cisco_acl_intp 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile +1 -1
- data/README.md +64 -3
- data/cisco_acl_intp.gemspec +2 -2
- data/lib/cisco_acl_intp/ace.rb +9 -286
- data/lib/cisco_acl_intp/ace_ip.rb +24 -22
- data/lib/cisco_acl_intp/ace_other_qualifiers.rb +23 -6
- data/lib/cisco_acl_intp/ace_port.rb +37 -182
- data/lib/cisco_acl_intp/ace_port_opr.rb +251 -0
- data/lib/cisco_acl_intp/ace_port_opr_base.rb +138 -0
- data/lib/cisco_acl_intp/ace_proto.rb +133 -328
- data/lib/cisco_acl_intp/ace_proto_base.rb +163 -0
- data/lib/cisco_acl_intp/ace_srcdst.rb +30 -40
- data/lib/cisco_acl_intp/ace_tcp_flags.rb +9 -3
- data/lib/cisco_acl_intp/acl.rb +1 -251
- data/lib/cisco_acl_intp/acl_base.rb +1 -1
- data/lib/cisco_acl_intp/acl_utils.rb +120 -0
- data/lib/cisco_acl_intp/extended_ace.rb +149 -0
- data/lib/cisco_acl_intp/mono_function_acl.rb +161 -0
- data/lib/cisco_acl_intp/parser.rb +237 -395
- data/lib/cisco_acl_intp/parser.ry +85 -243
- data/lib/cisco_acl_intp/parser_api.rb +2 -2
- data/lib/cisco_acl_intp/single_acl_base.rb +137 -0
- data/lib/cisco_acl_intp/standard_ace.rb +105 -0
- data/lib/cisco_acl_intp/version.rb +1 -1
- data/spec/cisco_acl_intp/ace_ip_spec.rb +63 -0
- data/spec/cisco_acl_intp/ace_other_qualifier_spec.rb +52 -1
- data/spec/cisco_acl_intp/ace_port_operator_spec.rb +340 -0
- data/spec/cisco_acl_intp/ace_port_spec.rb +67 -217
- data/spec/cisco_acl_intp/ace_proto_spec.rb +118 -41
- data/spec/cisco_acl_intp/ace_spec.rb +38 -547
- data/spec/cisco_acl_intp/ace_srcdst_spec.rb +115 -226
- data/spec/cisco_acl_intp/ace_tcp_flags_spec.rb +36 -4
- data/spec/cisco_acl_intp/acl_base_spec.rb +2 -2
- data/spec/cisco_acl_intp/extended_ace_spec.rb +411 -0
- data/spec/cisco_acl_intp/extended_acl_spec.rb +265 -0
- data/spec/cisco_acl_intp/scanner_spec.rb +13 -12
- data/spec/cisco_acl_intp/standard_ace_spec.rb +77 -0
- data/spec/cisco_acl_intp/standard_acl_spec.rb +245 -0
- data/spec/conf/scanner_spec_data.yml +32 -0
- data/spec/spec_helper.rb +2 -2
- metadata +20 -4
- data/spec/cisco_acl_intp/acl_spec.rb +0 -525
|
@@ -13,7 +13,7 @@ def get_codes(port_table, classname)
|
|
|
13
13
|
port_table.each_pair.reduce([]) do |list, (key, value)|
|
|
14
14
|
list.push(<<"EOL")
|
|
15
15
|
it 'should be [#{key}] when only number:#{value} specified' do
|
|
16
|
-
aups = #{classname}.new(
|
|
16
|
+
aups = #{classname}.new(#{value})
|
|
17
17
|
aups.to_s.should be_aclstr('#{key}')
|
|
18
18
|
end
|
|
19
19
|
EOL
|
|
@@ -27,19 +27,30 @@ def number_data_to_codes(data, classname)
|
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
describe AceUdpProtoSpec do
|
|
30
|
-
describe '#name_to_numer' do
|
|
30
|
+
describe '#name_to_numer, #to_i' do
|
|
31
31
|
it 'should be "111" by converting proto name "sunrpc"' do
|
|
32
|
-
aups = AceUdpProtoSpec.new(
|
|
32
|
+
aups = AceUdpProtoSpec.new('sunrpc')
|
|
33
33
|
aups.number.should eq 111
|
|
34
|
+
aups.to_i.should eq 111
|
|
34
35
|
end
|
|
35
36
|
|
|
36
|
-
it 'should be
|
|
37
|
+
it 'should be error by converting unknown proto name "hoge"' do
|
|
37
38
|
lambda do
|
|
38
|
-
AceUdpProtoSpec.new(
|
|
39
|
+
AceUdpProtoSpec.new('hoge')
|
|
39
40
|
end.should raise_error(AclArgumentError)
|
|
40
41
|
end
|
|
41
42
|
end
|
|
42
43
|
|
|
44
|
+
describe 'class#valid_name?' do
|
|
45
|
+
it 'should be true when valid udp port name' do
|
|
46
|
+
AceUdpProtoSpec.valid_name?('snmp').should be_true
|
|
47
|
+
end
|
|
48
|
+
|
|
49
|
+
it 'should be false when invalid udp port name' do
|
|
50
|
+
AceUdpProtoSpec.valid_name?('daytime').should be_false
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
43
54
|
describe '#to_s' do
|
|
44
55
|
udp_port_data = <<'EOL'
|
|
45
56
|
biff Biff (mail notification, comsat, 512)
|
|
@@ -74,45 +85,56 @@ EOL
|
|
|
74
85
|
instance_eval(codes)
|
|
75
86
|
|
|
76
87
|
it 'should be number string when it not match IOS acl literal' do
|
|
77
|
-
aups = AceUdpProtoSpec.new(
|
|
88
|
+
aups = AceUdpProtoSpec.new(3_333)
|
|
78
89
|
aups.to_s.should be_aclstr('3333')
|
|
79
90
|
end
|
|
80
91
|
|
|
81
|
-
it '
|
|
92
|
+
it 'should be error when out of range port number' do
|
|
82
93
|
lambda do
|
|
83
|
-
AceUdpProtoSpec.new(
|
|
94
|
+
AceUdpProtoSpec.new(65_536)
|
|
84
95
|
end.should raise_error(AclArgumentError)
|
|
85
96
|
|
|
86
97
|
lambda do
|
|
87
|
-
AceUdpProtoSpec.new(
|
|
98
|
+
AceUdpProtoSpec.new(-1)
|
|
88
99
|
end.should raise_error(AclArgumentError)
|
|
89
100
|
end
|
|
90
101
|
|
|
91
|
-
it '
|
|
102
|
+
it 'should be error when not specified name/number' do
|
|
103
|
+
lambda do
|
|
104
|
+
AceUdpProtoSpec.new
|
|
105
|
+
end.should raise_error(AclArgumentError)
|
|
92
106
|
lambda do
|
|
93
|
-
AceUdpProtoSpec.new(
|
|
94
|
-
name: 'time',
|
|
95
|
-
number: 49
|
|
96
|
-
)
|
|
107
|
+
AceUdpProtoSpec.new('')
|
|
97
108
|
end.should raise_error(AclArgumentError)
|
|
98
109
|
end
|
|
99
110
|
end
|
|
100
111
|
end
|
|
101
112
|
|
|
102
113
|
describe AceTcpProtoSpec do
|
|
103
|
-
describe '#name_to_numer' do
|
|
114
|
+
describe '#name_to_numer, #to_i' do
|
|
104
115
|
it 'should be "49" by converting proto name "tacacs"' do
|
|
105
|
-
atps = AceTcpProtoSpec.new(
|
|
116
|
+
atps = AceTcpProtoSpec.new('tacacs')
|
|
106
117
|
atps.number.should eq 49
|
|
118
|
+
atps.to_i.should eq 49
|
|
107
119
|
end
|
|
108
120
|
|
|
109
|
-
it 'should be
|
|
121
|
+
it 'should be error by converting unknown proto name "fuga"' do
|
|
110
122
|
lambda do
|
|
111
|
-
AceTcpProtoSpec.new(
|
|
123
|
+
AceTcpProtoSpec.new('fuga')
|
|
112
124
|
end.should raise_error(AclArgumentError)
|
|
113
125
|
end
|
|
114
126
|
end
|
|
115
127
|
|
|
128
|
+
describe 'class#valid_name?' do
|
|
129
|
+
it 'should be true when valid tcp port name' do
|
|
130
|
+
AceTcpProtoSpec.valid_name?('daytime').should be_true
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
it 'should be false when invalid tcp port name' do
|
|
134
|
+
AceTcpProtoSpec.valid_name?('snmp').should be_false
|
|
135
|
+
end
|
|
136
|
+
end
|
|
137
|
+
|
|
116
138
|
describe '#to_s' do
|
|
117
139
|
tcp_port_data = <<'EOL'
|
|
118
140
|
bgp Border Gateway Protocol (179)
|
|
@@ -153,26 +175,26 @@ EOL
|
|
|
153
175
|
instance_eval(codes)
|
|
154
176
|
|
|
155
177
|
it 'should be number string when it not match IOS acl literal' do
|
|
156
|
-
aups = AceTcpProtoSpec.new(
|
|
178
|
+
aups = AceTcpProtoSpec.new(6_633)
|
|
157
179
|
aups.to_s.should be_aclstr('6633')
|
|
158
180
|
end
|
|
159
181
|
|
|
160
|
-
it '
|
|
182
|
+
it 'should be error when not specified name/number' do
|
|
161
183
|
lambda do
|
|
162
|
-
AceTcpProtoSpec.new
|
|
184
|
+
AceTcpProtoSpec.new
|
|
163
185
|
end.should raise_error(AclArgumentError)
|
|
164
|
-
|
|
165
186
|
lambda do
|
|
166
|
-
AceTcpProtoSpec.new(
|
|
187
|
+
AceTcpProtoSpec.new('')
|
|
167
188
|
end.should raise_error(AclArgumentError)
|
|
168
189
|
end
|
|
169
190
|
|
|
170
|
-
it '
|
|
191
|
+
it 'should be error when out of range port number' do
|
|
171
192
|
lambda do
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
193
|
+
AceTcpProtoSpec.new(65_536)
|
|
194
|
+
end.should raise_error(AclArgumentError)
|
|
195
|
+
|
|
196
|
+
lambda do
|
|
197
|
+
AceTcpProtoSpec.new(-1)
|
|
176
198
|
end.should raise_error(AclArgumentError)
|
|
177
199
|
end
|
|
178
200
|
end
|
|
@@ -181,17 +203,67 @@ end
|
|
|
181
203
|
describe AceIpProtoSpec do
|
|
182
204
|
describe '#name_to_numer' do
|
|
183
205
|
it 'should be "88" by converting proto name "eigrp"' do
|
|
184
|
-
aips = AceIpProtoSpec.new(
|
|
206
|
+
aips = AceIpProtoSpec.new('eigrp')
|
|
185
207
|
aips.number.should eq 88
|
|
208
|
+
aips.to_i.should eq 88
|
|
186
209
|
end
|
|
187
210
|
|
|
188
|
-
it 'should be
|
|
211
|
+
it 'should be error by converting unknown proto name "foo"' do
|
|
189
212
|
lambda do
|
|
190
|
-
AceIpProtoSpec.new(
|
|
213
|
+
AceIpProtoSpec.new('foo')
|
|
191
214
|
end.should raise_error(AclArgumentError)
|
|
192
215
|
end
|
|
193
216
|
end
|
|
194
217
|
|
|
218
|
+
describe 'class#valid_name?' do
|
|
219
|
+
it 'should be true when valid tcp port name' do
|
|
220
|
+
AceIpProtoSpec.valid_name?('ospf').should be_true
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
it 'should be false when invalid tcp port name' do
|
|
224
|
+
AceIpProtoSpec.valid_name?('daytime').should be_false
|
|
225
|
+
end
|
|
226
|
+
end
|
|
227
|
+
|
|
228
|
+
describe '#contains?' do
|
|
229
|
+
before(:all) do
|
|
230
|
+
@p_ip = AceIpProtoSpec.new('ip')
|
|
231
|
+
@p_ip2 = AceIpProtoSpec.new('ip')
|
|
232
|
+
@p_tcp = AceIpProtoSpec.new(6)
|
|
233
|
+
@p_tcp2 = AceIpProtoSpec.new('tcp')
|
|
234
|
+
@p_udp = AceIpProtoSpec.new(17)
|
|
235
|
+
@p_udp2 = AceIpProtoSpec.new('udp')
|
|
236
|
+
@p_esp = AceIpProtoSpec.new('esp')
|
|
237
|
+
end
|
|
238
|
+
|
|
239
|
+
it 'should be true, ip includes tcp/udp' do
|
|
240
|
+
@p_ip.contains?(@p_tcp).should be_true
|
|
241
|
+
@p_ip.contains?(@p_udp).should be_true
|
|
242
|
+
@p_ip.contains?(@p_ip2).should be_true
|
|
243
|
+
end
|
|
244
|
+
|
|
245
|
+
it 'should be false, ip not includes esp' do
|
|
246
|
+
@p_ip.contains?(@p_esp).should be_false
|
|
247
|
+
@p_esp.contains?(@p_ip).should be_false
|
|
248
|
+
@p_esp.contains?(@p_tcp).should be_false
|
|
249
|
+
@p_esp.contains?(@p_udp).should be_false
|
|
250
|
+
end
|
|
251
|
+
|
|
252
|
+
it 'should be true, tcp/udp includes tcp/udp' do
|
|
253
|
+
@p_tcp.contains?(@p_tcp2).should be_true
|
|
254
|
+
@p_udp.contains?(@p_udp2).should be_true
|
|
255
|
+
end
|
|
256
|
+
|
|
257
|
+
it 'should be false, tcp/udp not includes ip/udp/tcp' do
|
|
258
|
+
@p_tcp.contains?(@p_ip).should be_false
|
|
259
|
+
@p_tcp.contains?(@p_udp).should be_false
|
|
260
|
+
@p_tcp.contains?(@p_esp).should be_false
|
|
261
|
+
@p_udp.contains?(@p_ip).should be_false
|
|
262
|
+
@p_udp.contains?(@p_tcp).should be_false
|
|
263
|
+
@p_udp.contains?(@p_esp).should be_false
|
|
264
|
+
end
|
|
265
|
+
end
|
|
266
|
+
|
|
195
267
|
describe '#to_s' do
|
|
196
268
|
ip_port_data = <<'EOL'
|
|
197
269
|
ahp Authentication Header Protocol (51)
|
|
@@ -212,28 +284,33 @@ EOL
|
|
|
212
284
|
instance_eval(codes)
|
|
213
285
|
|
|
214
286
|
it 'should be number string when it not match IOS acl literal' do
|
|
215
|
-
aups = AceIpProtoSpec.new(
|
|
287
|
+
aups = AceIpProtoSpec.new(255)
|
|
216
288
|
aups.to_s.should be_aclstr('255')
|
|
217
289
|
end
|
|
218
290
|
|
|
219
|
-
it '
|
|
291
|
+
it 'should be error when out of range port number' do
|
|
220
292
|
lambda do
|
|
221
|
-
AceIpProtoSpec.new(
|
|
293
|
+
AceIpProtoSpec.new(256)
|
|
222
294
|
end.should raise_error(AclArgumentError)
|
|
223
295
|
|
|
224
296
|
lambda do
|
|
225
|
-
AceIpProtoSpec.new(
|
|
297
|
+
AceIpProtoSpec.new(-1)
|
|
226
298
|
end.should raise_error(AclArgumentError)
|
|
227
299
|
end
|
|
228
300
|
|
|
229
|
-
it '
|
|
301
|
+
it 'should be error when not specified name/number' do
|
|
230
302
|
lambda do
|
|
231
|
-
|
|
232
|
-
|
|
233
|
-
|
|
234
|
-
)
|
|
303
|
+
AceIpProtoSpec.new
|
|
304
|
+
end.should raise_error(AclArgumentError)
|
|
305
|
+
lambda do
|
|
306
|
+
AceIpProtoSpec.new('')
|
|
235
307
|
end.should raise_error(AclArgumentError)
|
|
236
308
|
end
|
|
237
|
-
|
|
238
309
|
end
|
|
239
310
|
end
|
|
311
|
+
|
|
312
|
+
### Local variables:
|
|
313
|
+
### mode: Ruby
|
|
314
|
+
### coding: utf-8-unix
|
|
315
|
+
### indent-tabs-mode: nil
|
|
316
|
+
### End:
|