github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

configreader.py: correct reading real relative path (starting with "./"); 

fail2ban-regex: catch read exceptions by wrong config files (raise exception in verbose mode only);
pull/1710/head
sebres 2017-03-12 19:04:45 +01:00
parent 6a26602ba8
commit eb3623e90c
3 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
fail2ban/client/configreader.py
View File

@ -176,6 +176,8 @@ class ConfigReaderUnshared(SafeConfigParserWithIncludes):
if not os.path.exists(self._basedir): if not os.path.exists(self._basedir):
raise ValueError("Base configuration directory %s does not exist " raise ValueError("Base configuration directory %s does not exist "
% self._basedir) % self._basedir)
if filename.startswith("./"): # pragma: no cover
filename = os.path.abspath(filename)
basename = os.path.join(self._basedir, filename) basename = os.path.join(self._basedir, filename)
logSys.debug("Reading configs for %s under %s " , filename, self._basedir) logSys.debug("Reading configs for %s under %s " , filename, self._basedir)
config_files = [ basename + ".conf" ] config_files = [ basename + ".conf" ]
@ -277,6 +279,8 @@ class DefinitionInitConfigReader(ConfigReader):
def __init__(self, file_, jailName, initOpts, **kwargs): def __init__(self, file_, jailName, initOpts, **kwargs):
ConfigReader.__init__(self, **kwargs) ConfigReader.__init__(self, **kwargs)
if file_.startswith("./"): # pragma: no cover
file_ = os.path.abspath(file_)
self.setFile(file_) self.setFile(file_)
self.setJailName(jailName) self.setJailName(jailName)
self._initOpts = initOpts self._initOpts = initOpts

17
fail2ban/client/fail2banregex.py
View File

@ -313,12 +313,17 @@ class Fail2banRegex(object):
if fltOpt: if fltOpt:
output( "Use filter options : %r" % fltOpt ) output( "Use filter options : %r" % fltOpt )
reader = FilterReader(fltName, 'fail2ban-regex-jail', fltOpt, share_config=self.share_config, basedir=basedir) reader = FilterReader(fltName, 'fail2ban-regex-jail', fltOpt, share_config=self.share_config, basedir=basedir)
if basedir is not None: # pragma: no cover ret = None
ret = reader.read() try:
else: if basedir is not None:
## foreign file - readexplicit this file and includes if possible: ret = reader.read()
reader.setBaseDir(None) else:
ret = reader.readexplicit() ## foreign file - readexplicit this file and includes if possible:
reader.setBaseDir(None)
ret = reader.readexplicit()
except Exception as e:
output("Wrong config file: %s" % (str(e),))
if self._verbose: raise(e)
if not ret: if not ret:
output( "ERROR: failed to load filter %s" % value ) output( "ERROR: failed to load filter %s" % value )
return False return False

1
fail2ban/tests/fail2banregextestcase.py
View File

@ -255,7 +255,6 @@ class Fail2banRegexTest(LogCaptureTestCase):
def testWrongFilterFile(self): def testWrongFilterFile(self):
# use test log as filter file to cover eror cases... # use test log as filter file to cover eror cases...
(opts, args, fail2banRegex) = _Fail2banRegex( (opts, args, fail2banRegex) = _Fail2banRegex(
"-l", "notice", # put down log-level, because of too many debug-messages
Fail2banRegexTest.FILENAME_ZZZ_GEN, Fail2banRegexTest.FILENAME_ZZZ_GEN Fail2banRegexTest.FILENAME_ZZZ_GEN, Fail2banRegexTest.FILENAME_ZZZ_GEN
) )
self.assertFalse(fail2banRegex.start(args)) self.assertFalse(fail2banRegex.start(args))