From 35b163c871fe1e097258ef9aaf250da2ebed008a Mon Sep 17 00:00:00 2001 From: Sefinek Date: Sat, 14 Sep 2024 13:18:11 +0200 Subject: [PATCH] 1.1.3 --- index.js | 10 +++++----- package-lock.json | 4 ++-- package.json | 2 +- scripts/csv.js | 11 ++++++----- scripts/sefinekAPI.js | 2 +- 5 files changed, 15 insertions(+), 14 deletions(-) diff --git a/index.js b/index.js index 2102ba5..e5f0a08 100644 --- a/index.js +++ b/index.js @@ -48,19 +48,19 @@ const isIPReportedRecently = (rayId, ip, reportedIPs) => { const reportIP = async (event, country, hostname, endpoint, userAgent, cycleErrorCounts) => { const uri = `${hostname}${endpoint}`; if (!uri) { - logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'MISSING_URI'); + logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'MISSING_URI'); log('warn', `Missing URL ${event.clientIP}; URI: ${uri}`); return false; } if (event.clientIP === clientIp.address) { - logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'YOUR_IP_ADDRESS'); + logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'YOUR_IP_ADDRESS'); log('log', `Your IP address (${event.clientIP}) was unexpectedly received from Cloudflare. URI: ${uri}; Ignoring...`); return false; } if (uri.length > MAX_URL_LENGTH) { - logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'URI_TOO_LONG'); + logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'URI_TOO_LONG'); log('log', `URL too long ${event.clientIP}; URI: ${uri}`); return false; } @@ -72,13 +72,13 @@ const reportIP = async (event, country, hostname, endpoint, userAgent, cycleErro comment: generateComment(event) }, { headers: headers.ABUSEIPDB }); - logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'REPORTED'); + logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'REPORTED'); log('log', `Reported ${event.clientIP}; URI: ${uri}`); return true; } catch (err) { if (err.response?.status === 429) { - logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, 'TOO_MANY_REQUESTS'); + logToCSV(event.rayName, event.clientIP, country, hostname, endpoint, event.userAgent, event.action, 'TOO_MANY_REQUESTS'); log('log', `Rate limited while reporting ${event.clientIP} (${event.rayName}); Endpoint: ${endpoint}`); cycleErrorCounts.blocked++; } else { diff --git a/package-lock.json b/package-lock.json index 65df7c8..b51725d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "cf-waf-to-abuseipdb", - "version": "1.1.2", + "version": "1.1.3", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "cf-waf-to-abuseipdb", - "version": "1.1.2", + "version": "1.1.3", "license": "MIT", "dependencies": { "axios": "^1.7.7", diff --git a/package.json b/package.json index 296b7b4..0a5afaa 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "cf-waf-to-abuseipdb", - "version": "1.1.2", + "version": "1.1.3", "description": "A Node.js project that enables automatic reporting of incidents detected by Cloudflare WAF to the AbuseIPDB database.", "keywords": [ "abuseipdb", diff --git a/scripts/csv.js b/scripts/csv.js index 74e141c..03e47d9 100644 --- a/scripts/csv.js +++ b/scripts/csv.js @@ -4,7 +4,7 @@ const log = require('./log.js'); const CSV_FILE_PATH = path.join(__dirname, '..', 'reported_ips.csv'); const MAX_CSV_SIZE_BYTES = 4 * 1024 * 1024; // 4 MB -const CSV_HEADER = 'Timestamp,CF RayID,IP,Country,Hostname,Endpoint,User-Agent,Action,SefinekAPI\n'; +const CSV_HEADER = 'Timestamp,CF RayID,IP,Country,Hostname,Endpoint,User-Agent,Action taken,Status,Sefinek API\n'; if (!fs.existsSync(CSV_FILE_PATH)) fs.writeFileSync(CSV_FILE_PATH, CSV_HEADER); @@ -21,9 +21,9 @@ const escapeCSVValue = value => { return value || ''; }; -const logToCSV = (rayId, ip, country, hostname, endpoint, useragent, action, sefinekAPI) => { +const logToCSV = (rayId, ip, country = 'N/A', hostname, endpoint, useragent, actionTaken = 'N/A', status = 'N/A', sefinekAPI) => { checkCSVSize(); - const logLine = `${new Date().toISOString()},${rayId},${ip},${country || 'N/A'},${hostname},${escapeCSVValue(endpoint)},${escapeCSVValue(useragent)},${action},${sefinekAPI || false}`; + const logLine = `${new Date().toISOString()},${rayId},${ip},${country},${hostname},${escapeCSVValue(endpoint)},${escapeCSVValue(useragent)},${actionTaken.toUpperCase()},${status},${sefinekAPI || false}`; fs.appendFileSync(CSV_FILE_PATH, logLine + '\n'); }; @@ -48,7 +48,8 @@ const readReportedIPs = () => { endpoint: parts[5], useragent: parts[6].replace(/(^"|"$)/g, ''), action: parts[7], - sefinekAPI: parts[8] === 'true' + status: parts[8], + sefinekAPI: parts[9] === 'true' }; }) .filter(item => item !== null); @@ -66,7 +67,7 @@ const updateSefinekAPIInCSV = (rayId, reportedToSefinekAPI) => { const updatedLines = lines.map(line => { const parts = line.split(/,(?=(?:[^"]*"[^"]*")*[^"]*$)/g); if (parts.length >= 9 && parts[1] === rayId) { - parts[8] = reportedToSefinekAPI; + parts[9] = reportedToSefinekAPI; return parts.join(','); } return line; diff --git a/scripts/sefinekAPI.js b/scripts/sefinekAPI.js index 4d8c9f2..75621ea 100644 --- a/scripts/sefinekAPI.js +++ b/scripts/sefinekAPI.js @@ -5,7 +5,7 @@ const log = require('./log.js'); const SEFINEK_API_URL = process.env.SEFINEK_API_URL || `${process.env.NODE_ENV === 'production' ? 'https://api.sefinek.net' : 'http://127.0.0.1:4010'}/api/v2/cloudflare-waf-abuseipdb/post`; module.exports = async () => { - const reportedIPs = readReportedIPs().filter(ip => ip.action === 'REPORTED' && !ip.sefinekAPI); + const reportedIPs = readReportedIPs().filter(ip => ip.status === 'REPORTED' && !ip.sefinekAPI); if (reportedIPs.length === 0) return log('log', 'No IPs with `action Reported` and `SefinekAPI false` to send to Sefinek API'); const uniqueLogs = reportedIPs.reduce((acc, ip) => {