From a4c38439df0b882e6b7333b00f3690966862557f Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Tue, 31 Dec 2013 19:01:21 +1100 Subject: [PATCH] ENH: add substition tags to filter definitions. Closes gh-539 --- MANIFEST | 1 + fail2ban/client/filterreader.py | 11 ++++++-- fail2ban/tests/clientreadertestcase.py | 28 +++++++++++++++++++ fail2ban/tests/files/filter.d/substition.conf | 8 ++++++ 4 files changed, 45 insertions(+), 3 deletions(-) create mode 100644 fail2ban/tests/files/filter.d/substition.conf diff --git a/MANIFEST b/MANIFEST index 0b339b89..b03d309f 100644 --- a/MANIFEST +++ b/MANIFEST @@ -80,6 +80,7 @@ fail2ban/tests/files/config/apache-auth/README fail2ban/tests/files/config/apache-auth/noentry/.htaccess fail2ban/tests/files/database_v1.db fail2ban/tests/files/ignorecommand.py +fail2ban/tests/files/filter.d/substition.conf fail2ban/tests/files/filter.d/testcase-common.conf fail2ban/tests/files/filter.d/testcase01.conf fail2ban/tests/files/testcase01.log diff --git a/fail2ban/client/filterreader.py b/fail2ban/client/filterreader.py index d8a6dbe8..8ea854b6 100644 --- a/fail2ban/client/filterreader.py +++ b/fail2ban/client/filterreader.py @@ -26,6 +26,7 @@ __license__ = "GPL" import logging, os, shlex from configreader import ConfigReader, DefinitionInitConfigReader +from fail2ban.server.action import Action # Gets the instance of the logger. logSys = logging.getLogger(__name__) @@ -42,14 +43,18 @@ class FilterReader(DefinitionInitConfigReader): def convert(self): stream = list() - for opt in self._opts: + combinedopts = dict(list(self._opts.items()) + list(self._initOpts.items())) + opts = Action.substituteRecursiveTags(combinedopts) + if not opts: + raise ValueError('recursive tag definitions unable to be resolved') + for opt, value in opts.iteritems(): if opt == "failregex": - for regex in self._opts[opt].split('\n'): + for regex in value.split('\n'): # Do not send a command if the rule is empty. if regex != '': stream.append(["set", self._jailName, "addfailregex", regex]) elif opt == "ignoreregex": - for regex in self._opts[opt].split('\n'): + for regex in value.split('\n'): # Do not send a command if the rule is empty. if regex != '': stream.append(["set", self._jailName, "addignoreregex", regex]) diff --git a/fail2ban/tests/clientreadertestcase.py b/fail2ban/tests/clientreadertestcase.py index 647b9f86..23b5a4e0 100644 --- a/fail2ban/tests/clientreadertestcase.py +++ b/fail2ban/tests/clientreadertestcase.py @@ -308,6 +308,34 @@ class FilterReaderTest(unittest.TestCase): output[-1][-1] = "5" self.assertEqual(sorted(filterReader.convert()), sorted(output)) + + def testFilterReaderSubstitionDefault(self): + output = [['set', 'jailname', 'addfailregex', 'to=sweet@example.com fromip=']] + filterReader = FilterReader('substition', "jailname", {}) + filterReader.setBaseDir(TEST_FILES_DIR) + filterReader.read() + filterReader.getOptions(None) + c = filterReader.convert() + self.assertEqual(sorted(c), sorted(output)) + + def testFilterReaderSubstitionSet(self): + output = [['set', 'jailname', 'addfailregex', 'to=sour@example.com fromip=']] + filterReader = FilterReader('substition', "jailname", {'honeypot': 'sour@example.com'}) + filterReader.setBaseDir(TEST_FILES_DIR) + filterReader.read() + filterReader.getOptions(None) + c = filterReader.convert() + self.assertEqual(sorted(c), sorted(output)) + + def testFilterReaderSubstitionFail(self): + output = [['set', 'jailname', 'addfailregex', 'to=sour@example.com fromip=']] + filterReader = FilterReader('substition', "jailname", {'honeypot': '', 'sweet': ''}) + filterReader.setBaseDir(TEST_FILES_DIR) + filterReader.read() + filterReader.getOptions(None) + self.assertRaises(ValueError, FilterReader.convert, filterReader) + + class JailsReaderTest(LogCaptureTestCase): def testProvidingBadBasedir(self): diff --git a/fail2ban/tests/files/filter.d/substition.conf b/fail2ban/tests/files/filter.d/substition.conf new file mode 100644 index 00000000..aaf62eae --- /dev/null +++ b/fail2ban/tests/files/filter.d/substition.conf @@ -0,0 +1,8 @@ + +[Definition] + +failregex = to= fromip= + +[Init] + +honeypot = sweet@example.com