TskAutoDB considers files w/no VS or FS to be a critical error

8cd7ddb0 · Brian Carrier · c5a02d22 · 8cd7ddb0 · 8cd7ddb0 · 8cd7ddb0
Commit 8cd7ddb0 authored 11 years ago by Brian Carrier
--- a/API-CHANGES.txt
+++ b/API-CHANGES.txt
@@ -4,3 +4,5 @@ Changes to make once we are ready to do a backwards incompatible change.
 - Java SleuthkitCase.addArtifactType shoudl return different if artifact already exists or getArtifactId should....
 - Java SleuthkitCase.findFilesWhere should return AbstractFile liek findFiles
 - getUniquePath() should not throw exception. 
+- findFilesInImage should return an enum like TskDB methods differentiating if any data was found or not.
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -4,6 +4,7 @@ Numbers refer to SourceForge.net tracker IDs:
 ---------------- VERSION 4.1.2 --------------
 Core:
 - Fixed more visual studio projects to work on 64-bit
+- TskAutoDB considers not finding a VS/FS a critical error.
 Java: 
 - added method to Image to perform sanity check on image sizes.

--- a/tsk/auto/auto_db.cpp
+++ b/tsk/auto/auto_db.cpp
@@ -42,6 +42,7 @@ TskAutoDb::TskAutoDb(TskDbSqlite * a_db, TSK_HDB_INFO * a_NSRLDb, TSK_HDB_INFO *
    m_vsFound = false;
    m_volFound = false;
    m_stopped = false;
+    m_foundStructure = false;
    m_imgTransactionOpen = false;
    m_NSRLDb = a_NSRLDb;
    m_knownBadDb = a_knownBadDb;
@@ -230,6 +231,7 @@ TSK_FILTER_ENUM
 TskAutoDb::filterVol(const TSK_VS_PART_INFO * vs_part)
 {
    m_volFound = true;
+    m_foundStructure = true;
    if (m_db->addVolumeInfo(vs_part, m_curVsId, m_curVolId)) {
        return TSK_FILTER_STOP;
@@ -243,6 +245,7 @@ TSK_FILTER_ENUM
 TskAutoDb::filterFs(TSK_FS_INFO * fs_info)
 {
    TSK_FS_FILE *file_root;
+    m_foundStructure = true;
    if (m_volFound && m_vsFound) {
        // there's a volume system and volume
@@ -305,7 +308,7 @@ TSK_RETVAL_ENUM
 * Analyzes the open image and adds image info to a database.
 * Does not deal with transactions and such.  Refer to startAddImage()
 * for more control. 
- * @returns 1 if an error occured (error will have been registered)
+ * @returns 1 if a critical error occured (DB doesn't exist, no file system, etc.), 2 if errors occured at some point adding files to the DB (corrupt file, etc.), and 0 otherwise.  Errors will have been registered.
 */
 uint8_t TskAutoDb::addFilesInImgToDb()
 {
@@ -324,17 +327,32 @@ uint8_t TskAutoDb::addFilesInImgToDb()
    setVolFilterFlags((TSK_VS_PART_FLAG_ENUM) (TSK_VS_PART_FLAG_ALLOC |
            TSK_VS_PART_FLAG_UNALLOC));
-    uint8_t
+    uint8_t retVal = 0;
-        findFilesRetval = findFilesInImg();
+    if (findFilesInImg()) {
+        // map the boolean return value from findFiles to the three-state return value we use
+        // @@@ findFiles should probably return this three-state enum too
+        if (m_foundStructure == false) {
+            retVal = 1;
+        }
+        else {
+            retVal = 2;
+        }
+    }
    uint8_t addUnallocRetval = 0;
    if (m_addUnallocSpace)
        addUnallocRetval = addUnallocSpaceToDb();
-    if ((findFilesRetval) || (addUnallocRetval))
+    // findFiles return value trumps unalloc since it can return either 2 or 1.
-        return 1;
+    if (retVal) {
-    else
+        return retVal;
+    }
+    else if (addUnallocRetval) {
+        return 2;
+    }
+    else {
        return 0;
+    }
 }
@@ -343,7 +361,7 @@ uint8_t TskAutoDb::addFilesInImgToDb()
 * Same functionality as addFilesInImgToDb().  Reverts
 * all changes on error. User must call either commitAddImage() to commit the changes,
 * or revertAddImage() to revert them.
- * @returns 1 if any error occured (messages will be registered in list), 2 if error occured but add image process can continue, and 0 on success
+ * @returns 1 if critical system error occcured (data does not exist in DB), 2 if error occured while adding files to DB (but it finished), and 0 otherwise. All errors will have been registered. 
 */
 uint8_t
    TskAutoDb::startAddImage(int numImg, const TSK_TCHAR * const imagePaths[],
@@ -384,13 +402,7 @@ uint8_t
        return 1;
    }
-    uint8_t addFilesRet = addFilesInImgToDb();
+    return addFilesInImgToDb();
-    //do not roll back if errors in this case, but do report registered errors
-    if (addFilesRet)
-        return 2;
-    return 0;
 }
 #ifdef WIN32
@@ -435,13 +447,7 @@ uint8_t
        return 1;
    }
-    uint8_t addFilesRet = addFilesInImgToDb();
+    return addFilesInImgToDb();
-    //do not roll back if errors in this case, but do report registered errors
-    if (addFilesRet)
-        return 2;
-    return 0;
 }
 #endif

--- a/tsk/auto/tsk_case_db.h
+++ b/tsk/auto/tsk_case_db.h
@@ -116,6 +116,7 @@ class TskAutoDb:public TskAuto {
    bool m_noFatFsOrphans;
    bool m_addUnallocSpace;
 	int64_t m_chunkSize;
+    bool m_foundStructure;  ///< Set to true when we find either a volume or file system
    // prevent copying until we add proper logic to handle it
    TskAutoDb(const TskAutoDb&);