19 package org.sleuthkit.autopsy.modules.interestingitems;
21 import java.io.Serializable;
22 import java.util.ArrayList;
23 import java.util.HashMap;
24 import java.util.List;
26 import java.util.UUID;
27 import java.util.regex.Pattern;
39 public final class FilesSet implements Serializable {
46 private final Map<String, Rule>
rules =
new HashMap<>();
60 public FilesSet(String name, String description,
boolean ignoreKnownFiles,
boolean ignoreUnallocatedSpace, Map<String, Rule> rules) {
61 if ((name == null) || (name.isEmpty())) {
62 throw new IllegalArgumentException(
"Interesting files set name cannot be null or empty");
65 this.description = (description != null ? description :
"");
69 this.rules.putAll(rules);
100 boolean ignoresKnownFiles() {
119 Map<String, Rule> getRules() {
120 return new HashMap<>(this.
rules);
136 if ((this.ignoreUnallocatedSpace)
143 for (Rule rule : rules.values()) {
144 if (rule.isSatisfied(file)) {
145 return rule.getName();
162 static class Rule
implements Serializable {
164 private static final long serialVersionUID = 1L;
165 private final String uuid;
166 private final String ruleName;
167 private final FileNameCondition fileNameCondition;
168 private final MetaTypeCondition metaTypeCondition;
169 private final ParentPathCondition pathCondition;
170 private final MimeTypeCondition mimeTypeCondition;
171 private final FileSizeCondition fileSizeCondition;
172 private final List<FileAttributeCondition> conditions =
new ArrayList<>();
184 Rule(String ruleName, FileNameCondition fileNameCondition, MetaTypeCondition metaTypeCondition, ParentPathCondition pathCondition, MimeTypeCondition mimeTypeCondition, FileSizeCondition fileSizeCondition) {
186 this.uuid = UUID.randomUUID().toString();
187 if (metaTypeCondition == null) {
188 throw new IllegalArgumentException(
"Interesting files set rule meta-type condition cannot be null");
191 this.ruleName = ruleName;
197 this.metaTypeCondition = metaTypeCondition;
198 this.conditions.add(this.metaTypeCondition);
200 this.fileSizeCondition = fileSizeCondition;
201 if (this.fileSizeCondition != null) {
202 this.conditions.add(this.fileSizeCondition);
205 this.fileNameCondition = fileNameCondition;
206 if (this.fileNameCondition != null) {
207 this.conditions.add(fileNameCondition);
210 this.mimeTypeCondition = mimeTypeCondition;
211 if (this.mimeTypeCondition != null) {
212 this.conditions.add(mimeTypeCondition);
215 this.pathCondition = pathCondition;
216 if (this.pathCondition != null) {
217 this.conditions.add(this.pathCondition);
235 FileNameCondition getFileNameCondition() {
236 return this.fileNameCondition;
244 MetaTypeCondition getMetaTypeCondition() {
245 return this.metaTypeCondition;
253 ParentPathCondition getPathCondition() {
254 return this.pathCondition;
264 boolean isSatisfied(AbstractFile file) {
265 for (FileAttributeCondition condition : conditions) {
266 if (!condition.passes(file)) {
277 if (fileNameCondition != null) {
278 return this.ruleName +
" (" + fileNameCondition.getTextToMatch() +
")";
279 }
else if (this.pathCondition != null) {
280 return this.ruleName +
" (" + pathCondition.getTextToMatch() +
")";
281 }
else if (this.mimeTypeCondition != null) {
282 return this.ruleName +
" (" + mimeTypeCondition.getMimeType() +
")";
283 }
else if (this.fileSizeCondition != null) {
284 return this.ruleName +
" (" + fileSizeCondition.getComparator().getSymbol() +
" " + fileSizeCondition.getSizeValue()
285 +
" " + fileSizeCondition.getUnit().getName() +
")";
287 return this.ruleName +
" ()";
295 public String getUuid() {
302 MimeTypeCondition getMimeTypeCondition() {
303 return mimeTypeCondition;
309 FileSizeCondition getFileSizeCondition() {
310 return fileSizeCondition;
317 static interface FileAttributeCondition
extends Serializable {
326 boolean passes(AbstractFile file);
332 static final class MimeTypeCondition
implements FileAttributeCondition {
334 private static final long serialVersionUID = 1L;
335 private final String mimeType;
342 MimeTypeCondition(String mimeType) {
343 this.mimeType = mimeType;
347 public boolean passes(AbstractFile file) {
348 return this.mimeType.equals(file.getMIMEType());
356 String getMimeType() {
357 return this.mimeType;
366 static final class FileSizeCondition
implements FileAttributeCondition {
368 private static final long serialVersionUID = 1L;
373 static enum COMPARATOR {
376 LESS_THAN_EQUAL(
"≤"),
379 GREATER_THAN_EQUAL(
"≥");
381 private String symbol;
383 COMPARATOR(String symbol) {
384 this.symbol = symbol;
387 public static COMPARATOR fromSymbol(String symbol) {
388 if (symbol.equals(
"<=") || symbol.equals(
"≤")) {
389 return LESS_THAN_EQUAL;
390 }
else if (symbol.equals(
"<")) {
392 }
else if (symbol.equals(
"==") || symbol.equals(
"=")) {
394 }
else if (symbol.equals(
">")) {
396 }
else if (symbol.equals(
">=") || symbol.equals(
"≥")) {
397 return GREATER_THAN_EQUAL;
399 throw new IllegalArgumentException(
"Invalid symbol");
406 public String getSymbol() {
414 static enum SIZE_UNIT {
417 KILOBYTE(1024,
"Kilobytes"),
418 MEGABYTE(1024 * 1024,
"Megabytes"),
419 GIGABYTE(1024 * 1024 * 1024,
"Gigabytes");
423 private SIZE_UNIT(
long size, String name) {
428 public long getSize() {
432 public static SIZE_UNIT fromName(String name) {
433 for (SIZE_UNIT unit : SIZE_UNIT.values()) {
434 if (unit.getName().equals(name)) {
438 throw new IllegalArgumentException(
"Invalid name for size unit.");
448 private final COMPARATOR comparator;
449 private final SIZE_UNIT unit;
450 private final int sizeValue;
452 FileSizeCondition(COMPARATOR comparator, SIZE_UNIT unit,
int sizeValue) {
453 this.comparator = comparator;
455 this.sizeValue = sizeValue;
463 COMPARATOR getComparator() {
472 SIZE_UNIT getUnit() {
486 public boolean passes(AbstractFile file) {
487 long fileSize = file.getSize();
488 long conditionSize = this.getUnit().getSize() * this.getSizeValue();
489 switch (this.getComparator()) {
491 return fileSize > conditionSize;
492 case GREATER_THAN_EQUAL:
493 return fileSize >= conditionSize;
494 case LESS_THAN_EQUAL:
495 return fileSize <= conditionSize;
497 return fileSize < conditionSize;
499 return fileSize == conditionSize;
511 static final class MetaTypeCondition
implements FileAttributeCondition {
513 private static final long serialVersionUID = 1L;
519 FILES_AND_DIRECTORIES,
523 private final Type type;
530 MetaTypeCondition(Type type) {
535 public boolean passes(AbstractFile file) {
538 return file.isFile();
540 return file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR;
541 case FILES_AND_DIRECTORIES:
542 return file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG
543 || file.getMetaType() == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR;
564 static interface TextCondition
extends FileAttributeCondition {
571 String getTextToMatch();
589 boolean textMatches(String textToMatch);
642 return this.textMatcher.
isRegex();
667 static final class ParentPathCondition
extends AbstractTextCondition {
669 private static final long serialVersionUID = 1L;
676 ParentPathCondition(String path) {
685 ParentPathCondition(Pattern path) {
690 public boolean passes(AbstractFile file) {
691 return this.textMatches(file.getParentPath() +
"/");
701 static interface FileNameCondition
extends TextCondition {
709 static final class FullNameCondition
extends AbstractTextCondition implements FileNameCondition {
711 private static final long serialVersionUID = 1L;
718 FullNameCondition(String name) {
727 FullNameCondition(Pattern name) {
732 public boolean passes(AbstractFile file) {
743 static final class ExtensionCondition
extends AbstractTextCondition implements FileNameCondition {
745 private static final long serialVersionUID = 1L;
752 ExtensionCondition(String extension) {
756 super(extension.startsWith(
".") ? extension.substring(1) : extension,
false);
765 ExtensionCondition(Pattern extension) {
770 public boolean passes(AbstractFile file) {
814 private static final long serialVersionUID = 1L;
839 return subject.equalsIgnoreCase(textToMatch);
849 private static final long serialVersionUID = 1L;
861 this.pattern = Pattern.compile(Pattern.quote(textToMatch), Pattern.CASE_INSENSITIVE);
876 return pattern.matcher(subject).find();
885 private static final long serialVersionUID = 1L;
900 return this.regex.pattern();
911 return this.regex.matcher(subject).find();
String fileIsMemberOf(AbstractFile file)
boolean textMatches(String textToMatch)
TskData.TSK_DB_FILES_TYPE_ENUM getType()
FilesSet(String name, String description, boolean ignoreKnownFiles, boolean ignoreUnallocatedSpace, Map< String, Rule > rules)
abstract boolean passes(AbstractFile file)
boolean textMatches(String subject)
boolean textMatches(String subject)
final TextMatcher textMatcher
TskData.FileKnown getKnown()
static final long serialVersionUID
final boolean ignoreUnallocatedSpace
boolean textMatches(String subject)
final boolean ignoreKnownFiles
boolean textMatches(String subject)
final Map< String, Rule > rules
boolean ingoresUnallocatedSpace()