ENH: explicitly define tags which should be escaped

fail2ban/server/action.py

@@ -194,6 +194,8 @@ class CommandAction(ActionBase):
 	timeout
 	"""
 
+	_escapedTags = set(('matches', 'ipmatches', 'ipjailmatches'))
+
 	def __init__(self, jail, name):
 		super(CommandAction, self).__init__(jail, name)
 		self.timeout = 60
@@ -351,8 +353,8 @@ class CommandAction(ActionBase):
 		if not self.executeCmd(stopCmd, self.timeout):
 			raise RuntimeError("Error stopping action")
 
-	@staticmethod
+	@classmethod
-	def substituteRecursiveTags(tags):
+	def substituteRecursiveTags(cls, tags):
 		"""Sort out tag definitions within other tags.
 
 		so:		becomes:
@@ -372,8 +374,8 @@ class CommandAction(ActionBase):
 		"""
 		t = re.compile(r'<([^ >]+)>')
 		for tag in tags.iterkeys():
-			if tag.endswith('matches'):
+			if tag in cls._escapedTags:
-				# Escapped so won't match
+				# Escaped so won't match
 				continue
 			value = str(tags[tag])
 			m = t.search(value)
@@ -386,8 +388,8 @@ class CommandAction(ActionBase):
 					# recursive definitions are bad
 					#logSys.log(5, 'recursion fail tag: %s value: %s' % (tag, value) )
 					return False
-				elif found_tag.endswith('matches'):
+				elif found_tag in cls._escapedTags:
-					# Escapped so won't match
+					# Escaped so won't match
 					continue
 				else:
 					if tags.has_key(found_tag):
@@ -451,7 +453,7 @@ class CommandAction(ActionBase):
 		for tag in aInfo:
 			if "<%s>" % tag in query:
 				value = str(aInfo[tag])			  # assure string
-				if tag.endswith('matches'):
+				if tag in cls._escapedTags:
 					# That one needs to be escaped since its content is
 					# out of our control
 					value = cls.escapeTag(value)