github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

amend to b6bb2f88c1dbb111647269590d80d95f72c81c3e: datepattern right word boundary - prevents confusions if end of date-pattern (e.g. optional year part) misleadingly match not date values (see gh-1507) 

test cases extended to check ambiguous "unbound" patterns in log lines (match/miss resp. positive/negative cases)
pull/1512/head
sebres 2016-08-15 15:31:28 +02:00
parent c49fe12f70
commit 7f55be3fad
2 changed files with 34 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
fail2ban/server/datetemplate.py
View File

@ -64,7 +64,7 @@ class DateTemplate(object):
def getRegex(self): def getRegex(self):
return self._regex return self._regex
def setRegex(self, regex, wordBegin=True): def setRegex(self, regex, wordBegin=True, wordEnd=True):
"""Sets regex to use for searching for date in log line. """Sets regex to use for searching for date in log line.
Parameters Parameters
@ -82,8 +82,10 @@ class DateTemplate(object):
If regular expression fails to compile If regular expression fails to compile
""" """
regex = regex.strip() regex = regex.strip()
if (wordBegin and not re.search(r'^\^', regex)): if wordBegin and not re.search(r'^\^', regex):
regex = r'\b' + regex regex = r'(?=^|\b|\W)' + regex
if wordEnd and not re.search(r'\$$', regex):
regex += r'(?=\b|\W|$)'
self._regex = regex self._regex = regex
self._cRegex = re.compile(regex, re.UNICODE | re.IGNORECASE) self._cRegex = re.compile(regex, re.UNICODE | re.IGNORECASE)

30
fail2ban/tests/fail2banregextestcase.py
View File

@ -187,4 +187,32 @@ class Fail2banRegexTest(LogCaptureTestCase):
self.assertLogged('https://') self.assertLogged('https://')
def testAmbiguousDatePattern(self):
for (matched, args) in (
# positive case:
(1, ('Test failure Jan 23 21:59:59 for 192.0.2.1', r'for <HOST>$')),
# ambiguous "unbound" patterns (missed):
(0, ('Test failure TestJan 23 21:59:59.011 2015 for 192.0.2.1', r'for <HOST>$')),
(0, ('Test failure Jan 23 21:59:59123456789 for 192.0.2.1', r'for <HOST>$')),
# ambiguous "no optional year" patterns (matched):
(1, ('Aug 8 11:25:50 14430f2329b8 Authentication failed from 192.0.2.1', r'from <HOST>$')),
(1, ('[Aug 8 11:25:50] 14430f2329b8 Authentication failed from 192.0.2.1', r'from <HOST>$')),
# direct specified patterns:
(1, ('-d', r'%H:%M:%S %d.%m.%Y$', '192.0.2.1 at 20:00:00 01.02.2003', '^<HOST>')),
(1, ('-d', r'\[%H:%M:%S %d.%m.%Y\]', '192.0.2.1[20:00:00 01.02.2003]', '^<HOST>$')),
(1, ('-d', r'\[%H:%M:%S %d.%m.%Y\]$', '192.0.2.1[20:00:00 01.02.2003]', '^<HOST>$')),
(1, ('-d', r'^\[%H:%M:%S %d.%m.%Y\]', '[20:00:00 01.02.2003]192.0.2.1', '^<HOST>$')),
(1, ('-d', r'^\[%d/%b/%Y %H:%M:%S\]', '[17/Jun/2011 17:00:45] Attempt, IP address 192.0.2.1', r'^ Attempt, IP address <HOST>$')),
):
logSys.debug('== test: %r', args)
(opts, args, fail2banRegex) = _Fail2banRegex(*args)
self.assertTrue(fail2banRegex.start(opts, args))
matchedLog = 'Lines: 1 lines, 0 ignored, 1 matched, 0 missed'
missedLog = 'Lines: 1 lines, 0 ignored, 0 matched, 1 missed'
if matched:
self.assertLogged(matchedLog)
self.assertNotLogged(missedLog)
else:
self.assertNotLogged(matchedLog)
self.assertLogged(missedLog)
self.pruneLog()