@Override
protected Node createNodeForKey(final BlackboardArtifact artifact) {
// create node with action
BlackboardArtifactNode tagNode = null;
String iconPath;
if (tagName.equals(BOOKMARK_TAG_NAME)) {
iconPath = BOOKMARK_ICON_PATH;
} else {
iconPath = TAG_ICON_PATH;
}
// create actions here where Tag logic belongs
// instead of DataResultFilterNode w/visitors, which is much less pluggable and cluttered
if (tagType.equals(BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_ARTIFACT)) {
// in case of result tag, add a action by sublcassing bb art node
// this action will be merged with other actions set DataResultFIlterNode
// otherwise in case of
tagNode =
new BlackboardArtifactNode(artifact, iconPath) {
@Override
public Action[] getActions(boolean bln) {
// Action [] actions = super.getActions(bln); //To change body of generated methods,
// choose Tools | Templates.
Action[] actions = new Action[1];
actions[0] =
new AbstractAction("View Source Result") {
@Override
public void actionPerformed(ActionEvent e) {
// open the source artifact in dir tree
BlackboardArtifact sourceArt =
Tags.getArtifactFromTag(artifact.getArtifactID());
if (sourceArt != null) {
BlackboardResultViewer v =
Lookup.getDefault().lookup(BlackboardResultViewer.class);
v.viewArtifact(sourceArt);
}
}
};
return actions;
}
};
} else {
// for file tag, don't subclass to add the additional actions
tagNode = new BlackboardArtifactNode(artifact, iconPath);
}
// add some additional node properties
int artifactTypeID = artifact.getArtifactTypeID();
final String NO_DESCR = "no description";
if (artifactTypeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_TAG_ARTIFACT.getTypeID()) {
BlackboardArtifact sourceResult = Tags.getArtifactFromTag(artifact.getArtifactID());
String resultType = sourceResult.getDisplayName();
NodeProperty resultTypeProp =
new NodeProperty("Source Result Type", "Result Type", NO_DESCR, resultType);
tagNode.addNodeProperty(resultTypeProp);
}
try {
// add source path property
final AbstractFile sourceFile = skCase.getAbstractFileById(artifact.getObjectID());
final String sourcePath = sourceFile.getUniquePath();
NodeProperty sourcePathProp =
new NodeProperty("Source File Path", "Source File Path", NO_DESCR, sourcePath);
tagNode.addNodeProperty(sourcePathProp);
} catch (TskCoreException ex) {
logger.log(
Level.SEVERE,
"Error getting a file from artifact to get source file path for a tag, ",
ex);
}
return tagNode;
}
/** @inheritDoc */
@Override
@Messages({
"FilesIdentifierIngestModule.indexError.message=Failed to index interesting file hit artifact for keyword search."
})
public ProcessResult process(AbstractFile file) {
blackboard = Case.getCurrentCase().getServices().getBlackboard();
// See if the file belongs to any defined interesting files set.
List<FilesSet> filesSets =
FilesIdentifierIngestModule.interestingFileSetsByJob.get(this.context.getJobId());
for (FilesSet filesSet : filesSets) {
String ruleSatisfied = filesSet.fileIsMemberOf(file);
if (ruleSatisfied != null) {
try {
// Post an interesting files set hit artifact to the
// blackboard.
String moduleName = InterestingItemsIngestModuleFactory.getModuleName();
BlackboardArtifact artifact =
file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
// Add a set name attribute to the artifact. This adds a
// fair amount of redundant data to the attributes table
// (i.e., rows that differ only in artifact id), but doing
// otherwise would requires reworking the interesting files
// set hit artifact.
BlackboardAttribute setNameAttribute =
new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, moduleName, filesSet.getName());
artifact.addAttribute(setNameAttribute);
// Add a category attribute to the artifact to record the
// interesting files set membership rule that was satisfied.
BlackboardAttribute ruleNameAttribute =
new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, moduleName, ruleSatisfied);
artifact.addAttribute(ruleNameAttribute);
try {
// index the artifact for keyword search
blackboard.indexArtifact(artifact);
} catch (Blackboard.BlackboardException ex) {
logger.log(
Level.SEVERE,
"Unable to index blackboard artifact " + artifact.getArtifactID(),
ex); // NON-NLS
MessageNotifyUtil.Notify.error(
Bundle.FilesIdentifierIngestModule_indexError_message(), artifact.getDisplayName());
}
IngestServices.getInstance()
.fireModuleDataEvent(
new ModuleDataEvent(
moduleName,
BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT,
Collections.singletonList(artifact)));
} catch (TskCoreException ex) {
FilesIdentifierIngestModule.logger.log(
Level.SEVERE, "Error posting to the blackboard", ex); // NOI18N NON-NLS
}
}
}
return ProcessResult.OK;
}
