From eb3623e90cf1db8031cb89b40f7fdb8fee05b9f5 Mon Sep 17 00:00:00 2001 From: sebres Date: Sun, 12 Mar 2017 19:04:45 +0100 Subject: [PATCH] configreader.py: correct reading real relative path (starting with "./"); fail2ban-regex: catch read exceptions by wrong config files (raise exception in verbose mode only); --- fail2ban/client/configreader.py | 4 ++++ fail2ban/client/fail2banregex.py | 17 +++++++++++------ fail2ban/tests/fail2banregextestcase.py | 1 - 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py index 2caa97ce..b7da271b 100644 --- a/fail2ban/client/configreader.py +++ b/fail2ban/client/configreader.py @@ -176,6 +176,8 @@ class ConfigReaderUnshared(SafeConfigParserWithIncludes): if not os.path.exists(self._basedir): raise ValueError("Base configuration directory %s does not exist " % self._basedir) + if filename.startswith("./"): # pragma: no cover + filename = os.path.abspath(filename) basename = os.path.join(self._basedir, filename) logSys.debug("Reading configs for %s under %s " , filename, self._basedir) config_files = [ basename + ".conf" ] @@ -277,6 +279,8 @@ class DefinitionInitConfigReader(ConfigReader): def __init__(self, file_, jailName, initOpts, **kwargs): ConfigReader.__init__(self, **kwargs) + if file_.startswith("./"): # pragma: no cover + file_ = os.path.abspath(file_) self.setFile(file_) self.setJailName(jailName) self._initOpts = initOpts diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py index 539383f6..911abd28 100644 --- a/fail2ban/client/fail2banregex.py +++ b/fail2ban/client/fail2banregex.py @@ -313,12 +313,17 @@ class Fail2banRegex(object): if fltOpt: output( "Use filter options : %r" % fltOpt ) reader = FilterReader(fltName, 'fail2ban-regex-jail', fltOpt, share_config=self.share_config, basedir=basedir) - if basedir is not None: # pragma: no cover - ret = reader.read() - else: - ## foreign file - readexplicit this file and includes if possible: - reader.setBaseDir(None) - ret = reader.readexplicit() + ret = None + try: + if basedir is not None: + ret = reader.read() + else: + ## foreign file - readexplicit this file and includes if possible: + reader.setBaseDir(None) + ret = reader.readexplicit() + except Exception as e: + output("Wrong config file: %s" % (str(e),)) + if self._verbose: raise(e) if not ret: output( "ERROR: failed to load filter %s" % value ) return False diff --git a/fail2ban/tests/fail2banregextestcase.py b/fail2ban/tests/fail2banregextestcase.py index 19006831..1bac3a5f 100644 --- a/fail2ban/tests/fail2banregextestcase.py +++ b/fail2ban/tests/fail2banregextestcase.py @@ -255,7 +255,6 @@ class Fail2banRegexTest(LogCaptureTestCase): def testWrongFilterFile(self): # use test log as filter file to cover eror cases... (opts, args, fail2banRegex) = _Fail2banRegex( - "-l", "notice", # put down log-level, because of too many debug-messages Fail2banRegexTest.FILENAME_ZZZ_GEN, Fail2banRegexTest.FILENAME_ZZZ_GEN ) self.assertFalse(fail2banRegex.start(args))