Added support for Log4J/Log4Shell detection in nDPI via a new flow risk named NDPI_POSSIBLE_EXPLOIT

author: Luca Deri <deri@ntop.org> 2021-12-23 21:30:16 +0100
committer: Luca Deri <deri@ntop.org> 2021-12-23 21:30:16 +0100
commit: c4ac53a03fa1fbfd5a5d7fea507cfcbe5b307914 (patch)
tree: dcf5ab420ea7c835b1eb5eaf4be718d2f257a81b /src/lib/ndpi_utils.c
parent: fdb6481cd6d019651faea6cdd962db099cbf20a3 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/src/lib/ndpi_utils.c b/src/lib/ndpi_utils.c
index e24405d73..47c4db1f0 100644
--- a/src/lib/ndpi_utils.c
+++ b/src/lib/ndpi_utils.c
@@ -1833,6 +1833,10 @@ const char* ndpi_risk2str(ndpi_risk_enum risk) {
   case NDPI_INVALID_CHARACTERS:
     return("Text contains non-printable characters");
 
+  case NDPI_POSSIBLE_EXPLOIT:
+    return("Possible exploit detected");
+    break;
+    
   default:
     snprintf(buf, sizeof(buf), "%d", (int)risk);
     return(buf);
@@ -2172,6 +2176,15 @@ void ndpi_set_risk(struct ndpi_detection_module_struct *ndpi_str,
 
 /* ******************************************************************** */
 
+int ndpi_isset_risk(struct ndpi_detection_module_struct *ndpi_str,
+		     struct ndpi_flow_struct *flow, ndpi_risk_enum r) {
+  ndpi_risk v = 1ull << r;
+
+  return(((flow->risk & v) == v) ?  1 : 0);
+}
+
+/* ******************************************************************** */
+
 int ndpi_is_printable_string(char * const str, size_t len) {
   int retval = 1;
author	Luca Deri <deri@ntop.org>	2021-12-23 21:30:16 +0100
committer	Luca Deri <deri@ntop.org>	2021-12-23 21:30:16 +0100
commit	c4ac53a03fa1fbfd5a5d7fea507cfcbe5b307914 (patch)
tree	dcf5ab420ea7c835b1eb5eaf4be718d2f257a81b /src/lib/ndpi_utils.c
parent	fdb6481cd6d019651faea6cdd962db099cbf20a3 (diff)