Add abuseipdb lookup to link, fix differences in version running in prod

matrix_webhook/conf.py

@@ -72,16 +72,17 @@ args = parser.parse_args()
 if args.config:
     with open(args.config) as f:
         config = yaml.safe_load(f)
-    SERVER_ADDRESS = (config["host"], config["port"])
+    SERVER_ADDRESS = (config["hostname"], config["port"])
     MATRIX_URL = config["matrix"]["url"]
     MATRIX_ID = config["matrix"]["id"]
     MATRIX_PW = config["matrix"]["pw"]
-    API_KEYS = config["api_keys"].keys()
+    API_KEYS = config["api_keys"]
-    ROOM_KEYS = config["api_keys"]
+    LOG_FILE = config["log"]
     VERBOSE = get_numeric_log_level(config["log"]["level"])
 else:
     SERVER_ADDRESS = (args.host, args.port)
     MATRIX_URL = args.matrix_url
+    LOG_FILE = args.log
     if not args.matrix_id:
         print("Missing matrix user-id. Use -i or --matrix-id or specify in config.yaml")
         sys.exit(1)

matrix_webhook/formatters/crowdsec.py

@@ -1,16 +1,29 @@
+import requests
+
+def get_abuse_confidence(ip):
+    """ get abuseipdb's confidence level on an ip passed in, and return that value"""
+    base_url = "https://api.abuseipdb.com/api/v2/check"
+    api_key = "<YOUR API KEY>
+    headers = { 'Key': api_key, 'Accept': 'application/json' }
+    data = { 'ipAddress': ip, 'maxAgeInDays': 90 }
+    r = requests.get(base_url, headers=headers, json=data)
+    return r.json()['data']['abuseConfidenceScore']
+
 def formatter(data, headers):
     """ format a message sent with crowdsec http endpoints"""
     data_out = ""
     for row in data["body"]:
-        if "crowdsecurity" in row["scenario"]:
+       ip = row['host']
-            source, scenario, *_ = row["scenario"].split("/")
+       duration = row['duration']
-            row[
+       confidence = get_abuse_confidence(ip)
-                "scenario"
+       if "crowdsecurity" in row['scenario']:
-            ] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"
+          source, scenario, *_ = row['scenario'].split('/')
+          row['scenario'] = f"[{scenario}](https://hub.crowdsec.net/author/crowdsecurity/configurations/{scenario})"
        data_out += (
-            f"{row['host']} has been banned {row['duration']} due to {row['scenario']}\n\n"
+                     f"{ip} has been banned {duration} due to {row['scenario']}\n\n"
-            f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})|"
+                     f"[AbuseIPDB](https://www.abuseipdb.com/check/{row['host']})({confidence}%) | "
                      f"[Crowdsec](https://app.crowdsec.net/cti/{row['host']})\n\n"
        )
     data["body"] = data_out
     return data
+

matrix_webhook/handler.py

@@ -37,22 +37,14 @@ async def matrix_webhook(request):
 
     if "formatter" in request.rel_url.query:
         try:
-            format_type = request.rel_url.query["formatter"]
+            format = request.rel_url.query["formatter"]
-            plugin = importlib.import_module(
+            plugin = importlib.import_module(f"matrix_webhook.formatters.{format}", "formatter")
-                f"matrix_webhook.formatters.{format_type}", "formatter"
-            )
             data = plugin.formatter(data, request.headers)
         except ModuleNotFoundError:
             return utils.create_json_response(
                 HTTPStatus.BAD_REQUEST, "Unknown formatter"
             )
 
-    if (
-        "room_id" not in request.rel_url.query
-        and "room_id" not in data
-        and conf.ROOM_KEYS[f'{data["key"]}']
-    ):
-        data["room_id"] = conf.ROOM_KEYS[f'{data["key"]}']
     if "room_id" in request.rel_url.query and "room_id" not in data:
         data["room_id"] = request.rel_url.query["room_id"]
     if "room_id" not in data:
@@ -96,5 +88,4 @@ async def matrix_webhook(request):
         "format": "org.matrix.custom.html",
         "formatted_body": formatted_body,
     }
-    print(conf.ROOM_KEYS)
     return await utils.send_room_message(data["room_id"], content)