api-docs/4.22.1/_x_r_y_file_reader_8java_source.html

/*

 * Autopsy Forensic Browser

 *

 * Copyright 2019 Basis Technology Corp.

 * Contact: carrier <at> sleuthkit <dot> org

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package org.sleuthkit.autopsy.datasourceprocessors.xry;


import java.io.BufferedReader;

import java.io.IOException;

import java.io.InputStream;

import java.nio.charset.Charset;

import java.nio.charset.MalformedInputException;

import java.nio.charset.StandardCharsets;

import java.nio.file.Files;

import java.nio.file.LinkOption;

import java.nio.file.Path;

import java.nio.file.StandardOpenOption;

import java.nio.file.attribute.BasicFileAttributes;

import java.util.Optional;

import java.util.logging.Level;

import java.util.NoSuchElementException;

import org.sleuthkit.autopsy.coreutils.Logger;

import org.apache.commons.io.FilenameUtils;


final class XRYFileReader implements AutoCloseable {


    private static final Logger logger = Logger.getLogger(XRYFileReader.class.getName());


    //Assume UTF_16LE

    private static final Charset CHARSET = StandardCharsets.UTF_16LE;


    //Assume the header begins with 'xry export'.

    private static final String START_OF_HEADER = "xry export";


    //Assume all XRY reports have the type on the 3rd line

    //relative to the start of the header.

    private static final int LINE_WITH_REPORT_TYPE = 3;


    //Assume all headers are 5 lines in length.

    private static final int HEADER_LENGTH_IN_LINES = 5;


    //Assume TXT extension

    private static final String EXTENSION = "txt";


    //Assume 0xFFFE is the BOM

    private static final int[] BOM = {0xFF, 0xFE};


    //Entity to be consumed during file iteration.

    private final StringBuilder xryEntity;


    //Underlying reader for the xry file.

    private final BufferedReader reader;


    //Reference to the original xry file.

    private final Path xryFilePath;


    public XRYFileReader(Path xryFile) throws IOException {

        reader = Files.newBufferedReader(xryFile, CHARSET);

        xryFilePath = xryFile;


        //Advance the reader to the start of the header.

        advanceToHeader(reader);


        //Advance the reader past the header to the start

        //of the first XRY entity.

        for (int i = 1; i < HEADER_LENGTH_IN_LINES; i++) {

            reader.readLine();

        }


        xryEntity = new StringBuilder();

    }


    public String getReportType() throws IOException {

        Optional<String> reportType = getType(xryFilePath);

        if (reportType.isPresent()) {

            return reportType.get();

        }


        throw new IllegalArgumentException(xryFilePath.toString() + " does not "

                + "have a report type.");

    }


    public Path getReportPath() throws IOException {

        return xryFilePath;

    }


    public boolean hasNextEntity() throws IOException {

        //Entity has yet to be consumed.

        if (xryEntity.length() > 0) {

            return true;

        }


        String line;

        while ((line = reader.readLine()) != null) {

            if (marksEndOfEntity(line)) {

                if (xryEntity.length() > 0) {

                    //Found a non empty XRY entity.

                    return true;

                }

            } else {

                xryEntity.append(line).append('\n');

            }

        }


        //Check if EOF was hit before an entity delimiter was found.

        return xryEntity.length() > 0;

    }


    public String nextEntity() throws IOException {

        if (hasNextEntity()) {

            String returnVal = xryEntity.toString();

            xryEntity.setLength(0);

            return returnVal;

        } else {

            throw new NoSuchElementException();

        }

    }


    public String peek() throws IOException {

        if (hasNextEntity()) {

            return xryEntity.toString();

        } else {

            throw new NoSuchElementException();

        }

    }


    @Override

    public void close() throws IOException {

        reader.close();

    }


    private boolean marksEndOfEntity(String line) {

        return line.isEmpty();

    }


    public static boolean isXRYFile(Path file) throws IOException {

        String parsedExtension = FilenameUtils.getExtension(file.toString());


        //A XRY file should have a txt extension.

        if (!EXTENSION.equals(parsedExtension)) {

            return false;

        }


        BasicFileAttributes attr = Files.readAttributes(file,

                BasicFileAttributes.class, LinkOption.NOFOLLOW_LINKS);


        //Do not follow symbolic links. XRY files cannot be a directory.

        if (attr.isSymbolicLink() || attr.isDirectory()) {

            return false;

        }


        //Check 0xFFFE BOM

        if (!isXRYBOM(file)) {

            return false;

        }


        try {

            Optional<String> reportType = getType(file);

            //All valid XRY reports should have a type.

            return reportType.isPresent();

        } catch (MalformedInputException ex) {

            logger.log(Level.WARNING, String.format("File at path [%s] had "

                    + "0xFFFE BOM but was not encoded in UTF-16LE.", file.toString()), ex);

            return false;

        }

    }


    private static boolean isXRYBOM(Path file) throws IOException {

        try (InputStream in = Files.newInputStream(file, StandardOpenOption.READ)) {

            for (int bomByte : BOM) {

                if (in.read() != bomByte) {

                    return false;

                }

            }

        }


        return true;

    }


    private static Optional<String> getType(Path file) throws IOException {

        try (BufferedReader reader = Files.newBufferedReader(file, CHARSET)) {

            //Header may not start at the beginning of the file.

            advanceToHeader(reader);


            //Advance the reader to the line before the report type.

            for (int i = 1; i < LINE_WITH_REPORT_TYPE - 1; i++) {

                reader.readLine();

            }


            String reportTypeLine = reader.readLine();

            if (reportTypeLine != null && !reportTypeLine.isEmpty()) {

                return Optional.of(reportTypeLine);

            }

            return Optional.empty();

        }

    }


    private static void advanceToHeader(BufferedReader reader) throws IOException {

        String line;

        if((line = reader.readLine()) == null) {

            return;

        }


        String normalizedLine = line.trim().toLowerCase();

        if (normalizedLine.equals(START_OF_HEADER)) {

            return;

        }


        byte[] normalizedBytes = normalizedLine.getBytes(CHARSET);

        if (normalizedBytes.length > 2) {

            normalizedLine = new String(normalizedBytes, 2,

                    normalizedBytes.length - 2, CHARSET);

            if (normalizedLine.equals(START_OF_HEADER)) {

                return;

            }

        }


        while ((line = reader.readLine()) != null) {

            normalizedLine = line.trim().toLowerCase();

            if (normalizedLine.equals(START_OF_HEADER)) {

                return;

            }

        }

    }

}