diff options
author | sebres <serg.brester@sebres.de> | 2022-02-11 19:10:26 +0100 |
---|---|---|
committer | sebres <serg.brester@sebres.de> | 2022-02-11 19:10:26 +0100 |
commit | 96121830da3ed271b121c3edddca0153ac0cfe10 (patch) | |
tree | 7ab6f60cf4aab4f99e43155d5c30c035b47908e2 /fail2ban | |
parent | 246d0e1100943e35c9e799463f152621bd35a2b2 (diff) | |
download | fail2ban-96121830da3ed271b121c3edddca0153ac0cfe10.tar.gz |
differentiate <ip> and <fid> (<F-ID>): if IP-address deviates from ID then `<ip>` is not `<fid>` anymore;
introduces certain backwards incompatibility against actions that have used tag `<ip>` to get failure-ID, if IP-related tags (like `<ADDR>` or `<HOST>`) used additionally to `<F-ID>` and they are different, see gh-3217
Diffstat (limited to 'fail2ban')
-rw-r--r-- | fail2ban/client/fail2banregex.py | 6 | ||||
-rw-r--r-- | fail2ban/server/actions.py | 10 | ||||
-rw-r--r-- | fail2ban/server/database.py | 2 | ||||
-rw-r--r-- | fail2ban/server/filter.py | 67 | ||||
-rw-r--r-- | fail2ban/server/ipdns.py | 2 | ||||
-rw-r--r-- | fail2ban/server/observer.py | 8 | ||||
-rw-r--r-- | fail2ban/server/ticket.py | 17 | ||||
-rw-r--r-- | fail2ban/tests/banmanagertestcase.py | 10 | ||||
-rw-r--r-- | fail2ban/tests/databasetestcase.py | 20 | ||||
-rw-r--r-- | fail2ban/tests/fail2banregextestcase.py | 12 | ||||
-rw-r--r-- | fail2ban/tests/failmanagertestcase.py | 8 | ||||
-rw-r--r-- | fail2ban/tests/filtertestcase.py | 6 | ||||
-rw-r--r-- | fail2ban/tests/observertestcase.py | 4 | ||||
-rw-r--r-- | fail2ban/tests/tickettestcase.py | 2 |
14 files changed, 95 insertions, 79 deletions
diff --git a/fail2ban/client/fail2banregex.py b/fail2ban/client/fail2banregex.py index 5921dfdd..4ab8a8a3 100644 --- a/fail2ban/client/fail2banregex.py +++ b/fail2ban/client/fail2banregex.py @@ -520,10 +520,14 @@ class Fail2banRegex(object): def _prepaireOutput(self): """Prepares output- and fetch-function corresponding given '--out' option (format)""" ofmt = self._opts.out - if ofmt in ('id', 'ip'): + if ofmt in ('id', 'fid'): def _out(ret): for r in ret: output(r[1]) + elif ofmt == 'ip': + def _out(ret): + for r in ret: + output(r[3].get('ip', r[1])) elif ofmt == 'msg': def _out(ret): for r in ret: diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py index 0cd2ec33..9b2aa049 100644 --- a/fail2ban/server/actions.py +++ b/fail2ban/server/actions.py @@ -497,7 +497,7 @@ class Actions(JailThread, Mapping): bTicket = BanTicket.wrap(ticket) btime = ticket.getBanTime(self.banManager.getBanTime()) - ip = bTicket.getIP() + ip = bTicket.getID() aInfo = self._getActionInfo(bTicket) reason = {} if self.banManager.addBanTicket(bTicket, reason=reason): @@ -575,10 +575,10 @@ class Actions(JailThread, Mapping): Ticket to reban """ actions = actions or self._actions - ip = ticket.getIP() + ip = ticket.getID() aInfo = self._getActionInfo(ticket) if log: - logSys.notice("[%s] Reban %s%s", self._jail.name, aInfo["ip"], (', action %r' % actions.keys()[0] if len(actions) == 1 else '')) + logSys.notice("[%s] Reban %s%s", self._jail.name, ip, (', action %r' % actions.keys()[0] if len(actions) == 1 else '')) for name, action in actions.iteritems(): try: logSys.debug("[%s] action %r: reban %s", self._jail.name, name, ip) @@ -703,10 +703,10 @@ class Actions(JailThread, Mapping): unbactions = self._actions else: unbactions = actions - ip = ticket.getIP() + ip = ticket.getID() aInfo = self._getActionInfo(ticket) if log: - logSys.notice("[%s] Unban %s", self._jail.name, aInfo["ip"]) + logSys.notice("[%s] Unban %s", self._jail.name, ip) for name, action in unbactions.iteritems(): try: logSys.debug("[%s] action %r: unban %s", self._jail.name, name, ip) diff --git a/fail2ban/server/database.py b/fail2ban/server/database.py index 86b0ea68..8a7abb3c 100644 --- a/fail2ban/server/database.py +++ b/fail2ban/server/database.py @@ -599,7 +599,7 @@ class Fail2BanDb(object): ticket : BanTicket Ticket of the ban to be added. """ - ip = str(ticket.getIP()) + ip = str(ticket.getID()) try: del self._bansMergedCache[(ip, jail)] except KeyError: diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py index 5af3626a..86c6648e 100644 --- a/fail2ban/server/filter.py +++ b/fail2ban/server/filter.py @@ -553,7 +553,7 @@ class Filter(JailThread): ticket = None if isinstance(ip, FailTicket): ticket = ip - ip = ticket.getIP() + ip = ticket.getID() elif not isinstance(ip, IPAddr): ip = IPAddr(ip) return self._inIgnoreIPList(ip, ticket, log_ignore) @@ -702,10 +702,7 @@ class Filter(JailThread): """Processes the line for failures and populates failManager """ try: - for element in self.processLine(line, date): - ip = element[1] - unixTime = element[2] - fail = element[3] + for (_, ip, unixTime, fail) in self.processLine(line, date): logSys.debug("Processing line with time:%s and ip:%s", unixTime, ip) # ensure the time is not in the future, e. g. by some estimated (assumed) time: @@ -841,11 +838,9 @@ class Filter(JailThread): failList = list() ll = logSys.getEffectiveLevel() - returnRawHost = self.returnRawHost - cidr = IPAddr.CIDR_UNSPEC - if self.__useDns == "raw": - returnRawHost = True - cidr = IPAddr.CIDR_RAW + defcidr = IPAddr.CIDR_UNSPEC + if self.__useDns == "raw" or self.returnRawHost: + defcidr = IPAddr.CIDR_RAW if self.__lineBufferSize > 1: self.__lineBuffer.append(tupleLine) @@ -908,7 +903,8 @@ class Filter(JailThread): if not self.checkAllRegex or self.__lineBufferSize > 1: self.__lineBuffer, buf = failRegex.getUnmatchedTupleLines(), None # merge data if multi-line failure: - raw = returnRawHost + cidr = defcidr + raw = (defcidr == IPAddr.CIDR_RAW) if preGroups: currFail, fail = fail, preGroups.copy() fail.update(currFail) @@ -927,49 +923,50 @@ class Filter(JailThread): # failure-id: fid = fail.get('fid') # ip-address or host: - host = fail.get('ip4') - if host is not None: + ip = fail.get('ip4') + if ip is not None: cidr = int(fail.get('cidr') or IPAddr.FAM_IPv4) raw = True else: - host = fail.get('ip6') - if host is not None: + ip = fail.get('ip6') + if ip is not None: cidr = int(fail.get('cidr') or IPAddr.FAM_IPv6) raw = True - if host is None: - host = fail.get('dns') - if host is None: - # first try to check we have mlfid case (cache connection id): - if fid is None and mlfid is None: - # if no failure-id also (obscure case, wrong regex), throw error inside getFailID: - fid = failRegex.getFailID() - host = fid - cidr = IPAddr.CIDR_RAW - raw = True + else: + ip = fail.get('dns') + if ip is None: + # first try to check we have mlfid case (cache connection id): + if fid is None and mlfid is None: + # if no failure-id also (obscure case, wrong regex), throw error inside getFailID: + fid = failRegex.getFailID() + ip = fid + raw = True # if mlfid case (not failure): - if host is None: + if ip is None: if ll <= 7: logSys.log(7, "No failure-id by mlfid %r in regex %s: %s", mlfid, failRegexIndex, fail.get('mlfforget', "waiting for identifier")) fail['mlfpending'] = 1; # mark failure is pending if not self.checkAllRegex and self.ignorePending: return failList - ips = [None] + fids = [None] # if raw - add single ip or failure-id, # otherwise expand host to multiple ips using dns (or ignore it if not valid): elif raw: - ip = IPAddr(host, cidr) - # check host equal failure-id, if not - failure with complex id: - if fid is not None and fid != host: - ip = IPAddr(fid, IPAddr.CIDR_RAW) - ips = [ip] + # check ip/host equal failure-id, if not - failure with complex id: + if fid is None or fid == ip: + fid = IPAddr(ip, cidr) + else: + fail['ip'] = IPAddr(ip, cidr) + fid = IPAddr(fid, defcidr) + fids = [fid] # otherwise, try to use dns conversion: else: - ips = DNSUtils.textToIp(host, self.__useDns) + fids = DNSUtils.textToIp(ip, self.__useDns) # if checkAllRegex we must make a copy (to be sure next RE doesn't change merged/cached failure): if self.checkAllRegex and mlfid is not None: fail = fail.copy() # append failure with match to the list: - for ip in ips: - failList.append([failRegexIndex, ip, date, fail]) + for fid in fids: + failList.append([failRegexIndex, fid, date, fail]) if not self.checkAllRegex: break except RegexException as e: # pragma: no cover - unsure if reachable diff --git a/fail2ban/server/ipdns.py b/fail2ban/server/ipdns.py index d6dfbb9d..d917d031 100644 --- a/fail2ban/server/ipdns.py +++ b/fail2ban/server/ipdns.py @@ -257,6 +257,8 @@ class IPAddr(object): FAM_IPv6 = CIDR_RAW - socket.AF_INET6 def __new__(cls, ipstr, cidr=CIDR_UNSPEC): + if cidr == IPAddr.CIDR_UNSPEC and isinstance(ipstr, (tuple, list)): + cidr = IPAddr.CIDR_RAW if cidr == IPAddr.CIDR_RAW: # don't cache raw ip = super(IPAddr, cls).__new__(cls) ip.__init(ipstr, cidr) diff --git a/fail2ban/server/observer.py b/fail2ban/server/observer.py index ecbcd5b7..b1c9b37d 100644 --- a/fail2ban/server/observer.py +++ b/fail2ban/server/observer.py @@ -372,7 +372,7 @@ class ObserverThread(JailThread): # check jail active : if not jail.isAlive() or not jail.getBanTimeExtra("increment"): return - ip = ticket.getIP() + ip = ticket.getID() unixTime = ticket.getTime() logSys.debug("[%s] Observer: failure found %s", jail.name, ip) # increase retry count for known (bad) ip, corresponding banCount of it (one try will count than 2, 3, 5, 9 ...) : @@ -435,7 +435,7 @@ class ObserverThread(JailThread): if not jail.isAlive() or not jail.database: return banTime be = jail.getBanTimeExtra() - ip = ticket.getIP() + ip = ticket.getID() orgBanTime = banTime # check ip was already banned (increment time of ban): try: @@ -474,7 +474,7 @@ class ObserverThread(JailThread): return try: oldbtime = btime - ip = ticket.getIP() + ip = ticket.getID() logSys.debug("[%s] Observer: ban found %s, %s", jail.name, ip, btime) # if not permanent and ban time was not set - check time should be increased: if btime != -1 and ticket.getBanTime() is None: @@ -514,7 +514,7 @@ class ObserverThread(JailThread): """ try: btime = ticket.getBanTime() - ip = ticket.getIP() + ip = ticket.getID() logSys.debug("[%s] Observer: prolong %s, %s", jail.name, ip, btime) # prolong ticket via actions that expected this: jail.actions._prolongBan(ticket) diff --git a/fail2ban/server/ticket.py b/fail2ban/server/ticket.py index f99b6462..96e67773 100644 --- a/fail2ban/server/ticket.py +++ b/fail2ban/server/ticket.py @@ -33,7 +33,7 @@ logSys = getLogger(__name__) class Ticket(object): - __slots__ = ('_ip', '_flags', '_banCount', '_banTime', '_time', '_data', '_retry', '_lastReset') + __slots__ = ('_id', '_flags', '_banCount', '_banTime', '_time', '_data', '_retry', '_lastReset') MAX_TIME = 0X7FFFFFFFFFFF ;# 4461763-th year @@ -48,7 +48,7 @@ class Ticket(object): @param matches (log) lines caused the ticket """ - self.setIP(ip) + self.setID(ip) self._flags = 0; self._banCount = 0; self._banTime = None; @@ -65,7 +65,7 @@ class Ticket(object): def __str__(self): return "%s: ip=%s time=%s bantime=%s bancount=%s #attempts=%d matches=%r" % \ - (self.__class__.__name__.split('.')[-1], self._ip, self._time, + (self.__class__.__name__.split('.')[-1], self._id, self._time, self._banTime, self._banCount, self._data['failures'], self._data.get('matches', [])) @@ -74,7 +74,7 @@ class Ticket(object): def __eq__(self, other): try: - return self._ip == other._ip and \ + return self._id == other._id and \ round(self._time, 2) == round(other._time, 2) and \ self._data == other._data except AttributeError: @@ -86,18 +86,17 @@ class Ticket(object): if v is not None: setattr(self, n, v) - - def setIP(self, value): + def setID(self, value): # guarantee using IPAddr instead of unicode, str for the IP if isinstance(value, basestring): value = IPAddr(value) - self._ip = value + self._id = value def getID(self): - return self._data.get('fid', self._ip) + return self._id def getIP(self): - return self._ip + return self._data.get('ip', self._id) def setTime(self, value): self._time = value diff --git a/fail2ban/tests/banmanagertestcase.py b/fail2ban/tests/banmanagertestcase.py index ec8e6f9f..cf25ac0f 100644 --- a/fail2ban/tests/banmanagertestcase.py +++ b/fail2ban/tests/banmanagertestcase.py @@ -100,23 +100,23 @@ class AddFailure(unittest.TestCase): self.assertFalse(self.__banManager._inBanList(ticket)) def testBanTimeIncr(self): - ticket = BanTicket(self.__ticket.getIP(), self.__ticket.getTime()) + ticket = BanTicket(self.__ticket.getID(), self.__ticket.getTime()) ## increase twice and at end permanent, check time/count increase: c = 0 for i in (1000, 2000, -1): self.__banManager.addBanTicket(self.__ticket); c += 1 ticket.setBanTime(i) self.assertFalse(self.__banManager.addBanTicket(ticket)); # no incr of c (already banned) - self.assertEqual(str(self.__banManager.getTicketByID(ticket.getIP())), - "BanTicket: ip=%s time=%s bantime=%s bancount=%s #attempts=0 matches=[]" % (ticket.getIP(), ticket.getTime(), i, c)) + self.assertEqual(str(self.__banManager.getTicketByID(ticket.getID())), + "BanTicket: ip=%s time=%s bantime=%s bancount=%s #attempts=0 matches=[]" % (ticket.getID(), ticket.getTime(), i, c)) ## after permanent, it should remain permanent ban time (-1): self.__banManager.addBanTicket(self.__ticket); c += 1 ticket.setBanTime(-1) self.assertFalse(self.__banManager.addBanTicket(ticket)); # no incr of c (already banned) ticket.setBanTime(1000) self.assertFalse(self.__banManager.addBanTicket(ticket)); # no incr of c (already banned) - self.assertEqual(str(self.__banManager.getTicketByID(ticket.getIP())), - "BanTicket: ip=%s time=%s bantime=%s bancount=%s #attempts=0 matches=[]" % (ticket.getIP(), ticket.getTime(), -1, c)) + self.assertEqual(str(self.__banManager.getTicketByID(ticket.getID())), + "BanTicket: ip=%s time=%s bantime=%s bancount=%s #attempts=0 matches=[]" % (ticket.getID(), ticket.getTime(), -1, c)) def testUnban(self): btime = self.__banManager.getBanTime() diff --git a/fail2ban/tests/databasetestcase.py b/fail2ban/tests/databasetestcase.py index 6692b238..8cc394be 100644 --- a/fail2ban/tests/databasetestcase.py +++ b/fail2ban/tests/databasetestcase.py @@ -192,7 +192,7 @@ class DatabaseTest(LogCaptureTestCase): ticket.setAttempt(3) self.assertEqual(bans[0], ticket) # second ban found also: - self.assertEqual(bans[1].getIP(), "1.2.3.8") + self.assertEqual(bans[1].getID(), "1.2.3.8") # updated ? self.assertEqual(self.db.updateDb(Fail2BanDb.__version__), Fail2BanDb.__version__) # check current bans (should find 2 tickets after upgrade): @@ -312,7 +312,7 @@ class DatabaseTest(LogCaptureTestCase): for i, ticket in enumerate(tickets): DefLogSys.debug('readtickets[%d]: %r', i, readtickets[i].getData()) DefLogSys.debug(' == tickets[%d]: %r', i, ticket.getData()) - self.assertEqual(readtickets[i].getIP(), ticket.getIP()) + self.assertEqual(readtickets[i].getID(), ticket.getID()) self.assertEqual(len(readtickets[i].getMatches()), len(ticket.getMatches())) self.pruneLog('[test-phase 2] simulate errors') @@ -354,10 +354,10 @@ class DatabaseTest(LogCaptureTestCase): def testDelBan(self): tickets = self._testAdd3Bans() # delete single IP: - self.db.delBan(self.jail, tickets[0].getIP()) + self.db.delBan(self.jail, tickets[0].getID()) self.assertEqual(len(self.db.getBans(jail=self.jail)), 2) # delete two IPs: - self.db.delBan(self.jail, tickets[1].getIP(), tickets[2].getIP()) + self.db.delBan(self.jail, tickets[1].getID(), tickets[2].getID()) self.assertEqual(len(self.db.getBans(jail=self.jail)), 0) def testFlushBans(self): @@ -398,7 +398,7 @@ class DatabaseTest(LogCaptureTestCase): # should retrieve 2 matches only, but count of all attempts: self.db.maxMatches = maxMatches; ticket = self.db.getBansMerged("127.0.0.1") - self.assertEqual(ticket.getIP(), "127.0.0.1") + self.assertEqual(ticket.getID(), "127.0.0.1") self.assertEqual(ticket.getAttempt(), len(failures)) self.assertEqual(len(ticket.getMatches()), maxMatches) self.assertEqual(ticket.getMatches(), matches2find[-maxMatches:]) @@ -456,13 +456,13 @@ class DatabaseTest(LogCaptureTestCase): # All for IP 127.0.0.1 ticket = self.db.getBansMerged("127.0.0.1") - self.assertEqual(ticket.getIP(), "127.0.0.1") + self.assertEqual(ticket.getID(), "127.0.0.1") self.assertEqual(ticket.getAttempt(), 70) self.assertEqual(ticket.getMatches(), ["abc\n", "123\n", "ABC\n"]) # All for IP 127.0.0.1 for single jail ticket = self.db.getBansMerged("127.0.0.1", jail=self.jail) - self.assertEqual(ticket.getIP(), "127.0.0.1") + self.assertEqual(ticket.getID(), "127.0.0.1") self.assertEqual(ticket.getAttempt(), 30) self.assertEqual(ticket.getMatches(), ["abc\n", "123\n"]) @@ -490,8 +490,8 @@ class DatabaseTest(LogCaptureTestCase): tickets = self.db.getBansMerged() self.assertEqual(len(tickets), 2) self.assertSortedEqual( - list(set(ticket.getIP() for ticket in tickets)), - [ticket.getIP() for ticket in tickets]) + list(set(ticket.getID() for ticket in tickets)), + [ticket.getID() for ticket in tickets]) tickets = self.db.getBansMerged(jail=jail2) self.assertEqual(len(tickets), 1) @@ -510,7 +510,7 @@ class DatabaseTest(LogCaptureTestCase): tickets = self.db.getCurrentBans(jail=self.jail) self.assertEqual(len(tickets), 2) ticket = self.db.getCurrentBans(jail=None, ip="127.0.0.1"); - self.assertEqual(ticket.getIP(), "127.0.0.1") + self.assertEqual(ticket.getID(), "127.0.0.1") # positive case (1 ticket not yet expired): tickets = self.db.getCurrentBans(jail=self.jail, forbantime=15, diff --git a/fail2ban/tests/fail2banregextestcase.py b/fail2ban/tests/fail2banregextestcase.py index b526dbf5..97670f50 100644 --- a/fail2ban/tests/fail2banregextestcase.py +++ b/fail2ban/tests/fail2banregextestcase.py @@ -372,6 +372,18 @@ class Fail2banRegexTest(LogCaptureTestCase): r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1> <F-ID><ADDR>:<F-PORT/></F-ID> <F-TUPLE_ID_2>\S+</F-TUPLE_ID_2>')) self.assertLogged(str(('[192.0.2.4]:12345', 'left', 'right'))) self.pruneLog() + # ip is not id anymore (if IP-address deviates from ID): + self.assertTrue(_test_exec('-o', 'ip', + '1591983743.667 left [192.0.2.4]:12345 right', + r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1> <F-ID><ADDR>:<F-PORT/></F-ID> <F-TUPLE_ID_2>\S+</F-TUPLE_ID_2>')) + self.assertNotLogged(str(('[192.0.2.4]:12345', 'left', 'right'))) + self.assertLogged('192.0.2.4') + self.pruneLog() + self.assertTrue(_test_exec('-o', 'ID:<fid> | IP:<ip>', + '1591983743.667 left [192.0.2.4]:12345 right', + r'^\s*<F-TUPLE_ID_1>\S+</F-TUPLE_ID_1> <F-ID><ADDR>:<F-PORT/></F-ID> <F-TUPLE_ID_2>\S+</F-TUPLE_ID_2>')) + self.assertLogged('ID:'+str(('[192.0.2.4]:12345', 'left', 'right'))+' | IP:192.0.2.4') + self.pruneLog() # row with id : self.assertTrue(_test_exec('-o', 'row', STR_00, RE_00_ID)) self.assertLogged("['kevin'", "'ip4': '192.0.2.0'", "'fid': 'kevin'", all=True) diff --git a/fail2ban/tests/failmanagertestcase.py b/fail2ban/tests/failmanagertestcase.py index a5425286..42b0fbd2 100644 --- a/fail2ban/tests/failmanagertestcase.py +++ b/fail2ban/tests/failmanagertestcase.py @@ -150,8 +150,8 @@ class AddFailure(unittest.TestCase): self.__failManager.setMaxRetry(5) #ticket = FailTicket('193.168.0.128', None) ticket = self.__failManager.toBan() - self.assertEqual(ticket.getIP(), "193.168.0.128") - self.assertTrue(isinstance(ticket.getIP(), (str, IPAddr))) + self.assertEqual(ticket.getID(), "193.168.0.128") + self.assertTrue(isinstance(ticket.getID(), (str, IPAddr))) # finish with rudimentary tests of the ticket # verify consistent str @@ -180,9 +180,9 @@ class AddFailure(unittest.TestCase): def testWindow(self): self._addDefItems() ticket = self.__failManager.toBan() - self.assertNotEqual(ticket.getIP(), "100.100.10.10") + self.assertNotEqual(ticket.getID(), "100.100.10.10") ticket = self.__failManager.toBan() - self.assertNotEqual(ticket.getIP(), "100.100.10.10") + self.assertNotEqual(ticket.getID(), "100.100.10.10") self.assertRaises(FailManagerEmpty, self.__failManager.toBan) def testBgService(self): diff --git a/fail2ban/tests/filtertestcase.py b/fail2ban/tests/filtertestcase.py index 0c704767..017e54ec 100644 --- a/fail2ban/tests/filtertestcase.py +++ b/fail2ban/tests/filtertestcase.py @@ -141,7 +141,7 @@ def _ticket_tuple(ticket): """ attempts = ticket.getAttempt() date = ticket.getTime() - ip = ticket.getIP() + ip = ticket.getID() matches = ticket.getMatches() return (ip, attempts, date, matches) @@ -1460,7 +1460,7 @@ def get_monitor_failures_journal_testcase(Filter_): # pragma: systemd no cover self.assertTrue(ticket) attempts = ticket.getAttempt() - ip = ticket.getIP() + ip = ticket.getID() ticket.getMatches() self.assertEqual(ip, test_ip) @@ -1646,7 +1646,7 @@ def get_monitor_failures_journal_testcase(Filter_): # pragma: systemd no cover self.waitForTicks(1) self.waitFailTotal(6, 10) self.assertTrue(Utils.wait_for(lambda: len(self.jail) == 2, 10)) - self.assertSortedEqual([self.jail.getFailTicket().getIP(), self.jail.getFailTicket().getIP()], + self.assertSortedEqual([self.jail.getFailTicket().getID(), self.jail.getFailTicket().getID()], ["192.0.2.1", "192.0.2.2"]) cls = MonitorJournalFailures diff --git a/fail2ban/tests/observertestcase.py b/fail2ban/tests/observertestcase.py index 315c955a..9b44c6dd 100644 --- a/fail2ban/tests/observertestcase.py +++ b/fail2ban/tests/observertestcase.py @@ -367,14 +367,14 @@ class BanTimeIncrDB(LogCaptureTestCase): # this old ticket should be removed now: restored_tickets = self.db.getCurrentBans(fromtime=stime, correctBanTime=False) self.assertEqual(len(restored_tickets), 2) - self.assertEqual(restored_tickets[0].getIP(), ip) + self.assertEqual(restored_tickets[0].getID(), ip) # purge remove 1st ip self.db._purgeAge = -48*60*60 self.db.purge() restored_tickets = self.db.getCurrentBans(fromtime=stime, correctBanTime=False) self.assertEqual(len(restored_tickets), 1) - self.assertEqual(restored_tickets[0].getIP(), ip+'1') + self.assertEqual(restored_tickets[0].getID(), ip+'1') # this should purge all bans, bips and logs - nothing should be found now self.db._purgeAge = -240*60*60 diff --git a/fail2ban/tests/tickettestcase.py b/fail2ban/tests/tickettestcase.py index d7d5f19a..945da7bd 100644 --- a/fail2ban/tests/tickettestcase.py +++ b/fail2ban/tests/tickettestcase.py @@ -39,6 +39,7 @@ class TicketTests(unittest.TestCase): # Ticket t = Ticket('193.168.0.128', tm, matches) + self.assertEqual(t.getID(), '193.168.0.128') self.assertEqual(t.getIP(), '193.168.0.128') self.assertEqual(t.getTime(), tm) self.assertEqual(t.getMatches(), matches2) @@ -65,6 +66,7 @@ class TicketTests(unittest.TestCase): matches = ['first', 'second'] ft = FailTicket('193.168.0.128', tm, matches) ft.setBanTime(60*60) + self.assertEqual(ft.getID(), '193.168.0.128') self.assertEqual(ft.getIP(), '193.168.0.128') self.assertEqual(ft.getTime(), tm) self.assertEqual(ft.getMatches(), matches2) |