CaseUcoReportModule.java

Go to the documentation of this file.

/*
 *
 * Autopsy Forensic Browser
 * 
 * Copyright 2018-2020 Basis Technology Corp.
 * Project Contact/Architect: carrier <at> sleuthkit <dot> org
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *     http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.sleuthkit.autopsy.report.modules.caseuco;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayDeque;
import java.util.Deque;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import javax.swing.JPanel;
import org.openide.util.NbBundle;
import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.ingest.IngestManager;
import org.sleuthkit.autopsy.report.GeneralReportModule;
import org.sleuthkit.autopsy.report.ReportProgressPanel;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData;

public final class CaseUcoReportModule implements GeneralReportModule {

    private static final Logger logger = Logger.getLogger(CaseUcoReportModule.class.getName());
    private static final CaseUcoReportModule SINGLE_INSTANCE = new CaseUcoReportModule();
    
    //Supported types of TSK_FS_FILES
    private static final Set<Short> SUPPORTED_TYPES = new HashSet<Short>() {{
        add(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue());
        add(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue());
        add(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue());
    }};

    private static final String REPORT_FILE_NAME = "CASE_UCO_output";    
    private static final String EXTENSION = "json-ld";

    // Hidden constructor for the report
    private CaseUcoReportModule() {
    }

    // Get the default implementation of this report
    public static synchronized CaseUcoReportModule getDefault() {
        return SINGLE_INSTANCE;
    }

    @Override
    public String getName() {
        return NbBundle.getMessage(this.getClass(), "CaseUcoReportModule.getName.text");
    }
    
    @Override
    public JPanel getConfigurationPanel() {
        return null; // No configuration panel
    }

    @Override
    public String getRelativeFilePath() {
        return REPORT_FILE_NAME  + "." + EXTENSION;
    }

    @Override
    public String getDescription() {
        return NbBundle.getMessage(this.getClass(), "CaseUcoReportModule.getDesc.text");
    }

    public static String getReportFileName() {
        return REPORT_FILE_NAME;
    }

    @NbBundle.Messages({
        "CaseUcoReportModule.notInitialized=CASE-UCO settings panel has not been initialized",
        "CaseUcoReportModule.noDataSourceSelected=No data source selected for CASE-UCO report",
        "CaseUcoReportModule.ioError=I/O error encountered while generating report",
        "CaseUcoReportModule.noCaseOpen=No case is currently open",
        "CaseUcoReportModule.tskCoreException=TskCoreException [%s] encountered while generating the report. Please reference the log for more details.",
        "CaseUcoReportModule.processingDataSource=Processing datasource: %s",
        "CaseUcoReportModule.ingestWarning=Warning, this report will be created before ingest services completed",
        "CaseUcoReportModule.unableToCreateDirectories=Unable to create directory for CASE-UCO report",
        "CaseUcoReportModule.srcModuleName=CASE-UCO Report"
    })
    @Override
    @SuppressWarnings("deprecation")
    public void generateReport(String baseReportDir, ReportProgressPanel progressPanel) {
        try {
            // Check if ingest has finished
            warnIngest(progressPanel);
            
            //Create report paths if they don't already exist.
            Path reportDirectory = Paths.get(baseReportDir);
            try {
                Files.createDirectories(reportDirectory);
            } catch (IOException ex) {
                logger.log(Level.WARNING, "Unable to create directory for CASE-UCO report.", ex);
                progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR, 
                    Bundle.CaseUcoReportModule_unableToCreateDirectories());
                return;
            }
            
            CaseUcoReportGenerator generator = 
                    new CaseUcoReportGenerator(reportDirectory, REPORT_FILE_NAME);
            
            //First write the Case to the report file.
            Case caseObj = Case.getCurrentCaseThrows();
            generator.addCase(caseObj);
            
            List<Content> dataSources = caseObj.getDataSources();
            progressPanel.setIndeterminate(false);
            progressPanel.setMaximumProgress(dataSources.size());
            progressPanel.start();
            
            //Then search each data source for file content.
            for(int i = 0; i < dataSources.size(); i++) {
                Content dataSource = dataSources.get(i);
                progressPanel.updateStatusLabel(String.format(
                        Bundle.CaseUcoReportModule_processingDataSource(), 
                        dataSource.getName()));
                //Add the data source and then all children.
                generator.addDataSource(dataSource, caseObj);
                performDepthFirstSearch(dataSource, generator);
                progressPanel.setProgress(i+1);
            }
            
            //Complete the report.
            Path reportPath = generator.generateReport();
            caseObj.addReport(reportPath.toString(), 
                    Bundle.CaseUcoReportModule_srcModuleName(), 
                    REPORT_FILE_NAME);
            progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE);
        } catch (IOException ex) {
            logger.log(Level.WARNING, "I/O error encountered while generating the report.", ex);
            progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR, 
                    Bundle.CaseUcoReportModule_ioError());
        } catch (NoCurrentCaseException ex) {
            logger.log(Level.WARNING, "No case open.", ex);
            progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR, 
                    Bundle.CaseUcoReportModule_noCaseOpen());
        } catch (TskCoreException ex) {
            logger.log(Level.WARNING, "TskCoreException encounted while generating the report.", ex);
            progressPanel.complete(ReportProgressPanel.ReportStatus.ERROR, 
                    String.format(Bundle.CaseUcoReportModule_tskCoreException(), ex.toString()));
        }
        
        progressPanel.complete(ReportProgressPanel.ReportStatus.COMPLETE);
    }
    
    private void warnIngest(ReportProgressPanel progressPanel) {
        if (IngestManager.getInstance().isIngestRunning()) {
            progressPanel.updateStatusLabel(Bundle.CaseUcoReportModule_ingestWarning());
        }
    }
    
    private void performDepthFirstSearch(Content dataSource, 
            CaseUcoReportGenerator generator) throws IOException, TskCoreException {
        
        Deque<Content> stack = new ArrayDeque<>();
        stack.addAll(dataSource.getChildren());

        //Depth First Search the data source tree.
        while(!stack.isEmpty()) {
            Content current = stack.pop();
            if(current instanceof AbstractFile) {
                AbstractFile f = (AbstractFile) (current);
                if(SUPPORTED_TYPES.contains(f.getMetaType().getValue())) {
                    generator.addFile(f, dataSource);   
                }
            }

            for(Content child : current.getChildren()) {
                stack.push(child);
            }
        }
    }
}