filter-out ja4-fingerprints of bad-requests

superstes · superstes · commit 4018411a255e · 2025-07-17T14:36:23.000+02:00
diff --git a/src/riskdb/builder/obj/report.py b/src/riskdb/builder/obj/report.py
@@ -15,7 +15,7 @@ def __init__(self, raw: dict, reporters: list[Reporter]):
         self.user_agent = raw.get('ua', '')
         self.fingerprint_ja4 = raw.get('ja4', '')
 
-        if JA4_REGEX.match(self.fingerprint_ja4) is None:
+        if JA4_REGEX.match(self.fingerprint_ja4) is None or self.fingerprint_ja4.startswith('d00'):
             self.fingerprint_ja4 = ''
 
         self.reporter = self._init_reporter(token=raw['token'], reporters=reporters)
diff --git a/src/riskdb/lister/other_user_agent_ja4.py b/src/riskdb/lister/other_user_agent_ja4.py
@@ -26,7 +26,7 @@ def list_user_agents_ja4(tmp_dir: Path):
         ua_list.append(ua)
 
         ja4 = r.get('ja4', None)
-        if ja4 is not None:
+        if ja4 is not None and ja4.strip() != '' and not ja4.startswith('d00'):
             if ja4 in ja4_ua:
                 ja4_ua[ja4].append(ua.replace(',', ';'))
 
