ENH: add substition tags to filter definitions. Closes gh-539

2013-12-31 19:01:21 +11:00 · 2013-12-31 19:01:21 +11:00 · a4c38439df
parent e4a215ca50
commit a4c38439df
4 changed files with 45 additions and 3 deletions
--- a/1
+++ b/1
@ -80,6 +80,7 @@ fail2ban/tests/files/config/apache-auth/README
 fail2ban/tests/files/config/apache-auth/noentry/.htaccess
 fail2ban/tests/files/database_v1.db
 fail2ban/tests/files/ignorecommand.py
+fail2ban/tests/files/filter.d/substition.conf
 fail2ban/tests/files/filter.d/testcase-common.conf
 fail2ban/tests/files/filter.d/testcase01.conf
 fail2ban/tests/files/testcase01.log
--- a/fail2ban/client/filterreader.py
+++ b/fail2ban/client/filterreader.py
@ -26,6 +26,7 @@ __license__ = "GPL"

 import logging, os, shlex
 from configreader import ConfigReader, DefinitionInitConfigReader
+from fail2ban.server.action import Action

 # Gets the instance of the logger.
 logSys = logging.getLogger(__name__)
@ -42,14 +43,18 @@ class FilterReader(DefinitionInitConfigReader):
 	
 	def convert(self):
 		stream = list()
-		for opt in self._opts:
+		combinedopts = dict(list(self._opts.items()) + list(self._initOpts.items()))
+		opts = Action.substituteRecursiveTags(combinedopts)
+		if not opts:
+			raise ValueError('recursive tag definitions unable to be resolved')
+		for opt, value in opts.iteritems():
 			if opt == "failregex":
-				for regex in self._opts[opt].split('\n'):
+				for regex in value.split('\n'):
 					# Do not send a command if the rule is empty.
 					if regex != '':
 						stream.append(["set", self._jailName, "addfailregex", regex])
 			elif opt == "ignoreregex":
-				for regex in self._opts[opt].split('\n'):
+				for regex in value.split('\n'):
 					# Do not send a command if the rule is empty.
 					if regex != '':
 						stream.append(["set", self._jailName, "addignoreregex", regex])		
--- a/fail2ban/tests/clientreadertestcase.py
+++ b/fail2ban/tests/clientreadertestcase.py
@ -308,6 +308,34 @@ class FilterReaderTest(unittest.TestCase):
 		output[-1][-1] = "5"
 		self.assertEqual(sorted(filterReader.convert()), sorted(output))

+
+	def testFilterReaderSubstitionDefault(self):
+		output = [['set', 'jailname', 'addfailregex', 'to=sweet@example.com fromip=<IP>']]
+		filterReader = FilterReader('substition', "jailname", {})
+		filterReader.setBaseDir(TEST_FILES_DIR)
+		filterReader.read()
+		filterReader.getOptions(None)
+		c = filterReader.convert()
+		self.assertEqual(sorted(c), sorted(output))
+
+	def testFilterReaderSubstitionSet(self):
+		output = [['set', 'jailname', 'addfailregex', 'to=sour@example.com fromip=<IP>']]
+		filterReader = FilterReader('substition', "jailname", {'honeypot': 'sour@example.com'})
+		filterReader.setBaseDir(TEST_FILES_DIR)
+		filterReader.read()
+		filterReader.getOptions(None)
+		c = filterReader.convert()
+		self.assertEqual(sorted(c), sorted(output))
+
+	def testFilterReaderSubstitionFail(self):
+		output = [['set', 'jailname', 'addfailregex', 'to=sour@example.com fromip=<IP>']]
+		filterReader = FilterReader('substition', "jailname", {'honeypot': '<sweet>', 'sweet': '<honeypot>'})
+		filterReader.setBaseDir(TEST_FILES_DIR)
+		filterReader.read()
+		filterReader.getOptions(None)
+		self.assertRaises(ValueError, FilterReader.convert, filterReader)
+
+
 class JailsReaderTest(LogCaptureTestCase):

 	def testProvidingBadBasedir(self):
--- a/fail2ban/tests/files/filter.d/substition.conf
+++ b/fail2ban/tests/files/filter.d/substition.conf
@ -0,0 +1,8 @@
+
+[Definition]
+
+failregex = to=<honeypot> fromip=<IP>
+
+[Init]
+
+honeypot = sweet@example.com