Detect invalid characters in text and set a risk. Fixes #1347.add/invalid-chars-detection-in-text

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
author: Toni Uhlig <matzeton@googlemail.com> 2021-10-26 13:16:23 +0200
committer: Toni Uhlig <matzeton@googlemail.com> 2021-10-26 20:15:46 +0200
commit: 186e89a7330215da323335d2416a1e6e5acdf994 (patch)
tree: 2a9f9993e91b4aa4e6f8c5f438d59fb0bc07ab93 /doc/flow_risks.rst
parent: 5ccc61d1cb3fd328aa9eb22cfc7eb3c020a3761e (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/flow_risks.rst b/doc/flow_risks.rst
index aa07aaa89..e4546307e 100644
--- a/doc/flow_risks.rst
+++ b/doc/flow_risks.rst
@@ -234,3 +234,10 @@ NDPI_DNS_FRAGMENTED
 
 UDP `DNS <https://en.wikipedia.org/wiki/Domain_Name_System>`_ packets cannot be fragmented. If so, this indicates a potential security risk (e.g. use DNS to carry data) or a misconfiguration.
 
+.. _Risk 039:
+
+NDPI_INVALID_CHARACTERS
+=======================
+The risk is set whenever a dissected protocol contains characters not allowed in that protocol field.
+For example a DNS hostname must only contain a subset of all printable characters or else this risk is set.
+Additionally, some TLS protocol fields are checked for printable characters as well.
author	Toni Uhlig <matzeton@googlemail.com>	2021-10-26 13:16:23 +0200
committer	Toni Uhlig <matzeton@googlemail.com>	2021-10-26 20:15:46 +0200
commit	186e89a7330215da323335d2416a1e6e5acdf994 (patch)
tree	2a9f9993e91b4aa4e6f8c5f438d59fb0bc07ab93 /doc/flow_risks.rst
parent	5ccc61d1cb3fd328aa9eb22cfc7eb3c020a3761e (diff)