Merge branch '4-create-a-list-route-for-showing-banned-addresses' into 'develop'

Resolve "Create a /list route for showing banned addresses"

See merge request ruben/jail2ban-pf!7

.gitea/workflows/flake8.yml

@@ -1,17 +0,0 @@
----
-name: Flake8
-on: [push]
-
-
-# XXX need to do stuff with uv
-jobs:
-  build:
-    runs-on: freebsd
-    strategy:
-      matrix:
-        python-version: ["3.11"]
-    steps:
-      - uses: actions/checkout@v4
-      - name: Analyse code with Flake8
-        run: |
-          flake8 $(git ls-files '*.py')

.gitea/workflows/mypy.yml

@@ -1,17 +0,0 @@
----
-name: Mypy
-on: [push]
-
-
-# XXX need to do stuff with uv
-jobs:
-  build:
-    runs-on: freebsd
-    strategy:
-      matrix:
-        python-version: ["3.11"]
-    steps:
-      - uses: actions/checkout@v4
-      - name: Analyse code with Mypy
-        run: |
-          mypy --install-types --non-interactive $(git ls-files '*.py')

.gitea/workflows/pylint.yml

@@ -1,17 +0,0 @@
----
-name: Pylint
-on: [push]
-
-
-# XXX need to do stuff with uv
-jobs:
-  build:
-    runs-on: freebsd
-    strategy:
-      matrix:
-        python-version: ["3.11"]
-    steps:
-      - uses: actions/checkout@v4
-      - name: Analyse code with Pylint
-        run: |
-          pylint $(git ls-files '*.py')

.gitignore

@@ -1,5 +1,7 @@
 venv/
 
+*.sw?
+
 *.pyc
 __pycache__/
 

.gitlab-ci.yml

@@ -1,34 +1,6 @@
----
-run pylint:
-  stage: test
-  image: python:3.11
-  script:
-    - pip install --upgrade pylint
-    - pylint $(git ls-files '*.py')
-  tags:
-    - docker
-
-run flake8:
-  stage: test
-  image: python:3.11
-  script:
-    - pip install --upgrade flake8
-    - flake8 $(git ls-files '*.py')
-  tags:
-    - docker
-
-run mypy:
-  stage: test
-  image: python:3.11
-  script:
-    - pip install --upgrade mypy
-    - mypy --install-types --non-interactive $(git ls-files '*.py')
-  tags:
-    - docker
-
 run tests:
   stage: test
-  image: python:3.11
+  image: python:3.9
   script:
     - pip install pytest pytest-cov pytest-mock pytest-flask
     - pip install Flask-HTTPAuth

.pylintrc

@@ -0,0 +1,2 @@
+[TYPECHECK]
+generated-members=app.logger.*

README.md

@@ -1,7 +1,6 @@
 [![pipeline status](https://gitlab.niet.verweg.com/ruben/jail2ban-pf/badges/main/pipeline.svg)](https://gitlab.niet.verweg.com/ruben/jail2ban-pf/-/commits/main)
 [![coverage report](https://gitlab.niet.verweg.com/ruben/jail2ban-pf/badges/main/coverage.svg)](https://gitlab.niet.verweg.com/ruben/jail2ban-pf/-/commits/main)
 
-An API to remotely control a pf based fail2ban
 
 ## Installation
 

jail2ban/__init__.py

@@ -1,17 +1,16 @@
 '''
-An API to remotely control a pf based fail2ban
+jail2ban, a remote fail2ban action plugin using OpenBSD pf(8)
 '''
-
-import re
 from ipaddress import ip_address
+import re
 from subprocess import CalledProcessError
 
-from flask import Flask, current_app, jsonify, request
+from flask import Flask, request, jsonify, current_app
-from flask_httpauth import HTTPBasicAuth  # type: ignore
+from flask_httpauth import HTTPBasicAuth
 from werkzeug.security import check_password_hash
 
+from jail2ban.pfctl import pfctl_table_op, pfctl_cfg_read, pfctl_cfg_write
 from jail2ban.auth import get_users
-from jail2ban.pfctl import pfctl_cfg_read, pfctl_cfg_write, pfctl_table_op
 
 
 auth = HTTPBasicAuth()
@@ -21,8 +20,15 @@ PAT_PORT = r'^any(?:\s+port\s+{\w+(?:,\w+)*})?$'
 PAT_PROT = r'^(?:tcp|udp)$'
 PAT_NAME = r'^[\w\-]+$'
 
+_PFCTL_TABLE_PAT = r'''\s+(?P<addr>\S+)\n
+\s+Cleared:\s+(?P<date>\S+\s+\S+\s+\d+\s+(?:\d{2}:){2}\d{2}\s+\d{4})\n
+\s+In/Block:\s+\[\s+Packets:\s+(?P<in_pckt_block>\d+)\s+Bytes:\s+(?P<in_bytes_block>\d+)\s+\]\n
+\s+In/Pass:\s+\[\s+Packets:\s+(?P<in_pckt_pass>\d+)\s+Bytes:\s+(?P<in_bytes_pass>\d+)\s+\]\n
+\s+Out/Block:\s+\[\s+Packets:\s+(?P<out_pckt_block>\d+)\s+Bytes:\s+(?P<out_bytes_block>\d+)\s+\]\n
+\s+Out/Pass:\s+\[\s+Packets:\s+(?P<out_pckt_pass>\d+)\s+Bytes:\s+(?P<out_bytes_pass>\d+)\s+\]'''
 
-def untaint(pattern: str, string: str) -> str:
+
+def untaint(pattern, string):
     '''
     untaint string (as perl does)
     '''
@@ -34,7 +40,7 @@ def untaint(pattern: str, string: str) -> str:
 
 def create_app():
     '''
-    Create the flask application
+    Create wsgi application instance
     '''
     app = Flask(__name__, instance_relative_config=True)
 
@@ -42,7 +48,7 @@ def create_app():
     app.config.from_pyfile('config.py', silent=True)
 
     @auth.verify_password
-    def verify_password(username: str, password: str) -> str | None:
+    def verify_password(username, password):
         users = get_users()
         current_app.logger.debug(users)
         current_app.logger.debug('Checking password of %s', username)
@@ -56,18 +62,17 @@ def create_app():
     def ping():
         remote_user = auth.username()
         app.logger.info('Received ping for'
-                        ' anchor f2b-jail/%s', remote_user)
+                        f' anchor f2b-jail/{remote_user}')
         return jsonify({'anchor': f'f2b-jail/{remote_user}',
                         'operation': 'ping',
                         'result': 'pong'})
-
     @app.route("/flush/<name>", methods=['GET'])
     @auth.login_required
     def flush(name):
         remote_user = auth.username()
         name = untaint(PAT_NAME, name)
-        app.logger.info('Flushing table f2b-%s'
+        app.logger.info(f'Flushing table f2b-{name}'
-                        ' in anchor f2b-jail/%s', name, remote_user)
+                        f' in anchor f2b-jail/{remote_user}')
         res = pfctl_table_op('f2b-jail/{remote_user}',
                              table='f2b-{name}',
                              operation='flush')
@@ -76,6 +81,36 @@ def create_app():
                         'operation': 'flush',
                         'result': [x.decode('ascii') for x in res]})
 
+    @app.route("/list/<name>", methods=['GET'])
+    @auth.login_required
+    def list_table(name):
+        remote_user = auth.username()
+        name = untaint(PAT_NAME, name)
+        app.logger.info(f'Flushing table f2b-{name}'
+                        f' in anchor f2b-jail/{remote_user}')
+        reply = {'anchor': f'f2b-jail/{remote_user}',
+                        'table': f'f2b-{name}',
+                        'operation': 'list'}
+        try:
+            res = pfctl_table_op('f2b-jail/{remote_user}',
+                                 table='f2b-{name}',
+                                 operation='show',
+                                 verbose=True)
+        except CalledProcessError as err:
+            if err.stderr.find(b'pfctl: Table does not exist.') > 0:
+                res = []
+                reply.update({'error': f'\'{name}\' is not a known fail2ban jail'})
+            else:
+                raise err
+
+        result = [entry.groupdict() for entry in
+                  re.finditer(_PFCTL_TABLE_PAT,
+                              '\n'.join([x.decode('ascii') for x in res]),
+                              re.MULTILINE|re.VERBOSE)]
+        reply.update({'result': result})
+
+        return jsonify(reply), 200 if len(res) else 404
+
     @app.route("/register", methods=['PUT', 'DELETE'])
     @auth.login_required
     def register():
@@ -107,7 +142,7 @@ def create_app():
             pfctl_table_op(f'f2b-jail/{remote_user}',
                            table=f'f2b-{name}',
                            operation='kill')
-        app.logger.info('pfctl -a f2b-jail/%s -f-', remote_user)
+        app.logger.info(f'pfctl -a f2b-jail/{remote_user} -f-')
         return jsonify({'anchor': f'f2b-jail/{remote_user}',
                         'table': f'f2b-{name}',
                         'action': 'start' if request.method == 'PUT'
@@ -121,21 +156,21 @@ def create_app():
         data = request.get_json()
         # name / ip
         name = untaint(PAT_NAME, data['name'])
-        ip = ip_address(data['ip'])
+        ip_addr = ip_address(data['ip'])
         if request.method == 'PUT':
-            app.logger.info('Add %s to f2b-%s'
+            app.logger.info(f'Add {ip_addr} to f2b-{name}'
-                            ' in anchor f2b-jail/%s', ip, name, remote_user)
+                            f' in anchor f2b-jail/{remote_user}')
             res = pfctl_table_op(f'f2b-jail/{remote_user}',
                                  table=f'f2b-{name}',
                                  operation='add',
-                                 value=str(ip))
+                                 value=str(ip_addr))
         else:  # 'DELETE':
-            app.logger.info('Remove %s from f2b-%s'
+            app.logger.info(f'Remove {ip_addr} from f2b-{name}'
-                            ' in anchor f2b-jail/%s', ip, name, remote_user)
+                            f' in anchor f2b-jail/{remote_user}')
             res = pfctl_table_op(f'f2b-jail/{remote_user}',
                                  table=f'f2b-{name}',
                                  operation='delete',
-                                 value=str(ip))
+                                 value=str(ip_addr))
         return jsonify({'anchor': f'f2b-jail/{remote_user}',
                         'table': f'f2b-{name}',
                         'operation': 'add' if request.method == 'PUT'
@@ -156,6 +191,8 @@ def create_app():
         Show a json parsable error if the value is illegal
         '''
         app.logger.fatal(error)
+        app.logger.fatal('stdout: %s', error.stderr)
+        app.logger.fatal('stderr: %s', error.stderr)
         return jsonify({'error': str(error)}), 500
 
     @app.errorhandler(FileNotFoundError)

jail2ban/auth.py

@@ -1,13 +1,7 @@
-'''
-Authentication backend
-'''
 from flask import current_app
 
 
 def get_users():
-    '''
-    Load users from password file (AUTHFILE)
-    '''
     users = {}
     authfile = current_app.config['AUTHFILE']
 

jail2ban/pfctl.py

@@ -1,5 +1,5 @@
 '''
-pf table/anchor operations
+Lowlevel routines for calling the pf binary with passwordless sudo
 '''
 import logging
 from subprocess import run
@@ -7,10 +7,9 @@ from subprocess import run
 _SUDO = '/usr/local/bin/sudo'
 _PFCTL = '/sbin/pfctl'
 
-
 def pfctl_cfg_read(anchor):
     '''
-    Read from pf anchor
+    Read pf rules stored under a certain anchor
     '''
     cmd = [_SUDO, _PFCTL, '-a', anchor, '-sr']
     logging.info('Running %s', cmd)
@@ -23,7 +22,7 @@ def pfctl_cfg_read(anchor):
 
 def pfctl_cfg_write(anchor, cfg):
     '''
-    Apply configuration to pf anchor
+    Write pf rules under a certain anchor
     '''
     cmd = [_SUDO, _PFCTL, '-a', anchor, '-f-']
     logging.info('Running %s', cmd)
@@ -41,15 +40,12 @@ def pfctl_cfg_write(anchor, cfg):
 def pfctl_table_op(anchor, **kwargs):
     '''
     pf table operation
-    Parameters:
-    * table: which table to work on
-    * operation: operation used on the table
-    * value (optional): value used for the operation
     '''
     table = kwargs['table']
     operation = kwargs['operation']
     value = kwargs['value'] if 'value' in kwargs else None
-    cmd = [_SUDO, _PFCTL, '-a', anchor, '-t', table, '-T', operation, value]
+    verbose =  '-v' if 'verbose' in kwargs and kwargs['verbose'] else None
+    cmd = [_SUDO, _PFCTL, '-a', anchor, '-t', table, verbose, '-T', operation, value]
 
     logging.info('Running %s', cmd)
 

tests/conftest.py

@@ -1,10 +1,5 @@
-'''
-Test fixtures
-'''
-import base64
-
 import pytest
-
+import base64
 from jail2ban import create_app
 
 
@@ -26,23 +21,14 @@ def app():
 
 @pytest.fixture()
 def client(app):
-    '''
-    Create a synthetic client
-    '''
     return app.test_client()
 
 
 @pytest.fixture()
 def runner(app):
-    '''
-    Create a synthetic runner
-    '''
     return app.test_cli_runner()
 
 
 @pytest.fixture()
 def valid_credentials():
-    '''
-    Mock authentication for the test
-    '''
     return base64.b64encode(b"test.example.com:testpassword").decode("utf-8")

tests/test_ban.py

@@ -1,13 +1,7 @@
-'''
-Test banning
-'''
 from types import SimpleNamespace
 
 
 def test_ban_ipv6(client, mocker, valid_credentials):
-    '''
-    Test ban an IPv6 address
-    '''
     def noop():
         pass
     run_res = SimpleNamespace()
@@ -28,9 +22,6 @@ def test_ban_ipv6(client, mocker, valid_credentials):
 
 
 def test_ban_ipv4(client, mocker, valid_credentials):
-    '''
-    Test ban an IPv4 address
-    '''
     def noop():
         pass
     run_res = SimpleNamespace()
@@ -51,9 +42,6 @@ def test_ban_ipv4(client, mocker, valid_credentials):
 
 
 def test_ban_invalid(client, mocker, valid_credentials):
-    '''
-    Test ban an invalid address
-    '''
     def noop():
         pass
     run_res = SimpleNamespace()
@@ -75,9 +63,6 @@ def test_ban_invalid(client, mocker, valid_credentials):
 
 
 def test_unban_ipv6(client, mocker, valid_credentials):
-    '''
-    Test unbanning an IPv6 address
-    '''
     def noop():
         pass
     run_res = SimpleNamespace()
@@ -98,9 +83,6 @@ def test_unban_ipv6(client, mocker, valid_credentials):
 
 
 def test_unban_ipv4(client, mocker, valid_credentials):
-    '''
-    Test unbanning an IPv4 address
-    '''
     def noop():
         pass
     run_res = SimpleNamespace()

tests/test_flush.py

@@ -1,14 +1,8 @@
-'''
-Test flushing pf tables
-'''
 from types import SimpleNamespace
 from subprocess import CalledProcessError
 
 
 def test_flush(client, mocker, valid_credentials):
-    '''
-    Test flushing existing entry
-    '''
     def noop():
         pass
     run_res = SimpleNamespace()
@@ -28,9 +22,6 @@ def test_flush(client, mocker, valid_credentials):
 
 
 def test_flush_nonexistent(client, mocker, valid_credentials):
-    '''
-    Test flushing non existing entry
-    '''
 
     cmd = ['/usr/local/bin/sudo',
            '/sbin/pfctl', '-a', 'some/anchor',
@@ -51,9 +42,6 @@ def test_flush_nonexistent(client, mocker, valid_credentials):
 
 
 def test_wrong_method(client, mocker, valid_credentials):
-    '''
-    Test invalid method
-    '''
 
     cmd = ['/usr/local/bin/sudo',
            '/sbin/pfctl', '-a', 'some/anchor',
@@ -73,10 +61,7 @@ def test_wrong_method(client, mocker, valid_credentials):
     assert response.status_code == 405
 
 
-def test_filenotfound(app, valid_credentials):
+def test_filenotfound(app, mocker, valid_credentials):
-    '''
-    Test for when AUTHFILE cannot be found
-    '''
 
     app.config.update({
         "AUTHFILE": '../tests/nonexistent-users-test.txt'

tests/test_list.py

@@ -0,0 +1,140 @@
+'''
+Tests for /list route
+'''
+from types import SimpleNamespace
+from subprocess import CalledProcessError
+
+
+_PF_TABLE_LIST = b'''   192.0.2.66
+        Cleared:     Sat Jan  7 12:50:36 2023
+        In/Block:    [ Packets: 0                  Bytes: 0                  ]
+        In/Pass:     [ Packets: 0                  Bytes: 0                  ]
+        Out/Block:   [ Packets: 0                  Bytes: 0                  ]
+        Out/Pass:    [ Packets: 0                  Bytes: 0                  ]
+   2001:db8::abad:cafe
+        Cleared:     Sat Jan  7 05:13:53 2023
+        In/Block:    [ Packets: 4                  Bytes: 240                ]
+        In/Pass:     [ Packets: 0                  Bytes: 0                  ]
+        Out/Block:   [ Packets: 0                  Bytes: 0                  ]
+        Out/Pass:    [ Packets: 0                  Bytes: 0                  ]
+   2001:db8::abad:f00d:cafe
+        Cleared:     Sat Jan  7 05:05:16 2023
+        In/Block:    [ Packets: 48                 Bytes: 2880               ]
+        In/Pass:     [ Packets: 0                  Bytes: 0                  ]
+        Out/Block:   [ Packets: 0                  Bytes: 0                  ]
+        Out/Pass:    [ Packets: 0                  Bytes: 0                  ]'''
+
+_LIST_RESULT = [{'addr': '192.0.2.66',
+  'date': 'Sat Jan  7 12:50:36 2023',
+  'in_pckt_block': '0',
+  'in_bytes_block': '0',
+  'in_pckt_pass': '0',
+  'in_bytes_pass': '0',
+  'out_pckt_block': '0',
+  'out_bytes_block': '0',
+  'out_pckt_pass': '0',
+  'out_bytes_pass': '0'},
+ {'addr': '2001:db8::abad:cafe',
+  'date': 'Sat Jan  7 05:13:53 2023',
+  'in_pckt_block': '4',
+  'in_bytes_block': '240',
+  'in_pckt_pass': '0',
+  'in_bytes_pass': '0',
+  'out_pckt_block': '0',
+  'out_bytes_block': '0',
+  'out_pckt_pass': '0',
+  'out_bytes_pass': '0'},
+ {'addr': '2001:db8::abad:f00d:cafe',
+  'date': 'Sat Jan  7 05:05:16 2023',
+  'in_pckt_block': '48',
+  'in_bytes_block': '2880',
+  'in_pckt_pass': '0',
+  'in_bytes_pass': '0',
+  'out_pckt_block': '0',
+  'out_bytes_block': '0',
+  'out_pckt_pass': '0',
+  'out_bytes_pass': '0'}]
+
+
+def test_list_single_table(client, mocker, valid_credentials):
+    '''
+    List a single pf table using the fail2ban jail name
+    '''
+
+    def noop():
+        pass
+
+    run_res = SimpleNamespace()
+    run_res.stdout = _PF_TABLE_LIST
+    run_res.stderr = b'No ALTQ support in kernel\nALTQ related functions disabled\n'
+    run_res.returncode = 0
+    run_res.check_returncode = noop
+
+    mocker.patch('jail2ban.pfctl.run', return_value=run_res)
+
+    response = client.get("/list/sshd",
+                          headers={"Authorization":
+                                   "Basic " + valid_credentials})
+
+    assert response.json['table'] == 'f2b-sshd'
+    assert response.json['result'] == _LIST_RESULT
+
+
+def test_list_nonexistent_table(client, mocker, valid_credentials):
+    '''
+    Test for nonexistent table. Should result in a 404 not found
+    '''
+    def noop():
+        pass
+
+    run_res = SimpleNamespace()
+    run_res.stdout = b''
+    run_res.stderr = b'No ALTQ support in kernel\nALTQ related functions disabled\n' \
+                     b'pfctl: Table does not exist.\n'
+    run_res.returncode = 255
+    run_res.check_returncode = noop
+
+    mocker.patch('jail2ban.pfctl.run',
+                 return_value=run_res,
+                 side_effect=CalledProcessError(run_res.returncode,
+                                                'foobar',
+                                                 output=run_res.stdout,
+                                                 stderr=run_res.stderr)
+                 )
+
+    response = client.get("/list/nonexistent",
+                          headers={"Authorization":
+                                   "Basic " + valid_credentials})
+
+    assert response.status_code == 404
+    assert response.json['error'] == "'nonexistent' is not " \
+                                     "a known fail2ban jail"
+
+def test_list_wrong_table_name(client, mocker, valid_credentials):
+    '''
+    Test for an wrong table name that lets pfctl fail. should result in a 500
+    '''
+    def noop():
+        pass
+
+    run_res = SimpleNamespace()
+    run_res.stdout = b''
+    run_res.stderr = b'No ALTQ support in kernel\nALTQ related functions disabled\n' \
+            b'pfctl: Invalid argument.\n'
+    run_res.returncode = 255
+    run_res.check_returncode = noop
+
+    mocker.patch('jail2ban.pfctl.run',
+                 return_value=run_res,
+                 side_effect=CalledProcessError(run_res.returncode,
+                                                'foobar',
+                                                 output=run_res.stdout,
+                                                 stderr=run_res.stderr)
+                 )
+
+    response = client.get("/list/notanerrorbuttestneedstofail",
+                          headers={"Authorization":
+                                   "Basic " + valid_credentials})
+
+    assert response.status_code == 500
+    assert response.json['error'] == "Command 'foobar' returned non-zero exit status 255."

tests/test_ping.py

@@ -1,9 +1,4 @@
-'''
+def test_ping(client, mocker, valid_credentials):
-Test application health check
-'''
-
-
-def test_ping(client, valid_credentials):
     '''
     Test application health check
     '''

tests/test_register.py

@@ -1,9 +1,6 @@
-'''
-Test various registration scenarios
-'''
 from subprocess import CompletedProcess
 
-PFCTL_STDOUT_LINES = b'''
+pfctl_stdout_lines = b'''
 block drop quick proto tcp from <f2b-sendmail-auth> to any port = submission
 block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtps
 block drop quick proto tcp from <f2b-sendmail-auth> to any port = smtp
@@ -11,16 +8,13 @@ block drop quick proto tcp from <f2b-sshd> to any port = ssh
 block drop quick proto tcp from <f2b-recidive> to any
 '''.strip() + b'\n'
 
-PFCTL_STDOUT_LINES_SCRATCH = b'table <f2b-dovecot> persist counters\n' \
+pfctl_stdout_lines_scratch = b'table <f2b-dovecot> persist counters\n' \
                              b'block quick proto tcp from <f2b-dovecot>' \
                              b' to any port ' \
                              b'{pop3,pop3s,imap,imaps,submission,465,sieve}\n'
 
 
 def test_register_unauth(client):
-    '''
-    Test a registration without being authorized
-    '''
     json_payload = {"port":
                     "any port {pop3,pop3s,imap,imaps,submission,465,sieve}",
                     "name": "dovecot", "protocol": "tcp"}
@@ -30,13 +24,10 @@ def test_register_unauth(client):
 
 
 def test_unregister_valid(client, mocker, valid_credentials):
-    '''
-    Test unregistration
-    '''
     def noop():
         pass
     run_res = CompletedProcess(args=['true'], returncode=0)
-    run_res.stdout = PFCTL_STDOUT_LINES
+    run_res.stdout = pfctl_stdout_lines
     run_res.check_returncode = noop
 
     mocker.patch('jail2ban.pfctl.run', return_value=run_res)
@@ -54,13 +45,10 @@ def test_unregister_valid(client, mocker, valid_credentials):
 
 
 def test_register_valid(client, mocker, valid_credentials):
-    '''
-    Test a registration of a rule
-    '''
     def noop():
         pass
     run_res = CompletedProcess(args=['true'], returncode=0)
-    run_res.stdout = PFCTL_STDOUT_LINES
+    run_res.stdout = pfctl_stdout_lines
     run_res.check_returncode = noop
 
     pfctl_run = mocker.patch('jail2ban.pfctl.run', return_value=run_res)
@@ -75,16 +63,13 @@ def test_register_valid(client, mocker, valid_credentials):
                                    "Basic " + valid_credentials})
 
     pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
-    for existing_line in PFCTL_STDOUT_LINES.splitlines():
+    for existing_line in pfctl_stdout_lines.splitlines():
         assert existing_line in pfctl_run_input_arg.splitlines()
 
     assert response.json['action'] == 'start'
 
 
 def test_register_valid_from_scratch(client, mocker, valid_credentials):
-    '''
-    Test from scratch point of view
-    '''
     def noop():
         pass
     run_res = CompletedProcess(args=['true'], returncode=0)
@@ -103,18 +88,15 @@ def test_register_valid_from_scratch(client, mocker, valid_credentials):
                                    "Basic " + valid_credentials})
 
     pfctl_run_input_arg = pfctl_run.call_args_list[1][1]['input']
-    assert pfctl_run_input_arg == PFCTL_STDOUT_LINES_SCRATCH
+    assert pfctl_run_input_arg == pfctl_stdout_lines_scratch
     assert response.json['action'] == 'start'
 
 
 def test_register_invalid(client, mocker, valid_credentials):
-    '''
-    Test a bogus pf command
-    '''
     def noop():
         pass
     run_res = CompletedProcess(args=['true'], returncode=0)
-    run_res.stdout = PFCTL_STDOUT_LINES
+    run_res.stdout = pfctl_stdout_lines
     run_res.check_returncode = noop
 
     mocker.patch('jail2ban.pfctl.run', return_value=run_res)