diff --git a/matrix_webhook/conf.py b/matrix_webhook/conf.py index 3ec8c58..c8ffe0e 100644 --- a/matrix_webhook/conf.py +++ b/matrix_webhook/conf.py @@ -72,16 +72,17 @@ args = parser.parse_args() if args.config: with open(args.config) as f: config = yaml.safe_load(f) - SERVER_ADDRESS = (config["host"], config["port"]) + SERVER_ADDRESS = (config["hostname"], config["port"]) MATRIX_URL = config["matrix"]["url"] MATRIX_ID = config["matrix"]["id"] MATRIX_PW = config["matrix"]["pw"] - API_KEYS = config["api_keys"].keys() - ROOM_KEYS = config["api_keys"] + API_KEYS = config["api_keys"] + LOG_FILE = config["log"] VERBOSE = get_numeric_log_level(config["log"]["level"]) else: SERVER_ADDRESS = (args.host, args.port) MATRIX_URL = args.matrix_url + LOG_FILE = args.log if not args.matrix_id: print("Missing matrix user-id. Use -i or --matrix-id or specify in config.yaml") sys.exit(1) diff --git a/matrix_webhook/formatters/crowdsec.py b/matrix_webhook/formatters/crowdsec.py index b5f398f..174730f 100644 --- a/matrix_webhook/formatters/crowdsec.py +++ b/matrix_webhook/formatters/crowdsec.py @@ -1,16 +1,29 @@ +import requests + +def get_abuse_confidence(ip): + """ get abuseipdb's confidence level on an ip passed in, and return that value""" + base_url = "https://api.abuseipdb.com/api/v2/check" + api_key = " + headers = { 'Key': api_key, 'Accept': 'application/json' } + data = { 'ipAddress': ip, 'maxAgeInDays': 90 } + r = requests.get(base_url, headers=headers, json=data) + return r.json()['data']['abuseConfidenceScore'] + def formatter(data, headers): - """format a message sent with crowdsec http endpoints""" + """ format a message sent with crowdsec http endpoints""" data_out = "" for row in data["body"]: - if "crowdsecurity" in row["scenario"]: - source, scenario, *_ = row["scenario"].split("/") - row[ - "scenario" - ] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})" - data_out += ( - f"{row['host']} has been banned {row['duration']} due to {row['scenario']}\n\n" - f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})|" - f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n" - ) + ip = row['host'] + duration = row['duration'] + confidence = get_abuse_confidence(ip) + if "crowdsecurity" in row['scenario']: + source, scenario, *_ = row['scenario'].split('/') + row['scenario'] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})" + data_out += ( + f"{ip} has been banned {duration} due to {row['scenario']}\n\n" + f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})({confidence}%) | " + f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n" + ) data["body"] = data_out return data + diff --git a/matrix_webhook/handler.py b/matrix_webhook/handler.py index 6b16dcc..bd828fe 100644 --- a/matrix_webhook/handler.py +++ b/matrix_webhook/handler.py @@ -37,22 +37,14 @@ async def matrix_webhook(request): if "formatter" in request.rel_url.query: try: - format_type = request.rel_url.query["formatter"] - plugin = importlib.import_module( - f"matrix_webhook.formatters.{format_type}", "formatter" - ) + format = request.rel_url.query["formatter"] + plugin = importlib.import_module(f"matrix_webhook.formatters.{format}", "formatter") data = plugin.formatter(data, request.headers) except ModuleNotFoundError: return utils.create_json_response( HTTPStatus.BAD_REQUEST, "Unknown formatter" ) - if ( - "room_id" not in request.rel_url.query - and "room_id" not in data - and conf.ROOM_KEYS[f'{data["key"]}'] - ): - data["room_id"] = conf.ROOM_KEYS[f'{data["key"]}'] if "room_id" in request.rel_url.query and "room_id" not in data: data["room_id"] = request.rel_url.query["room_id"] if "room_id" not in data: @@ -96,5 +88,4 @@ async def matrix_webhook(request): "format": "org.matrix.custom.html", "formatted_body": formatted_body, } - print(conf.ROOM_KEYS) return await utils.send_room_message(data["room_id"], content)