fixes mistaken usage of ignoreregex from filter, if ignoreregex is supplied with command line;

also avoid after-effect with "IndexError: list index out of range" from onIgnoreRegex (the lists of REs are different in filter and fail2banregex); closes gh-3895
2024-12-11 21:55:20 +01:00 · 2024-12-11 21:55:20 +01:00 · 4151eeccfe
parent 91c27d0600
commit 4151eeccfe
3 changed files with 21 additions and 8 deletions
--- a/fail2ban/client/fail2banregex.py
+++ b/fail2ban/client/fail2banregex.py
@ -118,12 +118,11 @@ LOG:

 REGEX:
  string                a string representing a 'failregex'
-  filter                name of filter, optionally with options (sshd[mode=aggressive])
+  filter                name of jail or filter, optionally with options (sshd[mode=aggressive])
  filename              path to a filter file (filter.d/sshd.conf)

 IGNOREREGEX:
  string                a string representing an 'ignoreregex'
-  filename              path to a filter file (filter.d/sshd.conf)
 \n""" + OptionParser.format_help(self, *args, **kwargs) + """\n
 Report bugs to https://github.com/fail2ban/fail2ban/issues\n
 """ + __copyright__ + "\n"
@ -370,6 +369,9 @@ class Fail2banRegex(object):
 					output("       while parsing: %s" % (value,))
 					if self._verbose: raise(e)
 					return False
+		elif self._ignoreregex:
+			# clear ignoreregex that could be previously loaded from filter:
+			self._filter.delIgnoreRegex()
 		
 		readercommands = None
 		# if it is jail:
@ -432,8 +434,8 @@ class Fail2banRegex(object):
 			# to stream:
 			readercommands = reader.convert()

+		regex_values = {}
 		if readercommands:
-			regex_values = {}
 			for opt in readercommands:
 				if opt[0] == 'multi-set':
 					optval = opt[3]
@ -473,7 +475,7 @@ class Fail2banRegex(object):

 		else:
 			self.output( "Use %11s line : %s" % (regex, shortstr(value)) )
-			regex_values = {regextype: [RegexStat(value)]}
+			regex_values[regextype] = [RegexStat(value)]

 		for regextype, regex_values in regex_values.items():
 			regex = regextype + 'regex'
--- a/fail2ban/tests/fail2banregextestcase.py
+++ b/fail2ban/tests/fail2banregextestcase.py
@ -316,6 +316,20 @@ class Fail2banRegexTest(LogCaptureTestCase):
 		"-l", "notice", # put down log-level, because of too many debug-messages
 			FILENAME_ZZZ_GEN, FILTER_ZZZ_GEN+"[mode=test]"
 		))
+		self.assertLogged("Ignoreregex: 2 total",
+			"Lines: 23 lines, 2 ignored, 16 matched, 5 missed", all=True)
+		# cover filter ignoreregex gets overwritten by command argument:
+		self.pruneLog("[test-phase 2]")
+		self.assertTrue(_test_exec(
+		"-l", "notice", # put down log-level, because of too many debug-messages
+			"[Jun 21 16:56:03] machine test-demo(pam_unix)[13709] F2B: error from 192.0.2.251\n"
+			"[Jun 21 16:56:04] machine test-demo(pam_unix)[13709] F2B: error from 192.0.2.252\n"
+			"[Jun 21 16:56:05] machine test-demo(pam_unix)[13709] F2B: error from 192.0.2.255\n",
+			FILTER_ZZZ_GEN+"[mode=test]",
+			"F2B: error from 192.0.2.255$"
+		))
+		self.assertLogged("Use ignoreregex line", "Ignoreregex: 1 total",
+			"Lines: 3 lines, 1 ignored, 2 matched, 0 missed", all=True)

 	def testDirectMultilineBuf(self):
 		# test it with some pre-lines also to cover correct buffer scrolling (all multi-lines printed):
--- a/man/fail2ban-regex.1
+++ b/man/fail2ban-regex.1
@ -28,7 +28,7 @@ string
 a string representing a 'failregex'
 .TP
 filter
-name of filter, optionally with options (sshd[mode=aggressive])
+name of jail or filter, optionally with options (sshd[mode=aggressive])
 .TP
 filename
 path to a filter file (filter.d/sshd.conf)
@ -36,9 +36,6 @@ path to a filter file (filter.d/sshd.conf)
 .TP
 string
 a string representing an 'ignoreregex'
-.TP
-filename
-path to a filter file (filter.d/sshd.conf)
 .SH OPTIONS
 .TP
 \fB\-\-version\fR