Merge pull request #8 from polarityio/develop

INT-973 and INT-920: Reduce summary tags and prevent RFC1918 lookups
polarityio · Jun 13, 2023 · 0bfd61c · 0bfd61c
2 parents b9cc1a8 + 6dfd450
commit 0bfd61c
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 21 deletions.
diff --git a/config/config.js b/config/config.js
@@ -24,7 +24,7 @@ module.exports = {
    */
   description:
     'AbuseIPDB is a project dedicated to helping combat the spread of hackers, spammers, and abusive activity on the internet.',
-  entityTypes: ['ipv4', 'ipv6'],
+  entityTypes: ['IPv4', 'IPv6'],
   defaultColor: "light-gray",
   /**
    * An array of style files (css or less) er will be included for your integration. Any styles specified in
@@ -118,8 +118,8 @@ module.exports = {
     {
       key: 'baselineInvestigationThreshold',
       name: 'Baseline Investigation Threshold',
-      description: 'Minimum Abuse Confidence Score for an IP to be (0-100) for an "investigation threshold met" icon to be displayed in the summary tag.  Setting this value to -1 turns off the threshold. Defaults to 100.',
-      default: 100,
+      description: 'Minimum Abuse Confidence Score for an IP to be (0-100) for an "investigation threshold met" icon to be displayed in the summary tag.  Setting this value to -1 turns off the threshold. Defaults to 75.',
+      default: 75,
       type: 'number',
       userCanEdit: false,
       adminOnly: true

diff --git a/config/config.json b/config/config.json
@@ -69,8 +69,8 @@
     {
       "key": "baselineInvestigationThreshold",
       "name": "Baseline Investigation Threshold",
-      "description": "Minimum Abuse Confidence Score for an IP to be (0-100) for an \"investigation threshold met\" icon to be displayed in the summary tag.  Setting this value to -1 turns off the threshold. Defaults to 100.",
-      "default": 100,
+      "description": "Minimum Abuse Confidence Score for an IP to be (0-100) for an \"investigation threshold met\" icon to be displayed in the summary tag.  Setting this value to -1 turns off the threshold. Defaults to 75.",
+      "default": 75,
       "type": "number",
       "userCanEdit": false,
       "adminOnly": true

diff --git a/integration.js b/integration.js
@@ -9,7 +9,6 @@ const { version: packageVersion } = require('./package.json');
 let Logger;
 let requestDefault;
 
-const MAX_CATEGORY_SUMMARY_TAGS = 3;
 const USER_AGENT = `abuseipdb-polarity-integration-v${packageVersion}`;
 
 // Categories are returned by the API as Integer IDs.  We map those IDs to human readable strings here
@@ -53,7 +52,7 @@ function doLookup(entities, options, cb) {
   Logger.trace({ entities: entities }, 'entities');
 
   entities.forEach((entity) => {
-    if (entity.value) {
+    if ((entity.isIPv4 && isValidIpv4(entity)) || entity.isIPv6) {
       const requestOptions = {
         method: 'GET',
         uri: 'https://api.abuseipdb.com/api/v2/check',
@@ -129,7 +128,7 @@ function doLookup(entities, options, cb) {
         });
       } else {
         const categories = _getUniqueCategories(result.body.data);
-        const summary = _generateTags(result.body.data, categories, options);
+        const summary = _generateTags(result.body.data, options);
         const data = result.body.data;
         // the reports property is used to generate the categories but is not needed in the overlay window
         // Given how large it is we remove it before sending back the data.
@@ -216,7 +215,7 @@ function _getUniqueCategories(result) {
   return sortedCategories;
 }
 
-function _generateTags(result, categories, options) {
+function _generateTags(result, options) {
   let tags = [];
 
   if (typeof result.abuseConfidenceScore !== 'undefined') {
@@ -226,10 +225,10 @@ function _generateTags(result, categories, options) {
     ) {
       tags.push({
         type: 'danger',
-        text: `Confidence of Abuse: ${result.abuseConfidenceScore}%`
+        text: `Abuse Confidence Score: ${result.abuseConfidenceScore}%`
       });
     } else {
-      tags.push(`Confidence of Abuse: ${result.abuseConfidenceScore}%`);
+      tags.push(`Abuse Confidence Score: ${result.abuseConfidenceScore}%`);
     }
   }
   if (result.isWhitelisted === true) {
@@ -240,22 +239,31 @@ function _generateTags(result, categories, options) {
   }
   if (typeof result.totalReports !== 'undefined' && typeof result.numDistinctUsers !== 'undefined') {
     if (result.totalReports > 0) {
-      tags.push(`${result.totalReports} reports from ${result.numDistinctUsers} distinct users`);
+      tags.push(`${result.totalReports} reports from ${result.numDistinctUsers} users`);
     } else {
       tags.push('No reports');
     }
   }
 
-  for (let i = 0; i < categories.length && i < MAX_CATEGORY_SUMMARY_TAGS; i++) {
-    tags.push(categories[i].name);
-  }
-
-  if (categories.length > MAX_CATEGORY_SUMMARY_TAGS) {
-    tags.push(`+${categories.length - MAX_CATEGORY_SUMMARY_TAGS} more categories`);
-  }
   return tags;
 }
 
+const isLoopBackIp = (entity) => {
+  return entity.startsWith('127');
+};
+
+const isLinkLocalAddress = (entity) => {
+  return entity.startsWith('169');
+};
+
+const isPrivateIP = (entity) => {
+  return entity.isPrivateIP === true;
+};
+
+const isValidIpv4 = (entity) => {
+  return !(isLoopBackIp(entity.value) || isLinkLocalAddress(entity.value) || isPrivateIP(entity));
+};
+
 function _isMiss(body) {
   if (body && Array.isArray(body) && body.length === 0) {
     return true;

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "AbuseIPDB",
-  "version": "3.3.2",
+  "version": "3.3.3",
   "main": "./integration.js",
   "private": true,
   "dependencies": {