/src/ntopng/src/FlowAlert.cpp

Source
/*
 *
 * (C) 2013-25 - ntop.org
 *
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 */

#include "ntop_includes.h"

/* **************************************************** */

FlowAlert::FlowAlert(FlowCheck *c, Flow *f) {
  if(trace_new_delete) ntop->getTrace()->traceEvent(TRACE_NORMAL, "[new] %s", __FILE__);
  flow = f;
  cli_attacker = srv_attacker = false;
  cli_victim = srv_victim = false;
  cli_score = srv_score = 0;
  if (c) check_name = c->getName();
  alert_score = SCORE_LEVEL_INFO;
  json_alert = NULL;
  refresh_json_alert = false;
}

/* **************************************************** */

FlowAlert::~FlowAlert() {
  if(trace_new_delete) ntop->getTrace()->traceEvent(TRACE_NORMAL, "[delete] %s", __FILE__);
  if (json_alert) free(json_alert);
}

/* ***************************************************** */

const char *FlowAlert::getSerializedAlert() {
  ndpi_serializer serializer;
  char *json;
  u_int32_t json_len; 

  if (refresh_json_alert) {
    if (json_alert) {
      free(json_alert);
      json_alert = NULL;
    }
  }

  if (json_alert)
    return json_alert;
 
  if (ndpi_init_serializer(&serializer, ndpi_serialization_format_json) == -1)
    return NULL;

  ndpi_serialize_start_of_block(&serializer, "alert_generation");
  ndpi_serialize_string_string(&serializer, "script_key", getCheckName().c_str());
  ndpi_serialize_string_string(&serializer, "subdir", "flow");
  ndpi_serialize_end_of_block(&serializer);

  ndpi_serialize_string_uint32(&serializer, "score", getAlertScore());

  getAlertJSON(&serializer);

  json = ndpi_serializer_get_buffer(&serializer, &json_len);

  if (json)
    json_alert = strdup(json);

  ndpi_term_serializer(&serializer);

  return json_alert;
}

Line	Count	Source
1		/*
2		*
3		* (C) 2013-25 - ntop.org
4		*
5		*
6		* This program is free software; you can redistribute it and/or modify
7		* it under the terms of the GNU General Public License as published by
8		* the Free Software Foundation; either version 3 of the License, or
9		* (at your option) any later version.
10		*
11		* This program is distributed in the hope that it will be useful,
12		* but WITHOUT ANY WARRANTY; without even the implied warranty of
13		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14		* GNU General Public License for more details.
15		*
16		* You should have received a copy of the GNU General Public License
17		* along with this program; if not, write to the Free Software Foundation,
18		* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19		*
20		*/
21
22		#include "ntop_includes.h"
23
24		/* **************************************************** */
25
26	0	FlowAlert::FlowAlert(FlowCheck c, Flow f) {
27	0	if(trace_new_delete) ntop->getTrace()->traceEvent(TRACE_NORMAL, "[new] %s", __FILE__);
28	0	flow = f;
29	0	cli_attacker = srv_attacker = false;
30	0	cli_victim = srv_victim = false;
31	0	cli_score = srv_score = 0;
32	0	if (c) check_name = c->getName();
33	0	alert_score = SCORE_LEVEL_INFO;
34	0	json_alert = NULL;
35	0	refresh_json_alert = false;
36	0	}
37
38		/* **************************************************** */
39
40	0	FlowAlert::~FlowAlert() {
41	0	if(trace_new_delete) ntop->getTrace()->traceEvent(TRACE_NORMAL, "[delete] %s", __FILE__);
42	0	if (json_alert) free(json_alert);
43	0	}
44
45		/* ***************************************************** */
46
47	0	const char *FlowAlert::getSerializedAlert() {
48	0	ndpi_serializer serializer;
49	0	char *json;
50	0	u_int32_t json_len;
51
52	0	if (refresh_json_alert) {
53	0	if (json_alert) {
54	0	free(json_alert);
55	0	json_alert = NULL;
56	0	}
57	0	}
58
59	0	if (json_alert)
60	0	return json_alert;
61
62	0	if (ndpi_init_serializer(&serializer, ndpi_serialization_format_json) == -1)
63	0	return NULL;
64
65	0	ndpi_serialize_start_of_block(&serializer, "alert_generation");
66	0	ndpi_serialize_string_string(&serializer, "script_key", getCheckName().c_str());
67	0	ndpi_serialize_string_string(&serializer, "subdir", "flow");
68	0	ndpi_serialize_end_of_block(&serializer);
69
70	0	ndpi_serialize_string_uint32(&serializer, "score", getAlertScore());
71
72	0	getAlertJSON(&serializer);
73
74	0	json = ndpi_serializer_get_buffer(&serializer, &json_len);
75
76	0	if (json)
77	0	json_alert = strdup(json);
78
79	0	ndpi_term_serializer(&serializer);
80
81	0	return json_alert;
82	0	}

Coverage Report

Created: 2025-11-16 06:59