diff --git a/Core/build.xml b/Core/build.xml
index 9d989820f559dd1f1eecd04575ba9d7c1f56c9d2..deb035b6099ad3f12f05e50725a6f8b4ee05abe4 100644
--- a/Core/build.xml
+++ b/Core/build.xml
@@ -134,10 +134,10 @@
<property environment="env"/>
<copy file="${env.TSK_HOME}/bindings/java/dist/sleuthkit-${TSK_VERSION}.jar"
tofile="${ext.dir}/sleuthkit-${TSK_VERSION}.jar"/>
- <copy file="${env.TSK_HOME}/bindings/java/lib/sqlite-jdbc-3.25.2.jar"
- tofile="${ext.dir}/sqlite-jdbc-3.25.2.jar"/>
- <copy file="${env.TSK_HOME}/bindings/java/lib/postgresql-42.2.18.jar"
- tofile="${ext.dir}/postgresql-42.2.18.jar"/>
+ <copy file="${env.TSK_HOME}/bindings/java/lib/sqlite-jdbc-3.36.0.3.jar"
+ tofile="${ext.dir}/sqlite-jdbc-3.36.0.3.jar"/>
+ <copy file="${env.TSK_HOME}/bindings/java/lib/postgresql-42.3.5.jar"
+ tofile="${ext.dir}/postgresql-42.3.5.jar"/>
<copy file="${env.TSK_HOME}/bindings/java/lib/c3p0-0.9.5.5.jar"
tofile="${ext.dir}/c3p0-0.9.5.5.jar"/>
<copy file="${env.TSK_HOME}/bindings/java/lib/mchange-commons-java-0.2.20.jar"
diff --git a/Core/nbproject/project.properties b/Core/nbproject/project.properties
index 8622056d37c102ec3dc9ab70cd97a50931ae80ad..732315b01ee070d7d20c2a490720fff52d9dae72 100644
--- a/Core/nbproject/project.properties
+++ b/Core/nbproject/project.properties
@@ -60,7 +60,7 @@ file.reference.netty-transport-native-epoll-4.1.73.Final.jar=release/modules/ext
file.reference.netty-transport-native-unix-common-4.1.73.Final.jar=release/modules/ext/netty-transport-native-unix-common-4.1.73.Final.jar
file.reference.okhttp-2.7.5.jar=release/modules/ext/okhttp-2.7.5.jar
file.reference.okio-1.6.0.jar=release/modules/ext/okio-1.6.0.jar
-file.reference.postgresql-42.2.18.jar=release/modules/ext/postgresql-42.2.18.jar
+file.reference.postgresql-42.3.5.jar=release/modules/ext/postgresql-42.3.5.jar
file.reference.Rejistry-1.1-SNAPSHOT.jar=release/modules/ext/Rejistry-1.1-SNAPSHOT.jar
file.reference.sevenzipjbinding-AllPlatforms.jar=release/modules/ext/sevenzipjbinding-AllPlatforms.jar
file.reference.sevenzipjbinding.jar=release/modules/ext/sevenzipjbinding.jar
@@ -69,7 +69,7 @@ file.reference.sleuthkit-caseuco-4.11.1.jar=release/modules/ext/sleuthkit-caseuc
file.reference.snakeyaml-1.30.jar=release/modules/ext/snakeyaml-1.30.jar
file.reference.SparseBitSet-1.1.jar=release/modules/ext/SparseBitSet-1.1.jar
file.reference.spotbugs-annotations-4.6.0.jar=release/modules/ext/spotbugs-annotations-4.6.0.jar
-file.reference.sqlite-jdbc-3.25.2.jar=release/modules/ext/sqlite-jdbc-3.25.2.jar
+file.reference.sqlite-jdbc-3.36.0.3.jar=release/modules/ext/sqlite-jdbc-3.36.0.3.jar
file.reference.xmpcore-6.1.11.jar=release/modules/ext/xmpcore-6.1.11.jar
file.reference.YaraJNIWrapper.jar=release/modules/ext/YaraJNIWrapper.jar
file.reference.zookeeper-3.8.0.jar=release/modules/ext/zookeeper-3.8.0.jar
diff --git a/Core/nbproject/project.xml b/Core/nbproject/project.xml
index a78165956f469e16c8eefff50ec30eb47fc9fd30..b5caa9e98011b60c638ee9b587f23bdd74da051a 100644
--- a/Core/nbproject/project.xml
+++ b/Core/nbproject/project.xml
@@ -338,9 +338,11 @@
<package>org.sleuthkit.autopsy.modules.encryptiondetection</package>
<package>org.sleuthkit.autopsy.modules.filetypeid</package>
<package>org.sleuthkit.autopsy.modules.hashdatabase</package>
+ <package>org.sleuthkit.autopsy.modules.interestingitems</package>
<package>org.sleuthkit.autopsy.modules.vmextractor</package>
<package>org.sleuthkit.autopsy.progress</package>
<package>org.sleuthkit.autopsy.report</package>
+ <package>org.sleuthkit.autopsy.testutils</package>
<package>org.sleuthkit.autopsy.textextractors</package>
<package>org.sleuthkit.autopsy.textextractors.configs</package>
<package>org.sleuthkit.autopsy.textsummarizer</package>
@@ -595,8 +597,8 @@
<binary-origin>release/modules/ext/okio-1.6.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/postgresql-42.2.18.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/postgresql-42.2.18.jar</binary-origin>
+ <runtime-relative-path>ext/postgresql-42.3.5.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/postgresql-42.3.5.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/Rejistry-1.1-SNAPSHOT.jar</runtime-relative-path>
@@ -631,8 +633,8 @@
<binary-origin>release/modules/ext/spotbugs-annotations-4.6.0.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/sqlite-jdbc-3.25.2.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/sqlite-jdbc-3.25.2.jar</binary-origin>
+ <runtime-relative-path>ext/sqlite-jdbc-3.36.0.3.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/sqlite-jdbc-3.36.0.3.jar</binary-origin>
</class-path-extension>
<class-path-extension>
<runtime-relative-path>ext/xmpcore-6.1.11.jar</runtime-relative-path>
diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java
index cf099075ed3e6480118a83c6ef1131eddba9320b..cb96c4793cf53213aadaaef4160c6ab26a5e4314 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbManager.java
@@ -1050,7 +1050,7 @@ public enum Event {
*
* @throws TskCoreException
*/
- abstract boolean isValid() throws TskCoreException;
+ public abstract boolean isValid() throws TskCoreException;
public abstract String getIndexPath() throws TskCoreException;
@@ -1301,7 +1301,7 @@ public HashHitInfo lookupMD5(Content content) throws TskCoreException {
* @throws TskCoreException
*/
@Override
- boolean isValid() throws TskCoreException {
+ public boolean isValid() throws TskCoreException {
return hasIndex();
}
@@ -1646,7 +1646,7 @@ public HashHitInfo lookupMD5(Content content) throws TskCoreException {
* @return true if is valid, false otherwise
*/
@Override
- boolean isValid() {
+ public boolean isValid() {
if (!CentralRepository.isEnabled()) {
return false;
}
diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties
index d8b379b23da1c95d1a70b78524a5fd22819d5349..a83d6bc4677375603d204f9458d7c926f3e3d89e 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties
@@ -84,3 +84,6 @@ FilesSetDefsPanel.ruleLabel.text=Rule Details
FilesSetDefsPanel.pathLabel.text=Path Substring:
FilesSetDefsPanel.mimeTypeLabel.text=MIME Type:
FilesSetDefsPanel.fileSizeLabel.text=File Size:
+FilesSetRulePanel.ruleTypeLabel.text=Rule Type:
+FilesSetRulePanel.inclusiveRuleTypeRadio.text=Include - files matching this rule will be included in results
+FilesSetRulePanel.exclusiveRuleTypeRadio.text=Exclude - files matching this rule will be excluded from results
diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties-MERGED
index 6fb258f01448cea6cab385a9080d896219fbe149..e0dd7ce62289c4e8d4444e628c3c7f2eadbf9e2c 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties-MERGED
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties-MERGED
@@ -1,3 +1,4 @@
+FileSet_fileIsMemberOf_noInclusiveRules_ruleName=Not Excluded
FilesIdentifierIngestJobSettingsPanel.getError=Error getting interesting files sets from settings file.
FilesIdentifierIngestJobSettingsPanel.updateError=Error updating interesting files sets settings file.
FilesIdentifierIngestModule.getFilesError=Error getting interesting files sets from file.
@@ -179,6 +180,9 @@ FilesSetDefsPanel.ruleLabel.text=Rule Details
FilesSetDefsPanel.pathLabel.text=Path Substring:
FilesSetDefsPanel.mimeTypeLabel.text=MIME Type:
FilesSetDefsPanel.fileSizeLabel.text=File Size:
+FilesSetRulePanel.ruleTypeLabel.text=Rule Type:
+FilesSetRulePanel.inclusiveRuleTypeRadio.text=Include - files matching this rule will be included in results
+FilesSetRulePanel.exclusiveRuleTypeRadio.text=Exclude - files matching this rule will be excluded from results
# {0} - filesSetName
StandardInterestingFileSetsLoader.customSuffixed={0} (Custom)
StandardInterestingFilesSetsLoader_cannotLoadStandard=Unable to properly read standard interesting files sets.
diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle_ja.properties b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle_ja.properties
index 6c61d90e3b315ffe2671f41c54430f883f8b1cf3..318ea118eaf80c8d4fd1615d0889046a6249241f 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle_ja.properties
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/Bundle_ja.properties
@@ -158,3 +158,6 @@ StandardInterestingFileSetsLoader.customSuffixed={0}\uff08\u30ab\u30b9\u30bf\u30
StandardInterestingFilesSetsLoader_cannotLoadStandard=\u6a19\u6e96\u306e\u8208\u5473\u6df1\u3044\u30d5\u30a1\u30a4\u30eb\u30bb\u30c3\u30c8\u3092\u6b63\u3057\u304f\u8aad\u307f\u53d6\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u305b\u3093\u3002
StandardInterestingFilesSetsLoader_cannotLoadUserConfigured=\u30e6\u30fc\u30b6\u30fc\u304c\u8a2d\u5b9a\u3057\u305f\u8208\u5473\u6df1\u3044\u30d5\u30a1\u30a4\u30eb\u30bb\u30c3\u30c8\u3092\u6b63\u3057\u304f\u8aad\u307f\u53d6\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u305b\u3093\u3002
StandardInterestingFilesSetsLoader_cannotUpdateInterestingFilesSets=\u8208\u5473\u6df1\u3044\u30d5\u30a1\u30a4\u30eb\u30bb\u30c3\u30c8\u306e\u66f4\u65b0\u8a2d\u5b9a\u3092\u8a2d\u5b9a\u30d5\u30a9\u30eb\u30c0\u30fc\u306b\u66f8\u8fbc\u3081\u307e\u305b\u3093\u3002
+FilesSetRulePanel.ruleTypeLabel.text=\u30bf\u30a4\u30d7:
+FilesSetRulePanel.inclusiveRuleTypeRadio.text=\u30d5\u30a1\u30a4\u30eb
+FilesSetRulePanel.exclusiveRuleTypeRadio.text=\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30fc
diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java
index 396480cd50c2da42f107ff0192395a7033f25020..e5152254786afab98e0d4e6fc80510847a03a31a 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java
@@ -20,12 +20,15 @@
import java.io.Serializable;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import java.util.Map.Entry;
import java.util.UUID;
import java.util.regex.Pattern;
import org.openide.util.NbBundle;
+import org.openide.util.NbBundle.Messages;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.TskData;
@@ -48,7 +51,10 @@ public final class FilesSet implements Serializable {
private final boolean standardSet;
private final int versionNumber;
- private final Map<String, Rule> rules = new HashMap<>();
+ private final Map<String, Rule> rules;
+
+ private final Map<String, Rule> inclusiveRules;
+ private final Map<String, Rule> exclusiveRules;
/**
* Constructs an interesting files set.
@@ -100,9 +106,20 @@ public FilesSet(String name, String description, boolean ignoreKnownFiles, boole
this.description = (description != null ? description : "");
this.ignoreKnownFiles = ignoreKnownFiles;
this.ignoreUnallocatedSpace = ignoreUnallocatedSpace;
- if (rules != null) {
- this.rules.putAll(rules);
+ this.rules = rules == null ? Collections.emptyMap() : new HashMap<>(rules);
+
+ Map<String, Rule> inclusiveRules = new HashMap<>();
+ Map<String, Rule> exclusiveRules = new HashMap<>();
+ for (Entry<String, Rule> ruleEntry : rules.entrySet()) {
+ if (ruleEntry.getValue().isExclusive()) {
+ exclusiveRules.put(ruleEntry.getKey(), ruleEntry.getValue());
+ } else {
+ inclusiveRules.put(ruleEntry.getKey(), ruleEntry.getValue());
+ }
}
+
+ this.inclusiveRules = inclusiveRules;
+ this.exclusiveRules = exclusiveRules;
}
/**
@@ -170,7 +187,8 @@ public boolean ingoresUnallocatedSpace() {
public Map<String, Rule> getRules() {
return new HashMap<>(this.rules);
}
-
+
+
/**
* Determines whether a file is a member of this interesting files set.
*
@@ -179,6 +197,9 @@ public Map<String, Rule> getRules() {
* @return The name of the first set membership rule satisfied by the file,
* will be null if the file does not belong to the set.
*/
+ @Messages({
+ "FileSet_fileIsMemberOf_noInclusiveRules_ruleName=Not Excluded"
+ })
public String fileIsMemberOf(AbstractFile file) {
if ((this.ignoreKnownFiles) && (file.getKnown() == TskData.FileKnown.KNOWN)) {
return null;
@@ -191,12 +212,35 @@ public String fileIsMemberOf(AbstractFile file) {
return null;
}
- for (Rule rule : rules.values()) {
+
+ String ruleName;
+ if (inclusiveRules.isEmpty()) {
+ // in the event there are no rules, return null for no match
+ if (exclusiveRules.isEmpty()) {
+ return null;
+ // in the event there are exclusion rules, rely on those
+ } else {
+ ruleName = Bundle.FileSet_fileIsMemberOf_noInclusiveRules_ruleName();
+ }
+
+ } else {
+ // if there are inclusive rules, at least one should be matched
+ ruleName = null;
+ for (Rule rule : inclusiveRules.values()) {
+ if (rule.isSatisfied(file)) {
+ ruleName = rule.getName();
+ break;
+ }
+ }
+ }
+
+ for (Rule rule : exclusiveRules.values()) {
if (rule.isSatisfied(file)) {
- return rule.getName();
+ return null;
}
}
- return null;
+
+ return ruleName;
}
@Override
@@ -215,6 +259,7 @@ public final static class Rule implements Serializable {
private static final long serialVersionUID = 1L;
private final String uuid;
private final String ruleName;
+ private final Boolean exclusive;
private final FileNameCondition fileNameCondition;
private final MetaTypeCondition metaTypeCondition;
private final ParentPathCondition pathCondition;
@@ -234,8 +279,14 @@ public final static class Rule implements Serializable {
* @param fileSizeCondition A file size condition, may be null.
* @param dateCondition A file date created or modified condition,
* may be null
+ * @param exclusive Whether or not the rule excludes items
+ * matching the rule otherwise including them.
*/
- public Rule(String ruleName, FileNameCondition fileNameCondition, MetaTypeCondition metaTypeCondition, ParentPathCondition pathCondition, MimeTypeCondition mimeTypeCondition, FileSizeCondition fileSizeCondition, DateCondition dateCondition) {
+ public Rule(String ruleName, FileNameCondition fileNameCondition, MetaTypeCondition metaTypeCondition,
+ ParentPathCondition pathCondition, MimeTypeCondition mimeTypeCondition,
+ FileSizeCondition fileSizeCondition, DateCondition dateCondition,
+ Boolean exclusive) {
+
// since ruleName is optional, ruleUUID can be used to uniquely identify a rule.
this.uuid = UUID.randomUUID().toString();
if (metaTypeCondition == null) {
@@ -274,6 +325,8 @@ public Rule(String ruleName, FileNameCondition fileNameCondition, MetaTypeCondit
if (this.dateCondition != null) {
this.conditions.add(this.dateCondition);
}
+
+ this.exclusive = exclusive;
}
/**
@@ -316,6 +369,15 @@ public DateCondition getDateCondition() {
return this.dateCondition;
}
+ /**
+ * @return True if this rule should exclude certain files matching
+ * criteria, otherwise including files matching criteria if
+ * false.
+ */
+ public boolean isExclusive() {
+ return exclusive != null && exclusive == true;
+ }
+
/**
* Determines whether or not a file satisfies the rule.
*
diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java
index 525a07213755536668750312efa0318ca391f172..92bc326dcaa56217c60d0d2cd735345a5343f9d8 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetDefsPanel.java
@@ -516,7 +516,11 @@ private void doFilesSetRuleDialog(FilesSet.Rule selectedRule) {
if (selectedRule != null) {
rules.remove(selectedRule.getUuid());
}
- FilesSet.Rule newRule = new FilesSet.Rule(panel.getRuleName(), panel.getFileNameCondition(), panel.getMetaTypeCondition(), panel.getPathCondition(), panel.getMimeTypeCondition(), panel.getFileSizeCondition(), panel.getDateCondition());
+ FilesSet.Rule newRule = new FilesSet.Rule(panel.getRuleName(),
+ panel.getFileNameCondition(), panel.getMetaTypeCondition(),
+ panel.getPathCondition(), panel.getMimeTypeCondition(),
+ panel.getFileSizeCondition(), panel.getDateCondition(),
+ panel.isExclusive());
rules.put(newRule.getUuid(), newRule);
// Add the new/edited files set definition, replacing any previous
diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.form b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.form
index 3d5993dd0b2ea55b49fa8d00e0c2f756859b1f4d..7508241998f2edee6b1b27932d5f105b38d12817 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.form
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.form
@@ -6,6 +6,8 @@
</Component>
<Component class="javax.swing.ButtonGroup" name="typeButtonGroup">
</Component>
+ <Component class="javax.swing.ButtonGroup" name="ruleTypeButtonGroup">
+ </Component>
</NonVisualComponents>
<AuxValues>
<AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
@@ -22,82 +24,106 @@
<Layout>
<DimensionLayout dim="0">
<Group type="103" groupAlignment="0" attributes="0">
- <Group type="102" attributes="0">
- <Group type="103" groupAlignment="0" attributes="0">
+ <Group type="102" alignment="1" attributes="0">
+ <Group type="103" groupAlignment="1" attributes="0">
<Group type="102" alignment="0" attributes="0">
- <EmptySpace min="-2" pref="8" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
- <Group type="102" alignment="1" attributes="0">
- <Component id="ruleNameLabel" min="-2" max="-2" attributes="0"/>
- <EmptySpace min="-2" pref="5" max="-2" attributes="0"/>
+ <Group type="102" attributes="0">
+ <EmptySpace min="-2" pref="8" max="-2" attributes="0"/>
+ <Component id="jLabel5" min="-2" max="-2" attributes="0"/>
+ </Group>
+ <Group type="102" alignment="0" attributes="0">
+ <EmptySpace max="-2" attributes="0"/>
+ <Component id="ruleTypeLabel" min="-2" max="-2" attributes="0"/>
+ </Group>
+ <Group type="102" alignment="0" attributes="0">
+ <EmptySpace min="-2" pref="119" max="-2" attributes="0"/>
+ <Group type="103" groupAlignment="0" attributes="0">
+ <Component id="exclusiveRuleTypeRadio" min="-2" max="-2" attributes="0"/>
+ <Component id="inclusiveRuleTypeRadio" min="-2" max="-2" attributes="0"/>
+ </Group>
+ </Group>
+ </Group>
+ <EmptySpace min="0" pref="0" max="32767" attributes="0"/>
+ </Group>
+ <Group type="102" attributes="0">
+ <EmptySpace max="-2" attributes="0"/>
+ <Group type="103" groupAlignment="1" attributes="0">
+ <Component id="jSeparator1" max="32767" attributes="0"/>
+ <Group type="102" alignment="0" attributes="0">
+ <EmptySpace min="-2" pref="2" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
- <Component id="mimeTypeComboBox" alignment="0" max="32767" attributes="0"/>
- <Component id="pathTextField" alignment="0" max="32767" attributes="0"/>
<Group type="102" alignment="1" attributes="0">
- <Component id="equalitySymbolComboBox" max="32767" attributes="0"/>
- <EmptySpace min="-2" max="-2" attributes="0"/>
- <Component id="fileSizeSpinner" max="32767" attributes="0"/>
- <EmptySpace min="-2" max="-2" attributes="0"/>
- <Component id="fileSizeComboBox" max="32767" attributes="0"/>
- </Group>
- <Group type="102" alignment="0" attributes="0">
- <Component id="pathRegexCheckBox" min="-2" max="-2" attributes="0"/>
- <EmptySpace max="32767" attributes="0"/>
- <Component id="pathSeparatorInfoLabel" min="-2" max="-2" attributes="0"/>
- </Group>
- <Group type="102" attributes="0">
+ <Component id="ruleNameLabel" min="-2" max="-2" attributes="0"/>
+ <EmptySpace min="-2" pref="5" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
- <Component id="ruleNameTextField" max="32767" attributes="0"/>
- <Group type="102" attributes="0">
- <Component id="daysIncludedTextField" min="-2" pref="69" max="-2" attributes="0"/>
+ <Component id="mimeTypeComboBox" alignment="0" max="32767" attributes="0"/>
+ <Component id="pathTextField" alignment="0" max="32767" attributes="0"/>
+ <Group type="102" alignment="1" attributes="0">
+ <Component id="equalitySymbolComboBox" max="32767" attributes="0"/>
+ <EmptySpace min="-2" max="-2" attributes="0"/>
+ <Component id="fileSizeSpinner" max="32767" attributes="0"/>
+ <EmptySpace min="-2" max="-2" attributes="0"/>
+ <Component id="fileSizeComboBox" max="32767" attributes="0"/>
+ </Group>
+ <Group type="102" alignment="0" attributes="0">
+ <Component id="pathRegexCheckBox" min="-2" max="-2" attributes="0"/>
+ <EmptySpace max="32767" attributes="0"/>
+ <Component id="pathSeparatorInfoLabel" min="-2" max="-2" attributes="0"/>
+ </Group>
+ <Group type="102" alignment="0" attributes="0">
+ <Group type="103" groupAlignment="0" attributes="0">
+ <Component id="ruleNameTextField" max="32767" attributes="0"/>
+ <Group type="102" alignment="0" attributes="0">
+ <Component id="daysIncludedTextField" min="-2" pref="69" max="-2" attributes="0"/>
+ <EmptySpace max="-2" attributes="0"/>
+ <Component id="daysIncludedLabel" min="-2" max="-2" attributes="0"/>
+ <EmptySpace min="0" pref="0" max="32767" attributes="0"/>
+ </Group>
+ </Group>
+ <EmptySpace min="-2" pref="1" max="-2" attributes="0"/>
+ </Group>
+ <Group type="102" alignment="0" attributes="0">
+ <Component id="fullNameRadioButton" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
- <Component id="daysIncludedLabel" min="-2" max="-2" attributes="0"/>
- <EmptySpace min="0" pref="0" max="32767" attributes="0"/>
+ <Component id="extensionRadioButton" min="-2" max="-2" attributes="0"/>
+ <EmptySpace min="-2" max="-2" attributes="0"/>
+ <Component id="nameRegexCheckbox" min="-2" max="-2" attributes="0"/>
</Group>
</Group>
- <EmptySpace min="-2" pref="1" max="-2" attributes="0"/>
</Group>
<Group type="102" alignment="0" attributes="0">
- <Component id="fullNameRadioButton" min="-2" max="-2" attributes="0"/>
- <EmptySpace max="-2" attributes="0"/>
- <Component id="extensionRadioButton" min="-2" max="-2" attributes="0"/>
- <EmptySpace min="-2" max="-2" attributes="0"/>
- <Component id="nameRegexCheckbox" min="-2" max="-2" attributes="0"/>
+ <Group type="103" groupAlignment="0" attributes="0">
+ <Component id="nameCheck" alignment="1" min="-2" pref="95" max="-2" attributes="0"/>
+ <Component id="jLabel1" alignment="0" min="-2" max="-2" attributes="0"/>
+ </Group>
+ <EmptySpace min="-2" pref="16" max="-2" attributes="0"/>
+ <Group type="103" groupAlignment="0" attributes="0">
+ <Component id="nameTextField" max="32767" attributes="0"/>
+ <Group type="102" alignment="0" attributes="0">
+ <Component id="filesRadioButton" min="-2" max="-2" attributes="0"/>
+ <EmptySpace max="-2" attributes="0"/>
+ <Component id="dirsRadioButton" min="-2" max="-2" attributes="0"/>
+ <EmptySpace max="-2" attributes="0"/>
+ <Component id="allRadioButton" min="-2" max="-2" attributes="0"/>
+ </Group>
+ </Group>
</Group>
</Group>
</Group>
- <Component id="jLabel5" min="-2" max="-2" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
- <Component id="nameCheck" alignment="1" min="-2" pref="95" max="-2" attributes="0"/>
- <Component id="jLabel1" alignment="0" min="-2" max="-2" attributes="0"/>
- </Group>
- <EmptySpace min="-2" pref="16" max="-2" attributes="0"/>
- <Group type="103" groupAlignment="0" attributes="0">
- <Group type="102" attributes="0">
- <Component id="filesRadioButton" min="-2" max="-2" attributes="0"/>
- <EmptySpace max="-2" attributes="0"/>
- <Component id="dirsRadioButton" min="-2" max="-2" attributes="0"/>
- <EmptySpace max="-2" attributes="0"/>
- <Component id="allRadioButton" min="-2" max="-2" attributes="0"/>
- </Group>
- <Component id="nameTextField" max="32767" attributes="0"/>
+ <Component id="pathCheck" alignment="0" min="-2" max="-2" attributes="0"/>
+ <Component id="mimeCheck" min="-2" max="-2" attributes="0"/>
+ <Component id="fileSizeCheck" alignment="0" min="-2" max="-2" attributes="0"/>
+ <Component id="dateCheck" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
+ <EmptySpace min="0" pref="0" max="32767" attributes="0"/>
</Group>
</Group>
</Group>
- <Group type="102" attributes="0">
- <EmptySpace max="-2" attributes="0"/>
- <Group type="103" groupAlignment="0" attributes="0">
- <Component id="pathCheck" alignment="0" min="-2" max="-2" attributes="0"/>
- <Component id="mimeCheck" min="-2" max="-2" attributes="0"/>
- <Component id="fileSizeCheck" alignment="0" min="-2" max="-2" attributes="0"/>
- <Component id="dateCheck" alignment="0" min="-2" max="-2" attributes="0"/>
- </Group>
- <EmptySpace min="0" pref="0" max="32767" attributes="0"/>
- </Group>
</Group>
- <EmptySpace min="-2" max="-2" attributes="0"/>
+ <EmptySpace max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
@@ -105,7 +131,16 @@
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<Component id="jLabel5" min="-2" max="-2" attributes="0"/>
- <EmptySpace min="-2" pref="3" max="-2" attributes="0"/>
+ <EmptySpace min="-2" pref="8" max="-2" attributes="0"/>
+ <Group type="103" groupAlignment="1" attributes="0">
+ <Component id="ruleTypeLabel" min="-2" max="-2" attributes="0"/>
+ <Component id="inclusiveRuleTypeRadio" min="-2" max="-2" attributes="0"/>
+ </Group>
+ <EmptySpace max="-2" attributes="0"/>
+ <Component id="exclusiveRuleTypeRadio" min="-2" max="-2" attributes="0"/>
+ <EmptySpace max="-2" attributes="0"/>
+ <Component id="jSeparator1" min="-2" pref="9" max="-2" attributes="0"/>
+ <EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="1" attributes="0">
<Group type="102" alignment="1" attributes="0">
<Component id="jLabel1" min="-2" max="-2" attributes="0"/>
@@ -161,7 +196,7 @@
<Component id="ruleNameTextField" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="ruleNameLabel" alignment="3" max="32767" attributes="0"/>
</Group>
- <EmptySpace max="-2" attributes="0"/>
+ <EmptySpace min="-2" pref="12" max="-2" attributes="0"/>
</Group>
</Group>
</DimensionLayout>
@@ -421,5 +456,39 @@
<EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="dateCheckActionPerformed"/>
</Events>
</Component>
+ <Component class="javax.swing.JLabel" name="ruleTypeLabel">
+ <Properties>
+ <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
+ <ResourceString bundle="org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties" key="FilesSetRulePanel.ruleTypeLabel.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, "{key}")"/>
+ </Property>
+ </Properties>
+ <AuxValues>
+ <AuxValue name="JavaCodeGenerator_VariableLocal" type="java.lang.Boolean" value="true"/>
+ <AuxValue name="JavaCodeGenerator_VariableModifier" type="java.lang.Integer" value="0"/>
+ </AuxValues>
+ </Component>
+ <Component class="javax.swing.JRadioButton" name="inclusiveRuleTypeRadio">
+ <Properties>
+ <Property name="buttonGroup" type="javax.swing.ButtonGroup" editor="org.netbeans.modules.form.RADComponent$ButtonGroupPropertyEditor">
+ <ComponentRef name="ruleTypeButtonGroup"/>
+ </Property>
+ <Property name="selected" type="boolean" value="true"/>
+ <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
+ <ResourceString bundle="org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties" key="FilesSetRulePanel.inclusiveRuleTypeRadio.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, "{key}")"/>
+ </Property>
+ </Properties>
+ </Component>
+ <Component class="javax.swing.JRadioButton" name="exclusiveRuleTypeRadio">
+ <Properties>
+ <Property name="buttonGroup" type="javax.swing.ButtonGroup" editor="org.netbeans.modules.form.RADComponent$ButtonGroupPropertyEditor">
+ <ComponentRef name="ruleTypeButtonGroup"/>
+ </Property>
+ <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
+ <ResourceString bundle="org/sleuthkit/autopsy/modules/interestingitems/Bundle.properties" key="FilesSetRulePanel.exclusiveRuleTypeRadio.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, "{key}")"/>
+ </Property>
+ </Properties>
+ </Component>
+ <Component class="javax.swing.JSeparator" name="jSeparator1">
+ </Component>
</SubComponents>
</Form>
diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java
index 541dccfa63dfabe7dba0ea60a15be71a75a95213..f3411768206406216a795c194f2af99185485885 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java
@@ -120,6 +120,7 @@ final class FilesSetRulePanel extends javax.swing.JPanel {
populatePathConditionComponents(rule);
populateDateConditionComponents(rule);
populateSizeConditionComponents(rule);
+ populateInclusiveExclusive(rule);
this.setButtons(okButton, cancelButton);
updateNameTextFieldPrompt();
@@ -272,6 +273,11 @@ private void populateTypeConditionComponents(FilesSet.Rule rule) {
break;
}
}
+
+ private void populateInclusiveExclusive(FilesSet.Rule rule) {
+ this.inclusiveRuleTypeRadio.setSelected(!rule.isExclusive());
+ this.exclusiveRuleTypeRadio.setSelected(rule.isExclusive());
+ }
/**
* Populates the UI components that display the name condition for a rule.
@@ -460,6 +466,14 @@ boolean isValidRuleDefinition() {
String getRuleName() {
return this.ruleNameTextField.getText();
}
+
+ /**
+ * @return Whether or not this rule should exclude or include files based on
+ * the rule.
+ */
+ boolean isExclusive() {
+ return this.exclusiveRuleTypeRadio.isSelected();
+ }
/**
* Gets the name condition for the rule that was created or edited. Should
@@ -664,6 +678,7 @@ private void initComponents() {
nameButtonGroup = new javax.swing.ButtonGroup();
typeButtonGroup = new javax.swing.ButtonGroup();
+ ruleTypeButtonGroup = new javax.swing.ButtonGroup();
ruleNameLabel = new javax.swing.JLabel();
ruleNameTextField = new javax.swing.JTextField();
jLabel1 = new javax.swing.JLabel();
@@ -689,6 +704,10 @@ private void initComponents() {
daysIncludedTextField = new javax.swing.JTextField();
daysIncludedLabel = new javax.swing.JLabel();
dateCheck = new javax.swing.JCheckBox();
+ javax.swing.JLabel ruleTypeLabel = new javax.swing.JLabel();
+ inclusiveRuleTypeRadio = new javax.swing.JRadioButton();
+ exclusiveRuleTypeRadio = new javax.swing.JRadioButton();
+ jSeparator1 = new javax.swing.JSeparator();
org.openide.awt.Mnemonics.setLocalizedText(ruleNameLabel, org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.ruleNameLabel.text")); // NOI18N
@@ -810,75 +829,108 @@ public void actionPerformed(java.awt.event.ActionEvent evt) {
}
});
+ org.openide.awt.Mnemonics.setLocalizedText(ruleTypeLabel, org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.ruleTypeLabel.text")); // NOI18N
+
+ ruleTypeButtonGroup.add(inclusiveRuleTypeRadio);
+ inclusiveRuleTypeRadio.setSelected(true);
+ org.openide.awt.Mnemonics.setLocalizedText(inclusiveRuleTypeRadio, org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.inclusiveRuleTypeRadio.text")); // NOI18N
+
+ ruleTypeButtonGroup.add(exclusiveRuleTypeRadio);
+ org.openide.awt.Mnemonics.setLocalizedText(exclusiveRuleTypeRadio, org.openide.util.NbBundle.getMessage(FilesSetRulePanel.class, "FilesSetRulePanel.exclusiveRuleTypeRadio.text")); // NOI18N
+
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
this.setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
- .addGroup(layout.createSequentialGroup()
- .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
- .addGroup(layout.createSequentialGroup()
- .addGap(8, 8, 8)
+ .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup()
+ .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
+ .addGroup(javax.swing.GroupLayout.Alignment.LEADING, layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
- .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup()
- .addComponent(ruleNameLabel)
- .addGap(5, 5, 5)
+ .addGroup(layout.createSequentialGroup()
+ .addGap(8, 8, 8)
+ .addComponent(jLabel5))
+ .addGroup(layout.createSequentialGroup()
+ .addContainerGap()
+ .addComponent(ruleTypeLabel))
+ .addGroup(layout.createSequentialGroup()
+ .addGap(119, 119, 119)
+ .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(exclusiveRuleTypeRadio)
+ .addComponent(inclusiveRuleTypeRadio))))
+ .addGap(0, 0, Short.MAX_VALUE))
+ .addGroup(layout.createSequentialGroup()
+ .addContainerGap()
+ .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
+ .addComponent(jSeparator1)
+ .addGroup(javax.swing.GroupLayout.Alignment.LEADING, layout.createSequentialGroup()
+ .addGap(2, 2, 2)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
- .addComponent(mimeTypeComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
- .addComponent(pathTextField)
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup()
- .addComponent(equalitySymbolComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
- .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
- .addComponent(fileSizeSpinner)
- .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
- .addComponent(fileSizeComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
- .addGroup(layout.createSequentialGroup()
- .addComponent(pathRegexCheckBox)
- .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
- .addComponent(pathSeparatorInfoLabel))
- .addGroup(layout.createSequentialGroup()
+ .addComponent(ruleNameLabel)
+ .addGap(5, 5, 5)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
- .addComponent(ruleNameTextField)
+ .addComponent(mimeTypeComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+ .addComponent(pathTextField)
+ .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup()
+ .addComponent(equalitySymbolComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(fileSizeSpinner)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(fileSizeComboBox, 0, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+ .addGroup(layout.createSequentialGroup()
+ .addComponent(pathRegexCheckBox)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+ .addComponent(pathSeparatorInfoLabel))
+ .addGroup(layout.createSequentialGroup()
+ .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(ruleNameTextField)
+ .addGroup(layout.createSequentialGroup()
+ .addComponent(daysIncludedTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 69, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(daysIncludedLabel)
+ .addGap(0, 0, Short.MAX_VALUE)))
+ .addGap(1, 1, 1))
.addGroup(layout.createSequentialGroup()
- .addComponent(daysIncludedTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 69, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(fullNameRadioButton)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
- .addComponent(daysIncludedLabel)
- .addGap(0, 0, Short.MAX_VALUE)))
- .addGap(1, 1, 1))
+ .addComponent(extensionRadioButton)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(nameRegexCheckbox))))
.addGroup(layout.createSequentialGroup()
- .addComponent(fullNameRadioButton)
- .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
- .addComponent(extensionRadioButton)
- .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
- .addComponent(nameRegexCheckbox))))
- .addComponent(jLabel5)
- .addGroup(layout.createSequentialGroup()
- .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
- .addComponent(nameCheck, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.PREFERRED_SIZE, 95, javax.swing.GroupLayout.PREFERRED_SIZE)
- .addComponent(jLabel1))
- .addGap(16, 16, 16)
+ .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(nameCheck, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.PREFERRED_SIZE, 95, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addComponent(jLabel1))
+ .addGap(16, 16, 16)
+ .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+ .addComponent(nameTextField)
+ .addGroup(layout.createSequentialGroup()
+ .addComponent(filesRadioButton)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(dirsRadioButton)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(allRadioButton))))))
+ .addGroup(javax.swing.GroupLayout.Alignment.LEADING, layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
- .addGroup(layout.createSequentialGroup()
- .addComponent(filesRadioButton)
- .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
- .addComponent(dirsRadioButton)
- .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
- .addComponent(allRadioButton))
- .addComponent(nameTextField)))))
- .addGroup(layout.createSequentialGroup()
- .addContainerGap()
- .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
- .addComponent(pathCheck)
- .addComponent(mimeCheck)
- .addComponent(fileSizeCheck)
- .addComponent(dateCheck))
- .addGap(0, 0, Short.MAX_VALUE)))
+ .addComponent(pathCheck)
+ .addComponent(mimeCheck)
+ .addComponent(fileSizeCheck)
+ .addComponent(dateCheck))
+ .addGap(0, 0, Short.MAX_VALUE)))))
.addContainerGap())
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addComponent(jLabel5)
- .addGap(3, 3, 3)
+ .addGap(8, 8, 8)
+ .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
+ .addComponent(ruleTypeLabel)
+ .addComponent(inclusiveRuleTypeRadio))
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(exclusiveRuleTypeRadio)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+ .addComponent(jSeparator1, javax.swing.GroupLayout.PREFERRED_SIZE, 9, javax.swing.GroupLayout.PREFERRED_SIZE)
+ .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.TRAILING)
.addGroup(layout.createSequentialGroup()
.addComponent(jLabel1)
@@ -923,7 +975,7 @@ public void actionPerformed(java.awt.event.ActionEvent evt) {
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(ruleNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addComponent(ruleNameLabel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
- .addContainerGap())
+ .addGap(12, 12, 12))
);
}// </editor-fold>//GEN-END:initComponents
@@ -1023,14 +1075,17 @@ private void fullNameRadioButtonActionPerformed(java.awt.event.ActionEvent evt)
private javax.swing.JTextField daysIncludedTextField;
private javax.swing.JRadioButton dirsRadioButton;
private javax.swing.JComboBox<String> equalitySymbolComboBox;
+ private javax.swing.JRadioButton exclusiveRuleTypeRadio;
private javax.swing.JRadioButton extensionRadioButton;
private javax.swing.JCheckBox fileSizeCheck;
private javax.swing.JComboBox<String> fileSizeComboBox;
private javax.swing.JSpinner fileSizeSpinner;
private javax.swing.JRadioButton filesRadioButton;
private javax.swing.JRadioButton fullNameRadioButton;
+ private javax.swing.JRadioButton inclusiveRuleTypeRadio;
private javax.swing.JLabel jLabel1;
private javax.swing.JLabel jLabel5;
+ private javax.swing.JSeparator jSeparator1;
private javax.swing.JCheckBox mimeCheck;
private javax.swing.JComboBox<String> mimeTypeComboBox;
private javax.swing.ButtonGroup nameButtonGroup;
@@ -1043,6 +1098,7 @@ private void fullNameRadioButtonActionPerformed(java.awt.event.ActionEvent evt)
private javax.swing.JTextField pathTextField;
private javax.swing.JLabel ruleNameLabel;
private javax.swing.JTextField ruleNameTextField;
+ private javax.swing.ButtonGroup ruleTypeButtonGroup;
private javax.swing.ButtonGroup typeButtonGroup;
// End of variables declaration//GEN-END:variables
}
diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetsManager.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetsManager.java
index 0019800ee1e7597b0d600cdf717936ebeb310632..afceada437c3f2c16458ccaa14d3138098005b61 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetsManager.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetsManager.java
@@ -52,7 +52,7 @@ public final class FilesSetsManager extends Observable {
{
put(Bundle.FilesSetsManager_allFilesAndDirectories(),
new Rule(Bundle.FilesSetsManager_allFilesAndDirectories(), null,
- new MetaTypeCondition(MetaTypeCondition.Type.ALL), null, null, null, null));
+ new MetaTypeCondition(MetaTypeCondition.Type.ALL), null, null, null, null, null));
}
});
private static final FilesSet FILES_DIRS_UNALLOC_INGEST_FILTER = new FilesSet(
@@ -61,7 +61,7 @@ public final class FilesSetsManager extends Observable {
{
put(Bundle.FilesSetsManager_allFilesDirectoriesAndUnallocated(),
new Rule(Bundle.FilesSetsManager_allFilesDirectoriesAndUnallocated(), null,
- new MetaTypeCondition(MetaTypeCondition.Type.ALL), null, null, null, null));
+ new MetaTypeCondition(MetaTypeCondition.Type.ALL), null, null, null, null, null));
}
});
diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java
index 863243a4e10a133a73b188973067176b67575f6c..84b1306f26781ccc0c568f4e4d013c49d7948062 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/InterestingItemsFilesSetSettings.java
@@ -81,6 +81,7 @@ class InterestingItemsFilesSetSettings implements Serializable {
private static final String FS_COMPARATOR_ATTR = "comparatorSymbol";
private static final String FS_SIZE_ATTR = "sizeValue";
private static final String FS_UNITS_ATTR = "sizeUnits";
+ private static final String EXCLUSIVE_ATTR = "isExclusive";
private static final String TYPE_FILTER_VALUE_FILES = "file"; //NON-NLS
private static final String XML_ENCODING = "UTF-8"; //NON-NLS
private static final Logger logger = Logger.getLogger(InterestingItemsFilesSetSettings.class.getName());
@@ -268,13 +269,14 @@ private static FilesSet.Rule readRule(Element elem) throws FilesSetsManager.File
MimeTypeCondition mimeCondition = readMimeCondition(elem);
FileSizeCondition sizeCondition = readSizeCondition(elem);
DateCondition dateCondition = readDateCondition(elem); //if meta type condition or all four types of conditions the user can create are all null then don't make the rule
+ Boolean isExclusive = readExclusive(elem);
if (metaCondition == null || (nameCondition == null && pathCondition == null && mimeCondition == null && sizeCondition == null && dateCondition == null)) {
logger.log(Level.WARNING, "Error Reading Rule, " + ruleName + " was either missing a meta condition or contained only a meta condition. No rule was imported."); // NON-NLS
throw new FilesSetsManager.FilesSetsManagerException(
Bundle.InterestingItemsFilesSetSettings_readRule_missingNecessary(ruleName));
}
- return new FilesSet.Rule(ruleName, nameCondition, metaCondition, pathCondition, mimeCondition, sizeCondition, dateCondition);
+ return new FilesSet.Rule(ruleName, nameCondition, metaCondition, pathCondition, mimeCondition, sizeCondition, dateCondition, isExclusive);
}
/**
@@ -337,6 +339,22 @@ private static FileNameCondition readNameCondition(Element elem) throws FilesSet
}
return nameCondition;
}
+
+ /**
+ * Construct a MIME type condition for a FilesSet membership rule from data
+ * in an XML element.
+ *
+ * @param ruleElement The XML element.
+ *
+ * @return The mime TYPE condition, or null if none existed
+ */
+ private static Boolean readExclusive(Element elem) {
+ Boolean isExclusive = null;
+ if (!elem.getAttribute(EXCLUSIVE_ATTR).isEmpty()) {
+ isExclusive = Boolean.parseBoolean(elem.getAttribute(EXCLUSIVE_ATTR));
+ }
+ return isExclusive;
+ }
/**
* Construct a MIME type condition for a FilesSet membership rule from data
@@ -724,6 +742,8 @@ static boolean exportXmlDefinitionsFile(File xmlFile, List<FilesSet> interesting
if (dateCondition != null) {
ruleElement.setAttribute(DAYS_INCLUDED_ATTR, Integer.toString(dateCondition.getDaysIncluded()));
}
+
+ ruleElement.setAttribute(EXCLUSIVE_ATTR, Boolean.toString(rule.isExclusive()));
setElement.appendChild(ruleElement);
}
diff --git a/Core/test/qa-functional/src/org/sleuthkit/autopsy/ingest/IngestFileFiltersTest.java b/Core/test/qa-functional/src/org/sleuthkit/autopsy/ingest/IngestFileFiltersTest.java
index 5d674dea3307e69ea7c2c4bbeaccc10a877c8fd6..81fec226c5c84ecbd919bd6672abd196080af50b 100755
--- a/Core/test/qa-functional/src/org/sleuthkit/autopsy/ingest/IngestFileFiltersTest.java
+++ b/Core/test/qa-functional/src/org/sleuthkit/autopsy/ingest/IngestFileFiltersTest.java
@@ -90,7 +90,7 @@ public void testBasicDir() {
IngestUtils.addDataSource(dataSourceProcessor, IMAGE_PATH);
HashMap<String, Rule> rule = new HashMap<>();
- rule.put("Rule", new Rule("testFileType", null, new MetaTypeCondition(MetaTypeCondition.Type.FILES), new ParentPathCondition("dir1"), null, null, null));
+ rule.put("Rule", new Rule("testFileType", null, new MetaTypeCondition(MetaTypeCondition.Type.FILES), new ParentPathCondition("dir1"), null, null, null, null));
//Filter for dir1 and no unallocated space
FilesSet dirFilter = new FilesSet("Filter", "Filter to find all files in dir1.", false, true, rule);
@@ -131,7 +131,7 @@ public void testExtAndDirWithOneRule() {
IngestUtils.addDataSource(dataSourceProcessor, IMAGE_PATH);
HashMap<String, Rule> rules = new HashMap<>();
- rules.put("Rule", new Rule("testExtAndDirWithOneRule", new ExtensionCondition("jpg"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), new ParentPathCondition("dir1"), null, null, null));
+ rules.put("Rule", new Rule("testExtAndDirWithOneRule", new ExtensionCondition("jpg"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), new ParentPathCondition("dir1"), null, null, null, null));
//Build the filter that ignore unallocated space and with one rule
FilesSet filesExtDirsFilter = new FilesSet("Filter", "Filter to find all jpg files in dir1.", false, true, rules);
@@ -167,8 +167,8 @@ public void testExtAndDirWithTwoRules() {
IngestUtils.addDataSource(dataSourceProcessor, IMAGE_PATH);
HashMap<String, Rule> rules = new HashMap<>();
- rules.put("rule1", new Rule("FindJpgExtention", new ExtensionCondition("jpg"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null));
- rules.put("rule2", new Rule("FindDir1Directory", null, new MetaTypeCondition(MetaTypeCondition.Type.FILES), new ParentPathCondition("dir1"), null, null, null));
+ rules.put("rule1", new Rule("FindJpgExtention", new ExtensionCondition("jpg"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null, null));
+ rules.put("rule2", new Rule("FindDir1Directory", null, new MetaTypeCondition(MetaTypeCondition.Type.FILES), new ParentPathCondition("dir1"), null, null, null, null));
//Build the filter that ingnore unallocated space and with 2 rules
FilesSet filesExtDirsFilter = new FilesSet("Filter", "Filter to find all files in dir1 and all files with jpg extention.", false, true, rules);
@@ -211,7 +211,7 @@ public void testFullFileNameRule() {
IngestUtils.addDataSource(dataSourceProcessor, IMAGE_PATH);
HashMap<String, Rule> rules = new HashMap<>();
- rules.put("rule", new Rule("FindFileWithFullName", new FullNameCondition("file.docx"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null));
+ rules.put("rule", new Rule("FindFileWithFullName", new FullNameCondition("file.docx"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null, null));
//Build the filter to find file: file.docx
FilesSet fullNameFilter = new FilesSet("Filter", "Filter to find file.docx.", false, true, rules);
@@ -246,8 +246,8 @@ public void testCarvingWithExtRuleAndUnallocSpace() {
IngestUtils.addDataSource(dataSourceProcessor, IMAGE_PATH);
HashMap<String, Rule> rules = new HashMap<>();
- rules.put("rule1", new Rule("FindJpgExtention", new ExtensionCondition("jpg"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null));
- rules.put("rule2", new Rule("FindGifExtention", new ExtensionCondition("gif"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null));
+ rules.put("rule1", new Rule("FindJpgExtention", new ExtensionCondition("jpg"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null, null));
+ rules.put("rule2", new Rule("FindGifExtention", new ExtensionCondition("gif"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null, null));
//Build the filter to find files with .jpg and .gif extension and unallocated space
FilesSet extensionFilter = new FilesSet("Filter", "Filter to files with .jpg and .gif extension.", false, false, rules);
@@ -294,8 +294,8 @@ public void testCarvingNoUnallocatedSpace() {
IngestUtils.addDataSource(dataSourceProcessor, IMAGE_PATH);
HashMap<String, Rule> rules = new HashMap<>();
- rules.put("rule1", new Rule("FindJpgExtention", new ExtensionCondition("jpg"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null));
- rules.put("rule2", new Rule("FindGifExtention", new ExtensionCondition("gif"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null));
+ rules.put("rule1", new Rule("FindJpgExtention", new ExtensionCondition("jpg"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null, null));
+ rules.put("rule2", new Rule("FindGifExtention", new ExtensionCondition("gif"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null, null));
//Build the filter to find files with .jpg and .gif extension
FilesSet extensionFilter = new FilesSet("Filter", "Filter to files with .jpg and .gif extension.", false, true, rules);
@@ -330,9 +330,9 @@ public void testEmbeddedJpg() {
//Build the filter to find jpg files
HashMap<String, Rule> rules = new HashMap<>();
//Extension condition for jpg files
- rules.put("rule1", new Rule("FindJpgExtention", new ExtensionCondition("jpg"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null));
+ rules.put("rule1", new Rule("FindJpgExtention", new ExtensionCondition("jpg"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null, null));
//Extension condition for zip files, because we want test jpg extension filter for extracted files from a zip file
- rules.put("rule2", new Rule("ZipExtention", new ExtensionCondition("zip"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null));
+ rules.put("rule2", new Rule("ZipExtention", new ExtensionCondition("zip"), new MetaTypeCondition(MetaTypeCondition.Type.FILES), null, null, null, null, null));
FilesSet embeddedFilter = new FilesSet("Filter", "Filter to files with .jpg extension.", false, false, rules);
ArrayList<IngestModuleTemplate> templates = new ArrayList<>();
diff --git a/ImageGallery/nbproject/project.properties b/ImageGallery/nbproject/project.properties
index 273f96d9d9de9ee76216e7267c2b5267c371bdca..71bee9e165f35184852d5017d7e2251b915710dd 100644
--- a/ImageGallery/nbproject/project.properties
+++ b/ImageGallery/nbproject/project.properties
@@ -1,4 +1,4 @@
-file.reference.sqlite-jdbc-3.25.2.jar=release/modules/ext/sqlite-jdbc-3.25.2.jar
+file.reference.sqlite-jdbc-3.36.0.3.jar=release/modules/ext/sqlite-jdbc-3.36.0.3.jar
javac.source=1.8
javac.compilerargs=-Xlint -Xlint:-serial
license.file=LICENSE-2.0.txt
diff --git a/ImageGallery/nbproject/project.xml b/ImageGallery/nbproject/project.xml
index 0c5fd31fca7e86b1cbb5127c71456ab98216ea3f..c3c15d5545dbc52dc620ebd890a87037d8107ebe 100644
--- a/ImageGallery/nbproject/project.xml
+++ b/ImageGallery/nbproject/project.xml
@@ -142,8 +142,8 @@
</module-dependencies>
<public-packages/>
<class-path-extension>
- <runtime-relative-path>ext/sqlite-jdbc-3.25.2.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/sqlite-jdbc-3.25.2.jar</binary-origin>
+ <runtime-relative-path>ext/sqlite-jdbc-3.36.0.3.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/sqlite-jdbc-3.36.0.3.jar</binary-origin>
</class-path-extension>
</data>
</configuration>
diff --git a/RecentActivity/nbproject/project.properties b/RecentActivity/nbproject/project.properties
index b94a108e6ee2c4197eb762f921f0a765ef5d1979..d5847c5263f8cbfc878ef4ed4a1cbe1f53ba8d7c 100644
--- a/RecentActivity/nbproject/project.properties
+++ b/RecentActivity/nbproject/project.properties
@@ -1,5 +1,5 @@
file.reference.Rejistry-1.1-SNAPSHOT.jar=release/modules/ext/Rejistry-1.1-SNAPSHOT.jar
-file.reference.sqlite-jdbc-3.25.2.jar=release/modules/ext/sqlite-jdbc-3.25.2.jar
+file.reference.sqlite-jdbc-3.36.0.3.jar=release/modules/ext/sqlite-jdbc-3.36.0.3.jar
javac.source=1.8
javac.compilerargs=-Xlint -Xlint:-serial
license.file=../LICENSE-2.0.txt
diff --git a/RecentActivity/nbproject/project.xml b/RecentActivity/nbproject/project.xml
index d4bde929509159fba6396722968f8ee5335efc91..9fbbabf5968d02442f69d9a702741304f51b0e4d 100644
--- a/RecentActivity/nbproject/project.xml
+++ b/RecentActivity/nbproject/project.xml
@@ -88,8 +88,8 @@
<binary-origin>release/modules/ext/Rejistry-1.1-SNAPSHOT.jar</binary-origin>
</class-path-extension>
<class-path-extension>
- <runtime-relative-path>ext/sqlite-jdbc-3.25.2.jar</runtime-relative-path>
- <binary-origin>release/modules/ext/sqlite-jdbc-3.25.2.jar</binary-origin>
+ <runtime-relative-path>ext/sqlite-jdbc-3.36.0.3.jar</runtime-relative-path>
+ <binary-origin>release/modules/ext/sqlite-jdbc-3.36.0.3.jar</binary-origin>
</class-path-extension>
</data>
</configuration>