void TskReportPipeline::run() { Poco::Stopwatch stopWatch; for (size_t i = 0; i < m_modules.size(); i++) { stopWatch.restart(); TskModule::Status status = m_modules[i]->report(); stopWatch.stop(); updateModuleExecutionTime(m_modules[i]->getModuleId(), stopWatch.elapsed()); TskServices::Instance().getImgDB().setModuleStatus(0, m_modules[i]->getModuleId(), (int)status); // The reporting pipeline continues to run on module failure. Only shutdown the pipeline if a module signals STOP. if (status == TskModule::STOP) { break; } } }
void TskFileAnalysisPipeline::run(TskFile* file) { const std::string MSG_PREFIX = "TskFileAnalysisPipeline::run : "; if (m_modules.size() == 0) return; if (file == NULL) { LOGERROR(MSG_PREFIX + "passed NULL file pointer"); throw TskNullPointerException(); } TskImgDB& imgDB = TskServices::Instance().getImgDB(); try { // If this is an excluded file or the file is not ready for analysis // we return without processing. if (excludeFile(file)) { std::stringstream msg; msg << MSG_PREFIX << "skipping file (excluded) " << file->getName() << "(" << file->getId() << ")"; LOGINFO(msg.str()); file->setStatus(TskImgDB::IMGDB_FILES_STATUS_ANALYSIS_SKIPPED); return; } if (file->getStatus() != TskImgDB::IMGDB_FILES_STATUS_READY_FOR_ANALYSIS) { std::stringstream msg; msg << MSG_PREFIX << "skipping file (not ready) " << file->getName() << "(" << file->getId() << ")"; LOGINFO(msg.str()); return; } // Update status to indicate analysis is in progress. file->setStatus(TskImgDB::IMGDB_FILES_STATUS_ANALYSIS_IN_PROGRESS); std::stringstream msg; msg << MSG_PREFIX << "analyzing " << file->getName() << "(" << file->getId() << ")"; LOGINFO(msg.str()); // If there is an Executable module in the pipeline we must // ensure that the file exists on disk. if (m_hasExeModule && !file->exists()) { TskFileManagerImpl::instance().saveFile(file); } bool bModuleFailed = false; Poco::Stopwatch stopWatch; for (int i = 0; i < m_modules.size(); i++) { // we have no way of knowing if the file was closed by a module, // so always make sure it is open file->open(); // Reset the file offset to the beginning of the file. file->seek(0); stopWatch.restart(); TskModule::Status status = m_modules[i]->run(file); stopWatch.stop(); updateModuleExecutionTime(m_modules[i]->getModuleId(), stopWatch.elapsed()); imgDB.setModuleStatus(file->getId(), m_modules[i]->getModuleId(), (int)status); // If any module encounters a failure while processing a file // we will set the file status to failed once the pipeline is complete. if (status == TskModule::FAIL) bModuleFailed = true; // Stop processing the file when a module tells us to. else if (status == TskModule::STOP) break; } // Delete the file if it exists. The file may have been created by us // above or by a module that required it to exist on disk. // Carved and derived files should not be deleted since the content is // typically created by external tools. if (file->getTypeId() != TskImgDB::IMGDB_FILES_TYPE_CARVED && file->getTypeId() != TskImgDB::IMGDB_FILES_TYPE_DERIVED && file->exists()) { TskFileManagerImpl::instance().deleteFile(file); } // We allow modules to set status on the file so we only update it // if the modules haven't. if (file->getStatus() == TskImgDB::IMGDB_FILES_STATUS_ANALYSIS_IN_PROGRESS) { if (bModuleFailed) { file->setStatus(TskImgDB::IMGDB_FILES_STATUS_ANALYSIS_FAILED); } else { file->setStatus(TskImgDB::IMGDB_FILES_STATUS_ANALYSIS_COMPLETE); } } } catch (std::exception& ex) { std::stringstream msg; msg << MSG_PREFIX << "error while processing file id (" << file->getId() << ") : " << ex.what(); LOGERROR(msg.str()); imgDB.updateFileStatus(file->getId(), TskImgDB::IMGDB_FILES_STATUS_ANALYSIS_FAILED); // Rethrow the exception throw; } }