mirror of https://github.com/fail2ban/fail2ban
action.d/badips.py: code review, ban command covered, debug log-messages, etc;
sebres
parent
095a909c84
commit
f52c67238a
|
|
@ -186,6 +186,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
|
||||||
urlencode({'age': age})])
|
urlencode({'age': age})])
|
||||||
if key:
|
if key:
|
||||||
url = "&".join([url, urlencode({'key': key})])
|
url = "&".join([url, urlencode({'key': key})])
|
||||||
|
self._logSys.debug('badips.com: get list, url: %r', url)
|
||||||
response = urlopen(self._Request(url), timeout=self.timeout)
|
response = urlopen(self._Request(url), timeout=self.timeout)
|
||||||
except HTTPError as response:
|
except HTTPError as response:
|
||||||
messages = json.loads(response.read().decode('utf-8'))
|
messages = json.loads(response.read().decode('utf-8'))
|
||||||
|
|
@ -371,6 +372,7 @@ class BadIPsAction(ActionBase): # pragma: no cover - may be unavailable
|
||||||
url = "/".join([self._badips, "add", self.category, str(aInfo['ip'])])
|
url = "/".join([self._badips, "add", self.category, str(aInfo['ip'])])
|
||||||
if self.key:
|
if self.key:
|
||||||
url = "?".join([url, urlencode({'key': self.key})])
|
url = "?".join([url, urlencode({'key': self.key})])
|
||||||
|
self._logSys.debug('badips.com: ban, url: %r', url)
|
||||||
response = urlopen(self._Request(url), timeout=self.timeout)
|
response = urlopen(self._Request(url), timeout=self.timeout)
|
||||||
except HTTPError as response:
|
except HTTPError as response:
|
||||||
messages = json.loads(response.read().decode('utf-8'))
|
messages = json.loads(response.read().decode('utf-8'))
|
||||||
|
|
|
||||||
|
|
@ -21,15 +21,18 @@ import os
|
||||||
import unittest
|
import unittest
|
||||||
import sys
|
import sys
|
||||||
|
|
||||||
|
from ..actiontestcase import CallingMap
|
||||||
from ..dummyjail import DummyJail
|
from ..dummyjail import DummyJail
|
||||||
from ..utils import CONFIG_DIR
|
from ..servertestcase import IPAddr
|
||||||
|
from ..utils import LogCaptureTestCase, CONFIG_DIR
|
||||||
|
|
||||||
if sys.version_info >= (2,7): # pragma: no cover - may be unavailable
|
if sys.version_info >= (2,7): # pragma: no cover - may be unavailable
|
||||||
class BadIPsActionTest(unittest.TestCase):
|
class BadIPsActionTest(LogCaptureTestCase):
|
||||||
|
|
||||||
available = True, None
|
available = True, None
|
||||||
|
pythonModule = None
|
||||||
modAction = None
|
modAction = None
|
||||||
|
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
"""Call before every test case."""
|
"""Call before every test case."""
|
||||||
super(BadIPsActionTest, self).setUp()
|
super(BadIPsActionTest, self).setUp()
|
||||||
|
|
@ -39,17 +42,20 @@ if sys.version_info >= (2,7): # pragma: no cover - may be unavailable
|
||||||
|
|
||||||
self.jail.actions.add("test")
|
self.jail.actions.add("test")
|
||||||
|
|
||||||
pythonModule = os.path.join(CONFIG_DIR, "action.d", "badips.py")
|
pythonModuleName = os.path.join(CONFIG_DIR, "action.d", "badips.py")
|
||||||
|
|
||||||
# check availability (once if not alive, used shorter timeout as in test cases):
|
# check availability (once if not alive, used shorter timeout as in test cases):
|
||||||
if BadIPsActionTest.available[0]:
|
if BadIPsActionTest.available[0]:
|
||||||
if not BadIPsActionTest.modAction:
|
if not BadIPsActionTest.modAction:
|
||||||
BadIPsActionTest.modAction = self.jail.actions._load_python_module(pythonModule).Action
|
if not BadIPsActionTest.pythonModule:
|
||||||
|
BadIPsActionTest.pythonModule = self.jail.actions._load_python_module(pythonModuleName)
|
||||||
|
BadIPsActionTest.modAction = BadIPsActionTest.pythonModule.Action
|
||||||
|
self.jail.actions._load_python_module(pythonModuleName)
|
||||||
BadIPsActionTest.available = BadIPsActionTest.modAction.isAvailable(timeout=2 if unittest.F2B.fast else 10)
|
BadIPsActionTest.available = BadIPsActionTest.modAction.isAvailable(timeout=2 if unittest.F2B.fast else 10)
|
||||||
if not BadIPsActionTest.available[0]:
|
if not BadIPsActionTest.available[0]:
|
||||||
raise unittest.SkipTest('Skip test because service is not available: %s' % BadIPsActionTest.available[1])
|
raise unittest.SkipTest('Skip test because service is not available: %s' % BadIPsActionTest.available[1])
|
||||||
|
|
||||||
self.jail.actions.add("badips", pythonModule, initOpts={
|
self.jail.actions.add("badips", pythonModuleName, initOpts={
|
||||||
'category': "ssh",
|
'category': "ssh",
|
||||||
'banaction': "test",
|
'banaction': "test",
|
||||||
'score': 5,
|
'score': 5,
|
||||||
|
|
@ -106,3 +112,16 @@ if sys.version_info >= (2,7): # pragma: no cover - may be unavailable
|
||||||
"%s is fewer as 10: %r" % (len(self.action._bannedips), self.action._bannedips))
|
"%s is fewer as 10: %r" % (len(self.action._bannedips), self.action._bannedips))
|
||||||
self.action.stop()
|
self.action.stop()
|
||||||
self.assertTrue(len(self.action._bannedips) == 0)
|
self.assertTrue(len(self.action._bannedips) == 0)
|
||||||
|
|
||||||
|
def testBanIP(self):
|
||||||
|
aInfo = CallingMap({
|
||||||
|
'ip': IPAddr('192.0.2.1')
|
||||||
|
})
|
||||||
|
self.action.ban(aInfo)
|
||||||
|
self.assertLogged('badips.com: ban', wait=True)
|
||||||
|
self.pruneLog()
|
||||||
|
# produce an error using wrong category/IP:
|
||||||
|
self.action._category = 'f2b-this-category-dont-available-test-suite-only'
|
||||||
|
aInfo['ip'] = ''
|
||||||
|
self.assertRaises(BadIPsActionTest.pythonModule.HTTPError, self.action.ban, aInfo)
|
||||||
|
self.assertLogged('IP is invalid', 'invalid category', wait=True, all=False)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue