Merge branch 'develop' of github.com:sleuthkit/sleuthkit into 8160-dataArtifactEvents

30a2e120 · Greg DiCristofaro · 536f3a9a · 2b4a45b8 · 30a2e120 · 30a2e120
Commit 30a2e120 authored 3 years ago by Greg DiCristofaro
--- a/README.md
+++ b/README.md
@@ -15,8 +15,8 @@ the tool or customize it to specific needs.
 The Sleuth Kit uses code from the file system analysis tools of
 The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer.  The
 TCT code was modified for platform independence.  In addition,
-support was added for the NTFS (see [wiki/ntfs](http://wiki.sleuthkit.org/index.php?title=FAT_Implementation_Notes)) 
+support was added for the NTFS (see [wiki/ntfs](http://wiki.sleuthkit.org/index.php?title=NTFS_Implementation_Notes)) 
-and FAT (see [wiki/fat](http://wiki.sleuthkit.org/index.php?title=NTFS_Implementation_Notes)) file systems.  Previously, The Sleuth Kit was
+and FAT (see [wiki/fat](http://wiki.sleuthkit.org/index.php?title=FAT_Implementation_Notes)) file systems.  Previously, The Sleuth Kit was
 called The @stake Sleuth Kit (TASK).  The Sleuth Kit is now independent
 of any commercial or academic organizations.

--- a/bindings/java/src/org/sleuthkit/datamodel/Blackboard.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/Blackboard.java
@@ -1766,53 +1766,49 @@ private long getArtifactsCountHelper(int artifactTypeID, String whereClause) thr
 		}
 	}
-	/*
+	/**
-	 * Determine if an artifact of a given type exists for given content with a
+	 * Determines whether or not an artifact of a given type with a given set of
-	 * specific list of attributes.
+	 * attributes already exists for a given content.
 	 *
-	 * @param content The content whose artifacts need to be looked at. @param
+	 * @param content      The content.
-	 * artifactType The type of artifact to look for. @param attributesList The
+	 * @param artifactType The artifact type.
-	 * list of attributes to look for.
+	 * @param attributes   The attributes.
 	 *
-	 * @return True if the specific artifact exists; otherwise false.
+	 * @return True or false
 	 *
-	 * @throws TskCoreException If there is a problem getting artifacts or
+	 * @throws TskCoreException The exception is thrown if there is an issue
-	 * attributes.
+	 *                          querying the case database.
 	 */
-	public boolean artifactExists(Content content, BlackboardArtifact.ARTIFACT_TYPE artifactType,
+	public boolean artifactExists(Content content, BlackboardArtifact.Type artifactType, Collection<BlackboardAttribute> attributes) throws TskCoreException {
-			Collection<BlackboardAttribute> attributesList) throws TskCoreException {
+		List<BlackboardArtifact> existingArtifacts = content.getArtifacts(artifactType.getTypeID());
+		for (BlackboardArtifact artifact : existingArtifacts) {
-		ArrayList<BlackboardArtifact> artifactsList;
+			if (attributesMatch(artifact.getAttributes(), attributes)) {
-		/*
-		 * Get the content's artifacts.
-		 */
-		artifactsList = content.getArtifacts(artifactType);
-		if (artifactsList.isEmpty()) {
-			return false;
-		}
-		/*
-		 * Get each artifact's attributes and analyze them for matches.
-		 */
-		for (BlackboardArtifact artifact : artifactsList) {
-			if (attributesMatch(artifact.getAttributes(), attributesList)) {
-				/*
-				 * The exact artifact exists, so we don't need to look any
-				 * further.
-				 */
 				return true;
 			}
 		}
-		/*
-		 * None of the artifacts have the exact set of attribute type/value
-		 * combinations. The provided content does not have the artifact being
-		 * sought.
-		 */
 		return false;
 	}
+	/**
+	 * Determines whether or not an artifact of a given type with a given set of
+	 * attributes already exists for a given content.
+	 *
+	 * @param content      The content.
+	 * @param artifactType The artifact type.
+	 * @param attributes   The attributes.
+	 *
+	 * @return True or false
+	 *
+	 * @throws TskCoreException The exception is thrown if there is an issue
+	 *                          querying the case database.
+	 * @deprecated Use artifactExists(Content content, BlackboardArtifact.Type
+	 * artifactType, Collection\<BlackboardAttribute\> attributes) instead.
+	 */
+	@Deprecated
+	public boolean artifactExists(Content content, BlackboardArtifact.ARTIFACT_TYPE artifactType, Collection<BlackboardAttribute> attributes) throws TskCoreException {		
+		return artifactExists(content, getArtifactType(artifactType.getTypeID()), attributes);
+	}
 	/**
 	 * Determine if the expected attributes can all be found in the supplied
 	 * file attributes list.

--- a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/CommunicationArtifactsHelper.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/CommunicationArtifactsHelper.java
@@ -946,7 +946,7 @@ public void addAttachments(BlackboardArtifact message, MessageAttachments attach
 				assocObjectArtifacts.add(artifact);
 			}
 		}
 		try {
 			Optional<Long> ingestJobId = getIngestJobId();
 			getSleuthkitCase().getBlackboard().postArtifacts(assocObjectArtifacts, getModuleName(), ingestJobId.orElse(null));