From e0dc7cd1d917e0986af1432d35e9668191a60701 Mon Sep 17 00:00:00 2001
From: Mark McKinnon <mark.mckinnon@gmail.com>
Date: Wed, 29 Dec 2021 13:55:08 -0500
Subject: [PATCH] Add urlhistoryfacet
Add urlhistoryfacet
---
.../sleuthkit/caseuco/CaseUcoExporter.java | 10 ++--
.../sleuthkit/caseuco/URLHistoryFacet.java | 56 +++++++++++++++++++
2 files changed, 62 insertions(+), 4 deletions(-)
create mode 100644 case-uco/java/src/org/sleuthkit/caseuco/URLHistoryFacet.java
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/CaseUcoExporter.java b/case-uco/java/src/org/sleuthkit/caseuco/CaseUcoExporter.java
index bfd647d0c..9964104e7 100644
--- a/case-uco/java/src/org/sleuthkit/caseuco/CaseUcoExporter.java
+++ b/case-uco/java/src/org/sleuthkit/caseuco/CaseUcoExporter.java
@@ -604,13 +604,15 @@ private void assembleWebHistory(String uuid, BlackboardArtifact artifact, List<J
userNameNode.addFacet(identityFacet);
ObservableObject export = new ObservableObject(uuid)
- .addFacet(new URLFacet()
- .setUserName(userNameNode)
- .setFullValue(getValueIfPresent(artifact, StandardAttributeTypes.TSK_URL)))
+ .addFacet(new URLHistoryFacet()
+ .setBrowserInformation(getValueIfPresent(artifact, StandardAttributeTypes.TSK_PROG_NAME))
+ .setUrlHistoryEntry(getValueIfPresent(artifact, StandardAttributeTypes.TSK_URL)))
.addFacet(new DomainNameFacet()
.setValue(getValueIfPresent(artifact, StandardAttributeTypes.TSK_DOMAIN)))
.addFacet(new ApplicationFacet()
- .setApplicationIdentifier(getValueIfPresent(artifact, StandardAttributeTypes.TSK_PROG_NAME)));
+ .setApplicationIdentifier(getValueIfPresent(artifact, StandardAttributeTypes.TSK_PROG_NAME)))
+ .addFacet(identityFacet);
+
serializeObjectToOutput(export, output);
diff --git a/case-uco/java/src/org/sleuthkit/caseuco/URLHistoryFacet.java b/case-uco/java/src/org/sleuthkit/caseuco/URLHistoryFacet.java
new file mode 100644
index 000000000..d23471c89
--- /dev/null
+++ b/case-uco/java/src/org/sleuthkit/caseuco/URLHistoryFacet.java
@@ -0,0 +1,56 @@
+/*
+ * Sleuth Kit CASE JSON LD Support
+ *
+ * Copyright 2020-2021 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.caseuco;
+
+import com.google.gson.annotations.SerializedName;
+
+/**
+ * This class definition mirrors the UrlHistoryFacet observable described in the UCO
+ ontology.
+ */
+class URLHistoryFacet extends Facet {
+
+ @SerializedName("observable:browserInformation")
+ private String browserInformation;
+
+ @SerializedName("observable:urlHistoryEntry")
+ private String urlHistoryEntry;
+
+ URLHistoryFacet() {
+ super(UcoObject.UCO_OBSERV + URLHistoryFacet.class.getSimpleName());
+ }
+
+ URLHistoryFacet setBrowserInformation(String browserInfromation) {
+ this.browserInformation = browserInformation;
+ return this;
+ }
+
+ URLHistoryFacet setUrlHistoryEntry(String urlHistoryEntry) {
+ this.urlHistoryEntry = urlHistoryEntry;
+ return this;
+ }
+
+ String getBrowserInfromation() {
+ return browserInformation;
+ }
+
+ String getUrlHistoryEntry() {
+ return urlHistoryEntry;
+ }
+}
--
GitLab