cisco_acl_intp 0.0.1

data/spec/conf/tokens1.yml

@@ -0,0 +1,158 @@
+:acl:
+  - :data: 'access-list'
+    :valid: true
+  - :data: 'access-lsit'
+    :msg: "typo <access-list>"
+    :valid: false
+:stdacl_num:
+  - :data: "0"
+    :msg: "area1 lower out of range"
+    :valid: false
+  - :data: "1"
+    :msg: "area1 lower-bound"
+    :valid: true
+  - :data: "99"
+    :msg: "area1 upper-bound"
+    :valid: true
+  - :data: "1299"
+    :msg: "area2 lower out of range"
+    :valid: false
+  - :data: "1300"
+    :msg: "area2 lower-bound"
+    :valid: true
+  - :data: "1999"
+    :msg: "area2 upper-bound"
+    :valid: true
+:extacl_num:
+  - :data: "100"
+    :valid: true
+    :msg: "area1 lower-bound"
+  - :data: "199"
+    :valid: true
+    :msg: "area1 upper-bound"
+  # - :data: "99"
+  #   :valid: false
+  - :data: "200"
+    :valid: false
+    :msg: "area1 upper out of range"
+  - :data: "2000"
+    :valid: true
+    :msg: "area2 lower-bound"
+  - :data: "2699"
+    :valid: true
+    :msg: "area2 upper-bound"
+  # - :data: "1999"
+  #   :valid: false
+  - :data: "2700"
+    :valid: false
+    :msg: "area2 upper out of range"
+:dynamic_spec:
+  - :data: ''
+    :valid: true
+  - :data: 'dynamic dynamicname'
+    :valid: true
+  - :data: 'dynamic dynamicname timeout 3'
+    :valid: true
+  - :data: 'dynamic dynamicname timeout'
+    :valid: false
+    :msg: "missing timeout <min>"
+  - :data: 'dnamic dynamicname'
+    :valid: false
+    :msg: "typo <dynamic>"
+:action:
+  - :data: ''
+    :msg: 'missing <action>'
+    :valid: false
+  - :data: 'permit'
+    :valid: true
+  - :data: 'deny'
+    :valid: true
+  - :data: 'drop'
+    :msg: "unknown action or typo"
+    :valid: false
+:ip_proto:
+  - :data: ''
+    :msg: 'missing <protocol>'
+    :valid: false
+  - :data: 'ip'
+    :valid: true
+  - :data: 'ahp'
+    :valid: true
+  - :data: '0'
+    :msg: 'lower bound'
+    :valid: true
+  - :data: '255'
+    :msg: 'upper bound'
+    :valid: true
+  - :data: '256'
+    :msg: 'out of range'
+    :valid: false
+:ip_spec1:
+  - :data: 'any'
+    :valid: true
+  - :data: 'host 192.168.0.1'
+    :valid: true
+  - :data: '192.168.0.0 0.0.0.128'
+    :valid: true
+  - :data: '192.168.0.2'
+    :valid: false
+    :msg: 'missing <host>'
+  - :data: '1921.68.0.2'
+    :valid: false
+    :msg: 'ip: out of range'
+:ip_spec2:
+  - :data: 'any'
+    :valid: true
+  - :data: 'host 10.1.0.1'
+    :valid: true
+  - :data: '10.1.0.0 0.0.128.255'
+    :valid: true
+  - :data: '10.1.0.2'
+    :valid: false
+    :msg: 'missing <host>'
+  - :data: '10.1.0.256'
+    :valid: false
+    :msg: 'ip: out of range'
+:icmp_proto:
+  - :data: ""
+    :valid: false
+    :msg: 'missing <icmp>'
+  - :data: "icmp"
+    :valid: true
+:icmp_qualifier:
+  - :data: ""
+    :valid: true
+  - :data: 'administratively-prohibited'
+    :valid: true
+  - :data: '0'
+    :valid: true
+    :msg: "icmp type num only"
+  - :data: '0 255'
+    :valid: true
+    :msg: "icmp type/code num"
+  # - :data: "256 0"
+  #   :valid: false
+  #   # "type num: out of range"
+  #   todo : "not implemented: icmp_qualifier type num check"
+  # - :data: "0 256"
+  #   :valid: false
+  #   # code num: out of range
+  #   todo : "not implemented: icmp_qualifier code num check"
+:std_acl_log_spec:
+  - :data: ""
+    :valid: true
+  - :data: "log"
+    :valid: true
+  - :data: "log logcookie"
+    :valid: true
+:ext_acl_log_spec:
+  - :data: ""
+    :valid: true
+  - :data: "log"
+    :valid: true
+  - :data: "log logcookie"
+    :valid: true
+  - :data: "log-input"
+    :valid: true
+  - :data: "log-input logcookie"
+    :valid: true

data/spec/conf/tokens2.yml

@@ -0,0 +1,206 @@
+:acl:
+  - :data: 'access-list'
+    :valid: true
+:stdacl_num:
+  - :data: "1"
+    :valid: true
+    :msg: "area1 lower-bound"
+:extacl_num:
+  - :data: "100"
+    :valid: true
+    :msg: "area1 lower-bound"
+:dynamic_spec:
+  - :data: ''
+    :valid: true
+  - :data: 'dynamic dynamicname'
+    :valid: true
+  - :data: 'dynamic dynamicname timeout 3'
+    :valid: true
+  - :data: 'dynamic dynamicname timeout'
+    :valid: false
+    :msg: "missing timeout <min>"
+  - :data: 'dnamic dynamicname'
+    :valid: false
+    :msg: "typo <dynamic>"
+:action:
+  - :data: 'permit'
+    :valid: true
+  - :data: 'deny'
+    :valid: true
+:tcp_proto:
+  - :data: 'tcp'
+    :valid: true
+:udp_proto:
+  - :data: 'udp'
+    :valid: true
+:tcpudp_proto:
+  - :data: 'tcp'
+    :valid: true
+  - :data: 'udp'
+    :valid: true
+  - :data: 'object-group svgrp'
+    :valid: true
+:ip_spec1:
+  - :data: 'any'
+    :valid: true
+  - :data: 'host 192.168.0.1'
+    :valid: true
+  - :data: '192.168.0.0 0.0.0.128'
+    :valid: true
+  - :data: '192.168.0.2'
+    :valid: false
+    :msg: 'missing <host>'
+  - :data: '1921.68.0.2'
+    :valid: false
+    :msg: 'ip: out of range'
+:ip_spec2:
+  - :data: 'any'
+    :valid: true
+  - :data: 'host 10.1.0.1'
+    :valid: true
+  - :data: '10.1.0.0 0.0.128.255'
+    :valid: true
+  - :data: '10.1.0.2'
+    :valid: false
+    :msg: 'missing <host>'
+  - :data: '10.1.0.256'
+    :valid: false
+    :msg: 'ip: out of range'
+:ip_spec_objgrp1:
+  - :data: 'any'
+    :valid: true
+  - :data: 'host 192.168.0.1'
+    :valid: true
+  - :data: '192.168.0.0 0.0.0.128'
+    :valid: true
+  - :data: 'object-group nwgrp1'
+    :valid: true
+:ip_spec_objgrp2:
+  - :data: 'any'
+    :valid: true
+  - :data: 'host 10.1.0.1'
+    :valid: true
+  - :data: '10.1.0.0 0.0.128.255'
+    :valid: true
+  - :data: 'object-group nwgrp2'
+    :valid: true
+:null_port:
+  - :data: ""
+    :valid: true
+:tcp_port_spec1:
+  - :data: ""
+    :valid: true
+  - :data: "eq 80"
+    :valid: true
+  - :data: "eq any"
+    :valid: false
+    :msg: "unknown port-prot-name"
+  - :data: "lt ftp"
+    :valid: true
+  - :data: "gt telnet"
+    :valid: true
+  - :data: "range 53 443"
+    :valid: true
+:tcp_port_spec2:
+  - :data: ""
+    :valid: true
+  - :data: "eq www"
+    :valid: true
+  - :data: "lt domain"
+    :valid: true
+  - :data: "gt 4000"
+    :valid: true
+  - :data: "range 2000 3333"
+    :valid: true
+  - :data: "eq isakmp"
+    :valid: false
+    :msg: "udp port-proto-name"
+:udp_port_spec1:
+  - :data: ""
+    :valid: true
+  - :data: "eq 80"
+    :valid: true
+  - :data: "eq any"
+    :valid: false
+    :msg: "unknown port-prot-name"
+  - :data: "lt isakmp"
+    :valid: true
+  - :data: "gt ntp"
+    :valid: true
+  - :data: "range 53 443"
+    :valid: true
+:udp_port_spec2:
+  - :data: ""
+    :valid: true
+  - :data: "eq 500"
+    :valid: true
+  - :data: "lt domain"
+    :valid: true
+  - :data: "gt 4000"
+    :valid: true
+  - :data: "range 2000 3333"
+    :valid: true
+  - :data: "eq pop3"
+    :valid: false
+    :msg: "tcp port-proto-name"
+:ext_acl_log_spec:
+  - :data: ""
+    :valid: true
+  - :data: "log"
+    :valid: true
+  - :data: "log logcookie"
+    :valid: true
+  - :data: "log-input"
+    :valid: true
+  - :data: "log-input logcookie"
+    :valid: true
+:tcp_flags:
+  - :data: ''
+    :valid: true
+  - :data: 'established'
+    :valid: true
+  - :data: 'syn fin ack'
+    :valid: true
+  - :data: 'acck established'
+    :valid: false
+:tcp_flags2:
+  - :data: 'established'
+    :valid: true
+  - :data: 'established match-all +fin'
+    :valid: false
+  - :data: 'match-all +syn -fin -urg'
+    :valid: true
+  - :data: 'match-any -syn +fin +urg'
+    :valid: true
+  - :data: 'fin match-all +urg'
+    :valid: false
+  - :data: 'match-any -syn match-all -fin -urg'
+    :valid: false
+  - :data: 'match-any syn +fin'
+    :valid: false
+:precedence:
+  - :data: ''
+    :valid: true
+  - :data: 'precedence 3'
+    :valid: true
+  - :data: 'precedence network'
+    :valid: true
+:dscp:
+  - :data: ''
+    :valid: true
+  - :data: 'dscp af11'
+    :valid: true
+  - :data: 'dscp 6'
+    :valid: true
+:tos:
+  - :data: ''
+    :valid: true
+  - :data: 'tos 10'
+    :valid: true
+  - :data: 'tos min-delay'
+    :valid: true
+:time_range:
+  - :data: ''
+    :valid: true
+  - :data: 'time-range range_hoge'
+    :valid: true

data/spec/parser_fullfill_patterns.rb

@@ -0,0 +1,145 @@
+# -*- coding: utf-8 -*-
+require 'yaml'
+require 'erb'
+
+# data files
+TOKEN_SEQ_FILE_LIST = [
+  'stdacl_token_seq.yml',
+  'extacl_token_seq.yml',
+  # 'extacl_objgrp_token_seq.yml'
+]
+
+# return spec conf dir
+def _spec_conf_dir(file)
+  specdir = Dir.new('./spec/conf/')
+  File.join(specdir.path, file)
+end
+
+# return spec data dir
+def _spec_data_dir(file)
+  datadir = Dir.new('./spec/data/')
+  File.join(datadir.path, file)
+end
+
+def gen_testcase(tokens, fields)
+  if fields.empty?
+    [{ data: '', msg: '', valid: true }]
+  else
+    field = fields.shift
+    field_patterns = tokens[field.intern]
+    # generate testpatterns recursively.
+    leftover_results = gen_testcase(tokens, fields)
+    create_data(field_patterns, leftover_results)
+  end
+end
+
+def create_data(field_patterns, leftover_results)
+  field_patterns.reduce([]) do |curr_results, each|
+    leftover_results.each do |each_res|
+      ## do not add pattern that has multiple 'false'
+      ## add single fault pattern.
+      if each[:valid] || each_res[:valid]
+        curr_results.push(single_data(each, each_res))
+      end
+    end
+    curr_results
+  end
+end
+
+def single_data(curr, leftover)
+  {
+    data: [curr[:data], leftover[:data]].join(' '),
+    # used only single fail case,
+    # (1) curr AND leftover are VALID case
+    # (2) one of curr OR leftover is FALSE case
+    msg: curr[:msg] || leftover[:msg],
+    valid: curr[:valid] && leftover[:valid]
+  }
+end
+
+def each_test
+  TOKEN_SEQ_FILE_LIST.each do |each_file|
+    token_seq_data = YAML.load_file(_spec_conf_dir(each_file))
+    token_seq_data.each do |each|
+      puts "Test Name: #{each[:testname]}"
+      puts "Test Case File: #{each[:casedata]}"
+      yield(each)
+    end
+  end
+end
+
+##############################
+# generate test case data file
+
+puts '## generate test case data file'
+each_test do |each|
+  # read tokens pattern data
+  tokens = YAML.load_file(_spec_conf_dir(each[:casedata]))
+  # generate test case data
+  testcase_list = gen_testcase(tokens, each[:fieldseq])
+
+  # write datafile
+  case_file_base = [each[:testname], '.yml'].join
+  puts "Test Case Data: #{case_file_base}"
+  case_file = _spec_data_dir(case_file_base)
+  File.open(case_file, 'w') do |file|
+    file.puts YAML.dump(testcase_list.flatten)
+  end
+end
+
+##############################
+# run test per test case file
+
+code_data = DATA.read
+puts '## generate spec code'
+each_test do |each|
+  spec_file_base = each[:testname] + '.rb'
+  puts "Spec code Data: #{spec_file_base}"
+  File.open(_spec_data_dir(spec_file_base), 'w') do |file|
+    code_erb = ERB.new(code_data, nil, '-')
+    file.puts code_erb.result(binding)
+  end
+end
+
+__END__
+# -*- coding: utf-8 -*-
+require 'spec_helper'
+require 'stringio'
+
+describe 'Parser' do
+  describe '#parse_file' do
+    before do
+      @parser = CiscoAclIntp::Parser.new(color: false, silent: true)
+    end
+
+<%-
+  tests = YAML.load_file(_spec_data_dir(each[:testname] + '.yml'))
+  test_total = tests.length
+  test_curr = 1
+
+  tests.each do |t|
+    now = sprintf(
+      "%d/%.1f\%", test_curr, (100.0 * test_curr / test_total)
+    )
+    if t[:valid]
+-%>
+    it 'should be parsed acl [<%= now %>]: <%= t[:data] %>' do
+      datastr = StringIO.new('<%= t[:data] %>', 'r')
+      @parser.parse_file(datastr)
+      @parser.contains_error?.should be_false
+    end
+<%-
+    else
+-%>
+    it 'should not be parsed acl [<%= now %>]: <%= t[:data] %>' do
+      datastr = StringIO.new('<%= t[:data] %>', 'r')
+      @parser.parse_file(datastr)
+      @parser.contains_error?.should be_true
+    end
+<%-
+    end
+    test_curr = test_curr + 1
+  end
+-%>
+  end # describe parse_file
+end # describe Parser

data/spec/spec_helper.rb

@@ -0,0 +1,54 @@
+# -*- coding: utf-8 -*-
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+
+require 'simplecov'
+SimpleCov.start do
+  add_group 'Models', 'lib/'
+end
+
+require 'cisco_acl_intp'
+
+include CiscoAclIntp
+AclContainerBase.disable_color
+
+RSpec::Matchers.define :be_aclstr do | expected_str |
+  match do | actual_str |
+    a = actual_str.strip
+    b = expected_str.strip
+    a.split(/\s+/) == b.split(/[\s\r\n]+/)
+    ## by this method, whitespaces are skipped.
+    ## because, it cannot handle correctly like 'remark foo  --  bar'
+  end
+end
+
+# hash to hash-code-string
+def _pph(hash)
+  kv = []
+  hash.each do | k, v |
+    case v
+    when String
+      kv.push %Q{:#{k.to_s}=>"#{v.to_s}"}
+    else
+      kv.push %Q{:#{k.to_s}=>#{v.to_s}}
+    end
+  end
+  kv.join(',')
+end
+
+# return specdir
+def _spec_dir(file)
+  specdir = Dir.new('./spec/cisco_acl_intp/')
+  File.join(specdir.path, file)
+end
+
+# return test config/data dir
+def _spec_conf_dir(file)
+  specdir = Dir.new('./spec/conf/')
+  File.join(specdir.path, file)
+end
+
+# return spec_data dir
+def _spec_data_dir(file)
+  datadir = Dir.new('./spec/data/')
+  File.join(datadir.path, file)
+end

data/tools/check_acl.rb

@@ -0,0 +1,48 @@
+$LOAD_PATH.unshift File.expand_path('../../lib', __FILE__)
+
+require 'optparse'
+require 'cisco_acl_intp'
+
+opts = {}
+OptionParser.new do | each |
+  each.banner = "ruby #{$PROGRAM_NAME} [options] [args]"
+  each.on('-c', '--color', 'enable coloring') do |x|
+    opts[:color] = x
+  end
+  each.on('-d', '--debug', 'enable debug print') do |x|
+    opts[:debug] = x
+  end
+  each.on('--yydebug', 'enable yydebug') do |x|
+    opts[:yydebug] = x
+  end
+  each.on('-f FILE', '--file', 'acl file') do |x|
+    opts[:file] = x
+  end
+  begin
+    each.parse!
+  rescue
+    puts 'invalid option.'
+    puts each
+  end
+end
+
+popts = {}
+popts[:color] = opts[:color] || false
+popts[:debug] = opts[:debug] || false
+popts[:yydebug] = opts[:yydebug] || false
+
+parser = CiscoAclIntp::Parser.new(popts)
+
+# read acl from file or STDIN
+if opts[:file]
+  parser.parse_file opts[:file]
+else
+  parser.parse_file $stdin
+end
+
+# print acl data
+aclt = parser.acl_table
+aclt.each do |name, acl|
+  puts "acl name : #{name}"
+  puts acl.to_s
+end