Merge branch 'fail2ban:master' into patch-2

2025-01-29 19:36:54 -05:00 · 2025-01-29 19:36:54 -05:00 · b8ab346257
parent eb1fc5b261 7a5e2c8419
commit b8ab346257
7 changed files with 39 additions and 39 deletions
--- a/.codespellrc
+++ b/.codespellrc
@ -9,4 +9,4 @@ check-hidden = true
 ignore-regex = (\b([A-Z][A-Z][A-Z]+|gir\.st)\b)|\[[a-zA-Z]+\][a-z]+\b|[a-z]+://\S+|.*codespell-ignore.*
 # some oddly named variables, some names, etc
 # wee -- comes in regex etc for weeks
-ignore-words-list = assertIn,theis,timere,alls,wee,wight,ans,re-use
+ignore-words-list = assertIn,theis,timere,alls,wee,wight,ans,re-use,pre-emptive
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -22,7 +22,7 @@ jobs:
    runs-on: ubuntu-20.04
    strategy:
      matrix:
-        python-version: [3.7, 3.8, 3.9, '3.10', '3.11', '3.12', '3.13.0', '3.14.0-alpha.1', pypy3.10]
+        python-version: [3.7, 3.8, 3.9, '3.10', '3.11', '3.12', '3.13', '3.14.0-alpha.4', pypy3.10]
      fail-fast: false
    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
--- a/config/action.d/iptables.conf
+++ b/config/action.d/iptables.conf
@ -135,7 +135,7 @@ returntype = RETURN

 # Option:  lockingopt
 # Notes.:  Option was introduced to iptables to prevent multiple instances from
-#          running concurrently and causing irratic behavior.  -w was introduced
+#          running concurrently and causing erratic behavior.  -w was introduced
 #          in iptables 1.4.20, so might be absent on older systems
 #          See https://github.com/fail2ban/fail2ban/issues/1122
 # Values:  STRING
--- a/fail2ban/tests/files/logs/apache-fakegooglebot
+++ b/fail2ban/tests/files/logs/apache-fakegooglebot
@ -1,5 +1,5 @@
 # Apache 2.2
 # failJSON: { "time": "2015-01-31T14:29:44", "match": true, "host": "66.249.66.1" }
-66.249.66.1 - - - [31/Jan/2015:14:29:44 ] example.com "GET / HTTP/1.1" 200 814 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + 293 1149 546
-# failJSON: { "time": "2015-01-31T14:29:44", "match": false, "host": "93.184.215.14" }
-93.184.215.14 - - - [31/Jan/2015:14:29:44 ] example.com "GET / HTTP/1.1" 200 814 "-" "NOT A __GOOGLE_BOT__" + 293 1149 546
+66.249.66.1 - - - [31/Jan/2015:14:29:44 ] fail2ban.org "GET / HTTP/1.1" 200 814 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + 293 1149 546
+# failJSON: { "time": "2015-01-31T14:29:44", "match": false, "host": "51.159.55.100" }
+51.159.55.100 - - - [31/Jan/2015:14:29:44 ] fail2ban.org "GET / HTTP/1.1" 200 814 "-" "NOT A __GOOGLE_BOT__" + 293 1149 546
--- a/fail2ban/tests/files/testcase-usedns.log
+++ b/fail2ban/tests/files/testcase-usedns.log
@ -1,2 +1,2 @@
-Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2
-Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2
+Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2
+Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2
--- a/fail2ban/tests/filtertestcase.py
+++ b/fail2ban/tests/filtertestcase.py
@ -587,14 +587,14 @@ class IgnoreIP(LogCaptureTestCase):
 				self.assertNotLogged("returned successfully")

 	def testIgnoreCauseOK(self):
-		ip = "93.184.215.14"
+		ip = "51.159.55.100"
 		for ignore_source in ["dns", "ip", "command"]:
 			self.filter.logIgnoreIp(ip, True, ignore_source=ignore_source)
 			self.assertLogged("[%s] Ignore %s by %s" % (self.jail.name, ip, ignore_source))

 	def testIgnoreCauseNOK(self):
-		self.filter.logIgnoreIp("example.com", False, ignore_source="NOT_LOGGED")
-		self.assertNotLogged("[%s] Ignore %s by %s" % (self.jail.name, "example.com", "NOT_LOGGED"))
+		self.filter.logIgnoreIp("fail2ban.org", False, ignore_source="NOT_LOGGED")
+		self.assertNotLogged("[%s] Ignore %s by %s" % (self.jail.name, "fail2ban.org", "NOT_LOGGED"))


 class IgnoreIPDNS(LogCaptureTestCase):
@ -607,7 +607,7 @@ class IgnoreIPDNS(LogCaptureTestCase):
 		self.filter = FileFilter(self.jail)

 	def testIgnoreIPDNS(self):
-		for dns in ("www.epfl.ch", "example.com"):
+		for dns in ("www.epfl.ch", "fail2ban.org"):
 			self.filter.addIgnoreIP(dns)
 			ips = DNSUtils.dnsToIp(dns)
 			self.assertTrue(len(ips) > 0)
@ -1892,22 +1892,22 @@ class GetFailures(LogCaptureTestCase):
 		#unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
 		# We should still catch failures with usedns = no ;-)
 		output_yes = (
-			('93.184.215.14', 1, 1124013299.0,
-			  ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
+			('51.159.55.100', 1, 1124013299.0,
+			  ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2']
 			),
-			('93.184.215.14', 1, 1124013539.0,
-			  ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2']
+			('51.159.55.100', 1, 1124013539.0,
+			  ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2']
 			),
-			('2606:2800:21f:cb07:6820:80da:af6b:8b2c', 1, 1124013299.0,
-			  ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2']
+			('2001:bc8:1200:6:208:a2ff:fe0c:61f8', 1, 1124013299.0,
+			  ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2']
 			),
 		)
 		if not unittest.F2B.no_network and not DNSUtils.IPv6IsAllowed():
 			output_yes = output_yes[0:2]

 		output_no = (
-			('93.184.215.14', 1, 1124013539.0,
-			  ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2']
+			('51.159.55.100', 1, 1124013539.0,
+			  ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2']
 			)
 		)

@ -2098,10 +2098,10 @@ class DNSUtilsNetworkTests(unittest.TestCase):
 		super(DNSUtilsNetworkTests, self).setUp()
 		#unittest.F2B.SkipIfNoNetwork()

-	## example.com IPs considering IPv6 support (without network it is simulated via cache in utils).
+	## fail2ban.org IPs considering IPv6 support (without network it is simulated via cache in utils).
 	EXAMPLE_ADDRS = (
-		['93.184.215.14', '2606:2800:21f:cb07:6820:80da:af6b:8b2c'] if unittest.F2B.no_network or DNSUtils.IPv6IsAllowed() else \
-		['93.184.215.14']
+		['51.159.55.100', '2001:bc8:1200:6:208:a2ff:fe0c:61f8'] if unittest.F2B.no_network or DNSUtils.IPv6IsAllowed() else \
+		['51.159.55.100']
 	)

 	def test_IPAddr(self):
@ -2163,13 +2163,13 @@ class DNSUtilsNetworkTests(unittest.TestCase):
 		self.assertTrue(r < ip6)

 	def testUseDns(self):
-		res = DNSUtils.textToIp('www.example.com', 'no')
+		res = DNSUtils.textToIp('www.fail2ban.org', 'no')
 		self.assertSortedEqual(res, [])
 		#unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
-		res = DNSUtils.textToIp('www.example.com', 'warn')
+		res = DNSUtils.textToIp('www.fail2ban.org', 'warn')
 		# sort ipaddr, IPv4 is always smaller as IPv6
 		self.assertSortedEqual(res, self.EXAMPLE_ADDRS)
-		res = DNSUtils.textToIp('www.example.com', 'yes')
+		res = DNSUtils.textToIp('www.fail2ban.org', 'yes')
 		# sort ipaddr, IPv4 is always smaller as IPv6
 		self.assertSortedEqual(res, self.EXAMPLE_ADDRS)

@ -2177,13 +2177,13 @@ class DNSUtilsNetworkTests(unittest.TestCase):
 		#unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
 		# Test hostnames
 		hostnames = [
-			'www.example.com',
+			'www.fail2ban.org',
 			'doh1.2.3.4.buga.xxxxx.yyy.invalid',
 			'1.2.3.4.buga.xxxxx.yyy.invalid',
 			]
 		for s in hostnames:
 			res = DNSUtils.textToIp(s, 'yes')
-			if s == 'www.example.com':
+			if s == 'www.fail2ban.org':
 				# sort ipaddr, IPv4 is always smaller as IPv6
 				self.assertSortedEqual(res, self.EXAMPLE_ADDRS)
 			else:
@ -2234,8 +2234,8 @@ class DNSUtilsNetworkTests(unittest.TestCase):

 		self.assertEqual(IPAddr('192.0.2.0').getPTR(), '0.2.0.192.in-addr.arpa.')
 		self.assertEqual(IPAddr('192.0.2.1').getPTR(), '1.2.0.192.in-addr.arpa.')
-		self.assertEqual(IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c').getPTR(), 
-			'c.2.b.8.b.6.f.a.a.d.0.8.0.2.8.6.7.0.b.c.f.1.2.0.0.0.8.2.6.0.6.2.ip6.arpa.')
+		self.assertEqual(IPAddr('2001:db8::1').getPTR(), 
+			'1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.')

 	def testIPAddr_Equal6(self):
 		self.assertEqual(
@ -2365,10 +2365,10 @@ class DNSUtilsNetworkTests(unittest.TestCase):

 	def testIPAddr_CompareDNS(self):
 		#unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils.
-		ips = IPAddr('example.com')
-		self.assertTrue(IPAddr("93.184.215.14").isInNet(ips))
-		self.assertEqual(IPAddr("2606:2800:21f:cb07:6820:80da:af6b:8b2c").isInNet(ips),
-		                        "2606:2800:21f:cb07:6820:80da:af6b:8b2c" in self.EXAMPLE_ADDRS)
+		ips = IPAddr('fail2ban.org')
+		self.assertTrue(IPAddr("51.159.55.100").isInNet(ips))
+		self.assertEqual(IPAddr("2001:bc8:1200:6:208:a2ff:fe0c:61f8").isInNet(ips),
+		                        "2001:bc8:1200:6:208:a2ff:fe0c:61f8" in self.EXAMPLE_ADDRS)

 	def testIPAddr_wrongDNS_IP(self):
 		unittest.F2B.SkipIfNoNetwork()
@ -2376,11 +2376,11 @@ class DNSUtilsNetworkTests(unittest.TestCase):
 		DNSUtils.ipToName('*')

 	def testIPAddr_Cached(self):
-		ips = [DNSUtils.dnsToIp('example.com'), DNSUtils.dnsToIp('example.com')]
+		ips = [DNSUtils.dnsToIp('fail2ban.org'), DNSUtils.dnsToIp('fail2ban.org')]
 		for ip1, ip2 in zip(ips, ips):
 			self.assertEqual(id(ip1), id(ip2))
-		ip1 = IPAddr('93.184.215.14'); ip2 = IPAddr('93.184.215.14'); self.assertEqual(id(ip1), id(ip2))
-		ip1 = IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'); ip2 = IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'); self.assertEqual(id(ip1), id(ip2))
+		ip1 = IPAddr('51.159.55.100'); ip2 = IPAddr('51.159.55.100'); self.assertEqual(id(ip1), id(ip2))
+		ip1 = IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'); ip2 = IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'); self.assertEqual(id(ip1), id(ip2))

 	def test_NetworkInterfacesAddrs(self):
 		for withMask in (False, True):
--- a/fail2ban/tests/utils.py
+++ b/fail2ban/tests/utils.py
@ -326,8 +326,8 @@ def initTests(opts):
 			('failed.dns.ch', set()),
 			('doh1.2.3.4.buga.xxxxx.yyy.invalid', set()),
 			('1.2.3.4.buga.xxxxx.yyy.invalid', set()),
-			('example.com', set([IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'), IPAddr('93.184.215.14')])),
-			('www.example.com', set([IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'), IPAddr('93.184.215.14')])),
+			('fail2ban.org', set([IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'), IPAddr('51.159.55.100')])),
+			('www.fail2ban.org', set([IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'), IPAddr('51.159.55.100')])),
 		):
 			c.set(*i)
 		# if fast - precache all host names as localhost addresses (speed-up getSelfIPs/ignoreself):