Adds a no-action risk handler for risks already handled in other scripts

2026-05-03 09:20:10 +00:00 · 2020-09-23 18:02:57 +02:00 · 2020-09-23 18:02:57 +02:00 · d7b688b955
commit d7b688b955
parent 814ee67cf9
1 changed files with 12 additions and 5 deletions
--- a/scripts/plugins/alerts/security/flow_risks/user_scripts/flow/flow_risks.lua
+++ b/scripts/plugins/alerts/security/flow_risks/user_scripts/flow/flow_risks.lua
@ -81,6 +81,13 @@ end

 -- #################################################################

+local function no_action_handler()
+   -- An handler which doesn't perform any action. Useful
+   -- to be associated with risks already handled on other user scripts
+end
+
+-- #################################################################
+
 -- A Lua table to map risks with a given handler
 -- Risks are identified with ids as found in ndpi_typedefs.h
 local risk2action = {
@ -90,11 +97,11 @@ local risk2action = {
   [3]  = default_handler,                                     -- "ndpi_url_possible_rce_injection"
   [4]  = ndpi_binary_application_transfer_handler,            -- "ndpi_binary_application_transfer"
   [5]  = ndpi_known_protocol_on_non_standard_port_handler,    -- "ndpi_known_protocol_on_non_standard_port"
-   [6]  = default_handler,                                     -- handled in tls_certificate_selfsigned.lua
-   [7]  = default_handler,                                     -- handled in tls_old_version.lua
-   [8]  = default_handler,                                     -- handled in tls_unsafe_ciphers.lua
-   [9]  = default_handler,                                     -- handled in tls_certificate_expired.lua
-   [10] = default_handler,                                     -- handled in tls_certificate_mismatch.lua TODO: migrate to flow risk
+   [6]  = no_action_handler,                                   -- handled in tls_certificate_selfsigned.lua
+   [7]  = no_action_handler,                                   -- handled in tls_old_version.lua
+   [8]  = no_action_handler,                                   -- handled in tls_unsafe_ciphers.lua
+   [9]  = no_action_handler,                                   -- handled in tls_certificate_expired.lua
+   [10] = no_action_handler,                                   -- handled in tls_certificate_mismatch.lua TODO: migrate to flow risk
   [11] = default_handler,                                     -- "ndpi_http_suspicious_user_agent"
   [12] = default_handler,                                     -- "ndpi_http_numeric_ip_host"
   [13] = default_handler,                                     -- "ndpi_http_suspicious_url"