Keeps configured enabled/disabled flow risks into account inside plugin

scripts/plugins/alerts/security/flow_risks/user_scripts/flow/flow_risks.lua

@@ -33,11 +33,11 @@ local script = {
 	       { 3, i18n("flow_risk.ndpi_url_possible_rce_injection") },
 	       { 4, i18n("flow_risk.ndpi_binary_application_transfer") },
 	       { 5, i18n("flow_risk.ndpi_known_protocol_on_non_standard_port") },
-	       { 6, i18n("flow_risk.ndpi_tls_selfsigned_certificate") },
-	       { 7, i18n("flow_risk.ndpi_tls_obsolete_version") },
-	       { 8, i18n("flow_risk.ndpi_tls_weak_cipher") },
-	       { 9, i18n("flow_risk.ndpi_tls_certificate_expired") },
-	       { 10, i18n("flow_risk.ndpi_tls_certificate_mismatch") },
+	       -- { 6, i18n("flow_risk.ndpi_tls_selfsigned_certificate") }, -- handled in tls_certificate_selfsigned.lua
+	       -- { 7, i18n("flow_risk.ndpi_tls_obsolete_version") },       -- handled in tls_old_version.lua
+	       -- { 8, i18n("flow_risk.ndpi_tls_weak_cipher") },            -- handled in tls_certificate_expired.lua
+	       -- { 9, i18n("flow_risk.ndpi_tls_certificate_expired") },    -- handled in tls_certificate_expired.lua 
+	       -- { 10, i18n("flow_risk.ndpi_tls_certificate_mismatch") },  -- handled in tls_certificate_mismatch.lua TODO: migrate to flow risk
 	       { 11, i18n("flow_risk.ndpi_http_suspicious_user_agent") },
 	       { 12, i18n("flow_risk.ndpi_http_numeric_ip_host") },
 	       { 13, i18n("flow_risk.ndpi_http_suspicious_url") },
@@ -59,7 +59,8 @@ local script = {
 
    default_value = {
       items = {
-	 1,2,3,4,5,6,7,8,9,10,
+	 1,2,3,4,5,
+	 -- 6,7,8,9,10,
 	 11,12,13,14,15,16,17,18,19,20,
 	 21,22,23,24
       },
@@ -69,17 +70,6 @@ local script = {
 
 -- #################################################################
 
--- Indicate risks that don't have to be processed by this module.
-local excluded_risks = {
-   [6]  = true, -- handled in tls_certificate_selfsigned.lua
-   [7]  = true, -- handled in tls_old_version.lua
-   [8]  = true, -- handled in tls_unsafe_ciphers.lua
-   [9]  = true, -- handled in tls_certificate_expired.lua
-   [10] = true, -- handled in tls_certificate_mismatch.lua TODO: migrate to flow risk
-}
-
--- #################################################################
-
 -- Default scores to use for flow risks
 local DEFAULT_SCORES = {
    50 --[[ flow score   --]],
@@ -130,16 +120,43 @@ local handlers = {
 
 -- #################################################################
 
-function script.hooks.protocolDetected(now)
+-- Indicate risks that are enabled (i.e., configured to generate alerts from the UI)
+local enabled_risks
+
+-- #################################################################
+
+function script.setup()
+   -- Reset enabled risks. They will be lazily re-initialized inside protocolDetected hook below
+   enabled_risks = nil
+
+   return true -- OK
+end
+
+-- #################################################################
+
+function script.hooks.protocolDetected(now, conf)
    -- If the flow has any of the nDPI risks...
    if flow.hasRisk() then
+      -- Lazily initialize enabled_risks, if not already initialized
+      if not enabled_risks then
+	 enabled_risks = {}
+
+	 if conf and conf.items then
+	    -- Iterate configuration items, i.e., enabled risks, and
+	    -- add their ids to the enabled_risks table
+	    for _, risk_id in pairs(conf.items) do
+	       -- Risk ids arrive as strings inside items, so the tonumber conversion is needed
+	       enabled_risks[tonumber(risk_id)] = true
+	    end
+	 end
+      end
+
       -- Iterate all the currently detected flow risks
       local all_risks = flow.getRiskInfo()
 
       for risk_str, risk_id in pairs(all_risks) do
-	 -- If the risk is among those excluded, just skip it
-	 -- Excluded risks are typically those handed in separated user scripts
-	 if excluded_risks[risk_id] then
+	 -- If the risk is not among those enabled, just skip it
+	 if not enabled_risks[risk_id] then
 	    goto continue
 	 end