Autopsy 4.22.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
RuleSetManager.java
Go to the documentation of this file.
1/*
2 * Autopsy Forensic Browser
3 *
4 * Copyright 2020 Basis Technology Corp.
5 * Contact: carrier <at> sleuthkit <dot> org
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19package org.sleuthkit.autopsy.modules.yara.rules;
20
21import java.beans.PropertyChangeListener;
22import java.beans.PropertyChangeSupport;
23import java.io.File;
24import java.nio.file.Path;
25import java.nio.file.Paths;
26import java.util.ArrayList;
27import java.util.List;
28import javax.swing.SwingUtilities;
29import org.sleuthkit.autopsy.coreutils.PlatformUtil;
30
35public class RuleSetManager {
36
37 private final static String BASE_FOLDER = "yara";
38 private final static String RULE_SET_FOLDER = "ruleSets";
39
43 public final static String RULE_SET_ADDED = "YARARuleSetAdded";
44 public final static String RULE_SET_DELETED = "YARARuleSetDeleted";
45
46 private final PropertyChangeSupport changeSupport;
47
48 private static RuleSetManager instance;
49
53 private RuleSetManager() {
54 changeSupport = new PropertyChangeSupport(this);
55 }
56
62 public synchronized static RuleSetManager getInstance() {
63 if (instance == null) {
64 instance = new RuleSetManager();
65 }
66
67 return instance;
68 }
69
75 public static void addPropertyChangeListener(PropertyChangeListener listener) {
76 getInstance().getChangeSupport().addPropertyChangeListener(listener);
77 }
78
84 public void removePropertyChangeListener(PropertyChangeListener listener) {
85 getInstance().getChangeSupport().removePropertyChangeListener(listener);
86 }
87
97 public synchronized RuleSet createRuleSet(String name) throws RuleSetException {
98 if (name == null || name.isEmpty()) {
99 throw new RuleSetException("YARA rule set name cannot be null or empty string");
100 }
101
102 if (isRuleSetExists(name)) {
103 throw new RuleSetException(String.format("Yara rule set with name %s already exits.", name));
104 }
105
106 Path basePath = getRuleSetPath();
107 Path setPath = Paths.get(basePath.toString(), name);
108
109 setPath.toFile().mkdir();
110
111 RuleSet newSet = new RuleSet(name, setPath);
112
113 SwingUtilities.invokeLater(new Runnable() {
114 @Override
115 public void run() {
116 getChangeSupport().firePropertyChange(RULE_SET_ADDED, null, newSet);
117 }
118 });
119
120 return newSet;
121 }
122
130 public synchronized void deleteRuleSet(RuleSet ruleSet) throws RuleSetException {
131 if (ruleSet == null) {
132 throw new RuleSetException("YARA rule set name cannot be null or empty string");
133 }
134
135 if (!isRuleSetExists(ruleSet.getName())) {
136 throw new RuleSetException(String.format("A YARA rule set with name %s does not exits.", ruleSet.getName()));
137 }
138
139 deleteDirectory(ruleSet.getPath().toFile());
140
141 SwingUtilities.invokeLater(new Runnable() {
142 @Override
143 public void run() {
144 getChangeSupport().firePropertyChange(RULE_SET_DELETED, ruleSet, null);
145 }
146 });
147 }
148
154 public synchronized List<RuleSet> getRuleSetList() {
155 List<RuleSet> ruleSets = new ArrayList<>();
156 Path basePath = getRuleSetPath();
157
158 String[] ruleSetNames = basePath.toFile().list();
159
160 for (String setName : ruleSetNames) {
161 ruleSets.add(new RuleSet(setName, Paths.get(basePath.toString(), setName)));
162 }
163
164 return ruleSets;
165 }
166
174 public synchronized boolean isRuleSetExists(String name) {
175 Path basePath = getRuleSetPath();
176 Path setPath = Paths.get(basePath.toString(), name);
177
178 return setPath.toFile().exists();
179 }
180
187 private Path getRuleSetPath() {
188 Path basePath = Paths.get(PlatformUtil.getUserDirectory().getAbsolutePath(), BASE_FOLDER, RULE_SET_FOLDER);
189 File baseFile = basePath.toFile();
190
191 if (!baseFile.exists()) {
192 baseFile.mkdirs();
193 }
194
195 return basePath;
196 }
197
203 private PropertyChangeSupport getChangeSupport() {
204 return changeSupport;
205 }
206
214 private boolean deleteDirectory(File directoryToBeDeleted) {
215 File[] allContents = directoryToBeDeleted.listFiles();
216 if (allContents != null) {
217 for (File file : allContents) {
218 deleteDirectory(file);
219 }
220 }
221 return directoryToBeDeleted.delete();
222 }
223
224}
org.sleuthkit.autopsy.modules.yara.rules.RuleSetManager.addPropertyChangeListener
static void addPropertyChangeListener(PropertyChangeListener listener)
Definition RuleSetManager.java:75
org.sleuthkit.autopsy.modules.yara.rules.RuleSetManager.removePropertyChangeListener
void removePropertyChangeListener(PropertyChangeListener listener)
Definition RuleSetManager.java:84

Copyright © 2012-2024 Sleuth Kit Labs. Generated on:
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.