From daab46d4ec75145f586490e461e6d0a51b766594 Mon Sep 17 00:00:00 2001 From: Sefinek Date: Sun, 10 Nov 2024 01:13:11 +0100 Subject: [PATCH] Some fixes --- README.md | 2 +- index.js | 2 +- scripts/clientIp.js | 2 +- config.js => scripts/config.js | 0 scripts/generateComment.js | 30 +++++++++++++++--------------- 5 files changed, 18 insertions(+), 18 deletions(-) rename config.js => scripts/config.js (100%) diff --git a/README.md b/README.md index bb493c0..d226513 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Cloudflare WAF to AbuseIPDB 🕵️‍♀️ +# Cloudflare WAF to AbuseIPDB ☁️🕵️ This project offers an automated script that collects and reports IP addresses that have triggered Cloudflare firewall events. In simple terms, it enables the reporting of incidents detected by Cloudflare WAF to the AbuseIPDB database. diff --git a/index.js b/index.js index fcd9dfd..7fa8cfe 100644 --- a/index.js +++ b/index.js @@ -1,7 +1,7 @@ require('dotenv').config(); const { axios, moduleVersion } = require('./services/axios.js'); -const { CYCLE_INTERVAL, REPORTED_IP_COOLDOWN_MS, MAX_URL_LENGTH, SUCCESS_COOLDOWN, SEFINEK_API_INTERVAL, REPORT_TO_SEFINEK_API } = require('./config.js'); +const { CYCLE_INTERVAL, REPORTED_IP_COOLDOWN_MS, MAX_URL_LENGTH, SUCCESS_COOLDOWN, SEFINEK_API_INTERVAL, REPORT_TO_SEFINEK_API } = require('./scripts/config.js'); const PAYLOAD = require('./scripts/payload.js'); const generateComment = require('./scripts/generateComment.js'); const SefinekAPI = require('./scripts/sefinekAPI.js'); diff --git a/scripts/clientIp.js b/scripts/clientIp.js index 04d4463..c1abef2 100644 --- a/scripts/clientIp.js +++ b/scripts/clientIp.js @@ -1,5 +1,5 @@ const { axios } = require('../services/axios.js'); -const { IP_REFRESH_INTERVAL } = require('../config.js'); +const { IP_REFRESH_INTERVAL } = require('./config.js'); const log = require('./log.js'); let address = null; // Holds the IP address diff --git a/config.js b/scripts/config.js similarity index 100% rename from config.js rename to scripts/config.js diff --git a/scripts/generateComment.js b/scripts/generateComment.js index df17d68..269e0ee 100644 --- a/scripts/generateComment.js +++ b/scripts/generateComment.js @@ -1,23 +1,23 @@ -module.exports = it => { +module.exports = ({ action, clientAsn, clientASNDescription, clientRequestHTTPProtocol, clientRequestHTTPMethodName, clientRequestHTTPHost, clientRequestPath, clientRequestQuery, datetime, rayName, ruleId, userAgent = 'Empty string', source, clientCountryName }) => { const fields = [ - { label: 'Action taken', value: it.action?.toUpperCase() }, - { label: 'ASN', value: `${it.clientAsn} (${it.clientASNDescription})` }, - { label: 'Protocol', value: `${it.clientRequestHTTPProtocol} (method ${it.clientRequestHTTPMethodName})` }, - { label: 'Domain', value: it.clientRequestHTTPHost }, - { label: 'Endpoint', value: it.clientRequestPath }, - { label: 'Query', value: it.clientRequestQuery }, - { label: 'Timestamp', value: it.datetime }, - { label: 'Ray ID', value: it.rayName }, - { label: 'Rule ID', value: it.ruleId }, - { label: 'UA', value: it.userAgent || 'Empty string' }, + { label: 'Action taken', value: action?.toUpperCase() }, + { label: 'ASN', value: `${clientAsn} (${clientASNDescription})` }, + { label: 'Protocol', value: `${clientRequestHTTPProtocol} (method ${clientRequestHTTPMethodName})` }, + { label: 'Domain', value: clientRequestHTTPHost }, + { label: 'Endpoint', value: clientRequestPath }, + { label: 'Query', value: clientRequestQuery }, + { label: 'Timestamp', value: datetime }, + { label: 'Ray ID', value: rayName }, + { label: 'Rule ID', value: ruleId }, + { label: 'UA', value: userAgent }, ]; const reportLines = fields - .filter(field => field.value) - .map(field => `${field.label}: ${field.value}`); + .filter(({ value }) => value) + .map(({ label, value }) => `${label}: ${value}`); - return `Triggered Cloudflare WAF (${it.source}) from ${it.clientCountryName}. + return `Triggered Cloudflare WAF (${source}) from ${clientCountryName}. ${reportLines.join('\n')} -Report generated by Cloudflare-WAF-To-AbuseIPDB https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB`; +Report generated by Cloudflare-WAF-To-AbuseIPDB: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB`; }; \ No newline at end of file