From 155a0855f24c6c3efc3f7a9e3167e3bb90f9b2d8 Mon Sep 17 00:00:00 2001 From: sebres Date: Wed, 29 Jan 2025 21:22:04 +0100 Subject: [PATCH 1/3] silence codespell --- .codespellrc | 2 +- config/action.d/iptables.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.codespellrc b/.codespellrc index 44a5bb83..86ce487f 100644 --- a/.codespellrc +++ b/.codespellrc @@ -9,4 +9,4 @@ check-hidden = true ignore-regex = (\b([A-Z][A-Z][A-Z]+|gir\.st)\b)|\[[a-zA-Z]+\][a-z]+\b|[a-z]+://\S+|.*codespell-ignore.* # some oddly named variables, some names, etc # wee -- comes in regex etc for weeks -ignore-words-list = assertIn,theis,timere,alls,wee,wight,ans,re-use +ignore-words-list = assertIn,theis,timere,alls,wee,wight,ans,re-use,pre-emptive diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf index 382716ac..c8314b9d 100644 --- a/config/action.d/iptables.conf +++ b/config/action.d/iptables.conf @@ -135,7 +135,7 @@ returntype = RETURN # Option: lockingopt # Notes.: Option was introduced to iptables to prevent multiple instances from -# running concurrently and causing irratic behavior. -w was introduced +# running concurrently and causing erratic behavior. -w was introduced # in iptables 1.4.20, so might be absent on older systems # See https://github.com/fail2ban/fail2ban/issues/1122 # Values: STRING From 5b6c13f0aae79a23d94570bacd1b5796e57f088d Mon Sep 17 00:00:00 2001 From: sebres Date: Thu, 30 Jan 2025 01:05:30 +0100 Subject: [PATCH 2/3] example.com changes the IPs, again... additionally it got more IPs, which look unstable now (depends on resolver), so replaced with fail2ban.org, that seems to resolve to single IPv4 and IPv6 (can be adjusted later for something more persistent) --- .../tests/files/logs/apache-fakegooglebot | 6 +- fail2ban/tests/files/testcase-usedns.log | 4 +- fail2ban/tests/filtertestcase.py | 58 +++++++++---------- fail2ban/tests/utils.py | 4 +- 4 files changed, 36 insertions(+), 36 deletions(-) diff --git a/fail2ban/tests/files/logs/apache-fakegooglebot b/fail2ban/tests/files/logs/apache-fakegooglebot index b77a1a6b..024842fd 100644 --- a/fail2ban/tests/files/logs/apache-fakegooglebot +++ b/fail2ban/tests/files/logs/apache-fakegooglebot @@ -1,5 +1,5 @@ # Apache 2.2 # failJSON: { "time": "2015-01-31T14:29:44", "match": true, "host": "66.249.66.1" } -66.249.66.1 - - - [31/Jan/2015:14:29:44 ] example.com "GET / HTTP/1.1" 200 814 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + 293 1149 546 -# failJSON: { "time": "2015-01-31T14:29:44", "match": false, "host": "93.184.215.14" } -93.184.215.14 - - - [31/Jan/2015:14:29:44 ] example.com "GET / HTTP/1.1" 200 814 "-" "NOT A __GOOGLE_BOT__" + 293 1149 546 +66.249.66.1 - - - [31/Jan/2015:14:29:44 ] fail2ban.org "GET / HTTP/1.1" 200 814 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + 293 1149 546 +# failJSON: { "time": "2015-01-31T14:29:44", "match": false, "host": "51.159.55.100" } +51.159.55.100 - - - [31/Jan/2015:14:29:44 ] fail2ban.org "GET / HTTP/1.1" 200 814 "-" "NOT A __GOOGLE_BOT__" + 293 1149 546 diff --git a/fail2ban/tests/files/testcase-usedns.log b/fail2ban/tests/files/testcase-usedns.log index eea6eb44..3e7b36bb 100644 --- a/fail2ban/tests/files/testcase-usedns.log +++ b/fail2ban/tests/files/testcase-usedns.log @@ -1,2 +1,2 @@ -Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2 -Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2 +Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2 +Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2 diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py index 20945b78..26961a1b 100644 --- a/fail2ban/tests/filtertestcase.py +++ b/fail2ban/tests/filtertestcase.py @@ -587,14 +587,14 @@ class IgnoreIP(LogCaptureTestCase): self.assertNotLogged("returned successfully") def testIgnoreCauseOK(self): - ip = "93.184.215.14" + ip = "51.159.55.100" for ignore_source in ["dns", "ip", "command"]: self.filter.logIgnoreIp(ip, True, ignore_source=ignore_source) self.assertLogged("[%s] Ignore %s by %s" % (self.jail.name, ip, ignore_source)) def testIgnoreCauseNOK(self): - self.filter.logIgnoreIp("example.com", False, ignore_source="NOT_LOGGED") - self.assertNotLogged("[%s] Ignore %s by %s" % (self.jail.name, "example.com", "NOT_LOGGED")) + self.filter.logIgnoreIp("fail2ban.org", False, ignore_source="NOT_LOGGED") + self.assertNotLogged("[%s] Ignore %s by %s" % (self.jail.name, "fail2ban.org", "NOT_LOGGED")) class IgnoreIPDNS(LogCaptureTestCase): @@ -607,7 +607,7 @@ class IgnoreIPDNS(LogCaptureTestCase): self.filter = FileFilter(self.jail) def testIgnoreIPDNS(self): - for dns in ("www.epfl.ch", "example.com"): + for dns in ("www.epfl.ch", "fail2ban.org"): self.filter.addIgnoreIP(dns) ips = DNSUtils.dnsToIp(dns) self.assertTrue(len(ips) > 0) @@ -1892,22 +1892,22 @@ class GetFailures(LogCaptureTestCase): #unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils. # We should still catch failures with usedns = no ;-) output_yes = ( - ('93.184.215.14', 1, 1124013299.0, - ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2'] + ('51.159.55.100', 1, 1124013299.0, + ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2'] ), - ('93.184.215.14', 1, 1124013539.0, - ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2'] + ('51.159.55.100', 1, 1124013539.0, + ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2'] ), - ('2606:2800:21f:cb07:6820:80da:af6b:8b2c', 1, 1124013299.0, - ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2'] + ('2001:bc8:1200:6:208:a2ff:fe0c:61f8', 1, 1124013299.0, + ['Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from fail2ban.org port 51332 ssh2'] ), ) if not unittest.F2B.no_network and not DNSUtils.IPv6IsAllowed(): output_yes = output_yes[0:2] output_no = ( - ('93.184.215.14', 1, 1124013539.0, - ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.215.14 port 51332 ssh2'] + ('51.159.55.100', 1, 1124013539.0, + ['Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:51.159.55.100 port 51332 ssh2'] ) ) @@ -2098,10 +2098,10 @@ class DNSUtilsNetworkTests(unittest.TestCase): super(DNSUtilsNetworkTests, self).setUp() #unittest.F2B.SkipIfNoNetwork() - ## example.com IPs considering IPv6 support (without network it is simulated via cache in utils). + ## fail2ban.org IPs considering IPv6 support (without network it is simulated via cache in utils). EXAMPLE_ADDRS = ( - ['93.184.215.14', '2606:2800:21f:cb07:6820:80da:af6b:8b2c'] if unittest.F2B.no_network or DNSUtils.IPv6IsAllowed() else \ - ['93.184.215.14'] + ['51.159.55.100', '2001:bc8:1200:6:208:a2ff:fe0c:61f8'] if unittest.F2B.no_network or DNSUtils.IPv6IsAllowed() else \ + ['51.159.55.100'] ) def test_IPAddr(self): @@ -2163,13 +2163,13 @@ class DNSUtilsNetworkTests(unittest.TestCase): self.assertTrue(r < ip6) def testUseDns(self): - res = DNSUtils.textToIp('www.example.com', 'no') + res = DNSUtils.textToIp('www.fail2ban.org', 'no') self.assertSortedEqual(res, []) #unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils. - res = DNSUtils.textToIp('www.example.com', 'warn') + res = DNSUtils.textToIp('www.fail2ban.org', 'warn') # sort ipaddr, IPv4 is always smaller as IPv6 self.assertSortedEqual(res, self.EXAMPLE_ADDRS) - res = DNSUtils.textToIp('www.example.com', 'yes') + res = DNSUtils.textToIp('www.fail2ban.org', 'yes') # sort ipaddr, IPv4 is always smaller as IPv6 self.assertSortedEqual(res, self.EXAMPLE_ADDRS) @@ -2177,13 +2177,13 @@ class DNSUtilsNetworkTests(unittest.TestCase): #unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils. # Test hostnames hostnames = [ - 'www.example.com', + 'www.fail2ban.org', 'doh1.2.3.4.buga.xxxxx.yyy.invalid', '1.2.3.4.buga.xxxxx.yyy.invalid', ] for s in hostnames: res = DNSUtils.textToIp(s, 'yes') - if s == 'www.example.com': + if s == 'www.fail2ban.org': # sort ipaddr, IPv4 is always smaller as IPv6 self.assertSortedEqual(res, self.EXAMPLE_ADDRS) else: @@ -2234,8 +2234,8 @@ class DNSUtilsNetworkTests(unittest.TestCase): self.assertEqual(IPAddr('192.0.2.0').getPTR(), '0.2.0.192.in-addr.arpa.') self.assertEqual(IPAddr('192.0.2.1').getPTR(), '1.2.0.192.in-addr.arpa.') - self.assertEqual(IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c').getPTR(), - 'c.2.b.8.b.6.f.a.a.d.0.8.0.2.8.6.7.0.b.c.f.1.2.0.0.0.8.2.6.0.6.2.ip6.arpa.') + self.assertEqual(IPAddr('2001:db8::1').getPTR(), + '1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.ip6.arpa.') def testIPAddr_Equal6(self): self.assertEqual( @@ -2365,10 +2365,10 @@ class DNSUtilsNetworkTests(unittest.TestCase): def testIPAddr_CompareDNS(self): #unittest.F2B.SkipIfNoNetwork() ## without network it is simulated via cache in utils. - ips = IPAddr('example.com') - self.assertTrue(IPAddr("93.184.215.14").isInNet(ips)) - self.assertEqual(IPAddr("2606:2800:21f:cb07:6820:80da:af6b:8b2c").isInNet(ips), - "2606:2800:21f:cb07:6820:80da:af6b:8b2c" in self.EXAMPLE_ADDRS) + ips = IPAddr('fail2ban.org') + self.assertTrue(IPAddr("51.159.55.100").isInNet(ips)) + self.assertEqual(IPAddr("2001:bc8:1200:6:208:a2ff:fe0c:61f8").isInNet(ips), + "2001:bc8:1200:6:208:a2ff:fe0c:61f8" in self.EXAMPLE_ADDRS) def testIPAddr_wrongDNS_IP(self): unittest.F2B.SkipIfNoNetwork() @@ -2376,11 +2376,11 @@ class DNSUtilsNetworkTests(unittest.TestCase): DNSUtils.ipToName('*') def testIPAddr_Cached(self): - ips = [DNSUtils.dnsToIp('example.com'), DNSUtils.dnsToIp('example.com')] + ips = [DNSUtils.dnsToIp('fail2ban.org'), DNSUtils.dnsToIp('fail2ban.org')] for ip1, ip2 in zip(ips, ips): self.assertEqual(id(ip1), id(ip2)) - ip1 = IPAddr('93.184.215.14'); ip2 = IPAddr('93.184.215.14'); self.assertEqual(id(ip1), id(ip2)) - ip1 = IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'); ip2 = IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'); self.assertEqual(id(ip1), id(ip2)) + ip1 = IPAddr('51.159.55.100'); ip2 = IPAddr('51.159.55.100'); self.assertEqual(id(ip1), id(ip2)) + ip1 = IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'); ip2 = IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'); self.assertEqual(id(ip1), id(ip2)) def test_NetworkInterfacesAddrs(self): for withMask in (False, True): diff --git a/fail2ban/tests/utils.py b/fail2ban/tests/utils.py index f71ba60a..e6ef54f3 100644 --- a/fail2ban/tests/utils.py +++ b/fail2ban/tests/utils.py @@ -326,8 +326,8 @@ def initTests(opts): ('failed.dns.ch', set()), ('doh1.2.3.4.buga.xxxxx.yyy.invalid', set()), ('1.2.3.4.buga.xxxxx.yyy.invalid', set()), - ('example.com', set([IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'), IPAddr('93.184.215.14')])), - ('www.example.com', set([IPAddr('2606:2800:21f:cb07:6820:80da:af6b:8b2c'), IPAddr('93.184.215.14')])), + ('fail2ban.org', set([IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'), IPAddr('51.159.55.100')])), + ('www.fail2ban.org', set([IPAddr('2001:bc8:1200:6:208:a2ff:fe0c:61f8'), IPAddr('51.159.55.100')])), ): c.set(*i) # if fast - precache all host names as localhost addresses (speed-up getSelfIPs/ignoreself): From 8c6d7dc12f056812724ee5528aa5f79e85634273 Mon Sep 17 00:00:00 2001 From: sebres Date: Thu, 30 Jan 2025 01:09:20 +0100 Subject: [PATCH 3/3] GHA main.yml: update python versions ('3.14.0-alpha.4') --- .github/workflows/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index d1dfe521..dccd57ef 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - python-version: [3.7, 3.8, 3.9, '3.10', '3.11', '3.12', '3.13.0', '3.14.0-alpha.1', pypy3.10] + python-version: [3.7, 3.8, 3.9, '3.10', '3.11', '3.12', '3.13', '3.14.0-alpha.4', pypy3.10] fail-fast: false # Steps represent a sequence of tasks that will be executed as part of the job steps: