conpar 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +1 -0
- data/lib/conpar/directive/access_list/ether_type.rb +5 -1
- data/lib/conpar/directive/access_list/extended.rb +2 -1
- data/lib/conpar/directive/access_list/standard.rb +4 -1
- data/lib/conpar/directive/access_list/web_type.rb +2 -1
- data/lib/conpar/version.rb +1 -1
- data/spec/lib/directive/access_list/extended_spec.rb +9 -5
- data/spec/lib/directive/access_list/standard_spec.rb +10 -5
- data/spec/lib/directive/access_list_spec.rb +2 -1
- data/spec/lib/document_spec.rb +15 -0
- data/spec/samples/sample6 +10 -0
- metadata +6 -4
data/README.md
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
# Conpar
|
|
2
|
+
[](http://badge.fury.io/rb/conpar)
|
|
2
3
|
[](https://travis-ci.org/CITguy/conpar)
|
|
3
4
|
[](https://coveralls.io/r/CITguy/conpar?branch=master)
|
|
4
5
|
|
|
@@ -4,13 +4,17 @@ module Conpar
|
|
|
4
4
|
# Class that maps directly to Cisco ethertype ACL definition
|
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_ethertype.html
|
|
6
6
|
class EtherType < Base
|
|
7
|
-
|
|
7
|
+
# (0.1.4): "ethertype" should be followed by "permit" or "deny"
|
|
8
|
+
SIGNATURE = /^(access-list)\b.*\s(ethertype)\s+(permit|deny)/i
|
|
8
9
|
|
|
9
10
|
def initialize(content="", options={})
|
|
10
11
|
super
|
|
11
12
|
|
|
12
13
|
@sub_ilk = "ethertype"
|
|
13
14
|
|
|
15
|
+
# access-list access_list_name ethertype
|
|
16
|
+
# {deny | permit}
|
|
17
|
+
# {ipx | bpdu | mpls-unicast | mpls-multicast | is-is | any | hex_number}
|
|
14
18
|
parse_regex = %r/^
|
|
15
19
|
(access-list)\s* # Directive Signature
|
|
16
20
|
(?<name>#{NAME})\s* # ACL Name
|
|
@@ -4,7 +4,8 @@ module Conpar
|
|
|
4
4
|
# Class that maps directly to Cisco extended ACL definition
|
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_extended.html
|
|
6
6
|
class Extended < Base
|
|
7
|
-
|
|
7
|
+
# (0.1.4): "extended" should be followed by "permit" or "deny"
|
|
8
|
+
SIGNATURE = /^(access-list)\b.*\s(extended)\s+(permit|deny)\s/i
|
|
8
9
|
|
|
9
10
|
def initialize(content="", options={})
|
|
10
11
|
super
|
|
@@ -4,13 +4,16 @@ module Conpar
|
|
|
4
4
|
# Class that maps directly to Cisco standard ACL definition
|
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_standard.html
|
|
6
6
|
class Standard < Base
|
|
7
|
-
|
|
7
|
+
# (0.1.4): "standard" should be followed by "permit" or "deny"
|
|
8
|
+
SIGNATURE = /^(access-list)\b.*\s(standard)\s+(permit|deny)/i
|
|
8
9
|
|
|
9
10
|
def initialize(content="", options={})
|
|
10
11
|
super
|
|
11
12
|
|
|
12
13
|
@sub_ilk = "standard"
|
|
13
14
|
|
|
15
|
+
# access-list access_list_name standard
|
|
16
|
+
# { deny | permit } { any4 | ip_address mask }
|
|
14
17
|
parse_regex = %r/^
|
|
15
18
|
(access-list)\s* # Directive signature
|
|
16
19
|
(?<name>#{NAME})\s* # ACL Name
|
|
@@ -4,7 +4,8 @@ module Conpar
|
|
|
4
4
|
# Class that maps directly to Cisco webtype ACL definition
|
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_webtype.html
|
|
6
6
|
class WebType < Base
|
|
7
|
-
|
|
7
|
+
# (0.1.4) "webtype" should be followed by "permit" or "deny"
|
|
8
|
+
SIGNATURE = /^(access-list)\b.*\s(webtype)\s+(permit|deny)/i
|
|
8
9
|
|
|
9
10
|
def initialize(content="", options={})
|
|
10
11
|
super
|
data/lib/conpar/version.rb
CHANGED
|
@@ -3,11 +3,15 @@ require 'spec_helper'
|
|
|
3
3
|
describe Conpar::Directive::AccessList::Extended do
|
|
4
4
|
let(:klass) { Conpar::Directive::AccessList::Extended }
|
|
5
5
|
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
6
|
+
[
|
|
7
|
+
"access-list 101 extended permit icmp any object-group standard-grp",
|
|
8
|
+
"access-list 101 extended permit icmp any any object-group standard"
|
|
9
|
+
].each do |acl|
|
|
10
|
+
context "for '#{acl}'" do
|
|
11
|
+
subject { acl }
|
|
12
|
+
it "::SIGNATURE should MATCH" do
|
|
13
|
+
expect(subject).to match(klass::SIGNATURE)
|
|
14
|
+
end
|
|
11
15
|
end
|
|
12
16
|
end
|
|
13
17
|
|
|
@@ -3,13 +3,18 @@ require 'spec_helper'
|
|
|
3
3
|
describe Conpar::Directive::AccessList::Standard do
|
|
4
4
|
let(:klass) { Conpar::Directive::AccessList::Standard }
|
|
5
5
|
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
6
|
+
[
|
|
7
|
+
"access-list 101 extended permit icmp any any object-group standard-grp",
|
|
8
|
+
"access-list 101 extended permit icmp any any object-group standard"
|
|
9
|
+
].each do |acl|
|
|
10
|
+
context "for '#{acl}'" do
|
|
11
|
+
subject { acl }
|
|
12
|
+
it "::SIGNATURE should NOT match" do
|
|
13
|
+
expect(klass::SIGNATURE.match(subject)).to be_nil
|
|
14
|
+
end
|
|
11
15
|
end
|
|
12
16
|
end
|
|
17
|
+
|
|
13
18
|
{
|
|
14
19
|
"access-list OSPF standard permit 192.168.1.0 255.255.255.0" => {
|
|
15
20
|
name: "OSPF",
|
|
@@ -7,7 +7,8 @@ describe Conpar::Directive::AccessList do
|
|
|
7
7
|
"access-list foo extended deny all" => Conpar::Directive::AccessList::Extended,
|
|
8
8
|
"access-list foo webtype deny all" => Conpar::Directive::AccessList::WebType,
|
|
9
9
|
"access-list foo ethertype deny all" => Conpar::Directive::AccessList::EtherType,
|
|
10
|
-
"access-list foo unknowntype deny all" => Conpar::Directive::AccessList::Base
|
|
10
|
+
"access-list foo unknowntype deny all" => Conpar::Directive::AccessList::Base,
|
|
11
|
+
"access-list 101 extended permit ip any any object-group standard" => Conpar::Directive::AccessList::Extended
|
|
11
12
|
}.each do |line, klass_output|
|
|
12
13
|
it "for '#{line}' should return a #{klass_output.name}" do
|
|
13
14
|
expect(subject.new(line)).to be_a_kind_of(klass_output)
|
data/spec/lib/document_spec.rb
CHANGED
|
@@ -94,5 +94,20 @@ describe Conpar::Document do
|
|
|
94
94
|
it { expect(result.select{|r| r.ilk == :directive }).to have(2).items }
|
|
95
95
|
end
|
|
96
96
|
end
|
|
97
|
+
|
|
98
|
+
# 4 comments, 3 different known ACLs, 1 unknown ACL, 2 other directives
|
|
99
|
+
context 'sample5' do
|
|
100
|
+
let(:config) { File.read("spec/samples/sample6") }
|
|
101
|
+
|
|
102
|
+
context "result" do
|
|
103
|
+
let(:result) { subject.parse(config) }
|
|
104
|
+
it { expect(result.select{|r| r.ilk == :comment }).to have(4).items }
|
|
105
|
+
it { expect(result.select{|r| r.ilk == :access_list }).to have(4).items }
|
|
106
|
+
it { expect(result.select{|r| r.sub_ilk == "standard" }).to have(1).items }
|
|
107
|
+
it { expect(result.select{|r| r.sub_ilk == "extended" }).to have(2).items }
|
|
108
|
+
it { expect(result.select{|r| r.sub_ilk == "unknown" }).to have(1).items }
|
|
109
|
+
it { expect(result.select{|r| r.ilk == :directive }).to have(2).items }
|
|
110
|
+
end
|
|
111
|
+
end
|
|
97
112
|
end
|
|
98
113
|
end
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
: First Comment
|
|
2
|
+
access-list foo-bar standard deny all
|
|
3
|
+
: Second Comment
|
|
4
|
+
access-list bang-biz extended permit ip any any
|
|
5
|
+
access-list dne blahtype permit all
|
|
6
|
+
: additional directives
|
|
7
|
+
version 1.0.0
|
|
8
|
+
logging enable
|
|
9
|
+
: tricky acl (contains both "extended" and "standard" but is Extended)
|
|
10
|
+
access-list 101 extended permit ip any any object-group standard
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: conpar
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.4
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2014-04-
|
|
12
|
+
date: 2014-04-21 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|
|
@@ -210,6 +210,7 @@ files:
|
|
|
210
210
|
- spec/samples/sample3
|
|
211
211
|
- spec/samples/sample4
|
|
212
212
|
- spec/samples/sample5
|
|
213
|
+
- spec/samples/sample6
|
|
213
214
|
- spec/spec_helper.rb
|
|
214
215
|
homepage: ''
|
|
215
216
|
licenses:
|
|
@@ -226,7 +227,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
226
227
|
version: '0'
|
|
227
228
|
segments:
|
|
228
229
|
- 0
|
|
229
|
-
hash: -
|
|
230
|
+
hash: -1371363594229726120
|
|
230
231
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
231
232
|
none: false
|
|
232
233
|
requirements:
|
|
@@ -235,7 +236,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
235
236
|
version: '0'
|
|
236
237
|
segments:
|
|
237
238
|
- 0
|
|
238
|
-
hash: -
|
|
239
|
+
hash: -1371363594229726120
|
|
239
240
|
requirements: []
|
|
240
241
|
rubyforge_project:
|
|
241
242
|
rubygems_version: 1.8.23
|
|
@@ -263,5 +264,6 @@ test_files:
|
|
|
263
264
|
- spec/samples/sample3
|
|
264
265
|
- spec/samples/sample4
|
|
265
266
|
- spec/samples/sample5
|
|
267
|
+
- spec/samples/sample6
|
|
266
268
|
- spec/spec_helper.rb
|
|
267
269
|
has_rdoc:
|