Autopsy  4.17.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
DefaultDomainCategorizer.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.recentactivity;
20 
21 import java.io.BufferedReader;
22 import java.io.IOException;
23 import java.io.InputStream;
24 import java.io.InputStreamReader;
25 import java.nio.charset.StandardCharsets;
26 import java.util.Arrays;
27 import java.util.HashMap;
28 import java.util.List;
29 import java.util.Map;
30 import java.util.logging.Level;
31 import org.apache.commons.lang.StringUtils;
36 
56 @SuppressWarnings("try")
58 
59  private static final String CSV_DELIMITER = ",";
60  private static final String DOMAIN_TYPE_CSV = "default_domain_categories.csv"; //NON-NLS
61  private static final Logger logger = Logger.getLogger(DefaultDomainCategorizer.class.getName());
62 
70  private static Map<String, String> loadMapping() throws IOException {
71  try (InputStream is = DomainCategoryRunner.class.getResourceAsStream(DOMAIN_TYPE_CSV);
72  InputStreamReader isReader = new InputStreamReader(is, StandardCharsets.UTF_8);
73  BufferedReader reader = new BufferedReader(isReader)) {
74 
75  Map<String, String> mapping = new HashMap<>();
76  int lineNum = 1;
77  while (reader.ready()) {
78  String line = reader.readLine();
79  if (!StringUtils.isBlank(line)) {
80  addItem(mapping, line.trim(), lineNum);
81  lineNum++;
82  }
83  }
84 
85  return mapping;
86  }
87  }
88 
97  private static void addItem(Map<String, String> mapping, String line, int lineNumber) {
98  // make sure this isn't a blank line.
99  if (StringUtils.isBlank(line)) {
100  return;
101  }
102 
103  String[] csvItems = line.split(CSV_DELIMITER);
104  // line should be a key value pair
105  if (csvItems.length < 2) {
106  logger.log(Level.WARNING, String.format("Unable to properly parse line of \"%s\" at line %d", line, lineNumber));
107  return;
108  }
109 
110  // determine the domain type from the value, and return if can't be determined.
111  String domainTypeStr = csvItems[1].trim();
112  if (StringUtils.isBlank(domainTypeStr)) {
113  logger.log(Level.WARNING, String.format("No category specified for this line: \"%s\" at line %d", line, lineNumber));
114  return;
115  }
116 
117  // determine the host
118  String hostSuffix = csvItems[0];
119  if (StringUtils.isBlank(hostSuffix)) {
120  logger.log(Level.WARNING, String.format("Could not determine host suffix for this line: \"%s\" at line %d", line, lineNumber));
121  return;
122  }
123 
124  mapping.put(hostSuffix.toLowerCase(), domainTypeStr);
125  }
126 
127  // the host suffix to category mapping.
128  private Map<String, String> mapping = null;
129 
130  @Override
131  public void initialize() throws DomainCategorizerException {
132  if (this.mapping == null) {
133  try {
134  this.mapping = loadMapping();
135  } catch (IOException ex) {
136  throw new DomainCategorizerException("Unable to load domain type csv for domain category analysis", ex);
137  }
138  }
139  }
140 
141  @Override
142  public DomainCategory getCategory(String domain, String host) throws DomainCategorizerException {
143  // use host; use domain as fallback if no host provided
144  String hostToUse = StringUtils.isBlank(host) ? domain : host;
145 
146  if (StringUtils.isBlank(hostToUse)) {
147  return null;
148  }
149 
150  // split the host into tokens and find longest matching suffix
151  // (or return null if not found)
152  List<String> tokens = Arrays.asList(hostToUse.split("\\."));
153  for (int i = 0; i < tokens.size(); i++) {
154  String searchString = String.join(".", tokens.subList(i, tokens.size()));
155  String category = mapping.get(searchString);
156  if (StringUtils.isNotBlank(category)) {
157  return new DomainCategory(searchString, category);
158  }
159  }
160 
161  return null;
162  }
163 
164  @Override
165  public void close() throws Exception {
166  // clear out the mapping to release resources
167  mapping = null;
168  }
169 }
static void addItem(Map< String, String > mapping, String line, int lineNumber)
synchronized static Logger getLogger(String name)
Definition: Logger.java:124

Copyright © 2012-2021 Basis Technology. Generated on: Tue Jan 19 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.