conpar 0.1.0 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- data/.coveralls.yml +1 -0
- data/.travis.yml +0 -1
- data/README.md +7 -5
- data/conpar.gemspec +2 -0
- data/lib/conpar/directive/access_list.rb +1 -0
- data/lib/conpar/directive/access_list/_all.rb +1 -0
- data/lib/conpar/directive/access_list/base.rb +2 -0
- data/lib/conpar/directive/access_list/ether_type.rb +7 -11
- data/lib/conpar/directive/access_list/extended.rb +4 -8
- data/lib/conpar/directive/access_list/remark.rb +34 -0
- data/lib/conpar/directive/access_list/standard.rb +4 -8
- data/lib/conpar/directive/access_list/web_type.rb +5 -9
- data/lib/conpar/directive/base.rb +1 -1
- data/lib/conpar/directive/comment.rb +1 -0
- data/lib/conpar/version.rb +1 -1
- data/spec/lib/directive/access_list/base_spec.rb +7 -0
- data/spec/lib/directive/access_list/extended_spec.rb +9 -0
- data/spec/lib/directive/access_list/remark_spec.rb +33 -0
- data/spec/lib/directive/access_list/standard_spec.rb +8 -0
- data/spec/lib/directive/comment_spec.rb +13 -3
- data/spec/spec_helper.rb +3 -0
- metadata +24 -4
data/.coveralls.yml
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
service_name: travis-ci
|
data/.travis.yml
CHANGED
data/README.md
CHANGED
@@ -1,6 +1,8 @@
|
|
1
|
-
# Conpar
|
1
|
+
# Conpar
|
2
|
+
[![Build Status](https://travis-ci.org/CITguy/conpar.png?branch=master)](https://travis-ci.org/CITguy/conpar)
|
3
|
+
[![Coverage Status](https://coveralls.io/repos/CITguy/conpar/badge.png?branch=master)](https://coveralls.io/r/CITguy/conpar?branch=master)
|
2
4
|
|
3
|
-
Conpar (short for
|
5
|
+
Conpar (short for Configuration Parser) is designed to be a flexible and extendable library for parsing through a Firewall configuration file by tokenizing the configuration directives into ruby objects for evaluation.
|
4
6
|
|
5
7
|
**NOTE**: This gem is still in a very _alpha_ state. It currently only knows how to tokenize Comments and Access Lists for Cisco ASA firewall configurations.
|
6
8
|
|
@@ -20,10 +22,10 @@ Or install it yourself as:
|
|
20
22
|
|
21
23
|
## Supported Rubies
|
22
24
|
|
23
|
-
**MRE 1.9.
|
25
|
+
**MRE 1.9.3, 2.0.0, 2.1.0**
|
24
26
|
|
25
|
-
Versions prior to 1.9.
|
26
|
-
Since 1.8.7 and ree are EOL, they no longer desirable to code against.
|
27
|
+
Versions prior to 1.9.3 will **NOT** be supported with this gem.
|
28
|
+
Since 1.8.7 and ree are EOL, they no longer desirable to code against. Also, there are some incompatibilities with ruby 1.9.2.
|
27
29
|
|
28
30
|
## Usage
|
29
31
|
|
data/conpar.gemspec
CHANGED
@@ -4,20 +4,20 @@ module Conpar
|
|
4
4
|
# Class that maps directly to Cisco ethertype ACL definition
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_ethertype.html
|
6
6
|
class EtherType < Base
|
7
|
-
SIGNATURE = /^(access-list)\b.*\
|
7
|
+
SIGNATURE = /^(access-list)\b.*\s(ethertype)\s/i
|
8
8
|
|
9
9
|
def initialize(content="", options={})
|
10
10
|
super
|
11
11
|
|
12
12
|
@sub_ilk = "ethertype"
|
13
13
|
|
14
|
-
parse_regex = %r
|
15
|
-
(access-list)\s*
|
16
|
-
(?<name
|
17
|
-
(?<type>(ethertype))\s*
|
14
|
+
parse_regex = %r/^
|
15
|
+
(access-list)\s* # Directive Signature
|
16
|
+
(?<name>#{NAME})\s* # ACL Name
|
17
|
+
(?<type>(ethertype))\s* # Ethertype ACL Type
|
18
18
|
(?<permission>(permit|deny))?\s* # permit or deny
|
19
19
|
(?<rule>.+)
|
20
|
-
|
20
|
+
$/x
|
21
21
|
@match_data = parse_regex.match(@content)
|
22
22
|
|
23
23
|
self
|
@@ -29,11 +29,7 @@ module Conpar
|
|
29
29
|
:rule
|
30
30
|
].each do |m|
|
31
31
|
define_method(m) do
|
32
|
-
|
33
|
-
@match_data[m]
|
34
|
-
rescue IndexError
|
35
|
-
nil
|
36
|
-
end
|
32
|
+
@match_data[m]
|
37
33
|
end
|
38
34
|
end
|
39
35
|
|
@@ -4,7 +4,7 @@ module Conpar
|
|
4
4
|
# Class that maps directly to Cisco extended ACL definition
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_extended.html
|
6
6
|
class Extended < Base
|
7
|
-
SIGNATURE = /^(access-list)\b.*\
|
7
|
+
SIGNATURE = /^(access-list)\b.*\s(extended)\s/i
|
8
8
|
|
9
9
|
def initialize(content="", options={})
|
10
10
|
super
|
@@ -20,9 +20,9 @@ module Conpar
|
|
20
20
|
# {deny | permit} protocol_argument source_address_argument dest_address_argument
|
21
21
|
# [log [[level] [interval secs] | disable | default]]
|
22
22
|
# [inactive | time-range time_range_name]
|
23
|
-
parse_regex = %r
|
23
|
+
parse_regex = %r/^
|
24
24
|
(access-list)\s* # Directive Signature
|
25
|
-
(?<name
|
25
|
+
(?<name>#{NAME})\s* # ACL Name
|
26
26
|
(line\s+(?<line>\d+))?\s* # (optional) line number
|
27
27
|
(?<type>extended)\s* # ACL type
|
28
28
|
(?<permission>(permit|deny))?\s* # permit or deny
|
@@ -43,11 +43,7 @@ module Conpar
|
|
43
43
|
:protocol
|
44
44
|
].each do |m|
|
45
45
|
define_method(m) do
|
46
|
-
|
47
|
-
@match_data[m]
|
48
|
-
rescue IndexError
|
49
|
-
nil
|
50
|
-
end
|
46
|
+
@match_data[m]
|
51
47
|
end
|
52
48
|
end
|
53
49
|
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module Conpar
|
2
|
+
module Directive
|
3
|
+
module AccessList
|
4
|
+
# Class that maps directly to Cisco Commented ACL
|
5
|
+
# See http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#comments
|
6
|
+
class Remark < Base
|
7
|
+
SIGNATURE = /^(access-list)\b.*\b(remark)\b/i
|
8
|
+
|
9
|
+
def initialize(content="", options={})
|
10
|
+
super
|
11
|
+
@sub_ilk = "remark"
|
12
|
+
|
13
|
+
# access-list access_list_name remark remark_content
|
14
|
+
parse_regex = %r/^
|
15
|
+
(access-list)\s* # Directive Signature
|
16
|
+
(?<name>#{NAME})\s* # ACL Name
|
17
|
+
(?<type>remark)\s* # ACL Type
|
18
|
+
(?<remark>.+) # Everything else on line
|
19
|
+
$/x
|
20
|
+
@match_data = parse_regex.match(@content)
|
21
|
+
end#initialize
|
22
|
+
|
23
|
+
[ :name,
|
24
|
+
:type,
|
25
|
+
:remark
|
26
|
+
].each do |m|
|
27
|
+
define_method(m) do
|
28
|
+
@match_data[m]
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end#Remark
|
32
|
+
end#AccessList
|
33
|
+
end#Directive
|
34
|
+
end#Conpar
|
@@ -4,16 +4,16 @@ module Conpar
|
|
4
4
|
# Class that maps directly to Cisco standard ACL definition
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_standard.html
|
6
6
|
class Standard < Base
|
7
|
-
SIGNATURE = /^(access-list)\b.*\
|
7
|
+
SIGNATURE = /^(access-list)\b.*\s(standard)\s/i
|
8
8
|
|
9
9
|
def initialize(content="", options={})
|
10
10
|
super
|
11
11
|
|
12
12
|
@sub_ilk = "standard"
|
13
13
|
|
14
|
-
parse_regex = %r
|
14
|
+
parse_regex = %r/^
|
15
15
|
(access-list)\s* # Directive signature
|
16
|
-
(?<name
|
16
|
+
(?<name>#{NAME})\s* # ACL Name
|
17
17
|
(?<type>(standard))\s* # Standard ACL Type
|
18
18
|
(?<permission>(permit|deny))?\s* # permit or deny
|
19
19
|
(?<rule>.+) # Everything else on line
|
@@ -29,11 +29,7 @@ module Conpar
|
|
29
29
|
:rule
|
30
30
|
].each do |m|
|
31
31
|
define_method(m) do
|
32
|
-
|
33
|
-
@match_data[m]
|
34
|
-
rescue IndexError
|
35
|
-
nil
|
36
|
-
end
|
32
|
+
@match_data[m]
|
37
33
|
end
|
38
34
|
end
|
39
35
|
end
|
@@ -4,20 +4,20 @@ module Conpar
|
|
4
4
|
# Class that maps directly to Cisco webtype ACL definition
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_webtype.html
|
6
6
|
class WebType < Base
|
7
|
-
SIGNATURE = /^(access-list)\b.*\
|
7
|
+
SIGNATURE = /^(access-list)\b.*\s(webtype)\s/i
|
8
8
|
|
9
9
|
def initialize(content="", options={})
|
10
10
|
super
|
11
11
|
|
12
12
|
@sub_ilk = "webtype"
|
13
13
|
|
14
|
-
parse_regex = %r
|
14
|
+
parse_regex = %r/^
|
15
15
|
(access-list)\s* # Directive Signature
|
16
|
-
(?<name
|
16
|
+
(?<name>#{NAME})\s* # ACL name
|
17
17
|
(?<type>(webtype))\s* # Webtype ACL Type
|
18
18
|
(?<permission>(permit|deny))?\s* # permit or deny
|
19
19
|
(?<rule>.+) # Everything else on line
|
20
|
-
|
20
|
+
$/x
|
21
21
|
@match_data = parse_regex.match(@content)
|
22
22
|
|
23
23
|
self
|
@@ -29,11 +29,7 @@ module Conpar
|
|
29
29
|
:rule
|
30
30
|
].each do |m|
|
31
31
|
define_method(m) do
|
32
|
-
|
33
|
-
@match_data[m]
|
34
|
-
rescue IndexError
|
35
|
-
nil
|
36
|
-
end
|
32
|
+
@match_data[m]
|
37
33
|
end
|
38
34
|
end
|
39
35
|
end
|
data/lib/conpar/version.rb
CHANGED
@@ -2,4 +2,11 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe Conpar::Directive::AccessList::Base do
|
4
4
|
let(:klass) { Conpar::Directive::AccessList::Base }
|
5
|
+
|
6
|
+
context "#to_s" do
|
7
|
+
it "should be same as #content" do
|
8
|
+
obj = klass.new("foobar")
|
9
|
+
expect(obj.to_s).to eq(obj.content)
|
10
|
+
end
|
11
|
+
end
|
5
12
|
end
|
@@ -2,6 +2,15 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe Conpar::Directive::AccessList::Extended do
|
4
4
|
let(:klass) { Conpar::Directive::AccessList::Extended }
|
5
|
+
|
6
|
+
context "extended acl with 'standard' in name of object-group" do
|
7
|
+
subject { "access-list ACL_IN extended permit ip any object-group standard-grp" }
|
8
|
+
|
9
|
+
it "::SIGNATURE should match" do
|
10
|
+
expect(subject).to match(klass::SIGNATURE)
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
5
14
|
{
|
6
15
|
# example from cisco documenation
|
7
16
|
# rule any any
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Conpar::Directive::AccessList::Remark do
|
4
|
+
let(:klass) { Conpar::Directive::AccessList::Remark }
|
5
|
+
let(:remark) { "access-list 101 remark ***Some Remark***" }
|
6
|
+
|
7
|
+
context "::SIGNATURE" do
|
8
|
+
it "should match 'access-list 101 remark ***Some Remark***'" do
|
9
|
+
expect(remark).to match(klass::SIGNATURE)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
context "#new" do
|
14
|
+
subject { klass.new(remark) }
|
15
|
+
[ :name, :type, :remark ].each do |m|
|
16
|
+
it "should respond to #{m}" do
|
17
|
+
expect(subject).to respond_to(m)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
it ".sub_ilk should be 'remark'" do
|
21
|
+
expect(subject.sub_ilk).to eq("remark")
|
22
|
+
end
|
23
|
+
it ".name should be '101'" do
|
24
|
+
expect(subject.name).to eq("101")
|
25
|
+
end
|
26
|
+
it ".type should be 'remark'" do
|
27
|
+
expect(subject.type).to eq("remark")
|
28
|
+
end
|
29
|
+
it ".remark should be '***Some Remark***'" do
|
30
|
+
expect(subject.remark).to eq("***Some Remark***")
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -2,6 +2,14 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe Conpar::Directive::AccessList::Standard do
|
4
4
|
let(:klass) { Conpar::Directive::AccessList::Standard }
|
5
|
+
|
6
|
+
context "extended acl with 'standard' in name of object-group" do
|
7
|
+
subject { "access-list ACL_IN extended permit ip any object-group standard-grp" }
|
8
|
+
|
9
|
+
it "::SIGNATURE should not match" do
|
10
|
+
expect(subject).not_to match(klass::SIGNATURE)
|
11
|
+
end
|
12
|
+
end
|
5
13
|
{
|
6
14
|
"access-list OSPF standard permit 192.168.1.0 255.255.255.0" => {
|
7
15
|
name: "OSPF",
|
@@ -1,13 +1,23 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Conpar::Directive::Comment do
|
4
|
+
let(:klass) { Conpar::Directive::Comment }
|
5
|
+
|
4
6
|
context "::SIGNATURE" do
|
5
|
-
subject { Conpar::Directive::Comment::SIGNATURE }
|
6
7
|
it "should match ': no comment'" do
|
7
|
-
expect(": no comment").to match(
|
8
|
+
expect(": no comment").to match(klass::SIGNATURE)
|
8
9
|
end
|
9
10
|
it "should not match empty string" do
|
10
|
-
expect(" ").not_to match(
|
11
|
+
expect(" ").not_to match(klass::SIGNATURE)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
context "valid comment" do
|
15
|
+
subject { klass.new(": no comment") }
|
16
|
+
it ".ilk should be :comment" do
|
17
|
+
expect(subject.ilk).to eq(:comment)
|
18
|
+
end
|
19
|
+
it ".sub_ilk should be 'comment'" do
|
20
|
+
expect(subject.sub_ilk).to eq("comment")
|
11
21
|
end
|
12
22
|
end
|
13
23
|
end
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conpar
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2014-04-
|
12
|
+
date: 2014-04-15 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -139,6 +139,22 @@ dependencies:
|
|
139
139
|
- - ! '>='
|
140
140
|
- !ruby/object:Gem::Version
|
141
141
|
version: '0'
|
142
|
+
- !ruby/object:Gem::Dependency
|
143
|
+
name: coveralls
|
144
|
+
requirement: !ruby/object:Gem::Requirement
|
145
|
+
none: false
|
146
|
+
requirements:
|
147
|
+
- - ! '>='
|
148
|
+
- !ruby/object:Gem::Version
|
149
|
+
version: '0'
|
150
|
+
type: :development
|
151
|
+
prerelease: false
|
152
|
+
version_requirements: !ruby/object:Gem::Requirement
|
153
|
+
none: false
|
154
|
+
requirements:
|
155
|
+
- - ! '>='
|
156
|
+
- !ruby/object:Gem::Version
|
157
|
+
version: '0'
|
142
158
|
description: Full-featured firewall configuration parser library.
|
143
159
|
email:
|
144
160
|
- ryan.johnson@rackspace.com
|
@@ -146,6 +162,7 @@ executables: []
|
|
146
162
|
extensions: []
|
147
163
|
extra_rdoc_files: []
|
148
164
|
files:
|
165
|
+
- .coveralls.yml
|
149
166
|
- .gitignore
|
150
167
|
- .travis.yml
|
151
168
|
- Gemfile
|
@@ -164,6 +181,7 @@ files:
|
|
164
181
|
- lib/conpar/directive/access_list/base.rb
|
165
182
|
- lib/conpar/directive/access_list/ether_type.rb
|
166
183
|
- lib/conpar/directive/access_list/extended.rb
|
184
|
+
- lib/conpar/directive/access_list/remark.rb
|
167
185
|
- lib/conpar/directive/access_list/standard.rb
|
168
186
|
- lib/conpar/directive/access_list/unknown_type.rb
|
169
187
|
- lib/conpar/directive/access_list/web_type.rb
|
@@ -177,6 +195,7 @@ files:
|
|
177
195
|
- spec/lib/directive/access_list/base_spec.rb
|
178
196
|
- spec/lib/directive/access_list/ether_type_spec.rb
|
179
197
|
- spec/lib/directive/access_list/extended_spec.rb
|
198
|
+
- spec/lib/directive/access_list/remark_spec.rb
|
180
199
|
- spec/lib/directive/access_list/standard_spec.rb
|
181
200
|
- spec/lib/directive/access_list/unknown_spec.rb
|
182
201
|
- spec/lib/directive/access_list/web_type_spec.rb
|
@@ -207,7 +226,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
207
226
|
version: '0'
|
208
227
|
segments:
|
209
228
|
- 0
|
210
|
-
hash:
|
229
|
+
hash: 4397279224083911622
|
211
230
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
212
231
|
none: false
|
213
232
|
requirements:
|
@@ -216,7 +235,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
216
235
|
version: '0'
|
217
236
|
segments:
|
218
237
|
- 0
|
219
|
-
hash:
|
238
|
+
hash: 4397279224083911622
|
220
239
|
requirements: []
|
221
240
|
rubyforge_project:
|
222
241
|
rubygems_version: 1.8.23
|
@@ -229,6 +248,7 @@ test_files:
|
|
229
248
|
- spec/lib/directive/access_list/base_spec.rb
|
230
249
|
- spec/lib/directive/access_list/ether_type_spec.rb
|
231
250
|
- spec/lib/directive/access_list/extended_spec.rb
|
251
|
+
- spec/lib/directive/access_list/remark_spec.rb
|
232
252
|
- spec/lib/directive/access_list/standard_spec.rb
|
233
253
|
- spec/lib/directive/access_list/unknown_spec.rb
|
234
254
|
- spec/lib/directive/access_list/web_type_spec.rb
|