ENH: add substition tags to filter definitions. Closes gh-539

2013-12-31 19:01:21 +11:00 · 2013-12-31 19:01:21 +11:00 · a4c38439df
parent e4a215ca50
commit a4c38439df
4 changed files with 45 additions and 3 deletions
--- a/1
+++ b/1
@ -80,6 +80,7 @@ fail2ban/tests/files/config/apache-auth/README
 fail2ban/tests/files/config/apache-auth/noentry/.htaccess
 fail2ban/tests/files/database_v1.db
 fail2ban/tests/files/ignorecommand.py
 fail2ban/tests/files/filter.d/substition.conf
 fail2ban/tests/files/filter.d/testcase-common.conf
 fail2ban/tests/files/filter.d/testcase01.conf
 fail2ban/tests/files/testcase01.log
--- a/fail2ban/client/filterreader.py
+++ b/fail2ban/client/filterreader.py
@ -26,6 +26,7 @@ __license__ = "GPL"
 import logging, os, shlex
 from configreader import ConfigReader, DefinitionInitConfigReader
 from fail2ban.server.action import Action
 # Gets the instance of the logger.
 logSys = logging.getLogger(__name__)
@ -42,14 +43,18 @@ class FilterReader(DefinitionInitConfigReader):
 	def convert(self):
 		stream = list()
-		for opt in self._opts:
+		combinedopts = dict(list(self._opts.items()) + list(self._initOpts.items()))
 		opts = Action.substituteRecursiveTags(combinedopts)
 		if not opts:
 			raise ValueError('recursive tag definitions unable to be resolved')
 		for opt, value in opts.iteritems():
 			if opt == "failregex":
-				for regex in self._opts[opt].split('\n'):
+				for regex in value.split('\n'):
 					# Do not send a command if the rule is empty.
 					if regex != '':
 						stream.append(["set", self._jailName, "addfailregex", regex])
 			elif opt == "ignoreregex":
-				for regex in self._opts[opt].split('\n'):
+				for regex in value.split('\n'):
 					# Do not send a command if the rule is empty.
 					if regex != '':
 						stream.append(["set", self._jailName, "addignoreregex", regex])		
--- a/fail2ban/tests/clientreadertestcase.py
+++ b/fail2ban/tests/clientreadertestcase.py
@ -308,6 +308,34 @@ class FilterReaderTest(unittest.TestCase):
 		output[-1][-1] = "5"
 		self.assertEqual(sorted(filterReader.convert()), sorted(output))
 	def testFilterReaderSubstitionDefault(self):
 		output = [['set', 'jailname', 'addfailregex', 'to=sweet@example.com fromip=<IP>']]
 		filterReader = FilterReader('substition', "jailname", {})
 		filterReader.setBaseDir(TEST_FILES_DIR)
 		filterReader.read()
 		filterReader.getOptions(None)
 		c = filterReader.convert()
 		self.assertEqual(sorted(c), sorted(output))
 	def testFilterReaderSubstitionSet(self):
 		output = [['set', 'jailname', 'addfailregex', 'to=sour@example.com fromip=<IP>']]
 		filterReader = FilterReader('substition', "jailname", {'honeypot': 'sour@example.com'})
 		filterReader.setBaseDir(TEST_FILES_DIR)
 		filterReader.read()
 		filterReader.getOptions(None)
 		c = filterReader.convert()
 		self.assertEqual(sorted(c), sorted(output))
 	def testFilterReaderSubstitionFail(self):
 		output = [['set', 'jailname', 'addfailregex', 'to=sour@example.com fromip=<IP>']]
 		filterReader = FilterReader('substition', "jailname", {'honeypot': '<sweet>', 'sweet': '<honeypot>'})
 		filterReader.setBaseDir(TEST_FILES_DIR)
 		filterReader.read()
 		filterReader.getOptions(None)
 		self.assertRaises(ValueError, FilterReader.convert, filterReader)
 class JailsReaderTest(LogCaptureTestCase):
 	def testProvidingBadBasedir(self):
--- a/fail2ban/tests/files/filter.d/substition.conf
+++ b/fail2ban/tests/files/filter.d/substition.conf
@ -0,0 +1,8 @@
 [Definition]
 failregex = to=<honeypot> fromip=<IP>
 [Init]
 honeypot = sweet@example.com