From ad117bfaabd3bc75dc70d0ddbc4ba18c86c40dbd Mon Sep 17 00:00:00 2001 From: Luca Deri Date: Thu, 18 Apr 2024 23:21:40 +0200 Subject: Domain Classification Improvements (#2396) * Added size_t ndpi_compress_str(const char * in, size_t len, char * out, size_t bufsize); size_t ndpi_decompress_str(const char * in, size_t len, char * out, size_t bufsize); used to compress short strings such as domain names. This code is based on https://github.com/Ed-von-Schleck/shoco * Major code rewrite for ndpi_hash and ndpi_domain_classify * Improvements to make sure custom categories are loaded and enabled * Fixed string encoding * Extended SalesForce/Cloudflare domains list --- src/lib/protocols/fastcgi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/lib/protocols/fastcgi.c') diff --git a/src/lib/protocols/fastcgi.c b/src/lib/protocols/fastcgi.c index a9f9113d3..10384a13e 100644 --- a/src/lib/protocols/fastcgi.c +++ b/src/lib/protocols/fastcgi.c @@ -221,7 +221,7 @@ static void ndpi_search_fastcgi(struct ndpi_detection_module_struct *ndpi_struct ndpi_set_risk(flow, NDPI_INVALID_CHARACTERS, str); /* This looks like an attack */ - ndpi_set_risk(flow, NDPI_POSSIBLE_EXPLOIT, NULL); + ndpi_set_risk(flow, NDPI_POSSIBLE_EXPLOIT, "Suspicious hostname: attack ?"); } ndpi_int_fastcgi_add_connection(ndpi_struct, flow, &ret_match); } -- cgit v1.2.3