diff options
| author | Luca <deri@ntop.org> | 2021-05-02 19:35:01 +0200 |
|---|---|---|
| committer | Luca <deri@ntop.org> | 2021-05-02 19:35:01 +0200 |
| commit | ce54a6ab5742d387cc50f6d4b0682663dfb1d2ad (patch) | |
| tree | 5e43b6a01cf86279bafdcf3f19cead137faa4a61 | |
| parent | 153d11c92022d27d3e09fab7dd42ce503654a3d7 (diff) | |
Added ndpi_risk2severity() API call
| -rw-r--r-- | src/include/ndpi_api.h.in | 3 | ||||
| -rw-r--r-- | src/include/ndpi_typedefs.h | 9 | ||||
| -rw-r--r-- | src/lib/ndpi_utils.c | 47 |
3 files changed, 57 insertions, 2 deletions
diff --git a/src/include/ndpi_api.h.in b/src/include/ndpi_api.h.in index 9f7bb23d3..a813d7121 100644 --- a/src/include/ndpi_api.h.in +++ b/src/include/ndpi_api.h.in @@ -1501,7 +1501,8 @@ extern "C" { void ndpi_serialize_risk(ndpi_serializer *serializer, struct ndpi_flow_struct *flow); const char* ndpi_risk2str(ndpi_risk_enum risk); - + const ndpi_risk_severity ndpi_risk2severity(ndpi_risk_enum risk); + /* ******************************* */ /* HyperLogLog cardinality estimator */ diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h index c65d241ef..fb8bd7d1b 100644 --- a/src/include/ndpi_typedefs.h +++ b/src/include/ndpi_typedefs.h @@ -63,7 +63,7 @@ typedef enum { NOTE When the typedef below is modified don't forget to update - nDPI/wireshark/ndpi.lua - - ndpi_risk2str (in ndpi_utils.c) + - ndpi_risk2str and ndpi_risk2severity (in ndpi_utils.c) - https://github.com/ntop/ntopng/blob/dev/scripts/lua/modules/flow_risk_utils.lua - ndpi_risk_enum (in python/ndpi.py) */ @@ -107,6 +107,13 @@ typedef enum { typedef u_int64_t ndpi_risk; /* (**) */ +typedef enum { + NDPI_RISK_LOW, + NDPI_RISK_MEDIUM, + NDPI_RISK_HIGH, + NDPI_RISK_SEVERE +} ndpi_risk_severity; + /* NDPI_VISIT */ typedef enum { ndpi_preorder, diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c index 05e7b086b..f59a9d773 100644 --- a/src/lib/ndpi_utils.c +++ b/src/lib/ndpi_utils.c @@ -1788,6 +1788,53 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) { /* ******************************************************************** */ +const ndpi_risk_severity ndpi_risk2severity(ndpi_risk_enum risk) { + switch(risk) { + case NDPI_NO_RISK: + case NDPI_MAX_RISK: + case NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT: + case NDPI_HTTP_NUMERIC_IP_HOST: + case NDPI_TLS_NOT_CARRYING_HTTPS: + case NDPI_MALFORMED_PACKET: + case NDPI_UNSAFE_PROTOCOL: + case NDPI_DESKTOP_OR_FILE_SHARING_SESSION: + return(NDPI_RISK_LOW); + + case NDPI_TLS_SELFSIGNED_CERTIFICATE: + case NDPI_TLS_OBSOLETE_VERSION: + case NDPI_TLS_WEAK_CIPHER: + case NDPI_HTTP_SUSPICIOUS_USER_AGENT: + case NDPI_HTTP_SUSPICIOUS_HEADER: + case NDPI_SSH_OBSOLETE_CLIENT_VERSION_OR_CIPHER: + case NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER: + case NDPI_SMB_INSECURE_VERSION: + case NDPI_TLS_SUSPICIOUS_ESNI_USAGE: + case NDPI_MALICIOUS_JA3: + case NDPI_MALICIOUS_SHA1_CERTIFICATE: + case NDPI_TLS_UNCOMMON_ALPN: + case NDPI_DNS_SUSPICIOUS_TRAFFIC: + case NDPI_TLS_MISSING_SNI: + case NDPI_HTTP_SUSPICIOUS_CONTENT: + case NDPI_RISKY_ASN: + case NDPI_RISKY_DOMAIN: + return(NDPI_RISK_MEDIUM); + + case NDPI_TLS_CERTIFICATE_EXPIRED: + case NDPI_TLS_CERTIFICATE_MISMATCH: + case NDPI_HTTP_SUSPICIOUS_URL: + case NDPI_SUSPICIOUS_DGA_DOMAIN: + return(NDPI_RISK_HIGH); + + case NDPI_URL_POSSIBLE_XSS: + case NDPI_URL_POSSIBLE_SQL_INJECTION: + case NDPI_URL_POSSIBLE_RCE_INJECTION: + case NDPI_BINARY_APPLICATION_TRANSFER: + return(NDPI_RISK_SEVERE); + } +} + +/* ******************************************************************** */ + const char* ndpi_http_method2str(ndpi_http_method m) { switch(m) { case NDPI_HTTP_METHOD_UNKNOWN: break; |