Added support for Log4J/Log4Shell detection in nDPI via a new flow risk named NDPI_POSSIBLE_EXPLOIT

author: Luca Deri <deri@ntop.org> 2021-12-23 21:30:16 +0100
committer: Luca Deri <deri@ntop.org> 2021-12-23 21:30:16 +0100
commit: c4ac53a03fa1fbfd5a5d7fea507cfcbe5b307914 (patch)
tree: dcf5ab420ea7c835b1eb5eaf4be718d2f257a81b /src/include
parent: fdb6481cd6d019651faea6cdd962db099cbf20a3 (diff)
2 files changed, 3 insertions, 0 deletions
diff --git a/src/include/ndpi_main.h b/src/include/ndpi_main.h
index 753c2da8c..cceb45c85 100644
--- a/src/include/ndpi_main.h
+++ b/src/include/ndpi_main.h
@@ -145,6 +145,8 @@ extern "C" {
 					 u_int8_t * nxt_hdr);
   void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str,
 		     struct ndpi_flow_struct *flow, ndpi_risk_enum r);
+  int ndpi_isset_risk(struct ndpi_detection_module_struct *ndpi_str,
+		      struct ndpi_flow_struct *flow, ndpi_risk_enum r);
   int ndpi_is_printable_string(char * const str, size_t len);
 #define NDPI_ENTROPY_ENCRYPTED_OR_RANDOM(entropy) (entropy > 7.0f)
   float ndpi_entropy(u_int8_t const * const buf, size_t len);
diff --git a/src/include/ndpi_typedefs.h b/src/include/ndpi_typedefs.h
index d7748ad8b..93321467c 100644
--- a/src/include/ndpi_typedefs.h
+++ b/src/include/ndpi_typedefs.h
@@ -115,6 +115,7 @@ typedef enum {
   NDPI_DNS_LARGE_PACKET,
   NDPI_DNS_FRAGMENTED,
   NDPI_INVALID_CHARACTERS,
+  NDPI_POSSIBLE_EXPLOIT, /* Log4J and other exploits */
   
   /* Leave this as last member */
   NDPI_MAX_RISK /* must be <= 63 due to (**) */
author	Luca Deri <deri@ntop.org>	2021-12-23 21:30:16 +0100
committer	Luca Deri <deri@ntop.org>	2021-12-23 21:30:16 +0100
commit	c4ac53a03fa1fbfd5a5d7fea507cfcbe5b307914 (patch)
tree	dcf5ab420ea7c835b1eb5eaf4be718d2f257a81b /src/include
parent	fdb6481cd6d019651faea6cdd962db099cbf20a3 (diff)