api-docs/4.22.1/_interesting_hits_8java_source.html

/*

 * Autopsy Forensic Browser

 *

 * Copyright 2011-2021 Basis Technology Corp.

 * Contact: carrier <at> sleuthkit <dot> org

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package org.sleuthkit.autopsy.datamodel;


import java.beans.PropertyChangeEvent;

import java.beans.PropertyChangeListener;

import java.sql.ResultSet;

import java.sql.SQLException;

import java.util.ArrayList;

import java.util.Collections;

import java.util.EnumSet;

import java.util.HashMap;

import java.util.HashSet;

import java.util.LinkedHashMap;

import java.util.List;

import java.util.Map;

import java.util.Observable;

import java.util.Observer;

import java.util.Set;

import java.util.logging.Level;

import org.openide.nodes.ChildFactory;

import org.openide.nodes.Children;

import org.openide.nodes.Node;

import org.openide.nodes.Sheet;

import org.openide.util.NbBundle;

import org.openide.util.WeakListeners;

import org.openide.util.lookup.Lookups;

import org.sleuthkit.autopsy.casemodule.Case;

import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;

import org.sleuthkit.autopsy.coreutils.Logger;

import org.sleuthkit.autopsy.ingest.IngestManager;

import org.sleuthkit.autopsy.ingest.ModuleDataEvent;

import org.sleuthkit.datamodel.BlackboardArtifact;

import org.sleuthkit.datamodel.BlackboardAttribute;

import org.sleuthkit.datamodel.SleuthkitCase;

import org.sleuthkit.datamodel.SleuthkitCase.CaseDbQuery;

import org.sleuthkit.datamodel.TskCoreException;

import org.sleuthkit.datamodel.AnalysisResult;

import org.sleuthkit.autopsy.datamodel.Artifacts.UpdatableCountTypeNode;


public class InterestingHits implements AutopsyVisitableItem {


    private static final Logger logger = Logger.getLogger(InterestingHits.class.getName());

    private static final Set<IngestManager.IngestJobEvent> INGEST_JOB_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestJobEvent.COMPLETED, IngestManager.IngestJobEvent.CANCELLED);

    private static final Set<IngestManager.IngestModuleEvent> INGEST_MODULE_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestModuleEvent.DATA_ADDED);


    private SleuthkitCase skCase;

    private final InterestingResults interestingResults = new InterestingResults();

    private final long filteringDSObjId; // 0 if not filtering/grouping by data source

    private final BlackboardArtifact.Type artifactType;


    public InterestingHits(SleuthkitCase skCase, BlackboardArtifact.Type artifactType) {

        this(skCase, artifactType, 0);

    }


    public InterestingHits(SleuthkitCase skCase, BlackboardArtifact.Type artifactType, long objId) {

        this.skCase = skCase;

        this.artifactType = artifactType;

        this.filteringDSObjId = objId;

        interestingResults.update();

    }


    private class InterestingResults extends Observable {


        // NOTE: the map can be accessed by multiple worker threads and needs to be synchronized

        private final Map<String, Set<Long>> interestingItemsMap = new LinkedHashMap<>();


        List<String> getSetNames() {

            List<String> setNames;

            synchronized (interestingItemsMap) {

                setNames = new ArrayList<>(interestingItemsMap.keySet());

            }

            Collections.sort(setNames, (a, b) -> a.compareToIgnoreCase(b));

            return setNames;

        }


        Set<Long> getArtifactIds(String setName) {

            synchronized (interestingItemsMap) {

                return new HashSet<>(interestingItemsMap.getOrDefault(setName, Collections.emptySet()));

            }

        }


        void update() {

            synchronized (interestingItemsMap) {

                interestingItemsMap.clear();

            }

            loadArtifacts();

            setChanged();

            notifyObservers();

        }


        /*

         * Reads the artifacts of specified type, grouped by Set, and loads into

         * the interestingItemsMap

         */

        @SuppressWarnings("deprecation")


        private void loadArtifacts() {

            if (skCase == null) {

                return;

            }


            int setNameId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID();


            String query = "SELECT value_text, blackboard_artifacts.artifact_obj_id " //NON-NLS

                    + "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS

                    + "attribute_type_id=" + setNameId //NON-NLS

                    + " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS

                    + " AND blackboard_artifacts.artifact_type_id = " + artifactType.getTypeID(); //NON-NLS

            if (filteringDSObjId > 0) {

                query += "  AND blackboard_artifacts.data_source_obj_id = " + filteringDSObjId;

            }


            try (CaseDbQuery dbQuery = skCase.executeQuery(query)) {

                synchronized (interestingItemsMap) {

                    ResultSet resultSet = dbQuery.getResultSet();

                    while (resultSet.next()) {

                        String value = resultSet.getString("value_text"); //NON-NLS

                        long artifactObjId = resultSet.getLong("artifact_obj_id"); //NON-NLS

                        interestingItemsMap

                                .computeIfAbsent(value, (k) -> new HashSet<>())

                                .add(artifactObjId);

                    }

                }

            } catch (TskCoreException | SQLException ex) {

                logger.log(Level.WARNING, "SQL Exception occurred: ", ex); //NON-NLS

            }

        }


    }


    @Override

    public <T> T accept(AutopsyItemVisitor<T> visitor) {

        return visitor.visit(this);

    }


    private class SetNameFactory extends ChildFactory.Detachable<String> implements Observer {


        /*

         * This should probably be in the top-level class, but the factory has

         * nice methods for its startup and shutdown, so it seemed like a

         * cleaner place to register the property change listener.

         */


        private final PropertyChangeListener pcl = (PropertyChangeEvent evt) -> {

            String eventType = evt.getPropertyName();

            if (eventType.equals(IngestManager.IngestModuleEvent.DATA_ADDED.toString())) {

                try {

                    Case.getCurrentCaseThrows();

                    ModuleDataEvent eventData = (ModuleDataEvent) evt.getOldValue();

                    if (null != eventData && (eventData.getBlackboardArtifactType().getTypeID() == artifactType.getTypeID())) {

                        interestingResults.update();

                    }

                } catch (NoCurrentCaseException notUsed) {

                }

            } else if (eventType.equals(IngestManager.IngestJobEvent.COMPLETED.toString())

                    || eventType.equals(IngestManager.IngestJobEvent.CANCELLED.toString())) {

                try {

                    Case.getCurrentCaseThrows();

                    interestingResults.update();

                } catch (NoCurrentCaseException notUsed) {

                }

            } else if (eventType.equals(Case.Events.CURRENT_CASE.toString())) {

                // case was closed. Remove listeners so that we don't get called with a stale case handle

                if (evt.getNewValue() == null) {

                    removeNotify();

                    skCase = null;

                }

            }

        };


        private final PropertyChangeListener weakPcl = WeakListeners.propertyChange(pcl, null);


        @Override


        protected boolean createKeys(List<String> list) {

            list.addAll(interestingResults.getSetNames());

            return true;

        }


        @Override


        protected Node createNodeForKey(String key) {

            return new SetNameNode(key);

        }


        @Override


        public void update(Observable o, Object arg) {

            refresh(true);

        }


        @Override


        protected void addNotify() {

            IngestManager.getInstance().addIngestJobEventListener(INGEST_JOB_EVENTS_OF_INTEREST, weakPcl);

            IngestManager.getInstance().addIngestModuleEventListener(INGEST_MODULE_EVENTS_OF_INTEREST, weakPcl);

            Case.addEventTypeSubscriber(EnumSet.of(Case.Events.CURRENT_CASE), weakPcl);

            interestingResults.addObserver(this);

            interestingResults.update();

        }


        @Override


        protected void finalize() throws Throwable {

            super.finalize();

            IngestManager.getInstance().removeIngestJobEventListener(weakPcl);

            IngestManager.getInstance().removeIngestModuleEventListener(weakPcl);

            Case.removeEventTypeSubscriber(EnumSet.of(Case.Events.CURRENT_CASE), weakPcl);

            interestingResults.deleteObserver(this);

        }


    }


    public class SetNameNode extends DisplayableItemNode implements Observer {


        private final String setName;


        public SetNameNode(String setName) {//, Set<Long> children) {

            super(Children.create(new HitFactory(setName), true), Lookups.singleton(setName));

            this.setName = setName;

            super.setName(setName);

            updateDisplayName();

            this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/interesting_item.png"); //NON-NLS

            interestingResults.addObserver(this);

        }


        private void updateDisplayName() {

            int sizeOfSet = interestingResults.getArtifactIds(setName).size();

            super.setDisplayName(setName + " (" + sizeOfSet + ")");

        }


        @Override


        public boolean isLeafTypeNode() {

            return true;

        }


        @Override


        protected Sheet createSheet() {

            Sheet sheet = super.createSheet();

            Sheet.Set sheetSet = sheet.get(Sheet.PROPERTIES);

            if (sheetSet == null) {

                sheetSet = Sheet.createPropertiesSet();

                sheet.put(sheetSet);

            }


            sheetSet.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "InterestingHits.createSheet.name.name"),

                    NbBundle.getMessage(this.getClass(), "InterestingHits.createSheet.name.name"),

                    NbBundle.getMessage(this.getClass(), "InterestingHits.createSheet.name.desc"),

                    getName()));


            return sheet;

        }


        @Override

        public <T> T accept(DisplayableItemNodeVisitor<T> visitor) {

            return visitor.visit(this);

        }


        @Override


        public void update(Observable o, Object arg) {

            updateDisplayName();

        }


        @Override


        public String getItemType() {

            return getClass().getName();

        }


    }


    public class RootNode extends UpdatableCountTypeNode {


        public RootNode() {

            super(Children.create(new SetNameFactory(), true),

                    Lookups.singleton(artifactType),

                    artifactType.getDisplayName(),

                    filteringDSObjId,

                    artifactType);


            setName(artifactType.getDisplayName());

            this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/interesting_item.png"); //NON-NLS

        }


        @Override


        public boolean isLeafTypeNode() {

            return false;

        }


        @Override


        protected Sheet createSheet() {

            Sheet sheet = super.createSheet();

            Sheet.Set sheetSet = sheet.get(Sheet.PROPERTIES);

            if (sheetSet == null) {

                sheetSet = Sheet.createPropertiesSet();

                sheet.put(sheetSet);

            }

            sheetSet.put(new NodeProperty<>(NbBundle.getMessage(this.getClass(), "InterestingHits.createSheet.name.name"),

                    NbBundle.getMessage(this.getClass(), "InterestingHits.createSheet.name.name"),

                    NbBundle.getMessage(this.getClass(), "InterestingHits.createSheet.name.desc"),

                    getName()));

            return sheet;

        }


        @Override

        public <T> T accept(DisplayableItemNodeVisitor<T> visitor) {

            return visitor.visit(this);

        }


        @Override


        public String getItemType() {

            return getClass().getName();

        }


    }


    private class HitFactory extends BaseChildFactory<AnalysisResult> implements Observer {


        private final String setName;

        private final Map<Long, AnalysisResult> artifactHits = new HashMap<>();


        private HitFactory(String setName) {

            super(setName);

            this.setName = setName;

            interestingResults.addObserver(this);

        }


        @Override


        protected List<AnalysisResult> makeKeys() {


            if (skCase != null) {

                interestingResults.getArtifactIds(setName).forEach((id) -> {

                    try {

                        if (!artifactHits.containsKey(id)) {

                            AnalysisResult art = skCase.getBlackboard().getAnalysisResultById(id);

                            //Cache attributes while we are off the EDT.

                            //See JIRA-5969

                            art.getAttributes();

                            artifactHits.put(id, art);

                        }

                    } catch (TskCoreException ex) {

                        logger.log(Level.SEVERE, "TSK Exception occurred", ex); //NON-NLS

                    }

                });


                return new ArrayList<>(artifactHits.values());

            }

            return Collections.emptyList();

        }


        @Override


        protected Node createNodeForKey(AnalysisResult art) {

            return new BlackboardArtifactNode(art);

        }


        @Override


        public void update(Observable o, Object arg) {

            refresh(true);

        }


        @Override


        protected void onAdd() {

            // No-op

        }


        @Override


        protected void onRemove() {

            // No-op

        }


    }


}


org.sleuthkit.autopsy.casemodule.Case
Definition Case.java:168

org.sleuthkit.autopsy.casemodule.Case.removeEventTypeSubscriber
static void removeEventTypeSubscriber(Set< Events > eventTypes, PropertyChangeListener subscriber)
Definition Case.java:757

org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows
static Case getCurrentCaseThrows()
Definition Case.java:910

org.sleuthkit.autopsy.casemodule.Case.addEventTypeSubscriber
static void addEventTypeSubscriber(Set< Events > eventTypes, PropertyChangeListener subscriber)
Definition Case.java:712

org.sleuthkit.autopsy.casemodule.NoCurrentCaseException
Definition NoCurrentCaseException.java:26

org.sleuthkit.autopsy.coreutils.Logger
Definition Logger.java:36

org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition Logger.java:124

org.sleuthkit.autopsy.datamodel.Artifacts.UpdatableCountTypeNode.UpdatableCountTypeNode
UpdatableCountTypeNode(Children children, Lookup lookup, String baseName, long filteringDSObjId, BlackboardArtifact.Type... types)
Definition Artifacts.java:469

org.sleuthkit.autopsy.datamodel.Artifacts.UpdatableCountTypeNode.filteringDSObjId
final long filteringDSObjId
Definition Artifacts.java:453

org.sleuthkit.autopsy.datamodel.BaseChildFactory< AnalysisResult >::logger
static final Logger logger
Definition BaseChildFactory.java:47

org.sleuthkit.autopsy.datamodel.BaseChildFactory< AnalysisResult >::BaseChildFactory
BaseChildFactory(String nodeName)
Definition BaseChildFactory.java:104

org.sleuthkit.autopsy.datamodel.BlackboardArtifactNode
Definition BlackboardArtifactNode.java:126

org.sleuthkit.autopsy.datamodel.DisplayableItemNode.DisplayableItemNode
DisplayableItemNode(Children children)
Definition DisplayableItemNode.java:78

org.sleuthkit.autopsy.datamodel.InterestingHits.HitFactory
Definition InterestingHits.java:413

org.sleuthkit.autopsy.datamodel.InterestingHits.HitFactory.HitFactory
HitFactory(String setName)
Definition InterestingHits.java:423

org.sleuthkit.autopsy.datamodel.InterestingHits.HitFactory.setName
final String setName
Definition InterestingHits.java:415

org.sleuthkit.autopsy.datamodel.InterestingHits.HitFactory.onAdd
void onAdd()
Definition InterestingHits.java:468

org.sleuthkit.autopsy.datamodel.InterestingHits.HitFactory.update
void update(Observable o, Object arg)
Definition InterestingHits.java:463

org.sleuthkit.autopsy.datamodel.InterestingHits.HitFactory.onRemove
void onRemove()
Definition InterestingHits.java:473

org.sleuthkit.autopsy.datamodel.InterestingHits.HitFactory.createNodeForKey
Node createNodeForKey(AnalysisResult art)
Definition InterestingHits.java:458

org.sleuthkit.autopsy.datamodel.InterestingHits.HitFactory.makeKeys
List< AnalysisResult > makeKeys()
Definition InterestingHits.java:435

org.sleuthkit.autopsy.datamodel.InterestingHits.HitFactory.artifactHits
final Map< Long, AnalysisResult > artifactHits
Definition InterestingHits.java:416

org.sleuthkit.autopsy.datamodel.InterestingHits.InterestingResults
Definition InterestingHits.java:99

org.sleuthkit.autopsy.datamodel.InterestingHits.InterestingResults.loadArtifacts
void loadArtifacts()
Definition InterestingHits.java:152

org.sleuthkit.autopsy.datamodel.InterestingHits.InterestingResults.interestingItemsMap
final Map< String, Set< Long > > interestingItemsMap
Definition InterestingHits.java:102

org.sleuthkit.autopsy.datamodel.InterestingHits.RootNode.getItemType
String getItemType()
Definition InterestingHits.java:401

org.sleuthkit.autopsy.datamodel.InterestingHits.RootNode.RootNode
RootNode()
Definition InterestingHits.java:359

org.sleuthkit.autopsy.datamodel.InterestingHits.RootNode.createSheet
Sheet createSheet()
Definition InterestingHits.java:381

org.sleuthkit.autopsy.datamodel.InterestingHits.RootNode.isLeafTypeNode
boolean isLeafTypeNode()
Definition InterestingHits.java:376

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory
Definition InterestingHits.java:193

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory.pcl
final PropertyChangeListener pcl
Definition InterestingHits.java:200

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory.finalize
void finalize()
Definition InterestingHits.java:279

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory.update
void update(Observable o, Object arg)
Definition InterestingHits.java:265

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory.weakPcl
final PropertyChangeListener weakPcl
Definition InterestingHits.java:251

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory.createKeys
boolean createKeys(List< String > list)
Definition InterestingHits.java:254

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory.createNodeForKey
Node createNodeForKey(String key)
Definition InterestingHits.java:260

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameFactory.addNotify
void addNotify()
Definition InterestingHits.java:270

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameNode
Definition InterestingHits.java:291

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameNode.createSheet
Sheet createSheet()
Definition InterestingHits.java:315

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameNode.SetNameNode
SetNameNode(String setName)
Definition InterestingHits.java:295

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameNode.getItemType
String getItemType()
Definition InterestingHits.java:342

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameNode.update
void update(Observable o, Object arg)
Definition InterestingHits.java:337

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameNode.isLeafTypeNode
boolean isLeafTypeNode()
Definition InterestingHits.java:310

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameNode.updateDisplayName
void updateDisplayName()
Definition InterestingHits.java:304

org.sleuthkit.autopsy.datamodel.InterestingHits.SetNameNode.setName
final String setName
Definition InterestingHits.java:293

org.sleuthkit.autopsy.datamodel.InterestingHits.skCase
SleuthkitCase skCase
Definition InterestingHits.java:63

org.sleuthkit.autopsy.datamodel.InterestingHits.InterestingHits
InterestingHits(SleuthkitCase skCase, BlackboardArtifact.Type artifactType)
Definition InterestingHits.java:76

org.sleuthkit.autopsy.datamodel.InterestingHits.filteringDSObjId
final long filteringDSObjId
Definition InterestingHits.java:65

org.sleuthkit.autopsy.datamodel.InterestingHits.interestingResults
final InterestingResults interestingResults
Definition InterestingHits.java:64

org.sleuthkit.autopsy.datamodel.InterestingHits.artifactType
final BlackboardArtifact.Type artifactType
Definition InterestingHits.java:66

org.sleuthkit.autopsy.datamodel.InterestingHits.INGEST_MODULE_EVENTS_OF_INTEREST
static final Set< IngestManager.IngestModuleEvent > INGEST_MODULE_EVENTS_OF_INTEREST
Definition InterestingHits.java:61

org.sleuthkit.autopsy.datamodel.InterestingHits.INGEST_JOB_EVENTS_OF_INTEREST
static final Set< IngestManager.IngestJobEvent > INGEST_JOB_EVENTS_OF_INTEREST
Definition InterestingHits.java:60

org.sleuthkit.autopsy.datamodel.InterestingHits.logger
static final Logger logger
Definition InterestingHits.java:59

org.sleuthkit.autopsy.datamodel.InterestingHits.InterestingHits
InterestingHits(SleuthkitCase skCase, BlackboardArtifact.Type artifactType, long objId)
Definition InterestingHits.java:89

org.sleuthkit.autopsy.datamodel.NodeProperty
Definition NodeProperty.java:28

org.sleuthkit.autopsy.ingest.IngestManager
Definition IngestManager.java:122

org.sleuthkit.autopsy.ingest.IngestManager.getInstance
static synchronized IngestManager getInstance()
Definition IngestManager.java:161

org.sleuthkit.autopsy.ingest.IngestManager.removeIngestModuleEventListener
void removeIngestModuleEventListener(final PropertyChangeListener listener)
Definition IngestManager.java:784

org.sleuthkit.autopsy.ingest.IngestManager.removeIngestJobEventListener
void removeIngestJobEventListener(final PropertyChangeListener listener)
Definition IngestManager.java:741

org.sleuthkit.autopsy.ingest.IngestManager.addIngestModuleEventListener
void addIngestModuleEventListener(final PropertyChangeListener listener)
Definition IngestManager.java:762

org.sleuthkit.autopsy.ingest.IngestManager.addIngestJobEventListener
void addIngestJobEventListener(final PropertyChangeListener listener)
Definition IngestManager.java:719

org.sleuthkit.autopsy.ingest.ModuleDataEvent
Definition ModuleDataEvent.java:49

org.sleuthkit.autopsy.ingest.ModuleDataEvent.getBlackboardArtifactType
BlackboardArtifact.Type getBlackboardArtifactType()
Definition ModuleDataEvent.java:104

org.sleuthkit.autopsy.casemodule.Case.Events
Definition Case.java:303

org.sleuthkit.autopsy.casemodule.Case.Events.CURRENT_CASE
CURRENT_CASE
Definition Case.java:384

org.sleuthkit.autopsy.ingest.IngestManager.IngestJobEvent
Definition IngestManager.java:1298

org.sleuthkit.autopsy.ingest.IngestManager.IngestJobEvent.CANCELLED
CANCELLED
Definition IngestManager.java:1317

org.sleuthkit.autopsy.ingest.IngestManager.IngestJobEvent.COMPLETED
COMPLETED
Definition IngestManager.java:1311

org.sleuthkit.autopsy.ingest.IngestManager.IngestModuleEvent
Definition IngestManager.java:1341

org.sleuthkit.autopsy.ingest.IngestManager.IngestModuleEvent.DATA_ADDED
DATA_ADDED
Definition IngestManager.java:1349

org.sleuthkit.autopsy.datamodel.AutopsyVisitableItem
Definition AutopsyVisitableItem.java:26

org.sleuthkit.autopsy.datamodel.DisplayableItemNodeVisitor
Definition DisplayableItemNodeVisitor.java:42

org.sleuthkit.autopsy.datamodel.DisplayableItemNodeVisitor.visit
T visit(DataSourceFilesNode in)