Refreshed ntopng code

ntop · Aug 25, 2024 · e34224a · e34224a
1 parent 5720846
commit e34224a
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 16 deletions.
diff --git a/...e/flow_alerts/FlowRiskMaliciousJA3Alert.h → ...lerts/FlowRiskMaliciousFingerprintAlert.h b/...e/flow_alerts/FlowRiskMaliciousJA3Alert.h → ...lerts/FlowRiskMaliciousFingerprintAlert.h
@@ -19,28 +19,28 @@
  *
  */
 
-#ifndef _FR_MALICIOUS_JA3_ALERT_H_
-#define _FR_MALICIOUS_JA3_ALERT_H_
+#ifndef _FR_MALICIOUS_FINGERPRINT_ALERT_H_
+#define _FR_MALICIOUS_FINGERPRINT_ALERT_H_
 
 #include "ntop_includes.h"
 
-class FlowRiskMaliciousJA3Alert : public FlowRiskAlert {
+class FlowRiskMaliciousFingerprintAlert : public FlowRiskAlert {
  public:
-  static ndpi_risk_enum getClassRisk() { return NDPI_MALICIOUS_JA3; }
+  static ndpi_risk_enum getClassRisk() { return NDPI_MALICIOUS_FINGERPRINT; }
   static FlowAlertType getClassType() {
     return FlowRiskAlerts::getFlowRiskAlertType(getClassRisk());
   }
   static u_int8_t getDefaultScore() {
     return FlowRiskAlerts::getFlowRiskScore(getClassRisk());
   }
 
-  FlowRiskMaliciousJA3Alert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){};
-  ~FlowRiskMaliciousJA3Alert(){};
+  FlowRiskMaliciousFingerprintAlert(FlowCheck *c, Flow *f) : FlowRiskAlert(c, f){};
+  ~FlowRiskMaliciousFingerprintAlert(){};
 
   FlowAlertType getAlertType() const { return getClassType(); }
   ndpi_risk_enum getAlertRisk() const { return getClassRisk(); }
 
   bool autoAck() const { return false; };
 };
 
-#endif /* _FR_MALICIOUS_JA3_ALERT_H_ */
+#endif /* _FR_MALICIOUS_FINGERPRINT_ALERT_H_ */
diff --git a/include/flow_alerts_includes.h b/include/flow_alerts_includes.h
@@ -57,7 +57,7 @@
 #include "flow_alerts/FlowRiskHTTPSuspiciousUserAgentAlert.h"
 #include "flow_alerts/FlowRiskKnownProtocolOnNonStandardPortAlert.h"
 #include "flow_alerts/FlowRiskMalformedPacketAlert.h"
-#include "flow_alerts/FlowRiskMaliciousJA3Alert.h"
+#include "flow_alerts/FlowRiskMaliciousFingerprintAlert.h"
 #include "flow_alerts/FlowRiskMaliciousSHA1CertificateAlert.h"
 #include "flow_alerts/FlowRiskMalwareHostContactedAlert.h"
 #include "flow_alerts/FlowRiskPeriodicFlowAlert.h"

diff --git a/include/flow_checks/FlowRiskMaliciousJA3.h → ...low_checks/FlowRiskMaliciousFingerprint.h b/include/flow_checks/FlowRiskMaliciousJA3.h → ...low_checks/FlowRiskMaliciousFingerprint.h
@@ -27,23 +27,23 @@
 class FlowRiskMaliciousJA3 : public FlowRisk {
  private:
   FlowAlertType getAlertType() const {
-    return FlowRiskMaliciousJA3Alert::getClassType();
+    return FlowRiskMaliciousFingerprintAlert::getClassType();
   }
 
  public:
   FlowRiskMaliciousJA3(){};
   ~FlowRiskMaliciousJA3(){};
 
   FlowAlert *buildAlert(Flow *f) {
-    return new FlowRiskMaliciousJA3Alert(this, f);
+    return new FlowRiskMaliciousFingerprintAlert(this, f);
   }
 
   std::string getName() const {
     return (FlowRiskAlerts::getCheckName(
-        FlowRiskMaliciousJA3Alert::getClassRisk()));
+        FlowRiskMaliciousFingerprintAlert::getClassRisk()));
   }
   ndpi_risk_enum handledRisk() {
-    return FlowRiskMaliciousJA3Alert::getClassRisk();
+    return FlowRiskMaliciousFingerprintAlert::getClassRisk();
   }
 };
 

diff --git a/include/flow_checks_includes.h b/include/flow_checks_includes.h
@@ -42,7 +42,7 @@
 #include "flow_checks/FlowRiskHTTPSuspiciousURL.h"
 #include "flow_checks/FlowRiskKnownProtocolOnNonStandardPort.h"
 #include "flow_checks/FlowRiskMalformedPacket.h"
-#include "flow_checks/FlowRiskMaliciousJA3.h"
+#include "flow_checks/FlowRiskMaliciousFingerprint.h"
 #include "flow_checks/FlowRiskMaliciousSHA1Certificate.h"
 #include "flow_checks/FlowRiskMalwareHostContacted.h"
 #include "flow_checks/FlowRiskPeriodicFlow.h"

diff --git a/src/Flow.cpp b/src/Flow.cpp
@@ -24,8 +24,7 @@
 /* static so default is zero-initialization, let's just define it */
 
 const ndpi_protocol Flow::ndpiUnknownProtocol = {
-  NDPI_PROTOCOL_UNKNOWN, /* master_protocol */
-  NDPI_PROTOCOL_UNKNOWN, /* app_protocol    */
+  { NDPI_PROTOCOL_UNKNOWN /* master_protocol */, NDPI_PROTOCOL_UNKNOWN /* app_protocol */ },
   NDPI_PROTOCOL_UNKNOWN, /* protocol_by_ip */
   NDPI_PROTOCOL_CATEGORY_UNSPECIFIED, NULL};
 // #define DEBUG_DISCOVERY
@@ -3191,7 +3190,7 @@ void Flow::setRisk(ndpi_risk risk_bitmap) {
   ndpi_flow_risk_bitmap = risk_bitmap;
 
   has_malicious_cli_signature =
-    NDPI_ISSET_BIT(ndpi_flow_risk_bitmap, NDPI_MALICIOUS_JA3);
+    NDPI_ISSET_BIT(ndpi_flow_risk_bitmap, NDPI_MALICIOUS_FINGERPRINT);
 }
 
 /* *************************************** */