feat(worker): implement AbuseIPDB component

- Added AbuseIPDB API wrapper component
- Added unit and integration tests
- Registered component in registry

Closes #37

Signed-off-by: betterclever <[email protected]>

Author: betterclever

worker/src/components/index.ts

@@ -55,6 +55,7 @@ import './security/atlassian-offboarding';
 import './security/trufflehog';
 import './security/terminal-demo';
 import './security/virustotal';
+import './security/abusedb';
 
 // GitHub components
 import './github/connection-provider';

worker/src/components/security/__tests__/abusedb-integration.test.ts

@@ -0,0 +1,46 @@
+/**
+ * Optional integration test for AbuseIPDB component.
+ * Requires a valid AbuseIPDB API key.
+ * Enable by setting RUN_ABUSEDB_TESTS=1 and providing ABUSEIPDB_API_KEY.
+ */
+import { describe, expect, test, beforeEach } from 'bun:test';
+import { componentRegistry, createExecutionContext, type ExecutionContext } from '@shipsec/component-sdk';
+import type { definition } from '../abusedb';
+import '../../index'; // Ensure registry is populated
+
+const shouldRunIntegration =
+  process.env.RUN_ABUSEDB_TESTS === '1' && !!process.env.ABUSEIPDB_API_KEY;
+
+(shouldRunIntegration ? describe : describe.skip)('AbuseIPDB Integration', () => {
+    let context: ExecutionContext;
+
+    beforeEach(async () => {
+        context = createExecutionContext({
+            runId: 'test-run',
+            componentRef: 'abusedb-integration-test',
+        });
+    });
+
+    test('checks a known IP address', async () => {
+        const component = componentRegistry.get('security.abuseipdb.check');
+        expect(component).toBeDefined();
+        
+        // 127.0.0.1 is usually reserved/private so result might be specific, 
+        // but 1.1.1.1 is Cloudflare and should exist.
+        const ipToCheck = '1.1.1.1'; 
+        
+        const params = {
+            ipAddress: ipToCheck,
+            apiKey: process.env.ABUSEIPDB_API_KEY!,
+            maxAgeInDays: 90,
+            verbose: true
+        };
+
+        const result = await component!.execute(params, context);
+        const output = result as any;
+
+        expect(output.ipAddress).toBe(ipToCheck);
+        expect(typeof output.abuseConfidenceScore).toBe('number');
+        expect(output.full_report).toBeDefined();
+    });
+});

worker/src/components/security/__tests__/abusedb.test.ts

@@ -0,0 +1,125 @@
+import { describe, it, expect, beforeAll, afterEach, vi } from 'bun:test';
+import * as sdk from '@shipsec/component-sdk';
+import { componentRegistry } from '../../index';
+import { definition } from '../abusedb';
+
+describe('abusedb component', () => {
+  beforeAll(async () => {
+    // Ensure registry is populated
+    await import('../../index');
+  });
+
+  afterEach(() => {
+    vi.restoreAllMocks();
+  });
+
+  it('should be registered with correct metadata', () => {
+    const component = componentRegistry.get('security.abuseipdb.check');
+    expect(component).toBeDefined();
+    expect(component!.label).toBe('AbuseIPDB Check');
+    expect(component!.category).toBe('security');
+  });
+
+  it('should execute successfully with valid input', async () => {
+     const component = componentRegistry.get('security.abuseipdb.check');
+     if (!component) throw new Error('Component not registered');
+
+     const context = sdk.createExecutionContext({
+        runId: 'test-run',
+        componentRef: 'abusedb-test',
+     });
+
+     const params = {
+         ipAddress: '127.0.0.1',
+         apiKey: 'test-key',
+         maxAgeInDays: 90,
+         verbose: false
+     };
+
+     const mockResponse = {
+         data: {
+             ipAddress: '127.0.0.1',
+             isPublic: true,
+             ipVersion: 4,
+             isWhitelisted: false,
+             abuseConfidenceScore: 100,
+             countryCode: 'US',
+             usageType: 'Data Center',
+             isp: 'Test ISP',
+             domain: 'example.com',
+             totalReports: 10,
+             numDistinctUsers: 5,
+             lastReportedAt: '2023-01-01T00:00:00Z'
+         }
+     };
+
+     const fetchSpy = vi.spyOn(global, 'fetch').mockResolvedValue(new Response(JSON.stringify(mockResponse), {
+         status: 200,
+         headers: { 'Content-Type': 'application/json' }
+     }));
+
+     const result = await component.execute(params, context);
+
+     expect(fetchSpy).toHaveBeenCalled();
+     const callArgs = fetchSpy.mock.calls[0];
+     expect(callArgs[0]).toContain('https://api.abuseipdb.com/api/v2/check');
+     expect(callArgs[0]).toContain('ipAddress=127.0.0.1');
+     
+     // Type assertion or check specific fields
+     const output = result as any;
+     expect(output.ipAddress).toBe('127.0.0.1');
+     expect(output.abuseConfidenceScore).toBe(100);
+     expect(output.isp).toBe('Test ISP');
+     expect(output.full_report).toEqual(mockResponse);
+  });
+
+  it('should handle 404', async () => {
+      const component = componentRegistry.get('security.abuseipdb.check');
+      if (!component) throw new Error('Component not registered');
+ 
+      const context = sdk.createExecutionContext({
+         runId: 'test-run',
+         componentRef: 'abusedb-test',
+      });
+ 
+      const params = {
+          ipAddress: '0.0.0.0',
+          apiKey: 'test-key',
+          maxAgeInDays: 90,
+          verbose: false
+      };
+ 
+      vi.spyOn(global, 'fetch').mockResolvedValue(new Response(null, {
+          status: 404,
+      }));
+ 
+      const result = await component.execute(params, context);
+      const output = result as any;
+      expect(output.abuseConfidenceScore).toBe(0);
+      expect(output.full_report.error).toBe('Not Found');
+  });
+
+  it('should throw error on failure', async () => {
+    const component = componentRegistry.get('security.abuseipdb.check');
+    if (!component) throw new Error('Component not registered');
+
+    const context = sdk.createExecutionContext({
+       runId: 'test-run',
+       componentRef: 'abusedb-test',
+    });
+
+    const params = {
+        ipAddress: '1.1.1.1',
+        apiKey: 'test-key',
+        maxAgeInDays: 90,
+        verbose: false
+    };
+
+    vi.spyOn(global, 'fetch').mockResolvedValue(new Response('Unauthorized', {
+        status: 401,
+        statusText: 'Unauthorized'
+    }));
+
+    await expect(component.execute(params, context)).rejects.toThrow();
+  });
+});

worker/src/components/security/abusedb.ts

@@ -0,0 +1,180 @@
+import { z } from 'zod';
+import {
+  componentRegistry,
+  ComponentDefinition,
+  port,
+  ValidationError,
+  ConfigurationError,
+  fromHttpResponse,
+  ComponentRetryPolicy,
+} from '@shipsec/component-sdk';
+
+const inputSchema = z.object({
+  ipAddress: z.string().describe('The IPv4 or IPv6 address you want to check.'),
+  maxAgeInDays: z.number().default(90).describe('Max age in days for reports to be included (default: 90).'),
+  verbose: z.boolean().default(false).describe('Include verbose information.'),
+  apiKey: z.string().describe('Your AbuseIPDB API Key.'),
+});
+
+const outputSchema = z.object({
+  ipAddress: z.string().describe('The IP address that was checked.'),
+  isPublic: z.boolean().optional(),
+  ipVersion: z.number().optional(),
+  isWhitelisted: z.boolean().optional(),
+  abuseConfidenceScore: z.number().describe('The confidence score (0-100).'),
+  countryCode: z.string().optional(),
+  usageType: z.string().optional(),
+  isp: z.string().optional(),
+  domain: z.string().optional(),
+  hostnames: z.array(z.string()).optional(),
+  totalReports: z.number().optional(),
+  numDistinctUsers: z.number().optional(),
+  lastReportedAt: z.string().optional(),
+  reports: z.array(z.record(z.string(), z.any())).optional(),
+  full_report: z.record(z.string(), z.any()).describe('The full raw JSON response.'),
+});
+
+type Input = z.infer<typeof inputSchema>;
+type Output = z.infer<typeof outputSchema>;
+
+const abuseIPDBRetryPolicy: ComponentRetryPolicy = {
+  maxAttempts: 4,
+  initialIntervalSeconds: 2,
+  maximumIntervalSeconds: 120,
+  backoffCoefficient: 2.0,
+  nonRetryableErrorTypes: [
+    'AuthenticationError',
+    'ValidationError',
+    'ConfigurationError',
+  ],
+};
+
+const definition: ComponentDefinition<Input, Output> = {
+  id: 'security.abuseipdb.check',
+  label: 'AbuseIPDB Check',
+  category: 'security',
+  runner: { kind: 'inline' },
+  retryPolicy: abuseIPDBRetryPolicy,
+  inputSchema,
+  outputSchema,
+  docs: 'Check the reputation of an IP address using the AbuseIPDB API.',
+  metadata: {
+    slug: 'abuseipdb-check',
+    version: '1.0.0',
+    type: 'scan',
+    category: 'security',
+    description: 'Get threat intelligence reports for an IP from AbuseIPDB.',
+    icon: 'Shield',
+    author: { name: 'ShipSecAI', type: 'shipsecai' },
+    isLatest: true,
+    deprecated: false,
+    inputs: [
+      { id: 'ipAddress', label: 'IP Address', dataType: port.text(), required: true },
+      { id: 'apiKey', label: 'API Key', dataType: port.secret(), required: true },
+      { id: 'maxAgeInDays', label: 'Max Age (Days)', dataType: port.number(), required: false },
+      { id: 'verbose', label: 'Verbose', dataType: port.boolean(), required: false },
+    ],
+    outputs: [
+      { id: 'abuseConfidenceScore', label: 'Confidence Score', dataType: port.number() },
+      { id: 'isWhitelisted', label: 'Whitelisted', dataType: port.boolean() },
+      { id: 'countryCode', label: 'Country', dataType: port.text() },
+      { id: 'isp', label: 'ISP', dataType: port.text() },
+      { id: 'totalReports', label: 'Total Reports', dataType: port.number() },
+      { id: 'full_report', label: 'Full Report', dataType: port.json() },
+    ],
+  },
+  resolvePorts(params) {
+      return {
+          inputs: [
+              { id: 'ipAddress', label: 'IP Address', dataType: port.text(), required: true },
+              { id: 'apiKey', label: 'API Key', dataType: port.secret(), required: true },
+              { id: 'maxAgeInDays', label: 'Max Age (Days)', dataType: port.number(), required: false },
+              { id: 'verbose', label: 'Verbose', dataType: port.boolean(), required: false },
+          ],
+          outputs: [
+              { id: 'abuseConfidenceScore', label: 'Confidence Score', dataType: port.number() },
+              { id: 'isWhitelisted', label: 'Whitelisted', dataType: port.boolean() },
+              { id: 'countryCode', label: 'Country', dataType: port.text() },
+              { id: 'isp', label: 'ISP', dataType: port.text() },
+              { id: 'totalReports', label: 'Total Reports', dataType: port.number() },
+              { id: 'full_report', label: 'Full Report', dataType: port.json() },
+          ]
+      };
+  },
+  async execute(params, context) {
+    const { ipAddress, apiKey, maxAgeInDays, verbose } = params;
+
+    if (!ipAddress) {
+      throw new ValidationError('IP Address is required', {
+        fieldErrors: { ipAddress: ['IP Address is required'] },
+      });
+    }
+    if (!apiKey) {
+      throw new ConfigurationError('AbuseIPDB API Key is required', {
+        configKey: 'apiKey',
+      });
+    }
+
+    const endpoint = 'https://api.abuseipdb.com/api/v2/check';
+    const queryParams = new URLSearchParams({
+      ipAddress,
+      maxAgeInDays: String(maxAgeInDays),
+    });
+    if (verbose) {
+      queryParams.append('verbose', 'true');
+    }
+
+    const url = `${endpoint}?${queryParams.toString()}`;
+
+    context.logger.info(`[AbuseIPDB] Checking IP: ${ipAddress}`);
+
+    const response = await fetch(url, {
+      method: 'GET',
+      headers: {
+        'Key': apiKey,
+        'Accept': 'application/json'
+      }
+    });
+
+    if (response.status === 404) {
+      context.logger.warn(`[AbuseIPDB] IP not found: ${ipAddress}`);
+       return {
+        ipAddress,
+        abuseConfidenceScore: 0,
+        full_report: { error: 'Not Found' }
+      };
+    }
+
+    if (!response.ok) {
+       const text = await response.text();
+       throw fromHttpResponse(response, text);
+    }
+
+    const data = await response.json() as any;
+    const info = data.data || {};
+
+    context.logger.info(`[AbuseIPDB] Score for ${ipAddress}: ${info.abuseConfidenceScore}`);
+
+    return {
+      ipAddress: info.ipAddress,
+      isPublic: info.isPublic,
+      ipVersion: info.ipVersion,
+      isWhitelisted: info.isWhitelisted,
+      abuseConfidenceScore: info.abuseConfidenceScore,
+      countryCode: info.countryCode,
+      usageType: info.usageType,
+      isp: info.isp,
+      domain: info.domain,
+      hostnames: info.hostnames,
+      totalReports: info.totalReports,
+      numDistinctUsers: info.numDistinctUsers,
+      lastReportedAt: info.lastReportedAt,
+      reports: info.reports, // Only present if verbose is true
+      full_report: data,
+    };
+  },
+};
+
+componentRegistry.register(definition);
+
+export { definition };