Autopsy  4.17.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
CorrelationAttributeInstance.java
Go to the documentation of this file.
1 /*
2  * Central Repository
3  *
4  * Copyright 2015-2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.centralrepository.datamodel;
20 
21 import java.io.Serializable;
22 import java.util.ArrayList;
23 import java.util.List;
24 import java.util.Objects;
25 import java.util.regex.Pattern;
26 import org.openide.util.NbBundle.Messages;
27 import org.sleuthkit.datamodel.Account;
28 import org.sleuthkit.datamodel.TskData;
29 
36 @Messages({
37  "EamArtifactInstances.knownStatus.bad=Bad",
38  "EamArtifactInstances.knownStatus.known=Known",
39  "EamArtifactInstances.knownStatus.unknown=Unknown"})
40 public class CorrelationAttributeInstance implements Serializable {
41 
42  private static final long serialVersionUID = 1L;
43 
44  private int ID;
45  private String correlationValue;
46  private CorrelationAttributeInstance.Type correlationType;
47  private CorrelationCase correlationCase;
48  private CorrelationDataSource correlationDataSource;
49  private String filePath;
50  private String comment;
51  private TskData.FileKnown knownStatus;
52  private Long objectId;
53  private Long accountId;
54 
55  public CorrelationAttributeInstance(
56  CorrelationAttributeInstance.Type correlationType,
57  String correlationValue,
58  CorrelationCase eamCase,
59  CorrelationDataSource eamDataSource,
60  String filePath,
61  String comment,
62  TskData.FileKnown knownStatus,
63  long fileObjectId) throws CentralRepoException, CorrelationAttributeNormalizationException {
64  this(correlationType, correlationValue, -1, eamCase, eamDataSource, filePath, comment, knownStatus, fileObjectId);
65  }
66 
67  CorrelationAttributeInstance(
68  Type type,
69  String value,
70  int instanceId,
71  CorrelationCase eamCase,
72  CorrelationDataSource eamDataSource,
73  String filePath,
74  String comment,
75  TskData.FileKnown knownStatus,
76  Long fileObjectId
77  ) throws CentralRepoException, CorrelationAttributeNormalizationException {
78  this(type, value, -1, eamCase, eamDataSource, filePath, comment, knownStatus, fileObjectId, (long)-1);
79  }
80  public CorrelationAttributeInstance(
81  Type type,
82  String value,
83  int instanceId,
84  CorrelationCase eamCase,
85  CorrelationDataSource eamDataSource,
86  String filePath,
87  String comment,
88  TskData.FileKnown knownStatus,
89  Long fileObjectId,
90  Long accountId
91  ) throws CentralRepoException, CorrelationAttributeNormalizationException {
92  if (filePath == null) {
93  throw new CentralRepoException("file path is null");
94  }
95 
96  this.correlationType = type;
97  this.correlationValue = CorrelationAttributeNormalizer.normalize(type, value);
98  this.ID = instanceId;
99  this.correlationCase = eamCase;
100  this.correlationDataSource = eamDataSource;
101  // Lower case paths to normalize paths and improve correlation results, if this causes significant issues on case-sensitive file systems, remove
102  this.filePath = filePath.toLowerCase();
103  this.comment = comment;
104  this.knownStatus = knownStatus;
105  this.objectId = fileObjectId;
106  this.accountId = accountId;
107  }
108 
109  public Boolean equals(CorrelationAttributeInstance otherInstance) {
110  return ((this.getID() == otherInstance.getID())
111  && (this.getCorrelationValue().equals(otherInstance.getCorrelationValue()))
112  && (this.getCorrelationType().equals(otherInstance.getCorrelationType()))
113  && (this.getCorrelationCase().equals(otherInstance.getCorrelationCase()))
114  && (this.getCorrelationDataSource().equals(otherInstance.getCorrelationDataSource()))
115  && (this.getFilePath().equals(otherInstance.getFilePath()))
116  && (this.getKnownStatus().equals(otherInstance.getKnownStatus()))
117  && (this.getComment().equals(otherInstance.getComment()))
118  && (this.getAccountId().equals(otherInstance.getAccountId())));
119  }
120 
121  @Override
122  public String toString() {
123  return this.getID()
124  + this.getCorrelationCase().getCaseUUID()
125  + this.getCorrelationDataSource().getDeviceID()
126  + this.getAccountId()
127  + this.getFilePath()
128  + this.getCorrelationType().toString()
129  + this.getCorrelationValue()
130  + this.getKnownStatus()
131  + this.getComment();
132  }
133 
137  public String getCorrelationValue() {
138  return correlationValue;
139  }
140 
144  public Type getCorrelationType() {
145  return correlationType;
146  }
147 
154  public boolean isDatabaseInstance() {
155  return (ID >= 0);
156  }
157 
161  public int getID() {
162  return ID;
163  }
164 
168  public CorrelationCase getCorrelationCase() {
169  return correlationCase;
170  }
171 
175  public CorrelationDataSource getCorrelationDataSource() {
176  return correlationDataSource;
177  }
178 
182  public String getFilePath() {
183  return filePath;
184  }
185 
189  public String getComment() {
190  return null == comment ? "" : comment;
191  }
192 
196  public void setComment(String comment) {
197  this.comment = comment;
198  }
199 
206  public TskData.FileKnown getKnownStatus() {
207  return knownStatus;
208  }
209 
217  public void setKnownStatus(TskData.FileKnown knownStatus) {
218  this.knownStatus = knownStatus;
219  }
220 
227  public Long getFileObjectId() {
228  return objectId;
229  }
230 
237  public Long getAccountId() {
238  return accountId;
239  }
240 
245  void setAccountId(Long accountId) {
246  this.accountId = accountId;
247  }
248 
249  // Type ID's for Default Correlation Types
250  public static final int FILES_TYPE_ID = 0;
251  public static final int DOMAIN_TYPE_ID = 1;
252  public static final int EMAIL_TYPE_ID = 2;
253  public static final int PHONE_TYPE_ID = 3;
254  public static final int USBID_TYPE_ID = 4;
255  public static final int SSID_TYPE_ID = 5;
256  public static final int MAC_TYPE_ID = 6;
257  public static final int IMEI_TYPE_ID = 7;
258  public static final int IMSI_TYPE_ID = 8;
259  public static final int ICCID_TYPE_ID = 9;
260 
261  // An offset to assign Ids for additional correlation types.
262  public static final int ADDITIONAL_TYPES_BASE_ID = 1000;
263 
270  @Messages({"CorrelationType.FILES.displayName=Files",
271  "CorrelationType.DOMAIN.displayName=Domains",
272  "CorrelationType.EMAIL.displayName=Email Addresses",
273  "CorrelationType.PHONE.displayName=Phone Numbers",
274  "CorrelationType.USBID.displayName=USB Devices",
275  "CorrelationType.SSID.displayName=Wireless Networks",
276  "CorrelationType.MAC.displayName=MAC Addresses",
277  "CorrelationType.IMEI.displayName=IMEI Number",
278  "CorrelationType.IMSI.displayName=IMSI Number",
279  "CorrelationType.ICCID.displayName=ICCID Number"})
280  public static List<CorrelationAttributeInstance.Type> getDefaultCorrelationTypes() throws CentralRepoException {
281  List<CorrelationAttributeInstance.Type> defaultCorrelationTypes = new ArrayList<>();
282 
283  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(FILES_TYPE_ID, Bundle.CorrelationType_FILES_displayName(), "file", true, true)); // NON-NLS
284  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(DOMAIN_TYPE_ID, Bundle.CorrelationType_DOMAIN_displayName(), "domain", true, true)); // NON-NLS
285  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(EMAIL_TYPE_ID, Bundle.CorrelationType_EMAIL_displayName(), "email_address", true, true)); // NON-NLS
286  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(PHONE_TYPE_ID, Bundle.CorrelationType_PHONE_displayName(), "phone_number", true, true)); // NON-NLS
287  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(USBID_TYPE_ID, Bundle.CorrelationType_USBID_displayName(), "usb_devices", true, true)); // NON-NLS
288  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(SSID_TYPE_ID, Bundle.CorrelationType_SSID_displayName(), "wireless_networks", true, true)); // NON-NLS
289  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(MAC_TYPE_ID, Bundle.CorrelationType_MAC_displayName(), "mac_address", true, true)); //NON-NLS
290  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(IMEI_TYPE_ID, Bundle.CorrelationType_IMEI_displayName(), "imei_number", true, true)); //NON-NLS
291  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(IMSI_TYPE_ID, Bundle.CorrelationType_IMSI_displayName(), "imsi_number", true, true)); //NON-NLS
292  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(ICCID_TYPE_ID, Bundle.CorrelationType_ICCID_displayName(), "iccid_number", true, true)); //NON-NLS
293 
294  // Create Correlation Types for Accounts.
295  int correlationTypeId = ADDITIONAL_TYPES_BASE_ID;
296  for (Account.Type type : Account.Type.PREDEFINED_ACCOUNT_TYPES) {
297  // Skip Device account type - we dont want to correlate on those.
298  // Skip Phone and Email accounts as there are already Correlation types defined for those.
299  if (type != Account.Type.DEVICE && type != Account.Type.EMAIL && type != Account.Type.PHONE) {
300  defaultCorrelationTypes.add(new CorrelationAttributeInstance.Type(correlationTypeId, type.getDisplayName(), type.getTypeName().toLowerCase() + "_acct", true, true)); //NON-NLS
301  correlationTypeId++;
302  }
303  }
304 
305  return defaultCorrelationTypes;
306  }
307 
311  @SuppressWarnings("serial")
312  public static class Type implements Serializable { // NOPMD Avoid short class names like Type
313 
314  private int typeId;
315  private String displayName;
316  private String dbTableName;
317  private Boolean supported;
318  private Boolean enabled;
319  private final static String DB_NAMES_REGEX = "[a-z][a-z0-9_]*";
320 
332  @Messages({"CorrelationAttributeInstance.nullName.message=Database name is null.",
333  "CorrelationAttributeInstance.invalidName.message=Invalid database table name. Name must start with a lowercase letter and can only contain lowercase letters, numbers, and '_'."})
334  public Type(int typeId, String displayName, String dbTableName, Boolean supported, Boolean enabled) throws CentralRepoException {
335  if (dbTableName == null) {
336  throw new CentralRepoException("dbTableName is null", Bundle.CorrelationAttributeInstance_nullName_message());
337  }
338  this.typeId = typeId;
339  this.displayName = displayName;
340  this.dbTableName = dbTableName;
341  this.supported = supported;
342  this.enabled = enabled;
343  if (!Pattern.matches(DB_NAMES_REGEX, dbTableName)) {
344  throw new CentralRepoException("Invalid database table name. Name must start with a lowercase letter and can only contain lowercase letters, numbers, and '_'.", Bundle.CorrelationAttributeInstance_invalidName_message()); // NON-NLS
345  }
346  }
347 
361  public Type(String displayName, String dbTableName, Boolean supported, Boolean enabled) throws CentralRepoException {
362  this(-1, displayName, dbTableName, supported, enabled);
363  }
364 
372  @Override
373  public boolean equals(Object that) {
374  if (this == that) {
375  return true;
376  } else if (!(that instanceof CorrelationAttributeInstance.Type)) {
377  return false;
378  } else {
379  return ((CorrelationAttributeInstance.Type) that).sameType(this);
380  }
381  }
382 
391  private boolean sameType(CorrelationAttributeInstance.Type that) {
392  return this.typeId == that.getId()
393  && Objects.equals(this.supported, that.isSupported())
394  && Objects.equals(this.enabled, that.isEnabled());
395  }
396 
397  @Override
398  public int hashCode() {
399  int hash = 7;
400  hash = 67 * hash + Objects.hashCode(this.typeId);
401  hash = 67 * hash + Objects.hashCode(this.supported);
402  hash = 67 * hash + Objects.hashCode(this.enabled);
403  return hash;
404  }
405 
406  @Override
407  public String toString() {
408  StringBuilder str = new StringBuilder(55);
409  str.append("(id=")
410  .append(getId())
411  .append(", displayName=")
412  .append(getDisplayName())
413  .append(", dbTableName=")
414  .append(getDbTableName())
415  .append(", supported=")
416  .append(isSupported().toString())
417  .append(", enabled=")
418  .append(isEnabled().toString())
419  .append(')');
420  return str.toString();
421  }
422 
426  public int getId() {
427  return typeId;
428  }
429 
433  public void setId(int typeId) {
434  this.typeId = typeId;
435  }
436 
442  public Boolean isSupported() {
443  return supported;
444  }
445 
451  public void setSupported(Boolean supported) {
452  this.supported = supported;
453  }
454 
460  public Boolean isEnabled() {
461  return enabled;
462  }
463 
469  public void setEnabled(Boolean enabled) {
470  this.enabled = enabled;
471  }
472 
476  public String getDisplayName() {
477  return displayName;
478  }
479 
483  public void setDisplayName(String displayName) {
484  this.displayName = displayName;
485  }
486 
502  public String getDbTableName() {
503  return dbTableName;
504  }
505 
526  public void setDbTableName(String dbTableName) throws CentralRepoException {
527  if (!Pattern.matches(DB_NAMES_REGEX, dbTableName)) {
528  throw new CentralRepoException("Invalid database table name. Name must start with a lowercase letter and can only contain lowercase letters, numbers, and '_'."); // NON-NLS
529  }
530  this.dbTableName = dbTableName;
531  }
532  }
533 }
org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.Type.Type
Type(String displayName, String dbTableName, Boolean supported, Boolean enabled)
Definition: CorrelationAttributeInstance.java:361
org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.CorrelationAttributeInstance
CorrelationAttributeInstance(Type type, String value, int instanceId, CorrelationCase eamCase, CorrelationDataSource eamDataSource, String filePath, String comment, TskData.FileKnown knownStatus, Long fileObjectId, Long accountId)
Definition: CorrelationAttributeInstance.java:80
org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.Type.Type
Type(int typeId, String displayName, String dbTableName, Boolean supported, Boolean enabled)
Definition: CorrelationAttributeInstance.java:334
org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizer.normalize
static String normalize(CorrelationAttributeInstance.Type attributeType, String data)
Definition: CorrelationAttributeNormalizer.java:49
org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance.CorrelationAttributeInstance
CorrelationAttributeInstance(CorrelationAttributeInstance.Type correlationType, String correlationValue, CorrelationCase eamCase, CorrelationDataSource eamDataSource, String filePath, String comment, TskData.FileKnown knownStatus, long fileObjectId)
Definition: CorrelationAttributeInstance.java:55

Copyright © 2012-2021 Basis Technology. Generated on: Tue Jan 19 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.