api-docs/4.4.1/_query_results_8java_source.html

 /*

  * Autopsy Forensic Browser

  *

  * Copyright 2011-2017 Basis Technology Corp.

  * Contact: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.autopsy.keywordsearch;


 import java.util.ArrayList;

 import java.util.Collection;

 import java.util.HashMap;

 import java.util.List;

 import java.util.Map;

 import java.util.Set;

 import java.util.logging.Level;

 import java.util.stream.Collectors;

 import javax.swing.SwingWorker;

 import org.apache.commons.lang.StringUtils;

 import org.netbeans.api.progress.ProgressHandle;

 import org.netbeans.api.progress.aggregate.ProgressContributor;

 import org.openide.util.NbBundle;

 import org.sleuthkit.autopsy.casemodule.Case;

 import org.sleuthkit.autopsy.coreutils.EscapeUtil;

 import org.sleuthkit.autopsy.coreutils.Logger;

 import org.sleuthkit.autopsy.ingest.IngestMessage;

 import org.sleuthkit.autopsy.ingest.IngestServices;

 import org.sleuthkit.autopsy.ingest.ModuleDataEvent;

 import org.sleuthkit.datamodel.AbstractFile;

 import org.sleuthkit.datamodel.BlackboardArtifact;

 import org.sleuthkit.datamodel.BlackboardAttribute;

 import org.sleuthkit.datamodel.Content;

 import org.sleuthkit.datamodel.SleuthkitCase;

 import org.sleuthkit.datamodel.TskCoreException;


 class QueryResults {


     private static final Logger logger = Logger.getLogger(QueryResults.class.getName());

     private static final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();

     private final KeywordSearchQuery keywordSearchQuery;


     private final Map<Keyword, List<KeywordHit>> results = new HashMap<>();


     QueryResults(KeywordSearchQuery query) {

         this.keywordSearchQuery = query;

     }


     void addResult(Keyword keyword, List<KeywordHit> hits) {

         results.put(keyword, hits);

     }


     KeywordSearchQuery getQuery() {

         return keywordSearchQuery;

     }


     List<KeywordHit> getResults(Keyword keyword) {

         return results.get(keyword);

     }


     Set<Keyword> getKeywords() {

         return results.keySet();

     }


     Collection<BlackboardArtifact> writeAllHitsToBlackBoard(ProgressHandle progress, ProgressContributor subProgress, SwingWorker<?, ?> worker, boolean notifyInbox) {

         final Collection<BlackboardArtifact> newArtifacts = new ArrayList<>();

         if (progress != null) {

             progress.start(getKeywords().size());

         }

         int unitProgress = 0;


         for (final Keyword keyword : getKeywords()) {

             if (worker.isCancelled()) {

                 logger.log(Level.INFO, "Cancel detected, bailing before new keyword processed: {0}", keyword.getSearchTerm()); //NON-NLS

                 break;

             }


             // Update progress object(s), if any

             if (progress != null) {

                 progress.progress(keyword.toString(), unitProgress);

             }

             if (subProgress != null) {

                 String hitDisplayStr = keyword.getSearchTerm();

                 if (hitDisplayStr.length() > 50) {

                     hitDisplayStr = hitDisplayStr.substring(0, 49) + "...";

                 }

                 subProgress.progress(keywordSearchQuery.getKeywordList().getName() + ": " + hitDisplayStr, unitProgress);

             }


             for (KeywordHit hit : getOneHitPerObject(keyword)) {

                 String termString = keyword.getSearchTerm();

                 String snippet = hit.getSnippet();

                 if (StringUtils.isBlank(snippet)) {

                     final String snippetQuery = KeywordSearchUtil.escapeLuceneQuery(termString);

                     try {

                         /*

                          * this doesn't work for regex queries... But that is

                          * okay because regex queries always have snippets made

                          * from the content_str field we pull back from Solr

                          */

                         snippet = LuceneQuery.querySnippet(snippetQuery, hit.getSolrObjectId(), hit.getChunkId(), !keywordSearchQuery.isLiteral(), true);

                     } catch (NoOpenCoreException e) {

                         logger.log(Level.WARNING, "Error querying snippet: " + snippetQuery, e); //NON-NLS

                         //no reason to continue

                         break;

                     } catch (Exception e) {

                         logger.log(Level.WARNING, "Error querying snippet: " + snippetQuery, e); //NON-NLS

                         continue;

                     }

                 }

                 Content content = null;

                 try {

                     SleuthkitCase tskCase = Case.getCurrentCase().getSleuthkitCase();

                     content = tskCase.getContentById(hit.getContentID());

                 } catch (TskCoreException | IllegalStateException tskCoreException) {

                     logger.log(Level.SEVERE, "Error adding artifact for keyword hit to blackboard", tskCoreException); //NON-NLS

                     return null;

                 }

                 BlackboardArtifact writeResult = keywordSearchQuery.writeSingleFileHitsToBlackBoard(content, keyword, hit, snippet, keywordSearchQuery.getKeywordList().getName());

                 if (writeResult != null) {

                     newArtifacts.add(writeResult);

                     if (notifyInbox) {

                         try {

                             writeSingleFileInboxMessage(writeResult, content);

                         } catch (TskCoreException ex) {

                             logger.log(Level.WARNING, "Error posting message to Ingest Inbox", ex); //NON-NLS

                         }

                     }

                 } else {

                     logger.log(Level.WARNING, "BB artifact for keyword hit not written, file: {0}, hit: {1}", new Object[]{content, keyword.toString()}); //NON-NLS

                 }

             }

             ++unitProgress;

         }


         // Update artifact browser

         if (!newArtifacts.isEmpty()) {

             newArtifacts.stream()

                     //group artifacts by type

                     .collect(Collectors.groupingBy(BlackboardArtifact::getArtifactTypeID))

                     //for each type send an event

                     .forEach((typeID, artifacts)

                             -> IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, BlackboardArtifact.ARTIFACT_TYPE.fromID(typeID), artifacts)));


         }


         return newArtifacts;

     }


     private Collection<KeywordHit> getOneHitPerObject(Keyword keyword) {

         HashMap<Long, KeywordHit> hits = new HashMap<>();


         // create a list of KeywordHits. KeywordHits with lowest chunkID is added the the list.

         for (KeywordHit hit : getResults(keyword)) {

             if (!hits.containsKey(hit.getSolrObjectId())) {

                 hits.put(hit.getSolrObjectId(), hit);

             } else if (hit.getChunkId() < hits.get(hit.getSolrObjectId()).getChunkId()) {

                 hits.put(hit.getSolrObjectId(), hit);

             }

         }

         return hits.values();

     }


     private void writeSingleFileInboxMessage(BlackboardArtifact artifact, Content hitContent) throws TskCoreException {

         StringBuilder subjectSb = new StringBuilder();

         StringBuilder detailsSb = new StringBuilder();


         if (!keywordSearchQuery.isLiteral()) {

             subjectSb.append(NbBundle.getMessage(this.getClass(), "KeywordSearchIngestModule.regExpHitLbl"));

         } else {

             subjectSb.append(NbBundle.getMessage(this.getClass(), "KeywordSearchIngestModule.kwHitLbl"));

         }


         String uniqueKey = null;

         BlackboardAttribute attr = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD));

         if (attr != null) {

             final String keyword = attr.getValueString();

             subjectSb.append(keyword);

             uniqueKey = keyword.toLowerCase();

             //details

             detailsSb.append("<table border='0' cellpadding='4' width='280'>"); //NON-NLS

             //hit

             detailsSb.append("<tr>"); //NON-NLS

             detailsSb.append(NbBundle.getMessage(this.getClass(), "KeywordSearchIngestModule.kwHitThLbl"));

             detailsSb.append("<td>").append(EscapeUtil.escapeHtml(keyword)).append("</td>"); //NON-NLS

             detailsSb.append("</tr>"); //NON-NLS

         }


         //preview

         attr = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW));

         if (attr != null) {

             detailsSb.append("<tr>"); //NON-NLS

             detailsSb.append(NbBundle.getMessage(this.getClass(), "KeywordSearchIngestModule.previewThLbl"));

             detailsSb.append("<td>").append(EscapeUtil.escapeHtml(attr.getValueString())).append("</td>"); //NON-NLS

             detailsSb.append("</tr>"); //NON-NLS

         }


         //file

         detailsSb.append("<tr>"); //NON-NLS

         detailsSb.append(NbBundle.getMessage(this.getClass(), "KeywordSearchIngestModule.fileThLbl"));

         if (hitContent instanceof AbstractFile) {

             AbstractFile hitFile = (AbstractFile) hitContent;

             detailsSb.append("<td>").append(hitFile.getParentPath()).append(hitFile.getName()).append("</td>"); //NON-NLS

         } else {

             detailsSb.append("<td>").append(hitContent.getName()).append("</td>"); //NON-NLS

         }

         detailsSb.append("</tr>"); //NON-NLS


         //list

         attr = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME));

         if (attr != null) {

             detailsSb.append("<tr>"); //NON-NLS

             detailsSb.append(NbBundle.getMessage(this.getClass(), "KeywordSearchIngestModule.listThLbl"));

             detailsSb.append("<td>").append(attr.getValueString()).append("</td>"); //NON-NLS

             detailsSb.append("</tr>"); //NON-NLS

         }


         //regex

         if (!keywordSearchQuery.isLiteral()) {

             attr = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP));

             if (attr != null) {

                 detailsSb.append("<tr>"); //NON-NLS

                 detailsSb.append(NbBundle.getMessage(this.getClass(), "KeywordSearchIngestModule.regExThLbl"));

                 detailsSb.append("<td>").append(attr.getValueString()).append("</td>"); //NON-NLS

                 detailsSb.append("</tr>"); //NON-NLS

             }

         }


         detailsSb.append("</table>"); //NON-NLS


         IngestServices.getInstance().postMessage(IngestMessage.createDataMessage(MODULE_NAME, subjectSb.toString(), detailsSb.toString(), uniqueKey, artifact));

     }

 }

org.sleuthkit

org.sleuthkit.autopsy.casemodule.Case
Definition: Case.java:119

org.sleuthkit.autopsy.coreutils.EscapeUtil
Definition: EscapeUtil.java:30

org

org.sleuthkit.autopsy.casemodule
Definition: AddImageAction.java:19

org.sleuthkit.autopsy.ingest.ModuleDataEvent
Definition: ModuleDataEvent.java:49

org.sleuthkit.autopsy.coreutils
Definition: AutopsyExceptionHandler.java:19

org.sleuthkit.autopsy.coreutils.Logger
Definition: Logger.java:36

org.sleuthkit.autopsy.ingest
Definition: DataSourceIngestCancellationPanel.java:19

org.sleuthkit.autopsy.ingest.IngestMessage
Definition: IngestMessage.java:32

org.sleuthkit.autopsy.ingest.IngestServices
Definition: IngestServices.java:32

org.sleuthkit.autopsy