ENH: explicitly define tags which should be escaped

2014-05-11 14:49:49 +01:00 · 2014-05-11 14:49:49 +01:00 · 1e586fb0e9
parent 904b362215
commit 1e586fb0e9
1 changed files with 9 additions and 7 deletions
--- a/fail2ban/server/action.py
+++ b/fail2ban/server/action.py
@ -194,6 +194,8 @@ class CommandAction(ActionBase):
 	timeout
 	"""

+	_escapedTags = set(('matches', 'ipmatches', 'ipjailmatches'))
+
 	def __init__(self, jail, name):
 		super(CommandAction, self).__init__(jail, name)
 		self.timeout = 60
@ -351,8 +353,8 @@ class CommandAction(ActionBase):
 		if not self.executeCmd(stopCmd, self.timeout):
 			raise RuntimeError("Error stopping action")

-	@staticmethod
-	def substituteRecursiveTags(tags):
+	@classmethod
+	def substituteRecursiveTags(cls, tags):
 		"""Sort out tag definitions within other tags.

 		so:		becomes:
@ -372,8 +374,8 @@ class CommandAction(ActionBase):
 		"""
 		t = re.compile(r'<([^ >]+)>')
 		for tag in tags.iterkeys():
-			if tag.endswith('matches'):
-				# Escapped so won't match
+			if tag in cls._escapedTags:
+				# Escaped so won't match
 				continue
 			value = str(tags[tag])
 			m = t.search(value)
@ -386,8 +388,8 @@ class CommandAction(ActionBase):
 					# recursive definitions are bad
 					#logSys.log(5, 'recursion fail tag: %s value: %s' % (tag, value) )
 					return False
-				elif found_tag.endswith('matches'):
-					# Escapped so won't match
+				elif found_tag in cls._escapedTags:
+					# Escaped so won't match
 					continue
 				else:
 					if tags.has_key(found_tag):
@ -451,7 +453,7 @@ class CommandAction(ActionBase):
 		for tag in aInfo:
 			if "<%s>" % tag in query:
 				value = str(aInfo[tag])			  # assure string
-				if tag.endswith('matches'):
+				if tag in cls._escapedTags:
 					# That one needs to be escaped since its content is
 					# out of our control
 					value = cls.escapeTag(value)