kellya/matrix-webhook
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add abuseipdb lookup to link, fix differences in version running in prod

Browse source
This commit is contained in:
Alex Kelly 2022-12-02 18:03:25 -05:00
commit 66df6e56e2
3 changed files with 30 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

7
matrix_webhook/conf.py
View file

@ -72,16 +72,17 @@ args = parser.parse_args()
if args.config:
with open(args.config) as f:
config = yaml.safe_load(f)
SERVER_ADDRESS = (config["host"], config["port"])
SERVER_ADDRESS = (config["hostname"], config["port"])
MATRIX_URL = config["matrix"]["url"]
MATRIX_ID = config["matrix"]["id"]
MATRIX_PW = config["matrix"]["pw"]
API_KEYS = config["api_keys"].keys()
ROOM_KEYS = config["api_keys"]
API_KEYS = config["api_keys"]
LOG_FILE = config["log"]
VERBOSE = get_numeric_log_level(config["log"]["level"])
else:
SERVER_ADDRESS = (args.host, args.port)
MATRIX_URL = args.matrix_url
LOG_FILE = args.log
if not args.matrix_id:
print("Missing matrix user-id. Use -i or --matrix-id or specify in config.yaml")
sys.exit(1)

35
matrix_webhook/formatters/crowdsec.py
View file

@ -1,16 +1,29 @@
import requests
def get_abuse_confidence(ip):
""" get abuseipdb's confidence level on an ip passed in, and return that value"""
base_url = "https://api.abuseipdb.com/api/v2/check"
api_key = "<YOUR API KEY>
headers = { 'Key': api_key, 'Accept': 'application/json' }
data = { 'ipAddress': ip, 'maxAgeInDays': 90 }
r = requests.get(base_url, headers=headers, json=data)
return r.json()['data']['abuseConfidenceScore']
def formatter(data, headers):
"""format a message sent with crowdsec http endpoints"""
""" format a message sent with crowdsec http endpoints"""
data_out = ""
for row in data["body"]:
if "crowdsecurity" in row["scenario"]:
source, scenario, *_ = row["scenario"].split("/")
row[
"scenario"
] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"
data_out += (
f"{row['host']} has been banned {row['duration']} due to {row['scenario']}\n\n"
f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})|"
f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"
)
ip = row['host']
duration = row['duration']
confidence = get_abuse_confidence(ip)
if "crowdsecurity" in row['scenario']:
source, scenario, *_ = row['scenario'].split('/')
row['scenario'] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"
data_out += (
f"{ip} has been banned {duration} due to {row['scenario']}\n\n"
f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})({confidence}%) | "
f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"
)
data["body"] = data_out
return data

13
matrix_webhook/handler.py
View file

@ -37,22 +37,14 @@ async def matrix_webhook(request):
if "formatter" in request.rel_url.query:
try:
format_type = request.rel_url.query["formatter"]
plugin = importlib.import_module(
f"matrix_webhook.formatters.{format_type}", "formatter"
)
format = request.rel_url.query["formatter"]
plugin = importlib.import_module(f"matrix_webhook.formatters.{format}", "formatter")
data = plugin.formatter(data, request.headers)
except ModuleNotFoundError:
return utils.create_json_response(
HTTPStatus.BAD_REQUEST, "Unknown formatter"
)
if (
"room_id" not in request.rel_url.query
and "room_id" not in data
and conf.ROOM_KEYS[f'{data["key"]}']
):
data["room_id"] = conf.ROOM_KEYS[f'{data["key"]}']
if "room_id" in request.rel_url.query and "room_id" not in data:
data["room_id"] = request.rel_url.query["room_id"]
if "room_id" not in data:
@ -96,5 +88,4 @@ async def matrix_webhook(request):
"format": "org.matrix.custom.html",
"formatted_body": formatted_body,
}
print(conf.ROOM_KEYS)
return await utils.send_room_message(data["room_id"], content)