cisco_acl_intp 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +17 -0
- data/.rspec +2 -0
- data/.rubocop.yml +13 -0
- data/.travis.yml +3 -0
- data/.yardopts +4 -0
- data/Gemfile +19 -0
- data/LICENSE.txt +22 -0
- data/README.md +132 -0
- data/Rakefile +78 -0
- data/acl_examples/err-acl.txt +49 -0
- data/acl_examples/named-ext-acl.txt +12 -0
- data/acl_examples/named-std-acl.txt +6 -0
- data/acl_examples/numd-acl.txt +21 -0
- data/cisco_acl_intp.gemspec +31 -0
- data/lib/cisco_acl_intp/ace.rb +432 -0
- data/lib/cisco_acl_intp/ace_ip.rb +136 -0
- data/lib/cisco_acl_intp/ace_other_qualifiers.rb +102 -0
- data/lib/cisco_acl_intp/ace_port.rb +146 -0
- data/lib/cisco_acl_intp/ace_proto.rb +319 -0
- data/lib/cisco_acl_intp/ace_srcdst.rb +114 -0
- data/lib/cisco_acl_intp/ace_tcp_flags.rb +65 -0
- data/lib/cisco_acl_intp/acl.rb +272 -0
- data/lib/cisco_acl_intp/acl_base.rb +111 -0
- data/lib/cisco_acl_intp/parser.rb +3509 -0
- data/lib/cisco_acl_intp/parser.ry +1397 -0
- data/lib/cisco_acl_intp/scanner.rb +176 -0
- data/lib/cisco_acl_intp/scanner_special_token_handler.rb +66 -0
- data/lib/cisco_acl_intp/version.rb +5 -0
- data/lib/cisco_acl_intp.rb +9 -0
- data/spec/cisco_acl_intp/ace_ip_spec.rb +111 -0
- data/spec/cisco_acl_intp/ace_other_qualifier_spec.rb +63 -0
- data/spec/cisco_acl_intp/ace_port_spec.rb +214 -0
- data/spec/cisco_acl_intp/ace_proto_spec.rb +200 -0
- data/spec/cisco_acl_intp/ace_spec.rb +605 -0
- data/spec/cisco_acl_intp/ace_srcdst_spec.rb +296 -0
- data/spec/cisco_acl_intp/ace_tcp_flags_spec.rb +38 -0
- data/spec/cisco_acl_intp/acl_spec.rb +523 -0
- data/spec/cisco_acl_intp/cisco_acl_intp_spec.rb +7 -0
- data/spec/cisco_acl_intp/parser_spec.rb +53 -0
- data/spec/cisco_acl_intp/scanner_spec.rb +122 -0
- data/spec/conf/extacl_objgrp_token_seq.yml +36 -0
- data/spec/conf/extacl_token_seq.yml +88 -0
- data/spec/conf/extended_acl.yml +226 -0
- data/spec/conf/scanner_spec_data.yml +120 -0
- data/spec/conf/single_tokens.yml +235 -0
- data/spec/conf/stdacl_token_seq.yml +8 -0
- data/spec/conf/tokens1.yml +158 -0
- data/spec/conf/tokens2.yml +206 -0
- data/spec/parser_fullfill_patterns.rb +145 -0
- data/spec/spec_helper.rb +54 -0
- data/tools/check_acl.rb +48 -0
- metadata +159 -0
|
@@ -0,0 +1,200 @@
|
|
|
1
|
+
# -*- coding: utf-8 -*-
|
|
2
|
+
require 'spec_helper'
|
|
3
|
+
|
|
4
|
+
def get_port_table(data)
|
|
5
|
+
data.split(/\n/).reduce({}) do |tbl, line|
|
|
6
|
+
md = line.match(/^\s*([\w\d\-]+)\s+.+[\s\(](\d+)\)$/)
|
|
7
|
+
tbl[md[1]] = md[2] if md
|
|
8
|
+
tbl
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def get_codes(port_table, classname)
|
|
13
|
+
port_table.each_pair.reduce([]) do |list, (key, value)|
|
|
14
|
+
list.push(<<"EOL")
|
|
15
|
+
it 'should be [#{key}] when only number:#{value} specified' do
|
|
16
|
+
aups = #{classname}.new(:number => #{value})
|
|
17
|
+
aups.to_s.should be_aclstr('#{key}')
|
|
18
|
+
end
|
|
19
|
+
EOL
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def number_data_to_codes(data, classname)
|
|
24
|
+
port_table = get_port_table(data)
|
|
25
|
+
codes = get_codes(port_table, classname)
|
|
26
|
+
codes.join
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
describe AceUdpProtoSpec do
|
|
30
|
+
describe '#to_s' do
|
|
31
|
+
udp_port_data = <<'EOL'
|
|
32
|
+
biff Biff (mail notification, comsat, 512)
|
|
33
|
+
bootpc Bootstrap Protocol (BOOTP) client (68)
|
|
34
|
+
bootps Bootstrap Protocol (BOOTP) server (67)
|
|
35
|
+
discard Discard (9)
|
|
36
|
+
dnsix DNSIX security protocol auditing (195)
|
|
37
|
+
domain Domain Name Service (DNS, 53)
|
|
38
|
+
echo Echo (7)
|
|
39
|
+
isakmp Internet Security Association and Key Management Protocol (500)
|
|
40
|
+
mobile-ip Mobile IP registration (434)
|
|
41
|
+
nameserver IEN116 name service (obsolete, 42)
|
|
42
|
+
netbios-dgm NetBios datagram service (138)
|
|
43
|
+
netbios-ns NetBios name service (137)
|
|
44
|
+
netbios-ss NetBios session service (139)
|
|
45
|
+
non500-isakmp Internet Security Association and Key Management Protocol (4500)
|
|
46
|
+
ntp Network Time Protocol (123)
|
|
47
|
+
pim-auto-rp PIM Auto-RP (496)
|
|
48
|
+
rip Routing Information Protocol (router, in.routed, 520)
|
|
49
|
+
snmp Simple Network Management Protocol (161)
|
|
50
|
+
snmptrap SNMP Traps (162)
|
|
51
|
+
sunrpc Sun Remote Procedure Call (111)
|
|
52
|
+
syslog System Logger (514)
|
|
53
|
+
tacacs TAC Access Control System (49)
|
|
54
|
+
talk Talk (517)
|
|
55
|
+
tftp Trivial File Transfer Protocol (69)
|
|
56
|
+
time Time (37)
|
|
57
|
+
who Who service (rwho, 513)
|
|
58
|
+
xdmcp X Display Manager Control Protocol (177)
|
|
59
|
+
EOL
|
|
60
|
+
codes = number_data_to_codes(udp_port_data, 'AceUdpProtoSpec')
|
|
61
|
+
instance_eval(codes)
|
|
62
|
+
|
|
63
|
+
it 'should be number string when it not match IOS acl literal' do
|
|
64
|
+
aups = AceUdpProtoSpec.new(number: 3_333)
|
|
65
|
+
aups.to_s.should be_aclstr('3333')
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
it 'raise error when out of range port number' do
|
|
69
|
+
lambda do
|
|
70
|
+
AceUdpProtoSpec.new(number: 65_536)
|
|
71
|
+
end.should raise_error(AclArgumentError)
|
|
72
|
+
|
|
73
|
+
lambda do
|
|
74
|
+
AceUdpProtoSpec.new(number: -1)
|
|
75
|
+
end.should raise_error(AclArgumentError)
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
it 'raise error when specified name and number literal are not match' do
|
|
79
|
+
lambda do
|
|
80
|
+
AceUdpProtoSpec.new(
|
|
81
|
+
name: 'time',
|
|
82
|
+
number: 49
|
|
83
|
+
)
|
|
84
|
+
end.should raise_error(AclArgumentError)
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
describe AceTcpProtoSpec do
|
|
90
|
+
describe '#to_s' do
|
|
91
|
+
tcp_port_data = <<'EOL'
|
|
92
|
+
bgp Border Gateway Protocol (179)
|
|
93
|
+
chargen Character generator (19
|
|
94
|
+
cmd Remote commands (rcmd, 514)
|
|
95
|
+
daytime Daytime (13)
|
|
96
|
+
discard Discard (9)
|
|
97
|
+
domain Domain Name Service (53)
|
|
98
|
+
drip Dynamic Routing Information Protocol (3949)
|
|
99
|
+
echo Echo (7)
|
|
100
|
+
exec Exec (rsh, 512)
|
|
101
|
+
finger Finger (79)
|
|
102
|
+
ftp File Transfer Protocol (21)
|
|
103
|
+
ftp-data FTP data connections (20)
|
|
104
|
+
gopher Gopher (70)
|
|
105
|
+
hostname NIC hostname server (101)
|
|
106
|
+
ident Ident Protocol (113)
|
|
107
|
+
irc Internet Relay Chat (194)
|
|
108
|
+
klogin Kerberos login (543)
|
|
109
|
+
kshell Kerberos shell (544)
|
|
110
|
+
login Login (rlogin, 513)
|
|
111
|
+
lpd Printer service (515)
|
|
112
|
+
nntp Network News Transport Protocol (119)
|
|
113
|
+
pim-auto-rp PIM Auto-RP (496)
|
|
114
|
+
pop2 Post Office Protocol v2 (109)
|
|
115
|
+
pop3 Post Office Protocol v3 (110)
|
|
116
|
+
smtp Simple Mail Transport Protocol (25)
|
|
117
|
+
sunrpc Sun Remote Procedure Call (111)
|
|
118
|
+
tacacs TAC Access Control System (49)
|
|
119
|
+
talk Talk (517)
|
|
120
|
+
telnet Telnet (23)
|
|
121
|
+
time Time (37)
|
|
122
|
+
uucp Unix-to-Unix Copy Program (540)
|
|
123
|
+
whois Nicname (43)
|
|
124
|
+
www World Wide Web (HTTP, 80)
|
|
125
|
+
EOL
|
|
126
|
+
codes = number_data_to_codes(tcp_port_data, 'AceTcpProtoSpec')
|
|
127
|
+
instance_eval(codes)
|
|
128
|
+
|
|
129
|
+
it 'should be number string when it not match IOS acl literal' do
|
|
130
|
+
aups = AceTcpProtoSpec.new(number: 6_633)
|
|
131
|
+
aups.to_s.should be_aclstr('6633')
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
it 'raise error when out of range port number' do
|
|
135
|
+
lambda do
|
|
136
|
+
AceTcpProtoSpec.new(number: 65_536)
|
|
137
|
+
end.should raise_error(AclArgumentError)
|
|
138
|
+
|
|
139
|
+
lambda do
|
|
140
|
+
AceTcpProtoSpec.new(number: -1)
|
|
141
|
+
end.should raise_error(AclArgumentError)
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
it 'raise error when specified name and number literal are not match' do
|
|
145
|
+
lambda do
|
|
146
|
+
AceUdpProtoSpec.new(
|
|
147
|
+
name: 'bgp',
|
|
148
|
+
number: 517
|
|
149
|
+
)
|
|
150
|
+
end.should raise_error(AclArgumentError)
|
|
151
|
+
end
|
|
152
|
+
end
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
describe AceIpProtoSpec do
|
|
156
|
+
describe '#to_s' do
|
|
157
|
+
ip_port_data = <<'EOL'
|
|
158
|
+
ahp Authentication Header Protocol (51)
|
|
159
|
+
eigrp Cisco's EIGRP routing protocol (88)
|
|
160
|
+
esp Encapsulation Security Payload (50)
|
|
161
|
+
gre Cisco's GRE tunneling (47)
|
|
162
|
+
icmp Internet Control Message Protocol (1)
|
|
163
|
+
igmp Internet Gateway Message Protocol (2)
|
|
164
|
+
ipinip IP in IP tunneling (94)
|
|
165
|
+
nos KA9Q NOS compatible IP over IP tunneling (4)
|
|
166
|
+
ospf OSPF routing protocol (89)
|
|
167
|
+
pcp Payload Compression Protocol (108)
|
|
168
|
+
pim Protocol Independent Multicast (103)
|
|
169
|
+
tcp Transmission Control Protocol (6)
|
|
170
|
+
udp User Datagram Protocol (17)
|
|
171
|
+
EOL
|
|
172
|
+
codes = number_data_to_codes(ip_port_data, 'AceIpProtoSpec')
|
|
173
|
+
instance_eval(codes)
|
|
174
|
+
|
|
175
|
+
it 'should be number string when it not match IOS acl literal' do
|
|
176
|
+
aups = AceIpProtoSpec.new(number: 255)
|
|
177
|
+
aups.to_s.should be_aclstr('255')
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
it 'raise error when out of range port number' do
|
|
181
|
+
lambda do
|
|
182
|
+
AceIpProtoSpec.new(number: 256)
|
|
183
|
+
end.should raise_error(AclArgumentError)
|
|
184
|
+
|
|
185
|
+
lambda do
|
|
186
|
+
AceIpProtoSpec.new(number: -1)
|
|
187
|
+
end.should raise_error(AclArgumentError)
|
|
188
|
+
end
|
|
189
|
+
|
|
190
|
+
it 'raise error when specified name and number literal are not match' do
|
|
191
|
+
lambda do
|
|
192
|
+
AceTcpProtoSpec.new(
|
|
193
|
+
name: 'ospf',
|
|
194
|
+
number: 17
|
|
195
|
+
)
|
|
196
|
+
end.should raise_error(AclArgumentError)
|
|
197
|
+
end
|
|
198
|
+
|
|
199
|
+
end
|
|
200
|
+
end
|