cisco_acl_intp 0.0.3 → 0.0.4

data/lib/cisco_acl_intp/parser.ry

@@ -230,9 +230,14 @@ udp_srcdst_spec: objgrp_srcdst_spec udp_port_spec
     named_acl: std_named_acl_header std_named_acl_entry_list
              | ext_named_acl_header ext_named_acl_entry_list
                  # Notice:
-                 # acl header でエラーがあると、そのあとのエントリ追加用のハコ(object)が
-                 # つくれないので、エラーリカバリしようがない。
-                 # acl_entry_list の中身については可能な範囲で parse して追加。
+                 #
+                 # If an error exists in ACL header, parser cannot
+                 # create 'body' object for add ACL entries that come
+                 # next of header.  Then parser cannot parse any ACL
+                 # entries and cannot recover its error.  When ACL
+                 # header is correct, parser add ACL entires to 'body'
+                 # if each entry can read.  (parse and add all correct
+                 # ACL entries.)
 
 std_named_acl_header: NAMED_ACL 'standard' STRING eos
                  {

data/lib/cisco_acl_intp/parser_api.rb

@@ -111,7 +111,7 @@ module CiscoAclIntp
       @silent_mode = @debug_print || opts[:silent] || false
 
       @color_mode = opts[:color] || :none
-      AclContainerBase.color_mode = @color_mode
+      AccessControlContainer.color_mode = @color_mode
 
       @err_handler = ParserErrorHandler.new
       @err_handler.reset_count
@@ -134,7 +134,7 @@ module CiscoAclIntp
           filename
         else
           @err_handler.count
-          fail AclError, "File: #{filename} not found."
+          raise AclError, "File: #{filename} not found."
         end
       end
     end
@@ -152,13 +152,13 @@ module CiscoAclIntp
           aclstr
         else
           @err_handler.count
-          fail AclError, "Argment: #{aclstr} not found."
+          raise AclError, "Argment: #{aclstr} not found."
         end
       end
     end
 
     # Syntax error handler
-    def on_error(tok, val, vstack)
+    def on_error(tok, val, _vstack)
       errstr = format(
         '%s, near value: %s, (token: %s)',
         err_pos_str, val, token_to_str(tok)

data/lib/cisco_acl_intp/scanner.rb

@@ -18,7 +18,7 @@ module CiscoAclIntp
     # @param [File] file File IO object
     # @return [Array] Scanned tokens array (Queue)
     def scan_file(file)
-      run_scaner(file) do |each|
+      run_scaner(file) do
         # no-op
       end
     end
@@ -72,9 +72,9 @@ module CiscoAclIntp
     # @param [Integer] aclnum ACL number
     # @return [Array] Token list
     def check_numd_acl_type(aclnum)
-      if (1..99).include?(aclnum) || (1300..1999).include?(aclnum)
+      if (1..99).cover?(aclnum) || (1300..1999).cover?(aclnum)
         [:NUMD_STD_ACL, aclnum]
-      elsif (100..199).include?(aclnum) || (2000..2699).include?(aclnum)
+      elsif (100..199).cover?(aclnum) || (2000..2699).cover?(aclnum)
         [:NUMD_EXT_ACL, aclnum]
       else
         [:UNKNOWN, "access-list #{aclnum}"]
@@ -109,7 +109,7 @@ module CiscoAclIntp
       when @ss.scan(/(\d+\.\d+\.\d+\.\d+)\s/)
         ## IP Address
         @line_queue.push [:IPV4_ADDR, @ss[1]]
-      when @ss.scan(/(\d+\.\d+\.\d+\.\d+)(\/)(\d+)\s/)
+      when @ss.scan(%r{(\d+\.\d+\.\d+\.\d+)(\/)(\d+)\s})
         ## IP Address of 'ip/mask' notation
         @line_queue.push [:IPV4_ADDR, @ss[1]]
         @line_queue.push ['/',        @ss[2]]
@@ -144,13 +144,11 @@ module CiscoAclIntp
     # @return [Boolean] if line matched tokens
     def scan_match_arg_tokens
       @arg_tokens.each do |(str, length)|
-        if @ss.scan(/#{str}/)
-          (1...length).each do |idx|
-            @line_queue.push token_list(@ss[idx])
-          end
-          @line_queue.push [:STRING, @ss[length]] # last element
-          break
+        next unless @ss.scan(/#{str}/)
+        (1...length).each do |idx|
+          @line_queue.push token_list(@ss[idx])
         end
+        @line_queue.push [:STRING, @ss[length]] # last element
       end
       @ss.matched?
     end

data/lib/cisco_acl_intp/scanner_special_token_handler.rb

@@ -6,7 +6,7 @@ module CiscoAclIntp
   module SpecialTokenHandler
     # STRING token regexp:
     # first letter is alphabet or digit
-    STR_REGEXP = '[a-zA-Z\d]\S*'
+    STR_REGEXP = '[a-zA-Z\d]\S*'.freeze
 
     # Tokens that takes string parameter
     STRING_ARG_TOKENS = [
@@ -24,13 +24,13 @@ module CiscoAclIntp
       ['object-group', 'service', :word],
       ['object-group', :word], # longest match
       ['group-object', :word]
-    ]
+    ].freeze
 
     # Conversion table of string-tokens
     SYMBOL_TO_REGEXPSTR = {
       word: ['(', STR_REGEXP, ')'].join,
       leftover: '(.*)$'
-    }
+    }.freeze
 
     # Convert STRING_ARG_TOKENS to Regexp string
     # @param [Array] set Special tokens set

data/lib/cisco_acl_intp/version.rb

@@ -3,7 +3,7 @@
 # CiscoAclIntp Module, version definition
 module CiscoAclIntp
   # Version number
-  VERSION = '0.0.3'
+  VERSION = '0.0.4'.freeze
 end
 
 ### Local variables:

data/spec/cisco_acl_intp/{extended_ace_spec.rb → ace_extended_spec.rb}

@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 require 'spec_helper'
 
-def _build_taget(opts)
+def _build_target(opts)
   ExtendedAce.new(
     action: (opts[:target] || 'permit'),
     protocol: (opts[:protocol] || 'tcp'),
@@ -40,7 +40,7 @@ describe ExtendedAce do
           src: @src,
           dst: @dst
         )
-        ea.to_s.should be_aclstr(
+        expect(ea.to_s).to be_aclstr(
           'permit tcp 192.168.8.9 0.0.7.6 host 192.168.30.3 range 1024 65535'
         )
       end
@@ -52,11 +52,10 @@ describe ExtendedAce do
           src: @src,
           dst: @dst
         )
-        ea.to_s.should be_aclstr(
+        expect(ea.to_s).to be_aclstr(
           'deny tcp 192.168.8.9 0.0.7.6 host 192.168.30.3 range 1024 65535'
         )
       end
-
     end
 
     context 'Argument error case' do
@@ -75,45 +74,44 @@ describe ExtendedAce do
       end
 
       it 'should be rased exception when :action not specified' do
-        lambda do
+        expect do
           ExtendedAce.new(
             protocol: 'tcp',
             src: @src,
             dst: @dst
           )
-        end.should raise_error(AclArgumentError)
+        end.to raise_error(AclArgumentError)
       end
 
       it 'should be rased exception when :protocol not specified' do
-        lambda do
+        expect do
           ExtendedAce.new(
             action: 'deny',
             src: @src,
             dst: @dst
           )
-        end.should raise_error(AclArgumentError)
+        end.to raise_error(AclArgumentError)
       end
 
       it 'should be rased exception when :src not specified' do
-        lambda do
+        expect do
           ExtendedAce.new(
             action: 'deny',
             protocol: 'tcp',
             dst: @dst
           )
-        end.should raise_error(AclArgumentError)
+        end.to raise_error(AclArgumentError)
       end
 
       it 'should be rased exception when :dst not specified' do
-        lambda do
+        expect do
           ExtendedAce.new(
             action: 'deny',
             protocol: 'tcp',
             src: @src
           )
-        end.should raise_error(AclArgumentError)
+        end.to raise_error(AclArgumentError)
       end
-
     end
   end
 
@@ -193,13 +191,12 @@ describe ExtendedAce do
         # run test
         it teststr do
           if eres
-            @ea.contains?(_build_taget(eopts)).should be_true
+            expect(@ea.contains?(_build_target(eopts))).to be_truthy
           else
-            @ea.contains?(_build_taget(eopts)).should be_false
+            expect(@ea.contains?(_build_target(eopts))).to be_falsey
           end
         end # it
       end # tests.each
-
     end # context full spec test
 
     context 'ANY ip/port port exists case' do
@@ -245,160 +242,192 @@ describe ExtendedAce do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src1, dst: @dst0
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_match
-        )).should be_true
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_unmatch, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match,   dst_port: @dst_port_match
-        )).should be_true
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_truthy
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_unmatch, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_truthy
       end
 
       it 'should be false when any source ip and unmatch port' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src1, dst: @dst0
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_unmatch,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_match
-        )).should be_false
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_unmatch, src_port: @src_port_unmatch,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match,   dst_port: @dst_port_match
-        )).should be_false
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_unmatch,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_falsey
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_unmatch, src_port: @src_port_unmatch,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_falsey
       end
 
       it 'should be true when any source port' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src2, dst: @dst0
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_match
-        )).should be_true
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_unmatch,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_match
-        )).should be_true
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_truthy
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_unmatch,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_truthy
       end
 
       it 'should be false when any source port and unmatch ip' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src2, dst: @dst0
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_unmatch, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match,   dst_port: @dst_port_match
-        )).should be_false
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_unmatch, src_port: @src_port_unmatch,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match,   dst_port: @dst_port_match
-        )).should be_false
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_unmatch, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_falsey
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_unmatch, src_port: @src_port_unmatch,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_falsey
       end
 
       it 'should be true when any destination ip' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src0, dst: @dst1
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_match
-        )).should be_true
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match,   src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_unmatch, dst_port: @dst_port_match
-        )).should be_true
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_truthy
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_unmatch, dst_port: @dst_port_match
+            ))).to be_truthy
       end
 
       it 'should be false when any destination ip and unmatch port' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src0, dst: @dst1
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_unmatch
-        )).should be_false
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match,   src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_unmatch, dst_port: @dst_port_unmatch
-        )).should be_false
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_unmatch
+            ))).to be_falsey
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_unmatch, dst_port: @dst_port_unmatch
+            ))).to be_falsey
       end
 
       it 'should be true when any destination port' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src0, dst: @dst2
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_match
-        )).should be_true
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_unmatch
-        )).should be_true
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_truthy
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_unmatch
+            ))).to be_truthy
       end
 
       it 'should be false when any destination port and unmatch ip' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src0, dst: @dst2
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match,   src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_unmatch, dst_port: @dst_port_match
-        )).should be_false
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match,   src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_unmatch, dst_port: @dst_port_unmatch
-        )).should be_false
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_unmatch, dst_port: @dst_port_match
+            ))).to be_falsey
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_unmatch, dst_port: @dst_port_unmatch
+            ))).to be_falsey
       end
     end # context exists any ip/port
   end # describe contains?