From 66df6e56e2c3ee181e274771d59d16f16f3203fd Mon Sep 17 00:00:00 2001
From: Alex Kelly <kellya@arachnitech.com>
Date: Fri, 2 Dec 2022 18:03:25 -0500
Subject: [PATCH] Add abuseipdb lookup to link, fix differences in version
 running in prod

---
 matrix_webhook/conf.py                |  7 +++---
 matrix_webhook/formatters/crowdsec.py | 35 ++++++++++++++++++---------
 matrix_webhook/handler.py             | 13 ++--------
 3 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/matrix_webhook/conf.py b/matrix_webhook/conf.py
index 3ec8c58..c8ffe0e 100644
--- a/matrix_webhook/conf.py
+++ b/matrix_webhook/conf.py
@@ -72,16 +72,17 @@ args = parser.parse_args()
 if args.config:
     with open(args.config) as f:
         config = yaml.safe_load(f)
-    SERVER_ADDRESS = (config["host"], config["port"])
+    SERVER_ADDRESS = (config["hostname"], config["port"])
     MATRIX_URL = config["matrix"]["url"]
     MATRIX_ID = config["matrix"]["id"]
     MATRIX_PW = config["matrix"]["pw"]
-    API_KEYS = config["api_keys"].keys()
-    ROOM_KEYS = config["api_keys"]
+    API_KEYS = config["api_keys"]
+    LOG_FILE = config["log"]
     VERBOSE = get_numeric_log_level(config["log"]["level"])
 else:
     SERVER_ADDRESS = (args.host, args.port)
     MATRIX_URL = args.matrix_url
+    LOG_FILE = args.log
     if not args.matrix_id:
         print("Missing matrix user-id. Use -i or --matrix-id or specify in config.yaml")
         sys.exit(1)
diff --git a/matrix_webhook/formatters/crowdsec.py b/matrix_webhook/formatters/crowdsec.py
index b5f398f..174730f 100644
--- a/matrix_webhook/formatters/crowdsec.py
+++ b/matrix_webhook/formatters/crowdsec.py
@@ -1,16 +1,29 @@
+import requests
+
+def get_abuse_confidence(ip):
+    """ get abuseipdb's confidence level on an ip passed in, and return that value"""
+    base_url = "https://api.abuseipdb.com/api/v2/check"
+    api_key = "<YOUR API KEY>
+    headers = { 'Key': api_key, 'Accept': 'application/json' }
+    data = { 'ipAddress': ip, 'maxAgeInDays': 90 }
+    r = requests.get(base_url, headers=headers, json=data)
+    return r.json()['data']['abuseConfidenceScore']
+
 def formatter(data, headers):
-    """format a message sent with crowdsec http endpoints"""
+    """ format a message sent with crowdsec http endpoints"""
     data_out = ""
     for row in data["body"]:
-        if "crowdsecurity" in row["scenario"]:
-            source, scenario, *_ = row["scenario"].split("/")
-            row[
-                "scenario"
-            ] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"
-        data_out += (
-            f"{row['host']} has been banned {row['duration']} due to {row['scenario']}\n\n"
-            f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})|"
-            f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"
-        )
+       ip = row['host']
+       duration = row['duration']
+       confidence = get_abuse_confidence(ip)
+       if "crowdsecurity" in row['scenario']:
+          source, scenario, *_ = row['scenario'].split('/')
+          row['scenario'] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"
+       data_out += (
+                     f"{ip} has been banned {duration} due to {row['scenario']}\n\n"
+                     f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})({confidence}%) | "
+                     f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"
+       )
     data["body"] = data_out
     return data
+
diff --git a/matrix_webhook/handler.py b/matrix_webhook/handler.py
index 6b16dcc..bd828fe 100644
--- a/matrix_webhook/handler.py
+++ b/matrix_webhook/handler.py
@@ -37,22 +37,14 @@ async def matrix_webhook(request):
 
     if "formatter" in request.rel_url.query:
         try:
-            format_type = request.rel_url.query["formatter"]
-            plugin = importlib.import_module(
-                f"matrix_webhook.formatters.{format_type}", "formatter"
-            )
+            format = request.rel_url.query["formatter"]
+            plugin = importlib.import_module(f"matrix_webhook.formatters.{format}", "formatter")
             data = plugin.formatter(data, request.headers)
         except ModuleNotFoundError:
             return utils.create_json_response(
                 HTTPStatus.BAD_REQUEST, "Unknown formatter"
             )
 
-    if (
-        "room_id" not in request.rel_url.query
-        and "room_id" not in data
-        and conf.ROOM_KEYS[f'{data["key"]}']
-    ):
-        data["room_id"] = conf.ROOM_KEYS[f'{data["key"]}']
     if "room_id" in request.rel_url.query and "room_id" not in data:
         data["room_id"] = request.rel_url.query["room_id"]
     if "room_id" not in data:
@@ -96,5 +88,4 @@ async def matrix_webhook(request):
         "format": "org.matrix.custom.html",
         "formatted_body": formatted_body,
     }
-    print(conf.ROOM_KEYS)
     return await utils.send_room_message(data["room_id"], content)