Merge remote-tracking branch 'ntop_origin/dev' into dev

author: MrRadix <edo.ermini@gmail.com> 2020-07-22 11:15:02 +0200
committer: MrRadix <edo.ermini@gmail.com> 2020-07-22 11:15:02 +0200
commit: 0a182c6d18cf837ed7cb219ddba5aa3186868158 (patch)
tree: 18b06bfebd951b730a2fd0a28e2e5593c13ce53d /src/lib/protocols/http.c
parent: 53b2b08aeb2682fbdf87075aa9312897a46d764e (diff)
parent: d90b333363b157d8eab9205430c83dab986ff965 (diff)
1 files changed, 11 insertions, 5 deletions
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index 8f74d22ad..2b96e55b4 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -262,12 +262,18 @@ static void ndpi_check_user_agent(struct ndpi_detection_module_struct *ndpi_stru
 				  char *ua) {
   if((!ua) || (ua[0] == '\0')) return;
 
-  // printf("[%s:%d] ==> '%s'\n", __FILE__, __LINE__, ua);
-
+  // printf("***** [%s:%d] ==> '%s'\n", __FILE__, __LINE__, ua);
+  // printf("***** %u\n", ndpi_check_dga_name(ndpi_struct, NULL, "uclient-fetch]"));
+    
   if((strlen(ua) < 4)
-     || (!strcmp(ua, "test"))
-     || (!strcmp(ua, "<?"))
-     || ndpi_match_bigram(ndpi_struct, &ndpi_struct->bigrams_automa, ua)) {
+     || (!strncmp(ua, "test", 4))
+     || (!strncmp(ua, "<?", 2))
+     || strchr(ua, ';')
+     || strchr(ua, '{')
+     || strchr(ua, '}')
+     || ndpi_check_dga_name(ndpi_struct, NULL, ua)
+     // || ndpi_match_bigram(ndpi_struct, &ndpi_struct->impossible_bigrams_automa, ua)
+     ) {
     NDPI_SET_BIT(flow->risk, NDPI_HTTP_SUSPICIOUS_USER_AGENT);
   }
 }
author	MrRadix <edo.ermini@gmail.com>	2020-07-22 11:15:02 +0200
committer	MrRadix <edo.ermini@gmail.com>	2020-07-22 11:15:02 +0200
commit	0a182c6d18cf837ed7cb219ddba5aa3186868158 (patch)
tree	18b06bfebd951b730a2fd0a28e2e5593c13ce53d /src/lib/protocols/http.c
parent	53b2b08aeb2682fbdf87075aa9312897a46d764e (diff)
parent	d90b333363b157d8eab9205430c83dab986ff965 (diff)