/src/ntopng/include/FlowAlert.h

Source (jump to first uncovered line)
/*
 *
 * (C) 2013-24 - ntop.org
 *
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 */

#ifndef _FLOW_ALERT_H_
#define _FLOW_ALERT_H_

#include "ntop_includes.h"

class FlowAlert {
 private:
  Flow *flow;
  std::string check_name;
  bool cli_attacker, srv_attacker;
  bool cli_victim, srv_victim;

  /*
     Adds to the passed `serializer` (generated with `getAlertSerializer`)
     information specific to this alert
   */
  virtual ndpi_serializer *getAlertJSON(ndpi_serializer *serializer) {
    return serializer;
  }

 public:
  FlowAlert(FlowCheck *c, Flow *f);
  virtual ~FlowAlert();

  inline void setCliAttacker() { cli_attacker = true; }
  inline void setSrvAttacker() { srv_attacker = true; }
  inline void setCliVictim() { cli_victim = true; }
  inline void setSrvVictim() { srv_victim = true; }

  inline bool isCliAttacker() { return cli_attacker; }
  inline bool isCliVictim() { return cli_victim; }

  inline bool isSrvAttacker() { return srv_attacker; }
  inline bool isSrvVictim() { return srv_victim; }

  virtual FlowAlertType getAlertType() const = 0;
  virtual u_int8_t getAlertScore() const { return SCORE_LEVEL_INFO; };

  /* false = alert that requires attention, true = not important (auto ack) */
  virtual bool autoAck() const { return true; };

  inline Flow *getFlow() const { return (flow); }
  inline std::string getCheckName() const { return (check_name); }

  /*
     Generates the JSON alert serializer with base information and per-check
     information gathered with `getAlertJSON`. NOTE: memory must be freed by the
     caller.
  */
  ndpi_serializer *getSerializedAlert();
};

#endif /* _FLOW_ALERT_H_ */

Coverage Report

Created: 2024-02-25 06:37

Line	Count	Source (jump to first uncovered line)
1		/*
2		*
3		* (C) 2013-24 - ntop.org
4		*
5		*
6		* This program is free software; you can redistribute it and/or modify
7		* it under the terms of the GNU General Public License as published by
8		* the Free Software Foundation; either version 3 of the License, or
9		* (at your option) any later version.
10		*
11		* This program is distributed in the hope that it will be useful,
12		* but WITHOUT ANY WARRANTY; without even the implied warranty of
13		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14		* GNU General Public License for more details.
15		*
16		* You should have received a copy of the GNU General Public License
17		* along with this program; if not, write to the Free Software Foundation,
18		* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19		*
20		*/
21
22		#ifndef _FLOW_ALERT_H_
23		#define _FLOW_ALERT_H_
24
25		#include "ntop_includes.h"
26
27		class FlowAlert {
28		private:
29		Flow *flow;
30		std::string check_name;
31		bool cli_attacker, srv_attacker;
32		bool cli_victim, srv_victim;
33
34		/*
35		Adds to the passed `serializer` (generated with `getAlertSerializer`)
36		information specific to this alert
37		*/
38	0	virtual ndpi_serializer getAlertJSON(ndpi_serializer serializer) {
39	0	return serializer;
40	0	}
41
42		public:
43		FlowAlert(FlowCheck c, Flow f);
44		virtual ~FlowAlert();
45
46	0	inline void setCliAttacker() { cli_attacker = true; }
47	0	inline void setSrvAttacker() { srv_attacker = true; }
48	0	inline void setCliVictim() { cli_victim = true; }
49	0	inline void setSrvVictim() { srv_victim = true; }
50
51	0	inline bool isCliAttacker() { return cli_attacker; }
52	0	inline bool isCliVictim() { return cli_victim; }
53
54	0	inline bool isSrvAttacker() { return srv_attacker; }
55	0	inline bool isSrvVictim() { return srv_victim; }
56
57		virtual FlowAlertType getAlertType() const = 0;
58	0	virtual u_int8_t getAlertScore() const { return SCORE_LEVEL_INFO; };
59
60		/* false = alert that requires attention, true = not important (auto ack) */
61	0	virtual bool autoAck() const { return true; };
62
63	0	inline Flow *getFlow() const { return (flow); }
64	0	inline std::string getCheckName() const { return (check_name); }
65
66		/*
67		Generates the JSON alert serializer with base information and per-check
68		information gathered with `getAlertJSON`. NOTE: memory must be freed by the
69		caller.
70		*/
71		ndpi_serializer *getSerializedAlert();
72		};
73
74		#endif /* _FLOW_ALERT_H_ */