Add exception handler for when pfctl operations fail

jail2ban/__init__.py

@@ -5,6 +5,7 @@ from ipaddress import ip_address
 import re
 from jail2ban.pfctl import pfctl_table_op, pfctl_cfg_read, pfctl_cfg_write
 from jail2ban.auth import get_users
+from subprocess import CalledProcessError
 
 
 auth = HTTPBasicAuth()
@@ -130,6 +131,14 @@ def create_app():
         app.logger.fatal(error)
         return jsonify({'error': str(error)}), 500
 
+    @app.errorhandler(CalledProcessError)
+    def subprocess_err(error):
+        '''
+        Show a json parsable error if the value is illegal
+        '''
+        app.logger.fatal(error)
+        return jsonify({'error': str(error)}), 500
+
     @auth.error_handler
     def auth_error():
         app.logger.error('Access Denied')

tests/test_flush.py

@@ -1,5 +1,6 @@
 import base64
 from types import SimpleNamespace
+from subprocess import CalledProcessError
 
 
 def test_flush(client, mocker):
@@ -19,3 +20,19 @@ def test_flush(client, mocker):
                           headers={"Authorization": "Basic " + valid_credentials})
 
     assert response.json['operation'] == 'flush'
+
+
+def test_flush_nonexistent(client, mocker):
+
+    cmd = ['/usr/local/bin/sudo', '/sbin/pfctl', '-a', 'some/anchor', '-t', 'nonexistent', '-T', 'flush']
+
+    mocker.patch('jail2ban.pfctl.run',
+                 side_effect=CalledProcessError(255, cmd, output=b'',
+                                                stderr=b'pfctl: Table does not exist'))
+
+    valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
+    name = 'nonexistent'
+    response = client.get(f"/flush/{name}",
+                          headers={"Authorization": "Basic " + valid_credentials})
+
+    assert 'error' in response.json