api-docs/4.11.0/_file_type_detector_8java_source.html

 /*

  * Autopsy Forensic Browser

  *

  * Copyright 2011-2018 Basis Technology Corp.

  * Contact: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.autopsy.modules.filetypeid;


 import java.util.ArrayList;

 import java.util.Collections;

 import java.util.List;

 import java.util.SortedSet;

 import java.util.TreeSet;

 import java.util.logging.Level;

 import java.util.stream.Collectors;

 import org.apache.tika.Tika;

 import org.apache.tika.io.TikaInputStream;

 import org.apache.tika.mime.MimeTypes;

 import org.sleuthkit.autopsy.coreutils.Logger;

 import org.sleuthkit.datamodel.AbstractFile;

 import org.sleuthkit.datamodel.ReadContentInputStream;

 import org.sleuthkit.datamodel.TskCoreException;

 import org.sleuthkit.datamodel.TskData;


 public class FileTypeDetector {


     private static final Logger logger = Logger.getLogger(FileTypeDetector.class.getName());

     private static final Tika tika = new Tika();

     private static final int SLACK_FILE_THRESHOLD = 4096;

     private final List<FileType> userDefinedFileTypes;

     private final List<FileType> autopsyDefinedFileTypes;

     private static SortedSet<String> tikaDetectedTypes;


     public static synchronized SortedSet<String> getDetectedTypes() throws FileTypeDetectorInitException {

         TreeSet<String> detectedTypes = new TreeSet<>((String string1, String string2) -> {

             int result = String.CASE_INSENSITIVE_ORDER.compare(string1, string2);

             if (result == 0) {

                 result = string1.compareTo(string2);

             }

             return result;

         });

         detectedTypes.addAll(FileTypeDetector.getTikaDetectedTypes());

         try {

             for (FileType fileType : CustomFileTypesManager.getInstance().getAutopsyDefinedFileTypes()) {

                 detectedTypes.add(fileType.getMimeType());

             }

         } catch (CustomFileTypesManager.CustomFileTypesException ex) {

             throw new FileTypeDetectorInitException("Error loading Autopsy custom file types", ex);

         }

         try {

             for (FileType fileType : CustomFileTypesManager.getInstance().getUserDefinedFileTypes()) {

                 detectedTypes.add(fileType.getMimeType());

             }

         } catch (CustomFileTypesManager.CustomFileTypesException ex) {

             throw new FileTypeDetectorInitException("Error loading user custom file types", ex);

         }

         return detectedTypes;

     }


     private static SortedSet<String> getTikaDetectedTypes() {

         if (null == tikaDetectedTypes) {

             tikaDetectedTypes = org.apache.tika.mime.MimeTypes.getDefaultMimeTypes().getMediaTypeRegistry().getTypes()

                     .stream().filter(t -> !t.hasParameters()).map(s -> s.toString().replace("tika-", "")).collect(Collectors.toCollection(TreeSet::new));

         }

         return Collections.unmodifiableSortedSet(tikaDetectedTypes);

     }


     public FileTypeDetector() throws FileTypeDetectorInitException {

         try {

             userDefinedFileTypes = CustomFileTypesManager.getInstance().getUserDefinedFileTypes();

             autopsyDefinedFileTypes = CustomFileTypesManager.getInstance().getAutopsyDefinedFileTypes();

         } catch (CustomFileTypesManager.CustomFileTypesException ex) {

             throw new FileTypeDetectorInitException("Error loading custom file types", ex); //NON-NLS

         }

     }


     public boolean isDetectable(String mimeType) {

         return isDetectableAsCustomType(userDefinedFileTypes, mimeType)

                 || isDetectableAsCustomType(autopsyDefinedFileTypes, mimeType)

                 || isDetectableByTika(mimeType);

     }


     private boolean isDetectableAsCustomType(List<FileType> customTypes, String mimeType) {

         for (FileType fileType : customTypes) {

             if (fileType.getMimeType().equals(mimeType)) {

                 return true;

             }

         }

         return false;

     }


     private boolean isDetectableByTika(String mimeType) {

         return FileTypeDetector.getTikaDetectedTypes().contains(removeOptionalParameter(mimeType));

     }


     public String getMIMEType(AbstractFile file) {

         /*

          * Check to see if the file has already been typed.

          */

         String mimeType = file.getMIMEType();

         if (null != mimeType) {

             // We remove the optional parameter to allow this method to work

             // with legacy databases that may contain MIME types with the

             // optional parameter attached.

             return removeOptionalParameter(mimeType);

         }


         /*

          * Mark non-regular files (refer to TskData.TSK_FS_META_TYPE_ENUM),

          * zero-sized files, unallocated space, and unused blocks (refer to

          * TskData.TSK_DB_FILES_TYPE_ENUM) as octet-stream.

          */

         if (!file.isFile() || file.getSize() <= 0

                 || (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)

                 || (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS)

                 || (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.VIRTUAL_DIR)

                 || ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.SLACK) && file.getSize() < SLACK_FILE_THRESHOLD)) {

             mimeType = MimeTypes.OCTET_STREAM;

         }


         /*

          * If the file is a regular file, give precedence to user-defined custom

          * file types.

          */

         if (null == mimeType) {

             mimeType = detectUserDefinedType(file);

         }


         /*

          * If the file does not match a user-defined type, give precedence to

          * custom file types defined by Autopsy.

          */

         if (null == mimeType) {

             mimeType = detectAutopsyDefinedType(file);

         }


         /*

          * If the file does not match a user-defined type, send the initial

          * bytes to Tika.

          */

         if (null == mimeType) {

             ReadContentInputStream stream = new ReadContentInputStream(file);


             try (TikaInputStream tikaInputStream = TikaInputStream.get(stream)) {

                 String tikaType = tika.detect(tikaInputStream);


                 /*

                  * Remove the Tika suffix from the MIME type name.

                  */

                 mimeType = tikaType.replace("tika-", ""); //NON-NLS

                 /*

                  * Remove the optional parameter from the MIME type.

                  */

                 mimeType = removeOptionalParameter(mimeType);


                 /*

                  * If Tika recognizes the file signature, then use the file

                  * name to refine the type. In short, this is to exclude the

                  * mime types that are determined solely by file extension.

                  * More details in JIRA-4871.

                  */

                 if (!mimeType.equals(MimeTypes.OCTET_STREAM)) {

                     ReadContentInputStream secondPassStream = new ReadContentInputStream(file);

                     try (TikaInputStream secondPassTikaStream = TikaInputStream.get(secondPassStream)) {

                         tikaType = tika.detect(secondPassTikaStream, file.getName());

                         mimeType = tikaType.replace("tika-", ""); //NON-NLS

                         mimeType = removeOptionalParameter(mimeType);

                     }

                 }


                 if (mimeType.contains("audio/mpeg")) {

                     try {

                         byte[] header = getNBytes(file, 0, 2);

                         if (byteIs0xFF(header[0]) && byteIs0xFF(header[1])) {

                             mimeType = MimeTypes.OCTET_STREAM;

                         }

                     } catch (TskCoreException ex) {

                         //Oh well, the mimetype is what it is.

                         logger.log(Level.WARNING, String.format("Could not verify audio/mpeg mimetype for file %s with id=%d", file.getName(), file.getId()), ex);

                     }

                 }

             } catch (Exception ignored) {

                 /*

                  * This exception is swallowed and not logged rather than

                  * propagated because files in data sources are not always

                  * consistent with their file system metadata, making for read

                  * errors. Also, Tika can be a bit flaky at times, making this a

                  * best effort endeavor. Default to octet-stream.

                  */

                 mimeType = MimeTypes.OCTET_STREAM;

             }

         }


         /*

          * Documented side effect: write the result to the AbstractFile object.

          */

         file.setMIMEType(mimeType);


         return mimeType;

     }


     private boolean byteIs0xFF(byte x) {

         return (x & 0x0F) == 0x0F && (x & 0xF0) == 0xF0;

     }


     private byte[] getNBytes(AbstractFile file, int offset, int n) throws TskCoreException {

         byte[] headerCache = new byte[n];

         file.read(headerCache, offset, n);

         return headerCache;

     }


     private String removeOptionalParameter(String mimeType) {

         int indexOfSemicolon = mimeType.indexOf(';');

         if (indexOfSemicolon != -1) {

             return mimeType.substring(0, indexOfSemicolon).trim();

         } else {

             return mimeType;

         }

     }


     private String detectUserDefinedType(AbstractFile file) {

         String retValue = null;


         for (FileType fileType : userDefinedFileTypes) {

             if (fileType.matches(file)) {

                 retValue = fileType.getMimeType();

                 break;

             }

         }

         return retValue;

     }


     private String detectAutopsyDefinedType(AbstractFile file) {

         for (FileType fileType : autopsyDefinedFileTypes) {

             if (fileType.matches(file)) {

                 return fileType.getMimeType();

             }

         }

         return null;

     }


     /*

      * Exception thrown if an initialization error occurs, e.g., user-defined

      * file type definitions exist but cannot be loaded.

      */

     public static class FileTypeDetectorInitException extends Exception {


         private static final long serialVersionUID = 1L;


         FileTypeDetectorInitException(String message) {

             super(message);

         }


         FileTypeDetectorInitException(String message, Throwable throwable) {

             super(message, throwable);

         }


     }


     @Deprecated

     public List<String> getUserDefinedTypes() {

         List<String> customFileTypes = new ArrayList<>();

         userDefinedFileTypes.forEach((fileType) -> {

             customFileTypes.add(fileType.getMimeType());

         });

         autopsyDefinedFileTypes.forEach((fileType) -> {

             customFileTypes.add(fileType.getMimeType());

         });

         return customFileTypes;

     }


     @Deprecated

     public String detectAndPostToBlackboard(AbstractFile file) throws TskCoreException {

         String fileType = getMIMEType(file);

         file.setMIMEType(fileType);

         file.save();

         return fileType;

     }


     @Deprecated

     public String getFileType(AbstractFile file) throws TskCoreException {

         String fileType = getMIMEType(file);

         file.setMIMEType(fileType);

         file.save();

         return fileType;

     }


     @Deprecated

     public String detect(AbstractFile file) throws TskCoreException {

         String fileType = getMIMEType(file);

         return fileType;

     }


 }

org.sleuthkit

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.removeOptionalParameter
String removeOptionalParameter(String mimeType)
Definition: FileTypeDetector.java:326

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.FileTypeDetectorInitException.serialVersionUID
static final long serialVersionUID
Definition: FileTypeDetector.java:377

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.userDefinedFileTypes
final List< FileType > userDefinedFileTypes
Definition: FileTypeDetector.java:49

org

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.SLACK_FILE_THRESHOLD
static final int SLACK_FILE_THRESHOLD
Definition: FileTypeDetector.java:48

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable
boolean isDetectable(String mimeType)
Definition: FileTypeDetector.java:133

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector
Definition: FileTypeDetector.java:44

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getNBytes
byte[] getNBytes(AbstractFile file, int offset, int n)
Definition: FileTypeDetector.java:313

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.FileTypeDetector
FileTypeDetector()
Definition: FileTypeDetector.java:116

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectUserDefinedType
String detectUserDefinedType(AbstractFile file)
Definition: FileTypeDetector.java:342

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType
String getMIMEType(AbstractFile file)
Definition: FileTypeDetector.java:179

org.sleuthkit.autopsy.coreutils
Definition: AutopsyExceptionHandler.java:19

org.sleuthkit.autopsy.coreutils.Logger
Definition: Logger.java:36

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.tika
static final Tika tika
Definition: FileTypeDetector.java:47

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableAsCustomType
boolean isDetectableAsCustomType(List< FileType > customTypes, String mimeType)
Definition: FileTypeDetector.java:148

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.autopsyDefinedFileTypes
final List< FileType > autopsyDefinedFileTypes
Definition: FileTypeDetector.java:50

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.tikaDetectedTypes
static SortedSet< String > tikaDetectedTypes
Definition: FileTypeDetector.java:51

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.FileTypeDetectorInitException
Definition: FileTypeDetector.java:375

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect
String detect(AbstractFile file)
Definition: FileTypeDetector.java:481

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAutopsyDefinedType
String detectAutopsyDefinedType(AbstractFile file)
Definition: FileTypeDetector.java:362

org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124

org.sleuthkit.autopsy

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.logger
static final Logger logger
Definition: FileTypeDetector.java:46

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getUserDefinedTypes
List< String > getUserDefinedTypes()
Definition: FileTypeDetector.java:411

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getTikaDetectedTypes
static SortedSet< String > getTikaDetectedTypes()
Definition: FileTypeDetector.java:96

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType
String getFileType(AbstractFile file)
Definition: FileTypeDetector.java:461

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getDetectedTypes
static synchronized SortedSet< String > getDetectedTypes()
Definition: FileTypeDetector.java:63

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.byteIs0xFF
boolean byteIs0xFF(byte x)
Definition: FileTypeDetector.java:298

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika
boolean isDetectableByTika(String mimeType)
Definition: FileTypeDetector.java:164

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard
String detectAndPostToBlackboard(AbstractFile file)
Definition: FileTypeDetector.java:437