Added ability to return risk info in JSON format in ndpi_get_flow_risk_info()

6 files changed, 59 insertions, 25 deletions

diff --git a/example/reader_util.c b/example/reader_util.c
index 9f908efb4..c3c18764d 100644
--- a/example/reader_util.c
+++ b/example/reader_util.c
@@ -1044,7 +1044,7 @@ void process_ndpi_collected_info(struct ndpi_workflow * workflow, struct ndpi_fl
 
   flow->info_type = INFO_INVALID;
 
-  s = ndpi_get_flow_risk_info(flow->ndpi_flow, out, sizeof(out));
+  s = ndpi_get_flow_risk_info(flow->ndpi_flow, out, sizeof(out), 0 /* text */);
 
   if(s != NULL)
     flow->risk_str = ndpi_strdup(s);  
diff --git a/src/include/ndpi_api.h.in b/src/include/ndpi_api.h.in
index 01c55b9d0..36d592b8d 100644
--- a/src/include/ndpi_api.h.in
+++ b/src/include/ndpi_api.h.in
@@ -1736,7 +1736,8 @@ extern "C" {
   /* ******************************* */
 
   char* ndpi_get_flow_risk_info(struct ndpi_flow_struct *flow,
-				char *out, u_int out_len);
+				char *out, u_int out_len,
+				u_int8_t use_json);
 
 #ifdef __cplusplus
 }
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index 58a4d231f..3004ef523 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -1136,6 +1136,10 @@ struct tls_heuristics {
   u_int8_t is_safari_tls:1, is_firefox_tls:1, is_chrome_tls:1, notused:5;
 };
 
+struct ndpi_risk_info {
+  ndpi_risk_enum id;
+  char *info;  
+};
 
 struct ndpi_flow_struct {
   u_int16_t detected_protocol_stack[NDPI_PROTOCOL_SIZE];
@@ -1198,7 +1202,7 @@ struct ndpi_flow_struct {
   u_int8_t risk_checked:1, ip_risk_mask_evaluated:1, host_risk_mask_evaluated:1, tree_risk_checked:1, _notused:4;
   ndpi_risk risk_mask; /* Stores the flow risk mask for flow peers */
   ndpi_risk risk; /* Issues found with this flow [bitmask of ndpi_risk] */
-  char *risk_infos[MAX_NUM_RISK_INFOS]; /* String that contains information about the risks found */
+  struct ndpi_risk_info risk_infos[MAX_NUM_RISK_INFOS]; /* String that contains information about the risks found */
   u_int8_t num_risk_infos;
   
   /*
diff --git a/src/lib/ndpi_main.c b/src/lib/ndpi_main.c
index 68c2bd244..b2030ca6b 100644
--- a/src/lib/ndpi_main.c
+++ b/src/lib/ndpi_main.c
@@ -4716,7 +4716,7 @@ void ndpi_free_flow_data(struct ndpi_flow_struct* flow) {
       u_int i;
 
       for(i=0; i<flow->num_risk_infos; i++)      
-	ndpi_free(flow->risk_infos[i]);
+	ndpi_free(flow->risk_infos[i].info);
     }
     
     if(flow->http.url)
diff --git a/src/lib/ndpi_serializer.c b/src/lib/ndpi_serializer.c
index d560e5b9e..7843ace60 100644
--- a/src/lib/ndpi_serializer.c
+++ b/src/lib/ndpi_serializer.c
@@ -209,8 +209,8 @@ static int ndpi_init_serializer_buffer(ndpi_private_serializer_buffer *buffer, u
 /* ********************************** */
 
 int ndpi_init_serializer_ll(ndpi_serializer *_serializer,
-			 ndpi_serialization_format fmt,
-			 u_int32_t buffer_size) {
+			    ndpi_serialization_format fmt,
+			    u_int32_t buffer_size) {
   ndpi_private_serializer *serializer = (ndpi_private_serializer*)_serializer;
 
   memset(serializer, 0, sizeof(ndpi_private_serializer));
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index c4ab36238..e20dca6f3 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1132,8 +1132,7 @@ void ndpi_serialize_risk(ndpi_serializer *serializer,
 /* ********************************** */
 
 void ndpi_serialize_risk_score(ndpi_serializer *serializer,
-                               ndpi_risk_enum risk)
-{
+                               ndpi_risk_enum risk) {
   u_int16_t rs, rs_client = 0, rs_server = 0;
 
   if(risk == NDPI_NO_RISK) {
@@ -2255,7 +2254,9 @@ void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str,
 	char *s = ndpi_strdup(risk_message);
 
 	if(s != NULL) {
-	  flow->risk_infos[flow->num_risk_infos++] = s;
+	  flow->risk_infos[flow->num_risk_infos].id = r;
+	  flow->risk_infos[flow->num_risk_infos].info = s;
+	  flow->num_risk_infos++;
 	}
       }
     }
@@ -2523,28 +2524,56 @@ int ndpi_snprintf(char * str, size_t size, char const * format, ...) {
 /* ******************************************* */
 
 char* ndpi_get_flow_risk_info(struct ndpi_flow_struct *flow,
-			      char *out, u_int out_len) {
+			      char *out, u_int out_len,
+			      u_int8_t use_json) {
   u_int i, offset = 0;
   
   if((out == NULL) || (flow->num_risk_infos == 0))
     return(NULL);
-  
-  out[0] = '\0', out_len--;
 
-  for(i=0; (i<flow->num_risk_infos) && (out_len > offset); i++) {
-    int rc = snprintf(&out[offset], out_len-offset, "%s%s",
-		      (i == 0) ? "" : " / ",
-		      flow->risk_infos[i]);
+  if(use_json) {
+    ndpi_serializer serializer;
+    u_int32_t buffer_len;
+    char *buffer;
+    
+    if(ndpi_init_serializer(&serializer, ndpi_serialization_format_json) == -1)
+      return(NULL);
 
-    if(rc <= 0)
-      break;
-    else
-      offset += rc;
-  }
+    for(i=0; i<flow->num_risk_infos; i++)
+      ndpi_serialize_uint32_string(&serializer,
+				   flow->risk_infos[i].id, 
+				   flow->risk_infos[i].info);  
+    
+    buffer = ndpi_serializer_get_buffer(&serializer, &buffer_len);
 
-  if(offset > out_len) offset = out_len;
-  
-  out[offset] = '\0';
+    if(buffer && (buffer_len > 0)) {
+      u_int l = ndpi_min(out_len-1, buffer_len);
+
+      strncpy(out, buffer, l);
+      out[l] = '\0';
+    }
+    
+    ndpi_term_serializer(&serializer);
 
-  return(out[0] == '\0' ? NULL : out);
+    return(out);
+  } else {
+    out[0] = '\0', out_len--;
+    
+    for(i=0; (i<flow->num_risk_infos) && (out_len > offset); i++) {
+      int rc = snprintf(&out[offset], out_len-offset, "%s%s",
+			(i == 0) ? "" : " / ",
+			flow->risk_infos[i].info);
+      
+      if(rc <= 0)
+	break;
+      else
+	offset += rc;
+    }
+    
+    if(offset > out_len) offset = out_len;
+    
+    out[offset] = '\0';
+  
+    return(out[0] == '\0' ? NULL : out);
+  }
 }