Autopsy  4.4
Graphical digital forensics platform for The Sleuth Kit and other tools.
ObservableResult.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2013 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.stix;
20 
21 import java.util.List;
22 import java.util.ArrayList;
23 
24 import org.mitre.cybox.cybox_2.OperatorTypeEnum;
25 
29 class ObservableResult {
30 
31  public enum ObservableState {
32 
33  TRUE("true "), //NON-NLS
34  FALSE("false "), //NON-NLS
35  INDETERMINATE("indeterminate"); //NON-NLS
36 
37  private final String label;
38 
39  private ObservableState(String s) {
40  label = s;
41  }
42 
43  @Override
44  public String toString() {
45  return label;
46  }
47  }
48 
49  private ObservableState state = null;
50  private String description = "";
51  private List<StixArtifactData> artifacts;
52 
53  public ObservableResult(String a_id, String a_desc, String a_spacing,
54  ObservableState a_state, List<StixArtifactData> a_artifacts) {
55  state = a_state;
56  description = a_spacing + a_id + "\t" + a_state + "\t" + a_desc + "\r\n";
57  artifacts = a_artifacts;
58  }
59 
60  public ObservableResult(OperatorTypeEnum a_operator, String a_spacing) {
61  state = ObservableState.INDETERMINATE;
62  description = a_spacing + a_operator + "\r\n";
63  artifacts = new ArrayList<StixArtifactData>();
64  }
65 
66  public ObservableState getState() {
67  return state;
68  }
69 
78  public boolean isTrue() {
79  return (state == ObservableState.TRUE);
80  }
81 
90  public boolean isFalse() {
91  return (state == ObservableState.FALSE);
92  }
93 
94  public String getDescription() {
95  return description;
96  }
97 
98  public List<StixArtifactData> getArtifacts() {
99  return artifacts;
100  }
101 
108  public void addResult(ObservableResult a_result, OperatorTypeEnum a_operator) {
109  addResult(a_result.getDescription(), a_result.getState(),
110  a_result.getArtifacts(), a_operator);
111  }
112 
121  private void addResult(String a_description, ObservableState a_state,
122  List<StixArtifactData> a_artifacts, OperatorTypeEnum a_operator) {
123 
124  addToDesc(a_description);
125 
126  if (a_operator == OperatorTypeEnum.AND) {
127 
128  if (a_state == ObservableState.FALSE) {
129  // If we now have a false, the whole thing is false regardless of previous state.
130  // Clear out any existing artifacts.
131  state = ObservableState.FALSE;
132  artifacts.clear();
133  } else if (a_state == ObservableState.INDETERMINATE) {
134  // Don't change the current state, and don't save the new artifacts
135  // (though there probably wouldn't be any)
136  } else {
137  if (state == ObservableState.FALSE) {
138  // Previous state false + new state true => stay false
139  } else if (state == ObservableState.TRUE) {
140  // Previous state true + new state true => stay true and add artifacts
141  if ((artifacts == null) && (a_artifacts != null)) {
142  artifacts = new ArrayList<StixArtifactData>();
143  }
144  if (a_artifacts != null) {
145  artifacts.addAll(a_artifacts);
146  }
147  } else {
148  // If the previous state was indeterminate, change it to true and add artifacts
149  state = ObservableState.TRUE;
150  if ((artifacts == null) && (a_artifacts != null)) {
151  artifacts = new ArrayList<StixArtifactData>();
152  }
153  if (a_artifacts != null) {
154  artifacts.addAll(a_artifacts);
155  }
156  }
157  }
158  } else {
159  if (a_state == ObservableState.TRUE) {
160  // If we now have a true, the whole thing is true regardless of previous state.
161  // Add the new artifacts.
162  state = ObservableState.TRUE;
163  if ((artifacts == null) && (a_artifacts != null)) {
164  artifacts = new ArrayList<StixArtifactData>();
165  }
166  if (a_artifacts != null) {
167  artifacts.addAll(a_artifacts);
168  }
169  } else if (a_state == ObservableState.INDETERMINATE) {
170  // Don't change the current state and don't record it to the
171  // description string (later we should save these in some way)
172  } else {
173  if (state == ObservableState.FALSE) {
174  // Previous state false + new state false => stay false
175  } else if (state == ObservableState.TRUE) {
176  // Previous state true + new state false => stay true
177  } else {
178  // Previous state indeterminate + new state false => change to false
179  state = ObservableState.FALSE;
180  }
181  }
182  }
183 
184  }
185 
192  private void addToDesc(String a_desc) {
193  if (description == null) {
194  description = a_desc;
195  } else {
196  description += a_desc;
197  }
198  }
199 }

Copyright © 2012-2016 Basis Technology. Generated on: Tue Jun 13 2017
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.