diff options
Diffstat (limited to 'lualib/lua_scanners')
-rw-r--r-- | lualib/lua_scanners/common.lua | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/lualib/lua_scanners/common.lua b/lualib/lua_scanners/common.lua index f35ee372d..65dd4aef8 100644 --- a/lualib/lua_scanners/common.lua +++ b/lualib/lua_scanners/common.lua @@ -339,6 +339,27 @@ local function check_parts_match(task, rule) return fun.filter(filter_func, task:get_parts()) end +local function check_metric_results(task, rule) + + if rule.action ~= 'reject' then + local metric_result = task:get_metric_score('default') + local metric_action = task:get_metric_action('default') + local has_pre_result = task:has_pre_result() + + if rule.symbol_type == 'postfilter' and metric_action == 'reject' then + return true, 'result is already reject' + elseif metric_result[1] > metric_result[2]*2 then + return true, 'score > 2 * reject_level: ' .. metric_result[1] + elseif has_pre_result and metric_action == 'reject' then + return true, 'pre_result reject is set' + else + return false, 'undecided' + end + else + return false, 'dynamic_scan is not possible with config `action=reject;`' + end +end + exports.log_clean = log_clean exports.yield_result = yield_result exports.match_patterns = match_patterns @@ -347,6 +368,7 @@ exports.check_av_cache = check_av_cache exports.save_av_cache = save_av_cache exports.create_regex_table = create_regex_table exports.check_parts_match = check_parts_match +exports.check_metric_results = check_metric_results setmetatable(exports, { __call = function(t, override) |