1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
/*
** The Sleuth Kit
**
** Brian Carrier [carrier <at> sleuthkit [dot] org]
** Copyright (c) 2010-2019 Brian Carrier. All Rights reserved
**
** This software is distributed under the Common Public License 1.0
**
*/
/**
* \file LogicalImagerRuleSet.h
* Contains the class definitions for the Logicial Imager Rule Set.
*/
#pragma once
#include <string>
#include <set>
#include <list>
#include <map>
#include "tsk/tsk_tools_i.h"
#include "LogicalImagerRuleBase.h"
#include "MatchedRuleInfo.h"
#include "json.h"
/**
* Implement the logical imager rule set.
*
*/
class LogicalImagerRuleSet
{
public:
typedef TSK_RETVAL_ENUM(*matchCallback)(const MatchedRuleInfo *, TSK_FS_FILE *, const char *);
LogicalImagerRuleSet();
~LogicalImagerRuleSet();
bool matches(TSK_FS_FILE *fs_file, const char *path, matchCallback callbackFunc) const;
const std::pair<const MatchedRuleInfo *, std::list<std::string>> getFullFilePaths() const;
const std::vector<std::pair<const MatchedRuleInfo *, std::vector<LogicalImagerRuleBase *>>> getRules() {
return m_rules;
}
void constructRuleSet(const nlohmann::json ruleSet,
std::vector<std::pair<const MatchedRuleInfo *, std::vector<LogicalImagerRuleBase *>>> &ourRules
);
private:
LogicalImagerRuleSet(const LogicalImagerRuleSet &) = delete;
void constructRule(const std::string &ruleSetName, nlohmann::json rule);
std::string m_ruleSetName;
std::vector<std::pair<const MatchedRuleInfo *, std::vector<LogicalImagerRuleBase *>>> m_rules;
std::pair<const MatchedRuleInfo *, std::list<std::string>> m_fullFilePaths;
};
|
