Add a new flow risk about literal IP addresses used as SNI (#1892)

RFC 6066 3: "Literal IPv4 and IPv6 addresses are not permitted in "HostName"." Don't set this risk if we have a valid sub-classification (example: via certificate) Since a similar risk already exists for HTTP hostnames, reuse it, with a more generic name.
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2023-03-02 15:27:30 +0100
committer: GitHub <noreply@github.com> 2023-03-02 15:27:30 +0100
commit: 89cae9ddf257e156e3973270aacea51dad2c8662 (patch)
tree: df120c1bf5ec4f74bf7ccadae696c3f6bac336e8 /doc
parent: 3047e286c082902415554f6cdf761a5502962469 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/flow_risks.rst b/doc/flow_risks.rst
index 2a0780fce..1cd6c0002 100644
--- a/doc/flow_risks.rst
+++ b/doc/flow_risks.rst
@@ -73,9 +73,9 @@ HTTP only: this risk is triggered whenever the user agent contains suspicious ch
 
 .. _Risk 012:
 
-NDPI_HTTP_NUMERIC_IP_HOST
+NDPI_NUMERIC_IP_HOST
 =========================
-HTTP only: this risk is triggered whenever we're accessing a host using its IP rather than its symbolic name. Example http://1.2.3.4.
+This risk is triggered whenever a HTTP/TLS/QUIC connection is using a literal IPv4 or IPv6 address as ServerName (TLS/QUIC; example: SNI=1.2.3.4) or as Hostname (HTTP; example: http://1.2.3.4.).
 
 .. _Risk 013:
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2023-03-02 15:27:30 +0100
committer	GitHub <noreply@github.com>	2023-03-02 15:27:30 +0100
commit	89cae9ddf257e156e3973270aacea51dad2c8662 (patch)
tree	df120c1bf5ec4f74bf7ccadae696c3f6bac336e8 /doc
parent	3047e286c082902415554f6cdf761a5502962469 (diff)