ruben/jail2ban
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: ruben:32032de81da28ef2634055c9007dda8329804fdb
Branches Tags
ruben:main ruben:develop
ruben:2023.1 ruben:2022.1
..
compare: ruben:develop
Branches Tags
ruben:main ruben:develop
ruben:2023.1 ruben:2022.1

3 Commits
32032de81d ... develop

Author SHA1 Message Date
Ruben van Staveren
6f36df2195 Merge branch '4-create-a-list-route-for-showing-banned-addresses' into 'develop' 
Resolve "Create a /list route for showing banned addresses"

See merge request ruben/jail2ban-pf!7
 2023-01-16 16:38:37 +00:00
Ruben van Staveren
c991df53fa Resolve "Create a /list route for showing banned addresses" 2023-01-16 16:38:37 +00:00
Ruben van Staveren
f39d319b25 Merge branch 'release/2023.1' into develop 2023-01-13 10:33:59 +01:00
2 changed files with 55 additions and 11 deletions
Expand all files Collapse all files

19
jail2ban/__init__.py
View File

@ -88,19 +88,28 @@ def create_app():
name = untaint(PAT_NAME, name) name = untaint(PAT_NAME, name)
app.logger.info(f'Flushing table f2b-{name}' app.logger.info(f'Flushing table f2b-{name}'
f' in anchor f2b-jail/{remote_user}') f' in anchor f2b-jail/{remote_user}')
reply = {'anchor': f'f2b-jail/{remote_user}',
'table': f'f2b-{name}',
'operation': 'list'}
try:
res = pfctl_table_op('f2b-jail/{remote_user}', res = pfctl_table_op('f2b-jail/{remote_user}',
table='f2b-{name}', table='f2b-{name}',
operation='show', operation='show',
verbose=True) verbose=True)
except CalledProcessError as err:
if err.stderr.find(b'pfctl: Table does not exist.') > 0:
res = []
reply.update({'error': f'\'{name}\' is not a known fail2ban jail'})
else:
raise err
result = [entry.groupdict() for entry in result = [entry.groupdict() for entry in
re.finditer(_PFCTL_TABLE_PAT, re.finditer(_PFCTL_TABLE_PAT,
'\n'.join([x.decode('ascii') for x in res]), '\n'.join([x.decode('ascii') for x in res]),
re.MULTILINE|re.VERBOSE)] re.MULTILINE|re.VERBOSE)]
reply.update({'result': result})
return jsonify({'anchor': f'f2b-jail/{remote_user}', return jsonify(reply), 200 if len(res) else 404
'table': f'f2b-{name}',
'operation': 'list',
'result': result })
@app.route("/register", methods=['PUT', 'DELETE']) @app.route("/register", methods=['PUT', 'DELETE'])
@auth.login_required @auth.login_required
@ -182,6 +191,8 @@ def create_app():
Show a json parsable error if the value is illegal Show a json parsable error if the value is illegal
''' '''
app.logger.fatal(error) app.logger.fatal(error)
app.logger.fatal('stdout: %s', error.stderr)
app.logger.fatal('stderr: %s', error.stderr)
return jsonify({'error': str(error)}), 500 return jsonify({'error': str(error)}), 500
@app.errorhandler(FileNotFoundError) @app.errorhandler(FileNotFoundError)

39
tests/test_list.py
View File

@ -94,9 +94,13 @@ def test_list_nonexistent_table(client, mocker, valid_credentials):
run_res.returncode = 255 run_res.returncode = 255
run_res.check_returncode = noop run_res.check_returncode = noop
# XXX raise a CalledProcessError here... mocker.patch('jail2ban.pfctl.run',
return_value=run_res,
mocker.patch('jail2ban.pfctl.run', return_value=run_res) side_effect=CalledProcessError(run_res.returncode,
'foobar',
output=run_res.stdout,
stderr=run_res.stderr)
)
response = client.get("/list/nonexistent", response = client.get("/list/nonexistent",
headers={"Authorization": headers={"Authorization":
@ -105,3 +109,32 @@ def test_list_nonexistent_table(client, mocker, valid_credentials):
assert response.status_code == 404 assert response.status_code == 404
assert response.json['error'] == "'nonexistent' is not " \ assert response.json['error'] == "'nonexistent' is not " \
"a known fail2ban jail" "a known fail2ban jail"
def test_list_wrong_table_name(client, mocker, valid_credentials):
'''
Test for an wrong table name that lets pfctl fail. should result in a 500
'''
def noop():
pass
run_res = SimpleNamespace()
run_res.stdout = b''
run_res.stderr = b'No ALTQ support in kernel\nALTQ related functions disabled\n' \
b'pfctl: Invalid argument.\n'
run_res.returncode = 255
run_res.check_returncode = noop
mocker.patch('jail2ban.pfctl.run',
return_value=run_res,
side_effect=CalledProcessError(run_res.returncode,
'foobar',
output=run_res.stdout,
stderr=run_res.stderr)
)
response = client.get("/list/notanerrorbuttestneedstofail",
headers={"Authorization":
"Basic " + valid_credentials})
assert response.status_code == 500
assert response.json['error'] == "Command 'foobar' returned non-zero exit status 255."