api-docs/4.22.1/_analysis_results_view_model_8java_source.html

/*

 * Autopsy Forensic Browser

 *

 * Copyright 2021-2021 Basis Technology Corp.

 * Contact: carrier <at> sleuthkit <dot> org

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package org.sleuthkit.autopsy.contentviewers.analysisresults;


import java.util.Collection;

import java.util.Collections;

import java.util.List;

import java.util.Objects;

import java.util.Optional;

import java.util.logging.Level;

import java.util.logging.Logger;

import java.util.stream.Collectors;

import java.util.stream.Stream;

import org.apache.commons.lang3.tuple.Pair;

import org.openide.nodes.Node;

import org.openide.util.NbBundle;

import org.sleuthkit.autopsy.datamodel.AnalysisResultItem;

import org.sleuthkit.autopsy.datamodel.TskContentItem;

import org.sleuthkit.datamodel.AnalysisResult;

import org.sleuthkit.datamodel.BlackboardArtifact;

import org.sleuthkit.datamodel.Content;

import org.sleuthkit.datamodel.Score;

import org.sleuthkit.datamodel.TskCoreException;


public class AnalysisResultsViewModel {


    private static final Logger logger = Logger.getLogger(AnalysisResultsViewModel.class.getName());


    static class ResultDisplayAttributes {


        private final AnalysisResult analysisResult;

        private final List<Pair<String, String>> attributesToDisplay;


        ResultDisplayAttributes(AnalysisResult analysisResult, List<Pair<String, String>> attributesToDisplay) {

            this.analysisResult = analysisResult;

            this.attributesToDisplay = attributesToDisplay;

        }


        List<Pair<String, String>> getAttributesToDisplay() {

            return Collections.unmodifiableList(attributesToDisplay);

        }


        AnalysisResult getAnalysisResult() {

            return analysisResult;

        }

    }


    static class NodeResults {


        private final List<ResultDisplayAttributes> analysisResults;

        private final Optional<AnalysisResult> selectedResult;

        private final Optional<Score> aggregateScore;

        private final Optional<String> itemName;


        NodeResults(List<ResultDisplayAttributes> analysisResults, Optional<AnalysisResult> selectedResult,

                Optional<Score> aggregateScore, Optional<String> itemName) {

            this.analysisResults = analysisResults;

            this.selectedResult = selectedResult;

            this.aggregateScore = aggregateScore;

            this.itemName = itemName;

        }


        List<ResultDisplayAttributes> getAnalysisResults() {

            return Collections.unmodifiableList(analysisResults);

        }


        Optional<AnalysisResult> getSelectedResult() {

            return selectedResult;

        }


        Optional<Score> getAggregateScore() {

            return aggregateScore;

        }


        Optional<String> getItemName() {

            return itemName;

        }

    }


    private String normalizeAttr(String originalAttrStr) {

        return (originalAttrStr == null) ? "" : originalAttrStr.trim();

    }


    @NbBundle.Messages({

        "AnalysisResultsViewModel_displayAttributes_score=Score",

        "AnalysisResultsViewModel_displayAttributes_type=Type",

        "AnalysisResultsViewModel_displayAttributes_configuration=Configuration",

        "AnalysisResultsViewModel_displayAttributes_conclusion=Conclusion",

        "AnalysisResultsViewModel_displayAttributes_justification=Justification"

    })


    private ResultDisplayAttributes getDisplayAttributes(AnalysisResult analysisResult) {

        // The type of BlackboardArtifact.Type of the analysis result.

        String type = "";

        try {

            type = normalizeAttr(analysisResult.getType().getDisplayName());

        } catch (TskCoreException ex) {

            logger.log(Level.SEVERE, "Unable to get type for analysis result with id: " + analysisResult.getArtifactID(), ex);

        }


        // The standard attributes to display (score, type, configuration, conclusion)

        Stream<Pair<String, String>> baseAnalysisAttrs = Stream.of(

                Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_score(),

                        normalizeAttr(analysisResult.getScore().getSignificance().getDisplayName())),

                Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_type(),

                        normalizeAttr(type)),

                Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_configuration(),

                        normalizeAttr(analysisResult.getConfiguration())),

                Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_conclusion(),

                        normalizeAttr(analysisResult.getConclusion())),

                Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_justification(),

                        normalizeAttr(analysisResult.getJustification()))

        );


        // The BlackboardAttributes sorted by type display name.

        Stream<Pair<String, String>> blackboardAttributes = Stream.empty();

        try {


            blackboardAttributes = analysisResult.getAttributes().stream()

                    .filter(attr -> attr != null && attr.getAttributeType() != null && attr.getAttributeType().getDisplayName() != null)

                    .map(attr -> Pair.of(attr.getAttributeType().getDisplayName(), normalizeAttr(attr.getDisplayString())))

                    .sorted((a, b) -> a.getKey().compareToIgnoreCase(b.getKey()));

        } catch (TskCoreException ex) {

            logger.log(Level.SEVERE, "Unable to get attributes for analysis result with id: " + analysisResult.getArtifactID(), ex);

        }


        // return the standard attributes along with the key value pairs of the BlackboardAttribute values.

        List<Pair<String, String>> allDisplayAttributes = Stream.concat(baseAnalysisAttrs, blackboardAttributes)

                .collect(Collectors.toList());


        return new ResultDisplayAttributes(analysisResult, allDisplayAttributes);

    }


    private List<ResultDisplayAttributes> getOrderedDisplayAttributes(Collection<AnalysisResult> analysisResults) {

        return analysisResults.stream()

                .filter(ar -> ar != null && ar.getScore() != null)

                // reverse order to push more important scores to the top

                .sorted((a, b) -> -a.getScore().compareTo(b.getScore()))

                .map((ar) -> getDisplayAttributes(ar))

                .collect(Collectors.toList());

    }


    private String getName(Content selectedContent) throws TskCoreException {

        if (selectedContent == null) {

            return null;

        } else if (selectedContent instanceof BlackboardArtifact) {

            return ((BlackboardArtifact) selectedContent).getShortDescription();

        } else {

            return selectedContent.getName();

        }

    }


    NodeResults getAnalysisResults(Node node) {

        if (node == null) {

            return new NodeResults(Collections.emptyList(), Optional.empty(), Optional.empty(), Optional.empty());

        }


        String contentName = null;

        AnalysisResult selectedAnalysisResult = null;

        Score aggregateScore = null;

        List<AnalysisResult> analysisResults = Collections.emptyList();

        long selectedObjectId = 0;

        try {

            AnalysisResultItem analysisResultItem = node.getLookup().lookup(AnalysisResultItem.class);

            Content analyzedContent;

            if (Objects.nonNull(analysisResultItem)) {

                /*

                 * The content represented by the Node is an analysis result.

                 * Set this analysis result as the analysis result to be

                 * selected in the content viewer and get the analyzed content

                 * as the source of the analysis results to display.

                 */

                selectedAnalysisResult = analysisResultItem.getTskContent();

                selectedObjectId = selectedAnalysisResult.getId();

                analyzedContent = selectedAnalysisResult.getParent();

            } else {

                /*

                 * The content represented by the Node is something other than

                 * an analysis result. Use it as the source of the analysis

                 * results to display.

                 */

                TskContentItem<?> contentItem = node.getLookup().lookup(TskContentItem.class);

                analyzedContent = contentItem.getTskContent();

                selectedObjectId = analyzedContent.getId();

            }

            aggregateScore = analyzedContent.getAggregateScore();

            analysisResults = analyzedContent.getAllAnalysisResults();

            contentName = getName(analyzedContent);


        } catch (TskCoreException ex) {

            logger.log(Level.SEVERE, String.format("Error getting analysis result data for selected Content (object ID=%d)", selectedObjectId), ex);

        }


        /*

         * Use the data collected above to construct the view model.

         */

        List<ResultDisplayAttributes> displayAttributes = getOrderedDisplayAttributes(analysisResults);

        return new NodeResults(displayAttributes,

                Optional.ofNullable(selectedAnalysisResult),

                Optional.ofNullable(aggregateScore),

                Optional.ofNullable(contentName));

    }


}


org.sleuthkit.autopsy.contentviewers.analysisresults.AnalysisResultsViewModel
Definition AnalysisResultsViewModel.java:44

org.sleuthkit.autopsy.contentviewers.analysisresults.AnalysisResultsViewModel.getDisplayAttributes
ResultDisplayAttributes getDisplayAttributes(AnalysisResult analysisResult)
Definition AnalysisResultsViewModel.java:181

org.sleuthkit.autopsy.contentviewers.analysisresults.AnalysisResultsViewModel.getOrderedDisplayAttributes
List< ResultDisplayAttributes > getOrderedDisplayAttributes(Collection< AnalysisResult > analysisResults)
Definition AnalysisResultsViewModel.java:223

org.sleuthkit.autopsy.contentviewers.analysisresults.AnalysisResultsViewModel.logger
static final Logger logger
Definition AnalysisResultsViewModel.java:46

org.sleuthkit.autopsy.contentviewers.analysisresults.AnalysisResultsViewModel.normalizeAttr
String normalizeAttr(String originalAttrStr)
Definition AnalysisResultsViewModel.java:163

org.sleuthkit.autopsy.contentviewers.analysisresults.AnalysisResultsViewModel.getName
String getName(Content selectedContent)
Definition AnalysisResultsViewModel.java:241

org.sleuthkit.autopsy.coreutils.Logger
Definition Logger.java:36

org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition Logger.java:124