The named query that returns the IP address with the most packets might return more than one result if different IPs are tied.
PortscanAttack expects only one IP when using this named query and fails if a list of addresses is returned instead.
The named query that returns the IP address with the most packets might return more than one result if different IPs are tied.
PortscanAttack expects only one IP when using this named query and fails if a list of addresses is returned instead.
Do you have any idea how we can handle that? My idea was to always require providing an extractor if a single element is expected but it cannot be guaranteed that the result is an single element or a list. Because if the query does not return a list of values, the extractor is not applied, otherwise it reduces the list to one element such that the attack can work with it. But requiring an extractor is not enforced yet, it is no error message printed if the queries result is a list and the parameter becomes therefore invalid.
To be noted, sometimes returning a list of values is desired. For example, as source IP addresses for an DDoS attack.
Do you have any idea how we can handle that? My idea was to always require providing an extractor if a single element is expected but it cannot be guaranteed that the result is an single element or a list. Because if the query does not return a list of values, the extractor is not applied, otherwise it reduces the list to one element such that the attack can work with it. But requiring an extractor is not enforced yet, it is no error message printed if the queries result is a list and the parameter becomes therefore invalid.
To be noted, sometimes returning a list of values is desired. For example, as source IP addresses for an DDoS attack.
The named query that returns the IP address with the most packets might return more than one result if different IPs are tied.
PortscanAttack expects only one IP when using this named query and fails if a list of addresses is returned instead.
Do you have any idea how we can handle that? My idea was to always require providing an extractor if a single element is expected but it cannot be guaranteed that the result is an single element or a list. Because if the query does not return a list of values, the extractor is not applied, otherwise it reduces the list to one element such that the attack can work with it. But requiring an extractor is not enforced yet, it is no error message printed if the queries result is a list and the parameter becomes therefore invalid.
To be noted, sometimes returning a list of values is desired. For example, as source IP addresses for an DDoS attack.