[SSHGuard-users] [Proposal] Handle End-of-line comments in Whitelists

[Kevin B. <kev...@gm...>]

Hi there,

having noticed that someone added an entry, into a whitelist file, that was
already covered by a range further up the file, it struck me that it might
be useful if there could be comments after the to-be-whitelisted IP address
or range, eg

127.0.0.0/8		# Loopback range
nnn.nnn.nnn.nn/20	# Some Org's range

and so on, rather than having commented lines above each entries.

Looking into the code I've  the following patch would achieve the desired
result (although strsep() isn't as portable as a much more convoluted strtok()
based "soultion") but there may be some test cases you have that I can't check
against.

Any clues/pointers there and/or would there be any interest in developing this
idea so that it does? (Or just accepting it as is, if it passes your tests!)

Furthermore, would there be any interest in having an extra flag, in the blocker,
that would "turn on" some logging of successful parsing of the whitelist, that
could then be used in testing (some people here still aren't convinced) and,
whilst I'm at that, I could even expand the usage() function to spit out the
option flags and a brief description, rather than just, well, you know what it
does at present.

No probs if this doesn't "float your boat", and thanks for SSHGuard,
Kevin Buckley

That patch in the body of the email for perusal (also attached as a file)

diff -ur sshguard-2.4.0-dist/src/blocker/sshguard_whitelist.c sshguard-2.4.0/src/blocker/sshguard_whitelist.c
--- sshguard-2.4.0-dist/src/blocker/sshguard_whitelist.c        2018-12-16 10:41:51.000000000 +0800
+++ sshguard-2.4.0/src/blocker/sshguard_whitelist.c     2020-05-13 15:34:14.857159691 +0800
@@ -137,6 +137,7 @@
      char line[WHITELIST_SRCLINE_LEN];
      int lineno = 0;
      size_t len;
+    char* pos;
  
  
      if (filename == NULL) return -1;
@@ -155,6 +156,9 @@
          len = strlen(line);
          if (len == 0) continue;
          if (line[len-1] == '\n') line[len-1] = '\0';
+        /* handle EOL spaces, TABs and comments, */
+        pos = line;
+        strsep(&pos, " \t#");
          /* handling line */
          if (whitelist_add(line) != 0) {
              sshguard_log(LOG_ERR, "whitelist: Unable to handle line %d from whitelist file \"%s\".", lineno, filename);