Add exception handler for when pfctl operations fail

2022-03-11 21:21:40 +01:00 · 2022-03-11 21:21:40 +01:00 · 542718b956
commit 542718b956
parent 34f871ae75
2 changed files with 26 additions and 0 deletions
--- a/jail2ban/init.py
+++ b/jail2ban/init.py
@ -5,6 +5,7 @@ from ipaddress import ip_address
 import re
 from jail2ban.pfctl import pfctl_table_op, pfctl_cfg_read, pfctl_cfg_write
 from jail2ban.auth import get_users
+from subprocess import CalledProcessError


 auth = HTTPBasicAuth()
@ -130,6 +131,14 @@ def create_app():
        app.logger.fatal(error)
        return jsonify({'error': str(error)}), 500

+    @app.errorhandler(CalledProcessError)
+    def subprocess_err(error):
+        '''
+        Show a json parsable error if the value is illegal
+        '''
+        app.logger.fatal(error)
+        return jsonify({'error': str(error)}), 500
+
    @auth.error_handler
    def auth_error():
        app.logger.error('Access Denied')
--- a/tests/test_flush.py
+++ b/tests/test_flush.py
@ -1,5 +1,6 @@
 import base64
 from types import SimpleNamespace
+from subprocess import CalledProcessError


 def test_flush(client, mocker):
@ -19,3 +20,19 @@ def test_flush(client, mocker):
                          headers={"Authorization": "Basic " + valid_credentials})

    assert response.json['operation'] == 'flush'
+
+
+def test_flush_nonexistent(client, mocker):
+
+    cmd = ['/usr/local/bin/sudo', '/sbin/pfctl', '-a', 'some/anchor', '-t', 'nonexistent', '-T', 'flush']
+
+    mocker.patch('jail2ban.pfctl.run',
+                 side_effect=CalledProcessError(255, cmd, output=b'',
+                                                stderr=b'pfctl: Table does not exist'))
+
+    valid_credentials = base64.b64encode(b"test.example.com:testpassword").decode("utf-8")
+    name = 'nonexistent'
+    response = client.get(f"/flush/{name}",
+                          headers={"Authorization": "Basic " + valid_credentials})
+
+    assert 'error' in response.json