mirror of
https://github.com/ntop/ntopng.git
synced 2026-04-29 07:29:32 +00:00
73 lines
2.5 KiB
Lua
73 lines
2.5 KiB
Lua
--
|
|
-- (C) 2019-20 - ntop.org
|
|
--
|
|
|
|
-- ##############################################
|
|
|
|
local alert_keys = require "alert_keys"
|
|
package.path = dirs.installdir .. "/scripts/lua/modules/?.lua;" .. package.path
|
|
|
|
local status_keys = require "flow_keys"
|
|
-- Import the classes library.
|
|
local classes = require "classes"
|
|
-- Make sure to import the Superclass!
|
|
local alert = require "alert"
|
|
|
|
-- ##############################################
|
|
|
|
local alert_suspicious_file_transfer = classes.class(alert)
|
|
|
|
-- ##############################################
|
|
|
|
alert_suspicious_file_transfer.meta = {
|
|
status_key = status_keys.ntopng.status_suspicious_file_transfer,
|
|
alert_key = alert_keys.ntopng.alert_suspicious_file_transfer,
|
|
i18n_title = "alerts_dashboard.suspicious_file_transfer",
|
|
icon = "fas fa-file-download",
|
|
}
|
|
|
|
-- ##############################################
|
|
|
|
-- @brief Prepare an alert table used to generate the alert
|
|
-- @param one_flow_param The first alert param
|
|
-- @param another_flow_param The second alert param
|
|
-- @return A table with the alert built
|
|
function alert_suspicious_file_transfer:init(http_info)
|
|
-- Call the parent constructor
|
|
self.super:init()
|
|
|
|
self.alert_type_params = http_info
|
|
end
|
|
|
|
-- #######################################################
|
|
|
|
-- @brief Format an alert into a human-readable string
|
|
-- @param ifid The integer interface id of the generated alert
|
|
-- @param alert The alert description table, including alert data such as the generating entity, timestamp, granularity, type
|
|
-- @param alert_type_params Table `alert_type_params` as built in the `:init` method
|
|
-- @return A human-readable string
|
|
function alert_suspicious_file_transfer.format(ifid, alert, alert_type_params)
|
|
local res = i18n("alerts_dashboard.suspicious_file_transfer")
|
|
|
|
if alert_type_params and alert_type_params["protos.http.last_url"] then
|
|
local type_icon = ''
|
|
|
|
local extn = alert_type_params["protos.http.last_url"]:sub(-4):lower()
|
|
|
|
if extn == ".php" or extn == ".js" or extn == ".html" or extn == ".xml" or extn == ".cgi" then
|
|
type_icon = '<i class="fas fa-file-code"></i>'
|
|
elseif extn == ".png" or extn == ".jpg" then
|
|
type_icon = '<i class="fas fa-file-image"></i>'
|
|
end
|
|
|
|
res = i18n("alerts_dashboard.suspicious_file_transfer_url",
|
|
{url = shortenString(alert_type_params["protos.http.last_url"], 64),
|
|
type_icon = type_icon})
|
|
end
|
|
|
|
return res
|
|
end
|
|
|
|
-- #######################################################
|
|
|
|
return alert_suspicious_file_transfer
|