From 1e586fb0e94248cd0185e2df9a33dbbef9734299 Mon Sep 17 00:00:00 2001 From: Steven Hiscocks Date: Sun, 11 May 2014 14:49:49 +0100 Subject: [PATCH] ENH: explicitly define tags which should be escaped --- fail2ban/server/action.py | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py index 736386b1..fefe2c2c 100644 --- a/fail2ban/server/action.py +++ b/fail2ban/server/action.py @@ -194,6 +194,8 @@ class CommandAction(ActionBase): timeout """ + _escapedTags = set(('matches', 'ipmatches', 'ipjailmatches')) + def __init__(self, jail, name): super(CommandAction, self).__init__(jail, name) self.timeout = 60 @@ -351,8 +353,8 @@ class CommandAction(ActionBase): if not self.executeCmd(stopCmd, self.timeout): raise RuntimeError("Error stopping action") - @staticmethod - def substituteRecursiveTags(tags): + @classmethod + def substituteRecursiveTags(cls, tags): """Sort out tag definitions within other tags. so: becomes: @@ -372,8 +374,8 @@ class CommandAction(ActionBase): """ t = re.compile(r'<([^ >]+)>') for tag in tags.iterkeys(): - if tag.endswith('matches'): - # Escapped so won't match + if tag in cls._escapedTags: + # Escaped so won't match continue value = str(tags[tag]) m = t.search(value) @@ -386,8 +388,8 @@ class CommandAction(ActionBase): # recursive definitions are bad #logSys.log(5, 'recursion fail tag: %s value: %s' % (tag, value) ) return False - elif found_tag.endswith('matches'): - # Escapped so won't match + elif found_tag in cls._escapedTags: + # Escaped so won't match continue else: if tags.has_key(found_tag): @@ -451,7 +453,7 @@ class CommandAction(ActionBase): for tag in aInfo: if "<%s>" % tag in query: value = str(aInfo[tag]) # assure string - if tag.endswith('matches'): + if tag in cls._escapedTags: # That one needs to be escaped since its content is # out of our control value = cls.escapeTag(value)