#2 Most packets named query can return more than one result

已關閉
carlos.garcia8 年之前創建 · 1 條評論

The named query that returns the IP address with the most packets might return more than one result if different IPs are tied.

PortscanAttack expects only one IP when using this named query and fails if a list of addresses is returned instead.

The named query that returns the IP address with the most packets might return more than one result if different IPs are tied. PortscanAttack expects only one IP when using this named query and fails if a list of addresses is returned instead.

Do you have any idea how we can handle that? My idea was to always require providing an extractor if a single element is expected but it cannot be guaranteed that the result is an single element or a list. Because if the query does not return a list of values, the extractor is not applied, otherwise it reduces the list to one element such that the attack can work with it. But requiring an extractor is not enforced yet, it is no error message printed if the queries result is a list and the parameter becomes therefore invalid.

To be noted, sometimes returning a list of values is desired. For example, as source IP addresses for an DDoS attack.

Do you have any idea how we can handle that? My idea was to always require providing an extractor if a single element is expected but it cannot be guaranteed that the result is an single element or a list. Because if the query does not return a list of values, the extractor is not applied, otherwise it reduces the list to one element such that the attack can work with it. But requiring an extractor is not enforced yet, it is no error message printed if the queries result is a list and the parameter becomes therefore invalid. To be noted, sometimes returning a list of values is desired. For example, as source IP addresses for an DDoS attack.
登入 才能加入這對話。
未選擇標籤
Bug
未選擇里程碑
未指派成員
2 參與者
正在加載...
取消
保存
尚未有任何內容