cisco_acl_intp 0.0.3 → 0.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +3 -0
- data/.rubocop.yml +2 -2
- data/.travis.yml +4 -2
- data/Gemfile +7 -6
- data/README.md +23 -18
- data/Rakefile +11 -13
- data/cisco_acl_intp.gemspec +7 -7
- data/lib/cisco_acl_intp/acc.rb +111 -0
- data/lib/cisco_acl_intp/{ace.rb → ace_base.rb} +9 -8
- data/lib/cisco_acl_intp/{extended_ace.rb → ace_extended.rb} +8 -10
- data/lib/cisco_acl_intp/{standard_ace.rb → ace_standard.rb} +5 -5
- data/lib/cisco_acl_intp/acespec_base.rb +15 -0
- data/lib/cisco_acl_intp/{ace_ip.rb → acespec_ip.rb} +14 -22
- data/lib/cisco_acl_intp/{ace_other_qualifiers.rb → acespec_other_qualifiers.rb} +7 -7
- data/lib/cisco_acl_intp/{ace_port.rb → acespec_port.rb} +10 -13
- data/lib/cisco_acl_intp/{ace_port_opr.rb → acespec_port_opr.rb} +75 -73
- data/lib/cisco_acl_intp/{ace_port_opr_base.rb → acespec_port_opr_base.rb} +49 -34
- data/lib/cisco_acl_intp/{ace_proto.rb → acespec_proto.rb} +4 -4
- data/lib/cisco_acl_intp/{ace_proto_base.rb → acespec_proto_base.rb} +8 -8
- data/lib/cisco_acl_intp/{ace_srcdst.rb → acespec_srcdst.rb} +9 -8
- data/lib/cisco_acl_intp/{ace_tcp_flags.rb → acespec_tcp_flags.rb} +4 -4
- data/lib/cisco_acl_intp/acl.rb +1 -1
- data/lib/cisco_acl_intp/acl_base.rb +108 -80
- data/lib/cisco_acl_intp/{mono_function_acl.rb → acl_category_base.rb} +5 -5
- data/lib/cisco_acl_intp/acl_utils.rb +1 -1
- data/lib/cisco_acl_intp/parser.rb +388 -406
- data/lib/cisco_acl_intp/parser.ry +8 -3
- data/lib/cisco_acl_intp/parser_api.rb +4 -4
- data/lib/cisco_acl_intp/scanner.rb +8 -10
- data/lib/cisco_acl_intp/scanner_special_token_handler.rb +3 -3
- data/lib/cisco_acl_intp/version.rb +1 -1
- data/spec/cisco_acl_intp/{extended_ace_spec.rb → ace_extended_spec.rb} +157 -128
- data/spec/cisco_acl_intp/ace_spec.rb +21 -19
- data/spec/cisco_acl_intp/{standard_ace_spec.rb → ace_standard_spec.rb} +7 -11
- data/spec/cisco_acl_intp/{ace_ip_spec.rb → acespec_ip_spec.rb} +34 -34
- data/spec/cisco_acl_intp/{ace_other_qualifier_spec.rb → acespec_other_qualifier_spec.rb} +18 -18
- data/spec/cisco_acl_intp/acespec_port_operator_spec.rb +331 -0
- data/spec/cisco_acl_intp/{ace_port_spec.rb → acespec_port_spec.rb} +33 -33
- data/spec/cisco_acl_intp/{ace_proto_spec.rb → acespec_proto_spec.rb} +61 -61
- data/spec/cisco_acl_intp/{ace_srcdst_spec.rb → acespec_srcdst_spec.rb} +113 -54
- data/spec/cisco_acl_intp/{ace_tcp_flags_spec.rb → acespec_tcp_flags_spec.rb} +10 -10
- data/spec/cisco_acl_intp/acl_base_spec.rb +14 -12
- data/spec/cisco_acl_intp/{extended_acl_spec.rb → acl_extended_spec.rb} +28 -28
- data/spec/cisco_acl_intp/{standard_acl_spec.rb → acl_standard_spec.rb} +24 -23
- data/spec/cisco_acl_intp/cisco_acl_intp_spec.rb +1 -1
- data/spec/cisco_acl_intp/parser_spec.rb +12 -12
- data/spec/cisco_acl_intp/scanner_spec.rb +31 -36
- data/spec/parser_fullfill_patterns.rb +6 -7
- data/spec/spec_helper.rb +6 -6
- data/tools/check_acl.rb +1 -1
- metadata +60 -59
- data/lib/cisco_acl_intp/single_acl_base.rb +0 -137
- data/spec/cisco_acl_intp/ace_port_operator_spec.rb +0 -340
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
require 'spec_helper'
|
|
3
3
|
|
|
4
4
|
def get_port_table(data)
|
|
5
|
-
data.split(/\n/).
|
|
5
|
+
data.split(/\n/).each_with_object({}) do |line, tbl|
|
|
6
6
|
md = line.match(/^\s*([\w\d\-]+)\s+.+[\s\(](\d+)\)$/)
|
|
7
7
|
tbl[md[1]] = md[2] if md
|
|
8
8
|
tbl
|
|
@@ -30,24 +30,24 @@ describe AceUdpProtoSpec do
|
|
|
30
30
|
describe '#name_to_numer, #to_i' do
|
|
31
31
|
it 'should be "111" by converting proto name "sunrpc"' do
|
|
32
32
|
aups = AceUdpProtoSpec.new('sunrpc')
|
|
33
|
-
aups.number.
|
|
34
|
-
aups.to_i.
|
|
33
|
+
expect(aups.number).to eq 111
|
|
34
|
+
expect(aups.to_i).to eq 111
|
|
35
35
|
end
|
|
36
36
|
|
|
37
37
|
it 'should be error by converting unknown proto name "hoge"' do
|
|
38
|
-
|
|
38
|
+
expect do
|
|
39
39
|
AceUdpProtoSpec.new('hoge')
|
|
40
|
-
end.
|
|
40
|
+
end.to raise_error(AclArgumentError)
|
|
41
41
|
end
|
|
42
42
|
end
|
|
43
43
|
|
|
44
44
|
describe 'class#valid_name?' do
|
|
45
45
|
it 'should be true when valid udp port name' do
|
|
46
|
-
AceUdpProtoSpec.valid_name?('snmp').
|
|
46
|
+
expect(AceUdpProtoSpec.valid_name?('snmp')).to be_truthy
|
|
47
47
|
end
|
|
48
48
|
|
|
49
49
|
it 'should be false when invalid udp port name' do
|
|
50
|
-
AceUdpProtoSpec.valid_name?('daytime').
|
|
50
|
+
expect(AceUdpProtoSpec.valid_name?('daytime')).to be_falsey
|
|
51
51
|
end
|
|
52
52
|
end
|
|
53
53
|
|
|
@@ -86,26 +86,26 @@ EOL
|
|
|
86
86
|
|
|
87
87
|
it 'should be number string when it not match IOS acl literal' do
|
|
88
88
|
aups = AceUdpProtoSpec.new(3_333)
|
|
89
|
-
aups.to_s.
|
|
89
|
+
expect(aups.to_s).to be_aclstr('3333')
|
|
90
90
|
end
|
|
91
91
|
|
|
92
92
|
it 'should be error when out of range port number' do
|
|
93
|
-
|
|
93
|
+
expect do
|
|
94
94
|
AceUdpProtoSpec.new(65_536)
|
|
95
|
-
end.
|
|
95
|
+
end.to raise_error(AclArgumentError)
|
|
96
96
|
|
|
97
|
-
|
|
97
|
+
expect do
|
|
98
98
|
AceUdpProtoSpec.new(-1)
|
|
99
|
-
end.
|
|
99
|
+
end.to raise_error(AclArgumentError)
|
|
100
100
|
end
|
|
101
101
|
|
|
102
102
|
it 'should be error when not specified name/number' do
|
|
103
|
-
|
|
103
|
+
expect do
|
|
104
104
|
AceUdpProtoSpec.new
|
|
105
|
-
end.
|
|
106
|
-
|
|
105
|
+
end.to raise_error(AclArgumentError)
|
|
106
|
+
expect do
|
|
107
107
|
AceUdpProtoSpec.new('')
|
|
108
|
-
end.
|
|
108
|
+
end.to raise_error(AclArgumentError)
|
|
109
109
|
end
|
|
110
110
|
end
|
|
111
111
|
end
|
|
@@ -114,24 +114,24 @@ describe AceTcpProtoSpec do
|
|
|
114
114
|
describe '#name_to_numer, #to_i' do
|
|
115
115
|
it 'should be "49" by converting proto name "tacacs"' do
|
|
116
116
|
atps = AceTcpProtoSpec.new('tacacs')
|
|
117
|
-
atps.number.
|
|
118
|
-
atps.to_i.
|
|
117
|
+
expect(atps.number).to eq 49
|
|
118
|
+
expect(atps.to_i).to eq 49
|
|
119
119
|
end
|
|
120
120
|
|
|
121
121
|
it 'should be error by converting unknown proto name "fuga"' do
|
|
122
|
-
|
|
122
|
+
expect do
|
|
123
123
|
AceTcpProtoSpec.new('fuga')
|
|
124
|
-
end.
|
|
124
|
+
end.to raise_error(AclArgumentError)
|
|
125
125
|
end
|
|
126
126
|
end
|
|
127
127
|
|
|
128
128
|
describe 'class#valid_name?' do
|
|
129
129
|
it 'should be true when valid tcp port name' do
|
|
130
|
-
AceTcpProtoSpec.valid_name?('daytime').
|
|
130
|
+
expect(AceTcpProtoSpec.valid_name?('daytime')).to be_truthy
|
|
131
131
|
end
|
|
132
132
|
|
|
133
133
|
it 'should be false when invalid tcp port name' do
|
|
134
|
-
AceTcpProtoSpec.valid_name?('snmp').
|
|
134
|
+
expect(AceTcpProtoSpec.valid_name?('snmp')).to be_falsey
|
|
135
135
|
end
|
|
136
136
|
end
|
|
137
137
|
|
|
@@ -176,26 +176,26 @@ EOL
|
|
|
176
176
|
|
|
177
177
|
it 'should be number string when it not match IOS acl literal' do
|
|
178
178
|
aups = AceTcpProtoSpec.new(6_633)
|
|
179
|
-
aups.to_s.
|
|
179
|
+
expect(aups.to_s).to be_aclstr('6633')
|
|
180
180
|
end
|
|
181
181
|
|
|
182
182
|
it 'should be error when not specified name/number' do
|
|
183
|
-
|
|
183
|
+
expect do
|
|
184
184
|
AceTcpProtoSpec.new
|
|
185
|
-
end.
|
|
186
|
-
|
|
185
|
+
end.to raise_error(AclArgumentError)
|
|
186
|
+
expect do
|
|
187
187
|
AceTcpProtoSpec.new('')
|
|
188
|
-
end.
|
|
188
|
+
end.to raise_error(AclArgumentError)
|
|
189
189
|
end
|
|
190
190
|
|
|
191
191
|
it 'should be error when out of range port number' do
|
|
192
|
-
|
|
192
|
+
expect do
|
|
193
193
|
AceTcpProtoSpec.new(65_536)
|
|
194
|
-
end.
|
|
194
|
+
end.to raise_error(AclArgumentError)
|
|
195
195
|
|
|
196
|
-
|
|
196
|
+
expect do
|
|
197
197
|
AceTcpProtoSpec.new(-1)
|
|
198
|
-
end.
|
|
198
|
+
end.to raise_error(AclArgumentError)
|
|
199
199
|
end
|
|
200
200
|
end
|
|
201
201
|
end
|
|
@@ -204,24 +204,24 @@ describe AceIpProtoSpec do
|
|
|
204
204
|
describe '#name_to_numer' do
|
|
205
205
|
it 'should be "88" by converting proto name "eigrp"' do
|
|
206
206
|
aips = AceIpProtoSpec.new('eigrp')
|
|
207
|
-
aips.number.
|
|
208
|
-
aips.to_i.
|
|
207
|
+
expect(aips.number).to eq 88
|
|
208
|
+
expect(aips.to_i).to eq 88
|
|
209
209
|
end
|
|
210
210
|
|
|
211
211
|
it 'should be error by converting unknown proto name "foo"' do
|
|
212
|
-
|
|
212
|
+
expect do
|
|
213
213
|
AceIpProtoSpec.new('foo')
|
|
214
|
-
end.
|
|
214
|
+
end.to raise_error(AclArgumentError)
|
|
215
215
|
end
|
|
216
216
|
end
|
|
217
217
|
|
|
218
218
|
describe 'class#valid_name?' do
|
|
219
219
|
it 'should be true when valid tcp port name' do
|
|
220
|
-
AceIpProtoSpec.valid_name?('ospf').
|
|
220
|
+
expect(AceIpProtoSpec.valid_name?('ospf')).to be_truthy
|
|
221
221
|
end
|
|
222
222
|
|
|
223
223
|
it 'should be false when invalid tcp port name' do
|
|
224
|
-
AceIpProtoSpec.valid_name?('daytime').
|
|
224
|
+
expect(AceIpProtoSpec.valid_name?('daytime')).to be_falsey
|
|
225
225
|
end
|
|
226
226
|
end
|
|
227
227
|
|
|
@@ -237,30 +237,30 @@ describe AceIpProtoSpec do
|
|
|
237
237
|
end
|
|
238
238
|
|
|
239
239
|
it 'should be true, ip includes tcp/udp' do
|
|
240
|
-
@p_ip.contains?(@p_tcp).
|
|
241
|
-
@p_ip.contains?(@p_udp).
|
|
242
|
-
@p_ip.contains?(@p_ip2).
|
|
240
|
+
expect(@p_ip.contains?(@p_tcp)).to be_truthy
|
|
241
|
+
expect(@p_ip.contains?(@p_udp)).to be_truthy
|
|
242
|
+
expect(@p_ip.contains?(@p_ip2)).to be_truthy
|
|
243
243
|
end
|
|
244
244
|
|
|
245
245
|
it 'should be false, ip not includes esp' do
|
|
246
|
-
@p_ip.contains?(@p_esp).
|
|
247
|
-
@p_esp.contains?(@p_ip).
|
|
248
|
-
@p_esp.contains?(@p_tcp).
|
|
249
|
-
@p_esp.contains?(@p_udp).
|
|
246
|
+
expect(@p_ip.contains?(@p_esp)).to be_falsey
|
|
247
|
+
expect(@p_esp.contains?(@p_ip)).to be_falsey
|
|
248
|
+
expect(@p_esp.contains?(@p_tcp)).to be_falsey
|
|
249
|
+
expect(@p_esp.contains?(@p_udp)).to be_falsey
|
|
250
250
|
end
|
|
251
251
|
|
|
252
252
|
it 'should be true, tcp/udp includes tcp/udp' do
|
|
253
|
-
@p_tcp.contains?(@p_tcp2).
|
|
254
|
-
@p_udp.contains?(@p_udp2).
|
|
253
|
+
expect(@p_tcp.contains?(@p_tcp2)).to be_truthy
|
|
254
|
+
expect(@p_udp.contains?(@p_udp2)).to be_truthy
|
|
255
255
|
end
|
|
256
256
|
|
|
257
257
|
it 'should be false, tcp/udp not includes ip/udp/tcp' do
|
|
258
|
-
@p_tcp.contains?(@p_ip).
|
|
259
|
-
@p_tcp.contains?(@p_udp).
|
|
260
|
-
@p_tcp.contains?(@p_esp).
|
|
261
|
-
@p_udp.contains?(@p_ip).
|
|
262
|
-
@p_udp.contains?(@p_tcp).
|
|
263
|
-
@p_udp.contains?(@p_esp).
|
|
258
|
+
expect(@p_tcp.contains?(@p_ip)).to be_falsey
|
|
259
|
+
expect(@p_tcp.contains?(@p_udp)).to be_falsey
|
|
260
|
+
expect(@p_tcp.contains?(@p_esp)).to be_falsey
|
|
261
|
+
expect(@p_udp.contains?(@p_ip)).to be_falsey
|
|
262
|
+
expect(@p_udp.contains?(@p_tcp)).to be_falsey
|
|
263
|
+
expect(@p_udp.contains?(@p_esp)).to be_falsey
|
|
264
264
|
end
|
|
265
265
|
end
|
|
266
266
|
|
|
@@ -285,26 +285,26 @@ EOL
|
|
|
285
285
|
|
|
286
286
|
it 'should be number string when it not match IOS acl literal' do
|
|
287
287
|
aups = AceIpProtoSpec.new(255)
|
|
288
|
-
aups.to_s.
|
|
288
|
+
expect(aups.to_s).to be_aclstr('255')
|
|
289
289
|
end
|
|
290
290
|
|
|
291
291
|
it 'should be error when out of range port number' do
|
|
292
|
-
|
|
292
|
+
expect do
|
|
293
293
|
AceIpProtoSpec.new(256)
|
|
294
|
-
end.
|
|
294
|
+
end.to raise_error(AclArgumentError)
|
|
295
295
|
|
|
296
|
-
|
|
296
|
+
expect do
|
|
297
297
|
AceIpProtoSpec.new(-1)
|
|
298
|
-
end.
|
|
298
|
+
end.to raise_error(AclArgumentError)
|
|
299
299
|
end
|
|
300
300
|
|
|
301
301
|
it 'should be error when not specified name/number' do
|
|
302
|
-
|
|
302
|
+
expect do
|
|
303
303
|
AceIpProtoSpec.new
|
|
304
|
-
end.
|
|
305
|
-
|
|
304
|
+
end.to raise_error(AclArgumentError)
|
|
305
|
+
expect do
|
|
306
306
|
AceIpProtoSpec.new('')
|
|
307
|
-
end.
|
|
307
|
+
end.to raise_error(AclArgumentError)
|
|
308
308
|
end
|
|
309
309
|
end
|
|
310
310
|
end
|
|
@@ -23,15 +23,15 @@ describe AceSrcDstSpec do
|
|
|
23
23
|
end
|
|
24
24
|
|
|
25
25
|
it 'should be true when same ip/netmask/wildcard' do
|
|
26
|
-
(@sds1 == @sds2).
|
|
26
|
+
expect(@sds1 == @sds2).to be_truthy
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
it 'should be false when different operator' do
|
|
30
|
-
(@sds1 == @sds3).
|
|
30
|
+
expect(@sds1 == @sds3).to be_falsey
|
|
31
31
|
end
|
|
32
32
|
|
|
33
33
|
it 'should be false when different ip' do
|
|
34
|
-
(@sds1 == @sds4).
|
|
34
|
+
expect(@sds1 == @sds4).to be_falsey
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
37
|
|
|
@@ -42,7 +42,7 @@ describe AceSrcDstSpec do
|
|
|
42
42
|
ipaddr: '192.168.3.3',
|
|
43
43
|
wildcard: '0.0.0.127'
|
|
44
44
|
)
|
|
45
|
-
sds.to_s.
|
|
45
|
+
expect(sds.to_s).to be_aclstr('192.168.3.0 0.0.0.127')
|
|
46
46
|
end
|
|
47
47
|
|
|
48
48
|
it 'should be "192.168.3.0 eq www" with L4 port' do
|
|
@@ -52,17 +52,17 @@ describe AceSrcDstSpec do
|
|
|
52
52
|
operator: 'eq',
|
|
53
53
|
port: AceTcpProtoSpec.new(80)
|
|
54
54
|
)
|
|
55
|
-
sds.to_s.
|
|
55
|
+
expect(sds.to_s).to be_aclstr('192.168.3.0 0.0.0.127 eq www')
|
|
56
56
|
end
|
|
57
57
|
end
|
|
58
58
|
|
|
59
59
|
context 'Argument error case' do
|
|
60
60
|
it 'should be raise exception when :ipaddr not specified' do
|
|
61
|
-
|
|
61
|
+
expect do
|
|
62
62
|
AceSrcDstSpec.new(
|
|
63
63
|
wildcard: '0.0.0.127'
|
|
64
64
|
)
|
|
65
|
-
end.
|
|
65
|
+
end.to raise_error(AclArgumentError)
|
|
66
66
|
end
|
|
67
67
|
## TBD, error handling must be written in detail
|
|
68
68
|
end
|
|
@@ -91,28 +91,48 @@ describe AceSrcDstSpec do
|
|
|
91
91
|
end
|
|
92
92
|
|
|
93
93
|
it 'should be true when match ip and ANY port' do
|
|
94
|
-
|
|
95
|
-
|
|
94
|
+
expect(
|
|
95
|
+
@sds0.contains?(_srcdst(@ip_match, :eq, @p1_match))
|
|
96
|
+
).to be_truthy
|
|
97
|
+
expect(
|
|
98
|
+
@sds0.contains?(_srcdst(@ip_match, :eq, @p1_unmatch))
|
|
99
|
+
).to be_truthy
|
|
96
100
|
end
|
|
97
101
|
|
|
98
102
|
it 'should be false when unmatch ip and ANY port' do
|
|
99
|
-
|
|
100
|
-
|
|
103
|
+
expect(
|
|
104
|
+
@sds0.contains?(_srcdst(@ip_unmatch, :eq, @p1_match))
|
|
105
|
+
).to be_falsey
|
|
106
|
+
expect(
|
|
107
|
+
@sds0.contains?(_srcdst(@ip_unmatch, :eq, @p1_unmatch))
|
|
108
|
+
).to be_falsey
|
|
101
109
|
end
|
|
102
110
|
|
|
103
111
|
it 'should be true when match ip and contained port set' do
|
|
104
|
-
|
|
105
|
-
|
|
112
|
+
expect(
|
|
113
|
+
@sds1.contains?(_srcdst(@ip_match, :eq, @p1_lower))
|
|
114
|
+
).to be_truthy
|
|
115
|
+
expect(
|
|
116
|
+
@sds1.contains?(_srcdst(@ip_match, :lt, @p1_match))
|
|
117
|
+
).to be_truthy
|
|
106
118
|
end
|
|
107
119
|
|
|
108
120
|
it 'should be false when unmatch ip and contained port set' do
|
|
109
|
-
|
|
110
|
-
|
|
121
|
+
expect(
|
|
122
|
+
@sds1.contains?(_srcdst(@ip_unmatch, :eq, @p1_lower))
|
|
123
|
+
).to be_falsey
|
|
124
|
+
expect(
|
|
125
|
+
@sds1.contains?(_srcdst(@ip_unmatch, :lt, @p1_match))
|
|
126
|
+
).to be_falsey
|
|
111
127
|
end
|
|
112
128
|
|
|
113
129
|
it 'should be false when match ip and not-contained port set' do
|
|
114
|
-
|
|
115
|
-
|
|
130
|
+
expect(
|
|
131
|
+
@sds1.contains?(_srcdst(@ip_match, :eq, @p1_match))
|
|
132
|
+
).to be_falsey
|
|
133
|
+
expect(
|
|
134
|
+
@sds1.contains?(_srcdst(@ip_match, :lt, @p1_higher))
|
|
135
|
+
).to be_falsey
|
|
116
136
|
end
|
|
117
137
|
end
|
|
118
138
|
|
|
@@ -133,41 +153,49 @@ describe AceSrcDstSpec do
|
|
|
133
153
|
end
|
|
134
154
|
|
|
135
155
|
it 'should be true when contained (length)' do
|
|
136
|
-
|
|
137
|
-
|
|
156
|
+
expect(
|
|
157
|
+
@sds0.contains?(_srcdst(@ip_contained1, :eq, @p1_match))
|
|
158
|
+
).to be_truthy
|
|
159
|
+
expect(
|
|
160
|
+
@sds1.contains?(_srcdst(@ip_contained1, :eq, @p1_match))
|
|
161
|
+
).to be_truthy
|
|
138
162
|
end
|
|
139
163
|
|
|
140
164
|
it 'should be true when contained (bitmask)' do
|
|
141
|
-
|
|
142
|
-
|
|
165
|
+
expect(
|
|
166
|
+
@sds0.contains?(_srcdst(@ip_contained2, :eq, @p1_match))
|
|
167
|
+
).to be_truthy
|
|
168
|
+
expect(
|
|
169
|
+
@sds1.contains?(_srcdst(@ip_contained2, :eq, @p1_match))
|
|
170
|
+
).to be_truthy
|
|
143
171
|
end
|
|
144
172
|
|
|
145
173
|
it 'should be false when not contained (length)' do
|
|
146
|
-
|
|
147
|
-
_srcdst(@ip_not_contained1, :eq, @p1_match)
|
|
148
|
-
).
|
|
149
|
-
|
|
150
|
-
_srcdst(@ip_not_contained1, :eq, @p1_match)
|
|
151
|
-
).
|
|
174
|
+
expect(
|
|
175
|
+
@sds0.contains?(_srcdst(@ip_not_contained1, :eq, @p1_match))
|
|
176
|
+
).to be_falsey
|
|
177
|
+
expect(
|
|
178
|
+
@sds1.contains?(_srcdst(@ip_not_contained1, :eq, @p1_match))
|
|
179
|
+
).to be_falsey
|
|
152
180
|
end
|
|
153
181
|
|
|
154
182
|
it 'should be false when not contained (bitmask)' do
|
|
155
|
-
|
|
156
|
-
_srcdst(@ip_not_contained2, :eq, @p1_match)
|
|
157
|
-
).
|
|
158
|
-
|
|
159
|
-
_srcdst(@ip_not_contained2, :eq, @p1_match)
|
|
160
|
-
).
|
|
183
|
+
expect(
|
|
184
|
+
@sds0.contains?(_srcdst(@ip_not_contained2, :eq, @p1_match))
|
|
185
|
+
).to be_falsey
|
|
186
|
+
expect(
|
|
187
|
+
@sds1.contains?(_srcdst(@ip_not_contained2, :eq, @p1_match))
|
|
188
|
+
).to be_falsey
|
|
161
189
|
end
|
|
162
190
|
|
|
163
191
|
it 'should be raised error when invalid subnet notation' do
|
|
164
|
-
|
|
192
|
+
expect do
|
|
165
193
|
@sds0.contains?(_srcdst(@ip_error1, :eq, @p1_match))
|
|
166
|
-
end.
|
|
194
|
+
end.to raise_error(NetAddr::ValidationError)
|
|
167
195
|
|
|
168
|
-
|
|
196
|
+
expect do
|
|
169
197
|
@sds1.contains?(_srcdst(@ip_error1, :eq, @p1_match))
|
|
170
|
-
end.
|
|
198
|
+
end.to raise_error(NetAddr::ValidationError)
|
|
171
199
|
|
|
172
200
|
# lambda do
|
|
173
201
|
# @sds0.contains?(_srcdst(@ip_error2, :eq, @p1_match)).should be_false
|
|
@@ -198,16 +226,24 @@ describe AceSrcDstSpec do
|
|
|
198
226
|
end
|
|
199
227
|
|
|
200
228
|
it 'should be true, with match ip in range port' do
|
|
201
|
-
|
|
229
|
+
expect(
|
|
230
|
+
@sds.contains?(_srcdst(@ip_match, :eq, @p_in))
|
|
231
|
+
).to be_truthy
|
|
202
232
|
end
|
|
203
233
|
|
|
204
234
|
it 'should be false, with match ip and out of range port' do
|
|
205
|
-
|
|
206
|
-
|
|
235
|
+
expect(
|
|
236
|
+
@sds.contains?(_srcdst(@ip_match, :eq, @p_out_lower))
|
|
237
|
+
).to be_falsey
|
|
238
|
+
expect(
|
|
239
|
+
@sds.contains?(_srcdst(@ip_match, :eq, @p_out_higher))
|
|
240
|
+
).to be_falsey
|
|
207
241
|
end
|
|
208
242
|
|
|
209
243
|
it 'should be false, with unmatch ip match in range port' do
|
|
210
|
-
|
|
244
|
+
expect(
|
|
245
|
+
@sds.contains?(_srcdst(@ip_unmatch, :eq, @p_in))
|
|
246
|
+
).to be_falsey
|
|
211
247
|
end
|
|
212
248
|
end
|
|
213
249
|
|
|
@@ -248,32 +284,55 @@ describe AceSrcDstSpec do
|
|
|
248
284
|
end
|
|
249
285
|
|
|
250
286
|
it 'should be true, for any ip' do
|
|
251
|
-
|
|
252
|
-
|
|
287
|
+
expect(
|
|
288
|
+
@sds1.contains?(_srcdst(@ip_match, :eq, @p_match))
|
|
289
|
+
).to be_truthy
|
|
290
|
+
expect(
|
|
291
|
+
@sds1.contains?(_srcdst(@ip_unmatch, :eq, @p_match))
|
|
292
|
+
).to be_truthy
|
|
253
293
|
end
|
|
254
294
|
|
|
255
295
|
it 'should be false, for any ip with unmatch port' do
|
|
256
|
-
|
|
257
|
-
|
|
296
|
+
expect(
|
|
297
|
+
@sds1.contains?(_srcdst(@ip_match, :eq, @p_unmatch))
|
|
298
|
+
).to be_falsey
|
|
299
|
+
expect(
|
|
300
|
+
@sds1.contains?(_srcdst(@ip_unmatch, :eq, @p_unmatch))
|
|
301
|
+
).to be_falsey
|
|
258
302
|
end
|
|
259
303
|
|
|
260
304
|
it 'should be true, for any port' do
|
|
261
|
-
|
|
262
|
-
|
|
305
|
+
expect(
|
|
306
|
+
@sds2.contains?(_srcdst(@ip_match, :eq, @p_match))
|
|
307
|
+
).to be_truthy
|
|
308
|
+
expect(
|
|
309
|
+
@sds2.contains?(_srcdst(@ip_match, :eq, @p_unmatch))
|
|
310
|
+
).to be_truthy
|
|
263
311
|
end
|
|
264
312
|
|
|
265
313
|
it 'should be false, for any port with unmatch ip' do
|
|
266
|
-
|
|
267
|
-
|
|
314
|
+
expect(
|
|
315
|
+
@sds2.contains?(_srcdst(@ip_unmatch, :eq, @p_match))
|
|
316
|
+
).to be_falsey
|
|
317
|
+
expect(
|
|
318
|
+
@sds2.contains?(_srcdst(@ip_unmatch, :eq, @p_unmatch))
|
|
319
|
+
).to be_falsey
|
|
268
320
|
end
|
|
269
321
|
|
|
270
322
|
it 'should be true, for any ip and any port' do
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
|
|
274
|
-
|
|
323
|
+
expect(
|
|
324
|
+
@sds3.contains?(_srcdst(@ip_match, :eq, @p_match))
|
|
325
|
+
).to be_truthy
|
|
326
|
+
expect(
|
|
327
|
+
@sds3.contains?(_srcdst(@ip_match, :eq, @p_unmatch))
|
|
328
|
+
).to be_truthy
|
|
329
|
+
expect(
|
|
330
|
+
@sds3.contains?(_srcdst(@ip_unmatch, :eq, @p_match))
|
|
331
|
+
).to be_truthy
|
|
332
|
+
expect(
|
|
333
|
+
@sds3.contains?(_srcdst(@ip_unmatch, :eq, @p_unmatch))
|
|
334
|
+
).to be_truthy
|
|
275
335
|
end
|
|
276
336
|
end
|
|
277
|
-
|
|
278
337
|
end # describe contains?
|
|
279
338
|
end # describe AceSrcDstSpec
|