Autopsy  4.6.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
InterestingItemsFilesSetSettings.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.interestingitems;
20 
21 import java.io.File;
22 import java.io.FileInputStream;
23 import java.io.FileOutputStream;
24 import java.io.IOException;
25 import java.io.Serializable;
26 import java.nio.file.Path;
27 import java.nio.file.Paths;
28 import java.util.HashMap;
29 import java.util.List;
30 import java.util.Map;
31 import java.util.logging.Level;
32 import java.util.regex.Pattern;
33 import java.util.regex.PatternSyntaxException;
34 import javax.xml.parsers.DocumentBuilder;
35 import javax.xml.parsers.DocumentBuilderFactory;
36 import javax.xml.parsers.ParserConfigurationException;
37 import org.openide.util.io.NbObjectInputStream;
38 import org.openide.util.io.NbObjectOutputStream;
48 import org.w3c.dom.Document;
49 import org.w3c.dom.Element;
50 import org.w3c.dom.NodeList;
51 
52 class InterestingItemsFilesSetSettings implements Serializable {
53 
54  private static final long serialVersionUID = 1L;
55  // The following tags and attributes are identical to those used in the
56  // TSK Framework FilesSet definitions file schema.
57  private static final String FILE_SETS_ROOT_TAG = "INTERESTING_FILE_SETS"; //NON-NLS
58  private static final String DESC_ATTR = "description"; //NON-NLS
59  private static final String IGNORE_KNOWN_FILES_ATTR = "ignoreKnown"; //NON-NLS
60  private static final String PATH_REGEX_ATTR = "pathRegex"; //NON-NLS
61  private static final String TYPE_FILTER_VALUE_ALL = "all";
62  private static final String TYPE_FILTER_VALUE_FILES_AND_DIRS = "files_and_dirs"; //NON-NLS
63  private static final String IGNORE_UNALLOCATED_SPACE = "ingoreUnallocated"; //NON-NLS
64  private static final String PATH_FILTER_ATTR = "pathFilter"; //NON-NLS
65  private static final String TYPE_FILTER_VALUE_DIRS = "dir"; //NON-NLS
66  private static final String REGEX_ATTR = "regex"; //NON-NLS
67  private static final List<String> illegalFileNameChars = FilesSetsManager.getIllegalFileNameChars();
68  private static final String FILE_SET_TAG = "INTERESTING_FILE_SET"; //NON-NLS
69  private static final String NAME_RULE_TAG = "NAME"; //NON-NLS
70  private static final String NAME_ATTR = "name"; //NON-NLS
71  private static final String DAYS_INCLUDED_ATTR = "daysIncluded";
72  private static final String MIME_ATTR = "mimeType";
73  private static final String FS_COMPARATOR_ATTR = "comparatorSymbol";
74  private static final String FS_SIZE_ATTR = "sizeValue";
75  private static final String FS_UNITS_ATTR = "sizeUnits";
76  private static final String TYPE_FILTER_VALUE_FILES = "file"; //NON-NLS
77  private static final String XML_ENCODING = "UTF-8"; //NON-NLS
78  private static final Logger logger = Logger.getLogger(InterestingItemsFilesSetSettings.class.getName());
79  private static final String TYPE_FILTER_ATTR = "typeFilter"; //NON-NLS
80  private static final String EXTENSION_RULE_TAG = "EXTENSION"; //NON-NLS
81 
82  private Map<String, FilesSet> filesSets;
83 
84  InterestingItemsFilesSetSettings(Map<String, FilesSet> filesSets) {
85  this.filesSets = filesSets;
86  }
87 
91  Map<String, FilesSet> getFilesSets() {
92  return filesSets;
93  }
94 
102  private static String readRuleName(Element elem) {
103  // The rule must have a name.
104  String ruleName = elem.getAttribute(NAME_ATTR);
105  return ruleName;
106  }
107 
116  private static Map<String, FilesSet> readSerializedDefinitions(String serialFileName) throws FilesSetsManager.FilesSetsManagerException {
117  Path filePath = Paths.get(PlatformUtil.getUserConfigDirectory(), serialFileName);
118  File fileSetFile = filePath.toFile();
119  String filePathStr = filePath.toString();
120  if (fileSetFile.exists()) {
121  try {
122  try (final NbObjectInputStream in = new NbObjectInputStream(new FileInputStream(filePathStr))) {
123  InterestingItemsFilesSetSettings filesSetsSettings = (InterestingItemsFilesSetSettings) in.readObject();
124  return filesSetsSettings.getFilesSets();
125  }
126  } catch (IOException | ClassNotFoundException ex) {
127  throw new FilesSetsManager.FilesSetsManagerException(String.format("Failed to read settings from %s", filePathStr), ex);
128  }
129  } else {
130  return new HashMap<>();
131  }
132  }
133 
145  private static ParentPathCondition readPathCondition(Element ruleElement) throws FilesSetsManager.FilesSetsManagerException {
146  // Read in the optional path condition. Null is o.k., but if the attribute
147  // is there, be sure it is not malformed.
148  ParentPathCondition pathCondition = null;
149  if (!ruleElement.getAttribute(PATH_FILTER_ATTR).isEmpty() || !ruleElement.getAttribute(PATH_REGEX_ATTR).isEmpty()) {
150  String path = ruleElement.getAttribute(PATH_FILTER_ATTR);
151  String pathRegex = ruleElement.getAttribute(PATH_REGEX_ATTR);
152  if (!pathRegex.isEmpty() && path.isEmpty()) {
153  try {
154  Pattern pattern = Pattern.compile(pathRegex);
155  pathCondition = new ParentPathCondition(pattern);
156  } catch (PatternSyntaxException ex) {
157  logger.log(Level.SEVERE, "Error compiling " + PATH_REGEX_ATTR + " regex, ignoring malformed path condition definition", ex); // NON-NLS
158  throw new FilesSetsManager.FilesSetsManagerException(String.format("error compiling %s regex", PATH_REGEX_ATTR), ex);
159  }
160  } else if (!path.isEmpty() && pathRegex.isEmpty()) {
161  pathCondition = new ParentPathCondition(path);
162  }
163  if (pathCondition == null) {
164  // Malformed attribute.
165  throw new FilesSetsManager.FilesSetsManagerException(String.format("Error creating path condition for rule %s", readRuleName(ruleElement)));
166  }
167  }
168  return pathCondition;
169  }
170 
182  private static DateCondition readDateCondition(Element ruleElement) throws FilesSetsManager.FilesSetsManagerException {
183  // Read in the optional path condition. Null is o.k., but if the attribute
184  // is there, be sure it is not malformed.
185  DateCondition dateCondition = null;
186  if (!ruleElement.getAttribute(DAYS_INCLUDED_ATTR).isEmpty()) {
187  String daysIncluded = ruleElement.getAttribute(DAYS_INCLUDED_ATTR);
188  if (!daysIncluded.isEmpty()) {
189  try {
190  dateCondition = new DateCondition(Integer.parseInt(daysIncluded));
191  } catch (NumberFormatException ex) {
192  logger.log(Level.SEVERE, "Error creating condition for " + daysIncluded + ", ignoring malformed date condition definition", ex); // NON-NLS
193  throw new FilesSetsManager.FilesSetsManagerException(String.format("error compiling %s regex", DAYS_INCLUDED_ATTR), ex);
194  }
195  }
196  }
197  return dateCondition;
198  }
199 
207  private static Pattern compileRegex(String regex) {
208  try {
209  return Pattern.compile(regex);
210  } catch (PatternSyntaxException ex) {
211  logger.log(Level.SEVERE, "Error compiling rule regex: " + ex.getMessage(), ex); // NON-NLS
212  return null;
213  }
214  }
215 
228  private static FilesSet.Rule readRule(Element elem) throws FilesSetsManager.FilesSetsManagerException {
229  String ruleName = readRuleName(elem);
230  FileNameCondition nameCondition = readNameCondition(elem);
231  MetaTypeCondition metaCondition = readMetaTypeCondition(elem);
232  ParentPathCondition pathCondition = readPathCondition(elem);
233  MimeTypeCondition mimeCondition = readMimeCondition(elem);
234  FileSizeCondition sizeCondition = readSizeCondition(elem);
235  DateCondition dateCondition = readDateCondition(elem); //if meta type condition or all four types of conditions the user can create are all null then don't make the rule
236  if (metaCondition == null || (nameCondition == null && pathCondition == null && mimeCondition == null && sizeCondition == null && dateCondition == null)) {
237  logger.log(Level.WARNING, "Error Reading Rule, " + ruleName + " was either missing a meta condition or contained only a meta condition. No rule was imported."); // NON-NLS
238  throw new FilesSetsManager.FilesSetsManagerException(String.format("Invalid Rule in FilesSet xml, missing necessary conditions for %s", ruleName));
239  }
240  return new FilesSet.Rule(ruleName, nameCondition, metaCondition, pathCondition, mimeCondition, sizeCondition, dateCondition);
241  }
242 
254  private static FileNameCondition readNameCondition(Element elem) throws FilesSetsManager.FilesSetsManagerException {
255  FileNameCondition nameCondition = null;
256  String content = elem.getTextContent();
257  String regex = elem.getAttribute(REGEX_ATTR);
258  if (content != null && !content.isEmpty()) { //if there isn't content this is not a valid name condition
259  if ((!regex.isEmpty() && regex.equalsIgnoreCase("true")) || content.contains("*")) { // NON-NLS
260  Pattern pattern = compileRegex(content);
261  if (pattern != null) {
262  if (elem.getTagName().equals(NAME_RULE_TAG)) {
263  nameCondition = new FilesSet.Rule.FullNameCondition(pattern);
264  } else if (elem.getTagName().equals(EXTENSION_RULE_TAG)) {
265  nameCondition = new FilesSet.Rule.ExtensionCondition(pattern);
266  } else {
267  throw new FilesSetsManager.FilesSetsManagerException(String.format("Name condition has invalid tag name of %s for rule %s", elem.getTagName(), readRuleName(elem)));
268  }
269  } else {
270  logger.log(Level.SEVERE, "Error compiling " + elem.getTagName() + " regex, ignoring malformed '{0}' rule definition", readRuleName(elem)); // NON-NLS
271  throw new FilesSetsManager.FilesSetsManagerException(String.format("error compiling %s regex in rule %s", REGEX_ATTR, readRuleName(elem)));
272  }
273  } else {
274  for (String illegalChar : illegalFileNameChars) {
275  if (content.contains(illegalChar)) {
276  logger.log(Level.SEVERE, elem.getTagName() + " content has illegal chars, ignoring malformed '{0}' rule definition", new Object[]{elem.getTagName(), readRuleName(elem)}); // NON-NLS
277  throw new FilesSetsManager.FilesSetsManagerException(String.format("File name has illegal character of %s in rule %s", illegalChar, readRuleName(elem)));
278  }
279  }
280  if (elem.getTagName().equals(NAME_RULE_TAG)) {
281  nameCondition = new FilesSet.Rule.FullNameCondition(content);
282  } else if (elem.getTagName().equals(EXTENSION_RULE_TAG)) {
283  nameCondition = new FilesSet.Rule.ExtensionCondition(content);
284  }
285  }
286  }
287  return nameCondition;
288  }
289 
298  private static MimeTypeCondition readMimeCondition(Element elem) {
299  MimeTypeCondition mimeCondition = null;
300  if (!elem.getAttribute(MIME_ATTR).isEmpty()) {
301  mimeCondition = new MimeTypeCondition(elem.getAttribute(MIME_ATTR));
302  //no checks on mime type here which means
303  //if they import a rule with a custom MIME type they don't have
304  //the rule will not get any hits
305  }
306  return mimeCondition;
307  }
308 
320  private static FileSizeCondition readSizeCondition(Element elem) throws FilesSetsManager.FilesSetsManagerException {
321  FileSizeCondition sizeCondition = null;
322  if (!elem.getAttribute(FS_COMPARATOR_ATTR).isEmpty() && !elem.getAttribute(FS_SIZE_ATTR).isEmpty() && !elem.getAttribute(FS_UNITS_ATTR).isEmpty()) {
323  try { //incase they modified the xml manually to invalid comparator, size unit, or non integer string for size
324  FileSizeCondition.COMPARATOR comparator = FileSizeCondition.COMPARATOR.fromSymbol(elem.getAttribute(FS_COMPARATOR_ATTR));
325  FileSizeCondition.SIZE_UNIT sizeUnit = FileSizeCondition.SIZE_UNIT.fromName(elem.getAttribute(FS_UNITS_ATTR));
326  int size = Integer.parseInt(elem.getAttribute(FS_SIZE_ATTR));
327  sizeCondition = new FileSizeCondition(comparator, sizeUnit, size);
328  } catch (NumberFormatException nfEx) {
329  logger.log(Level.SEVERE, "Value in file size attribute was not an integer, unable to create FileSizeCondition for rule: " + readRuleName(elem), nfEx);
330  throw new FilesSetsManager.FilesSetsManagerException(String.format("Non integer size in FilesSet XML for rule %s", readRuleName(elem)), nfEx);
331  } catch (IllegalArgumentException iaEx) {
332  logger.log(Level.SEVERE, "Invalid Comparator symbol or Size Unit set in FilesSet xml, unable to create FileSizeCondition for rule: " + readRuleName(elem), iaEx);
333  throw new FilesSetsManager.FilesSetsManagerException(String.format("Invalid Comparator or Size unit in FilesSet XML for rule %s", readRuleName(elem)), iaEx);
334  }
335  } //if all of them aren't populated but some of them are this is a malformed xml
336  else if (!elem.getAttribute(FS_COMPARATOR_ATTR).isEmpty() || !elem.getAttribute(FS_SIZE_ATTR).isEmpty() || !elem.getAttribute(FS_UNITS_ATTR).isEmpty()) {
337  logger.log(Level.SEVERE, "Invalid Comparator symbol or Size Unit set in FilesSet xml, unable to create FileSizeCondition for rule: " + readRuleName(elem));
338  throw new FilesSetsManager.FilesSetsManagerException(String.format("XML malformed missing at least one fileSize attribute for rule %s", readRuleName(elem)));
339  }
340  return sizeCondition;
341  }
342 
353  private static void readFilesSet(Element setElem, Map<String, FilesSet> filesSets, String filePath) throws FilesSetsManager.FilesSetsManagerException {
354  // The file set must have a unique name.
355  String setName = setElem.getAttribute(NAME_ATTR);
356  if (setName.isEmpty()) {
357  logger.log(Level.SEVERE, "Found {0} element without required {1} attribute, ignoring malformed file set definition in FilesSet definition file at {2}", new Object[]{FILE_SET_TAG, NAME_ATTR, filePath}); // NON-NLS
358  return;
359  }
360  if (filesSets.containsKey(setName)) {
361  logger.log(Level.SEVERE, "Found duplicate definition of set named {0} in FilesSet definition file at {1}, discarding duplicate set", new Object[]{setName, filePath}); // NON-NLS
362  return;
363  }
364  // The file set may have a description. The empty string is o.k.
365  String description = setElem.getAttribute(DESC_ATTR);
366  // The file set may or may not ignore known files. The default behavior
367  // is to not ignore them.
368  String ignoreKnown = setElem.getAttribute(IGNORE_KNOWN_FILES_ATTR);
369  boolean ignoreKnownFiles = false;
370  if (!ignoreKnown.isEmpty()) {
371  ignoreKnownFiles = Boolean.parseBoolean(ignoreKnown);
372  }
373  // The file set may or may not skip unallocated space. The default behavior
374  // is not to skip it.
375  String ignoreUnallocated = setElem.getAttribute(IGNORE_UNALLOCATED_SPACE);
376  boolean ignoreUnallocatedSpace = false;
377  if (!ignoreUnallocated.isEmpty()) {
378  ignoreUnallocatedSpace = Boolean.parseBoolean(ignoreUnallocated);
379  }
380  // Read the set membership rules, if any.
381  Map<String, FilesSet.Rule> rules = new HashMap<>();
382  NodeList allRuleElems = setElem.getChildNodes();
383  for (int j = 0; j < allRuleElems.getLength(); ++j) {
384  if (allRuleElems.item(j) instanceof Element) { //All the children we need to parse here are elements
385  Element elem = (Element) allRuleElems.item(j);
386  FilesSet.Rule rule = readRule(elem);
387  if (rule != null) {
388  if (!rules.containsKey(rule.getUuid())) {
389  rules.put(rule.getUuid(), rule);
390  } else {
391  logger.log(Level.SEVERE, "Found duplicate rule {0} for set named {1} in FilesSet definition file at {2}, discarding malformed set", new Object[]{rule.getUuid(), setName, filePath}); // NON-NLS
392  return;
393  }
394  } else {
395  logger.log(Level.SEVERE, "Found malformed rule for set named {0} in FilesSet definition file at {1}, discarding malformed set", new Object[]{setName, filePath}); // NON-NLS
396  return;
397  }
398  }
399  }
400  // Make the files set. Note that degenerate sets with no rules are
401  // allowed to facilitate the separation of set definition and rule
402  // definitions. A set without rules is simply the empty set.
403  FilesSet set = new FilesSet(setName, description, ignoreKnownFiles, ignoreUnallocatedSpace, rules);
404  filesSets.put(set.getName(), set);
405  }
406  // Note: This method takes a file path to support the possibility of
407  // multiple intersting files set definition files, e.g., one for
408  // definitions that ship with Autopsy and one for user definitions.
409 
422  static Map<String, FilesSet> readDefinitionsFile(String fileName, String legacyFileName) throws FilesSetsManager.FilesSetsManagerException {
423  Map<String, FilesSet> filesSets = readSerializedDefinitions(fileName);
424  if (!filesSets.isEmpty()) {
425  return filesSets;
426  }
427  // Check if the legacy xml file exists.
428  if (!legacyFileName.isEmpty()) {
429  return readDefinitionsXML(Paths.get(PlatformUtil.getUserConfigDirectory(), legacyFileName).toFile());
430  }
431  return filesSets;
432  }
433 
447  static Map<String, FilesSet> readDefinitionsXML(File xmlFile) throws FilesSetsManager.FilesSetsManagerException {
448  Map<String, FilesSet> filesSets = new HashMap<>();
449  if (!xmlFile.exists()) {
450  return filesSets;
451  }
452  // Check if the file can be read.
453  if (!xmlFile.canRead()) {
454  logger.log(Level.SEVERE, "FilesSet definition file at {0} exists, but cannot be read", xmlFile.getPath()); // NON-NLS
455  return filesSets;
456  }
457  // Parse the XML in the file.
458  Document doc = XMLUtil.loadDoc(InterestingItemsFilesSetSettings.class, xmlFile.getPath());
459  if (doc == null) {
460  logger.log(Level.SEVERE, "FilesSet definition file at {0}", xmlFile.getPath()); // NON-NLS
461  return filesSets;
462  }
463  // Get the root element.
464  Element root = doc.getDocumentElement();
465  if (root == null) {
466  logger.log(Level.SEVERE, "Failed to get root {0} element tag of FilesSet definition file at {1}", new Object[]{FILE_SETS_ROOT_TAG, xmlFile.getPath()}); // NON-NLS
467  return filesSets;
468  }
469  // Read in the files set definitions.
470  NodeList setElems = root.getElementsByTagName(FILE_SET_TAG);
471  for (int i = 0; i < setElems.getLength(); ++i) {
472  readFilesSet((Element) setElems.item(i), filesSets, xmlFile.getPath());
473  }
474  return filesSets;
475  }
476 
477  // Note: This method takes a file path to support the possibility of
478  // multiple intersting files set definition files, e.g., one for
479  // definitions that ship with Autopsy and one for user definitions.
487  static boolean writeDefinitionsFile(String fileName, Map<String, FilesSet> interestingFilesSets) throws FilesSetsManager.FilesSetsManagerException {
488  try (final NbObjectOutputStream out = new NbObjectOutputStream(new FileOutputStream(Paths.get(PlatformUtil.getUserConfigDirectory(), fileName).toString()))) {
489  out.writeObject(new InterestingItemsFilesSetSettings(interestingFilesSets));
490  } catch (IOException ex) {
491  throw new FilesSetsManager.FilesSetsManagerException(String.format("Failed to write settings to %s", fileName), ex);
492  }
493  return true;
494  }
495 
505  static boolean exportXmlDefinitionsFile(File xmlFile, List<FilesSet> interestingFilesSets) {
506  DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
507  try {
508  // Create the new XML document.
509  DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
510  Document doc = docBuilder.newDocument();
511  Element rootElement = doc.createElement(FILE_SETS_ROOT_TAG);
512  doc.appendChild(rootElement);
513  // Add the interesting files sets to the document.
514  for (FilesSet set : interestingFilesSets) {
515  // Add the files set element and its attributes.
516  Element setElement = doc.createElement(FILE_SET_TAG);
517  setElement.setAttribute(NAME_ATTR, set.getName());
518  setElement.setAttribute(DESC_ATTR, set.getDescription());
519  setElement.setAttribute(IGNORE_KNOWN_FILES_ATTR, Boolean.toString(set.ignoresKnownFiles()));
520  // Add the child elements for the set membership rules.
521  // All conditions of a rule will be written as a single element in the xml
522  for (FilesSet.Rule rule : set.getRules().values()) {
523  // Add a rule element with the appropriate name Condition
524  // type tag.
525  Element ruleElement;
526 
527  FileNameCondition nameCondition = rule.getFileNameCondition();
528  //The element type is just being used as another attribute for
529  //the name condition in legacy xmls.
530  //For rules which don't contain a name condition it doesn't matter
531  //what type of element it is
532  if (nameCondition instanceof FilesSet.Rule.FullNameCondition) {
533  ruleElement = doc.createElement(NAME_RULE_TAG);
534  } else {
535  ruleElement = doc.createElement(EXTENSION_RULE_TAG);
536  }
537  // Add the optional rule name attribute.
538  ruleElement.setAttribute(NAME_ATTR, rule.getName());
539  if (nameCondition != null) {
540  // Add the name Condition regex attribute
541  ruleElement.setAttribute(REGEX_ATTR, Boolean.toString(nameCondition.isRegex()));
542  // Add the name Condition text as the rule element content.
543  ruleElement.setTextContent(nameCondition.getTextToMatch());
544  }
545  // Add the type Condition attribute.
546  MetaTypeCondition typeCondition = rule.getMetaTypeCondition();
547  switch (typeCondition.getMetaType()) {
548  case FILES:
549  ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_FILES);
550  break;
551  case DIRECTORIES:
552  ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_DIRS);
553  break;
554  default:
555  ruleElement.setAttribute(TYPE_FILTER_ATTR, TYPE_FILTER_VALUE_ALL);
556  break;
557  }
558  // Add the optional path Condition.
559  ParentPathCondition pathCondition = rule.getPathCondition();
560  if (pathCondition != null) {
561  if (pathCondition.isRegex()) {
562  ruleElement.setAttribute(PATH_REGEX_ATTR, pathCondition.getTextToMatch());
563  } else {
564  ruleElement.setAttribute(PATH_FILTER_ATTR, pathCondition.getTextToMatch());
565  }
566  }
567  //Add the optional MIME type condition
568  MimeTypeCondition mimeCondition = rule.getMimeTypeCondition();
569  if (mimeCondition != null) {
570  ruleElement.setAttribute(MIME_ATTR, mimeCondition.getMimeType());
571  }
572  //Add the optional file size condition
573  FileSizeCondition sizeCondition = rule.getFileSizeCondition();
574  if (sizeCondition != null) {
575  ruleElement.setAttribute(FS_COMPARATOR_ATTR, sizeCondition.getComparator().getSymbol());
576  ruleElement.setAttribute(FS_SIZE_ATTR, Integer.toString(sizeCondition.getSizeValue()));
577  ruleElement.setAttribute(FS_UNITS_ATTR, sizeCondition.getUnit().getName());
578  }
579 
580  //Add the optional date condition
581  DateCondition dateCondition = rule.getDateCondition();
582  if (dateCondition != null) {
583  ruleElement.setAttribute(DAYS_INCLUDED_ATTR, Integer.toString(dateCondition.getDaysIncluded()));
584  }
585 
586  setElement.appendChild(ruleElement);
587  }
588  rootElement.appendChild(setElement);
589  }
590  // Overwrite the previous definitions file. Note that the utility
591  // method logs an error on failure.
592  return XMLUtil.saveDoc(InterestingItemsFilesSetSettings.class, xmlFile.getPath(), XML_ENCODING, doc);
593  } catch (ParserConfigurationException ex) {
594  logger.log(Level.SEVERE, "Error writing interesting files definition file to " + xmlFile.getPath(), ex); // NON-NLS
595  return false;
596  }
597  }
598 
610  private static MetaTypeCondition readMetaTypeCondition(Element ruleElement) throws FilesSetsManager.FilesSetsManagerException {
611  MetaTypeCondition metaCondition = null;
612  // The rule must have a meta-type condition, unless a TSK Framework
613  // definitions file is being read.
614  if (!ruleElement.getAttribute(TYPE_FILTER_ATTR).isEmpty()) {
615  String conditionAttribute = ruleElement.getAttribute(TYPE_FILTER_ATTR);
616  if (!conditionAttribute.isEmpty()) {
617  switch (conditionAttribute) {
618  case TYPE_FILTER_VALUE_FILES:
619  metaCondition = new MetaTypeCondition(MetaTypeCondition.Type.FILES);
620  break;
621  case TYPE_FILTER_VALUE_DIRS:
622  metaCondition = new MetaTypeCondition(MetaTypeCondition.Type.DIRECTORIES);
623  break;
624  case TYPE_FILTER_VALUE_ALL:
625  case TYPE_FILTER_VALUE_FILES_AND_DIRS: //converts legacy xmls to current metaCondition terms
626  metaCondition = new MetaTypeCondition(MetaTypeCondition.Type.ALL);
627  break;
628  default:
629  logger.log(Level.SEVERE, "Found {0} " + TYPE_FILTER_ATTR + " attribute with unrecognized value ''{0}'', ignoring malformed rule definition", conditionAttribute); // NON-NLS
630  // Malformed attribute.
631  throw new FilesSetsManager.FilesSetsManagerException(String.format("Malformed XML for Metatype condition, %s, in rule %s", conditionAttribute, readRuleName(ruleElement)));
632  }
633  }
634  }
635  if (metaCondition == null) {
636  // Accept TSK Framework FilesSet definitions,
637  // default to files.
638  metaCondition = new MetaTypeCondition(MetaTypeCondition.Type.FILES);
639  }
640  return metaCondition;
641  }
642 }

Copyright © 2012-2016 Basis Technology. Generated on: Mon May 7 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.