diff --git a/.gitignore b/.gitignore
index 0b1b20d0d86e0d82aa0c1089164e960f414968f8..ec36fca6ef11652f80fa9664739b9589e6b6cdfc 100755
--- a/.gitignore
+++ b/.gitignore
@@ -82,6 +82,7 @@ rejistry++/msvcpp/rejistry++/ipch
# Release files
release/sleuthkit-*
+release/clone
# IntelliSense data
/win32/*.ncb
@@ -116,6 +117,7 @@ Makefile
stamp-h1
tsk/tsk_config.h
tsk/tsk_incs.h
+tsk/tsk.pc
aclocal.m4
autom4te.cache
config.log
@@ -190,6 +192,7 @@ unit_tests/base/test_base
*.E01
*.vmdk
+sleuthkit-*.tar.gz
#Test data folder
diff --git a/Makefile.am b/Makefile.am
index b82318567563d11ac532d69831ff5783753dfbad..207cce4fab5789a1d4720c50de6e0013f6a458fa 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -24,9 +24,11 @@ EXTRA_DIST = README_win32.txt README.md INSTALL.txt ChangeLog.txt NEWS.txt API-C
bindings/java/src/org/sleuthkit/datamodel/Examples/*.java \
bindings/java/src/*.html \
case-uco/java/*.xml \
+ case-uco/java/*.md \
case-uco/java/nbproject/*.xml \
case-uco/java/nbproject/*.properties \
- case-uco/java/src/org/sleuthkit/caseuco/*.java
+ case-uco/java/src/org/sleuthkit/caseuco/*.java \
+ case-uco/java/test/org/sleuthkit/caseuco/*.java
ACLOCAL_AMFLAGS = -I m4
diff --git a/bindings/java/doxygen/artifact_catalog.dox b/bindings/java/doxygen/artifact_catalog.dox
index 41a666328a03aa16346449faac896f98e8acee7d..5f780c912b1f0e28ab9a1e80a57bc2caf99346ca 100644
--- a/bindings/java/doxygen/artifact_catalog.dox
+++ b/bindings/java/doxygen/artifact_catalog.dox
@@ -26,6 +26,7 @@ Describes how a data source was used, e.g., as a SIM card or an OS drive (such a
### REQUIRED ATTRIBUTES
- TSK_DESCRIPTION (Description of the usage, e.g., "OS Drive (Windows Vista)").
+
---
## TSK_ENCRYPTION_DETECTED
An indication that the content is encrypted.
@@ -33,6 +34,7 @@ An indication that the content is encrypted.
### REQUIRED ATTRIBUTES
- TSK_COMMENT (A comment on the encryption, e.g., encryption type or password)
+
---
## TSK_ENCRYPTION_SUSPECTED
An indication that the content is likely encrypted.
@@ -40,6 +42,7 @@ An indication that the content is likely encrypted.
### REQUIRED ATTRIBUTES
- TSK_COMMENT (Reason for suspecting encryption)
+
---
## TSK_EXT_MISMATCH_DETECTED
An indication that the registered extensions for a file's mime type do not match the file's extension.
@@ -47,6 +50,7 @@ An indication that the registered extensions for a file's mime type do not match
### REQUIRED ATTRIBUTES
None
+
---
## TSK_FACE_DETECTED
An indication that a human face was detected in some content.
@@ -54,6 +58,7 @@ An indication that a human face was detected in some content.
### REQUIRED ATTRIBUTES
None
+
---
## TSK_HASHSET_HIT
Indicates that the MD5 hash of a file matches a set of known MD5s (possibly user defined).
@@ -64,6 +69,7 @@ Indicates that the MD5 hash of a file matches a set of known MD5s (possibly user
### OPTIONAL ATTRIBUTES
- TSK_COMMENT (Additional comments about the hit)
+
---
## TSK_INTERESTING_ARTIFACT_HIT
Indicates that the source artifact matches some set of criteria which deem it interesting. Artifacts with this meta artifact will be brought to the attention of the user.
@@ -76,6 +82,7 @@ Indicates that the source artifact matches some set of criteria which deem it in
- TSK_COMMENT (Comment on the reason that the source artifact is interesting)
- TSK_CATEGORY (The set membership rule that was satisfied)
+
---
## TSK_INTERESTING_FILE_HIT
Indication that the source file matches some set of criteria (possibly user defined) which deem it interesting. Files with this artifact will be brought to the attention of the user.
@@ -87,6 +94,7 @@ Indication that the source file matches some set of criteria (possibly user defi
- TSK_COMMENT (Comment on the reason that the source artifact is interesting)
- TSK_CATEGORY (The set membership rule that was satisfied. I.e. a particular mime)
+
---
## TSK_KEYWORD_HIT
Indication that the source artifact or file contains a keyword. Keywords are grouped into named sets.
@@ -101,6 +109,7 @@ Indication that the source artifact or file contains a keyword. Keywords are gro
### OPTIONAL ATTRIBUTES
- TSK_KEYWORD_PREVIEW (Snippet of text around keyword)
+
---
## TSK_OBJECT_DETECTED
Indicates that an object was detected in a media file. Typically used by computer vision software to classify images.
@@ -111,6 +120,7 @@ Indicates that an object was detected in a media file. Typically used by compute
### OPTIONAL ATTRIBUTES
- TSK_DESCRIPTION (Additional comments about the object or observer, e.g., what detected the object)
+
---
## TSK_USER_CONTENT_SUSPECTED
An indication that some media file content was generated by the user.
@@ -118,6 +128,7 @@ An indication that some media file content was generated by the user.
### REQUIRED ATTRIBUTES
- TSK_COMMENT (The reason why user-generated content is suspected)
+
---
## TSK_VERIFICATION_FAILED
An indication that some data did not pass verification. One example would be verifying a SHA-1 hash.
@@ -125,6 +136,7 @@ An indication that some data did not pass verification. One example would be ver
### REQUIRED ATTRIBUTES
- TSK_COMMENT (Reason for failure, what failed)
+
---
## TSK_WEB_ACCOUNT_TYPE
A web account type entry.
@@ -134,6 +146,7 @@ A web account type entry.
- TSK_TEXT (Indicates type of account (admin/moderator/user) and possible platform)
- TSK_URL (URL indicating the user has an account on this domain)
+
---
## TSK_WEB_CATEGORIZATION
The categorization of a web host using a specific usage type, e.g. mail.google.com would correspond to Web Email.
@@ -143,6 +156,7 @@ The categorization of a web host using a specific usage type, e.g. mail.google.c
- TSK_DOMAIN (The domain of the host, e.g. google.com)
- TSK_HOST (The full host, e.g. mail.google.com)
+
---
## TSK_YARA_HIT
Indicates that the some content of the file was a hit for a YARA rule match.
@@ -151,6 +165,7 @@ Indicates that the some content of the file was a hit for a YARA rule match.
- TSK_RULE (The rule that was a hit for this file)
- TSK_SET_NAME (Name of the rule set containing the matching rule YARA rule)
+
---
## TSK_METADATA_EXIF
EXIF metadata found in an image or audio file.
@@ -192,8 +207,8 @@ TSK_CARD_NUMBER (Credit card number)
- TSK_KEYWORD_SEARCH_DOCUMENT_ID (Document ID of the Solr document that contains the TSK_CARD_NUMBER when the account is a credit card discovered by the Autopsy regular expression search for credit cards)
- TSK_SET_NAME (The keyword list name, i.e., "Credit Card Numbers", when the account is a credit card discovered by the Autopsy regular expression search for credit cards)
----
+---
## TSK_ASSOCIATED_OBJECT
Provides a backwards link to an artifact that references the parent file of this artifact. Example usage is that a downloaded file will have this artifact and it will point back to the TSK_WEB_DOWNLOAD artifact that is associated with a browser's SQLite database. See \ref jni_bb_associated_object.
@@ -212,7 +227,6 @@ Details about System/aplication/file backups.
- TSK_DATETIME_END (Date/Time the backup ended)
-
---
## TSK_BLUETOOTH_ADAPTER
Details about a Bluetooth adapter.
@@ -252,7 +266,6 @@ A calendar entry in an application file or database.
- TSK_DATETIME_END (End of the entry, in seconds since 1970-01-01T00:00:00Z)
-
---
## TSK_CALLLOG
A call log record in an application file or database.
@@ -270,7 +283,6 @@ A call log record in an application file or database.
- TSK_NAME (The name of the caller or callee)
-
---
## TSK_CLIPBOARD_CONTENT
Data found on the operating system's clipboard.
@@ -279,7 +291,6 @@ Data found on the operating system's clipboard.
- TSK_TEXT (Text on the clipboard)
-
---
## TSK_CONTACT
A contact book entry in an application file or database.
@@ -300,8 +311,6 @@ A contact book entry in an application file or database.
- TSK_URL (e.g., the URL of an image if the contact is a vCard)
-
-
---
## TSK_DELETED_PROG
Programs that have been deleted from the system.
@@ -314,7 +323,6 @@ Programs that have been deleted from the system.
- TSK_PATH (Location where the program resided before being deleted)
-
---
## TSK_DEVICE_ATTACHED
Details about a device that was physically attached to a data source.
@@ -329,7 +337,6 @@ Details about a device that was physically attached to a data source.
- TSK_MAC_ADDRESS (Mac address of the attached device)
-
---
## TSK_DEVICE_INFO
Details about a device data source.
@@ -341,7 +348,6 @@ Details about a device data source.
- TSK_IMSI (IMSI number of the device)
-
---
## TSK_EMAIL_MSG
An email message found in an application file or database.
@@ -364,6 +370,7 @@ An email message found in an application file or database.
- TSK_SUBJECT (Subject of the email message)
- TSK_THREAD_ID (ID specified by the analysis module to group emails into threads for display purposes)
+
---
## TSK_EXTRACTED_TEXT
Text extracted from some content.
@@ -371,6 +378,7 @@ Text extracted from some content.
### REQUIRED ATTRIBUTES
- TSK_TEXT (The extracted text)
+
---
## TSK_GEN_INFO
A generic information artifact. Each content object will have at most one TSK_GEN_INFO artifact, which is easily accessed through org.sleuthkit.datamodel.AbstractContent.getGenInfoArtifact() and related methods. The TSK_GEN_INFO object is useful for storing values related to the content object without making a new artifact type.
@@ -381,6 +389,7 @@ None
### OPTIONAL ATTRIBUTES
- TSK_PHOTODNA_HASH (The PhotoDNA hash of an image)
+
---
## TSK_GPS_AREA
An outline of an area.
@@ -393,6 +402,7 @@ An outline of an area.
- TSK_NAME (Name of the area, e.g., Minute Man Trail)
- TSK_PROG_NAME (Name of the application that was the source of the GPS route)
+
---
## TSK_GPS_BOOKMARK
A bookmarked GPS location or saved waypoint.
@@ -409,7 +419,6 @@ A bookmarked GPS location or saved waypoint.
- TSK_PROG_NAME (Name of the application that was the source of the GPS bookmark)
-
---
## TSK_GPS_LAST_KNOWN_LOCATION
The last known location of a GPS connected device. This may be from a perspective other than the device.
@@ -425,7 +434,6 @@ The last known location of a GPS connected device. This may be from a perspectiv
- TSK_NAME (The name of the last known location. Ex: Boston)
-
---
## TSK_GPS_ROUTE
A GPS route.
@@ -440,7 +448,6 @@ A GPS route.
- TSK_PROG_NAME (Name of the application that was the source of the GPS route)
-
---
## TSK_GPS_SEARCH
A GPS location that was known to have been searched by the device or user.
@@ -456,7 +463,6 @@ A GPS location that was known to have been searched by the device or user.
- TSK_NAME (The name of the target location, e.g., Boston)
-
---
## TSK_GPS_TRACK
A Global Positioning System (GPS) track artifact records the track, or path, of a GPS-enabled dvice as a connected series of track points. A track point is a location in a geographic coordinate system with latitude, longitude and altitude (elevation) axes.
@@ -469,7 +475,6 @@ A Global Positioning System (GPS) track artifact records the track, or path, of
- TSK_PROG_NAME (Name of application containing the GPS trackpoint set)
-
---
## TSK_INSTALLED_PROG
Details about an installed program.
@@ -484,6 +489,7 @@ Details about an installed program.
- TSK_PERMISSIONS (Permissions of the installed program)
- TSK_VERSION (Version number of the program)
+
---
## TSK_MESSAGE
A message that is found in some content.
@@ -506,7 +512,6 @@ A message that is found in some content.
- TSK_THREAD_ID (ID for keeping threaded messages together)
-
---
## TSK_METADATA
General metadata for some content.
@@ -525,6 +530,7 @@ None
- TSK_USER_ID (Last author of the document)
- TSK_VERSION (Version number of the program used to create the document)
+
---
## TSK_OS_INFO
Details about an operating system recovered from the data source.
@@ -545,7 +551,6 @@ Details about an operating system recovered from the data source.
- TSK_VERSION (Version of the OS)
-
---
## TSK_PROG_NOTIFICATIONS
Notifications to the user.
@@ -559,7 +564,6 @@ Notifications to the user.
- TSK_VALUE (Message being sent or received)
-
---
## TSK_PROG_RUN
The number of times a program/application was run.
@@ -577,7 +581,6 @@ The number of times a program/application was run.
- TSK_PATH (Path of the executable program)
-
---
## TSK_RECENT_OBJECT
Indicates recently accessed content. Examples: Recent Documents or Recent Downloads menu items on Windows.
@@ -594,7 +597,6 @@ Indicates recently accessed content. Examples: Recent Documents or Recent Downlo
- TSK_COMMENT (What the source of the attribute may be)
-
---
## TSK_REMOTE_DRIVE
Details about a remote drive found in the data source.
@@ -606,7 +608,6 @@ Details about a remote drive found in the data source.
- TSK_LOCAL_PATH (The local path of this remote drive. This path may be mapped, e.g., 'D:/' or 'F:/')
-
---
## TSK_SCREEN_SHOTS
Screenshots from a device or application.
@@ -642,7 +643,6 @@ An application or web user account.
- TSK_USER_NAME (User name of the service account)
-
---
## TSK_SIM_ATTACHED
Details about a SIM card that was physically attached to the device.
@@ -653,7 +653,6 @@ Details about a SIM card that was physically attached to the device.
- TSK_IMSI (IMSI number of this SIM card)
-
---
## TSK_SPEED_DIAL_ENTRY
A speed dial entry.
@@ -666,7 +665,6 @@ A speed dial entry.
- TSK_SHORTCUT (Keyboard shortcut)
-
---
## TSK_TL_EVENT
An event in the timeline of a case.
@@ -676,6 +674,7 @@ An event in the timeline of a case.
- TSK_DATETIME (When the event occurred, in seconds since 1970-01-01T00:00:00Z)
- TSK_DESCRIPTION (A description of the event)
+
---
## TSK_USER_DEVICE_EVENT
Activity on the system or from an application. Example usage is a mobile device being locked and unlocked.
@@ -689,6 +688,7 @@ Activity on the system or from an application. Example usage is a mobile device
- TSK_PROG_NAME (Name of the program doing the activity)
- TSK_VALUE (Connection type)
+
---
## TSK_WEB_BOOKMARK
A web bookmark entry.
@@ -703,6 +703,7 @@ A web bookmark entry.
- TSK_NAME (Name of the bookmark entry)
- TSK_TITLE (Title of the web page that was bookmarked)
+
---
## TSK_WEB_CACHE
A web cache entry. The resource that was cached may or may not be present in the data source.
@@ -717,6 +718,7 @@ A web cache entry. The resource that was cached may or may not be present in the
- TSK_PATH_ID (Object ID of the source cache file)
- TSK_DOMAIN (Domain of the URL)
+
---
## TSK_WEB_COOKIE
A Web cookie found.
@@ -734,7 +736,6 @@ A Web cookie found.
- TSK_PROG_NAME (Name of the application or application extractor that stored the Web cookie)
-
---
## TSK_WEB_DOWNLOAD
A Web download. The downloaded resource may or may not be present in the data source.
@@ -750,7 +751,6 @@ A Web download. The downloaded resource may or may not be present in the data so
- TSK_PROG_NAME (Name of the application or application extractor that downloaded this resource)
-
---
## TSK_WEB_FORM_ADDRESS
Contains autofill data for a person's address. Form data is usually saved by a Web browser.
@@ -803,7 +803,6 @@ A Web history entry.
- TSK_DATETIME_CREATED (The datetime the page was created, ie: offline pages)
-
---
## TSK_WEB_SEARCH_QUERY
Details about a Web search query.
@@ -817,7 +816,6 @@ Details about a Web search query.
- TSK_PROG_NAME (Application or application extractor that stored the Web search query)
-
---
## TSK_WIFI_NETWORK
Details about a WiFi network.
diff --git a/bindings/java/src/org/sleuthkit/datamodel/AbstractContent.java b/bindings/java/src/org/sleuthkit/datamodel/AbstractContent.java
index f16830f626477bd878c5835d658e4985b326f276..9dd3dc02e2a467a50e3152c4b3be38b517faa2e1 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/AbstractContent.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/AbstractContent.java
@@ -379,7 +379,7 @@ public DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collec
if (osAccountId != null) {
try (CaseDbConnection connection = db.getConnection()) {
- db.getOsAccountManager().newOsAccountInstance(osAccountId, getDataSource().getId(), OsAccountInstance.OsAccountInstanceType.LAUNCHED, connection);
+ db.getOsAccountManager().newOsAccountInstance(osAccountId, getDataSource().getId(), OsAccountInstance.OsAccountInstanceType.ACCESSED, connection);
}
}
return artifact;
@@ -391,7 +391,7 @@ public DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collec
if (osAccountId != null) {
try (CaseDbConnection connection = db.getConnection()) {
- db.getOsAccountManager().newOsAccountInstance(osAccountId, dataSourceId, OsAccountInstance.OsAccountInstanceType.LAUNCHED, connection);
+ db.getOsAccountManager().newOsAccountInstance(osAccountId, dataSourceId, OsAccountInstance.OsAccountInstanceType.ACCESSED, connection);
}
}
return artifact;
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Blackboard.java b/bindings/java/src/org/sleuthkit/datamodel/Blackboard.java
old mode 100644
new mode 100755
index 6df67e88659a184ef3d82dc39da5ab9b410e7bc5..3f029997c6c843ccc1453b86f5294f48c00fd5cf
--- a/bindings/java/src/org/sleuthkit/datamodel/Blackboard.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/Blackboard.java
@@ -139,7 +139,7 @@ public BlackboardArtifact.Type getOrAddArtifactType(String typeName, String disp
if (category == null) {
throw new BlackboardException("Category provided must be non-null");
}
-
+
try {
return caseDb.addBlackboardArtifactType(typeName, displayName, category);
} catch (TskDataException typeExistsEx) {
@@ -356,7 +356,6 @@ private Score deleteAnalysisResult(AnalysisResult analysisResult, CaseDbTransact
+ " WHERE arts.review_status_id != " + BlackboardArtifact.ReviewStatus.REJECTED.getID() //NON-NLS
+ " AND types.category_type = " + BlackboardArtifact.Category.ANALYSIS_RESULT.getID(); // NON-NLS
-
/**
* Get all analysis results of given artifact type.
*
@@ -374,9 +373,9 @@ public List<AnalysisResult> getAnalysisResultsByType(int artifactTypeId) throws
/**
* Get all analysis results of given artifact type.
*
- * @param artifactTypeId The artifact type id for which to search.
+ * @param artifactTypeId The artifact type id for which to search.
* @param dataSourceObjId Object Id of the data source to look under.
- *
+ *
* @return The list of analysis results.
*
* @throws TskCoreException Exception thrown if a critical error occurs
@@ -386,7 +385,6 @@ public List<AnalysisResult> getAnalysisResultsByType(int artifactTypeId, long da
return getAnalysisResultsWhere(" arts.artifact_type_id = " + artifactTypeId + " AND arts.data_source_obj_id = " + dataSourceObjId);
}
-
/**
* Get all analysis results for a given object.
*
@@ -400,8 +398,7 @@ public List<AnalysisResult> getAnalysisResultsByType(int artifactTypeId, long da
public List<AnalysisResult> getAnalysisResults(long sourceObjId) throws TskCoreException {
return getAnalysisResultsWhere(" arts.obj_id = " + sourceObjId);
}
-
-
+
/**
* Get all data artifacts for a given object.
*
@@ -420,43 +417,53 @@ List<DataArtifact> getDataArtifactsBySource(long sourceObjId) throws TskCoreExce
caseDb.releaseSingleUserCaseReadLock();
}
}
-
-
+
/**
* Returns true if there are data artifacts belonging to the sourceObjId.
+ *
* @param sourceObjId The source content object id.
+ *
* @return True if there are data artifacts belonging to this source obj id.
- * @throws TskCoreException
+ *
+ * @throws TskCoreException
*/
public boolean hasDataArtifacts(long sourceObjId) throws TskCoreException {
return hasArtifactsOfCategory(BlackboardArtifact.Category.DATA_ARTIFACT, sourceObjId);
}
-
+
/**
* Returns true if there are analysis results belonging to the sourceObjId.
+ *
* @param sourceObjId The source content object id.
- * @return True if there are analysis results belonging to this source obj id.
- * @throws TskCoreException
+ *
+ * @return True if there are analysis results belonging to this source obj
+ * id.
+ *
+ * @throws TskCoreException
*/
public boolean hasAnalysisResults(long sourceObjId) throws TskCoreException {
return hasArtifactsOfCategory(BlackboardArtifact.Category.ANALYSIS_RESULT, sourceObjId);
}
-
-
+
/**
- * Returns true if there are artifacts of the given category belonging to the sourceObjId.
- * @param category The category of the artifacts.
+ * Returns true if there are artifacts of the given category belonging to
+ * the sourceObjId.
+ *
+ * @param category The category of the artifacts.
* @param sourceObjId The source content object id.
- * @return True if there are artifacts of the given category belonging to this source obj id.
- * @throws TskCoreException
+ *
+ * @return True if there are artifacts of the given category belonging to
+ * this source obj id.
+ *
+ * @throws TskCoreException
*/
private boolean hasArtifactsOfCategory(BlackboardArtifact.Category category, long sourceObjId) throws TskCoreException {
String queryString = "SELECT COUNT(*) AS count " //NON-NLS
- + " FROM blackboard_artifacts AS arts "
- + " JOIN blackboard_artifact_types AS types " //NON-NLS
- + " ON arts.artifact_type_id = types.artifact_type_id" //NON-NLS
- + " WHERE types.category_type = " + category.getID()
- + " AND arts.obj_id = " + sourceObjId;
+ + " FROM blackboard_artifacts AS arts "
+ + " JOIN blackboard_artifact_types AS types " //NON-NLS
+ + " ON arts.artifact_type_id = types.artifact_type_id" //NON-NLS
+ + " WHERE types.category_type = " + category.getID()
+ + " AND arts.obj_id = " + sourceObjId;
caseDb.acquireSingleUserCaseReadLock();
try (SleuthkitCase.CaseDbConnection connection = caseDb.getConnection();
@@ -473,9 +480,6 @@ private boolean hasArtifactsOfCategory(BlackboardArtifact.Category category, lon
}
}
-
-
-
/**
* Get all analysis results for a given object.
*
@@ -630,6 +634,31 @@ private List<AnalysisResult> resultSetToAnalysisResults(ResultSet resultSet) thr
+ " WHERE artifacts.review_status_id != " + BlackboardArtifact.ReviewStatus.REJECTED.getID() //NON-NLS
+ " AND types.category_type = " + BlackboardArtifact.Category.DATA_ARTIFACT.getID(); // NON-NLS
+ /**
+ * Gets all data artifacts of a given type for a given data source. To get
+ * all the data artifacts for the data source, pass null for the type ID.
+ *
+ * @param dataSourceObjId The object ID of the data source.
+ * @param artifactTypeID The type ID of the desired artifacts or null.
+ *
+ * @return A list of the data artifacts, possibly empty.
+ *
+ * @throws TskCoreException This exception is thrown if there is an error
+ * querying the case database.
+ */
+ public List<DataArtifact> getDataArtifacts(long dataSourceObjId, Integer artifactTypeID) throws TskCoreException {
+ caseDb.acquireSingleUserCaseReadLock();
+ try (CaseDbConnection connection = caseDb.getConnection()) {
+ String whereClause = " artifacts.data_source_obj_id = " + dataSourceObjId;
+ if (artifactTypeID != null) {
+ whereClause += " AND artifacts.artifact_type_id = " + artifactTypeID;
+ }
+ return getDataArtifactsWhere(whereClause, connection);
+ } finally {
+ caseDb.releaseSingleUserCaseReadLock();
+ }
+ }
+
/**
* Get all data artifacts of a given type for a given data source.
*
@@ -786,14 +815,14 @@ private List<DataArtifact> resultSetToDataArtifacts(ResultSet resultSet, CaseDbC
*
* @return The artifact type.
*
- * @throws TskCoreException If an error occurs accessing the case database
- * or no value is found.
+ * @throws TskCoreException If an error occurs accessing the case database
+ * or no value is found.
*
*/
public BlackboardArtifact.Type getArtifactType(int artTypeId) throws TskCoreException {
return caseDb.getArtifactType(artTypeId);
}
-
+
/**
* Gets an attribute type, creating it if it does not already exist. Use
* this method to define custom attribute types.
@@ -852,7 +881,7 @@ public List<BlackboardArtifact.Type> getArtifactTypesInUse(long dataSourceObjId)
List<BlackboardArtifact.Type> uniqueArtifactTypes = new ArrayList<>();
while (resultSet.next()) {
uniqueArtifactTypes.add(new BlackboardArtifact.Type(resultSet.getInt("artifact_type_id"),
- resultSet.getString("type_name"), resultSet.getString("display_name"),
+ resultSet.getString("type_name"), resultSet.getString("display_name"),
BlackboardArtifact.Category.fromID(resultSet.getInt("category_type"))));
}
return uniqueArtifactTypes;
@@ -1098,7 +1127,6 @@ private boolean attributesMatch(Collection<BlackboardAttribute> fileAttributesLi
}
-
/**
* A Blackboard exception.
*/
diff --git a/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java b/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
index a1d8c218a8656ad86d496b3887db607fc857860f..35afad3414ed657173bbbaff93083fdc00585c7a 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
@@ -23,7 +23,6 @@
import java.sql.SQLException;
import java.text.MessageFormat;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
@@ -711,7 +710,7 @@ public BlackboardArtifact newArtifact(int artifactTypeID) throws TskCoreExceptio
public AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection<BlackboardAttribute> attributesList) throws TskCoreException {
CaseDbTransaction trans = sleuthkitCase.beginTransaction();
try {
- AnalysisResultAdded resultAdded = sleuthkitCase.getBlackboard().newAnalysisResult(artifactType, this.getObjectID(), this.getDataSource().getId(), score, conclusion, configuration, justification, attributesList, trans);
+ AnalysisResultAdded resultAdded = sleuthkitCase.getBlackboard().newAnalysisResult(artifactType, this.getId(), this.getDataSource().getId(), score, conclusion, configuration, justification, attributesList, trans);
trans.commit();
return resultAdded;
@@ -725,7 +724,7 @@ public AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactTyp
public AnalysisResultAdded newAnalysisResult(BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection<BlackboardAttribute> attributesList, long dataSourceId) throws TskCoreException {
CaseDbTransaction trans = sleuthkitCase.beginTransaction();
try {
- AnalysisResultAdded resultAdded = sleuthkitCase.getBlackboard().newAnalysisResult(artifactType, this.getObjectID(), dataSourceId, score, conclusion, configuration, justification, attributesList, trans);
+ AnalysisResultAdded resultAdded = sleuthkitCase.getBlackboard().newAnalysisResult(artifactType, this.getId(), dataSourceId, score, conclusion, configuration, justification, attributesList, trans);
trans.commit();
return resultAdded;
@@ -1288,6 +1287,27 @@ public static final class Type implements Serializable {
*/
public static final Type TSK_WEB_CATEGORIZATION = new BlackboardArtifact.Type(68, "TSK_WEB_CATEGORIZATION", bundle.getString("BlackboardArtifact.tskWebCategorization.text"), Category.ANALYSIS_RESULT);
+ /**
+ * Indicates that the file or artifact was previously seen in another Autopsy case.
+ */
+ public static final Type TSK_PREVIOUSLY_SEEN = new BlackboardArtifact.Type(69, "TSK_PREVIOUSLY_SEEN", bundle.getString("BlackboardArtifact.tskPreviouslySeen.text"), Category.ANALYSIS_RESULT);
+
+ /**
+ * Indicates that the file or artifact was previously unseen in another Autopsy case.
+ */
+ public static final Type TSK_PREVIOUSLY_UNSEEN = new BlackboardArtifact.Type(70, "TSK_PREVIOUSLY_UNSEEN", bundle.getString("BlackboardArtifact.tskPreviouslyUnseen.text"), Category.ANALYSIS_RESULT);
+
+ /**
+ * Indicates that the file or artifact was previously tagged as "Notable" in another Autopsy case.
+ */
+ public static final Type TSK_PREVIOUSLY_NOTABLE = new BlackboardArtifact.Type(71, "TSK_PREVIOUSLY_NOTABLE", bundle.getString("BlackboardArtifact.tskPreviouslyNotable.text"), Category.ANALYSIS_RESULT);
+
+ /**
+ * *TEMPORARY* Indicates that the artifact is associated with a persona.
+ */
+ public static final Type TSK_MATCHING_PERSONA = new BlackboardArtifact.Type(72, "TSK_MATCHING_PERSONA", bundle.getString("BlackboardArtifact.tskMatchingPersona.text"), Category.ANALYSIS_RESULT);
+
+
// NOTE: When adding a new standard BlackboardArtifact.Type, add the instance and then add to the STANDARD_TYPES map.
/**
* All standard artifact types with ids mapped to the type.
@@ -1353,7 +1373,11 @@ public static final class Type implements Serializable {
TSK_USER_DEVICE_EVENT,
TSK_YARA_HIT,
TSK_GPS_AREA,
- TSK_WEB_CATEGORIZATION
+ TSK_WEB_CATEGORIZATION,
+ TSK_PREVIOUSLY_SEEN,
+ TSK_PREVIOUSLY_UNSEEN,
+ TSK_PREVIOUSLY_NOTABLE,
+ TSK_MATCHING_PERSONA
).collect(Collectors.toMap(type -> type.getTypeID(), type -> type)));
private final String typeName;
@@ -1849,8 +1873,30 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
TSK_GPS_AREA(67, "TSK_GPS_AREA",
bundle.getString("BlackboardArtifact.tskGPSArea.text"), Category.DATA_ARTIFACT),
TSK_WEB_CATEGORIZATION(68, "TSK_WEB_CATEGORIZATION",
- bundle.getString("BlackboardArtifact.tskWebCategorization.text"), Category.ANALYSIS_RESULT),;
+ bundle.getString("BlackboardArtifact.tskWebCategorization.text"), Category.ANALYSIS_RESULT),
+ /**
+ * Indicates that the file or artifact was previously seen in another Autopsy case.
+ */
+ TSK_PREVIOUSLY_SEEN(69, "TSK_PREVIOUSLY_SEEN",
+ bundle.getString("BlackboardArtifact.tskPreviouslySeen.text"), Category.ANALYSIS_RESULT),
+ /**
+ * Indicates that the file or artifact was previously unseen in another Autopsy case.
+ */
+ TSK_PREVIOUSLY_UNSEEN(70, "TSK_PREVIOUSLY_UNSEEN",
+ bundle.getString("BlackboardArtifact.tskPreviouslyUnseen.text"), Category.ANALYSIS_RESULT),
+ /**
+ * Indicates that the file or artifact was previously tagged as "Notable" in another Autopsy case.
+ */
+ TSK_PREVIOUSLY_NOTABLE(71, "TSK_PREVIOUSLY_NOTABLE",
+ bundle.getString("BlackboardArtifact.tskPreviouslyNotable.text"), Category.ANALYSIS_RESULT),
+
+ /**
+ * *TEMPORARY* Indicates that the artifact is associated with a persona.
+ */
+ TSK_MATCHING_PERSONA(72, "TSK_MATCHING_PERSONA",
+ bundle.getString("BlackboardArtifact.tskMatchingPersona.text"), Category.ANALYSIS_RESULT);
+
/*
* To developers: For each new artifact, ensure that: - The enum value
* has 1-line JavaDoc description - The artifact catalog
diff --git a/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java b/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
index 5696355d4cd0f109aa1d5887208f19d78342418c..508c45bd795a892d5e30a1f290957bfd28bd0359 100755
--- a/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
@@ -609,6 +609,10 @@ public static final class Type implements Serializable {
public static final Type TSK_HOST = new Type(154, "TSK_HOST", bundle.getString("BlackboardAttribute.tskHost.text"), TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING);
public static final Type TSK_HOME_DIR = new Type(155, "TSK_HOME_DIR", bundle.getString("BlackboardAttribute.tskHomeDir.text"), TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING);
public static final Type TSK_IS_ADMIN = new Type(156, "TSK_IS_ADMIN", bundle.getString("BlackboardAttribute.tskIsAdmin.text"), TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.INTEGER);
+ public static final Type TSK_CORRELATION_TYPE = new Type(157, "TSK_CORRELATION_TYPE", bundle.getString("BlackboardAttribute.tskCorrelationType.text"), TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING);
+ public static final Type TSK_CORRELATION_VALUE = new Type(158, "TSK_CORRELATION_VALUE", bundle.getString("BlackboardAttribute.tskCorrelationValue.text"), TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING);
+ public static final Type TSK_OTHER_CASES = new Type(159, "TSK_OTHER_CASES", bundle.getString("BlackboardAttribute.tskOtherCases.text"), TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING);
+
// NOTE: When adding a new standard BlackboardAttribute.Type, add the instance and then add to the STANDARD_TYPES list.
/**
* A list of all the standard attribute types.
@@ -761,7 +765,10 @@ public static final class Type implements Serializable {
TSK_REALM,
TSK_HOST,
TSK_HOME_DIR,
- TSK_IS_ADMIN
+ TSK_IS_ADMIN,
+ TSK_CORRELATION_TYPE,
+ TSK_CORRELATION_VALUE,
+ TSK_OTHER_CASES
));
private static final long serialVersionUID = 1L;
@@ -1529,7 +1536,16 @@ public enum ATTRIBUTE_TYPE {
TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING),
TSK_IS_ADMIN(156, "TSK_IS_ADMIN",
bundle.getString("BlackboardAttribute.tskIsAdmin.text"),
- TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.INTEGER),;
+ TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.INTEGER),
+ TSK_CORRELATION_TYPE(157, "TSK_CORRELATION_TYPE",
+ bundle.getString("BlackboardAttribute.tskCorrelationType.text"),
+ TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING),
+ TSK_CORRELATION_VALUE(158, "TSK_CORRELATION_VALUE",
+ bundle.getString("BlackboardAttribute.tskCorrelationValue.text"),
+ TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING),
+ TSK_OTHER_CASES(159, "TSK_OTHER_CASES",
+ bundle.getString("BlackboardAttribute.tskOtherCases.text"),
+ TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING),;
private final int typeID;
private final String typeName;
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties b/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
index 08f80085abc599e1a553eece27e8e4a5c1119486..a55bcfc11abf62aeba1a91f1dc27fdd87d67f274 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
+++ b/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
@@ -64,6 +64,10 @@ BlackboardArtifact.tskUserDeviceEvent.text=User Device Events
BlackboardArtifact.shortDescriptionDate.text=at {0}
BlackboardArtifact.tskAssociatedObject.text=Associated Object
BlackboardArtifact.tskWebCategorization.text=Web Categories
+BlackboardArtifact.tskPreviouslySeen.text=Previously Seen
+BlackboardArtifact.tskPreviouslyUnseen.text=Previously Unseen
+BlackboardArtifact.tskPreviouslyNotable.text=Previously Notable
+BlackboardArtifact.tskMatchingPersona.text=Matching Persona
BlackboardArtifact.tskYaraHit.text=YARA Hit
BlackboardArtifact.tskGPSArea.text=GPS Area
BlackboardAttribute.tskAccountType.text=Account Type
@@ -216,6 +220,9 @@ BlackboardAttribute.tskRealm.text=Realm
BlackboardAttribute.tskHost.text=Host
BlackboardAttribute.tskHomeDir.text=Home Directory
BlackboardAttribute.tskIsAdmin.text=Is Administrator
+BlackboardAttribute.tskCorrelationType.text=Correlation Type
+BlackboardAttribute.tskCorrelationValue.text=Correlation Value
+BlackboardAttribute.tskOtherCases.text=Other Cases
AbstractFile.readLocal.exception.msg4.text=Error reading local file\: {0}
AbstractFile.readLocal.exception.msg1.text=Error reading local file, local path is not set
AbstractFile.readLocal.exception.msg2.text=Error reading local file, it does not exist at local path\: {0}
@@ -312,7 +319,9 @@ IngestJobInfo.IngestJobStatusType.Started.displayName=Started
IngestJobInfo.IngestJobStatusType.Cancelled.displayName=Cancelled
IngestJobInfo.IngestJobStatusType.Completed.displayName=Completed
IngestModuleInfo.IngestModuleType.FileLevel.displayName=File Level
+IngestModuleInfo.IngestModuleType.DataArtifact.displayName=Data Artifact
IngestModuleInfo.IngestModuleType.DataSourceLevel.displayName=Data Source Level
+IngestModuleInfo.IngestModuleType.Multiple.displayName=Multiple
ReviewStatus.Approved=Approved
ReviewStatus.Rejected=Rejected
ReviewStatus.Undecided=Undecided
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties-MERGED b/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties-MERGED
index 08f80085abc599e1a553eece27e8e4a5c1119486..a55bcfc11abf62aeba1a91f1dc27fdd87d67f274 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties-MERGED
+++ b/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties-MERGED
@@ -64,6 +64,10 @@ BlackboardArtifact.tskUserDeviceEvent.text=User Device Events
BlackboardArtifact.shortDescriptionDate.text=at {0}
BlackboardArtifact.tskAssociatedObject.text=Associated Object
BlackboardArtifact.tskWebCategorization.text=Web Categories
+BlackboardArtifact.tskPreviouslySeen.text=Previously Seen
+BlackboardArtifact.tskPreviouslyUnseen.text=Previously Unseen
+BlackboardArtifact.tskPreviouslyNotable.text=Previously Notable
+BlackboardArtifact.tskMatchingPersona.text=Matching Persona
BlackboardArtifact.tskYaraHit.text=YARA Hit
BlackboardArtifact.tskGPSArea.text=GPS Area
BlackboardAttribute.tskAccountType.text=Account Type
@@ -216,6 +220,9 @@ BlackboardAttribute.tskRealm.text=Realm
BlackboardAttribute.tskHost.text=Host
BlackboardAttribute.tskHomeDir.text=Home Directory
BlackboardAttribute.tskIsAdmin.text=Is Administrator
+BlackboardAttribute.tskCorrelationType.text=Correlation Type
+BlackboardAttribute.tskCorrelationValue.text=Correlation Value
+BlackboardAttribute.tskOtherCases.text=Other Cases
AbstractFile.readLocal.exception.msg4.text=Error reading local file\: {0}
AbstractFile.readLocal.exception.msg1.text=Error reading local file, local path is not set
AbstractFile.readLocal.exception.msg2.text=Error reading local file, it does not exist at local path\: {0}
@@ -312,7 +319,9 @@ IngestJobInfo.IngestJobStatusType.Started.displayName=Started
IngestJobInfo.IngestJobStatusType.Cancelled.displayName=Cancelled
IngestJobInfo.IngestJobStatusType.Completed.displayName=Completed
IngestModuleInfo.IngestModuleType.FileLevel.displayName=File Level
+IngestModuleInfo.IngestModuleType.DataArtifact.displayName=Data Artifact
IngestModuleInfo.IngestModuleType.DataSourceLevel.displayName=Data Source Level
+IngestModuleInfo.IngestModuleType.Multiple.displayName=Multiple
ReviewStatus.Approved=Approved
ReviewStatus.Rejected=Rejected
ReviewStatus.Undecided=Undecided
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Content.java b/bindings/java/src/org/sleuthkit/datamodel/Content.java
index 39df2ae626069ff0dec5310be61cb7e55873c011..5993ac460165046abba1e0ec0cf1603f181e397a 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/Content.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/Content.java
@@ -211,7 +211,7 @@ public interface Content extends SleuthkitVisitableItem {
* @param justification Justification
* @param attributesList Additional attributes to attach to this analysis
* result artifact.
- * @param dataDourcrId The data source for the analysis result
+ * @param dataSourceId The data source for the analysis result
*
* @return AnalysisResultAdded The analysis return added and the current
* aggregate score of content.
diff --git a/bindings/java/src/org/sleuthkit/datamodel/IngestModuleInfo.java b/bindings/java/src/org/sleuthkit/datamodel/IngestModuleInfo.java
index bec082446464559c1b1c4b89aababacb46e3f919..ef99ac17e393f23e261b4f8ab1c67296355dcc96 100755
--- a/bindings/java/src/org/sleuthkit/datamodel/IngestModuleInfo.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/IngestModuleInfo.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit Data Model
*
- * Copyright 2011-2016 Basis Technology Corp.
+ * Copyright 2014-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -21,7 +21,7 @@
import java.util.ResourceBundle;
/**
- * Class representing information about an ingest module, used in ingest job
+ * Represents information about an ingest module factory, used in ingest job
* info to show which ingest modules were run.
*/
public final class IngestModuleInfo {
@@ -32,12 +32,17 @@ public final class IngestModuleInfo {
* Used to keep track of the module types
*/
public static enum IngestModuleType {
- //DO NOT CHANGE ORDER
+ /*
+ * IMPORTANT: DO NOT CHANGE ORDER, THE ORDINAL VALUES OF THE ENUM ARE
+ * STORED IN THE CASE DATABASE
+ */
DATA_SOURCE_LEVEL(bundle.getString("IngestModuleInfo.IngestModuleType.DataSourceLevel.displayName")),
- FILE_LEVEL(bundle.getString("IngestModuleInfo.IngestModuleType.FileLevel.displayName"));
-
- private String displayName;
-
+ FILE_LEVEL(bundle.getString("IngestModuleInfo.IngestModuleType.FileLevel.displayName")),
+ DATA_ARTIFACT(bundle.getString("IngestModuleInfo.IngestModuleType.DataArtifact.displayName")),
+ MULTIPLE("IngestModuleInfo.IngestModuleType.Multiple.displayName");
+
+ private final String displayName;
+
private IngestModuleType(String displayName) {
this.displayName = displayName;
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/OsAccountManager.java b/bindings/java/src/org/sleuthkit/datamodel/OsAccountManager.java
index baf2a3e4fe4d8cf26f7dfa52795f2e9986e162eb..00d0a82cfab022fe974a14d2149db1edbd66aab4 100755
--- a/bindings/java/src/org/sleuthkit/datamodel/OsAccountManager.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/OsAccountManager.java
@@ -963,7 +963,10 @@ public Optional<OsAccount> getWindowsOsAccount(String sid, String loginName, Str
throw new OsAccountManager.NotUserSIDException(String.format("SID = %s is not a user SID.", sid));
}
- return this.getOsAccountByAddr(sid, realm.get());
+ Optional<OsAccount> account = this.getOsAccountByAddr(sid, realm.get());
+ if (account.isPresent()) {
+ return account;
+ }
}
// search by login name
@@ -1438,11 +1441,6 @@ private OsAccountUpdateResult updateOsAccountCore(OsAccount osAccount, String ad
throw new TskCoreException(String.format("Account (%d) already has an address (%s), address cannot be updated.", osAccount.getId(), osAccount.getAddr().orElse("NULL")));
}
- // if a new login name is provided and the account already has a loginname and they are not the same, throw an exception
- if (!StringUtils.isBlank(loginName) && !StringUtils.isBlank(osAccount.getLoginName().orElse(null)) && !loginName.equalsIgnoreCase(osAccount.getLoginName().orElse(""))) {
- throw new TskCoreException(String.format("Account (%d) already has a login name (%s), login name cannot be updated.", osAccount.getId(), osAccount.getLoginName().orElse("NULL")));
- }
-
if (StringUtils.isBlank(osAccount.getAddr().orElse(null)) && !StringUtils.isBlank(address)) {
updateAccountColumn(osAccount.getId(), "addr", address, connection);
updateStatusCode = OsAccountUpdateStatus.UPDATED;
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
index 32326ed21baf4cf23831a6bf61519d889e7375bd..2c5cdb94bc269249001647d01aa8e50225684885 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
@@ -7311,7 +7311,7 @@ public FsContent addFileSystemFile(long dataSourceObjId, long fsObjId,
}
if (osAccount != null) {
- osAccountManager.newOsAccountInstance(osAccount.getId(), dataSourceObjId, OsAccountInstance.OsAccountInstanceType.LAUNCHED, connection);
+ osAccountManager.newOsAccountInstance(osAccount.getId(), dataSourceObjId, OsAccountInstance.OsAccountInstanceType.ACCESSED, connection);
}
return new org.sleuthkit.datamodel.File(this, objectId, dataSourceObjId, fsObjId,
@@ -12562,7 +12562,7 @@ public final IngestModuleInfo addIngestModule(String displayName, String factory
CaseDbConnection connection = null;
ResultSet resultSet = null;
Statement statement = null;
- String uniqueName = factoryClassName + "-" + displayName + "-" + type.toString() + "-" + version;
+ String uniqueName = factoryClassName + "-" + displayName + "-" + version;
acquireSingleUserCaseWriteLock();
try {
connection = connections.getConnection();
diff --git a/bindings/java/src/org/sleuthkit/datamodel/TaggingManager.java b/bindings/java/src/org/sleuthkit/datamodel/TaggingManager.java
index df1d09bc61ccd88ac8908efa6972d2f05446cb8a..52b8fcddf7cb4d9ff93886dfa69cc9e7d66c6528 100755
--- a/bindings/java/src/org/sleuthkit/datamodel/TaggingManager.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/TaggingManager.java
@@ -216,10 +216,10 @@ public BlackboardArtifactTagChange addArtifactTag(BlackboardArtifact artifact, T
if (artifact == null || tagName == null) {
throw new IllegalArgumentException("NULL argument passed to addArtifactTag");
}
-
+
List<BlackboardArtifactTag> removedTags = new ArrayList<>();
List<String> removedTagIds = new ArrayList<>();
- CaseDbTransaction trans = skCase.beginTransaction();
+ CaseDbTransaction trans = null;
try {
// If a TagName is part of a TagSet remove any existing tags from the
// set that are currenctly on the artifact
@@ -228,10 +228,10 @@ public BlackboardArtifactTagChange addArtifactTag(BlackboardArtifact artifact, T
// Get the list of all of the blackboardArtifactTags that use
// TagName for the given artifact.
String selectQuery = String.format("SELECT * from blackboard_artifact_tags JOIN tag_names ON tag_names.tag_name_id = blackboard_artifact_tags.tag_name_id JOIN tsk_examiners on tsk_examiners.examiner_id = blackboard_artifact_tags.examiner_id WHERE artifact_id = %d AND tag_names.tag_set_id = %d", artifact.getArtifactID(), tagSetId);
-
- try (Statement stmt = trans.getConnection().createStatement(); ResultSet resultSet = stmt.executeQuery(selectQuery)) {
+ TagName removedTag;
+ try (Statement stmt = skCase.getConnection().createStatement(); ResultSet resultSet = stmt.executeQuery(selectQuery)) {
while (resultSet.next()) {
- TagName removedTag = new TagName(
+ removedTag = new TagName(
resultSet.getLong("tag_name_id"),
resultSet.getString("display_name"),
resultSet.getString("description"),
@@ -254,19 +254,27 @@ public BlackboardArtifactTagChange addArtifactTag(BlackboardArtifact artifact, T
}
}
- if (!removedTags.isEmpty()) {
- // Remove the tags.
- String removeQuery = String.format("DELETE FROM blackboard_artifact_tags WHERE tag_id IN (%s)", String.join(",", removedTagIds));
- try (Statement stmt = trans.getConnection().createStatement()) {
- stmt.executeUpdate(removeQuery);
- }
+
+ }
+
+ Content content = skCase.getContentById(artifact.getObjectID());
+ Examiner currentExaminer = skCase.getCurrentExaminer();
+
+ trans = skCase.beginTransaction();
+ CaseDbConnection connection = trans.getConnection();
+
+ if (!removedTags.isEmpty()) {
+ // Remove the tags.
+ String removeQuery = String.format("DELETE FROM blackboard_artifact_tags WHERE tag_id IN (%s)", String.join(",", removedTagIds));
+ try (Statement stmt = connection.createStatement()) {
+ stmt.executeUpdate(removeQuery);
}
}
// Add the new Tag.
BlackboardArtifactTag artifactTag;
- try (Statement stmt = trans.getConnection().createStatement()) {
- Examiner currentExaminer = skCase.getCurrentExaminer();
+ try (Statement stmt = connection.createStatement()) {
+
String query = String.format(
"INSERT INTO blackboard_artifact_tags (artifact_id, tag_name_id, comment, examiner_id) VALUES (%d, %d, '%s', %d)",
artifact.getArtifactID(),
@@ -283,7 +291,7 @@ public BlackboardArtifactTagChange addArtifactTag(BlackboardArtifact artifact, T
try (ResultSet resultSet = stmt.getGeneratedKeys()) {
resultSet.next();
artifactTag = new BlackboardArtifactTag(resultSet.getLong(1), //last_insert_rowid()
- artifact, skCase.getContentById(artifact.getObjectID()), tagName, comment, currentExaminer.getLoginName());
+ artifact, content, tagName, comment, currentExaminer.getLoginName());
}
}
@@ -294,7 +302,9 @@ public BlackboardArtifactTagChange addArtifactTag(BlackboardArtifact artifact, T
return new BlackboardArtifactTagChange(artifactTag, removedTags);
} catch (SQLException ex) {
- trans.rollback();
+ if(trans != null) {
+ trans.rollback();
+ }
throw new TskCoreException("Error adding row to blackboard_artifact_tags table (obj_id = " + artifact.getArtifactID() + ", tag_name_id = " + tagName.getId() + ")", ex);
}
}
@@ -372,14 +382,17 @@ Optional<TskData.FileKnown> getMaxTagKnownStatus(long objectId, CaseDbTransactio
public ContentTagChange addContentTag(Content content, TagName tagName, String comment, long beginByteOffset, long endByteOffset) throws TskCoreException {
List<ContentTag> removedTags = new ArrayList<>();
List<String> removedTagIds = new ArrayList<>();
+ Examiner currentExaminer = skCase.getCurrentExaminer();
CaseDbTransaction trans = skCase.beginTransaction();
+ CaseDbConnection connection = trans.getConnection();
+
try {
long tagSetId = tagName.getTagSetId();
if (tagSetId > 0) {
String selectQuery = String.format("SELECT * from content_tags JOIN tag_names ON tag_names.tag_name_id = content_tags.tag_name_id JOIN tsk_examiners on tsk_examiners.examiner_id = content_tags.examiner_id WHERE obj_id = %d AND tag_names.tag_set_id = %d", content.getId(), tagSetId);
- try (Statement stmt = trans.getConnection().createStatement(); ResultSet resultSet = stmt.executeQuery(selectQuery)) {
+ try (Statement stmt = connection.createStatement(); ResultSet resultSet = stmt.executeQuery(selectQuery)) {
while (resultSet.next()) {
TagName removedTag = new TagName(
resultSet.getLong("tag_name_id"),
@@ -407,7 +420,7 @@ public ContentTagChange addContentTag(Content content, TagName tagName, String c
if (!removedTags.isEmpty()) {
String removeQuery = String.format("DELETE FROM content_tags WHERE tag_id IN (%s)", String.join(",", removedTagIds));
- try (Statement stmt = trans.getConnection().createStatement()) {
+ try (Statement stmt = connection.createStatement()) {
stmt.executeUpdate(removeQuery);
}
}
@@ -415,8 +428,8 @@ public ContentTagChange addContentTag(Content content, TagName tagName, String c
String queryTemplate = "INSERT INTO content_tags (obj_id, tag_name_id, comment, begin_byte_offset, end_byte_offset, examiner_id) VALUES (%d, %d, '%s', %d, %d, %d)";
ContentTag contentTag = null;
- try (Statement stmt = trans.getConnection().createStatement()) {
- Examiner currentExaminer = skCase.getCurrentExaminer();
+ try (Statement stmt = connection.createStatement()) {
+
String query = String.format(queryTemplate,
content.getId(),
tagName.getId(),
diff --git a/bindings/java/src/org/sleuthkit/datamodel/TskCaseDbBridge.java b/bindings/java/src/org/sleuthkit/datamodel/TskCaseDbBridge.java
index 5aee92b3dcbbd0c86011eda7aa2b7c42a891fbf8..5eb37f099cffd20947e10472e32e68d9726c48d9 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/TskCaseDbBridge.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/TskCaseDbBridge.java
@@ -388,7 +388,7 @@ private long addBatchedFilesToDb() {
OsAccount newAccount = accountMgr.newWindowsOsAccount(ownerUid, null, null, imageHost, OsAccountRealm.RealmScope.UNKNOWN);
Content ds = caseDb.getContentById(fileInfo.dataSourceObjId); // Data sources are cached so this will only access the database once
if (ds instanceof DataSource) {
- accountMgr.newOsAccountInstance(newAccount, (DataSource)ds, OsAccountInstance.OsAccountInstanceType.LAUNCHED);
+ accountMgr.newOsAccountInstance(newAccount, (DataSource)ds, OsAccountInstance.OsAccountInstanceType.ACCESSED);
}
ownerIdToAccountMap.put(ownerUid, newAccount);
}
@@ -425,10 +425,11 @@ private long addBatchedFilesToDb() {
}
// We've seen a case where the root folder comes in with an undefined meta type.
- // In that case, we alter the type to TSK_FS_META_TYPE_DIR so it will be cached
- // properly and will not cause errors later for being an unexpected type.
+ // We've also seen a case where it comes in as a regular file. The root folder should always be
+ // a directory so it will be cached properly and will not cause errors later for
+ // being an unexpected type.
if ((fileInfo.parentObjId == fileInfo.fsObjId)
- && (fileInfo.metaType == TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue())) {
+ && (fileInfo.metaType != TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue())) {
fileInfo.metaType = TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue();
}
diff --git a/case-uco/java/build.xml b/case-uco/java/build.xml
index 67eecd7d0ae56443246cbde9d9e60ec04172042e..d02f84bb5219e4d75e666b0448819a89ea25b0f5 100755
--- a/case-uco/java/build.xml
+++ b/case-uco/java/build.xml
@@ -1,32 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns:ivy="antlib:org.apache.ivy.ant" name="SleuthkitCaseUco" default="default" basedir="." >
+<project xmlns:ivy="antlib:org.apache.ivy.ant" name="SleuthkitCaseUco" default="default" basedir=".">
<description>Builds, tests, and runs the project SleuthkitCaseUco.</description>
<import file="nbproject/build-impl.xml"/>
<include file="../../bindings/java/build.xml" as="datamodel"/>
-
+
<!-- Hook into the compilation phase of the build process to ensure compile
time dependencies are present -->
- <target name="-pre-compile" depends="get-ivy-dependencies, copy-sleuthkit-java-bindings-jar"
- description="Resolves ivy dependencies before compilation">
- </target>
-
+ <target name="-pre-compile" depends="get-ivy-dependencies, copy-sleuthkit-java-bindings-jar" description="Resolves ivy dependencies before compilation">
+ </target>
+
<!-- Hook into the clean phase of the build process to ensure the lib
folder is being cleared. -->
<target name="-post-clean">
<delete dir="lib" />
</target>
-
+
<!-- Copy the sleuthkit jar into lib -->
<target name="copy-sleuthkit-java-bindings-jar">
<!-- VERSION here is being sourced from the build.xml in DataModel, which
is actively maintained with the current TSK version -->
- <copy file="../../bindings/java/dist/sleuthkit-${VERSION}.jar"
- tofile="lib\sleuthkit-${VERSION}.jar"/>
+ <copy file="../../bindings/java/dist/sleuthkit-${VERSION}.jar" tofile="lib\sleuthkit-${VERSION}.jar"/>
</target>
-
+
<target name="get-ivy-dependencies" description="retrieve jar dependencies using ivy" depends="datamodel.init-ivy" unless="offline">
<ivy:settings file="ivysettings.xml"/>
<ivy:resolve/>
<ivy:retrieve sync="true" pattern="lib/[artifact]-[revision](-[classifier]).[ext]"/>
</target>
+
+ <target name="test-report" description="Runs the regression tests.">
+ <junit fork="on" haltonfailure="yes" dir=".">
+ <classpath>
+ <path path="${run.test.classpath}"/>
+ </classpath>
+ <formatter type="plain" usefile="false" />
+ <test name="org.sleuthkit.caseuco.TestSuite" />
+ </junit>
+ </target>
</project>
diff --git a/case-uco/java/ivy.xml b/case-uco/java/ivy.xml
index 965825449307ec99ab8f2e7ba717e707b861fae5..9ad58745d3e89da7ae33575f4cf04b6e9e8555e3 100755
--- a/case-uco/java/ivy.xml
+++ b/case-uco/java/ivy.xml
@@ -2,6 +2,7 @@
<info organisation="org.sleuthkit" module="SleuthkitCaseUco"/>
<dependencies>
<dependency org="com.google.code.gson" name="gson" rev="2.8.5"/>
+ <dependency org="junit" name="junit" rev="4.12"/>
</dependencies>
</ivy-module>
diff --git a/case-uco/java/nbproject/project.properties b/case-uco/java/nbproject/project.properties
index 54f8132cb17d77668360f088672d856ae3a00ef9..5f2078956e461645a8d47bec5e7ed657d7adc33b 100644
--- a/case-uco/java/nbproject/project.properties
+++ b/case-uco/java/nbproject/project.properties
@@ -35,14 +35,16 @@ dist.javadoc.dir=${dist.dir}/javadoc
endorsed.classpath=
excludes=
file.reference.gson-2.8.5.jar=lib/gson-2.8.5.jar
-file.reference.sleuthkit-4.11.0.jar=lib/sleuthkit-4.11.0.jar
+file.reference.sleuthkit-4.11.0.jar=lib/sleuthkit-4.11.0.jar
+file.reference.junit-4.12.jar=lib/junit-4.12.jar
+file.reference.hamcrest-core-1.3.jar=lib/hamcrest-core-1.3.jar
includes=**
jar.archive.disabled=${jnlp.enabled}
jar.compress=false
jar.index=${jnlp.enabled}
javac.classpath=\
${file.reference.gson-2.8.5.jar}:\
-${file.reference.sleuthkit-4.11.0.jar}
+${file.reference.sleuthkit-4.11.0.jar}
# Space-separated list of extra javac options
javac.compilerargs=-Xlint
javac.deprecation=false
@@ -55,7 +57,9 @@ javac.source=1.8
javac.target=1.8
javac.test.classpath=\
${javac.classpath}:\
- ${build.classes.dir}
+ ${build.classes.dir}:\
+ ${file.reference.junit-4.12.jar}:\
+ ${file.reference.hamcrest-core-1.3.jar}
javac.test.modulepath=\
${javac.modulepath}
javac.test.processorpath=\
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Account.java b/case-uco/java/src/org/sleuthkit/caseuco/Account.java
index 974ba5d2ae3ead1123e5f80bc02953d746fe0d14..defc5924e5603c5470254a28611abf84c8c238c7 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Account.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Account.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -48,4 +48,16 @@ Account setOwner(Identity owner) {
this.owner = owner.getId();
return this;
}
+
+ String getAccountType() {
+ return accountType;
+ }
+
+ String getAccountIdentifier() {
+ return accountIdentifier;
+ }
+
+ String getOwner() {
+ return owner;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/AccountAuthentication.java b/case-uco/java/src/org/sleuthkit/caseuco/AccountAuthentication.java
index fd140ccae9d613a103d260093cc9c93edf708d4a..ba8e1450ed9cc6c8f76f99459c505e8c7c7ed308 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/AccountAuthentication.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/AccountAuthentication.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,10 @@ AccountAuthentication setPassword(String password) {
this.password = password;
return this;
}
+
+ String getPassword() {
+ return password;
+ }
+
+
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Action.java b/case-uco/java/src/org/sleuthkit/caseuco/Action.java
index 17ae1382fa43ab1fd4040b4911c3183d3e9a7025..4aa8db3e24c2fe0472bb8474b1aaf53a49448e71 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Action.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Action.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -40,4 +40,8 @@ Action setStartTime(Long startTime) {
return this;
}
+
+ String getStartTime() {
+ return startTime;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/ActionArgument.java b/case-uco/java/src/org/sleuthkit/caseuco/ActionArgument.java
index 6778375646387597870c91c43ff242cd4ef0646c..54bd565231b069287ec15c8f9e9f7a634732cb96 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/ActionArgument.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/ActionArgument.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ ActionArgument setArgumentName(String argumentName) {
this.argumentName = argumentName;
return this;
}
+
+ String getArgumentName() {
+ return argumentName;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Annotation.java b/case-uco/java/src/org/sleuthkit/caseuco/Annotation.java
index ef5e3bbfaa422901205b4ab8f56d8de746d97cb3..f5033209ffb3f74aeae33659df99b4311c63be91 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Annotation.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Annotation.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -48,4 +48,12 @@ Annotation addObject(String object) {
this.object.add(object);
return this;
}
+
+ List<String> getTags() {
+ return tags;
+ }
+
+ List<String> getObject() {
+ return object;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Application.java b/case-uco/java/src/org/sleuthkit/caseuco/Application.java
index 1443ff9e09d0dd635a649fb6d305d54b6c70332d..5f26c00da139f62a3a442725a583c2ff3d180aaf 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Application.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Application.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -55,4 +55,20 @@ Application setVersion(String version) {
this.version = version;
return this;
}
+
+ String getApplicationIdentifier() {
+ return applicationIdentifier;
+ }
+
+ String getOperatingSystem() {
+ return operatingSystem;
+ }
+
+ Integer getNumberOfLaunches() {
+ return numberOfLaunches;
+ }
+
+ String getVersion() {
+ return version;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/ApplicationAccount.java b/case-uco/java/src/org/sleuthkit/caseuco/ApplicationAccount.java
index 1d63641b4c3ecc82be0bb30973d5dc8f938a11e1..279771e777a1a6e5b6ccf21f7c7363c38c62631d 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/ApplicationAccount.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/ApplicationAccount.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ ApplicationAccount setApplication(CyberItem application) {
this.application = application.getId();
return this;
}
+
+ String getApplication() {
+ return application;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Assertion.java b/case-uco/java/src/org/sleuthkit/caseuco/Assertion.java
index d214f76c8eb9954e90aee5950b6ed26a4138a313..ef8d20c379ca71adb9b32940702d6914f67c2918 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Assertion.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Assertion.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ Assertion setStatement(String statement) {
this.statement = statement;
return this;
}
+
+ String getStatement() {
+ return statement;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Attachment.java b/case-uco/java/src/org/sleuthkit/caseuco/Attachment.java
index e6edd3c6d849686aecbd8520216e12f59cb9e253..6b6ec4d8f3d7db1b680af193d02c8c2aa96aba57 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Attachment.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Attachment.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ Attachment setUrl(String url) {
this.url = url;
return this;
}
+
+ String getUrl() {
+ return url;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/BrowserBookmark.java b/case-uco/java/src/org/sleuthkit/caseuco/BrowserBookmark.java
index 8e72ff5c27a7b791048507b1784ce5b6c1548598..7c524404a6b7c32b34b947306d3f243b0dc9cd75 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/BrowserBookmark.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/BrowserBookmark.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -41,4 +41,12 @@ BrowserBookmark setApplication(CyberItem application) {
this.application = application.getId();
return this;
}
+
+ String getUrlTargeted() {
+ return urlTargeted;
+ }
+
+ String getApplication() {
+ return application;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/BrowserCookie.java b/case-uco/java/src/org/sleuthkit/caseuco/BrowserCookie.java
index 6fe32dc384de446506bac94f59d26e9e099b3fb8..4724609a33062e479bbac2aa6ea962f9ff4c2830 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/BrowserCookie.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/BrowserCookie.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -76,4 +76,28 @@ BrowserCookie setCookiePath(String cookiePath) {
this.cookiePath = cookiePath;
return this;
}
+
+ String getCookieName() {
+ return cookieName;
+ }
+
+ String getAccessedTime() {
+ return accessedTime;
+ }
+
+ String getExpirationTime() {
+ return expirationTime;
+ }
+
+ String getCookieDomain() {
+ return cookieDomain;
+ }
+
+ String getApplication() {
+ return application;
+ }
+
+ String getCookiePath() {
+ return cookiePath;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/CalendarEntry.java b/case-uco/java/src/org/sleuthkit/caseuco/CalendarEntry.java
index 62561dfd6ec98b990cb17281c0a9d0b8a7c93041..8a776b9787e959ff505a6ee80a24d57ab494f260 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/CalendarEntry.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/CalendarEntry.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -62,4 +62,20 @@ CalendarEntry setStartTime(Long startTime) {
}
return this;
}
+
+ String getEventType() {
+ return eventType;
+ }
+
+ String getStartTime() {
+ return startTime;
+ }
+
+ String getEndTime() {
+ return endTime;
+ }
+
+ String getLocation() {
+ return location;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/ComputerSpecification.java b/case-uco/java/src/org/sleuthkit/caseuco/ComputerSpecification.java
index 06e257896ee4c4e916db7b78650025522b0c8aa6..d6ba6bc3dcddbc3594f5fc3c07f54991e2600952 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/ComputerSpecification.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/ComputerSpecification.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -44,4 +44,12 @@ ComputerSpecification setProcessorArchitecture(String processorArchitecture) {
this.processorArchitecture = processorArchitecture;
return this;
}
+
+ String getHostName() {
+ return hostName;
+ }
+
+ String getProcessorArchitecture() {
+ return processorArchitecture;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Contact.java b/case-uco/java/src/org/sleuthkit/caseuco/Contact.java
index f1b180b8fb059283a85c8d920902ed594d0164ca..b52880f3eca9e23bbd78424d7043b7a2d4efb210 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Contact.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Contact.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ Contact setContactName(String contactName) {
this.contactName = contactName;
return this;
}
+
+ String getContactName() {
+ return contactName;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/ContentData.java b/case-uco/java/src/org/sleuthkit/caseuco/ContentData.java
index cf317eed75955477af7e57d0cca4ea2ee0a33169..d2d1adb456640dc93844cf1245315be6e1173e80 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/ContentData.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/ContentData.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -79,4 +79,28 @@ ContentData setDataPayloadReferenceUrl(UcoObject url) {
this.dataPayloadReferenceUrl = url.getId();
return this;
}
+
+ Long getSizeInBytes() {
+ return sizeInBytes;
+ }
+
+ String getMimeType() {
+ return mimeType;
+ }
+
+ List<Hash> getHashes() {
+ return hashes;
+ }
+
+ String getDataPayload() {
+ return dataPayload;
+ }
+
+ String getOwner() {
+ return owner;
+ }
+
+ String getDataPayloadReferenceUrl() {
+ return dataPayloadReferenceUrl;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Device.java b/case-uco/java/src/org/sleuthkit/caseuco/Device.java
index 74c0ff84de07fa9f51d30ceb17660d2e0441aafb..7b297fb2543ad2505d1331ee98c8e90eadd2c93a 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Device.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Device.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -54,4 +54,16 @@ Device setSerialNumber(String serialNumber) {
this.serialNumber = serialNumber;
return this;
}
+
+ String getManufacturer() {
+ return manufacturer;
+ }
+
+ String getModel() {
+ return model;
+ }
+
+ String getSerialNumber() {
+ return serialNumber;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/DigitalAccount.java b/case-uco/java/src/org/sleuthkit/caseuco/DigitalAccount.java
index b277b7b7c2aa7e8f861712b61e27dd9c3ce30d78..d7e5ffb510f68d3485293b4835dcee92d9316aea 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/DigitalAccount.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/DigitalAccount.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -46,4 +46,12 @@ DigitalAccount setLastLoginTime(Long time) {
}
return this;
}
+
+ String getDisplayName() {
+ return displayName;
+ }
+
+ String getLastLoginTime() {
+ return lastLoginTime;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Domain.java b/case-uco/java/src/org/sleuthkit/caseuco/Domain.java
index bae38071a89b0d9c75f72b978a75912a2d4a6cd8..6431a5f24f842adb0b9e266e264d0d14505db858 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Domain.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Domain.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ Domain setValue(String value) {
this.value = value;
return this;
}
+
+ String getValue() {
+ return value;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/DomainName.java b/case-uco/java/src/org/sleuthkit/caseuco/DomainName.java
index 938a07913a399a1f8479474a12ad57c201ed2c6a..cdaf731920c28c73274b6699fccfbebb79bfb3e3 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/DomainName.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/DomainName.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ DomainName setValue(String value) {
this.value = value;
return this;
}
+
+ String getValue() {
+ return value;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/EmailAddress.java b/case-uco/java/src/org/sleuthkit/caseuco/EmailAddress.java
index efaa4fa5f26b0d4540bfc66d5b5aa7f96910772a..5e81f949b0868a8da5b79be8f5c8019f682586f4 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/EmailAddress.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/EmailAddress.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ EmailAddress setValue(String value) {
this.value = value;
return this;
}
+
+ String getValue() {
+ return value;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/EmailMessage.java b/case-uco/java/src/org/sleuthkit/caseuco/EmailMessage.java
index 3f6e3ecabe4c7f433568507cd1a83461b1183e44..5ace197c40e8ffd5182c6df471b384e5327d8e38 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/EmailMessage.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/EmailMessage.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -118,4 +118,52 @@ EmailMessage setInReplyTo(CyberItem replyTo) {
this.inReplyTo = replyTo.getId();
return this;
}
+
+ String getReceivedTime() {
+ return receivedTime;
+ }
+
+ String getSentTime() {
+ return sentTime;
+ }
+
+ String getBcc() {
+ return bcc;
+ }
+
+ String getCc() {
+ return cc;
+ }
+
+ String getFrom() {
+ return from;
+ }
+
+ String getHeaderRaw() {
+ return headerRaw;
+ }
+
+ String getMessageID() {
+ return messageID;
+ }
+
+ String getSubject() {
+ return subject;
+ }
+
+ String getSender() {
+ return sender;
+ }
+
+ String getInReplyTo() {
+ return inReplyTo;
+ }
+
+ String getBody() {
+ return body;
+ }
+
+ String getContentType() {
+ return contentType;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/EnvironmentVariable.java b/case-uco/java/src/org/sleuthkit/caseuco/EnvironmentVariable.java
index 833bdf731370ff4e0c90c057cf65c4f7bce815c8..1d84d414b47c408ca981fb6853dddb9a3e61c44f 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/EnvironmentVariable.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/EnvironmentVariable.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ EnvironmentVariable setValue(String value) {
this.value = value;
return this;
}
+
+ String getValue() {
+ return value;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/ExtractedString.java b/case-uco/java/src/org/sleuthkit/caseuco/ExtractedString.java
index 1c099cfce1770e0056e3e666ed2a2da48a0ddfdc..25c51c974a7c1d02eb27b0b2fec8a1dc60bb930d 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/ExtractedString.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/ExtractedString.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ ExtractedString setStringValue(String stringValue) {
this.stringValue = stringValue;
return this;
}
+
+ String getStringValue() {
+ return stringValue;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/FacetDeserializer.java b/case-uco/java/src/org/sleuthkit/caseuco/FacetDeserializer.java
new file mode 100644
index 0000000000000000000000000000000000000000..1078f1ec0af803e1e3e0e3d707b887297f33c9f6
--- /dev/null
+++ b/case-uco/java/src/org/sleuthkit/caseuco/FacetDeserializer.java
@@ -0,0 +1,58 @@
+/*
+ * Sleuth Kit CASE JSON LD Support
+ *
+ * Copyright 2020-2021 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.caseuco;
+
+import com.google.gson.JsonDeserializationContext;
+import com.google.gson.JsonDeserializer;
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParseException;
+import java.lang.reflect.Type;
+
+/**
+ * A Gson deserializer for facets that dynamically converts to POJO based on @type.
+ * The @type name must exactly match the name of the POJO.
+ */
+class FacetDeserializer implements JsonDeserializer<Facet> {
+ private static final String BASE_PACKAGE = "org.sleuthkit.caseuco";
+
+ @Override
+ public Facet deserialize(JsonElement je, Type type, JsonDeserializationContext jdc) throws JsonParseException {
+ if (!(je instanceof JsonObject)) {
+ throw new JsonParseException("Expected a json object for " + je);
+ }
+
+ JsonObject jObj = (JsonObject) je;
+ JsonElement jsonId = jObj.get("@type");
+ if (jsonId == null) {
+ throw new JsonParseException("Expected non-null @type value");
+ }
+
+ String id = jsonId.getAsString();
+ String className = BASE_PACKAGE + "." + id;
+ Class<?> deserializationClass;
+ try {
+ deserializationClass = Class.forName(className);
+ } catch (ClassNotFoundException ex) {
+ throw new JsonParseException("Expected class to exist: " + className, ex);
+ }
+
+ return jdc.deserialize(jObj, deserializationClass);
+ }
+}
\ No newline at end of file
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/File.java b/case-uco/java/src/org/sleuthkit/caseuco/File.java
index e692fd8b7c4e4f32c6835224c51abe074d35205d..369d057ddcc54ad7d0e8f11ec3539d333c740249 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/File.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/File.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -74,4 +74,28 @@ File setSizeInBytes(long sizeInBytes) {
this.sizeInBytes = sizeInBytes;
return this;
}
+
+ String getAccessedTime() {
+ return accessedTime;
+ }
+
+ String getExtension() {
+ return extension;
+ }
+
+ String getFileName() {
+ return fileName;
+ }
+
+ String getFilePath() {
+ return filePath;
+ }
+
+ Boolean getIsDirectory() {
+ return isDirectory;
+ }
+
+ Long getSizeInBytes() {
+ return sizeInBytes;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/FileSystem.java b/case-uco/java/src/org/sleuthkit/caseuco/FileSystem.java
index 72112fac7a721915527802d246f4a59bc55d3f44..33974036b48d2808270db79b756a064ef11538fd 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/FileSystem.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/FileSystem.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -50,7 +50,7 @@ FileSystem setCluserSize(long cluserSize) {
}
//Adapter for TSK_FS_TYPE enum
- private enum FileSystemType {
+ static enum FileSystemType {
BDE(null),
CPIO(null),
EXT4(TSK_FS_TYPE_EXT4),
@@ -69,7 +69,7 @@ private FileSystemType(TSK_FS_TYPE_ENUM tskType) {
this.tskType = tskType;
}
- private static FileSystemType from(TSK_FS_TYPE_ENUM typeToConvert) {
+ static FileSystemType from(TSK_FS_TYPE_ENUM typeToConvert) {
for (FileSystemType type : FileSystemType.values()) {
if (type.tskType == typeToConvert) {
return type;
@@ -78,5 +78,17 @@ private static FileSystemType from(TSK_FS_TYPE_ENUM typeToConvert) {
return null;
}
+
+ TskData.TSK_FS_TYPE_ENUM getTskType() {
+ return tskType;
+ }
+ }
+
+ FileSystemType getFileSystemType() {
+ return fileSystemType;
+ }
+
+ Long getCluserSize() {
+ return cluserSize;
}
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/HTTPConnection.java b/case-uco/java/src/org/sleuthkit/caseuco/HTTPConnection.java
index 9a90aaa4a78f1e331d09bfefe29cb79ca06f02ff..463b3a83fad462360618b3c384b2c33bf1f715df 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/HTTPConnection.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/HTTPConnection.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ HTTPConnection setHttpRequestHeader(String httpRequestHeader) {
this.httpRequestHeader = httpRequestHeader;
return this;
}
+
+ String getHttpRequestHeader() {
+ return httpRequestHeader;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Hash.java b/case-uco/java/src/org/sleuthkit/caseuco/Hash.java
index 2aa257d15949b07a884f2d9545399e24c705e0c3..cf8be151e9c2d8f6cb680741b4c88df618d3d457 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Hash.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Hash.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -48,4 +48,12 @@ Hash setHashMethod(HashMethod method) {
enum HashMethod {
MD5;
}
+
+ HashMethod getHashMethod() {
+ return hashMethod;
+ }
+
+ String getHashValue() {
+ return hashValue;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/LatLongCoordinates.java b/case-uco/java/src/org/sleuthkit/caseuco/LatLongCoordinates.java
index f040c34ff4f415ddec8b795f863966cfa93be28b..ece1517266263206b5b7438a17911a43dc55bc71 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/LatLongCoordinates.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/LatLongCoordinates.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -48,4 +48,16 @@ LatLongCoordinates setLongitude(Double longitude) {
this.longitude = longitude;
return this;
}
+
+ Double getAltitude() {
+ return altitude;
+ }
+
+ Double getLatitude() {
+ return latitude;
+ }
+
+ Double getLongitude() {
+ return longitude;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/MACAddress.java b/case-uco/java/src/org/sleuthkit/caseuco/MACAddress.java
index c003d5a4b73b668b6afce4a5b4523553a004d31a..761db5cdbf6902aba6fc84decd842cd8b93c506b 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/MACAddress.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/MACAddress.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ MACAddress setValue(String value) {
this.value = value;
return this;
}
+
+ String getValue() {
+ return value;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Message.java b/case-uco/java/src/org/sleuthkit/caseuco/Message.java
index fb61b9bea59901b4c8e2f758134fa5617f4fde0f..fffd31bd4841f98a56886ba8cba799f1a8d3b537 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Message.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Message.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -66,4 +66,20 @@ Message setId(String id) {
super.setId("_:" + id);
return this;
}
+
+ String getMessageText() {
+ return messageText;
+ }
+
+ String getApplication() {
+ return application;
+ }
+
+ String getSentTime() {
+ return sentTime;
+ }
+
+ String getMessageType() {
+ return messageType;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/MobileDevice.java b/case-uco/java/src/org/sleuthkit/caseuco/MobileDevice.java
index c7126499c7e65483ead10fde68f026d741ed6069..8760aed4c958363d33b9499db5b0d23ef37496ff 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/MobileDevice.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/MobileDevice.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -41,4 +41,12 @@ MobileDevice setIMEI(String IMEI) {
this.IMEI = IMEI;
return this;
}
+
+ String getBluetoothDeviceName() {
+ return bluetoothDeviceName;
+ }
+
+ String getIMEI() {
+ return IMEI;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Note.java b/case-uco/java/src/org/sleuthkit/caseuco/Note.java
index e71b73950312f07df5d59cef495320e80fdbe494..019b3fade16e2d6c897ad628021f49b4c6b60f41 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Note.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Note.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -35,4 +35,7 @@ Note setText(String text) {
return this;
}
+ String getText() {
+ return text;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/OperatingSystem.java b/case-uco/java/src/org/sleuthkit/caseuco/OperatingSystem.java
index 1492938d880888a5f0e5b08e2d50730f2e186843..781d4395a3f177084c9b1b24008ec6a15b012b0a 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/OperatingSystem.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/OperatingSystem.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -46,4 +46,12 @@ OperatingSystem setVersion(String version) {
this.version = version;
return this;
}
+
+ String getInstallDate() {
+ return installDate;
+ }
+
+ String getVersion() {
+ return version;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/PathRelation.java b/case-uco/java/src/org/sleuthkit/caseuco/PathRelation.java
index af9aeeba8c5851a5fba3d1a70831c62448b0ab25..631176bf86f5adc7cc13a9fa89363a765685235f 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/PathRelation.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/PathRelation.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ PathRelation setPath(String path) {
this.path = path;
return this;
}
+
+ String getPath() {
+ return path;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/PhoneAccount.java b/case-uco/java/src/org/sleuthkit/caseuco/PhoneAccount.java
index 04b722b2421727b96beed607b72cc23f97540670..b55b544410a87730db8371d50280b8dc0bf7ddd9 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/PhoneAccount.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/PhoneAccount.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ PhoneAccount setPhoneNumber(String phoneNumber) {
this.phoneNumber = phoneNumber;
return this;
}
+
+ String getPhoneNumber() {
+ return phoneNumber;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/PhoneCall.java b/case-uco/java/src/org/sleuthkit/caseuco/PhoneCall.java
index 7eb6b9756c54e10c67ba5466a1a7329729c0402c..fdb271fef780dadddc42bd21ee414ea3d2c3f91c 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/PhoneCall.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/PhoneCall.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -69,4 +69,24 @@ PhoneCall setCallType(String callType) {
this.callType = callType;
return this;
}
+
+ String getTo() {
+ return to;
+ }
+
+ String getFrom() {
+ return from;
+ }
+
+ String getStartTime() {
+ return startTime;
+ }
+
+ String getEndTime() {
+ return endTime;
+ }
+
+ String getCallType() {
+ return callType;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Relationship.java b/case-uco/java/src/org/sleuthkit/caseuco/Relationship.java
index 27d4563fbb8c4a28a132aec826c90d3b0d8af631..275e76039d6d1ed25ff54465e071950e0635bff4 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Relationship.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Relationship.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -55,4 +55,20 @@ Relationship isDirectional(boolean isDirectional) {
this.isDirectional = isDirectional;
return this;
}
+
+ String getSource() {
+ return source;
+ }
+
+ String getTarget() {
+ return target;
+ }
+
+ String getKindOfRelationship() {
+ return kindOfRelationship;
+ }
+
+ Boolean getIsDirectional() {
+ return isDirectional;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/SIMCard.java b/case-uco/java/src/org/sleuthkit/caseuco/SIMCard.java
index e1dad6c46920cdf0ee6e0d33953e8bd125fae4c7..0020d65544f0055e11f5eb40a9adfc9276bbb59c 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/SIMCard.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/SIMCard.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -41,4 +41,12 @@ SIMCard setICCID(String ICCID) {
this.ICCID = ICCID;
return this;
}
+
+ String getIMSI() {
+ return IMSI;
+ }
+
+ String getICCID() {
+ return ICCID;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/SMSMessage.java b/case-uco/java/src/org/sleuthkit/caseuco/SMSMessage.java
index c2012bd8c6b485d4be83e59da8bb3309252a16a2..7a842b8e7f1d0f154b5f9f0fa41ff9a40c897b02 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/SMSMessage.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/SMSMessage.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -36,4 +36,8 @@ SMSMessage setIsRead(Integer status) {
}
return this;
}
+
+ Boolean getIsRead() {
+ return isRead;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Trace.java b/case-uco/java/src/org/sleuthkit/caseuco/Trace.java
index 5393ec3663ec30a0a5104e8126008771dc9f7519..a400a4fb2916826856b647fea5d76fa4069ae371 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Trace.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Trace.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -37,4 +37,8 @@ final Trace addBundle(Facet bundle) {
hasPropertyBundle.add(bundle);
return this;
}
+
+ List<Facet> getHasPropertyBundle() {
+ return hasPropertyBundle;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/URL.java b/case-uco/java/src/org/sleuthkit/caseuco/URL.java
index b0f6213e952549cc001f1367f5d1258a347f1678..43ac205408bd9017b08688cb648ed793d3114bdd 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/URL.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/URL.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -41,4 +41,12 @@ URL setUserName(CyberItem userName) {
this.userName = userName.getId();
return this;
}
+
+ String getFullValue() {
+ return fullValue;
+ }
+
+ String getUserName() {
+ return userName;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/UcoObject.java b/case-uco/java/src/org/sleuthkit/caseuco/UcoObject.java
index 14c49bee68092898c292d5a6479278fdda9ea6a6..ad218ba7ce98b4443ced4279b9ad61df327f42f2 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/UcoObject.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/UcoObject.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -85,4 +85,28 @@ UcoObject setTag(String tag) {
this.tag = tag;
return this;
}
+
+ String getType() {
+ return type;
+ }
+
+ String getCreatedTime() {
+ return createdTime;
+ }
+
+ String getModifiedTime() {
+ return modifiedTime;
+ }
+
+ String getDescription() {
+ return description;
+ }
+
+ String getName() {
+ return name;
+ }
+
+ String getTag() {
+ return tag;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/Volume.java b/case-uco/java/src/org/sleuthkit/caseuco/Volume.java
index 7f6bc4850f80de42653e629dac4faf8e50414f7f..1073d4abbd8677477e937848fc17ac1e8114c6c6 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/Volume.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/Volume.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -36,4 +36,12 @@ Volume setSectorSize(long sectorSize) {
this.sectorSize = sectorSize;
return this;
}
+
+ String getVolumeType() {
+ return volumeType;
+ }
+
+ Long getSectorSize() {
+ return sectorSize;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/WindowsAccount.java b/case-uco/java/src/org/sleuthkit/caseuco/WindowsAccount.java
index f51d26a1d64323397f67e8e6013e52587884abae..fb3a2ba95371bfc3102076b6d32ec825b0ba383b 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/WindowsAccount.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/WindowsAccount.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ WindowsAccount setGroups(String groups) {
this.groups = groups;
return this;
}
+
+ String getGroups() {
+ return groups;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/WindowsComputerSpecification.java b/case-uco/java/src/org/sleuthkit/caseuco/WindowsComputerSpecification.java
index db6365622745b89a86e7eab006e29e9e389ef644..49a544715a9797361911ffaa0fa39ed17cce91ef 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/WindowsComputerSpecification.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/WindowsComputerSpecification.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -48,4 +48,16 @@ WindowsComputerSpecification setWindowsTempDirectory(CyberItem windowsTempDirect
this.windowsTempDirectory = windowsTempDirectory.getId();
return this;
}
+
+ String getRegisteredOrganization() {
+ return registeredOrganization;
+ }
+
+ String getRegisteredOwner() {
+ return registeredOwner;
+ }
+
+ String getWindowsTempDirectory() {
+ return windowsTempDirectory;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/WindowsRegistryValue.java b/case-uco/java/src/org/sleuthkit/caseuco/WindowsRegistryValue.java
index 76b3c31f4b065fc2a6977f593c448f25caeb3cf9..7dd93ff4ed714aa371ae1de1e061071a4ab867ff 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/WindowsRegistryValue.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/WindowsRegistryValue.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ WindowsRegistryValue setData(String data) {
this.data = data;
return this;
}
+
+ String getData() {
+ return data;
+ }
}
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/WirelessNetworkConnection.java b/case-uco/java/src/org/sleuthkit/caseuco/WirelessNetworkConnection.java
index 0d7f51867313f335bfede01d624fcb1d9f093303..d085dd01a8f0468374d9a6765b9500f44ba212d7 100755
--- a/case-uco/java/src/org/sleuthkit/caseuco/WirelessNetworkConnection.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/WirelessNetworkConnection.java
@@ -1,7 +1,7 @@
/*
* Sleuth Kit CASE JSON LD Support
*
- * Copyright 2020 Basis Technology Corp.
+ * Copyright 2020-2021 Basis Technology Corp.
* Contact: carrier <at> sleuthkit <dot> org
*
* Licensed under the Apache License, Version 2.0 (the "License");
@@ -34,4 +34,8 @@ WirelessNetworkConnection setSSID(String ssid) {
this.ssid = ssid;
return this;
}
+
+ String getSsid() {
+ return ssid;
+ }
}
diff --git a/case-uco/java/test/org/sleuthkit/caseuco/FacetDeserializerTests.java b/case-uco/java/test/org/sleuthkit/caseuco/FacetDeserializerTests.java
new file mode 100644
index 0000000000000000000000000000000000000000..91eb8dd55c356613cd6817d23164e281b4942709
--- /dev/null
+++ b/case-uco/java/test/org/sleuthkit/caseuco/FacetDeserializerTests.java
@@ -0,0 +1,192 @@
+/*
+ * Sleuth Kit CASE JSON LD Support
+ *
+ * Copyright 2021 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.caseuco;
+
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonParseException;
+import com.google.gson.reflect.TypeToken;
+import java.lang.reflect.Type;
+import java.time.OffsetDateTime;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.junit.Assert;
+
+import org.junit.Test;
+import org.sleuthkit.datamodel.TskData;
+
+/**
+ * Tests for deserializing facets.
+ */
+public class FacetDeserializerTests {
+
+ private static final Logger logger = Logger.getLogger(FacetDeserializerTests.class.getName());
+
+ /**
+ * Parses facets json string into a list of facets.
+ * @param facetsListJson The json string.
+ * @return The list of facets.
+ * @throws JsonParseException
+ */
+ private static List<Facet> parseFacets(String facetsListJson) throws JsonParseException {
+ GsonBuilder gb = new GsonBuilder();
+ gb.registerTypeAdapter(Facet.class, new FacetDeserializer());
+ Gson gson = gb.create();
+ Type traceList = new TypeToken<ArrayList<Facet>>() {
+ }.getType();
+ return gson.fromJson(facetsListJson, traceList);
+ }
+
+ @Test
+ public void testExpectFacetJsonObject() {
+ try {
+ parseFacets("[\"test1\", 1, 2]");
+ Assert.fail("Expected exception when parsing facets that are not objects");
+ } catch (JsonParseException ex) {
+ Assert.assertNotNull(ex.getMessage());
+ logger.log(Level.INFO, "Received exception of: " + ex.getMessage());
+ }
+ }
+
+ @Test
+ public void testExpectFacetType() {
+ try {
+ parseFacets("[{\"@type\": \"NonsenseType\", \"@id\": \"ItemId\" }]");
+ Assert.fail("Expected exception when parsing facets that are not objects");
+ } catch (JsonParseException ex) {
+ Assert.assertNotNull(ex.getMessage());
+ logger.log(Level.INFO, "Received exception of: " + ex.getMessage());
+ }
+ }
+
+ @Test
+ public void testFacetDeserialization() throws JsonParseException {
+ long clusterSize = 512;
+ long createdTime = 946684800;
+ long modifiedTime = 946684801;
+ String description = "A file system";
+ String id = "The id";
+ String name = "The name";
+ String tag = "The tag";
+ TskData.TSK_FS_TYPE_ENUM fsType = TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT4;
+
+ UcoObject fileSystem = new FileSystem()
+ .setCluserSize(clusterSize)
+ .setFileSystemType(fsType)
+ .setCreatedTime(createdTime)
+ .setDescription(description)
+ .setId(id)
+ .setModifiedTime(modifiedTime)
+ .setName(name)
+ .setTag(tag);
+
+ String gsonStr = new Gson().toJson(Arrays.asList(fileSystem));
+ logger.log(Level.INFO, "Json string of: " + gsonStr);
+
+ List<Facet> facets = parseFacets(gsonStr);
+ Assert.assertEquals(1, facets.size());
+ Assert.assertTrue(facets.get(0) instanceof FileSystem);
+
+ FileSystem deserialized = (FileSystem) facets.get(0);
+ Assert.assertEquals((Long) clusterSize, deserialized.getCluserSize());
+ Assert.assertEquals(createdTime, OffsetDateTime.parse(deserialized.getCreatedTime()).toEpochSecond());
+ Assert.assertEquals(modifiedTime, OffsetDateTime.parse(deserialized.getModifiedTime()).toEpochSecond());
+
+ Assert.assertEquals(description, deserialized.getDescription());
+ Assert.assertEquals(id, deserialized.getId());
+ Assert.assertEquals(name, deserialized.getName());
+ Assert.assertEquals(tag, deserialized.getTag());
+
+ Assert.assertEquals(deserialized.getFileSystemType().getTskType(), fsType);
+ }
+
+ @Test
+ public void testTraceDeserialization() throws JsonParseException {
+ long clusterSize = 4096;
+ long createdTime = 946684802;
+ long modifiedTime = 946684803;
+ String description = "A file system 2";
+ String id = "The id 2";
+ String name = "The name 2";
+ String tag = "The tag 2";
+ TskData.TSK_FS_TYPE_ENUM fsType = TskData.TSK_FS_TYPE_ENUM.TSK_FS_TYPE_EXT4;
+
+ FileSystem fileSystem = (FileSystem) new FileSystem()
+ .setCluserSize(clusterSize)
+ .setFileSystemType(fsType)
+ .setCreatedTime(createdTime)
+ .setDescription(description)
+ .setId(id)
+ .setModifiedTime(modifiedTime)
+ .setName(name)
+ .setTag(tag);
+
+ String traceUuid = "uuid";
+ long traceCreateTime = 946684802;
+ long traceModifiedTime = 946684803;
+ String traceDescription = "A file system 2";
+ String traceId = "The id 2";
+ String traceName = "The name 2";
+ String traceTag = "The tag 2";
+ UcoObject trace = new Trace(traceUuid)
+ .addBundle(fileSystem)
+ .setCreatedTime(traceCreateTime)
+ .setDescription(traceDescription)
+ .setId(traceId)
+ .setModifiedTime(traceModifiedTime)
+ .setName(traceName)
+ .setTag(traceTag);
+
+ String gsonStr = new Gson().toJson(trace);
+ logger.log(Level.INFO, "Json string of: " + gsonStr);
+
+ Trace deserializedTrace = new GsonBuilder()
+ .registerTypeAdapter(Facet.class, new FacetDeserializer())
+ .create()
+ .fromJson(gsonStr, Trace.class);
+
+ Assert.assertEquals(traceCreateTime, OffsetDateTime.parse(deserializedTrace.getCreatedTime()).toEpochSecond());
+ Assert.assertEquals(traceModifiedTime, OffsetDateTime.parse(deserializedTrace.getModifiedTime()).toEpochSecond());
+
+ Assert.assertEquals(traceDescription, deserializedTrace.getDescription());
+ Assert.assertEquals(traceId, deserializedTrace.getId());
+ Assert.assertEquals(traceName, deserializedTrace.getName());
+ Assert.assertEquals(traceTag, deserializedTrace.getTag());
+
+ List<Facet> facets = deserializedTrace.getHasPropertyBundle();
+
+ Assert.assertEquals(1, facets.size());
+ Assert.assertTrue(facets.get(0) instanceof FileSystem);
+
+ FileSystem deserialized = (FileSystem) facets.get(0);
+ Assert.assertEquals((Long) clusterSize, deserialized.getCluserSize());
+ Assert.assertEquals(createdTime, OffsetDateTime.parse(deserialized.getCreatedTime()).toEpochSecond());
+ Assert.assertEquals(modifiedTime, OffsetDateTime.parse(deserialized.getModifiedTime()).toEpochSecond());
+
+ Assert.assertEquals(description, deserialized.getDescription());
+ Assert.assertEquals(id, deserialized.getId());
+ Assert.assertEquals(name, deserialized.getName());
+ Assert.assertEquals(tag, deserialized.getTag());
+
+ Assert.assertEquals(deserialized.getFileSystemType().getTskType(), fsType);
+ }
+}
diff --git a/case-uco/java/test/org/sleuthkit/caseuco/TestSuite.java b/case-uco/java/test/org/sleuthkit/caseuco/TestSuite.java
new file mode 100644
index 0000000000000000000000000000000000000000..1f18b6d184e6e11dfda1912e1b3081d105dbea15
--- /dev/null
+++ b/case-uco/java/test/org/sleuthkit/caseuco/TestSuite.java
@@ -0,0 +1,33 @@
+/*
+ * Sleuth Kit CASE JSON LD Support
+ *
+ * Copyright 2021 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.caseuco;
+
+import org.junit.runner.RunWith;
+import org.junit.runners.Suite;
+
+/**
+ * Runs all case uco unit tests.
+ */
+@RunWith(Suite.class)
+@Suite.SuiteClasses({
+ FacetDeserializerTests.class
+})
+public class TestSuite {
+
+}
diff --git a/configure.ac b/configure.ac
index 093a9a26fce98e54947f02826e58efdee36c7bc4..24fe97e2c21f87ac41748424e45e57459e8941df 100644
--- a/configure.ac
+++ b/configure.ac
@@ -35,6 +35,8 @@ AC_PROG_LN_S
AC_PROG_MAKE_SET
AC_PATH_PROG(PERL, perl)
+TSK_CHECK_PROG_PKGCONFIG
+
dnl Checks for header files.
AC_HEADER_STDC
dnl AC_HEADER_MAJOR
@@ -124,92 +126,88 @@ AC_CHECK_HEADERS(string, , , AC_MSG_ERROR([missing STL string class header]))
AC_CHECK_HEADERS(vector, , , AC_MSG_ERROR([missing STL vector class header]))
dnl Check for sqlite and its dependencies
-AC_CHECK_HEADERS([sqlite3.h],
- [AC_CHECK_LIB(dl, dlopen)
- AC_CHECK_LIB(sqlite3, sqlite3_open)])
-dnl Compile the bundled sqlite if there is no system one installed
-AC_MSG_CHECKING(which sqlite3 to use)
-AS_IF([test "x$ac_cv_lib_sqlite3_sqlite3_open" = "xyes"],
- [AC_MSG_RESULT([system])],
- [AC_MSG_RESULT([bundled])])
-AM_CONDITIONAL([HAVE_LIBSQLITE3],
- [test "x$ac_cv_lib_sqlite3_sqlite3_open" = "xyes"])
-
-# Check if we should link afflib.
-AC_ARG_WITH([afflib],
- [AS_HELP_STRING([--without-afflib],[Do not use AFFLIB even if it is installed])]
- [AS_HELP_STRING([--with-afflib=dir],[Specify that AFFLIB is installed in directory 'dir'])],
- dnl If --with-afflib or --without-afflib is given
- [],
- dnl If --with-afflib or --without-afflib is given
- [with_afflib=yes])
-
-dnl check for the lib if they did not specify no
-AS_IF([test "x$with_afflib" != "xno"],
- dnl Test the dir if they specified something beyond yes/no
- [AS_IF([test "x$with_afflib" != "xyes"],
- [AS_IF([test -d ${with_afflib}/include],
- [CPPFLAGS="$CPPFLAGS -I${with_afflib}/include"
- LDFLAGS="$LDFLAGS -L${with_afflib}/lib"],
- dnl Dir given was not correct
- [AC_MSG_FAILURE([AFFLIB directory not found at ${with_afflib}])])
- ]
- )]
- dnl Check for the header file first to make sure they have the dev install
- [AC_CHECK_HEADERS([afflib/afflib.h],
- [AC_CHECK_LIB([afflib], [af_open])]
- )]
-)
-AS_IF([test "x$ac_cv_lib_afflib_af_open" = "xyes"], [ax_afflib=yes], [ax_afflib=no])
-
-
-dnl Check if we should link zlib
-AC_ARG_WITH([zlib],
- [AS_HELP_STRING([--without-zlib],[Do not use ZLIB even if it is installed])]
- [AS_HELP_STRING([--with-zlib=dir],[Specify that ZLIB is installed in directory 'dir'])],
- dnl If --with-zlib or --without-zlib is given
- [],
- dnl if nothing was specified, default to a test
- [with_zlib=yes])
-
-dnl check for the lib if they did not specify no
-AS_IF(
- [test "x$with_zlib" != "xno"],
- [AC_MSG_NOTICE([checking for zlib])]
- dnl Test the dir if they specified something beyond yes/no
- [AS_IF([test "x$with_zlib" != "xyes"],
- [AC_MSG_NOTICE([LOOKING for zlib in ${with_zlib}])]
- [AS_IF([test -d ${with_zlib}],
- [CPPFLAGS="$CPPFLAGS -I${with_zlib}/include"
- LDFLAGS="$LDFLAGS -L${with_zlib}/lib"],
- dnl Dir given was not correct
- [AC_MSG_FAILURE([ZLIB directory not found at ${with_zlib}])]
- )]
- )]
- dnl Check for the header file first to make sure they have the dev install
- [AC_CHECK_HEADERS([zlib.h],
- [AC_CHECK_LIB([z], [inflate],
- [],
- [AC_MSG_WARN([Found zlib headers, but could not link to zlib library. Will build without zlib.])]
- [with_zlib=no]
- )],
- [AC_MSG_WARN([Could not find usable zlib headers. Will build without zlib.])]
- [with_zlib=no]
- )],
- [AC_MSG_NOTICE([NOT checking for zlib because with_zlib is no])]
+AS_IF([test "x$ac_cv_prog_PKGCONFIG" = "xyes"],
+ [
+ SAVED_AX_PACKAGE_REQUIRES_PRIVATE="$AX_PACKAGE_REQUIRES_PRIVATE"
+ TSK_PKG_CHECK_MODULES([SQLITE3], [], [sqlite3],
+ [
+ CFLAGS="$CFLAGS $SQLITE3_CFLAGS"
+ CXXFLAGS="$CXXFLAGS $SQLITE3_CFLAGS"
+ LIBS="$LIBS $SQLITE3_LIBS"
+ ],
+ [
+ AX_PACKAGE_REQUIRES_PRIVATE="$SAVED_AX_PACKAGE_REQUIRES_PRIVATE"
+ ax_sqlite3=no
+ ]
+ )]
)
-AS_IF([test "x$ac_cv_lib_z_inflate" = "xyes"], [ax_zlib=yes], [ax_zlib=no])
-
-AM_CONDITIONAL([X_ZLIB],[test "x$with_zlib" != "xno" && test "x$with_zlib" != "xyes"])
-AS_IF([test "x$with_zlib" != "xno"],
- [Z_PATH="${with_zlib}/lib"],
- [AC_MSG_NOTICE([failed to make Z_PATH])]
-)
-AC_SUBST(Z_PATH, $Z_PATH)
dnl needed for sqllite
AC_CHECK_LIB(dl, dlopen)
+AC_CHECK_HEADERS([sqlite3.h], [AC_CHECK_LIB([sqlite3], [sqlite3_open])])
+AS_IF([test "x$ac_cv_lib_sqlite3_sqlite3_open" = "xyes"], [ax_sqlite3=yes])
+
+dnl Compile the bundled sqlite if there is no system one installed
+AC_MSG_CHECKING(which sqlite3 to use)
+AS_IF([test "x$ax_sqlite3" = "xyes"],
+ [AC_MSG_RESULT([system])
+ PACKAGE_LIBS_PRIVATE="$PACKAGE_LIBS_PRIVATE -lsqlite3"],
+ [AC_MSG_RESULT([bundled])])
+AM_CONDITIONAL([HAVE_LIBSQLITE3], [test "x$ax_sqlite3" = "xyes"])
+
+dnl Check if we should link with afflib
+TSK_OPT_DEP_CHECK([afflib], [], [], [afflib/afflib.h], [afflib], [af_open])
+dnl Check if we should link with zlib
+TSK_OPT_DEP_CHECK([zlib], [ZLIB], [zlib], [zlib.h], [z], [inflate])
+dnl Check if we should link with libewf
+TSK_OPT_DEP_CHECK([libewf], [EWF], [libewf], [libewf.h], [ewf], [libewf_get_version])
+dnl Check if we should link with libvhdi
+TSK_OPT_DEP_CHECK([libvhdi], [VHDI], [libvhdi], [libvhdi.h], [vhdi], [libvhdi_get_version])
+dnl Check if we should link with libvmdk
+TSK_OPT_DEP_CHECK([libvmdk], [VMDK], [libvmdk], [libvmdk.h], [vmdk], [libvmdk_get_version])
+
+dnl check for cppunit
+AC_ARG_ENABLE([cppunit],
+ [AS_HELP_STRING([--disable-cppunit], [Build without cppunit tests])])
+
+ac_cv_cppunit=no
+AS_IF([test "x$enable_cppunit" != "xno"], [
+ AS_IF([test "x$ac_cv_prog_PKGCONFIG" = "xyes"],
+ [
+ dnl IGNOREs keep cppunit out of .pc file, as it's for testing only
+ TSK_PKG_CHECK_MODULES([CPPUNIT], [], [cppunit >= 1.12.1], [ac_cv_cppunit=yes], [ac_cv_cppunit=no], [IGNORE], [IGNORE])
+ ]
+ )
+
+ AS_IF([test "x$ac_cv_cppunit" != "xyes"],
+ [AM_PATH_CPPUNIT(1.12.1)
+ AS_IF([test "x$no_cppunit" = x], [ac_cv_cppunit=yes])]
+ )
+
+ AC_MSG_CHECKING([for TestRunner in -lcppunit])
+
+ SAVED_CFLAGS="$CFLAGS"
+ SAVED_LDFLAGS="$LDFLAGS"
+ CFLAGS="$CPPUNIT_CLFAGS"
+ LDFLAGS="$CPPUNIT_LIBS"
+
+ AC_LANG_PUSH([C++])
+ AC_LINK_IFELSE([AC_LANG_PROGRAM(
+ [[#include <cppunit/ui/text/TestRunner.h>]],
+ [[CppUnit::TextUi::TestRunner();]])],
+ [ax_cv_cppunit=yes],
+ [ax_cv_cppunit=no])
+ AC_LANG_POP([C++])
+
+ CFLAGS="$SAVED_CFLAGS"
+ LDFLAGS="$SAVED_LDFLAGS"
+
+ AC_MSG_RESULT([$ax_cv_cppunit])
+])
+
+AM_CONDITIONAL([HAVE_CPPUNIT],[test "x$ac_cv_cppunit" = xyes])
+
dnl check for user online input
AC_ARG_ENABLE([offline],
@@ -222,88 +220,6 @@ AC_ARG_ENABLE([offline],
AM_CONDITIONAL([OFFLINE], [test "x$offline" = xtrue])
-
-dnl Check if we should link libewf.
-AC_ARG_WITH([libewf],
- [AS_HELP_STRING([--without-libewf],[Do not use libewf even if it is installed])]
- [AS_HELP_STRING([--with-libewf=dir],[Specify that libewf is installed in directory 'dir'])],
- dnl If --with-libewf or --without-libewf is given
- [],
- dnl if nothing was specified, default to a test
- [with_libewf=yes])
-
-dnl check for the lib if they did not specify no
-AS_IF([test "x$with_libewf" != "xno"],
- dnl Test the dir if they specified something beyond yes/no
- [AS_IF([test "x$with_libewf" != "xyes"],
- [AS_IF([test -d ${with_libewf}/include],
- [CPPFLAGS="$CPPFLAGS -I${with_libewf}/include"
- LDFLAGS="$LDFLAGS -L${with_libewf}/lib"],
- dnl Dir given was not correct
- [AC_MSG_FAILURE([libewf directory not found at ${with_libewf}])])
- ]
- )]
- dnl Check for the header file first to make sure they have the dev install
- [AC_CHECK_HEADERS([libewf.h],
- [AC_CHECK_LIB([ewf], [libewf_get_version], [], [NO_LIBEWF=true])]
- )]
-)
-AS_IF([test "x$ac_cv_lib_ewf_libewf_get_version" = "xyes"], [ax_libewf=yes], [ax_libewf=no])
-
-dnl Check if we should link libvhdi.
-AC_ARG_WITH([libvhdi],
- [AS_HELP_STRING([--without-libvhdi],[Do not use libvhdi even if it is installed])]
- [AS_HELP_STRING([--with-libvhdi=dir],[Specify that libvhdi is installed in directory 'dir'])],
- dnl If --with-libvhdi or --without-libvhdi is given
- [],
- dnl if nothing was specified, default to a test
- [with_libvhdi=yes])
-
-dnl check for the lib if they did not specify no
-AS_IF([test "x$with_libvhdi" != "xno"],
- dnl Test the dir if they specified something beyond yes/no
- [AS_IF([test "x$with_libvhdi" != "xyes"],
- [AS_IF([test -d ${with_libvhdi}/include],
- [CPPFLAGS="$CPPFLAGS -I${with_libvhdi}/include"
- LDFLAGS="$LDFLAGS -L${with_libvhdi}/lib"],
- dnl Dir given was not correct
- [AC_MSG_FAILURE([libvhdi directory not found at ${with_libvhdi}])])
- ]
- )]
- dnl Check for the header file first to make sure they have the dev install
- [AC_CHECK_HEADERS([libvhdi.h],
- [AC_CHECK_LIB([vhdi], [libvhdi_get_version], [], [NO_libvhdi=true])]
- )]
-)
-AS_IF([test "x$ac_cv_lib_vhdi_libvhdi_get_version" = "xyes"], [ax_libvhdi=yes], [ax_libvhdi=no])
-
-dnl Check if we should link libvmdk.
-AC_ARG_WITH([libvmdk],
- [AS_HELP_STRING([--without-libvmdk],[Do not use libvmdk even if it is installed])]
- [AS_HELP_STRING([--with-libvmdk=dir],[Specify that libvmdk is installed in directory 'dir'])],
- dnl If --with-libvmdk or --without-libvmdk is given
- [],
- dnl if nothing was specified, default to a test
- [with_libvmdk=yes])
-
-dnl check for the lib if they did not specify no
-AS_IF([test "x$with_libvmdk" != "xno"],
- dnl Test the dir if they specified something beyond yes/no
- [AS_IF([test "x$with_libvmdk" != "xyes"],
- [AS_IF([test -d ${with_libvmdk}/include],
- [CPPFLAGS="$CPPFLAGS -I${with_libvmdk}/include"
- LDFLAGS="$LDFLAGS -L${with_libvmdk}/lib"],
- dnl Dir given was not correct
- [AC_MSG_FAILURE([libvmdk directory not found at ${with_libvmdk}])])
- ]
- )]
- dnl Check for the header file first to make sure they have the dev install
- [AC_CHECK_HEADERS([libvmdk.h],
- [AC_CHECK_LIB([vmdk], [libvmdk_get_version], [], [NO_libvmdk=true])]
- )]
-)
-AS_IF([test "x$ac_cv_lib_vmdk_libvmdk_get_version" = "xyes"], [ax_libvmdk=yes], [ax_libvmdk=no])
-
dnl Test for the various java things that we need for bindings
AS_IF([test "x$enable_java" != "xno"], [
dnl javac is needed to compile the JAR file
diff --git a/m4/ax_pkg_check_modules.m4 b/m4/ax_pkg_check_modules.m4
new file mode 100644
index 0000000000000000000000000000000000000000..f3af0f684d1322f312798cb36ca7b309f8b036ab
--- /dev/null
+++ b/m4/ax_pkg_check_modules.m4
@@ -0,0 +1,69 @@
+# ===========================================================================
+# http://www.gnu.org/software/autoconf-archive/ax_pkg_check_modules.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_PKG_CHECK_MODULES(PREFIX, PUBLIC-MODULES, PRIVATE-MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND], [PUBLIC-VARIABLE], [PRIVATE-VARIABLE])
+#
+# DESCRIPTION
+#
+# A wrapper around PKG_CHECK_MODULES which splits the list of modules into
+# public and private dependencies, and produces two variables listing the
+# dependencies across all invocations of AX_PKG_CHECK_MODULES. These two
+# variables are exposed via AC_SUBST, and should be used in a pkg-config
+# file as the substituted values for Requires and Requires.private.
+#
+# The PREFIX, PUBLIC-MODULES and PRIVATE-MODULES arguments should be
+# specified as for PKG_CHECK_MODULES, with the concatenation of
+# PUBLIC-MODULES and PRIVATE-MODULES equaling the LIST-OF-MODULES from
+# PKG_CHECK_MODULES. The ACTION-IF-FOUND and ACTION-IF-NOT-FOUND
+# arguments are optional, and should also be specified as for
+# PKG_CHECK_MODULES. ACTION-IF-FOUND is evaluated if the full
+# LIST-OF-MODULES is found; ACTION-IF-NOT-FOUND similarly.
+#
+# PUBLIC-VARIABLE defaults to AX_PACKAGE_REQUIRES, and PRIVATE-VARIABLE
+# defaults to AX_PACKAGE_REQUIRES_PRIVATE. Both variables are AC_SUBST-ed
+# by this macro.
+#
+# For example:
+#
+# AX_PKG_CHECK_MODULES([GLIB],[glib-2.0 gio-2.0],[gthread-2.0])
+# AX_PKG_CHECK_MODULES([DBUS],[],[dbus-glib-1 >= 0.98 dbus-1])
+#
+# results in the substitutions:
+#
+# AX_PACKAGE_REQUIRES="glib-2.0 gio-2.0"
+# AX_PACKAGE_REQUIRES_PRIVATE="gthread-2.0 dbus-glib-1 >= 0.98 dbus-1"
+#
+# and can be used with a template pkg-config file (.pc.in) using:
+#
+# Requires: @AX_PACKAGE_REQUIRES@
+# Requires.private: @AX_PACKAGE_REQUIRES_PRIVATE@
+#
+# LICENSE
+#
+# Copyright (c) 2014 Philip Withnall <philip@tecnocode.co.uk>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 2
+
+AC_DEFUN([AX_PKG_CHECK_MODULES],[
+ m4_define([ax_package_requires],
+ [m4_default_quoted([$6],[AX_PACKAGE_REQUIRES])])
+ m4_define([ax_package_requires_private],
+ [m4_default_quoted([$7],[AX_PACKAGE_REQUIRES_PRIVATE])])
+
+ ax_package_requires="$[]ax_package_requires $2"
+ ax_package_requires_private="$[]ax_package_requires_private $3"
+
+ PKG_CHECK_MODULES([$1],[$2 $3],[$4],[$5])
+
+ # Substitute output.
+ AC_SUBST(ax_package_requires)
+ AC_SUBST(ax_package_requires_private)
+])dnl AX_PKG_CHECK_MODULES
diff --git a/m4/tsk_opt_dep_check.m4 b/m4/tsk_opt_dep_check.m4
new file mode 100644
index 0000000000000000000000000000000000000000..2e5333bfb56dcdc15cbd57a7c3af80ad1eb90adc
--- /dev/null
+++ b/m4/tsk_opt_dep_check.m4
@@ -0,0 +1,140 @@
+#
+# Check if pkg-config is installed and set up variables used for producing
+# the tsk.pc.
+#
+# This MUST be run before any of the other macros in this file.
+#
+AC_DEFUN([TSK_CHECK_PROG_PKGCONFIG], [
+ AC_CHECK_PROG([PKGCONFIG], [pkg-config], [yes], [no])
+ AS_IF([test "x$ac_cv_prog_PKGCONFIG" = "xyes"], [
+ m4_ifdef([PKG_PROG_PKG_CONFIG], [PKG_PROG_PKG_CONFIG], [])
+ dnl Ask for static libs during static linking
+ AS_IF([test "x$enable_shared" != "xyes"], [PKG_CONFIG="$PKG_CONFIG --static"])
+ ])
+
+ PACKAGE_LIBS_PRIVATE=
+ AC_SUBST([PACKAGE_LIBS_PRIVATE])
+])
+
+#
+# Call AX_PKG_CHECK_MODULES only if PKG_CHECK_MODULES is defined, i.e.,
+# only if we have the pkg-config macros; otherwise make it a no-op
+#
+AC_DEFUN([TSK_PKG_CHECK_MODULES], [
+ m4_ifdef([PKG_CHECK_MODULES],
+ [AX_PKG_CHECK_MODULES([$1], [$2], [$3], [$4], [$5], [$6], [$7])])
+])
+
+#
+# Check for optional dependencies.
+#
+# TSK_OPT_DEP_CHECK(DISPLAY_NAME, PKG_VAR, PKG_MODULE, HEADER_LIST, CHECK_LIB_NAME, CHECK_LIB_FUNC)
+#
+# DISPLAY_NAME is the name of the library shown by 'configure --help'
+#
+# PKG_VAR is the prefix used for variables associated with the particular
+# dependency. Each dependency may have its own CPPFLAGS, CFLAGS, CXXFLAGS,
+# and LIBS variables. E.g., "FOO" would have FOO_CPPFLAGS, FOO_CFLAGS, etc.
+#
+# PKG_MODULE is the name of the library to be checked by pkg-config.
+#
+# HEADER_LIST is a list of header files to be checked by AC_CHECK_HEADERS.
+#
+# CHECK_LIB_NAME is the name of the library to be checked by AC_CHECK_LIB.
+#
+# CHECK_LIB FUNC is the name of the function to be checked by AC_CHECK_LIB.
+#
+# If the library is found, ax_DISPLAY_NAME will be set to 'yes'; otherwise
+# to 'no'.
+#
+AC_DEFUN([TSK_OPT_DEP_CHECK], [
+ dnl Check if we should link lib
+ AC_ARG_WITH(
+ [$1],
+ [AS_HELP_STRING([--without-$1],[Do not use $1 even if it is installed])]
+ [AS_HELP_STRING([--with-$1=dir],[Specify that $1 is installed in directory 'dir'])],
+ dnl If --with-lib or --without-lib is given
+ [],
+ dnl if nothing was specified, default to a test
+ [with_$1=yes]
+ )
+
+ dnl check for lib if they did not specify no
+ ax_$1=no
+ AS_IF(
+ [test "x[$]with_$1" != "xno"],
+ [
+ dnl Save flags so we can reset them if the library isn't found
+ SAVED_CPPFLAGS="$CPPFLAGS"
+ SAVED_CFLAGS="$CFLAGS"
+ SAVED_CXXFLAGS="$CXXFLAGS"
+ SAVED_LDFLAGS="$LDFLAGS"
+ SAVED_LIBS="$LIBS"
+
+ AS_IF([test "x[$]with_$1" = "xyes"],
+ [
+ dnl Check for lib using pkg-config, if we have it
+ m4_ifval([$2], [AS_IF([test "x$ac_cv_prog_PKGCONFIG" = "xyes"],
+ [
+ SAVED_AX_PACKAGE_REQUIRES="$AX_PACKAGE_REQUIRES"
+ SAVED_AX_PACKAGE_REQUIRES_PRIVATE="$AX_PACKAGE_REQUIRES_PRIVATE"
+ TSK_PKG_CHECK_MODULES([$2], [], [$3],
+ [
+ CPPFLAGS="$CPPFLAGS [$]$2[]_CFLAGS"
+ CFLAGS="$CFLAGS [$]$2[]_CFLAGS"
+ CXXFLAGS="$CXXFLAGS [$]$2[]_CFLAGS"
+ LIBS="$LIBS [$]$2[]_LIBS"
+ ax_$1=yes
+ ],
+ [
+ AX_PACKAGE_REQUIRES="$SAVED_AX_PACKAGE_REQUIRES"
+ AX_PACKAGE_REQUIRES_PRIVATE="$SAVED_AX_PACKAGE_REQUIRES_PRIVATE"
+ ax_$1=no
+ ]
+ )]
+ )])
+ ],
+ [
+ dnl A directory was given; check that it exists
+ AS_IF([test -d "[$]with_$1/include"],
+ [
+ CPPFLAGS="$CPPFLAGS -I[$]with_$1/include"
+ LDFLAGS="$LDFLAGS -L[$]with_$1/lib"
+ ],
+ [AC_MSG_FAILURE([$1 directory not found at [$]with_$1])]
+ )
+ ]
+ )
+
+ dnl Check if the library is usable
+ AC_CHECK_HEADERS([$4], [AC_CHECK_LIB([$5], [$6])])
+ AS_IF([test "x[$]ac_cv_lib_$5[]_$6" = "xyes"],
+ [
+ dnl Library found and usable
+ AS_IF([test "x[$]ax_$1" = "xyes"],
+ [
+ dnl Library found with pkg-config; reset CPPFLAGS so as not
+ dnl to duplicate flags pkg-config puts into CFLAGS
+ CPPFLAGS="$SAVED_CPPFLAGS"
+ ],
+ [
+ ax_$1=yes
+ dnl Library found without pkg-config; ensure that it is added
+ dnl to Libs.private in tsk.pc
+ PACKAGE_LIBS_PRIVATE="$PACKAGE_LIBS_PRIVATE -l$5"
+ ]
+ )
+ ],
+ [
+ dnl Library not found or unusable; reset flags
+ CPPFLAGS="$SAVED_CPPFLAGS"
+ CFLAGS="$SAVED_CFLAGS"
+ CXXFLAGS="$SAVED_CXXFLAGS"
+ LDFLAGS="$SAVED_LDFLAGS"
+ LIBS="$SAVED_LIBS"
+ ax_$1=no
+ ]
+ )
+ ]
+ )
+])
diff --git a/tools/fstools/blkcalc.cpp b/tools/fstools/blkcalc.cpp
index 9307d79a1735625109c5d5b2511a0e4db603f146..f204dcfdf00ef3718e6efa9356b927316147938f 100644
--- a/tools/fstools/blkcalc.cpp
+++ b/tools/fstools/blkcalc.cpp
@@ -248,7 +248,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -258,7 +258,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_pool_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -267,20 +267,20 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
if (-1 == tsk_fs_blkcalc(fs, (TSK_FS_BLKCALC_FLAG_ENUM) type, count)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/blkcat.cpp b/tools/fstools/blkcat.cpp
index 609e58a25412194bf6babcb39be72d00c4de70fa..403b39bfcdab38e7d4db93d50e290926b0d644ed 100644
--- a/tools/fstools/blkcat.cpp
+++ b/tools/fstools/blkcat.cpp
@@ -309,7 +309,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -319,7 +319,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_pool_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -328,7 +328,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -366,29 +366,29 @@ main(int argc, char **argv1)
tsk_fprintf(stderr,
"Data unit address too large for image (%" PRIuDADDR ")\n",
fs->last_block);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
if (addr < fs->first_block) {
tsk_fprintf(stderr,
"Data unit address too small for image (%" PRIuDADDR ")\n",
fs->first_block);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
if (tsk_fs_blkcat(fs, (TSK_FS_BLKCAT_FLAG_ENUM) format, addr,
read_num_units)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/blkls.cpp b/tools/fstools/blkls.cpp
index bf8aa2e367587164dac2854d05bab99caf5ab404..df7f68b391b49f9d1501b8035a965690db4aa51b 100644
--- a/tools/fstools/blkls.cpp
+++ b/tools/fstools/blkls.cpp
@@ -234,7 +234,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -244,7 +244,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_pool_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -253,7 +253,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -350,7 +350,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -360,7 +360,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_pool_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -369,7 +369,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -391,12 +391,12 @@ main(int argc, char **argv1)
if (tsk_fs_blkls(fs, (TSK_FS_BLKLS_FLAG_ENUM) lclflags, bstart, blast,
(TSK_FS_BLOCK_WALK_FLAG_ENUM)flags)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/blkstat.cpp b/tools/fstools/blkstat.cpp
index f816ee164dfcf257b747be451843598598e541c7..eedfe2aa9225e40cca7e41dd61e96877970478d4 100644
--- a/tools/fstools/blkstat.cpp
+++ b/tools/fstools/blkstat.cpp
@@ -186,7 +186,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -196,7 +196,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_pool_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -205,7 +205,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -215,28 +215,28 @@ main(int argc, char **argv1)
tsk_fprintf(stderr,
"Data unit address too large for image (%" PRIuDADDR ")\n",
fs->last_block);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
if (addr < fs->first_block) {
tsk_fprintf(stderr,
"Data unit address too small for image (%" PRIuDADDR ")\n",
fs->first_block);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
if (tsk_fs_blkstat(fs, addr)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/fcat.cpp b/tools/fstools/fcat.cpp
index 0e7e72b7b0e345c5fef4e158c1ce12944c0d7cc0..31f0a756d2c1b5f1f99a780943f459f1ab463757 100644
--- a/tools/fstools/fcat.cpp
+++ b/tools/fstools/fcat.cpp
@@ -200,7 +200,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -210,7 +210,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_pool_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -219,7 +219,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -227,15 +227,15 @@ main(int argc, char **argv1)
if (-1 == (retval = tsk_fs_ifind_path(fs, path, &inum))) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
free(path);
exit(1);
}
else if (retval == 1) {
tsk_fprintf(stderr, "File not found\n");
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
free(path);
exit(1);
}
@@ -252,13 +252,13 @@ main(int argc, char **argv1)
}
else {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/ffind.cpp b/tools/fstools/ffind.cpp
index d9565bc4e2413e60768491ea91d1c1a342258e52..00d382c60e1e429a107b391b0737c82b89e6be22 100644
--- a/tools/fstools/ffind.cpp
+++ b/tools/fstools/ffind.cpp
@@ -217,7 +217,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -227,7 +227,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_pool_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -236,7 +236,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -258,12 +258,12 @@ main(int argc, char **argv1)
type_used, id, id_used,
(TSK_FS_DIR_WALK_FLAG_ENUM) dir_walk_flags)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/fls.cpp b/tools/fstools/fls.cpp
index fc0b91d837189c5b61fe90757843cacec16bb7e9..197f536a7137abbd9b48493b8b4b0824466cbc22 100644
--- a/tools/fstools/fls.cpp
+++ b/tools/fstools/fls.cpp
@@ -410,7 +410,7 @@ main(int argc, char **argv1)
if (tsk_fs_fls(fs, (TSK_FS_FLS_FLAG_ENUM) fls_flags, inode,
(TSK_FS_DIR_WALK_FLAG_ENUM) name_flags, macpre, sec_skew)) {
tsk_error_print(stderr);
- fs->close(fs);
+ tsk_fs_close(fs);
tsk_img_close(img);
if (pool != NULL) {
tsk_pool_close(pool);
@@ -421,7 +421,7 @@ main(int argc, char **argv1)
exit(1);
}
- fs->close(fs);
+ tsk_fs_close(fs);
tsk_img_close(img);
if (pool != NULL) {
diff --git a/tools/fstools/fscheck.cpp b/tools/fstools/fscheck.cpp
index 77d5cf623d42630074889bb02270ccc0872dac8e..c3ef18ac088b882d7b068950c5edb99048128a4a 100644
--- a/tools/fstools/fscheck.cpp
+++ b/tools/fstools/fscheck.cpp
@@ -137,20 +137,20 @@ main(int argc, char **argv)
tsk_print_types(stderr);
tsk_error_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
if (fs->fscheck(fs, stdout)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/fsstat.cpp b/tools/fstools/fsstat.cpp
index ca6a6a01494b42c8158f055e93589c95131b51c3..1c082d947a1d2a971648ef643c2226db8e807ac7 100644
--- a/tools/fstools/fsstat.cpp
+++ b/tools/fstools/fsstat.cpp
@@ -197,7 +197,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
} else {
@@ -206,7 +206,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_pool_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -215,7 +215,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -226,13 +226,13 @@ main(int argc, char **argv1)
else {
if (fs->fsstat(fs, stdout)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/icat.cpp b/tools/fstools/icat.cpp
index b1656dc1d8ab343d514e2c3b5e57de7a7b7c0f85..b580f175dbaddf233d92a53dc93e34676d63a27d 100644
--- a/tools/fstools/icat.cpp
+++ b/tools/fstools/icat.cpp
@@ -236,7 +236,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
} else {
@@ -245,7 +245,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_pool_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -254,7 +254,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -263,16 +263,16 @@ main(int argc, char **argv1)
tsk_fprintf(stderr,
"Metadata address too large for image (%" PRIuINUM ")\n",
fs->last_inum);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
if (inum < fs->first_inum) {
tsk_fprintf(stderr,
"Metadata address too small for image (%" PRIuINUM ")\n",
fs->first_inum);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
@@ -290,12 +290,12 @@ main(int argc, char **argv1)
}
else {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/ifind.cpp b/tools/fstools/ifind.cpp
index 59040dc0ea37cf012a8d8aad1ddafa9afdd356ef..e312c88728cda7b05422de1767d12ce4f7524579 100644
--- a/tools/fstools/ifind.cpp
+++ b/tools/fstools/ifind.cpp
@@ -277,7 +277,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -287,7 +287,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_pool_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -296,7 +296,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -307,15 +307,15 @@ main(int argc, char **argv1)
"Block %" PRIuDADDR
" is larger than last block in image (%" PRIuDADDR
")\n", block, fs->last_block);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
if (tsk_fs_ifind_data(fs, (TSK_FS_IFIND_FLAG_ENUM) localflags,
block)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
}
@@ -323,8 +323,8 @@ main(int argc, char **argv1)
else if (type == IFIND_PARENT) {
if (TSK_FS_TYPE_ISNTFS(fs->ftype) == 0) {
tsk_fprintf(stderr, "-p works only with NTFS file systems\n");
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
else if (parinode > fs->last_inum) {
@@ -332,15 +332,15 @@ main(int argc, char **argv1)
"Meta data %" PRIuINUM
" is larger than last MFT entry in image (%" PRIuINUM
")\n", parinode, fs->last_inum);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
if (tsk_fs_ifind_par(fs, (TSK_FS_IFIND_FLAG_ENUM) localflags,
parinode)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
}
@@ -351,8 +351,8 @@ main(int argc, char **argv1)
if (-1 == (retval = tsk_fs_ifind_path(fs, path, &inum))) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
free(path);
exit(1);
}
@@ -362,8 +362,8 @@ main(int argc, char **argv1)
else
tsk_printf("%" PRIuINUM "\n", inum);
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/ils.cpp b/tools/fstools/ils.cpp
index 22a6087daf993eda6317ccdefd2a3ef62d872711..47cd7b1610eaa12afcb5f9cd6eb352cb4c64566c 100644
--- a/tools/fstools/ils.cpp
+++ b/tools/fstools/ils.cpp
@@ -353,7 +353,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -363,7 +363,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_pool_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -372,7 +372,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -409,12 +409,12 @@ main(int argc, char **argv1)
if (tsk_fs_ils(fs, (TSK_FS_ILS_FLAG_ENUM) ils_flags, istart, ilast,
(TSK_FS_META_FLAG_ENUM) flags, sec_skew, image)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/istat.cpp b/tools/fstools/istat.cpp
index 42b7928a858db04d0c978a23223817d2351fce02..c4e9a031a72b3bc6fe910cdf698054ea96c6a047 100644
--- a/tools/fstools/istat.cpp
+++ b/tools/fstools/istat.cpp
@@ -255,7 +255,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
} else {
@@ -264,7 +264,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_pool_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -273,7 +273,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -282,8 +282,8 @@ main(int argc, char **argv1)
tsk_fprintf(stderr,
"Metadata address is too large for image (%" PRIuINUM ")\n",
fs->last_inum);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
@@ -291,8 +291,8 @@ main(int argc, char **argv1)
tsk_fprintf(stderr,
"Metadata address is too small for image (%" PRIuINUM ")\n",
fs->first_inum);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
@@ -302,12 +302,12 @@ main(int argc, char **argv1)
if (fs->istat(fs, (TSK_FS_ISTAT_FLAG_ENUM) istat_flags, stdout, inum, numblock, sec_skew)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/jcat.cpp b/tools/fstools/jcat.cpp
index 0aed1b8ac2e555c7201aed09f105d8ceea759883..be7c09d185e323e91b3ed5bba5b5b0b90245abd7 100644
--- a/tools/fstools/jcat.cpp
+++ b/tools/fstools/jcat.cpp
@@ -162,7 +162,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
inum = fs->journ_inum;
@@ -179,7 +179,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -188,8 +188,8 @@ main(int argc, char **argv1)
tsk_fprintf(stderr,
"Inode value is too large for image (%" PRIuINUM ")\n",
fs->last_inum);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
@@ -197,16 +197,16 @@ main(int argc, char **argv1)
tsk_fprintf(stderr,
"Inode value is too small for image (%" PRIuINUM ")\n",
fs->first_inum);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
if (fs->jopen == NULL) {
tsk_fprintf(stderr,
"Journal support does not exist for this file system\n");
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
@@ -214,26 +214,26 @@ main(int argc, char **argv1)
if (-1 == _setmode(_fileno(stdout), _O_BINARY)) {
fprintf(stderr,
"jcat: error setting stdout to binary: %s", strerror(errno));
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
#endif
if (fs->jopen(fs, inum)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
if (fs->jblk_walk(fs, blk, blk, 0, 0, NULL)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/jls.cpp b/tools/fstools/jls.cpp
index 073cbb66c4f9ca197db2f5a7a89b93fcd200d627..148d64c64712b2bfbc0a9de5190049f75ee4bed1 100644
--- a/tools/fstools/jls.cpp
+++ b/tools/fstools/jls.cpp
@@ -152,7 +152,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -170,7 +170,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_fs_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -178,8 +178,8 @@ main(int argc, char **argv1)
if (fs->jopen == NULL) {
tsk_fprintf(stderr,
"Journal support does not exist for this file system\n");
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
@@ -187,8 +187,8 @@ main(int argc, char **argv1)
tsk_fprintf(stderr,
"Inode value is too large for image (%" PRIuINUM ")\n",
fs->last_inum);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
@@ -196,25 +196,25 @@ main(int argc, char **argv1)
tsk_fprintf(stderr,
"Inode value is too small for image (%" PRIuINUM ")\n",
fs->first_inum);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
if (fs->jopen(fs, inum)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
if (fs->jentry_walk(fs, 0, 0, NULL)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/fstools/usnjls.cpp b/tools/fstools/usnjls.cpp
index 5d072e52954b6e9b7c05abe8b72a47b68a5e8ba6..39baa6ca4cf42d5a8e9a9b8b835f333b9a62cd78 100644
--- a/tools/fstools/usnjls.cpp
+++ b/tools/fstools/usnjls.cpp
@@ -177,7 +177,7 @@ main(int argc, char **argv1)
tsk_fs_type_print(stderr);
}
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -214,8 +214,7 @@ main(int argc, char **argv1)
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE) {
tsk_fs_type_print(stderr);
}
-
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
}
@@ -224,8 +223,8 @@ main(int argc, char **argv1)
tsk_fprintf(stderr,
"Inode value is too large for image (%" PRIuINUM ")\n",
fs->last_inum);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
@@ -233,19 +232,19 @@ main(int argc, char **argv1)
tsk_fprintf(stderr,
"Inode value is too small for image (%" PRIuINUM ")\n",
fs->first_inum);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
if (tsk_fs_usnjls(fs, inum, flag)) {
tsk_error_print(stderr);
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(1);
}
- fs->close(fs);
- img->close(img);
+ tsk_fs_close(fs);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tools/logicalimager/DriveUtil.cpp b/tools/logicalimager/DriveUtil.cpp
index 81a999eff40407c5b3ce990acfbd074433f3894d..d936fa1b72b95cbd3e52eb422bb75e76c767a274 100644
--- a/tools/logicalimager/DriveUtil.cpp
+++ b/tools/logicalimager/DriveUtil.cpp
@@ -75,7 +75,7 @@ bool DriveUtil::driveIsFAT(wchar_t *drive) {
break;
}
}
- img->close(img);
+ tsk_img_close(img);
TskHelper::getInstance().reset();
return result;
}
diff --git a/tools/logicalimager/TskHelper.cpp b/tools/logicalimager/TskHelper.cpp
index a49415d15b8360ea15abdd4a469a6650e9c204d1..4611769340c5eccecfa08f9d8dc11c03bfc8f590 100755
--- a/tools/logicalimager/TskHelper.cpp
+++ b/tools/logicalimager/TskHelper.cpp
@@ -798,7 +798,7 @@ void TskHelper::enumerateFileAndVolumeSystems(TSK_IMG_INFO *img) {
/*
* Add all FS found in the given image to TskHelp::getInstance()
-* Returns TSK_IMG_INFO *, caller should call img->close(img) when done.
+* Returns TSK_IMG_INFO *, caller should call tsk_img_close(img) when done.
* The FS can be obtained by calling TskHelper::getInstance().getFSInfoList()
* Caller must call TskHelper::getInstance().reset() when done with the FS.
* May exit the program if image failed to open.
diff --git a/tools/logicalimager/tsk_logical_imager.cpp b/tools/logicalimager/tsk_logical_imager.cpp
index 05f8490ec6fa023bbf2b76ff48c3e8325adc5114..4ec768838f88cc44267f4d4287d250793a711413 100644
--- a/tools/logicalimager/tsk_logical_imager.cpp
+++ b/tools/logicalimager/tsk_logical_imager.cpp
@@ -558,7 +558,7 @@ main(int argc, char **argv1)
if (hasTskLogicalImager()) {
ReportUtil::consoleOutput(stdout, "Skipping drive %s because tsk_logical_imager.exe exists at the root directory.\n", imageShortName.c_str());
- img->close(img);
+ tsk_img_close(img);
TskHelper::getInstance().reset();
continue; // Don't process a drive with /tsk_logicial_image.exe at the root
}
@@ -624,7 +624,7 @@ main(int argc, char **argv1)
if (closeImgNow) {
// close the image, if not creating VHD.
- img->close(img);
+ tsk_img_close(img);
}
}
@@ -644,7 +644,7 @@ main(int argc, char **argv1)
}
}
}
- img->close(img);
+ tsk_img_close(img);
}
if (config) {
diff --git a/tools/pooltools/pstat.cpp b/tools/pooltools/pstat.cpp
index fe07ad18109a596f424cf8f482af5ed7738401d1..b8a94ecf584101a762edaa1d1eb78a62251bb60e 100644
--- a/tools/pooltools/pstat.cpp
+++ b/tools/pooltools/pstat.cpp
@@ -140,7 +140,7 @@ main(int argc, char **argv1)
tsk_error_print(stderr);
if (tsk_error_get_errno() == TSK_ERR_FS_UNSUPTYPE)
tsk_pool_type_print(stderr);
- img->close(img);
+ tsk_img_close(img);
exit(1);
}
@@ -150,13 +150,13 @@ main(int argc, char **argv1)
else {
if (pool->poolstat(pool, stdout)) {
tsk_error_print(stderr);
- pool->close(pool);
- img->close(img);
+ tsk_pool_close(pool);
+ tsk_img_close(img);
exit(1);
}
}
- pool->close(pool);
- img->close(img);
+ tsk_pool_close(pool);
+ tsk_img_close(img);
exit(0);
}
diff --git a/tsk/Makefile.am b/tsk/Makefile.am
index 21d3605dc99dea7cf280646b25f1e1329c534de9..2fd5cfb5a9b86ff696db96d712d6c709ea05694e 100644
--- a/tsk/Makefile.am
+++ b/tsk/Makefile.am
@@ -10,4 +10,22 @@ libtsk_la_LIBADD = base/libtskbase.la img/libtskimg.la \
# current:revision:age
libtsk_la_LDFLAGS = -version-info 20:6:1 $(LIBTSK_LDFLAGS)
-EXTRA_DIST = tsk_tools_i.h docs/Doxyfile docs/*.dox docs/*.html
+EXTRA_DIST = tsk_tools_i.h docs/Doxyfile docs/*.dox docs/*.html \
+ tsk.pc.in
+
+pkgconfigdir = $(libdir)/pkgconfig
+nodist_pkgconfig_DATA = tsk.pc
+
+tsk.pc: tsk.pc.in Makefile
+ sed -e 's![@]prefix[@]!$(prefix)!g' \
+ -e 's![@]exec_prefix[@]!$(exec_prefix)!g' \
+ -e 's![@]includedir[@]!$(includedir)!g' \
+ -e 's![@]libdir[@]!$(libdir)!g' \
+ -e 's![@]PACKAGE_NAME[@]!$(PACKAGE_NAME)!g' \
+ -e 's![@]PACKAGE_VERSION[@]!$(PACKAGE_VERSION)!g' \
+ -e 's![@]AX_PACKAGE_REQUIRES[@]!$(AX_PACKAGE_REQUIRES)!g' \
+ -e 's![@]PACKAGE_LIBS_PRIVATE[@]!$(PACKAGE_LIBS_PRIVATE)!g' \
+ -e 's![@]AX_PACKAGE_REQUIRES_PRIVATE[@]!$(AX_PACKAGE_REQUIRES_PRIVATE)!g' \
+ $< >$@
+
+CLEANFILES = tsk.pc
diff --git a/tsk/auto/auto.cpp b/tsk/auto/auto.cpp
index 8f633247d8159c1357f4e5943a84317080183805..e3c7397784c6c558ab46590047fb460283a210c3 100755
--- a/tsk/auto/auto.cpp
+++ b/tsk/auto/auto.cpp
@@ -393,7 +393,7 @@ TskAuto::hasPool(TSK_OFF_T a_start)
if (pool == nullptr) {
return false;
}
- pool->close(pool);
+ tsk_pool_close(pool);
return true;
}
@@ -453,7 +453,7 @@ TskAuto::findFilesInPool(TSK_OFF_T start, TSK_POOL_TYPE_ENUM ptype)
TSK_FILTER_ENUM filterRetval = filterPoolVol(vol_info);
if ((filterRetval == TSK_FILTER_STOP) || (m_stopAllProcessing)) {
- pool->close(pool);
+ tsk_pool_close(pool);
return TSK_STOP;
}
@@ -466,8 +466,8 @@ TskAuto::findFilesInPool(TSK_OFF_T start, TSK_POOL_TYPE_ENUM ptype)
tsk_fs_close(fs_info);
if (retval == TSK_STOP) {
- pool_img->close(pool_img);
- pool->close(pool);
+ tsk_img_close(pool_img);
+ tsk_pool_close(pool);
return TSK_STOP;
}
}
@@ -486,15 +486,15 @@ TskAuto::findFilesInPool(TSK_OFF_T start, TSK_POOL_TYPE_ENUM ptype)
registerError();
}
- pool_img->close(pool_img);
- pool->close(pool);
+ tsk_img_close(pool_img);
+ tsk_pool_close(pool);
return TSK_ERR;
}
tsk_img_close(pool_img);
}
else {
- pool->close(pool);
+ tsk_pool_close(pool);
tsk_error_set_errstr2(
"findFilesInPool: Error opening APFS pool");
registerError();
@@ -506,7 +506,7 @@ TskAuto::findFilesInPool(TSK_OFF_T start, TSK_POOL_TYPE_ENUM ptype)
}
}
else {
- pool->close(pool);
+ tsk_pool_close(pool);
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_POOL_UNSUPTYPE);
tsk_error_set_errstr("%d", pool->ctype);
diff --git a/tsk/fs/ntfs.c b/tsk/fs/ntfs.c
old mode 100755
new mode 100644
diff --git a/tsk/img/img_open.cpp b/tsk/img/img_open.cpp
index 6f879e3cadcdd6b121c3d8f3c07f254a2200bc4e..f9f2e672734923637bf4afa587a183fd78f987b2 100644
--- a/tsk/img/img_open.cpp
+++ b/tsk/img/img_open.cpp
@@ -230,18 +230,6 @@ tsk_img_open(int num_img,
return NULL;
}
-#if HAVE_LIBVHDI
- case TSK_IMG_TYPE_VHD_VHD:
- img_info = vhdi_open(num_img, images, a_ssize);
- break;
-#endif
-
-#if HAVE_LIBVMDK
- case TSK_IMG_TYPE_VMDK_VMDK:
- img_info = vmdk_open(num_img, images, a_ssize);
- break;
-#endif
-
case TSK_IMG_TYPE_RAW:
img_info = raw_open(num_img, images, a_ssize);
break;
@@ -261,6 +249,18 @@ tsk_img_open(int num_img,
break;
#endif
+#if HAVE_LIBVMDK
+ case TSK_IMG_TYPE_VMDK_VMDK:
+ img_info = vmdk_open(num_img, images, a_ssize);
+ break;
+#endif
+
+#if HAVE_LIBVHDI
+ case TSK_IMG_TYPE_VHD_VHD:
+ img_info = vhdi_open(num_img, images, a_ssize);
+ break;
+#endif
+
default:
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_IMG_UNSUPTYPE);
diff --git a/tsk/tsk.pc.in b/tsk/tsk.pc.in
new file mode 100644
index 0000000000000000000000000000000000000000..fb0f35fee70e5fd3eee637e713a875d91dac8e7e
--- /dev/null
+++ b/tsk/tsk.pc.in
@@ -0,0 +1,15 @@
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+includedir=@includedir@
+libdir=@libdir@
+
+Name: @PACKAGE_NAME@
+Description: An open source forensic toolkit
+URL: http://www.sleuthkit.org/sleuthkit
+Version: @PACKAGE_VERSION@
+
+Cflags: -I${includedir}
+Libs: -L${libdir} -ltsk
+Libs.private: @PACKAGE_LIBS_PRIVATE@
+Requires: @AX_PACKAGE_REQUIRES@
+Requires.private: @AX_PACKAGE_REQUIRES_PRIVATE@