"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "fail2ban/tests/fail2banclienttestcase.py" between
fail2ban-0.10.5.tar.gz and fail2ban-0.11.1.tar.gz

About:

fail2banclienttestcase.py  (fail2ban-0.10.5):fail2banclienttestcase.py  (fail2ban-0.11.1)
skipping to change at line 47 skipping to change at line 47
from ..client import fail2banclient, fail2banserver, fail2bancmdline from ..client import fail2banclient, fail2banserver, fail2bancmdline
from ..client.fail2bancmdline import Fail2banCmdLine from ..client.fail2bancmdline import Fail2banCmdLine
from ..client.fail2banclient import exec_command_line as _exec_client, VisualWai t from ..client.fail2banclient import exec_command_line as _exec_client, VisualWai t
from ..client.fail2banserver import Fail2banServer, exec_command_line as _exec_s erver from ..client.fail2banserver import Fail2banServer, exec_command_line as _exec_s erver
from .. import protocol from .. import protocol
from ..server import server from ..server import server
from ..server.mytime import MyTime from ..server.mytime import MyTime
from ..server.utils import Utils from ..server.utils import Utils
from .utils import LogCaptureTestCase, logSys as DefLogSys, with_tmpdir, shutil, logging, \ from .utils import LogCaptureTestCase, logSys as DefLogSys, with_tmpdir, shutil, logging, \
STOCK, CONFIG_DIR as STOCK_CONF_DIR STOCK, CONFIG_DIR as STOCK_CONF_DIR, TEST_NOW, tearDownMyTime
from ..helpers import getLogger from ..helpers import getLogger
# Gets the instance of the logger. # Gets the instance of the logger.
logSys = getLogger(__name__) logSys = getLogger(__name__)
CLIENT = "fail2ban-client" CLIENT = "fail2ban-client"
SERVER = "fail2ban-server" SERVER = "fail2ban-server"
BIN = dirname(Fail2banServer.getServerPath()) BIN = dirname(Fail2banServer.getServerPath())
skipping to change at line 81 skipping to change at line 81
SRV_DEF_LOGTARGET = server.DEF_LOGTARGET SRV_DEF_LOGTARGET = server.DEF_LOGTARGET
SRV_DEF_LOGLEVEL = server.DEF_LOGLEVEL SRV_DEF_LOGLEVEL = server.DEF_LOGLEVEL
def _test_output(*args): def _test_output(*args):
logSys.info(args[0]) logSys.info(args[0])
fail2bancmdline.output = \ fail2bancmdline.output = \
fail2banclient.output = \ fail2banclient.output = \
fail2banserver.output = \ fail2banserver.output = \
protocol.output = _test_output protocol.output = _test_output
def _time_shift(shift):
# jump to the future (+shift minutes):
logSys.debug("===>>> time shift + %s min", shift)
MyTime.setTime(MyTime.time() + shift*60)
Observers = server.Observers
def _observer_wait_idle():
"""Helper to wait observer becomes idle"""
if Observers.Main is not None:
Observers.Main.wait_empty(MID_WAITTIME)
Observers.Main.wait_idle(MID_WAITTIME / 5)
def _observer_wait_before_incrban(cond, timeout=MID_WAITTIME):
"""Helper to block observer before increase bantime until some condition
gets true"""
if Observers.Main is not None:
# switch ban handler:
_obs_banFound = Observers.Main.banFound
def _banFound(*args, **kwargs):
# restore original handler:
Observers.Main.banFound = _obs_banFound
# wait for:
logSys.debug(' [Observer::banFound] *** observer blocked
for test')
Utils.wait_for(cond, timeout)
logSys.debug(' [Observer::banFound] +++ observer runs ag
ain')
# original banFound:
_obs_banFound(*args, **kwargs)
Observers.Main.banFound = _banFound
# #
# Mocking .exit so we could test its correct operation. # Mocking .exit so we could test its correct operation.
# Two custom exceptions will be assessed to be raised in the tests # Two custom exceptions will be assessed to be raised in the tests
# #
class ExitException(fail2bancmdline.ExitException): class ExitException(fail2bancmdline.ExitException):
"""Exception upon a normal exit""" """Exception upon a normal exit"""
pass pass
class FailExitException(fail2bancmdline.ExitException): class FailExitException(fail2bancmdline.ExitException):
skipping to change at line 350 skipping to change at line 379
finally: finally:
if th: if th:
# wait for server end (if not yet already exited): # wait for server end (if not yet already exited):
DefLogSys.info('=== within server: end. ===') DefLogSys.info('=== within server: end. ===')
self.pruneLog() self.pruneLog()
self.stopAndWaitForServerEnd() self.stopAndWaitForServerEnd()
# we start client/server directly in curr ent process (new thread), # we start client/server directly in curr ent process (new thread),
# so don't kill (same process) - if succe ss, just wait for end of worker: # so don't kill (same process) - if succe ss, just wait for end of worker:
if phase.get('end', None): if phase.get('end', None):
th.join() th.join()
tearDownMyTime()
return wrapper return wrapper
return _deco_wrapper return _deco_wrapper
class Fail2banClientServerBase(LogCaptureTestCase): class Fail2banClientServerBase(LogCaptureTestCase):
_orig_exit = Fail2banCmdLine._exit _orig_exit = Fail2banCmdLine._exit
def _setLogLevel(self, *args, **kwargs): def _setLogLevel(self, *args, **kwargs):
pass pass
skipping to change at line 375 skipping to change at line 405
server.DEF_LOGLEVEL = DefLogSys.level server.DEF_LOGLEVEL = DefLogSys.level
Fail2banCmdLine._exit = staticmethod(self._test_exit) Fail2banCmdLine._exit = staticmethod(self._test_exit)
def tearDown(self): def tearDown(self):
"""Call after every test case.""" """Call after every test case."""
Fail2banCmdLine._exit = self._orig_exit Fail2banCmdLine._exit = self._orig_exit
# restore server log target: # restore server log target:
server.DEF_LOGTARGET = SRV_DEF_LOGTARGET server.DEF_LOGTARGET = SRV_DEF_LOGTARGET
server.DEF_LOGLEVEL = SRV_DEF_LOGLEVEL server.DEF_LOGLEVEL = SRV_DEF_LOGLEVEL
LogCaptureTestCase.tearDown(self) LogCaptureTestCase.tearDown(self)
tearDownMyTime()
@staticmethod @staticmethod
def _test_exit(code=0): def _test_exit(code=0):
if code == 0: if code == 0:
raise ExitException() raise ExitException()
else: else:
raise FailExitException() raise FailExitException()
def _wait_for_srv(self, tmp, ready=True, startparams=None, phase=None): def _wait_for_srv(self, tmp, ready=True, startparams=None, phase=None):
if not phase: phase = {} if not phase: phase = {}
skipping to change at line 994 skipping to change at line 1025
"[test-jail1] Ban 192.0.2.8", "[test-jail1] Ban 192.0.2.8",
"[test-jail2] Ban 192.0.2.4", "[test-jail2] Ban 192.0.2.4",
"[test-jail2] Ban 192.0.2.8", all=True) "[test-jail2] Ban 192.0.2.8", all=True)
# test ips at all not visible for jail2: # test ips at all not visible for jail2:
self.assertNotLogged( self.assertNotLogged(
"[test-jail2] Found 192.0.2.2", "[test-jail2] Found 192.0.2.2",
"[test-jail2] Ban 192.0.2.2", "[test-jail2] Ban 192.0.2.2",
"[test-jail2] Found 192.0.2.3", "[test-jail2] Found 192.0.2.3",
"[test-jail2] Ban 192.0.2.3", "[test-jail2] Ban 192.0.2.3",
all=True) all=True)
# if observer available wait for it becomes idle (write all ticke
ts to db):
_observer_wait_idle()
# rotate logs: # rotate logs:
_write_file(test1log, "w+") _write_file(test1log, "w+")
_write_file(test2log, "w+") _write_file(test2log, "w+")
# restart jail without unban all: # restart jail without unban all:
self.pruneLog("[test-phase 2c]") self.pruneLog("[test-phase 2c]")
self.execCmd(SUCCESS, startparams, self.execCmd(SUCCESS, startparams,
"restart", "test-jail2") "restart", "test-jail2")
self.assertLogged( self.assertLogged(
skipping to change at line 1037 skipping to change at line 1070
# ban manually to test later flush by unban all: # ban manually to test later flush by unban all:
self.pruneLog("[test-phase 2d]") self.pruneLog("[test-phase 2d]")
self.execCmd(SUCCESS, startparams, self.execCmd(SUCCESS, startparams,
"set", "test-jail2", "banip", "192.0.2.21") "set", "test-jail2", "banip", "192.0.2.21")
self.execCmd(SUCCESS, startparams, self.execCmd(SUCCESS, startparams,
"set", "test-jail2", "banip", "192.0.2.22") "set", "test-jail2", "banip", "192.0.2.22")
self.assertLogged( self.assertLogged(
"stdout: '[test-jail2] test-action3: ++ ban 192.0.2.22", "stdout: '[test-jail2] test-action3: ++ ban 192.0.2.22",
"stdout: '[test-jail2] test-action3: ++ ban 192.0.2.22 ", all=True, wait=MID_WAITTIME) "stdout: '[test-jail2] test-action3: ++ ban 192.0.2.22 ", all=True, wait=MID_WAITTIME)
# get banned ips:
_observer_wait_idle()
self.pruneLog("[test-phase 2d.1]")
self.execCmd(SUCCESS, startparams, "get", "test-jail2", "banip",
"\n")
self.assertLogged(
"192.0.2.4", "192.0.2.8", "192.0.2.21", "192.0.2.22", all
=True, wait=MID_WAITTIME)
self.pruneLog("[test-phase 2d.2]")
self.execCmd(SUCCESS, startparams, "get", "test-jail1", "banip")
self.assertLogged(
"192.0.2.1", "192.0.2.2", "192.0.2.3", "192.0.2.4", "192.
0.2.8", all=True, wait=MID_WAITTIME)
# restart jail with unban all: # restart jail with unban all:
self.pruneLog("[test-phase 2e]") self.pruneLog("[test-phase 2e]")
self.execCmd(SUCCESS, startparams, self.execCmd(SUCCESS, startparams,
"restart", "--unban", "test-jail2") "restart", "--unban", "test-jail2")
self.assertLogged( self.assertLogged(
"Reload finished.", "Reload finished.",
"Jail 'test-jail2' started", all=True, wait=MID_WAITTIME) "Jail 'test-jail2' started", all=True, wait=MID_WAITTIME)
self.assertLogged( self.assertLogged(
"Jail 'test-jail2' stopped", "Jail 'test-jail2' stopped",
"Jail 'test-jail2' started", "Jail 'test-jail2' started",
skipping to change at line 1229 skipping to change at line 1273
'usedns = no', 'usedns = no',
'logpath = %(tmp)s/blck-failures.log', 'logpath = %(tmp)s/blck-failures.log',
'action = nginx-block-map[blck_lst_reload="", blck_lst_fi le="%(tmp)s/blck-lst.map"]', 'action = nginx-block-map[blck_lst_reload="", blck_lst_fi le="%(tmp)s/blck-lst.map"]',
' blocklist_de[actionban=\'curl() { echo "*** cur l" "$*";}; <Definition/actionban>\', email="Fail2Ban <fail2ban@localhost>", ' ' blocklist_de[actionban=\'curl() { echo "*** cur l" "$*";}; <Definition/actionban>\', email="Fail2Ban <fail2ban@localhost>", '
'apikey="TEST-API-KEY", agent="fail2ban-test-agent", se rvice=<name>]', 'apikey="TEST-API-KEY", agent="fail2ban-test-agent", se rvice=<name>]',
'filter =', 'filter =',
'datepattern = ^Epoch', 'datepattern = ^Epoch',
'failregex = ^ failure "<F-ID>[^"]+</F-ID>" - <ADDR>', 'failregex = ^ failure "<F-ID>[^"]+</F-ID>" - <ADDR>',
'maxretry = 1', # ban by first failure 'maxretry = 1', # ban by first failure
'enabled = true', 'enabled = true',
) )
}) })
def testServerActions_NginxBlockMap(self, tmp, startparams): def testServerActions_NginxBlockMap(self, tmp, startparams):
cfg = pjoin(tmp, "config") cfg = pjoin(tmp, "config")
lgfn = '%(tmp)s/blck-failures.log' % {'tmp': tmp} lgfn = '%(tmp)s/blck-failures.log' % {'tmp': tmp}
mpfn = '%(tmp)s/blck-lst.map' % {'tmp': tmp} mpfn = '%(tmp)s/blck-lst.map' % {'tmp': tmp}
# ban sessions (write log like nginx does it with f2b_session_err ors log-format): # ban sessions (write log like nginx does it with f2b_session_err ors log-format):
_write_file(lgfn, "w+", _write_file(lgfn, "w+",
str(int(MyTime.time())) + ' failure "125-000-001" - 192.0 .2.1', str(int(MyTime.time())) + ' failure "125-000-001" - 192.0 .2.1',
str(int(MyTime.time())) + ' failure "125-000-002" - 192.0 .2.1', str(int(MyTime.time())) + ' failure "125-000-002" - 192.0 .2.1',
str(int(MyTime.time())) + ' failure "125-000-003" - 192.0 .2.1 (\xf2\xf0\xe5\xf2\xe8\xe9)', str(int(MyTime.time())) + ' failure "125-000-003" - 192.0 .2.1 (\xf2\xf0\xe5\xf2\xe8\xe9)',
skipping to change at line 1404 skipping to change at line 1448
self.assertNotLogged(m) self.assertNotLogged(m)
self.assertNotIn(m, td) self.assertNotIn(m, td)
self.pruneLog("[test-phase stop server]") self.pruneLog("[test-phase stop server]")
# stop server and wait for end: # stop server and wait for end:
self.stopAndWaitForServerEnd(SUCCESS) self.stopAndWaitForServerEnd(SUCCESS)
# just to debug actionstop: # just to debug actionstop:
self.assertFalse(exists(tofn)) self.assertFalse(exists(tofn))
@with_foreground_server_thread()
def testServerObserver(self, tmp, startparams):
cfg = pjoin(tmp, "config")
test1log = pjoin(tmp, "test1.log")
os.mkdir(pjoin(cfg, "action.d"))
def _write_action_cfg(actname="test-action1", prolong=True):
fn = pjoin(cfg, "action.d", "%s.conf" % actname)
_write_file(fn, "w",
"[DEFAULT]",
"",
"[Definition]",
"actionban = printf %%s \"[%(name)s] %(actnam
e)s: ++ ban <ip> -c <bancount> -t <bantime> : <F-MSG>\"", \
"actionprolong = printf %%s \"[%(name)s] %(actnam
e)s: ++ prolong <ip> -c <bancount> -t <bantime> : <F-MSG>\"" \
if prolong else "",
"actionunban = printf %%b '[%(name)s] %(actname
)s: -- unban <ip>'",
)
if unittest.F2B.log_level <= logging.DEBUG: # pragma: no
cover
_out_file(fn)
def _write_jail_cfg(backend="polling"):
_write_file(pjoin(cfg, "jail.conf"), "w",
"[INCLUDES]", "",
"[DEFAULT]", "",
"usedns = no",
"maxretry = 3",
"findtime = 1m",
"bantime = 5m",
"bantime.increment = true",
"datepattern = {^LN-BEG}EPOCH",
"",
"[test-jail1]", "backend = " + backend, "filter =
",
"action = test-action1[name='%(__name__)s']",
" test-action2[name='%(__name__)s']",
"logpath = " + test1log,
r"failregex = ^\s*failure <F-ERRCODE>401|403</F-E
RRCODE> from <HOST>:\s*<F-MSG>.*</F-MSG>$",
"enabled = true",
"",
)
if unittest.F2B.log_level <= logging.DEBUG: # pragma: no
cover
_out_file(pjoin(cfg, "jail.conf"))
# create test config:
_write_action_cfg(actname="test-action1", prolong=False)
_write_action_cfg(actname="test-action2", prolong=True)
_write_jail_cfg()
_write_file(test1log, "w")
# initial start:
self.pruneLog("[test-phase 0) time-0]")
self.execCmd(SUCCESS, startparams, "reload")
# generate bad ip:
_write_file(test1log, "w+", *(
(str(int(MyTime.time())) + " failure 401 from 192.0.2.11: I'm b
ad \"hacker\" `` $(echo test)",) * 3
))
# wait for ban:
_observer_wait_idle()
self.assertLogged(
"stdout: '[test-jail1] test-action1: ++ ban 192.0.2.11 -c
1 -t 300 : ",
"stdout: '[test-jail1] test-action2: ++ ban 192.0.2.11 -c
1 -t 300 : ",
all=True, wait=MID_WAITTIME)
# wait for observer idle (write all tickets to db):
_observer_wait_idle()
self.pruneLog("[test-phase 1) time+10m]")
# jump to the future (+10 minutes):
_time_shift(10)
_observer_wait_idle()
self.assertLogged(
"stdout: '[test-jail1] test-action1: -- unban 192.0.2.11"
,
"stdout: '[test-jail1] test-action2: -- unban 192.0.2.11"
,
"0 ticket(s) in 'test-jail1'",
all=True, wait=MID_WAITTIME)
_observer_wait_idle()
self.pruneLog("[test-phase 2) time+10m]")
# following tests are time-related - observer can prolong ticket
(increase ban-time)
# before banning, so block it here before banFound called, prolon
g case later:
wakeObs = False
_observer_wait_before_incrban(lambda: wakeObs)
# write again (IP already bad):
_write_file(test1log, "w+", *(
(str(int(MyTime.time())) + " failure 401 from 192.0.2.11: I'm v
ery bad \"hacker\" `` $(echo test)",) * 2
))
# wait for ban:
self.assertLogged(
"stdout: '[test-jail1] test-action1: ++ ban 192.0.2.11 -c
2 -t 300 : ",
"stdout: '[test-jail1] test-action2: ++ ban 192.0.2.11 -c
2 -t 300 : ",
all=True, wait=MID_WAITTIME)
# get banned ips with time:
self.pruneLog("[test-phase 2) time+10m - get-ips]")
self.execCmd(SUCCESS, startparams, "get", "test-jail1", "banip",
"--with-time")
self.assertLogged(
"192.0.2.11", "+ 300 =", all=True, wait=MID_WAITTIME)
# unblock observer here and wait it is done:
wakeObs = True
_observer_wait_idle()
self.pruneLog("[test-phase 2) time+11m]")
# jump to the future (+1 minute):
_time_shift(1)
# wait for observer idle (write all tickets to db):
_observer_wait_idle()
# wait for prolong:
self.assertLogged(
"stdout: '[test-jail1] test-action2: ++ prolong 192.0.2.1
1 -c 2 -t 600 : ",
all=True, wait=MID_WAITTIME)
# get banned ips with time:
_observer_wait_idle()
self.pruneLog("[test-phase 2) time+11m - get-ips]")
self.execCmd(SUCCESS, startparams, "get", "test-jail1", "banip",
"--with-time")
self.assertLogged(
"192.0.2.11", "+ 600 =", all=True, wait=MID_WAITTIME)
# test multiple start/stop of the server (threaded in foreground) -- # test multiple start/stop of the server (threaded in foreground) --
if False: # pragma: no cover if False: # pragma: no cover
@with_foreground_server_thread() @with_foreground_server_thread()
def _testServerStartStop(self, tmp, startparams): def _testServerStartStop(self, tmp, startparams):
# stop server and wait for end: # stop server and wait for end:
self.stopAndWaitForServerEnd(SUCCESS) self.stopAndWaitForServerEnd(SUCCESS)
def testServerStartStop(self): def testServerStartStop(self):
for i in xrange(2000): for i in xrange(2000):
self._testServerStartStop() self._testServerStartStop()
 End of changes. 8 change blocks. 
2 lines changed or deleted 188 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)