Scrub SQL, document how to use user-supplied queries safely

Author: Karl Mortensen

.gitignore

@@ -65,7 +65,6 @@ genfiles.properties
 !/Testing/nbproject/project.properties
 *~
 /netbeans-plat
-/docs/doxygen/doxygen_docs
 /docs/doxygen-user/user-docs
 /jdiff-javadocs/*
 /jdiff-logs/*

Core/src/org/sleuthkit/autopsy/datamodel/AbstractAbstractFileNode.java

@@ -227,7 +227,7 @@ static String getContentDisplayName(AbstractFile file) {
         }
         return name;
     }
-    @SuppressWarnings("deprecation")
+
     private static String getHashSetHitsForFile(AbstractFile content) {
         String strList = "";
         SleuthkitCase skCase = content.getSleuthkitCase();
@@ -255,7 +255,6 @@ private static String getHashSetHitsForFile(AbstractFile content) {
         } catch (TskCoreException | SQLException ex) {
             logger.log(Level.WARNING, "Error getting hashset hits: ", ex); //NON-NLS
         }
-        
         return strList;
     }    
 

Core/src/org/sleuthkit/autopsy/datamodel/RecentFilesChildren.java

@@ -77,7 +77,7 @@ private long getLastTime() {
 
     //TODO add a generic query to SleuthkitCase
     private String createMaxQuery(String attr) {
-        return "SELECT MAX(" + attr + ") from tsk_files WHERE " + attr + " < " + System.currentTimeMillis() / 1000; //NON-NLS
+        return "SELECT MAX(" + attr + ") FROM tsk_files WHERE " + attr + " < " + System.currentTimeMillis() / 1000; //NON-NLS
     }
 
     @SuppressWarnings("deprecation")

Core/src/org/sleuthkit/autopsy/filesearch/FileSearchPanel.java

@@ -151,7 +151,6 @@ private void search() {
                 List<AbstractFile> contentList = null;
                 try {
                     SleuthkitCase tskDb = currentCase.getSleuthkitCase();
-                    //ResultSet rs = tempDb.runQuery(this.getQuery("count(*) as TotalMatches"));
                     contentList = tskDb.findAllFilesWhere(this.getQuery());
 
                 } catch (TskCoreException ex) {
@@ -205,11 +204,11 @@ private void search() {
      */
     private String getQuery() throws FilterValidationException {
 
-        //String query = "select " + tempQuery + " from tsk_files where 1";
+        //String query = "SELECT " + tempQuery + " FROM tsk_files WHERE 1";
         String query = " 1";
 
         for (FileSearchFilter f : this.getEnabledFilters()) {
-            query += " and (" + f.getPredicate() + ")"; //NON-NLS
+            query += " AND (" + f.getPredicate() + ")"; //NON-NLS
         }
 
         return query;

Core/src/org/sleuthkit/autopsy/modules/android/BrowserLocationAnalyzer.java

@@ -87,7 +87,7 @@ private static void findGeoLocationsInDB(String DatabasePath, AbstractFile f) {
 
         try {
             resultSet = statement.executeQuery(
-                    "Select timestamp, latitude, longitude, accuracy FROM CachedPosition;"); //NON-NLS
+                    "SELECT timestamp, latitude, longitude, accuracy FROM CachedPosition;"); //NON-NLS
 
             while (resultSet.next()) {
                 Long timestamp = Long.valueOf(resultSet.getString("timestamp")) / 1000; //NON-NLS

Core/src/org/sleuthkit/autopsy/modules/android/GoogleMapLocationAnalyzer.java

@@ -87,7 +87,7 @@ private static void findGeoLocationsInDB(String DatabasePath, AbstractFile f) {
 
         try {
             resultSet = statement.executeQuery(
-                    "Select time,dest_lat,dest_lng,dest_title,dest_address,source_lat,source_lng FROM destination_history;"); //NON-NLS
+                    "SELECT time,dest_lat,dest_lng,dest_title,dest_address,source_lat,source_lng FROM destination_history;"); //NON-NLS
 
             while (resultSet.next()) {
                 Long time = Long.valueOf(resultSet.getString("time")) / 1000; //NON-NLS

Core/src/org/sleuthkit/autopsy/modules/android/TangoMessageAnalyzer.java

@@ -84,7 +84,7 @@ private static void findTangoMessagesInDB(String DatabasePath, AbstractFile f) {
 
         try {
             resultSet = statement.executeQuery(
-                    "Select conv_id, create_time,direction,payload FROM messages ORDER BY create_time DESC;"); //NON-NLS
+                    "SELECT conv_id, create_time,direction,payload FROM messages ORDER BY create_time DESC;"); //NON-NLS
 
             String conv_id; // seems to wrap around the message found in payload after decoding from base-64
             String direction; // 1 incoming, 2 outgoing

Core/src/org/sleuthkit/autopsy/modules/android/TextMessageAnalyzer.java

@@ -84,7 +84,7 @@ private static void findTextsInDB(String DatabasePath, AbstractFile f) {
 
         try {
             resultSet = statement.executeQuery(
-                    "Select address,date,read,type,subject,body FROM sms;"); //NON-NLS
+                    "SELECT address,date,read,type,subject,body FROM sms;"); //NON-NLS
 
             String address; // may be phone number, or other addresses
 

Core/src/org/sleuthkit/autopsy/modules/iOS/ContactAnalyzer.java

@@ -57,7 +57,7 @@ public void findContacts() {
         try {
             SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
             absFiles = skCase.findAllFilesWhere("name LIKE '%call_history%' "); //NON-NLS //get exact file names
-            if (absFiles.isEmpty()) { //asdfkjasfakljsdfhlaksdjfhasdlkjf
+            if (absFiles.isEmpty()) {
                 return;
             }
             for (AbstractFile AF : absFiles) {

Core/src/org/sleuthkit/autopsy/modules/iOS/TextMessageAnalyzer.java

@@ -87,7 +87,7 @@ private void findTextsInDB(String DatabasePath, long fId) {
             AbstractFile f = skCase.getAbstractFileById(fId);
             try {
                 resultSet = statement.executeQuery(
-                        "Select address,date,type,subject,body FROM sms;"); //NON-NLS
+                        "SELECT address,date,type,subject,body FROM sms;"); //NON-NLS
 
                 BlackboardArtifact bba;
                 String address; // may be phone number, or other addresses

Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java

@@ -67,7 +67,6 @@ public static synchronized ReportBodyFile getDefault() {
      * @param progressPanel panel to update the report's progress
      */
     @Override
-    @SuppressWarnings("deprecation")
     public void generateReport(String path, ReportProgressPanel progressPanel) {
         // Start the progress bar and setup the report
         progressPanel.setIndeterminate(false);
@@ -85,7 +84,7 @@ public void generateReport(String path, ReportProgressPanel progressPanel) {
                                + " AND name != '.' AND name != '..'"; //NON-NLS
 
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportBodyFile.progress.loading"));
-            List<FsContent> fs = skCase.findFilesWhere(query);
+            List<AbstractFile> fs = skCase.findAllFilesWhere(query);
 
             // Check if ingest has finished
             String ingestwarning = "";
@@ -103,7 +102,7 @@ public void generateReport(String path, ReportProgressPanel progressPanel) {
                 out.write(ingestwarning);
                 // Loop files and write info to report
                 int count = 0;
-                for (FsContent file : fs) {
+                for (AbstractFile file : fs) {
                     if (progressPanel.getStatus() == ReportStatus.CANCELED) {
                         break;
                     }
@@ -164,7 +163,7 @@ public void generateReport(String path, ReportProgressPanel progressPanel) {
                     logger.log(Level.SEVERE, errorMessage, ex);
                 }                    
             }
-            progressPanel.complete();
+            progressPanel.complete(ReportStatus.COMPLETE);
         }  catch(TskCoreException ex) {
             logger.log(Level.WARNING, "Failed to get the unique path.", ex); //NON-NLS
         } 

Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java

@@ -373,7 +373,7 @@ private List<AbstractFile> getFiles() {
             List<AbstractFile> absFiles;
             try {
                 SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
-                absFiles = skCase.findAllFilesWhere("NOT meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue()); //NON-NLS
+                absFiles = skCase.findAllFilesWhere("meta_type != " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue()); //NON-NLS
                 return absFiles;
             } catch (TskCoreException ex) {
                 MessageNotifyUtil.Notify.show(

Core/src/org/sleuthkit/autopsy/timeline/TimeLineController.java

@@ -358,7 +358,7 @@ synchronized void openTimeLine() {
     @SuppressWarnings("deprecation")
     private long getCaseLastArtifactID(final SleuthkitCase sleuthkitCase) {
         long caseLastArtfId = -1;
-        String query = "select Max(artifact_id) as max_id from blackboard_artifacts"; // NON-NLS
+        String query = "SELECT MAX(artifact_id) AS max_id FROM blackboard_artifacts"; // NON-NLS
 
         try (CaseDbQuery dbQuery = sleuthkitCase.executeQuery(query)) {
             ResultSet resultSet = dbQuery.getResultSet();

Core/src/org/sleuthkit/autopsy/timeline/events/db/EventDB.java

@@ -274,9 +274,9 @@ public Interval getSpanningInterval(Collection<Long> eventIDs) {
         try (Statement stmt = con.createStatement();
              //You can't inject multiple values into one ? paramater in prepared statement,
              //so we make new statement each time...
-             ResultSet rs = stmt.executeQuery("select Min(time), Max(time) from events where event_id in (" + StringUtils.join(eventIDs, ", ") + ")");) { // NON-NLS
+             ResultSet rs = stmt.executeQuery("SELECT MIN(time), MAX(time) FROM events WHERE event_id IN (" + StringUtils.join(eventIDs, ", ") + ")");) { // NON-NLS
             while (rs.next()) {
-                span = new Interval(rs.getLong("Min(time)"), rs.getLong("Max(time)") + 1, DateTimeZone.UTC); // NON-NLS
+                span = new Interval(rs.getLong("MIN(time)"), rs.getLong("MAX(time)") + 1, DateTimeZone.UTC); // NON-NLS
 
             }
         } catch (SQLException ex) {
@@ -314,7 +314,7 @@ int countAllEvents() {
         int result = -1;
         dbReadLock();
         //TODO convert this to prepared statement -jm
-        try (ResultSet rs = con.createStatement().executeQuery("select count(*) as count from events")) { // NON-NLS
+        try (ResultSet rs = con.createStatement().executeQuery("SELECT count(*) AS count FROM events")) { // NON-NLS
             while (rs.next()) {
                 result = rs.getInt("count"); // NON-NLS
                 break;
@@ -444,7 +444,7 @@ Set<Long> getEventIDs(Long startTime, Long endTime, Filter filter) {
         Set<Long> resultIDs = new HashSet<>();
 
         dbReadLock();
-        final String query = "select event_id from events where time >=  " + startTime + " and time <" + endTime + " and " + getSQLWhere(filter); // NON-NLS
+        final String query = "SELECT event_id FROM events WHERE time >=  " + startTime + " AND time <" + endTime + " AND " + getSQLWhere(filter); // NON-NLS
         //System.out.println(query);
         try (Statement stmt = con.createStatement();
              ResultSet rs = stmt.executeQuery(query)) {
@@ -597,11 +597,11 @@ final synchronized void initializeDB() {
                         "INSERT INTO events (file_id ,artifact_id, time, sub_type, base_type, full_description, med_description, short_description, known_state) " // NON-NLS
                         + "VALUES (?,?,?,?,?,?,?,?,?)"); // NON-NLS
 
-                getMaxTimeStmt = prepareStatement("select Max(time) as max from events"); // NON-NLS
-                getMinTimeStmt = prepareStatement("select Min(time) as min from events"); // NON-NLS
-                getEventByIDStmt = prepareStatement("select * from events where event_id =  ?"); // NON-NLS
-                recordDBInfoStmt = prepareStatement("insert or replace into db_info (key, value) values (?, ?)"); // NON-NLS
-                getDBInfoStmt = prepareStatement("select value from db_info where key = ?"); // NON-NLS
+                getMaxTimeStmt = prepareStatement("SELECT MAX(time) AS max FROM events"); // NON-NLS
+                getMinTimeStmt = prepareStatement("SELECT MIN(time) AS min FROM events"); // NON-NLS
+                getEventByIDStmt = prepareStatement("SELECT * FROM events WHERE event_id =  ?"); // NON-NLS
+                recordDBInfoStmt = prepareStatement("INSERT OR REPLACE INTO db_info (key, value) VALUES (?, ?)"); // NON-NLS
+                getDBInfoStmt = prepareStatement("SELECT value FROM db_info WHERE key = ?"); // NON-NLS
             } catch (SQLException sQLException) {
                 LOGGER.log(Level.SEVERE, "failed to prepareStatment", sQLException); // NON-NLS
             }
@@ -795,8 +795,8 @@ private Map<EventType, Long> countEvents(Long startTime, Long endTime, Filter fi
         final boolean useSubTypes = (zoomLevel == EventTypeZoomLevel.SUB_TYPE);
 
         //get some info about the range of dates requested
-        final String queryString = "select count(*), " + (useSubTypes ? SUB_TYPE_COLUMN : BASE_TYPE_COLUMN) // NON-NLS
-                + " from events where time >= " + startTime + " and time < " + endTime + " and " + getSQLWhere(filter) // NON-NLS
+        final String queryString = "SELECT count(*), " + (useSubTypes ? SUB_TYPE_COLUMN : BASE_TYPE_COLUMN) // NON-NLS
+                + " FROM events WHERE time >= " + startTime + " AND time < " + endTime + " AND " + getSQLWhere(filter) // NON-NLS
                 + " GROUP BY " + (useSubTypes ? SUB_TYPE_COLUMN : BASE_TYPE_COLUMN); // NON-NLS
 
         ResultSet rs = null;
@@ -876,10 +876,10 @@ private List<AggregateEvent> getAggregatedEvents(Interval timeRange, Filter filt
 
         //get all agregate events in this time unit
         dbReadLock();
-        String query = "select strftime('" + strfTimeFormat + "',time , 'unixepoch'" + (TimeLineController.getTimeZone().get().equals(TimeZone.getDefault()) ? ", 'localtime'" : "") + ") as interval,  group_concat(event_id) as event_ids, Min(time), Max(time),  " + descriptionColumn + ", " + (useSubTypes ? SUB_TYPE_COLUMN : BASE_TYPE_COLUMN) // NON-NLS
-                + " from events where time >= " + start + " and time < " + end + " and " + getSQLWhere(filter) // NON-NLS
-                + " group by interval, " + (useSubTypes ? SUB_TYPE_COLUMN : BASE_TYPE_COLUMN) + " , " + descriptionColumn // NON-NLS
-                + " order by Min(time)"; // NON-NLS
+        String query = "SELECT strftime('" + strfTimeFormat + "',time , 'unixepoch'" + (TimeLineController.getTimeZone().get().equals(TimeZone.getDefault()) ? ", 'localtime'" : "") + ") as interval,  group_concat(event_id) as event_ids, Min(time), Max(time),  " + descriptionColumn + ", " + (useSubTypes ? SUB_TYPE_COLUMN : BASE_TYPE_COLUMN) // NON-NLS
+                + " FROM events where time >= " + start + " AND time < " + end + " AND " + getSQLWhere(filter) // NON-NLS
+                + " GROUP BY interval, " + (useSubTypes ? SUB_TYPE_COLUMN : BASE_TYPE_COLUMN) + " , " + descriptionColumn // NON-NLS
+                + " ORDER BY MIN(time)"; // NON-NLS
         //System.out.println(query);
         ResultSet rs = null;
         try (Statement stmt = con.createStatement(); // scoop up requested events in groups organized by interval, type, and desription

ImageGallery/src/org/sleuthkit/autopsy/imagegallery/ImageGalleryController.java

@@ -682,12 +682,12 @@ public void run() {
 
             try {
                 //grab all files with supported extension or mime types
-                final List<AbstractFile> files = getSleuthKitCase().findAllFilesWhere(DRAWABLE_QUERY + " or tsk_files.obj_id in (select tsk_files.obj_id from tsk_files , blackboard_artifacts,  blackboard_attributes"
-                        + " where  blackboard_artifacts.obj_id = tsk_files.obj_id"
-                        + " and blackboard_attributes.artifact_id = blackboard_artifacts.artifact_id"
-                        + " and blackboard_artifacts.artifact_type_id = " + BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()
-                        + " and blackboard_attributes.attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID()
-                        + " and blackboard_attributes.value_text in ('" + StringUtils.join(ImageGalleryModule.getSupportedMimes(), "','") + "'))");
+                final List<AbstractFile> files = getSleuthKitCase().findAllFilesWhere(DRAWABLE_QUERY + " OR tsk_files.obj_id IN (select tsk_files.obj_id FROM tsk_files , blackboard_artifacts,  blackboard_attributes"
+                        + " WHERE  blackboard_artifacts.obj_id = tsk_files.obj_id"
+                        + " AND blackboard_attributes.artifact_id = blackboard_artifacts.artifact_id"
+                        + " AND blackboard_artifacts.artifact_type_id = " + BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()
+                        + " AND blackboard_attributes.attribute_type_id = " + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID()
+                        + " AND blackboard_attributes.value_text IN ('" + StringUtils.join(ImageGalleryModule.getSupportedMimes(), "','") + "'))");
                 progressHandle.switchToDeterminate(files.size());
 
                 updateProgress(0.0);
@@ -807,7 +807,7 @@ public void run() {
                     for (FileSystem fs : image.getFileSystems()) {
                         fsObjIds.add(fs.getId());
                     }
-                    fsQuery = "(fs_obj_id = " + StringUtils.join(fsObjIds, " or fs_obj_id = ") + ") ";
+                    fsQuery = "(fs_obj_id = " + StringUtils.join(fsObjIds, " OR fs_obj_id = ") + ") ";
                 }
                 // NOTE: Logical files currently (Apr '15) have a null value for fs_obj_id in DB.
                 // for them, we will not specify a fs_obj_id, which means we will grab files
@@ -816,7 +816,7 @@ public void run() {
                     fsQuery = "(fs_obj_id IS NULL) ";
                 }
 
-                files = getSleuthKitCase().findAllFilesWhere(fsQuery + " and " + DRAWABLE_QUERY);
+                files = getSleuthKitCase().findAllFilesWhere(fsQuery + " AND " + DRAWABLE_QUERY);
                 progressHandle.switchToDeterminate(files.size());
 
                 //do in transaction