cisco_acl_intp 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +17 -0
- data/.rspec +2 -0
- data/.rubocop.yml +13 -0
- data/.travis.yml +3 -0
- data/.yardopts +4 -0
- data/Gemfile +19 -0
- data/LICENSE.txt +22 -0
- data/README.md +132 -0
- data/Rakefile +78 -0
- data/acl_examples/err-acl.txt +49 -0
- data/acl_examples/named-ext-acl.txt +12 -0
- data/acl_examples/named-std-acl.txt +6 -0
- data/acl_examples/numd-acl.txt +21 -0
- data/cisco_acl_intp.gemspec +31 -0
- data/lib/cisco_acl_intp/ace.rb +432 -0
- data/lib/cisco_acl_intp/ace_ip.rb +136 -0
- data/lib/cisco_acl_intp/ace_other_qualifiers.rb +102 -0
- data/lib/cisco_acl_intp/ace_port.rb +146 -0
- data/lib/cisco_acl_intp/ace_proto.rb +319 -0
- data/lib/cisco_acl_intp/ace_srcdst.rb +114 -0
- data/lib/cisco_acl_intp/ace_tcp_flags.rb +65 -0
- data/lib/cisco_acl_intp/acl.rb +272 -0
- data/lib/cisco_acl_intp/acl_base.rb +111 -0
- data/lib/cisco_acl_intp/parser.rb +3509 -0
- data/lib/cisco_acl_intp/parser.ry +1397 -0
- data/lib/cisco_acl_intp/scanner.rb +176 -0
- data/lib/cisco_acl_intp/scanner_special_token_handler.rb +66 -0
- data/lib/cisco_acl_intp/version.rb +5 -0
- data/lib/cisco_acl_intp.rb +9 -0
- data/spec/cisco_acl_intp/ace_ip_spec.rb +111 -0
- data/spec/cisco_acl_intp/ace_other_qualifier_spec.rb +63 -0
- data/spec/cisco_acl_intp/ace_port_spec.rb +214 -0
- data/spec/cisco_acl_intp/ace_proto_spec.rb +200 -0
- data/spec/cisco_acl_intp/ace_spec.rb +605 -0
- data/spec/cisco_acl_intp/ace_srcdst_spec.rb +296 -0
- data/spec/cisco_acl_intp/ace_tcp_flags_spec.rb +38 -0
- data/spec/cisco_acl_intp/acl_spec.rb +523 -0
- data/spec/cisco_acl_intp/cisco_acl_intp_spec.rb +7 -0
- data/spec/cisco_acl_intp/parser_spec.rb +53 -0
- data/spec/cisco_acl_intp/scanner_spec.rb +122 -0
- data/spec/conf/extacl_objgrp_token_seq.yml +36 -0
- data/spec/conf/extacl_token_seq.yml +88 -0
- data/spec/conf/extended_acl.yml +226 -0
- data/spec/conf/scanner_spec_data.yml +120 -0
- data/spec/conf/single_tokens.yml +235 -0
- data/spec/conf/stdacl_token_seq.yml +8 -0
- data/spec/conf/tokens1.yml +158 -0
- data/spec/conf/tokens2.yml +206 -0
- data/spec/parser_fullfill_patterns.rb +145 -0
- data/spec/spec_helper.rb +54 -0
- data/tools/check_acl.rb +48 -0
- metadata +159 -0
|
@@ -0,0 +1,200 @@
|
|
|
1
|
+
# -*- coding: utf-8 -*-
|
|
2
|
+
require 'spec_helper'
|
|
3
|
+
|
|
4
|
+
def get_port_table(data)
|
|
5
|
+
data.split(/\n/).reduce({}) do |tbl, line|
|
|
6
|
+
md = line.match(/^\s*([\w\d\-]+)\s+.+[\s\(](\d+)\)$/)
|
|
7
|
+
tbl[md[1]] = md[2] if md
|
|
8
|
+
tbl
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
def get_codes(port_table, classname)
|
|
13
|
+
port_table.each_pair.reduce([]) do |list, (key, value)|
|
|
14
|
+
list.push(<<"EOL")
|
|
15
|
+
it 'should be [#{key}] when only number:#{value} specified' do
|
|
16
|
+
aups = #{classname}.new(:number => #{value})
|
|
17
|
+
aups.to_s.should be_aclstr('#{key}')
|
|
18
|
+
end
|
|
19
|
+
EOL
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def number_data_to_codes(data, classname)
|
|
24
|
+
port_table = get_port_table(data)
|
|
25
|
+
codes = get_codes(port_table, classname)
|
|
26
|
+
codes.join
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
describe AceUdpProtoSpec do
|
|
30
|
+
describe '#to_s' do
|
|
31
|
+
udp_port_data = <<'EOL'
|
|
32
|
+
biff Biff (mail notification, comsat, 512)
|
|
33
|
+
bootpc Bootstrap Protocol (BOOTP) client (68)
|
|
34
|
+
bootps Bootstrap Protocol (BOOTP) server (67)
|
|
35
|
+
discard Discard (9)
|
|
36
|
+
dnsix DNSIX security protocol auditing (195)
|
|
37
|
+
domain Domain Name Service (DNS, 53)
|
|
38
|
+
echo Echo (7)
|
|
39
|
+
isakmp Internet Security Association and Key Management Protocol (500)
|
|
40
|
+
mobile-ip Mobile IP registration (434)
|
|
41
|
+
nameserver IEN116 name service (obsolete, 42)
|
|
42
|
+
netbios-dgm NetBios datagram service (138)
|
|
43
|
+
netbios-ns NetBios name service (137)
|
|
44
|
+
netbios-ss NetBios session service (139)
|
|
45
|
+
non500-isakmp Internet Security Association and Key Management Protocol (4500)
|
|
46
|
+
ntp Network Time Protocol (123)
|
|
47
|
+
pim-auto-rp PIM Auto-RP (496)
|
|
48
|
+
rip Routing Information Protocol (router, in.routed, 520)
|
|
49
|
+
snmp Simple Network Management Protocol (161)
|
|
50
|
+
snmptrap SNMP Traps (162)
|
|
51
|
+
sunrpc Sun Remote Procedure Call (111)
|
|
52
|
+
syslog System Logger (514)
|
|
53
|
+
tacacs TAC Access Control System (49)
|
|
54
|
+
talk Talk (517)
|
|
55
|
+
tftp Trivial File Transfer Protocol (69)
|
|
56
|
+
time Time (37)
|
|
57
|
+
who Who service (rwho, 513)
|
|
58
|
+
xdmcp X Display Manager Control Protocol (177)
|
|
59
|
+
EOL
|
|
60
|
+
codes = number_data_to_codes(udp_port_data, 'AceUdpProtoSpec')
|
|
61
|
+
instance_eval(codes)
|
|
62
|
+
|
|
63
|
+
it 'should be number string when it not match IOS acl literal' do
|
|
64
|
+
aups = AceUdpProtoSpec.new(number: 3_333)
|
|
65
|
+
aups.to_s.should be_aclstr('3333')
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
it 'raise error when out of range port number' do
|
|
69
|
+
lambda do
|
|
70
|
+
AceUdpProtoSpec.new(number: 65_536)
|
|
71
|
+
end.should raise_error(AclArgumentError)
|
|
72
|
+
|
|
73
|
+
lambda do
|
|
74
|
+
AceUdpProtoSpec.new(number: -1)
|
|
75
|
+
end.should raise_error(AclArgumentError)
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
it 'raise error when specified name and number literal are not match' do
|
|
79
|
+
lambda do
|
|
80
|
+
AceUdpProtoSpec.new(
|
|
81
|
+
name: 'time',
|
|
82
|
+
number: 49
|
|
83
|
+
)
|
|
84
|
+
end.should raise_error(AclArgumentError)
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
describe AceTcpProtoSpec do
|
|
90
|
+
describe '#to_s' do
|
|
91
|
+
tcp_port_data = <<'EOL'
|
|
92
|
+
bgp Border Gateway Protocol (179)
|
|
93
|
+
chargen Character generator (19
|
|
94
|
+
cmd Remote commands (rcmd, 514)
|
|
95
|
+
daytime Daytime (13)
|
|
96
|
+
discard Discard (9)
|
|
97
|
+
domain Domain Name Service (53)
|
|
98
|
+
drip Dynamic Routing Information Protocol (3949)
|
|
99
|
+
echo Echo (7)
|
|
100
|
+
exec Exec (rsh, 512)
|
|
101
|
+
finger Finger (79)
|
|
102
|
+
ftp File Transfer Protocol (21)
|
|
103
|
+
ftp-data FTP data connections (20)
|
|
104
|
+
gopher Gopher (70)
|
|
105
|
+
hostname NIC hostname server (101)
|
|
106
|
+
ident Ident Protocol (113)
|
|
107
|
+
irc Internet Relay Chat (194)
|
|
108
|
+
klogin Kerberos login (543)
|
|
109
|
+
kshell Kerberos shell (544)
|
|
110
|
+
login Login (rlogin, 513)
|
|
111
|
+
lpd Printer service (515)
|
|
112
|
+
nntp Network News Transport Protocol (119)
|
|
113
|
+
pim-auto-rp PIM Auto-RP (496)
|
|
114
|
+
pop2 Post Office Protocol v2 (109)
|
|
115
|
+
pop3 Post Office Protocol v3 (110)
|
|
116
|
+
smtp Simple Mail Transport Protocol (25)
|
|
117
|
+
sunrpc Sun Remote Procedure Call (111)
|
|
118
|
+
tacacs TAC Access Control System (49)
|
|
119
|
+
talk Talk (517)
|
|
120
|
+
telnet Telnet (23)
|
|
121
|
+
time Time (37)
|
|
122
|
+
uucp Unix-to-Unix Copy Program (540)
|
|
123
|
+
whois Nicname (43)
|
|
124
|
+
www World Wide Web (HTTP, 80)
|
|
125
|
+
EOL
|
|
126
|
+
codes = number_data_to_codes(tcp_port_data, 'AceTcpProtoSpec')
|
|
127
|
+
instance_eval(codes)
|
|
128
|
+
|
|
129
|
+
it 'should be number string when it not match IOS acl literal' do
|
|
130
|
+
aups = AceTcpProtoSpec.new(number: 6_633)
|
|
131
|
+
aups.to_s.should be_aclstr('6633')
|
|
132
|
+
end
|
|
133
|
+
|
|
134
|
+
it 'raise error when out of range port number' do
|
|
135
|
+
lambda do
|
|
136
|
+
AceTcpProtoSpec.new(number: 65_536)
|
|
137
|
+
end.should raise_error(AclArgumentError)
|
|
138
|
+
|
|
139
|
+
lambda do
|
|
140
|
+
AceTcpProtoSpec.new(number: -1)
|
|
141
|
+
end.should raise_error(AclArgumentError)
|
|
142
|
+
end
|
|
143
|
+
|
|
144
|
+
it 'raise error when specified name and number literal are not match' do
|
|
145
|
+
lambda do
|
|
146
|
+
AceUdpProtoSpec.new(
|
|
147
|
+
name: 'bgp',
|
|
148
|
+
number: 517
|
|
149
|
+
)
|
|
150
|
+
end.should raise_error(AclArgumentError)
|
|
151
|
+
end
|
|
152
|
+
end
|
|
153
|
+
end
|
|
154
|
+
|
|
155
|
+
describe AceIpProtoSpec do
|
|
156
|
+
describe '#to_s' do
|
|
157
|
+
ip_port_data = <<'EOL'
|
|
158
|
+
ahp Authentication Header Protocol (51)
|
|
159
|
+
eigrp Cisco's EIGRP routing protocol (88)
|
|
160
|
+
esp Encapsulation Security Payload (50)
|
|
161
|
+
gre Cisco's GRE tunneling (47)
|
|
162
|
+
icmp Internet Control Message Protocol (1)
|
|
163
|
+
igmp Internet Gateway Message Protocol (2)
|
|
164
|
+
ipinip IP in IP tunneling (94)
|
|
165
|
+
nos KA9Q NOS compatible IP over IP tunneling (4)
|
|
166
|
+
ospf OSPF routing protocol (89)
|
|
167
|
+
pcp Payload Compression Protocol (108)
|
|
168
|
+
pim Protocol Independent Multicast (103)
|
|
169
|
+
tcp Transmission Control Protocol (6)
|
|
170
|
+
udp User Datagram Protocol (17)
|
|
171
|
+
EOL
|
|
172
|
+
codes = number_data_to_codes(ip_port_data, 'AceIpProtoSpec')
|
|
173
|
+
instance_eval(codes)
|
|
174
|
+
|
|
175
|
+
it 'should be number string when it not match IOS acl literal' do
|
|
176
|
+
aups = AceIpProtoSpec.new(number: 255)
|
|
177
|
+
aups.to_s.should be_aclstr('255')
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
it 'raise error when out of range port number' do
|
|
181
|
+
lambda do
|
|
182
|
+
AceIpProtoSpec.new(number: 256)
|
|
183
|
+
end.should raise_error(AclArgumentError)
|
|
184
|
+
|
|
185
|
+
lambda do
|
|
186
|
+
AceIpProtoSpec.new(number: -1)
|
|
187
|
+
end.should raise_error(AclArgumentError)
|
|
188
|
+
end
|
|
189
|
+
|
|
190
|
+
it 'raise error when specified name and number literal are not match' do
|
|
191
|
+
lambda do
|
|
192
|
+
AceTcpProtoSpec.new(
|
|
193
|
+
name: 'ospf',
|
|
194
|
+
number: 17
|
|
195
|
+
)
|
|
196
|
+
end.should raise_error(AclArgumentError)
|
|
197
|
+
end
|
|
198
|
+
|
|
199
|
+
end
|
|
200
|
+
end
|