diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.cpp b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
index 47c7303e06007839e2b652995030fcb395292da5..11f431e9ccb1f4100ee8f90ceee33ec355f8a172 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.cpp
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
@@ -26,7 +26,7 @@ using std::stringstream;
using std::for_each;
static TSK_HDB_INFO * m_NSRLDb = NULL;
-static std::vector<TSK_HDB_INFO *> m_knownbads;
+static std::vector<TSK_HDB_INFO *> m_hashDbs;
/*
* JNI file handle structure encapsulates both
@@ -311,9 +311,9 @@ JNIEXPORT jint JNICALL
return -1;
}
- m_knownbads.push_back(temp);
+ m_hashDbs.push_back(temp);
- return m_knownbads.size();
+ return m_hashDbs.size();
}
/*
@@ -338,9 +338,9 @@ JNIEXPORT jint JNICALL
return -1;
}
- m_knownbads.push_back(temp);
+ m_hashDbs.push_back(temp);
- return m_knownbads.size();
+ return m_hashDbs.size();
}
/*
@@ -360,7 +360,7 @@ JNIEXPORT jint JNICALL
{
int8_t retval = 0;
- if((size_t) dbHandle > m_knownbads.size()) {
+ if((size_t) dbHandle > m_hashDbs.size()) {
setThrowTskCoreError(env, "Invalid database handle");
retval = 1;
} else {
@@ -372,7 +372,7 @@ JNIEXPORT jint JNICALL
TSK_TCHAR filenameT[1024];
toTCHAR(env, filenameT, 1024, filenameJ);
- TSK_HDB_INFO * db = m_knownbads.at(dbHandle-1);
+ TSK_HDB_INFO * db = m_hashDbs.at(dbHandle-1);
if(db != NULL) {
retval = tsk_hdb_add_str(db, filenameT, md5, sha1, sha256);
@@ -403,10 +403,10 @@ JNIEXPORT jboolean JNICALL
{
bool retval = false;
- if((size_t) dbHandle > m_knownbads.size()) {
+ if((size_t) dbHandle > m_hashDbs.size()) {
setThrowTskCoreError(env, "Invalid database handle");
} else {
- TSK_HDB_INFO * db = m_knownbads.at(dbHandle-1);
+ TSK_HDB_INFO * db = m_hashDbs.at(dbHandle-1);
if(db != NULL) {
retval = (db->idx_info->updateable == 1) ? true : false;
@@ -428,10 +428,10 @@ JNIEXPORT jboolean JNICALL
{
bool retval = false;
- if((size_t) dbHandle > m_knownbads.size()) {
+ if((size_t) dbHandle > m_hashDbs.size()) {
setThrowTskCoreError(env, "Invalid database handle");
} else {
- TSK_HDB_INFO * db = m_knownbads.at(dbHandle-1);
+ TSK_HDB_INFO * db = m_hashDbs.at(dbHandle-1);
if(db != NULL) {
retval = (tsk_hdb_is_idxonly(db) == 1) ? true : false;
@@ -483,11 +483,11 @@ JNIEXPORT jstring JNICALL
JNIEXPORT jstring JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_getDbName
(JNIEnv * env, jclass obj, jint dbHandle)
{
- if((size_t) dbHandle > m_knownbads.size()) {
+ if((size_t) dbHandle > m_hashDbs.size()) {
setThrowTskCoreError(env, "Invalid database handle");
return env->NewStringUTF("-1");
} else {
- TSK_HDB_INFO * temp = m_knownbads.at(dbHandle-1);
+ TSK_HDB_INFO * temp = m_hashDbs.at(dbHandle-1);
if (temp == NULL) {
setThrowTskCoreError(env, "Error: database object is null");
return env->NewStringUTF("-1");
@@ -508,9 +508,9 @@ JNIEXPORT void JNICALL
m_NSRLDb = NULL;
}
- for_each(m_knownbads.begin(), m_knownbads.end(), tsk_hdb_close);
+ for_each(m_hashDbs.begin(), m_hashDbs.end(), tsk_hdb_close);
- m_knownbads.clear();
+ m_hashDbs.clear();
}
/*
@@ -550,7 +550,7 @@ JNIEXPORT jint JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_nsrlDbLookup
JNIEXPORT jint JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_knownBadDbLookup
(JNIEnv * env, jclass obj, jstring hash, jint dbHandle){
- if((size_t) dbHandle > m_knownbads.size()) {
+ if((size_t) dbHandle > m_hashDbs.size()) {
setThrowTskCoreError(env, "Invalid database handle");
return -1;
}
@@ -563,7 +563,7 @@ JNIEXPORT jint JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_knownBadDbLooku
- TSK_HDB_INFO * db = m_knownbads.at(dbHandle-1);
+ TSK_HDB_INFO * db = m_hashDbs.at(dbHandle-1);
if(db != NULL) {
int8_t retval = tsk_hdb_lookup_str(db, md5, TSK_HDB_FLAG_QUICK, NULL, NULL);
@@ -1532,15 +1532,21 @@ Java_org_sleuthkit_datamodel_SleuthkitJNI_createLookupIndexByPathNat (JNIEnv * e
tsk_hdb_close(temp);
}
+/*
+ * Create an index for the given database
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param dbHandle handle for the database
+ */
JNIEXPORT void JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_createLookupIndexNat (JNIEnv * env,
jclass obj, jint dbHandle)
{
- if((size_t) dbHandle > m_knownbads.size()) {
+ if((size_t) dbHandle > m_hashDbs.size()) {
setThrowTskCoreError(env, "Invalid database handle");
return;
} else {
- TSK_HDB_INFO * temp = m_knownbads.at(dbHandle-1);
+ TSK_HDB_INFO * temp = m_hashDbs.at(dbHandle-1);
if (temp == NULL) {
setThrowTskCoreError(env, "Error: database object is null");
return;
@@ -1593,14 +1599,20 @@ JNIEXPORT jboolean JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_lookupIndex
return (jboolean) retval == 1;
}
+/*
+ * Check if an index exists for the given database.
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param dbHandle handle for the database
+ */
JNIEXPORT jboolean JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_lookupIndexExistsNat
(JNIEnv * env, jclass obj, jint dbHandle) {
- if((size_t) dbHandle > m_knownbads.size()) {
+ if((size_t) dbHandle > m_hashDbs.size()) {
setThrowTskCoreError(env, "Invalid database handle");
return (jboolean) false;
} else {
- TSK_HDB_INFO * temp = m_knownbads.at(dbHandle-1);
+ TSK_HDB_INFO * temp = m_hashDbs.at(dbHandle-1);
if (temp == NULL) {
return (jboolean) false;
}
diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.h b/bindings/java/jni/dataModel_SleuthkitJNI.h
index e8a7dc7009677df8dc1770da825997988d830f37..47261d57c71ad71f21d4c2fd2500a9cea62d9f55 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.h
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.h
@@ -83,7 +83,6 @@ JNIEXPORT jint JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_addStrDbKnownBadNat(JNIEnv * env,
jclass obj, jstring filenameJ, jstring hashMd5J, jstring hashSha1J, jstring hashSha256J, jint dbHandle);
-
/*
* Class: org_sleuthkit_datamodel_SleuthkitJNI
* Method: isUpdateableDbKnownBadNat
@@ -93,12 +92,15 @@ JNIEXPORT jboolean JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_isUpdateableDbKnownBadNat(JNIEnv * env,
jclass obj, jint dbHandle);
-
+/*
+ * Class: org_sleuthkit_datamodel_SleuthkitJNI
+ * Method: isIdxOnlyHashDbNat
+ * Signature:
+ */
JNIEXPORT jboolean JNICALL
Java_org_sleuthkit_datamodel_SleuthkitJNI_isIdxOnlyHashDbNat(JNIEnv * env,
jclass obj, jint dbHandle);
-
/*
* Class: org_sleuthkit_datamodel_SleuthkitJNI
* Method: getDbName
@@ -301,24 +303,33 @@ JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_closeFileNat
/*
* Class: org_sleuthkit_datamodel_SleuthkitJNI
- * Method: createLookupIndexNat
+ * Method: createLookupIndexByPathNat
* Signature: (Ljava/lang/String;)V
*/
JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_createLookupIndexByPathNat
(JNIEnv *, jclass, jstring);
+/*
+ * Class: org_sleuthkit_datamodel_SleuthkitJNI
+ * Method: createLookupIndexNat
+ * Signature:
+ */
JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_createLookupIndexNat
(JNIEnv *, jclass, jint);
/*
* Class: org_sleuthkit_datamodel_SleuthkitJNI
- * Method: lookupIndexExistsNat
+ * Method: lookupIndexExistsByPathNat
* Signature: (Ljava/lang/String;)Z
*/
JNIEXPORT jboolean JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_lookupIndexExistsByPathNat
(JNIEnv *, jclass, jstring);
-
+/*
+ * Class: org_sleuthkit_datamodel_SleuthkitJNI
+ * Method: lookupIndexExistsNat
+ * Signature:
+ */
JNIEXPORT jboolean JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_lookupIndexExistsNat
(JNIEnv *, jclass, jint);
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
index ef91dc53db0776af21eb059ad6a48aded4f93e23..d0e6853ae2c8d1d4fefd3bcdff6428ebd70db897 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
@@ -789,7 +789,7 @@ public static boolean isUpdateableHashDatabase(int dbHandle) throws TskCoreExcep
return isUpdateableDbKnownBadNat(dbHandle);
}
- public boolean hashDatabaseHasLegacyLookupIndexOnly(int dbHandle) throws TskCoreException {
+ public static boolean hashDatabaseHasLegacyLookupIndexOnly(int dbHandle) throws TskCoreException {
return isIdxOnlyHashDbNat(dbHandle);
}
diff --git a/tsk/hashdb/sqlite_index.cpp b/tsk/hashdb/sqlite_index.cpp
index 7652a38cc37ae25d303f70983379bf066f0799f5..7f7dbed781ad003068697513fe4af80707107657 100644
--- a/tsk/hashdb/sqlite_index.cpp
+++ b/tsk/hashdb/sqlite_index.cpp
@@ -395,7 +395,17 @@ sqlite_v1_lookup_str(TSK_HDB_INFO * hdb_info, const char *hash,
pos += 2 * sizeof(char);
}
- return sqlite_v1_lookup_raw(hdb_info, hashBlob, len, flags, action, ptr);
+ int8_t ret = sqlite_v1_lookup_raw(hdb_info, hashBlob, len, flags, action, ptr);
+
+ if ((ret == 1) && (hdb_info->db_type == TSK_HDB_DBTYPE_IDXONLY_ID)
+ && !(flags & TSK_HDB_FLAG_QUICK) && (action != NULL)) {
+ //name is blank because we don't have a name in this case
+ ///@todo query the names table for associations
+ char * name = "";
+ action(hdb_info, hash, name, ptr);
+ }
+
+ return ret;
}
@@ -419,77 +429,83 @@ sqlite_v1_lookup_raw(TSK_HDB_INFO * hdb_info, uint8_t * hash, uint8_t len,
TSK_HDB_LOOKUP_FN action, void *ptr)
{
char hashbuf[TSK_HDB_HTYPE_SHA1_LEN + 1];
- int i;
+ int8_t ret = 0;
+ int i;
static const char hex[] = "0123456789abcdef";
TSK_OFF_T offset;
char * selectStmt;
+ sqlite3_stmt* stmt = NULL;
tsk_take_lock(&hdb_info->lock);
/* Sanity check */
if ((hdb_info->hash_len)/2 != len) {
- tsk_release_lock(&hdb_info->lock);
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_HDB_ARG);
tsk_error_set_errstr("hdb_lookup: Hash passed is different size than expected: %d vs %d",
hdb_info->hash_len, len);
- return -1;
- }
+ ret = -1;
+ } else {
- if (m_stmt == NULL) {
if (hdb_info->hash_type == TSK_HDB_HTYPE_MD5_ID) {
selectStmt = "SELECT md5,database_offset from hashes where md5=? limit 1";
} else if (hdb_info->hash_type == TSK_HDB_HTYPE_SHA1_ID) {
selectStmt = "SELECT sha1,database_offset from hashes where sha1=? limit 1";
} else {
- tsk_release_lock(&hdb_info->lock);
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_HDB_ARG);
tsk_error_set_errstr("Unknown hash type: %d\n", hdb_info->hash_type);
- return 1;
+ ret = -1;
}
- prepare_stmt(selectStmt, &m_stmt, hdb_info->idx_info->idx_struct.idx_sqlite_v1->hIdx_sqlite);
- }
-
- if (attempt(sqlite3_bind_blob(m_stmt, 1, hash, len, free),
- SQLITE_OK,
- "Error binding binary blob: %s\n",
- hdb_info->idx_info->idx_struct.idx_sqlite_v1->hIdx_sqlite)) {
- tsk_release_lock(&hdb_info->lock);
- return -1;
- }
- if (sqlite3_step(m_stmt) == SQLITE_ROW) {
- if ((flags & TSK_HDB_FLAG_QUICK)
- || (hdb_info->db_type == TSK_HDB_DBTYPE_IDXONLY_ID)) {
- sqlite3_reset(m_stmt);
- tsk_release_lock(&hdb_info->lock);
- return 1;
- } else {
- for (i = 0; i < len; i++) {
- hashbuf[2 * i] = hex[(hash[i] >> 4) & 0xf];
- hashbuf[2 * i + 1] = hex[hash[i] & 0xf];
- }
- hashbuf[2 * len] = '\0';
-
- offset = sqlite3_column_int64(m_stmt, 1);
- sqlite3_reset(m_stmt);
-
- if (hdb_info->getentry(hdb_info, hashbuf, offset, flags, action, ptr)) {
- tsk_release_lock(&hdb_info->lock);
- tsk_error_set_errstr2("hdb_lookup");
- return -1;
- }
- return 1;
- }
- }
-
- sqlite3_reset(m_stmt);
+ if (ret != -1) {
+ prepare_stmt(selectStmt, &stmt, hdb_info->idx_info->idx_struct.idx_sqlite_v1->hIdx_sqlite);
+
+ if (attempt(sqlite3_bind_blob(stmt, 1, hash, len, free),
+ SQLITE_OK,
+ "Error binding binary blob: %s\n",
+ hdb_info->idx_info->idx_struct.idx_sqlite_v1->hIdx_sqlite)) {
+ ret = -1;
+ } else {
+ // Found a match
+ if (sqlite3_step(stmt) == SQLITE_ROW) {
+ if ((flags & TSK_HDB_FLAG_QUICK)
+ || (hdb_info->db_type == TSK_HDB_DBTYPE_IDXONLY_ID)) {
+
+ // There is just an index, so no other info to get
+ ///@todo Look up a name in the sqlite db
+ ret = 1;
+ } else {
+ // Use offset to get more info
+ for (i = 0; i < len; i++) {
+ hashbuf[2 * i] = hex[(hash[i] >> 4) & 0xf];
+ hashbuf[2 * i + 1] = hex[hash[i] & 0xf];
+ }
+ hashbuf[2 * len] = '\0';
+
+ offset = sqlite3_column_int64(stmt, 1);
+
+ if (hdb_info->getentry(hdb_info, hashbuf, offset, flags, action, ptr)) {
+ tsk_error_set_errstr2("hdb_lookup");
+ ret = -1;
+ } else {
+ ret = 1;
+ }
+ }
+ }
+ }
+
+ sqlite3_reset(stmt);
- tsk_release_lock(&hdb_info->lock);
+ if (stmt) {
+ finalize_stmt(stmt);
+ }
+ }
+ }
- return 0;
+ tsk_release_lock(&hdb_info->lock);
+ return ret;
}
diff --git a/tsk/hashdb/tm_lookup.cpp b/tsk/hashdb/tm_lookup.cpp
index 1c97f0567f664947ed5a6540b708bc3f13e79709..cc663b0b60e641961a21ee65ca504e51582e887d 100644
--- a/tsk/hashdb/tm_lookup.cpp
+++ b/tsk/hashdb/tm_lookup.cpp
@@ -57,8 +57,7 @@ tsk_hdb_lookup_str(TSK_HDB_INFO * hdb_info, const char *hash,
return -1;
}
- return hdb_info->idx_info->lookup_str(hdb_info, hash, flags, action, ptr);
-
+ return hdb_info->idx_info->lookup_str(hdb_info, hash, flags, action, ptr);
}
/**