Autopsy  4.15.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
CustomFileTypesManager.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2016 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.filetypeid;
20 
21 import java.io.File;
22 import java.io.FileInputStream;
23 import java.io.FileOutputStream;
24 import java.io.IOException;
25 import java.nio.file.Path;
26 import java.nio.file.Paths;
27 import java.util.ArrayList;
28 import java.util.List;
29 import javax.xml.bind.DatatypeConverter;
30 import javax.xml.parsers.ParserConfigurationException;
31 import org.openide.util.io.NbObjectInputStream;
32 import org.openide.util.io.NbObjectOutputStream;
36 import org.w3c.dom.Document;
37 import org.w3c.dom.Element;
38 import org.w3c.dom.Node;
39 import org.w3c.dom.NodeList;
40 import org.xml.sax.SAXException;
41 
46 final class CustomFileTypesManager {
47 
48  private static final String SERIALIZED_SETTINGS_FILE = "UserFileTypeDefinitions.settings"; //NON-NLS
49  private static final String XML_SETTINGS_FILE = "UserFileTypeDefinitions.xml"; //NON-NLS
50  private static final String FILE_TYPES_TAG_NAME = "FileTypes"; //NON-NLS
51  private static final String FILE_TYPE_TAG_NAME = "FileType"; //NON-NLS
52  private static final String MIME_TYPE_TAG_NAME = "MimeType"; //NON-NLS
53  private static final String SIGNATURE_TAG_NAME = "Signature"; //NON-NLS
54  private static final String SIGNATURE_TYPE_ATTRIBUTE = "type"; //NON-NLS
55  private static final String BYTES_TAG_NAME = "Bytes"; //NON-NLS
56  private static final String OFFSET_TAG_NAME = "Offset"; //NON-NLS
57  private static final String RELATIVE_ATTRIBUTE = "RelativeToStart"; //NON-NLS
58  private static CustomFileTypesManager instance;
59  private final List<FileType> autopsyDefinedFileTypes = new ArrayList<>();
60  private List<FileType> userDefinedFileTypes = new ArrayList<>();
61 
71  synchronized static CustomFileTypesManager getInstance() throws CustomFileTypesException {
72  if (null == instance) {
73  instance = new CustomFileTypesManager();
74  try {
75  instance.loadUserDefinedFileTypes();
76  instance.createAutopsyDefinedFileTypes();
77  } catch (CustomFileTypesException ex) {
78  instance = null;
79  throw ex;
80  }
81  }
82  return instance;
83  }
84 
89  private CustomFileTypesManager() {
90  }
91 
97  synchronized List<FileType> getFileTypes() {
102  List<FileType> customTypes = new ArrayList<>(userDefinedFileTypes);
103  customTypes.addAll(autopsyDefinedFileTypes);
104  return customTypes;
105  }
106 
112  synchronized List<FileType> getAutopsyDefinedFileTypes() {
117  return new ArrayList<>(autopsyDefinedFileTypes);
118  }
119 
125  synchronized List<FileType> getUserDefinedFileTypes() {
130  return new ArrayList<>(userDefinedFileTypes);
131  }
132 
141  synchronized void setUserDefinedFileTypes(List<FileType> newFileTypes) throws CustomFileTypesException {
142  String filePath = getFileTypeDefinitionsFilePath(SERIALIZED_SETTINGS_FILE);
143  writeSerializedFileTypes(newFileTypes, filePath);
144  userDefinedFileTypes = newFileTypes;
145  }
146 
153  private void createAutopsyDefinedFileTypes() throws CustomFileTypesException {
154  byte[] byteArray;
155  FileType fileType;
156  try {
157  /*
158  * Add type for xml.
159  */
160  List<Signature> signatureList;
161  signatureList = new ArrayList<>();
162  signatureList.add(new Signature("<?xml", 0L)); //NON-NLS
163  fileType = new FileType("text/xml", signatureList); //NON-NLS
164  autopsyDefinedFileTypes.add(fileType);
165 
166  /*
167  * Add type for gzip.
168  */
169  byteArray = DatatypeConverter.parseHexBinary("1F8B"); //NON-NLS
170  signatureList.clear();
171  signatureList.add(new Signature(byteArray, 0L));
172  fileType = new FileType("application/x-gzip", signatureList); //NON-NLS
173  autopsyDefinedFileTypes.add(fileType);
174 
175  /*
176  * Add type for wk1.
177  */
178  byteArray = DatatypeConverter.parseHexBinary("0000020006040600080000000000"); //NON-NLS
179  signatureList.clear();
180  signatureList.add(new Signature(byteArray, 0L));
181  fileType = new FileType("application/x-123", signatureList); //NON-NLS
182  autopsyDefinedFileTypes.add(fileType);
183 
184  /*
185  * Add type for Radiance images.
186  */
187  byteArray = DatatypeConverter.parseHexBinary("233F52414449414E43450A");//NON-NLS
188  signatureList.clear();
189  signatureList.add(new Signature(byteArray, 0L));
190  fileType = new FileType("image/vnd.radiance", signatureList); //NON-NLS
191  autopsyDefinedFileTypes.add(fileType);
192 
193  /*
194  * Add type for dcx images.
195  */
196  byteArray = DatatypeConverter.parseHexBinary("B168DE3A"); //NON-NLS
197  signatureList.clear();
198  signatureList.add(new Signature(byteArray, 0L));
199  fileType = new FileType("image/x-dcx", signatureList); //NON-NLS
200  autopsyDefinedFileTypes.add(fileType);
201 
202  /*
203  * Add type for ics images.
204  */
205  signatureList.clear();
206  signatureList.add(new Signature("icns", 0L)); //NON-NLS
207  fileType = new FileType("image/x-icns", signatureList); //NON-NLS
208  autopsyDefinedFileTypes.add(fileType);
209 
210  /*
211  * Add type for pict images.
212  */
213  byteArray = DatatypeConverter.parseHexBinary("001102FF"); //NON-NLS
214  signatureList.clear();
215  signatureList.add(new Signature(byteArray, 522L));
216  fileType = new FileType("image/x-pict", signatureList); //NON-NLS
217  autopsyDefinedFileTypes.add(fileType);
218 
219  /*
220  * NOTE: see JIRA-4269. This MIME type seems to match a lot of
221  * random file types, including ZIP archives. As a result those
222  * files get assigned this MIME type instead of having their MIME
223  * type detected by Tika. byteArray =
224  * DatatypeConverter.parseHexBinary("1100"); //NON-NLS
225  * signatureList.clear(); signatureList.add(new Signature(byteArray,
226  * 522L)); fileType = new FileType("image/x-pict", signatureList);
227  * //NON-NLS
228  autopsyDefinedFileTypes.add(fileType);
229  */
230 
231  /*
232  * Add type for pam.
233  */
234  signatureList.clear();
235  signatureList.add(new Signature("P7", 0L)); //NON-NLS
236  fileType = new FileType("image/x-portable-arbitrarymap", signatureList); //NON-NLS
237  autopsyDefinedFileTypes.add(fileType);
238 
239  /*
240  * Add type for pfm.
241  */
242  signatureList.clear();
243  signatureList.add(new Signature("PF", 0L)); //NON-NLS
244  fileType = new FileType("image/x-portable-floatmap", signatureList); //NON-NLS
245  autopsyDefinedFileTypes.add(fileType);
246  signatureList.clear();
247  signatureList.add(new Signature("Pf", 0L)); //NON-NLS
248  fileType = new FileType("image/x-portable-floatmap", signatureList); //NON-NLS
249  autopsyDefinedFileTypes.add(fileType);
250 
251  /*
252  * Add type for tga.
253  */
254  byteArray = DatatypeConverter.parseHexBinary("54525545564953494F4E2D5846494C452E00"); //NON-NLS
255  signatureList.clear();
256  signatureList.add(new Signature(byteArray, 17, false));
257  fileType = new FileType("image/x-tga", signatureList); //NON-NLS
258  autopsyDefinedFileTypes.add(fileType);
259 
260  /*
261  * Add type for ilbm.
262  */
263  signatureList.clear();
264  signatureList.add(new Signature("FORM", 0L)); //NON-NLS
265  signatureList.add(new Signature("ILBM", 8L)); //NON-NLS
266  fileType = new FileType("image/x-ilbm", signatureList); //NON-NLS
267  autopsyDefinedFileTypes.add(fileType);
268  signatureList.clear();
269  signatureList.add(new Signature("FORM", 0L)); //NON-NLS
270  signatureList.add(new Signature("PBM", 8L)); //NON-NLS
271  fileType = new FileType("image/x-ilbm", signatureList); //NON-NLS
272  autopsyDefinedFileTypes.add(fileType);
273 
274  /*
275  * Add type for webp.
276  */
277  signatureList.clear();
278  signatureList.add(new Signature("RIFF", 0L)); //NON-NLS
279  signatureList.add(new Signature("WEBP", 8L)); //NON-NLS
280  fileType = new FileType("image/webp", signatureList); //NON-NLS
281  autopsyDefinedFileTypes.add(fileType);
282 
283  /*
284  * Add type for aiff.
285  */
286  signatureList.clear();
287  signatureList.add(new Signature("FORM", 0L)); //NON-NLS
288  signatureList.add(new Signature("AIFF", 8L)); //NON-NLS
289  fileType = new FileType("audio/aiff", signatureList); //NON-NLS
290  autopsyDefinedFileTypes.add(fileType);
291  signatureList.clear();
292  signatureList.add(new Signature("FORM", 0L)); //NON-NLS
293  signatureList.add(new Signature("AIFC", 8L)); //NON-NLS
294  fileType = new FileType("audio/aiff", signatureList); //NON-NLS
295  autopsyDefinedFileTypes.add(fileType);
296  signatureList.clear();
297  signatureList.add(new Signature("FORM", 0L)); //NON-NLS
298  signatureList.add(new Signature("8SVX", 8L)); //NON-NLS
299  fileType = new FileType("audio/aiff", signatureList); //NON-NLS
300  autopsyDefinedFileTypes.add(fileType);
301 
302  /*
303  * Add type for iff.
304  */
305  signatureList.clear();
306  signatureList.add(new Signature("FORM", 0L)); //NON-NLS
307  fileType = new FileType("application/x-iff", signatureList); //NON-NLS
308  autopsyDefinedFileTypes.add(fileType);
309 
310  /*
311  * Add type for .tec files with leading End Of Image marker (JFIF
312  * JPEG)
313  */
314  byteArray = DatatypeConverter.parseHexBinary("FFD9FFD8"); //NON-NLS
315  signatureList.clear();
316  signatureList.add(new Signature(byteArray, 0L));
317  fileType = new FileType("image/jpeg", signatureList); //NON-NLS
318  autopsyDefinedFileTypes.add(fileType);
319 
320  /*
321  * Add type for Windows NT registry files with leading End Of Image marker (JFIF
322  * JPEG)
323  */
324  byteArray = DatatypeConverter.parseHexBinary("72656766"); //NON-NLS
325  signatureList.clear();
326  signatureList.add(new Signature(byteArray, 0L));
327  fileType = new FileType("application/x.windows-registry", signatureList); //NON-NLS
328  autopsyDefinedFileTypes.add(fileType);
329 
330  } catch (IllegalArgumentException ex) {
331  /*
332  * parseHexBinary() throws this if the argument passed in is not hex
333  */
334  throw new CustomFileTypesException("Error creating Autopsy defined custom file types", ex); //NON-NLS
335  }
336  }
337 
344  private void loadUserDefinedFileTypes() throws CustomFileTypesException {
345  userDefinedFileTypes.clear();
346  String filePath = getFileTypeDefinitionsFilePath(SERIALIZED_SETTINGS_FILE);
347  if (new File(filePath).exists()) {
348  userDefinedFileTypes = readSerializedFileTypes(filePath);
349  } else {
350  filePath = getFileTypeDefinitionsFilePath(XML_SETTINGS_FILE);
351  if (new File(filePath).exists()) {
352  userDefinedFileTypes = readFileTypesXML(filePath);
353  }
354  }
355  }
356 
366  private static void writeSerializedFileTypes(List<FileType> fileTypes, String filePath) throws CustomFileTypesException {
367  try (NbObjectOutputStream out = new NbObjectOutputStream(new FileOutputStream(filePath))) {
368  UserDefinedFileTypesSettings settings = new UserDefinedFileTypesSettings(fileTypes);
369  out.writeObject(settings);
370  } catch (IOException ex) {
371  throw new CustomFileTypesException(String.format("Failed to write settings to %s", filePath), ex); //NON-NLS
372  }
373  }
374 
385  private static List<FileType> readSerializedFileTypes(String filePath) throws CustomFileTypesException {
386  File serializedDefs = new File(filePath);
387  try {
388  try (NbObjectInputStream in = new NbObjectInputStream(new FileInputStream(serializedDefs))) {
389  UserDefinedFileTypesSettings filesSetsSettings = (UserDefinedFileTypesSettings) in.readObject();
390  return filesSetsSettings.getUserDefinedFileTypes();
391  }
392  } catch (IOException | ClassNotFoundException ex) {
393  throw new CustomFileTypesException(String.format("Failed to read settings from %s", filePath), ex); //NON-NLS
394  }
395  }
396 
411  private static List<FileType> readFileTypesXML(String filePath) throws CustomFileTypesException {
412  try {
413  List<FileType> fileTypes = new ArrayList<>();
414  Document doc = XMLUtil.loadDocument(filePath);
415  if (doc != null) {
416  Element fileTypesElem = doc.getDocumentElement();
417  if (fileTypesElem != null && fileTypesElem.getNodeName().equals(FILE_TYPES_TAG_NAME)) {
418  NodeList fileTypeElems = fileTypesElem.getElementsByTagName(FILE_TYPE_TAG_NAME);
419  for (int i = 0; i < fileTypeElems.getLength(); ++i) {
420  Element fileTypeElem = (Element) fileTypeElems.item(i);
421  FileType fileType = parseFileType(fileTypeElem);
422  fileTypes.add(fileType);
423  }
424  }
425  }
426  return fileTypes;
427  } catch (IOException | ParserConfigurationException | SAXException ex) {
428  throw new CustomFileTypesException(String.format("Failed to read ssettings from %s", filePath), ex); //NON-NLS
429  }
430  }
431 
444  private static FileType parseFileType(Element fileTypeElem) throws IllegalArgumentException, NumberFormatException {
445  String mimeType = parseMimeType(fileTypeElem);
446  Signature signature = parseSignature(fileTypeElem);
447  // File type definitions in the XML file were written prior to the
448  // implementation of multiple signatures per type.
449  List<Signature> sigList = new ArrayList<>();
450  sigList.add(signature);
451  return new FileType(mimeType, sigList);
452  }
453 
461  private static String parseMimeType(Element fileTypeElem) {
462  return getChildElementTextContent(fileTypeElem, MIME_TYPE_TAG_NAME);
463  }
464 
472  private static Signature parseSignature(Element fileTypeElem) throws IllegalArgumentException, NumberFormatException {
473  NodeList signatureElems = fileTypeElem.getElementsByTagName(SIGNATURE_TAG_NAME);
474  Element signatureElem = (Element) signatureElems.item(0);
475 
476  String sigTypeAttribute = signatureElem.getAttribute(SIGNATURE_TYPE_ATTRIBUTE);
477  Signature.Type signatureType = Signature.Type.valueOf(sigTypeAttribute);
478 
479  String sigBytesString = getChildElementTextContent(signatureElem, BYTES_TAG_NAME);
480  byte[] signatureBytes = DatatypeConverter.parseHexBinary(sigBytesString);
481 
482  Element offsetElem = (Element) signatureElem.getElementsByTagName(OFFSET_TAG_NAME).item(0);
483  String offsetString = offsetElem.getTextContent();
484  long offset = DatatypeConverter.parseLong(offsetString);
485 
486  boolean isRelativeToStart;
487  String relativeString = offsetElem.getAttribute(RELATIVE_ATTRIBUTE);
488  if (null == relativeString || relativeString.equals("")) {
489  isRelativeToStart = true;
490  } else {
491  isRelativeToStart = DatatypeConverter.parseBoolean(relativeString);
492  }
493 
494  return new Signature(signatureBytes, offset, signatureType, isRelativeToStart);
495  }
496 
505  private static String getChildElementTextContent(Element elem, String tagName) {
506  NodeList childElems = elem.getElementsByTagName(tagName);
507  Node childNode = childElems.item(0);
508  if (childNode == null) {
509  return null;
510  }
511  Element childElem = (Element) childNode;
512  return childElem.getTextContent();
513  }
514 
522  private static String getFileTypeDefinitionsFilePath(String fileName) {
523  Path filePath = Paths.get(PlatformUtil.getUserConfigDirectory(), fileName);
524  return filePath.toAbsolutePath().toString();
525  }
526 
530  static class CustomFileTypesException extends Exception {
531 
532  private static final long serialVersionUID = 1L;
533 
534  CustomFileTypesException(String message) {
535  super(message);
536  }
537 
538  CustomFileTypesException(String message, Throwable throwable) {
539  super(message, throwable);
540  }
541  }
542 
543 }

Copyright © 2012-2020 Basis Technology. Generated on: Mon Jul 6 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.