From 9dc6fa0b5325c6723f96e4a268dd70f9f7a12b48 Mon Sep 17 00:00:00 2001
From: Alexander Bilz <mail@alexbilz.com>
Date: Sun, 30 Jun 2024 13:07:31 +0200
Subject: [PATCH] fix: string formatting errors in Autopsy

---
 tools/Forensicsim_Parser.py | 79 ++++++++++++++++++++++---------------
 1 file changed, 47 insertions(+), 32 deletions(-)

diff --git a/tools/Forensicsim_Parser.py b/tools/Forensicsim_Parser.py
index 3b35d94..240cfa3 100644
--- a/tools/Forensicsim_Parser.py
+++ b/tools/Forensicsim_Parser.py
@@ -42,36 +42,39 @@
 from java.lang import ProcessBuilder
 from java.util import ArrayList
 from java.util.logging import Level
-from org.sleuthkit.autopsy.casemodule import Case, NoCurrentCaseException
-from org.sleuthkit.autopsy.coreutils import ExecUtil, Logger, PlatformUtil
+from org.sleuthkit.autopsy.casemodule import Case
+from org.sleuthkit.autopsy.casemodule import NoCurrentCaseException
+from org.sleuthkit.autopsy.coreutils import ExecUtil
+from org.sleuthkit.autopsy.coreutils import Logger
+from org.sleuthkit.autopsy.coreutils import PlatformUtil
 from org.sleuthkit.autopsy.datamodel import ContentUtils
-from org.sleuthkit.autopsy.ingest import (
-    DataSourceIngestModule,
-    DataSourceIngestModuleProcessTerminator,
-    IngestMessage,
-    IngestModule,
-    IngestModuleFactoryAdapter,
-    IngestServices,
-)
+from org.sleuthkit.autopsy.ingest import DataSourceIngestModule
+from org.sleuthkit.autopsy.ingest import DataSourceIngestModuleProcessTerminator
+from org.sleuthkit.autopsy.ingest import IngestMessage
+from org.sleuthkit.autopsy.ingest import IngestModule
+from org.sleuthkit.autopsy.ingest import IngestModuleFactoryAdapter
+from org.sleuthkit.autopsy.ingest import IngestServices
 from org.sleuthkit.autopsy.ingest.IngestModule import IngestModuleException
-from org.sleuthkit.datamodel import (
-    BlackboardArtifact,
-    BlackboardAttribute,
-    CommunicationsManager,
-    TskCoreException,
-    TskData,
-)
+from org.sleuthkit.datamodel import BlackboardArtifact
+from org.sleuthkit.datamodel import BlackboardAttribute
+from org.sleuthkit.datamodel import CommunicationsManager
+from org.sleuthkit.datamodel import TskCoreException
+from org.sleuthkit.datamodel import TskData
 from org.sleuthkit.datamodel.Blackboard import BlackboardException
 from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
-from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
-from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import (
-    URLAttachment,
-)
 from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import (
     CallMediaType,
+)
+from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import (
     CommunicationDirection,
+)
+from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import (
     MessageReadStatus,
 )
+from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
+from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import (
+    URLAttachment,
+)
 
 # Common Prefix Shared for all artefacts
 ARTIFACT_PREFIX = "Microsoft Teams"
@@ -210,11 +213,11 @@ def _parse_databases(self, content, progress_bar):
             os.makedirs(temp_path_to_content)
             self.log(
                 Level.INFO,
-                f"Created temporary directory: {temp_path_to_content}.",
+                "Created temporary directory: {}.".format(temp_path_to_content),
             )
         except OSError:
             raise IngestModuleException(
-                f"Could not create directory: {temp_path_to_content}."
+                "Could not create directory: {}.".format(temp_path_to_content)
             )
 
         # At first extract the desired artefacts to our newly created temp directory
@@ -238,15 +241,15 @@ def _extract(self, content, path):
                 # ignore relative paths
                 if child_name == "." or child_name == "..":
                     continue
-                elif child.isFile():  # noqa: RET507
+                elif child.isFile():
                     ContentUtils.writeToFile(child, File(child_path))
                 elif child.isDir():
                     os.mkdir(child_path)
                     self._extract(child, child_path)
-            self.log(Level.INFO, f"Successfully extracted to {path}")
+            self.log(Level.INFO, "Successfully extracted to {}".format(path))
         except OSError:
             raise IngestModuleException(
-                f"Could not extract files to directory: {path}."
+                "Could not extract files to directory: {}.".format(path)
             )
 
     def _analyze(self, content, path, progress_bar):
@@ -520,6 +523,14 @@ def parse_messages(self, messages, helper, teams_leveldb_file_path):
                 message_text = message["content"]
                 # Group by the conversationId, these can be direct messages, but also posts
                 thread_id = message["conversationId"]
+                # Additional Attributes
+                message_date_time_edited = 0
+                message_date_time_deleted = 0
+
+                if "edittime" in message["properties"]:
+                    message_date_time_edited = int(message["properties"]["edittime"])
+                if "deletetime" in message["properties"]:
+                    message_date_time_edited = int(message["properties"]["deletetime"])
 
                 additional_attributes = ArrayList()
                 additional_attributes.add(
@@ -692,17 +703,19 @@ def get_level_db_file(self, content, filepath):
         dir_name = os.path.join(content.getParentPath(), content.getName())
         results = file_manager.findFiles(data_source, filename, dir_name)
         if results.isEmpty():
-            self.log(Level.INFO, f"Unable to locate {filename}")
-            return None
-        return results.get(
+            self.log(Level.INFO, "Unable to locate {}".format(filename))
+            return
+        db_file = results.get(
             0
         )  # Expect a single match so retrieve the first (and only) file
+        return db_file
 
     def date_to_long(self, formatted_date):
         # Timestamp
         dt = datetime.strptime(formatted_date[:19], "%Y-%m-%dT%H:%M:%S")
         time_struct = dt.timetuple()
-        return int(calendar.timegm(time_struct))
+        timestamp = int(calendar.timegm(time_struct))
+        return timestamp
 
     # Extract the direction of a phone call
     def deduce_call_direction(self, direction):
@@ -768,7 +781,9 @@ def process(self, data_source, progress_bar):
 
             self.log(
                 Level.INFO,
-                f"Found {directories_to_process} {directory} directories to process.",
+                "Found {} {} directories to process.".format(
+                    directories_to_process, directory
+                ),
             )
 
             for i, content in enumerate(all_ms_teams_leveldbs):
@@ -803,4 +818,4 @@ def process(self, data_source, progress_bar):
             "Finished analysing the LeveLDB from Microsoft Teams.",
         )
         IngestServices.getInstance().postMessage(message)
-        return IngestModule.ProcessResult.OK
+        return IngestModule.ProcessResult.OK
\ No newline at end of file