RubyGems - cisco_acl_intp - Versions diffs - 0.0.3 → 0.0.4 - Mend

cisco_acl_intp 0.0.3 → 0.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

checksums.yaml +4 -4
data/.gitignore +3 -0
data/.rubocop.yml +2 -2
data/.travis.yml +4 -2
data/Gemfile +7 -6
data/README.md +23 -18
data/Rakefile +11 -13
data/cisco_acl_intp.gemspec +7 -7
data/lib/cisco_acl_intp/acc.rb +111 -0
data/lib/cisco_acl_intp/{ace.rb → ace_base.rb} +9 -8
data/lib/cisco_acl_intp/{extended_ace.rb → ace_extended.rb} +8 -10
data/lib/cisco_acl_intp/{standard_ace.rb → ace_standard.rb} +5 -5
data/lib/cisco_acl_intp/acespec_base.rb +15 -0
data/lib/cisco_acl_intp/{ace_ip.rb → acespec_ip.rb} +14 -22
data/lib/cisco_acl_intp/{ace_other_qualifiers.rb → acespec_other_qualifiers.rb} +7 -7
data/lib/cisco_acl_intp/{ace_port.rb → acespec_port.rb} +10 -13
data/lib/cisco_acl_intp/{ace_port_opr.rb → acespec_port_opr.rb} +75 -73
data/lib/cisco_acl_intp/{ace_port_opr_base.rb → acespec_port_opr_base.rb} +49 -34
data/lib/cisco_acl_intp/{ace_proto.rb → acespec_proto.rb} +4 -4
data/lib/cisco_acl_intp/{ace_proto_base.rb → acespec_proto_base.rb} +8 -8
data/lib/cisco_acl_intp/{ace_srcdst.rb → acespec_srcdst.rb} +9 -8
data/lib/cisco_acl_intp/{ace_tcp_flags.rb → acespec_tcp_flags.rb} +4 -4
data/lib/cisco_acl_intp/acl.rb +1 -1
data/lib/cisco_acl_intp/acl_base.rb +108 -80
data/lib/cisco_acl_intp/{mono_function_acl.rb → acl_category_base.rb} +5 -5
data/lib/cisco_acl_intp/acl_utils.rb +1 -1
data/lib/cisco_acl_intp/parser.rb +388 -406
data/lib/cisco_acl_intp/parser.ry +8 -3
data/lib/cisco_acl_intp/parser_api.rb +4 -4
data/lib/cisco_acl_intp/scanner.rb +8 -10
data/lib/cisco_acl_intp/scanner_special_token_handler.rb +3 -3
data/lib/cisco_acl_intp/version.rb +1 -1
data/spec/cisco_acl_intp/{extended_ace_spec.rb → ace_extended_spec.rb} +157 -128
data/spec/cisco_acl_intp/ace_spec.rb +21 -19
data/spec/cisco_acl_intp/{standard_ace_spec.rb → ace_standard_spec.rb} +7 -11
data/spec/cisco_acl_intp/{ace_ip_spec.rb → acespec_ip_spec.rb} +34 -34
data/spec/cisco_acl_intp/{ace_other_qualifier_spec.rb → acespec_other_qualifier_spec.rb} +18 -18
data/spec/cisco_acl_intp/acespec_port_operator_spec.rb +331 -0
data/spec/cisco_acl_intp/{ace_port_spec.rb → acespec_port_spec.rb} +33 -33
data/spec/cisco_acl_intp/{ace_proto_spec.rb → acespec_proto_spec.rb} +61 -61
data/spec/cisco_acl_intp/{ace_srcdst_spec.rb → acespec_srcdst_spec.rb} +113 -54
data/spec/cisco_acl_intp/{ace_tcp_flags_spec.rb → acespec_tcp_flags_spec.rb} +10 -10
data/spec/cisco_acl_intp/acl_base_spec.rb +14 -12
data/spec/cisco_acl_intp/{extended_acl_spec.rb → acl_extended_spec.rb} +28 -28
data/spec/cisco_acl_intp/{standard_acl_spec.rb → acl_standard_spec.rb} +24 -23
data/spec/cisco_acl_intp/cisco_acl_intp_spec.rb +1 -1
data/spec/cisco_acl_intp/parser_spec.rb +12 -12
data/spec/cisco_acl_intp/scanner_spec.rb +31 -36
data/spec/parser_fullfill_patterns.rb +6 -7
data/spec/spec_helper.rb +6 -6
data/tools/check_acl.rb +1 -1
metadata +60 -59
data/lib/cisco_acl_intp/single_acl_base.rb +0 -137
data/spec/cisco_acl_intp/ace_port_operator_spec.rb +0 -340

data/lib/cisco_acl_intp/parser.ry CHANGED

@@ -230,9 +230,14 @@ udp_srcdst_spec: objgrp_srcdst_spec udp_port_spec
     named_acl: std_named_acl_header std_named_acl_entry_list
              | ext_named_acl_header ext_named_acl_entry_list
                  # Notice:
-                 # acl header でエラーがあると、そのあとのエントリ追加用のハコ(object)が
-                 # つくれないので、エラーリカバリしようがない。
-                 # acl_entry_list の中身については可能な範囲で parse して追加。
+                 #
+                 # If an error exists in ACL header, parser cannot
+                 # create 'body' object for add ACL entries that come
+                 # next of header.  Then parser cannot parse any ACL
+                 # entries and cannot recover its error.  When ACL
+                 # header is correct, parser add ACL entires to 'body'
+                 # if each entry can read.  (parse and add all correct
+                 # ACL entries.)
 std_named_acl_header: NAMED_ACL 'standard' STRING eos
                  {

data/lib/cisco_acl_intp/parser_api.rb CHANGED

@@ -111,7 +111,7 @@ module CiscoAclIntp
       @silent_mode = @debug_print || opts[:silent] || false
       @color_mode = opts[:color] || :none
-      AclContainerBase.color_mode = @color_mode
+      AccessControlContainer.color_mode = @color_mode
       @err_handler = ParserErrorHandler.new
       @err_handler.reset_count
@@ -134,7 +134,7 @@ module CiscoAclIntp
           filename
         else
           @err_handler.count
-          fail AclError, "File: #{filename} not found."
+          raise AclError, "File: #{filename} not found."
         end
       end
     end
@@ -152,13 +152,13 @@ module CiscoAclIntp
           aclstr
         else
           @err_handler.count
-          fail AclError, "Argment: #{aclstr} not found."
+          raise AclError, "Argment: #{aclstr} not found."
         end
       end
     end
     # Syntax error handler
-    def on_error(tok, val, vstack)
+    def on_error(tok, val, _vstack)
       errstr = format(
         '%s, near value: %s, (token: %s)',
         err_pos_str, val, token_to_str(tok)

data/lib/cisco_acl_intp/scanner.rb CHANGED

@@ -18,7 +18,7 @@ module CiscoAclIntp
     # @param [File] file File IO object
     # @return [Array] Scanned tokens array (Queue)
     def scan_file(file)
-      run_scaner(file) do |each|
+      run_scaner(file) do
         # no-op
       end
     end
@@ -72,9 +72,9 @@ module CiscoAclIntp
     # @param [Integer] aclnum ACL number
     # @return [Array] Token list
     def check_numd_acl_type(aclnum)
-      if (1..99).include?(aclnum) || (1300..1999).include?(aclnum)
+      if (1..99).cover?(aclnum) || (1300..1999).cover?(aclnum)
         [:NUMD_STD_ACL, aclnum]
-      elsif (100..199).include?(aclnum) || (2000..2699).include?(aclnum)
+      elsif (100..199).cover?(aclnum) || (2000..2699).cover?(aclnum)
         [:NUMD_EXT_ACL, aclnum]
       else
         [:UNKNOWN, "access-list #{aclnum}"]
@@ -109,7 +109,7 @@ module CiscoAclIntp
       when @ss.scan(/(\d+\.\d+\.\d+\.\d+)\s/)
         ## IP Address
         @line_queue.push [:IPV4_ADDR, @ss[1]]
-      when @ss.scan(/(\d+\.\d+\.\d+\.\d+)(\/)(\d+)\s/)
+      when @ss.scan(%r{(\d+\.\d+\.\d+\.\d+)(\/)(\d+)\s})
         ## IP Address of 'ip/mask' notation
         @line_queue.push [:IPV4_ADDR, @ss[1]]
         @line_queue.push ['/',        @ss[2]]
@@ -144,13 +144,11 @@ module CiscoAclIntp
     # @return [Boolean] if line matched tokens
     def scan_match_arg_tokens
       @arg_tokens.each do |(str, length)|
-        if @ss.scan(/#{str}/)
-          (1...length).each do |idx|
-            @line_queue.push token_list(@ss[idx])
-          end
-          @line_queue.push [:STRING, @ss[length]] # last element
-          break
+        next unless @ss.scan(/#{str}/)
+        (1...length).each do |idx|
+          @line_queue.push token_list(@ss[idx])
         end
+        @line_queue.push [:STRING, @ss[length]] # last element
       end
       @ss.matched?
     end

data/lib/cisco_acl_intp/scanner_special_token_handler.rb CHANGED

@@ -6,7 +6,7 @@ module CiscoAclIntp
   module SpecialTokenHandler
     # STRING token regexp:
     # first letter is alphabet or digit
-    STR_REGEXP = '[a-zA-Z\d]\S*'
+    STR_REGEXP = '[a-zA-Z\d]\S*'.freeze
     # Tokens that takes string parameter
     STRING_ARG_TOKENS = [
@@ -24,13 +24,13 @@ module CiscoAclIntp
       ['object-group', 'service', :word],
       ['object-group', :word], # longest match
       ['group-object', :word]
-    ]
+    ].freeze
     # Conversion table of string-tokens
     SYMBOL_TO_REGEXPSTR = {
       word: ['(', STR_REGEXP, ')'].join,
       leftover: '(.*)$'
-    }
+    }.freeze
     # Convert STRING_ARG_TOKENS to Regexp string
     # @param [Array] set Special tokens set

data/lib/cisco_acl_intp/version.rb CHANGED

@@ -3,7 +3,7 @@
 # CiscoAclIntp Module, version definition
 module CiscoAclIntp
   # Version number
-  VERSION = '0.0.3'
+  VERSION = '0.0.4'.freeze
 end
 ### Local variables:

data/spec/cisco_acl_intp/{extended_ace_spec.rb → ace_extended_spec.rb} RENAMED

@@ -1,7 +1,7 @@
 # -*- coding: utf-8 -*-
 require 'spec_helper'
-def _build_taget(opts)
+def _build_target(opts)
   ExtendedAce.new(
     action: (opts[:target] || 'permit'),
     protocol: (opts[:protocol] || 'tcp'),
@@ -40,7 +40,7 @@ describe ExtendedAce do
           src: @src,
           dst: @dst
         )
-        ea.to_s.should be_aclstr(
+        expect(ea.to_s).to be_aclstr(
           'permit tcp 192.168.8.9 0.0.7.6 host 192.168.30.3 range 1024 65535'
         )
       end
@@ -52,11 +52,10 @@ describe ExtendedAce do
           src: @src,
           dst: @dst
         )
-        ea.to_s.should be_aclstr(
+        expect(ea.to_s).to be_aclstr(
           'deny tcp 192.168.8.9 0.0.7.6 host 192.168.30.3 range 1024 65535'
         )
       end
     end
     context 'Argument error case' do
@@ -75,45 +74,44 @@ describe ExtendedAce do
       end
       it 'should be rased exception when :action not specified' do
-        lambda do
+        expect do
           ExtendedAce.new(
             protocol: 'tcp',
             src: @src,
             dst: @dst
           )
-        end.should raise_error(AclArgumentError)
+        end.to raise_error(AclArgumentError)
       end
       it 'should be rased exception when :protocol not specified' do
-        lambda do
+        expect do
           ExtendedAce.new(
             action: 'deny',
             src: @src,
             dst: @dst
           )
-        end.should raise_error(AclArgumentError)
+        end.to raise_error(AclArgumentError)
       end
       it 'should be rased exception when :src not specified' do
-        lambda do
+        expect do
           ExtendedAce.new(
             action: 'deny',
             protocol: 'tcp',
             dst: @dst
           )
-        end.should raise_error(AclArgumentError)
+        end.to raise_error(AclArgumentError)
       end
       it 'should be rased exception when :dst not specified' do
-        lambda do
+        expect do
           ExtendedAce.new(
             action: 'deny',
             protocol: 'tcp',
             src: @src
           )
-        end.should raise_error(AclArgumentError)
+        end.to raise_error(AclArgumentError)
       end
     end
   end
@@ -193,13 +191,12 @@ describe ExtendedAce do
         # run test
         it teststr do
           if eres
-            @ea.contains?(_build_taget(eopts)).should be_true
+            expect(@ea.contains?(_build_target(eopts))).to be_truthy
           else
-            @ea.contains?(_build_taget(eopts)).should be_false
+            expect(@ea.contains?(_build_target(eopts))).to be_falsey
           end
         end # it
       end # tests.each
     end # context full spec test
     context 'ANY ip/port port exists case' do
@@ -245,160 +242,192 @@ describe ExtendedAce do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src1, dst: @dst0
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_match
-        )).should be_true
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_unmatch, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match,   dst_port: @dst_port_match
-        )).should be_true
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_truthy
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_unmatch, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_truthy
       end
       it 'should be false when any source ip and unmatch port' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src1, dst: @dst0
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_unmatch,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_match
-        )).should be_false
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_unmatch, src_port: @src_port_unmatch,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match,   dst_port: @dst_port_match
-        )).should be_false
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_unmatch,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_falsey
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_unmatch, src_port: @src_port_unmatch,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_falsey
       end
       it 'should be true when any source port' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src2, dst: @dst0
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_match
-        )).should be_true
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_unmatch,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_match
-        )).should be_true
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_truthy
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_unmatch,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_truthy
       end
       it 'should be false when any source port and unmatch ip' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src2, dst: @dst0
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_unmatch, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match,   dst_port: @dst_port_match
-        )).should be_false
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_unmatch, src_port: @src_port_unmatch,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match,   dst_port: @dst_port_match
-        )).should be_false
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_unmatch, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_falsey
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_unmatch, src_port: @src_port_unmatch,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_falsey
       end
       it 'should be true when any destination ip' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src0, dst: @dst1
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_match
-        )).should be_true
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match,   src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_unmatch, dst_port: @dst_port_match
-        )).should be_true
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_truthy
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_unmatch, dst_port: @dst_port_match
+            ))).to be_truthy
       end
       it 'should be false when any destination ip and unmatch port' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src0, dst: @dst1
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_unmatch
-        )).should be_false
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match,   src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_unmatch, dst_port: @dst_port_unmatch
-        )).should be_false
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_unmatch
+            ))).to be_falsey
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_unmatch, dst_port: @dst_port_unmatch
+            ))).to be_falsey
       end
       it 'should be true when any destination port' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src0, dst: @dst2
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_match
-        )).should be_true
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match, src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_match, dst_port: @dst_port_unmatch
-        )).should be_true
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_match
+            ))).to be_truthy
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_match, dst_port: @dst_port_unmatch
+            ))).to be_truthy
       end
       it 'should be false when any destination port and unmatch ip' do
         ea = ExtendedAce.new(
           action: 'permit', protocol: 'tcp', src: @src0, dst: @dst2
         )
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match,   src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_unmatch, dst_port: @dst_port_match
-        )).should be_false
-        ea.contains?(_build_taget(
-            protocol: 'tcp',
-            src_operator: :eq,
-            src_ip: @src_ip_match,   src_port: @src_port_match,
-            dst_operator: :eq,
-            dst_ip: @dst_ip_unmatch, dst_port: @dst_port_unmatch
-        )).should be_false
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_unmatch, dst_port: @dst_port_match
+            ))).to be_falsey
+        expect(
+          ea.contains?(
+            _build_target(
+              protocol: 'tcp',
+              src_operator: :eq,
+              src_ip: @src_ip_match, src_port: @src_port_match,
+              dst_operator: :eq,
+              dst_ip: @dst_ip_unmatch, dst_port: @dst_port_unmatch
+            ))).to be_falsey
       end
     end # context exists any ip/port
   end # describe contains?