Autopsy  4.7.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
DataResultFilterNode.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.directorytree;
20 
21 import java.awt.event.ActionEvent;
22 import java.beans.PropertyVetoException;
23 import java.text.MessageFormat;
24 import java.util.ArrayList;
25 import java.util.Collection;
26 import java.util.HashSet;
27 import java.util.List;
28 import java.util.logging.Level;
29 import java.util.prefs.PreferenceChangeEvent;
30 import java.util.prefs.PreferenceChangeListener;
31 import javax.swing.AbstractAction;
32 import javax.swing.Action;
33 import org.openide.explorer.ExplorerManager;
34 import org.openide.nodes.AbstractNode;
35 import org.openide.nodes.FilterNode;
36 import org.openide.nodes.Node;
37 import org.openide.nodes.Sheet;
38 import org.openide.util.NbBundle;
39 import org.openide.util.Utilities;
64 import static org.sleuthkit.autopsy.directorytree.Bundle.*;
66 import org.sleuthkit.datamodel.AbstractFile;
67 import org.sleuthkit.datamodel.BlackboardArtifact;
68 import org.sleuthkit.datamodel.BlackboardAttribute;
69 import org.sleuthkit.datamodel.Content;
70 import org.sleuthkit.datamodel.DerivedFile;
71 import org.sleuthkit.datamodel.Directory;
72 import org.sleuthkit.datamodel.File;
73 import org.sleuthkit.datamodel.LayoutFile;
74 import org.sleuthkit.datamodel.LocalFile;
75 import org.sleuthkit.datamodel.LocalDirectory;
76 import org.sleuthkit.datamodel.SlackFile;
77 import org.sleuthkit.datamodel.TskData;
78 import org.sleuthkit.datamodel.TskException;
79 import org.sleuthkit.datamodel.VirtualDirectory;
80 import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
81 import org.sleuthkit.datamodel.Report;
82 import org.sleuthkit.datamodel.TskCoreException;
83 
89 public class DataResultFilterNode extends FilterNode {
90 
91  private static final Logger LOGGER = Logger.getLogger(DataResultFilterNode.class.getName());
92 
97 
98  static {
99  UserPreferences.addChangeListener(new PreferenceChangeListener() {
100  @Override
101  public void preferenceChange(PreferenceChangeEvent evt) {
102  switch (evt.getKey()) {
104  filterKnownFromDataSources = UserPreferences.hideKnownFilesInDataSourcesTree();
105  break;
107  filterKnownFromViews = UserPreferences.hideKnownFilesInViewsTree();
108  break;
110  filterSlackFromDataSources = UserPreferences.hideSlackFilesInDataSourcesTree();
111  break;
113  filterSlackFromViews = UserPreferences.hideSlackFilesInViewsTree();
114  break;
115  }
116  }
117  });
118  }
119 
122 
123  private final ExplorerManager sourceEm;
124 
134  public DataResultFilterNode(Node node, ExplorerManager em) {
135  super(node, new DataResultFilterChildren(node, em));
136  this.sourceEm = em;
137  }
138 
152  private DataResultFilterNode(Node node, ExplorerManager em, boolean filterKnown, boolean filterSlack) {
153  super(node, new DataResultFilterChildren(node, em, filterKnown, filterSlack));
154  this.sourceEm = em;
155  }
156 
165  @Override
166  public Action[] getActions(boolean popup) {
167 
168  List<Action> actions = new ArrayList<>();
169 
170  final DisplayableItemNode originalNode = (DisplayableItemNode) this.getOriginal();
171  List<Action> accept = originalNode.accept(getActionsDIV);
172  if (accept != null) {
173  actions.addAll(accept);
174  }
175 
176  //actions.add(new IndexContentFilesAction(nodeContent, "Index"));
177  return actions.toArray(new Action[actions.size()]);
178  }
179 
186  @Override
187  public Action getPreferredAction() {
188  final Node original = this.getOriginal();
189  // Once had a org.openide.nodes.ChildFactory$WaitFilterNode passed in
190  if ((original instanceof DisplayableItemNode) == false) {
191  return null;
192  }
193 
194  final DisplayableItemNode originalNode = (DisplayableItemNode) this.getOriginal();
195  return originalNode.accept(getPreferredActionsDIV);
196  }
197 
198  @Override
199  public Node.PropertySet[] getPropertySets() {
200  Node.PropertySet[] propertySets = super.getPropertySets();
201 
202  for (int i = 0; i < propertySets.length; i++) {
203  Node.PropertySet ps = propertySets[i];
204 
205  if (ps.getName().equals(Sheet.PROPERTIES)) {
206  Sheet.Set newPs = new Sheet.Set();
207  newPs.setName(ps.getName());
208  newPs.setDisplayName(ps.getDisplayName());
209  newPs.setShortDescription(ps.getShortDescription());
210 
211  newPs.put(ps.getProperties());
212  if (newPs.remove(AbstractFsContentNode.HIDE_PARENT) != null) {
213  newPs.remove(AbstractFilePropertyType.LOCATION.toString());
214  }
215  propertySets[i] = newPs;
216  }
217  }
218 
219  return propertySets;
220  }
221 
233  @Override
234  public String getDisplayName() {
235  final Node orig = getOriginal();
236  String name = orig.getDisplayName();
237  if ((orig instanceof BlackboardArtifactNode)) {
238  name = ((BlackboardArtifactNode) orig).getSourceName();
239  }
240  return name;
241  }
242 
249  public void setChildNodeSelectionInfo(NodeSelectionInfo selectedChildNodeInfo) {
250  if (getOriginal() instanceof DisplayableItemNode) {
251  ((DisplayableItemNode) getOriginal()).setChildNodeSelectionInfo(selectedChildNodeInfo);
252  }
253  }
254 
263  if (getOriginal() instanceof DisplayableItemNode) {
264  return ((DisplayableItemNode) getOriginal()).getChildNodeSelectionInfo();
265  } else {
266  return null;
267  }
268  }
269 
275  private static class DataResultFilterChildren extends FilterNode.Children {
276 
277  private final ExplorerManager sourceEm;
278 
279  private boolean filterKnown;
280  private boolean filterSlack;
281  private boolean filterArtifacts; // display message artifacts in the DataSource subtree
282 
286  private DataResultFilterChildren(Node arg, ExplorerManager sourceEm) {
287  super(arg);
288 
289  this.filterArtifacts = false;
290  switch (SelectionContext.getSelectionContext(arg)) {
291  case DATA_SOURCES:
292  filterSlack = filterSlackFromDataSources;
293  filterKnown = filterKnownFromDataSources;
294  filterArtifacts = true;
295  break;
296  case VIEWS:
297  filterSlack = filterSlackFromViews;
298  filterKnown = filterKnownFromViews;
299  break;
300  default:
301  filterSlack = false;
302  filterKnown = false;
303  break;
304  }
305  this.sourceEm = sourceEm;
306  }
307 
308  private DataResultFilterChildren(Node arg, ExplorerManager sourceEm, boolean filterKnown, boolean filterSlack) {
309  super(arg);
310  this.filterKnown = filterKnown;
311  this.filterSlack = filterSlack;
312  this.sourceEm = sourceEm;
313  }
314 
315  @Override
316  protected Node[] createNodes(Node key) {
317  AbstractFile file = key.getLookup().lookup(AbstractFile.class);
318  if (file != null) {
319  if (filterKnown && (file.getKnown() == TskData.FileKnown.KNOWN)) {
320  // Filter out child nodes that represent known files
321  return new Node[]{};
322  }
323  if (filterSlack && file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK)) {
324  // Filter out child nodes that represent slack files
325  return new Node[]{};
326  }
327  }
328 
329  // filter out all non-message artifacts, if displaying the results from the Data Source tree
330  BlackboardArtifact art = key.getLookup().lookup(BlackboardArtifact.class);
331  if (art != null
332  && filterArtifacts
333  && art.getArtifactTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID()
334  && art.getArtifactTypeID() != BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE.getTypeID()) {
335  return new Node[]{};
336  }
337 
338  return new Node[]{new DataResultFilterNode(key, sourceEm, filterKnown, filterSlack)};
339  }
340 
341  }
342 
343  @NbBundle.Messages("DataResultFilterNode.viewSourceArtifact.text=View Source Result")
348  private static class GetPopupActionsDisplayableItemNodeVisitor extends DisplayableItemNodeVisitor.Default<List<Action>> {
349 
350  @Override
351  public List<Action> visit(BlackboardArtifactNode ban) {
352  //set up actions for artifact node based on its Content object
353  //TODO all actions need to be consolidated in single place!
354  //they should be set in individual Node subclass and using a utility to get Actions per Content sub-type
355  // TODO UPDATE: There is now a DataModelActionsFactory utility;
356 
357  List<Action> actionsList = new ArrayList<>();
358 
359  //merge predefined specific node actions if bban subclasses have their own
360  for (Action a : ban.getActions(true)) {
361  actionsList.add(a);
362  }
363  BlackboardArtifact ba = ban.getLookup().lookup(BlackboardArtifact.class);
364  final int artifactTypeID = ba.getArtifactTypeID();
365 
366  if (artifactTypeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID()
367  || artifactTypeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
368  if (ban.getLookup().lookup(AbstractFile.class) != null) {
369  // We only want the "View File in Directory" actions if we have a file...it is
370  // possible that we have a keyword hit on a Report.
371  actionsList.add(new ViewContextAction(
372  NbBundle.getMessage(this.getClass(), "DataResultFilterNode.action.viewFileInDir.text"), ban));
373  }
374  } else if (artifactTypeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT.getTypeID()) {
375  //action to go to the source artifact
376  actionsList.add(new ViewSourceArtifactAction(DataResultFilterNode_viewSourceArtifact_text(), ba));
377  // action to go to the source file of the artifact
378  actionsList.add(new ViewContextAction(
379  NbBundle.getMessage(this.getClass(), "DataResultFilterNode.action.viewSrcFileInDir.text"), ban));
380  } else {
381  // if the artifact links to another file, add an action to go to
382  // that file
383  Content c = findLinked(ban);
384  if (c != null) {
385  actionsList.add(new ViewContextAction(
386  NbBundle.getMessage(this.getClass(), "DataResultFilterNode.action.viewFileInDir.text"), c));
387  }
388  // action to go to the source file of the artifact
389  // action to go to the source file of the artifact
390  Content fileContent = ban.getLookup().lookup(AbstractFile.class);
391  if (fileContent == null) {
392  Content content = ban.getLookup().lookup(Content.class);
393  actionsList.add(new ViewContextAction("View Source Content in Directory", content));
394  } else {
395  actionsList.add(new ViewContextAction(
396  NbBundle.getMessage(this.getClass(), "DataResultFilterNode.action.viewSrcFileInDir.text"), ban));
397  }
398  }
399  Content c = ban.getLookup().lookup(File.class);
400  Node n = null;
401  boolean md5Action = false;
402  if (c != null) {
403  n = new FileNode((AbstractFile) c);
404  md5Action = true;
405  } else if ((c = ban.getLookup().lookup(Directory.class)) != null) {
406  n = new DirectoryNode((Directory) c);
407  } else if ((c = ban.getLookup().lookup(VirtualDirectory.class)) != null) {
408  n = new VirtualDirectoryNode((VirtualDirectory) c);
409  } else if ((c = ban.getLookup().lookup(LocalDirectory.class)) != null) {
410  n = new LocalDirectoryNode((LocalDirectory) c);
411  } else if ((c = ban.getLookup().lookup(LayoutFile.class)) != null) {
412  n = new LayoutFileNode((LayoutFile) c);
413  } else if ((c = ban.getLookup().lookup(LocalFile.class)) != null
414  || (c = ban.getLookup().lookup(DerivedFile.class)) != null) {
415  n = new LocalFileNode((AbstractFile) c);
416  if (FileTypeExtensions.getArchiveExtensions().contains("." + ((AbstractFile) c).getNameExtension().toLowerCase())) {
417  try {
418  if (c.getArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED).size() > 0) {
419  actionsList.add(new ExtractArchiveWithPasswordAction((AbstractFile) c));
420  }
421  } catch (TskCoreException ex) {
422  LOGGER.log(Level.WARNING, "Unable to add unzip with password action to context menus", ex);
423  }
424  }
425  } else if ((c = ban.getLookup().lookup(SlackFile.class)) != null) {
426  n = new SlackFileNode((SlackFile) c);
427  } else if ((c = ban.getLookup().lookup(Report.class)) != null) {
428  actionsList.addAll(DataModelActionsFactory.getActions(c, false));
429  }
430  if (n != null) {
431  actionsList.add(null); // creates a menu separator
432  actionsList.add(new NewWindowViewAction(
433  NbBundle.getMessage(this.getClass(), "DataResultFilterNode.action.viewInNewWin.text"), n));
434  actionsList.add(new ExternalViewerAction(
435  NbBundle.getMessage(this.getClass(), "DataResultFilterNode.action.openInExtViewer.text"), n));
436  actionsList.add(null); // creates a menu separator
437  actionsList.add(ExtractAction.getInstance());
438  if (md5Action) {
439  actionsList.add(new HashSearchAction(
440  NbBundle.getMessage(this.getClass(), "DataResultFilterNode.action.searchFilesSameMd5.text"), n));
441  }
442  actionsList.add(null); // creates a menu separator
443  actionsList.add(AddContentTagAction.getInstance());
444  actionsList.add(AddBlackboardArtifactTagAction.getInstance());
445 
446  final Collection<AbstractFile> selectedFilesList
447  = new HashSet<>(Utilities.actionsGlobalContext().lookupAll(AbstractFile.class));
448  if (selectedFilesList.size() == 1) {
449  actionsList.add(DeleteFileContentTagAction.getInstance());
450  }
451  } else {
452  // There's no specific file associated with the artifact, but
453  // we can still tag the artifact itself
454  actionsList.add(null);
455  actionsList.add(AddBlackboardArtifactTagAction.getInstance());
456  }
457 
458  final Collection<BlackboardArtifact> selectedArtifactsList
459  = new HashSet<>(Utilities.actionsGlobalContext().lookupAll(BlackboardArtifact.class));
460  if (selectedArtifactsList.size() == 1) {
462  }
463 
464  if (n != null) {
465  actionsList.addAll(ContextMenuExtensionPoint.getActions());
466  }
467 
468  return actionsList;
469  }
470 
471  @Override
472  public List<Action> visit(Reports.ReportsListNode ditem) {
473  // The base class Action is "Collapse All", inappropriate.
474  return null;
475  }
476 
477  @Override
478  public List<Action> visit(FileTypesNode fileTypes) {
479  return defaultVisit(fileTypes);
480  }
481 
482  @Override
483  protected List<Action> defaultVisit(DisplayableItemNode ditem) {
484  //preserve the default node's actions
485  List<Action> actions = new ArrayList<>();
486 
487  for (Action action : ditem.getActions(true)) {
488  actions.add(action);
489  }
490 
491  return actions;
492  }
493 
494  private Content findLinked(BlackboardArtifactNode ba) {
495  BlackboardArtifact art = ba.getLookup().lookup(BlackboardArtifact.class);
496  Content c = null;
497  try {
498  for (BlackboardAttribute attr : art.getAttributes()) {
499  if (attr.getAttributeType().getTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID()) {
500  switch (attr.getAttributeType().getValueType()) {
501  case INTEGER:
502  int i = attr.getValueInt();
503  if (i != -1) {
504  c = art.getSleuthkitCase().getContentById(i);
505  }
506  break;
507  case LONG:
508  long l = attr.getValueLong();
509  if (l != -1) {
510  c = art.getSleuthkitCase().getContentById(l);
511  }
512  break;
513  }
514  }
515  }
516  } catch (TskException ex) {
517  Logger.getLogger(this.getClass().getName()).log(Level.WARNING, "Error getting linked file", ex); //NON-NLS
518  }
519  return c;
520  }
521 
522  }
523 
524  /*
525  * Action for double-click / preferred action on nodes.
526  */
527  private class GetPreferredActionsDisplayableItemNodeVisitor extends DisplayableItemNodeVisitor.Default<AbstractAction> {
528 
529  @Override
530  public AbstractAction visit(BlackboardArtifactNode ban) {
531  BlackboardArtifact artifact = ban.getArtifact();
532  try {
533  if ((artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_EMAIL_MSG.getTypeID())
534  || (artifact.getArtifactTypeID() == ARTIFACT_TYPE.TSK_MESSAGE.getTypeID())) {
535  if (artifact.hasChildren()) {
536  return openChild(ban);
537  }
538  }
539  } catch (TskCoreException ex) {
540  LOGGER.log(Level.SEVERE, MessageFormat.format("Error getting children from blackboard artifact{0}.", artifact.getArtifactID()), ex); //NON-NLS
541  }
542  return new ViewContextAction(
543  NbBundle.getMessage(this.getClass(), "DataResultFilterNode.action.viewInDir.text"), ban);
544  }
545 
546  @Override
547  public AbstractAction visit(DirectoryNode dn) {
548  if (dn.getDisplayName().equals(DirectoryNode.DOTDOTDIR)) {
549  return openParent(dn);
550  } else if (dn.getDisplayName().equals(DirectoryNode.DOTDIR) == false) {
551  return openChild(dn);
552  } else {
553  return null;
554  }
555  }
556 
557  @Override
558  public AbstractAction visit(FileNode fn) {
559  if (fn.hasContentChildren()) {
560  return openChild(fn);
561  } else {
562  return null;
563  }
564  }
565 
566  @Override
567  public AbstractAction visit(LocalFileNode dfn) {
568  if (dfn.hasContentChildren()) {
569  return openChild(dfn);
570  } else {
571  return null;
572  }
573  }
574 
575  @Override
576  public AbstractAction visit(Reports.ReportNode reportNode) {
577  return reportNode.getPreferredAction();
578  }
579 
580  @Override
581  protected AbstractAction defaultVisit(DisplayableItemNode c) {
582  return openChild(c);
583  }
584 
585  @Override
586  public AbstractAction visit(FileTypesNode fileTypes) {
587  return openChild(fileTypes);
588  }
589 
598  private AbstractAction openChild(final AbstractNode dataModelNode) {
599  // get the current selection from the directory tree explorer manager,
600  // which is a DirectoryTreeFilterNode. One of that node's children
601  // is a DirectoryTreeFilterNode that wraps the dataModelNode. We need
602  // to set that wrapped node as the selection and root context of the
603  // directory tree explorer manager (sourceEm)
604  final Node currentSelectionInDirectoryTree = sourceEm.getSelectedNodes()[0];
605 
606  return new AbstractAction() {
607  @Override
608  public void actionPerformed(ActionEvent e) {
609  if (currentSelectionInDirectoryTree != null) {
610  // Find the filter version of the passed in dataModelNode.
611  final org.openide.nodes.Children children = currentSelectionInDirectoryTree.getChildren();
612  // This call could break if the DirectoryTree is re-implemented with lazy ChildFactory objects.
613  Node newSelection = children.findChild(dataModelNode.getName());
614 
615  /*
616  * We got null here when we were viewing a ZIP file in
617  * the Views -> Archives area and double clicking on it
618  * got to this code. It tried to find the child in the
619  * tree and didn't find it. An exception was then thrown
620  * from setting the selected node to be null.
621  */
622  if (newSelection != null) {
623  try {
624  sourceEm.setExploredContextAndSelection(newSelection, new Node[]{newSelection});
625  } catch (PropertyVetoException ex) {
626  Logger logger = Logger.getLogger(DataResultFilterNode.class.getName());
627  logger.log(Level.WARNING, "Error: can't open the selected directory.", ex); //NON-NLS
628  }
629  }
630  }
631  }
632  };
633  }
634 
643  private AbstractAction openParent(AbstractNode node) {
644  // @@@ Why do we ignore node?
645  Node[] selectedFilterNodes = sourceEm.getSelectedNodes();
646  Node selectedFilterNode = selectedFilterNodes[0];
647  final Node parentNode = selectedFilterNode.getParentNode();
648 
649  return new AbstractAction() {
650  @Override
651  public void actionPerformed(ActionEvent e) {
652  try {
653  sourceEm.setSelectedNodes(new Node[]{parentNode});
654  } catch (PropertyVetoException ex) {
655  Logger logger = Logger.getLogger(DataResultFilterNode.class.getName());
656  logger.log(Level.WARNING, "Error: can't open the parent directory.", ex); //NON-NLS
657  }
658  }
659  };
660  }
661  }
662 }
abstract< T > T accept(DisplayableItemNodeVisitor< T > visitor)
static List< Action > getActions(File file, boolean isArtifactSource)
static final DisplayableItemNodeVisitor< List< Action > > getActionsDIV
static synchronized AddBlackboardArtifactTagAction getInstance()
static synchronized DeleteFileBlackboardArtifactTagAction getInstance()
DataResultFilterChildren(Node arg, ExplorerManager sourceEm, boolean filterKnown, boolean filterSlack)
static synchronized ExtractAction getInstance()
void setChildNodeSelectionInfo(NodeSelectionInfo selectedChildNodeInfo)
static synchronized DeleteFileContentTagAction getInstance()
final DisplayableItemNodeVisitor< AbstractAction > getPreferredActionsDIV
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
static void addChangeListener(PreferenceChangeListener listener)
static synchronized AddContentTagAction getInstance()
DataResultFilterNode(Node node, ExplorerManager em, boolean filterKnown, boolean filterSlack)

Copyright © 2012-2016 Basis Technology. Generated on: Mon Jun 18 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.