[VS] Add UDP port handler and implement numerous fixes.

2026-04-29 07:29:32 +00:00 · 2023-10-12 15:17:05 +02:00 · 2023-10-12 15:17:05 +02:00 · 3d44707cc8
commit 3d44707cc8
parent bbf9b71add
13 changed files with 670 additions and 332 deletions
--- a/scripts/lua/modules/alert_definitions/other/alert_vulnerability_scan.lua
+++ b/scripts/lua/modules/alert_definitions/other/alert_vulnerability_scan.lua
@ -35,7 +35,7 @@ function alert_vulnerability_scan:init(differences_list)
   -- Trick to set this alert as an active monitoring alert
   self.alert_type_params.threshold = 0
   self.alert_type_params.value = 0
-   self.alert_type_params.measurement = 'vulnerability_scan'
+   self.alert_type_params.measurement = differences_list.measurement
 end

 -- #######################################################
@ -53,14 +53,27 @@ function alert_vulnerability_scan.format(ifid, alert, alert_type_params)
      end
   end
   --]]
-
-   if (not isEmptyString(alert_type_params.tcp_ports_case)) then
+   if (alert_type_params.scan_type == "tcp_portscan" or alert_type_params.scan_type == "tcp_openports") then
      msg = msg .. i18n('vulnerability_scan_alert_ports_changed_cases.'..alert_type_params.tcp_ports_case, {
-         open_ports_num = alert_type_params.open_ports.num,
-         open_ports = alert_type_params.open_ports.ports,
-         closed_ports_num = alert_type_params.closed_ports.num,
-         closed_ports = alert_type_params.closed_ports.ports
+         open_ports_num = alert_type_params.tcp_open_ports.num,
+         open_ports = alert_type_params.tcp_open_ports.ports,
+         closed_ports_num = alert_type_params.tcp_closed_ports.num,
+         closed_ports = alert_type_params.tcp_closed_ports.ports,
+         protocol = i18n("tcp")
      })
+
+      msg = msg:gsub("%,", ", ")
+
+   elseif (alert_type_params.scan_type == "udp_portscan") then
+      msg = msg .. i18n('vulnerability_scan_alert_ports_changed_cases.'..alert_type_params.udp_ports_case, {
+         open_ports_num = alert_type_params.udp_open_ports.num,
+         open_ports = alert_type_params.udp_open_ports.ports,
+         closed_ports_num = alert_type_params.udp_closed_ports.num,
+         closed_ports = alert_type_params.udp_closed_ports.ports,
+         protocol = i18n("udp")
+      })
+      msg = msg:gsub("%,", ", ")
+
   end

   if alert_type_params.num_new_cve_issues then
@ -84,7 +97,9 @@ function alert_vulnerability_scan.format(ifid, alert, alert_type_params)
      host = alert_type_params.host
   end

-   return i18n('vulnerability_scan_alert', { host = host, msg = msg })
+   local report_url = ntop.getHttpPrefix().."/lua/vulnerability_scan.lua?page=report&report_template=vs_result"
+
+   return i18n('vulnerability_scan_alert', { host = host, msg = msg, url = report_url })
 end

 -- #######################################################