Added ndpi_risk2severity() API call

1 files changed, 47 insertions, 0 deletions

diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index 05e7b086b..f59a9d773 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1788,6 +1788,53 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
 
 /* ******************************************************************** */
 
+const ndpi_risk_severity ndpi_risk2severity(ndpi_risk_enum risk) {
+  switch(risk) {
+  case NDPI_NO_RISK:
+  case NDPI_MAX_RISK:
+  case NDPI_KNOWN_PROTOCOL_ON_NON_STANDARD_PORT:
+  case NDPI_HTTP_NUMERIC_IP_HOST:
+  case NDPI_TLS_NOT_CARRYING_HTTPS:
+  case NDPI_MALFORMED_PACKET:
+  case NDPI_UNSAFE_PROTOCOL:
+  case NDPI_DESKTOP_OR_FILE_SHARING_SESSION:
+    return(NDPI_RISK_LOW);
+
+  case NDPI_TLS_SELFSIGNED_CERTIFICATE:
+  case NDPI_TLS_OBSOLETE_VERSION:
+  case NDPI_TLS_WEAK_CIPHER:
+  case NDPI_HTTP_SUSPICIOUS_USER_AGENT:
+  case NDPI_HTTP_SUSPICIOUS_HEADER:
+  case NDPI_SSH_OBSOLETE_CLIENT_VERSION_OR_CIPHER:
+  case NDPI_SSH_OBSOLETE_SERVER_VERSION_OR_CIPHER:
+  case NDPI_SMB_INSECURE_VERSION:
+  case NDPI_TLS_SUSPICIOUS_ESNI_USAGE:
+  case NDPI_MALICIOUS_JA3:
+  case NDPI_MALICIOUS_SHA1_CERTIFICATE:
+  case NDPI_TLS_UNCOMMON_ALPN:
+  case NDPI_DNS_SUSPICIOUS_TRAFFIC:
+  case NDPI_TLS_MISSING_SNI:
+  case NDPI_HTTP_SUSPICIOUS_CONTENT:
+  case NDPI_RISKY_ASN:
+  case NDPI_RISKY_DOMAIN:    
+    return(NDPI_RISK_MEDIUM);
+
+  case NDPI_TLS_CERTIFICATE_EXPIRED:
+  case NDPI_TLS_CERTIFICATE_MISMATCH:
+  case NDPI_HTTP_SUSPICIOUS_URL:
+  case NDPI_SUSPICIOUS_DGA_DOMAIN:
+    return(NDPI_RISK_HIGH);
+    
+  case NDPI_URL_POSSIBLE_XSS:
+  case NDPI_URL_POSSIBLE_SQL_INJECTION:
+  case NDPI_URL_POSSIBLE_RCE_INJECTION:
+  case NDPI_BINARY_APPLICATION_TRANSFER:
+    return(NDPI_RISK_SEVERE);
+  }
+}
+
+/* ******************************************************************** */
+
 const char* ndpi_http_method2str(ndpi_http_method m) {
   switch(m) {
   case NDPI_HTTP_METHOD_UNKNOWN: break;