (final NbObjectInputStream in = new NbObjectInputStream(new FileInputStream(filePathStr))) {
124  InterestingItemsFilesSetSettings filesSetsSettings = (InterestingItemsFilesSetSettings) in.readObject();
125  return filesSetsSettings.getFilesSets();
126  }
127  } catch (IOException | ClassNotFoundException ex) {
128  throw new FilesSetsManager.FilesSetsManagerException(String.format("Failed to read settings from %s", filePathStr), ex);
129  }
130  } else {
131  return new HashMap<>();
132  }
133  }
134 
146  private static ParentPathCondition readPathCondition(Element ruleElement) throws FilesSetsManager.FilesSetsManagerException {
147  // Read in the optional path condition. Null is o.k., but if the attribute
148  // is there, be sure it is not malformed.
149  ParentPathCondition pathCondition = null;
150  if (!ruleElement.getAttribute(PATH_FILTER_ATTR).isEmpty() || !ruleElement.getAttribute(PATH_REGEX_ATTR).isEmpty()) {
151  String path = ruleElement.getAttribute(PATH_FILTER_ATTR);
152  String pathRegex = ruleElement.getAttribute(PATH_REGEX_ATTR);
153  if (!pathRegex.isEmpty() && path.isEmpty()) {
154  try {
155  Pattern pattern = Pattern.compile(pathRegex);
156  pathCondition = new ParentPathCondition(pattern);
157  } catch (PatternSyntaxException ex) {
158  logger.log(Level.SEVERE, "Error compiling " + PATH_REGEX_ATTR + " regex, ignoring malformed path condition definition", ex); // NON-NLS
159  throw new FilesSetsManager.FilesSetsManagerException(String.format("error compiling %s regex", PATH_REGEX_ATTR), ex);
160  }
161  } else if (!path.isEmpty() && pathRegex.isEmpty()) {
162  pathCondition = new ParentPathCondition(path);
163  }
164  if (pathCondition == null) {
165  // Malformed attribute.
166  throw new FilesSetsManager.FilesSetsManagerException(String.format("Error creating path condition for rule %s", readRuleName(ruleElement)));
167  }
168  }
169  return pathCondition;
170  }
171 
183  private static DateCondition readDateCondition(Element ruleElement) throws FilesSetsManager.FilesSetsManagerException {
184  // Read in the optional path condition. Null is o.k., but if the attribute
185  // is there, be sure it is not malformed.
186  DateCondition dateCondition = null;
187  if (!ruleElement.getAttribute(DAYS_INCLUDED_ATTR).isEmpty()) {
188  String daysIncluded = ruleElement.getAttribute(DAYS_INCLUDED_ATTR);
189  if (!daysIncluded.isEmpty()) {
190  try {
191  dateCondition = new DateCondition(Integer.parseInt(daysIncluded));
192  } catch (NumberFormatException ex) {
193  logger.log(Level.SEVERE, "Error creating condition for " + daysIncluded + ", ignoring malformed date condition definition", ex); // NON-NLS
194  throw new FilesSetsManager.FilesSetsManagerException(String.format("error compiling %s regex", DAYS_INCLUDED_ATTR), ex);
195  }
196  }
197  }
198  return dateCondition;
199  }
200 
208  private static Pattern compileRegex(String regex) {
209  try {
210  return Pattern.compile(regex);
211  } catch (PatternSyntaxException ex) {
212  logger.log(Level.SEVERE, "Error compiling rule regex: " + ex.getMessage(), ex); // NON-NLS
213  return null;
214  }
215  }
216 
229  private static FilesSet.Rule readRule(Element elem) throws FilesSetsManager.FilesSetsManagerException {
230  String ruleName = readRuleName(elem);
231  FileNameCondition nameCondition = readNameCondition(elem);
232  MetaTypeCondition metaCondition = readMetaTypeCondition(elem);
233  ParentPathCondition pathCondition = readPathCondition(elem);
234  MimeTypeCondition mimeCondition = readMimeCondition(elem);
235  FileSizeCondition sizeCondition = readSizeCondition(elem);
236  DateCondition dateCondition = readDateCondition(elem); //if meta type condition or all four types of conditions the user can create are all null then don't make the rule
237  if (metaCondition == null || (nameCondition == null && pathCondition == null && mimeCondition == null && sizeCondition == null && dateCondition == null)) {
238  logger.log(Level.WARNING, "Error Reading Rule, " + ruleName + " was either missing a meta condition or contained only a meta condition. No rule was imported."); // NON-NLS
239  throw new FilesSetsManager.FilesSetsManagerException(String.format("Invalid Rule in FilesSet xml, missing necessary conditions for %s", ruleName));
240  }
241  return new FilesSet.Rule(ruleName, nameCondition, metaCondition, pathCondition, mimeCondition, sizeCondition, dateCondition);
242  }
243 
255  private static FileNameCondition readNameCondition(Element elem) throws FilesSetsManager.FilesSetsManagerException {
256  FileNameCondition nameCondition = null;
257  String content = elem.getTextContent();
258  String regex = elem.getAttribute(REGEX_ATTR);
259  if (content != null && !content.isEmpty()) { //if there isn't content this is not a valid name condition
260  if ((!regex.isEmpty() && regex.equalsIgnoreCase("true")) || content.contains("*")) { // NON-NLS
261  Pattern pattern = compileRegex(content);
262  if (pattern != null) {
263  if (elem.getTagName().equals(NAME_RULE_TAG)) {
264  nameCondition = new FilesSet.Rule.FullNameCondition(pattern);
265  } else if (elem.getTagName().equals(EXTENSION_RULE_TAG)) {
266  nameCondition = new FilesSet.Rule.ExtensionCondition(pattern);
267  } else {
268  throw new FilesSetsManager.FilesSetsManagerException(String.format("Name condition has invalid tag name of %s for rule %s", elem.getTagName(), readRuleName(elem)));
269  }
270  } else {
271  logger.log(Level.SEVERE, "Error compiling " + elem.getTagName() + " regex, ignoring malformed '{0}' rule definition", readRuleName(elem)); // NON-NLS
272  throw new FilesSetsManager.FilesSetsManagerException(String.format("error compiling %s regex in rule %s", REGEX_ATTR, readRuleName(elem)));
273  }
274  } else {
275  for (String illegalChar : illegalFileNameChars) {
276  if (content.contains(illegalChar)) {
277  logger.log(Level.SEVERE, elem.getTagName() + " content has illegal chars, ignoring malformed '{0}' rule definition", new Object[]{elem.getTagName(), readRuleName(elem)}); // NON-NLS
278  throw new FilesSetsManager.FilesSetsManagerException(String.format("File name has illegal character of %s in rule %s", illegalChar, readRuleName(elem)));
279  }
280  }
281  if (elem.getTagName().equals(NAME_RULE_TAG)) {
282  nameCondition = new FilesSet.Rule.FullNameCondition(content);
283  } else if (elem.getTagName().equals(EXTENSION_RULE_TAG)) {
284  nameCondition = new FilesSet.Rule.ExtensionCondition(Arrays.asList(content.split(",")));
285  }
286  }
287  }
288  return nameCondition;
289  }
290 
299  private static MimeTypeCondition readMimeCondition(Element elem) {
300  MimeTypeCondition mimeCondition = null;
301  if (!elem.getAttribute(MIME_ATTR).isEmpty()) {
302  mimeCondition = new MimeTypeCondition(elem.getAttribute(MIME_ATTR));
303  //no checks on mime type here which means
304  //if they import a rule with a custom MIME type they don't have
305  //the rule will not get any hits
306  }
307  return mimeCondition;
308  }
309 
321  private static FileSizeCondition readSizeCondition(Element elem) throws FilesSetsManager.FilesSetsManagerException {
322  FileSizeCondition sizeCondition = null;
323  if (!elem.getAttribute(FS_COMPARATOR_ATTR).isEmpty() && !elem.getAttribute(FS_SIZE_ATTR).isEmpty() && !elem.getAttribute(FS_UNITS_ATTR).isEmpty()) {
324  try { //incase they modified the xml manually to invalid comparator, size unit, or non integer string for size
325  FileSizeCondition.COMPARATOR comparator = FileSizeCondition.COMPARATOR.fromSymbol(elem.getAttribute(FS_COMPARATOR_ATTR));
326  FileSizeCondition.SIZE_UNIT sizeUnit = FileSizeCondition.SIZE_UNIT.fromName(elem.getAttribute(FS_UNITS_ATTR));
327  int size = Integer.parseInt(elem.getAttribute(FS_SIZE_ATTR));
328  sizeCondition = new FileSizeCondition(comparator, sizeUnit, size);
329  } catch (NumberFormatException nfEx) {
330  logger.log(Level.SEVERE, "Value in file size attribute was not an integer, unable to create FileSizeCondition for rule: " + readRuleName(elem), nfEx);
331  throw new FilesSetsManager.FilesSetsManagerException(String.format("Non integer size in FilesSet XML for rule %s", readRuleName(elem)), nfEx);
332  } catch (IllegalArgumentException iaEx) {
333  logger.log(Level.SEVERE, "Invalid Comparator symbol or Size Unit set in FilesSet xml, unable to create FileSizeCondition for rule: " + readRuleName(elem), iaEx);
334  throw new FilesSetsManager.FilesSetsManagerException(String.format("Invalid Comparator or Size unit in FilesSet XML for rule %s", readRuleName(elem)), iaEx);
335  }
336  } //if all of them aren't populated but some of them are this is a malformed xml
337  else if (!elem.getAttribute(FS_COMPARATOR_ATTR).isEmpty() || !elem.getAttribute(FS_SIZE_ATTR).isEmpty() || !elem.getAttribute(FS_UNITS_ATTR).isEmpty()) {
338  logger.log(Level.SEVERE, "Invalid Comparator symbol or Size Unit set in FilesSet xml, unable to create FileSizeCondition for rule: " + readRuleName(elem));
339  throw new FilesSetsManager.FilesSetsManagerException(String.format("XML malformed missing at least one fileSize attribute for rule %s", readRuleName(elem)));
340  }
341  return sizeCondition;
342  }
343 
354  private static void readFilesSet(Element setElem, Map<String, FilesSet> filesSets, String filePath) throws FilesSetsManager.FilesSetsManagerException {
355  // The file set must have a unique name.
356  String setName = setElem.getAttribute(NAME_ATTR);
357  if (setName.isEmpty()) {
358  logger.log(Level.SEVERE, "Found {0} element without required {1} attribute, ignoring malformed file set definition in FilesSet definition file at {2}", new Object[]{FILE_SET_TAG, NAME_ATTR, filePath}); // NON-NLS
359  return;
360  }
361  if (filesSets.containsKey(setName)) {
362  logger.log(Level.SEVERE, "Found duplicate definition of set named {0} in FilesSet definition file at {1}, discarding duplicate set", new Object[]{setName, filePath}); // NON-NLS
363  return;
364  }
365  // The file set may have a description. The empty string is o.k.
366  String description = setElem.getAttribute(DESC_ATTR);
367  // The file set may or may not ignore known files. The default behavior
368  // is to not ignore them.
369  String ignoreKnown = setElem.getAttribute(IGNORE_KNOWN_FILES_ATTR);
370  boolean ignoreKnownFiles = false;
371  if (!ignoreKnown.isEmpty()) {
372  ignoreKnownFiles = Boolean.parseBoolean(ignoreKnown);
373  }
374  // The file set may or may not skip unallocated space. The default behavior
375  // is not to skip it.
376  String ignoreUnallocated = setElem.getAttribute(IGNORE_UNALLOCATED_SPACE);
377  boolean ignoreUnallocatedSpace = false;
378  if (!ignoreUnallocated.isEmpty()) {
379  ignoreUnallocatedSpace = Boolean.parseBoolean(ignoreUnallocated);
380  }
381  // Read the set membership rules, if any.
382  Map<String, FilesSet.Rule> rules = new HashMap<>();
383  NodeList allRuleElems = setElem.getChildNodes();
384  for (int j = 0; j < allRuleElems.getLength(); ++j) {
385  if (allRuleElems.item(j) instanceof Element) { //All the children we need to parse here are elements
386  Element elem = (Element) allRuleElems.item(j);
387  FilesSet.Rule rule = readRule(elem);
388  if (rule != null) {
389  if (!rules.containsKey(rule.getUuid())) {
390  rules.put(rule.getUuid(), rule);
391  } else {
392  logger.log(Level.SEVERE, "Found duplicate rule {0} for set named {1} in FilesSet definition file at {2}, discarding malformed set", new Object[]{rule.getUuid(), setName, filePath}); // NON-NLS
393  return;
394  }
395  } else {
396  logger.log(Level.SEVERE, "Found malformed rule for set named {0} in FilesSet definition file at {1}, discarding malformed set", new Object[]{setName, filePath}); // NON-NLS
397  return;
398  }
399  }
400  }
401  // Make the files set. Note that degenerate sets with no rules are
402  // allowed to facilitate the separation of set definition and rule
403  // definitions. A set without rules is simply the empty set.
404  FilesSet set = new FilesSet(setName, description, ignoreKnownFiles, ignoreUnallocatedSpace, rules);
405  filesSets.put(set.getName(), set);
406  }
407  // Note: This method takes a file path to support the possibility of
408  // multiple intersting files set definition files, e.g., one for
409  // definitions that ship with Autopsy and one for user definitions.
410 
423  static Map<String, FilesSet> readDefinitionsFile(String fileName, String legacyFileName) throws FilesSetsManager.FilesSetsManagerException {
424  Map<String, FilesSet> filesSets = readSerializedDefinitions(fileName);
425  if (!filesSets.isEmpty()) {
426  return filesSets;
427  }
428  // Check if the legacy xml file exists.
429  if (!legacyFileName.isEmpty()) {
430  return readDefinitionsXML(Paths.get(PlatformUtil.getUserConfigDirectory(), legacyFileName).toFile());
431  }
432  return filesSets;
433  }
434 
448  static Map<String, FilesSet> readDefinitionsXML(File xmlFile) throws FilesSetsManager.FilesSetsManagerException {
449  Map<String, FilesSet> filesSets = new HashMap<>();
450  if (!xmlFile.exists()) {
451  return filesSets;
452  }
453  // Check if the file can be read.
454  if (!xmlFile.canRead()) {
455  logger.log(Level.SEVERE, "FilesSet definition file at {0} exists, but cannot be read", xmlFile.getPath()); // NON-NLS
456  return filesSets;
457  }
458  // Parse the XML in the file.
459  Document doc = XMLUtil.loadDoc(InterestingItemsFilesSetSettings.class, xmlFile.getPath());
460  if (doc == null) {
461  logger.log(Level.SEVERE, "FilesSet definition file at {0}", xmlFile.getPath()); // NON-NLS
462  return filesSets;
463  }
464  // Get the root element.
465  Element root = doc.getDocumentElement();
466  if (root == null) {
467  logger.log(Level.SEVERE, "Failed to get root {0} element tag of FilesSet definition file at {1}", new Object[]{FILE_SETS_ROOT_TAG, xmlFile.getPath()}); // NON-NLS
468  return filesSets;
469  }
470  // Read in the files set definitions.
471  NodeList setElems = root.getElementsByTagName(FILE_SET_TAG);
472  for (int i = 0; i < setElems.getLength(); ++i) {
473  readFilesSet((Element) setElems.item(i), filesSets, xmlFile.getPath());
474  }
475  return filesSets;
476  }
477 
478  // Note: This method takes a file path to support the possibility of
479  // multiple intersting files set definition files, e.g., one for
480  // definitions that ship with Autopsy and one for user definitions.
488  static boolean writeDefinitionsFile(String fileName, Map<String, FilesSet> interestingFilesSets) throws FilesSetsManager.FilesSetsManagerException {
489  try (final NbObjectOutputStream out = new NbObjectOutputStream(new FileOutputStream(Paths.get(PlatformUtil.getUserConfigDirectory(), fileName).toString()))) {
490  out.writeObject(new InterestingItemsFilesSetSettings(interestingFilesSets));
491  } catch (IOException ex) {
492  throw new FilesSetsManager.FilesSetsManagerException(String.format("Failed to write settings to %s", fileName), ex);
493  }
494  return true;
495  }
496 
506  static boolean exportXmlDefinitionsFile(File xmlFile, List<FilesSet> interestingFilesSets) {
507  DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
508  try {
509  // Create the new XML document.
510  DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
511  Document doc = docBuilder.newDocument();
512  Element rootElement = doc.createElement(FILE_SETS_ROOT_TAG);
513  doc.appendChild(rootElement);
514  // Add the interesting files sets to the document.
515  for (FilesSet set : interestingFilesSets) {
516  // Add the files set element and its attributes.
517  Element setElement = doc.createElement(FILE_SET_TAG);
518  setElement.setAttribute(NAME_ATTR, set.getName());
519  setElement.setAttribute(DESC_ATTR, set.getDescription());
520  setElement.setAttribute(IGNORE_KNOWN_FILES_ATTR, Boolean.toString(set.ignoresKnownFiles()));
521  // Add the child elements for the set membership rules.
522  // All conditions of a rule will be written as a single element in the xml
523  for (FilesSet.Rule rule : set.getRules().values()) {
524  // Add a rule element with the appropriate name Condition
525  // type tag.
526  Element ruleElement;
527 
528  FileNameCondition nameCondition = rule.getFileNameCondition();
529  //The element type is just being used as another attribute for
530  //the name condition in legacy xmls.
531  //For rules which don't contain a name condition it doesn't matter
532  //what type of element it is
533  if (nameCondition instanceof FilesSet.Rule.FullNameCondition) {
534  ruleElement = doc.createElement(NAME_RULE_TAG);
535  } else {
536  ruleElement = doc.createElement(EXTENSION_RULE_TAG);
537  }
538  // Add the optional rule name attribute.
539  ruleElement.setAttribute(NAME_ATTR, rule.getName());
540  if (nameCondition != null) {
541  // Add the name Condition regex attribute
542  ruleElement.setAttribute(REGEX_ATTR, Boolean.toString(nameCondition.isRegex()));
543  // Add the name Condition text as the rule element content.
544  ruleElement.setTextContent(nameCondition.getTextToMatch());
545  }
546  // Add the type Condition attribute.
547  MetaTypeCondition typeCondition = rule.getMetaTypeCondition();
548  switch (typeCondition.getMetaType()) {
549  case FILES:
550  ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_FILES);
551  break;
552  case DIRECTORIES:
553  ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_DIRS);
554  break;
555  default:
556  ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_ALL);
557  break;
558  }
559  // Add the optional path Condition.
560  ParentPathCondition pathCondition = rule.getPathCondition();
561  if (pathCondition != null) {
562  if (pathCondition.isRegex()) {
563  ruleElement.setAttribute(PATH_REGEX_ATTR, pathCondition.getTextToMatch());
564  } else {
565  ruleElement.setAttribute(PATH_FILTER_ATTR, pathCondition.getTextToMatch());
566  }
567  }
568  //Add the optional MIME type condition
569  MimeTypeCondition mimeCondition = rule.getMimeTypeCondition();
570  if (mimeCondition != null) {
571  ruleElement.setAttribute(MIME_ATTR, mimeCondition.getMimeType());
572  }
573  //Add the optional file size condition
574  FileSizeCondition sizeCondition = rule.getFileSizeCondition();
575  if (sizeCondition != null) {
576  ruleElement.setAttribute(FS_COMPARATOR_ATTR, sizeCondition.getComparator().getSymbol());
577  ruleElement.setAttribute(FS_SIZE_ATTR, Integer.toString(sizeCondition.getSizeValue()));
578  ruleElement.setAttribute(FS_UNITS_ATTR, sizeCondition.getUnit().getName());
579  }
580 
581  //Add the optional date condition
582  DateCondition dateCondition = rule.getDateCondition();
583  if (dateCondition != null) {
584  ruleElement.setAttribute(DAYS_INCLUDED_ATTR, Integer.toString(dateCondition.getDaysIncluded()));
585  }
586 
587  setElement.appendChild(ruleElement);
588  }
589  rootElement.appendChild(setElement);
590  }
591  // Overwrite the previous definitions file. Note that the utility
592  // method logs an error on failure.
593  return XMLUtil.saveDoc(InterestingItemsFilesSetSettings.class, xmlFile.getPath(), XML_ENCODING, doc);
594  } catch (ParserConfigurationException ex) {
595  logger.log(Level.SEVERE, "Error writing interesting files definition file to " + xmlFile.getPath(), ex); // NON-NLS
596  return false;
597  }
598  }
599 
611  private static MetaTypeCondition readMetaTypeCondition(Element ruleElement) throws FilesSetsManager.FilesSetsManagerException {
612  MetaTypeCondition metaCondition = null;
613  // The rule must have a meta-type condition, unless a TSK Framework
614  // definitions file is being read.
615  if (!ruleElement.getAttribute(TYPE_FILTER_ATTR).isEmpty()) {
616  String conditionAttribute = ruleElement.getAttribute(TYPE_FILTER_ATTR);
617  if (!conditionAttribute.isEmpty()) {
618  switch (conditionAttribute) {
619  case TYPE_FILTER_VALUE_FILES:
620  metaCondition = new MetaTypeCondition(MetaTypeCondition.Type.FILES);
621  break;
622  case TYPE_FILTER_VALUE_DIRS:
623  metaCondition = new MetaTypeCondition(MetaTypeCondition.Type.DIRECTORIES);
624  break;
625  case TYPE_FILTER_VALUE_ALL:
626  case TYPE_FILTER_VALUE_FILES_AND_DIRS: //converts legacy xmls to current metaCondition terms
627  metaCondition = new MetaTypeCondition(MetaTypeCondition.Type.ALL);
628  break;
629  default:
630  logger.log(Level.SEVERE, "Found {0} " + TYPE_FILTER_ATTR + " attribute with unrecognized value ''{0}'', ignoring malformed rule definition", conditionAttribute); // NON-NLS
631  // Malformed attribute.
632  throw new FilesSetsManager.FilesSetsManagerException(String.format("Malformed XML for Metatype condition, %s, in rule %s", conditionAttribute, readRuleName(ruleElement)));
633  }
634  }
635  }
636  if (metaCondition == null) {
637  // Accept TSK Framework FilesSet definitions,
638  // default to files.
639  metaCondition = new MetaTypeCondition(MetaTypeCondition.Type.FILES);
640  }
641  return metaCondition;
642  }
643 }

Copyright © 2012-2018 Basis Technology. Generated on: Fri Mar 22 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.