github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Always supply jail name as name parameter (if not specified explicit in the action parameters `action[name=...]`). 

Avoid usage of the same chains (etc.) if someone use `action` instead of `banaction` jail parameter.
pull/1867/head
sebres 2017-08-16 13:14:42 +02:00
parent e5169d8f84
commit 08646bc339
2 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
fail2ban/client/actionreader.py
View File

@ -54,6 +54,9 @@ class ActionReader(DefinitionInitConfigReader):
if actname is None: if actname is None:
actname = file_ actname = file_
initOpts["actname"] = actname initOpts["actname"] = actname
# always supply jail name as name parameter if not specified in options:
if initOpts.get("name") is None:
initOpts["name"] = jailName
self._name = actname self._name = actname
DefinitionInitConfigReader.__init__( DefinitionInitConfigReader.__init__(
self, file_, jailName, initOpts, **kwargs) self, file_, jailName, initOpts, **kwargs)

15
fail2ban/tests/clientreadertestcase.py
View File

@ -33,7 +33,7 @@ from ..client import configparserinc
from ..client.jailreader import JailReader from ..client.jailreader import JailReader
from ..client.filterreader import FilterReader from ..client.filterreader import FilterReader
from ..client.jailsreader import JailsReader from ..client.jailsreader import JailsReader
from ..client.actionreader import ActionReader from ..client.actionreader import ActionReader, CommandAction
from ..client.configurator import Configurator from ..client.configurator import Configurator
from ..server.mytime import MyTime from ..server.mytime import MyTime
from ..version import version from ..version import version
@ -571,7 +571,8 @@ class JailsReaderTest(LogCaptureTestCase):
['set', 'brokenaction', 'addaction', 'brokenaction'], ['set', 'brokenaction', 'addaction', 'brokenaction'],
['multi-set', 'brokenaction', 'action', 'brokenaction', [ ['multi-set', 'brokenaction', 'action', 'brokenaction', [
['actionban', 'hit with big stick <ip>'], ['actionban', 'hit with big stick <ip>'],
['actname', 'brokenaction'] ['actname', 'brokenaction'],
['name', 'brokenaction']
]], ]],
['add', 'parse_to_end_of_jail.conf', 'auto'], ['add', 'parse_to_end_of_jail.conf', 'auto'],
['set', 'parse_to_end_of_jail.conf', 'addfailregex', '<IP>'], ['set', 'parse_to_end_of_jail.conf', 'addfailregex', '<IP>'],
@ -612,6 +613,16 @@ class JailsReaderTest(LogCaptureTestCase):
# all must have some actionban defined # all must have some actionban defined
self.assertTrue(actionReader._opts.get('actionban', '').strip(), self.assertTrue(actionReader._opts.get('actionban', '').strip(),
msg="Action file %r is lacking actionban" % actionConfig) msg="Action file %r is lacking actionban" % actionConfig)
# test name of jail is set in options (also if not supplied within parameters):
opts = actionReader.getCombined(
ignore=CommandAction._escapedTags | set(('timeout', 'bantime')))
self.assertEqual(opts.get('name'), 'TEST',
msg="Action file %r does not contains jail-name 'f2b-TEST'" % actionConfig)
# and the name is substituted (test several actions surely contains name-interpolation):
if actionName in ('pf', 'iptables-allports', 'iptables-multiport'):
#print('****', actionName, opts.get('actionstart', ''))
self.assertIn('f2b-TEST', opts.get('actionstart', ''),
msg="Action file %r: interpolation of actionstart does not contains jail-name 'f2b-TEST'" % actionConfig)
self.assertIn('Init', actionReader.sections(), self.assertIn('Init', actionReader.sections(),
msg="Action file %r is lacking [Init] section" % actionConfig) msg="Action file %r is lacking [Init] section" % actionConfig)