api-docs/4.2/_interesting_item_defs_manager_8java_source.html

 /*

  * Autopsy Forensic Browser

  *

  * Copyright 2014 Basis Technology Corp.

  * Contact: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.autopsy.modules.interestingitems;


 import java.io.File;

 import java.io.FileInputStream;

 import java.io.FileOutputStream;

 import java.io.IOException;

 import java.util.ArrayList;

 import java.util.Arrays;

 import java.util.Collections;

 import java.util.HashMap;

 import java.util.List;

 import java.util.Map;

 import java.util.Observable;

 import java.util.logging.Level;

 import java.util.regex.Pattern;

 import java.util.regex.PatternSyntaxException;

 import org.openide.util.io.NbObjectInputStream;

 import org.openide.util.io.NbObjectOutputStream;

 import org.sleuthkit.autopsy.coreutils.Logger;

 import org.sleuthkit.autopsy.coreutils.PlatformUtil;

 import org.sleuthkit.autopsy.coreutils.XMLUtil;

 import org.w3c.dom.Document;

 import org.w3c.dom.Element;

 import org.w3c.dom.NodeList;


 final class InterestingItemDefsManager extends Observable {


     private static final List<String> ILLEGAL_FILE_NAME_CHARS = Collections.unmodifiableList(new ArrayList<>(Arrays.asList("\\", "/", ":", "*", "?", "\"", "<", ">")));

     private static final List<String> ILLEGAL_FILE_PATH_CHARS = Collections.unmodifiableList(new ArrayList<>(Arrays.asList("\\", ":", "*", "?", "\"", "<", ">")));

     private static final String LEGACY_FILES_SET_DEFS_FILE_NAME = "InterestingFilesSetDefs.xml"; //NON-NLS

     private static final String INTERESTING_FILES_SET_DEFS_SERIALIZATION_NAME = "InterestingFileSets.settings";

     private static final String INTERESTING_FILES_SET_DEFS_SERIALIZATION_PATH = PlatformUtil.getUserConfigDirectory() + File.separator + INTERESTING_FILES_SET_DEFS_SERIALIZATION_NAME;

     private static final String LEGACY_FILE_SET_DEFS_PATH = PlatformUtil.getUserConfigDirectory() + File.separator + LEGACY_FILES_SET_DEFS_FILE_NAME;

     private static InterestingItemDefsManager instance;


     synchronized static InterestingItemDefsManager getInstance() {

         if (instance == null) {

             instance = new InterestingItemDefsManager();

         }

         return instance;

     }


     static List<String> getIllegalFileNameChars() {

         return InterestingItemDefsManager.ILLEGAL_FILE_NAME_CHARS;

     }


     static List<String> getIllegalFilePathChars() {

         return InterestingItemDefsManager.ILLEGAL_FILE_PATH_CHARS;

     }


     synchronized Map<String, FilesSet> getInterestingFilesSets() throws InterestingItemDefsManagerException {

         return FilesSetXML.readDefinitionsFile(LEGACY_FILE_SET_DEFS_PATH);

     }


     synchronized void setInterestingFilesSets(Map<String, FilesSet> filesSets) throws InterestingItemDefsManagerException {

         FilesSetXML.writeDefinitionsFile(INTERESTING_FILES_SET_DEFS_SERIALIZATION_PATH, filesSets);

         this.setChanged();

         this.notifyObservers();

     }


     private final static class FilesSetXML {


         private static final Logger logger = Logger.getLogger(FilesSetXML.class.getName());

         private static final String XML_ENCODING = "UTF-8"; //NON-NLS

         private static final List<String> illegalFileNameChars = InterestingItemDefsManager.getIllegalFileNameChars();


         // The following tags and attributes are identical to those used in the

         // TSK Framework interesting files set definitions file schema.

         private static final String FILE_SETS_ROOT_TAG = "INTERESTING_FILE_SETS"; //NON-NLS

         private static final String FILE_SET_TAG = "INTERESTING_FILE_SET"; //NON-NLS

         private static final String NAME_RULE_TAG = "NAME"; //NON-NLS

         private static final String EXTENSION_RULE_TAG = "EXTENSION"; //NON-NLS

         private static final String NAME_ATTR = "name"; //NON-NLS

         private static final String RULE_UUID_ATTR = "ruleUUID"; //NON-NLS

         private static final String DESC_ATTR = "description"; //NON-NLS

         private static final String IGNORE_KNOWN_FILES_ATTR = "ignoreKnown"; //NON-NLS

         private static final String TYPE_FILTER_ATTR = "typeFilter"; //NON-NLS

         private static final String PATH_FILTER_ATTR = "pathFilter"; //NON-NLS

         private static final String TYPE_FILTER_VALUE_FILES = "file"; //NON-NLS

         private static final String TYPE_FILTER_VALUE_DIRS = "dir"; //NON-NLS


         private static final String REGEX_ATTR = "regex"; //NON-NLS

         private static final String PATH_REGEX_ATTR = "pathRegex"; //NON-NLS

         private static final String TYPE_FILTER_VALUE_FILES_AND_DIRS = "files_and_dirs"; //NON-NLS

         private static final String UNNAMED_LEGACY_RULE_PREFIX = "Unnamed Rule "; // NON-NLS

         private static int unnamedLegacyRuleCounter;


         // Note: This method takes a file path to support the possibility of

         // multiple intersting files set definition files, e.g., one for

         // definitions that ship with Autopsy and one for user definitions.

         static Map<String, FilesSet> readDefinitionsFile(String filePath) throws InterestingItemDefsManagerException {

             Map<String, FilesSet> filesSets = readSerializedDefinitions();


             if (!filesSets.isEmpty()) {

                 return filesSets;

             }

             // Check if the legacy xml file exists.

             File defsFile = new File(filePath);

             if (!defsFile.exists()) {

                 return filesSets;

             }


             // Check if the file can be read.

             if (!defsFile.canRead()) {

                 logger.log(Level.SEVERE, "Interesting file sets definition file at {0} exists, but cannot be read", filePath); // NON-NLS

                 return filesSets;

             }


             // Parse the XML in the file.

             Document doc = XMLUtil.loadDoc(FilesSetXML.class, filePath);

             if (doc == null) {

                 logger.log(Level.SEVERE, "Failed to parse interesting file sets definition file at {0}", filePath); // NON-NLS

                 return filesSets;

             }


             // Get the root element.

             Element root = doc.getDocumentElement();

             if (root == null) {

                 logger.log(Level.SEVERE, "Failed to get root {0} element tag of interesting file sets definition file at {1}", new Object[]{FilesSetXML.FILE_SETS_ROOT_TAG, filePath}); // NON-NLS

                 return filesSets;

             }


             // Read in the files set definitions.

             NodeList setElems = root.getElementsByTagName(FILE_SET_TAG);

             for (int i = 0; i < setElems.getLength(); ++i) {

                 readFilesSet((Element) setElems.item(i), filesSets, filePath);

             }

             return filesSets;

         }


         private static Map<String, FilesSet> readSerializedDefinitions() throws InterestingItemDefsManagerException {

             String filePath = INTERESTING_FILES_SET_DEFS_SERIALIZATION_PATH;

             File fileSetFile = new File(filePath);

             if (fileSetFile.exists()) {

                 try {

                     try (NbObjectInputStream in = new NbObjectInputStream(new FileInputStream(filePath))) {

                         InterestingItemsFilesSetSettings filesSetsSettings = (InterestingItemsFilesSetSettings) in.readObject();

                         return filesSetsSettings.getFilesSets();

                     }

                 } catch (IOException | ClassNotFoundException ex) {

                     throw new InterestingItemDefsManagerException(String.format("Failed to read settings from %s", filePath), ex);

                 }

             } else {

                 return new HashMap<String, FilesSet>();

             }

         }


         private static void readFilesSet(Element setElem, Map<String, FilesSet> filesSets, String filePath) {

             // The file set must have a unique name.

             String setName = setElem.getAttribute(FilesSetXML.NAME_ATTR);

             if (setName.isEmpty()) {

                 logger.log(Level.SEVERE, "Found {0} element without required {1} attribute, ignoring malformed file set definition in interesting file sets definition file at {2}", new Object[]{FilesSetXML.FILE_SET_TAG, FilesSetXML.NAME_ATTR, filePath}); // NON-NLS

                 return;

             }

             if (filesSets.containsKey(setName)) {

                 logger.log(Level.SEVERE, "Found duplicate definition of set named {0} in interesting file sets definition file at {1}, discarding duplicate set", new Object[]{setName, filePath}); // NON-NLS

                 return;

             }


             // The file set may have a description. The empty string is o.k.

             String description = setElem.getAttribute(FilesSetXML.DESC_ATTR);


             // The file set may or may not ignore known files. The default behavior

             // is to not ignore them.

             String ignoreKnown = setElem.getAttribute(FilesSetXML.IGNORE_KNOWN_FILES_ATTR);

             boolean ignoreKnownFiles = false;

             if (!ignoreKnown.isEmpty()) {

                 ignoreKnownFiles = Boolean.parseBoolean(ignoreKnown);

             }


             // Read file name set membership rules, if any.

             FilesSetXML.unnamedLegacyRuleCounter = 1;

             Map<String, FilesSet.Rule> rules = new HashMap<>();

             NodeList nameRuleElems = setElem.getElementsByTagName(FilesSetXML.NAME_RULE_TAG);

             for (int j = 0; j < nameRuleElems.getLength(); ++j) {

                 Element elem = (Element) nameRuleElems.item(j);

                 FilesSet.Rule rule = FilesSetXML.readFileNameRule(elem);

                 if (rule != null) {

                     if (!rules.containsKey(rule.getUuid())) {

                         rules.put(rule.getUuid(), rule);

                     } else {

                         logger.log(Level.SEVERE, "Found duplicate rule {0} for set named {1} in interesting file sets definition file at {2}, discarding malformed set", new Object[]{rule.getUuid(), setName, filePath}); // NON-NLS

                         return;

                     }

                 } else {

                     logger.log(Level.SEVERE, "Found malformed rule for set named {0} in interesting file sets definition file at {1}, discarding malformed set", new Object[]{setName, filePath}); // NON-NLS

                     return;

                 }

             }


             // Read file extension set membership rules, if any.

             NodeList extRuleElems = setElem.getElementsByTagName(FilesSetXML.EXTENSION_RULE_TAG);

             for (int j = 0; j < extRuleElems.getLength(); ++j) {

                 Element elem = (Element) extRuleElems.item(j);

                 FilesSet.Rule rule = FilesSetXML.readFileExtensionRule(elem);

                 if (rule != null) {

                     if (!rules.containsKey(rule.getUuid())) {

                         rules.put(rule.getUuid(), rule);

                     } else {

                         logger.log(Level.SEVERE, "Found duplicate rule {0} for set named {1} in interesting file sets definition file at {2}, discarding malformed set", new Object[]{rule.getUuid(), setName, filePath}); //NOI18N NON-NLS

                         return;

                     }

                 } else {

                     logger.log(Level.SEVERE, "Found malformed rule for set named {0} in interesting file sets definition file at {1}, discarding malformed set", new Object[]{setName, filePath}); //NOI18N NON-NLS

                     return;

                 }

             }


             // Make the files set. Note that degenerate sets with no rules are

             // allowed to facilitate the separation of set definition and rule

             // definitions. A set without rules is simply the empty set.

             FilesSet set = new FilesSet(setName, description, ignoreKnownFiles, rules);

             filesSets.put(set.getName(), set);

         }


         private static FilesSet.Rule readFileNameRule(Element elem) {

             String ruleName = FilesSetXML.readRuleName(elem);


             // The content of the rule tag is a file name condition. It may be a

             // regex, or it may be from a TSK Framework rule definition with a

             // "*" globbing char, or it may be simple text.

             String content = elem.getTextContent();

             FilesSet.Rule.FullNameCondition nameCondition;

             String regex = elem.getAttribute(FilesSetXML.REGEX_ATTR);

             if ((!regex.isEmpty() && regex.equalsIgnoreCase("true")) || content.contains("*")) { // NON-NLS

                 Pattern pattern = compileRegex(content);

                 if (pattern != null) {

                     nameCondition = new FilesSet.Rule.FullNameCondition(pattern);

                 } else {

                     logger.log(Level.SEVERE, "Error compiling " + FilesSetXML.NAME_RULE_TAG + " regex, ignoring malformed '{0}' rule definition", ruleName); // NON-NLS

                     return null;

                 }

             } else {

                 for (String illegalChar : illegalFileNameChars) {

                     if (content.contains(illegalChar)) {

                         logger.log(Level.SEVERE, FilesSetXML.NAME_RULE_TAG + " content has illegal chars, ignoring malformed '{0}' rule definition", new Object[]{FilesSetXML.NAME_RULE_TAG, ruleName}); // NON-NLS

                         return null;

                     }

                 }

                 nameCondition = new FilesSet.Rule.FullNameCondition(content);

             }


             // Read in the type condition.

             FilesSet.Rule.MetaTypeCondition metaTypeCondition = FilesSetXML.readMetaTypeCondition(elem);

             if (metaTypeCondition == null) {

                 // Malformed attribute.

                 return null;

             }


             // Read in the optional path condition. Null is o.k., but if the attribute

             // is there, be sure it is not malformed.

             FilesSet.Rule.ParentPathCondition pathCondition = null;

             if (!elem.getAttribute(FilesSetXML.PATH_FILTER_ATTR).isEmpty()

                     || !elem.getAttribute(FilesSetXML.PATH_REGEX_ATTR).isEmpty()) {

                 pathCondition = FilesSetXML.readPathCondition(elem);

                 if (pathCondition == null) {

                     // Malformed attribute.

                     return null;

                 }

             }


             return new FilesSet.Rule(ruleName, nameCondition, metaTypeCondition, pathCondition, null, null);

         }


         private static FilesSet.Rule readFileExtensionRule(Element elem) {

             String ruleName = FilesSetXML.readRuleName(elem);


             // The content of the rule tag is a file name extension condition. It may

             // be a regex, or it may be from a TSK Framework rule definition

             // with a "*" globbing char.

             String content = elem.getTextContent();

             FilesSet.Rule.ExtensionCondition extCondition;

             String regex = elem.getAttribute(FilesSetXML.REGEX_ATTR);

             if ((!regex.isEmpty() && regex.equalsIgnoreCase("true")) || content.contains("*")) { // NON-NLS

                 Pattern pattern = compileRegex(content);

                 if (pattern != null) {

                     extCondition = new FilesSet.Rule.ExtensionCondition(pattern);

                 } else {

                     logger.log(Level.SEVERE, "Error compiling " + FilesSetXML.EXTENSION_RULE_TAG + " regex, ignoring malformed {0} rule definition", ruleName); // NON-NLS

                     return null;

                 }

             } else {

                 for (String illegalChar : illegalFileNameChars) {

                     if (content.contains(illegalChar)) {

                         logger.log(Level.SEVERE, "{0} content has illegal chars, ignoring malformed {1} rule definition", ruleName); // NON-NLS

                         return null;

                     }

                 }

                 extCondition = new FilesSet.Rule.ExtensionCondition(content);

             }


             // The rule must have a meta-type condition, unless a TSK Framework

             // definitions file is being read.

             FilesSet.Rule.MetaTypeCondition metaTypeCondition = null;

             if (!elem.getAttribute(FilesSetXML.TYPE_FILTER_ATTR).isEmpty()) {

                 metaTypeCondition = FilesSetXML.readMetaTypeCondition(elem);

                 if (metaTypeCondition == null) {

                     // Malformed attribute.

                     return null;

                 }

             } else {

                 metaTypeCondition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES);

             }


             // The rule may have a path condition. Null is o.k., but if the attribute

             // is there, it must not be malformed.

             FilesSet.Rule.ParentPathCondition pathCondition = null;

             if (!elem.getAttribute(FilesSetXML.PATH_FILTER_ATTR).isEmpty()

                     || !elem.getAttribute(FilesSetXML.PATH_REGEX_ATTR).isEmpty()) {

                 pathCondition = FilesSetXML.readPathCondition(elem);

                 if (pathCondition == null) {

                     // Malformed attribute.

                     return null;

                 }

             }


             return new FilesSet.Rule(ruleName, extCondition, metaTypeCondition, pathCondition, null, null);

         }


         private static String readRuleName(Element elem) {

             // The rule must have a name.

             String ruleName = elem.getAttribute(FilesSetXML.NAME_ATTR);

             return ruleName;

         }


         private static Pattern compileRegex(String regex) {

             try {

                 return Pattern.compile(regex);

             } catch (PatternSyntaxException ex) {

                 logger.log(Level.SEVERE, "Error compiling rule regex: " + ex.getMessage(), ex); // NON-NLS

                 return null;

             }

         }


         private static FilesSet.Rule.MetaTypeCondition readMetaTypeCondition(Element ruleElement) {

             FilesSet.Rule.MetaTypeCondition condition = null;

             String conditionAttribute = ruleElement.getAttribute(FilesSetXML.TYPE_FILTER_ATTR);

             if (!conditionAttribute.isEmpty()) {

                 switch (conditionAttribute) {

                     case FilesSetXML.TYPE_FILTER_VALUE_FILES:

                         condition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES);

                         break;

                     case FilesSetXML.TYPE_FILTER_VALUE_DIRS:

                         condition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.DIRECTORIES);

                         break;

                     case FilesSetXML.TYPE_FILTER_VALUE_FILES_AND_DIRS:

                         condition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES_AND_DIRECTORIES);

                         break;

                     default:

                         logger.log(Level.SEVERE, "Found {0} " + FilesSetXML.TYPE_FILTER_ATTR + " attribute with unrecognized value ''{0}'', ignoring malformed rule definition", conditionAttribute); // NON-NLS

                         break;

                 }

             } else {

                 // Accept TSK Framework interesting files set definitions,

                 // default to files.

                 condition = new FilesSet.Rule.MetaTypeCondition(FilesSet.Rule.MetaTypeCondition.Type.FILES);

             }

             return condition;

         }


         private static FilesSet.Rule.ParentPathCondition readPathCondition(Element ruleElement) {

             FilesSet.Rule.ParentPathCondition condition = null;

             String path = ruleElement.getAttribute(FilesSetXML.PATH_FILTER_ATTR);

             String pathRegex = ruleElement.getAttribute(FilesSetXML.PATH_REGEX_ATTR);

             if (!pathRegex.isEmpty() && path.isEmpty()) {

                 try {

                     Pattern pattern = Pattern.compile(pathRegex);

                     condition = new FilesSet.Rule.ParentPathCondition(pattern);

                 } catch (PatternSyntaxException ex) {

                     logger.log(Level.SEVERE, "Error compiling " + FilesSetXML.PATH_REGEX_ATTR + " regex, ignoring malformed path condition definition", ex); // NON-NLS

                 }

             } else if (!path.isEmpty() && pathRegex.isEmpty()) {

                 condition = new FilesSet.Rule.ParentPathCondition(path);

             }

             return condition;

         }


         // Note: This method takes a file path to support the possibility of

         // multiple intersting files set definition files, e.g., one for

         // definitions that ship with Autopsy and one for user definitions.

         static boolean writeDefinitionsFile(String filePath, Map<String, FilesSet> interestingFilesSets) throws InterestingItemDefsManagerException {

             try (NbObjectOutputStream out = new NbObjectOutputStream(new FileOutputStream(filePath))) {

                 out.writeObject(new InterestingItemsFilesSetSettings(interestingFilesSets));

             } catch (IOException ex) {

                 throw new InterestingItemDefsManagerException(String.format("Failed to write settings to %s", filePath), ex);

             }

             return true;

         }

     }


     static class InterestingItemDefsManagerException extends Exception {


         InterestingItemDefsManagerException() {


         }


         InterestingItemDefsManagerException(String message) {

             super(message);

         }


         InterestingItemDefsManagerException(String message, Throwable cause) {

             super(message, cause);

         }


         InterestingItemDefsManagerException(Throwable cause) {

             super(cause);

         }

     }


 }

org.sleuthkit

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.compileRegex
static Pattern compileRegex(String regex)
Definition: InterestingItemDefsManager.java:435

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.IGNORE_KNOWN_FILES_ATTR
static final String IGNORE_KNOWN_FILES_ATTR
Definition: InterestingItemDefsManager.java:131

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.TYPE_FILTER_VALUE_FILES
static final String TYPE_FILTER_VALUE_FILES
Definition: InterestingItemDefsManager.java:134

org.sleuthkit.autopsy.coreutils.XMLUtil.loadDoc
static< T > Document loadDoc(Class< T > clazz, String xmlPath)
Definition: XMLUtil.java:228

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.unnamedLegacyRuleCounter
static int unnamedLegacyRuleCounter
Definition: InterestingItemDefsManager.java:141

org

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.TYPE_FILTER_VALUE_DIRS
static final String TYPE_FILTER_VALUE_DIRS
Definition: InterestingItemDefsManager.java:135

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readRuleName
static String readRuleName(Element elem)
Definition: InterestingItemDefsManager.java:422

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.TYPE_FILTER_ATTR
static final String TYPE_FILTER_ATTR
Definition: InterestingItemDefsManager.java:132

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.logger
static final Logger logger
Definition: InterestingItemDefsManager.java:118

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.DESC_ATTR
static final String DESC_ATTR
Definition: InterestingItemDefsManager.java:130

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileExtensionRule
static FilesSet.Rule readFileExtensionRule(Element elem)
Definition: InterestingItemDefsManager.java:360

org.sleuthkit.autopsy.coreutils
Definition: AutopsyExceptionHandler.java:19

org.sleuthkit.autopsy.coreutils.Logger
Definition: Logger.java:36

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readMetaTypeCondition
static FilesSet.Rule.MetaTypeCondition readMetaTypeCondition(Element ruleElement)
Definition: InterestingItemDefsManager.java:453

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.NAME_ATTR
static final String NAME_ATTR
Definition: InterestingItemDefsManager.java:128

org.sleuthkit.autopsy.coreutils.PlatformUtil
Definition: PlatformUtil.java:51

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.PATH_REGEX_ATTR
static final String PATH_REGEX_ATTR
Definition: InterestingItemDefsManager.java:138

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.XML_ENCODING
static final String XML_ENCODING
Definition: InterestingItemDefsManager.java:119

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readSerializedDefinitions
static Map< String, FilesSet > readSerializedDefinitions()
Definition: InterestingItemDefsManager.java:201

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML
Definition: InterestingItemDefsManager.java:116

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.TYPE_FILTER_VALUE_FILES_AND_DIRS
static final String TYPE_FILTER_VALUE_FILES_AND_DIRS
Definition: InterestingItemDefsManager.java:139

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.REGEX_ATTR
static final String REGEX_ATTR
Definition: InterestingItemDefsManager.java:137

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFileNameRule
static FilesSet.Rule readFileNameRule(Element elem)
Definition: InterestingItemDefsManager.java:302

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readFilesSet
static void readFilesSet(Element setElem, Map< String, FilesSet > filesSets, String filePath)
Definition: InterestingItemDefsManager.java:225

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.PATH_FILTER_ATTR
static final String PATH_FILTER_ATTR
Definition: InterestingItemDefsManager.java:133

org.sleuthkit.autopsy.coreutils.XMLUtil
Definition: XMLUtil.java:56

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.FILE_SETS_ROOT_TAG
static final String FILE_SETS_ROOT_TAG
Definition: InterestingItemDefsManager.java:124

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.EXTENSION_RULE_TAG
static final String EXTENSION_RULE_TAG
Definition: InterestingItemDefsManager.java:127

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.FILE_SET_TAG
static final String FILE_SET_TAG
Definition: InterestingItemDefsManager.java:125

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.illegalFileNameChars
static final List< String > illegalFileNameChars
Definition: InterestingItemDefsManager.java:120

org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:161

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.NAME_RULE_TAG
static final String NAME_RULE_TAG
Definition: InterestingItemDefsManager.java:126

org.sleuthkit.autopsy

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.readPathCondition
static FilesSet.Rule.ParentPathCondition readPathCondition(Element ruleElement)
Definition: InterestingItemDefsManager.java:487

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.UNNAMED_LEGACY_RULE_PREFIX
static final String UNNAMED_LEGACY_RULE_PREFIX
Definition: InterestingItemDefsManager.java:140

org.sleuthkit.autopsy.modules.interestingitems.InterestingItemDefsManager.FilesSetXML.RULE_UUID_ATTR
static final String RULE_UUID_ATTR
Definition: InterestingItemDefsManager.java:129