TASK-010: Replace .split() with shlex.split() for fail2ban_start_command

- Add @field_validator for fail2ban_start_command to validate with shlex.split() at startup, catching misconfigured commands with mismatched quotes - Replace .split() with shlex.split() in jail_config.py line 450 - Replace .split() with shlex.split() in config_misc.py line 154 - Update Backend-Development.md with configuration documentation explaining quoted path handling and common pitfalls - Add comprehensive test suite (8 tests) covering valid commands, quoted paths, and mismatched quote errors This fix ensures commands like '/opt/my tools/fail2ban-client' start are correctly parsed as two tokens instead of three, preventing execution failures when the path contains spaces. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-26 13:04:14 +02:00
parent 4ab767e3d4
commit 8698b89f6a
6 changed files with 160 additions and 38 deletions
--- a/backend/app/config.py
+++ b/backend/app/config.py
@@ -4,6 +4,7 @@ Follows pydantic-settings patterns: all values are prefixed with BANGUI_
 and validated at startup via the Settings singleton.
 """

+import shlex
 from typing import Literal

 from pydantic import Field, field_validator
@@ -151,6 +152,32 @@ class Settings(BaseSettings):
        ),
    )

+    @field_validator("fail2ban_start_command", mode="after")
+    @classmethod
+    def _validate_fail2ban_start_command(cls, value: str) -> str:
+        """Validate fail2ban_start_command by attempting to parse it with shlex.
+
+        Ensures the command can be split into arguments without shell interpretation.
+        Raises ValueError if the command contains mismatched quotes.
+
+        Args:
+            value: The fail2ban start command string.
+
+        Returns:
+            The validated command string.
+
+        Raises:
+            ValueError: If the command contains mismatched quotes.
+        """
+        try:
+            shlex.split(value)
+        except ValueError as e:
+            raise ValueError(
+                f"fail2ban_start_command contains mismatched quotes or is otherwise "
+                f"unparseable: {value!r} — {e}"
+            ) from e
+        return value
+
    model_config = SettingsConfigDict(
        env_prefix="BANGUI_",
        env_file=".env",