conpar 0.1.0

data/.gitignore

@@ -0,0 +1,19 @@
+.DS_Store
+*.gem
+*.rbc
+*.swp
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.travis.yml

@@ -0,0 +1,7 @@
+script: "bundle exec rake"
+language: ruby
+rvm:
+  - 1.9.2
+  - 1.9.3
+  - 2.0.0
+  - 2.1.0

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in conpar.gemspec
+gemspec

data/Guardfile

@@ -0,0 +1,24 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+guard :rspec do
+  watch(%r{^spec/.+_spec\.rb$})
+  watch(%r{^lib/(.+)\.rb$})     { |m| "spec/lib/#{m[1]}_spec.rb" }
+  watch('spec/spec_helper.rb')  { "spec" }
+
+  # Rails example
+  watch(%r{^app/(.+)\.rb$})                           { |m| "spec/#{m[1]}_spec.rb" }
+  watch(%r{^app/(.*)(\.erb|\.haml|\.slim)$})          { |m| "spec/#{m[1]}#{m[2]}_spec.rb" }
+  watch(%r{^app/controllers/(.+)_(controller)\.rb$})  { |m| ["spec/routing/#{m[1]}_routing_spec.rb", "spec/#{m[2]}s/#{m[1]}_#{m[2]}_spec.rb", "spec/acceptance/#{m[1]}_spec.rb"] }
+  watch(%r{^spec/support/(.+)\.rb$})                  { "spec" }
+  watch('config/routes.rb')                           { "spec/routing" }
+  watch('app/controllers/application_controller.rb')  { "spec/controllers" }
+
+  # Capybara features specs
+  watch(%r{^app/views/(.+)/.*\.(erb|haml|slim)$})     { |m| "spec/features/#{m[1]}_spec.rb" }
+
+  # Turnip features and steps
+  watch(%r{^spec/acceptance/(.+)\.feature$})
+  watch(%r{^spec/acceptance/steps/(.+)_steps\.rb$})   { |m| Dir[File.join("**/#{m[1]}.feature")][0] || 'spec/acceptance' }
+end
+

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Ryan A. Johnson
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,43 @@
+# Conpar [![Build Status](https://travis-ci.org/CITguy/conpar.png?branch=master)](https://travis-ci.org/CITguy/conpar)
+
+Conpar (short for **Con**figuration **Par**ser) is designed to be a flexible and extendable library for parsing through a Firewall configuration file by tokenizing the configuration directives into ruby objects for evaluation.
+
+**NOTE**: This gem is still in a very _alpha_ state.  It currently only knows how to tokenize Comments and Access Lists for Cisco ASA firewall configurations.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'conpar'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install conpar
+
+## Supported Rubies
+
+**MRE 1.9.2, 1.9.3, 2.0.0, 2.1.0**
+
+Versions prior to 1.9.2 will **NOT** be supported with this gem.
+Since 1.8.7 and ree are EOL, they no longer desirable to code against.
+
+## Usage
+
+    Conpar::Document.parse(config_string) #=> Array
+
+The returned array will have parsed every line in the configuration string into Conpar::Directive (or descendant) objects.
+
+## Configuration
+**NOTE:** While configuration _is_ functional, it is **not** advised to do any configuration for the current version of this gem.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,25 @@
+require "bundler/gem_tasks"
+
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new do |t|
+  t.rspec_opts = %w[-c]
+end
+
+task default: :spec
+task test: :spec
+
+task :console do
+  require 'irb'
+  require 'irb/completion'
+  require 'conpar'
+  ARGV.clear
+  IRB.start
+end
+
+task :pry do
+  require 'pry'
+  require 'conpar'
+  ARGV.clear
+  Pry.start
+end

data/conpar.gemspec

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'conpar/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "conpar"
+  spec.version       = Conpar::VERSION
+  spec.authors       = ["Ryan A. Johnson"]
+  spec.email         = ["ryan.johnson@rackspace.com"]
+  spec.summary       = %q{Firewall CONfig PARser}
+  spec.description   = %q{Full-featured firewall configuration parser library.}
+  spec.homepage      = ""
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rspec", ">= 2.4.0"
+  spec.add_development_dependency "rake"
+
+  spec.add_development_dependency "yard"
+  spec.add_development_dependency "redcarpet"
+  spec.add_development_dependency "guard"
+  spec.add_development_dependency "guard-rspec"
+  spec.add_development_dependency "pry"
+end

data/lib/conpar.rb

@@ -0,0 +1,18 @@
+require "conpar/_all"
+
+# Gem Root Namespace
+module Conpar
+  extend self
+
+  # Modify configuration for library
+  # @yield [Configuration]
+  def configure
+    yield self.config if block_given?
+  end
+
+
+  # @return [Configuration]
+  def config
+    @@config ||= Configuration.new
+  end#config
+end

data/lib/conpar/_all.rb

@@ -0,0 +1,9 @@
+# Require all Conpar Classes
+%w[
+  version
+  directive
+  configuration
+  document
+].each do |src|
+  require_relative "#{src}"
+end

data/lib/conpar/configuration.rb

@@ -0,0 +1,19 @@
+module Conpar
+  # Class for holding configuration values
+  class Configuration
+    # @!attribute [rw]
+    # @return [Module]
+    #   Module Namespace to use with directive matching
+    #   Namespace::MyModule.match_with must be defined
+    attr_accessor :parser
+
+
+    def initialize
+      # Set default values
+      @parser = Conpar::Directive
+
+      # return config object after default values applied
+      self
+    end#initialize
+  end
+end

data/lib/conpar/directive.rb

@@ -0,0 +1,30 @@
+require 'conpar/directive/_all'
+
+module Conpar
+  # Namespace for any type of configuration directive
+  module Directive
+    extend self
+
+    # @param [String] line
+    #   This is the current line being iterated
+    # @param [Hash] options (common options among all Directives)
+    # @option [Integer] line_number
+    #   On which line number does the directive appear
+    def new(line, options={})
+      [
+        Empty,
+        Comment,
+        # Additional directive classes/modules below
+        AccessList
+      ].each do |klass|
+        if line =~ klass::SIGNATURE
+          return klass.new(line, options)
+        end
+      end
+
+      # Catch-all Directive
+      return Base.new(line, options)
+    end#new
+
+  end#Directive
+end

data/lib/conpar/directive/_all.rb

@@ -0,0 +1,9 @@
+# Require all Directive Classes
+%w[
+  base
+  empty
+  comment
+  access_list
+].each do |src|
+  require_relative "#{src}"
+end

data/lib/conpar/directive/access_list.rb

@@ -0,0 +1,33 @@
+require 'conpar/directive/access_list/_all'
+
+module Conpar
+  module Directive
+    # Module for ACL line classes
+    # See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_overview.html
+    module AccessList
+      extend self
+
+      SIGNATURE = Base::SIGNATURE
+
+      def new(line, options={})
+        # Shallow ACL Test - Is the line any type of ACL?
+        if line =~ SIGNATURE
+          # Deeper ACL Testing - Which type of ACL is it?
+          [
+            Standard,
+            Extended,
+            WebType,
+            EtherType
+          ].each do |klass|
+            if line =~ klass::SIGNATURE
+              return klass.new(line, options)
+            end
+          end
+          # If no match yet, use base ACL type
+          return UnknownType.new(line, options)
+        end
+      end#new
+
+    end
+  end
+end

data/lib/conpar/directive/access_list/_all.rb

@@ -0,0 +1,11 @@
+# Require all AccessList Classes
+%w[
+  base
+  standard
+  extended
+  ether_type
+  web_type
+  unknown_type
+].each do |src|
+  require_relative "#{src}"
+end

data/lib/conpar/directive/access_list/base.rb

@@ -0,0 +1,20 @@
+module Conpar
+  module Directive
+    module AccessList
+      # Base class for all AccessList classes
+      class Base < Conpar::Directive::Base
+        SIGNATURE = /^(access-list)\b/
+
+        def initialize(content="", options={})
+          super
+          @ilk = :access_list
+          @sub_ilk = :base
+        end#initialize
+
+        def to_s
+          @content
+        end
+      end
+    end
+  end
+end

data/lib/conpar/directive/access_list/ether_type.rb

@@ -0,0 +1,43 @@
+module Conpar
+  module Directive
+    module AccessList
+      # Class that maps directly to Cisco ethertype ACL definition
+      # See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_ethertype.html
+      class EtherType < Base
+        SIGNATURE = /^(access-list)\b.*\b(ethertype)\b/i
+
+        def initialize(content="", options={})
+          super
+
+          @sub_ilk = "ethertype"
+
+          parse_regex = %r/
+            (access-list)\s* # Directive Signature
+            (?<name>[\-\w]+)\s* # ACL Name
+            (?<type>(ethertype))\s* # Ethertype ACL Type
+            (?<permission>(permit|deny))?\s* # permit or deny
+            (?<rule>.+)
+          /x
+          @match_data = parse_regex.match(@content)
+
+          self
+        end#initialize
+
+        # Method for each match name in the parsed match data (see regex above)
+        [ :name,
+          :permission,
+          :rule
+        ].each do |m|
+          define_method(m) do
+            begin
+              @match_data[m]
+            rescue IndexError
+              nil
+            end
+          end
+        end
+
+      end
+    end
+  end
+end#Conpar

data/lib/conpar/directive/access_list/extended.rb

@@ -0,0 +1,56 @@
+module Conpar
+  module Directive
+    module AccessList
+      # Class that maps directly to Cisco extended ACL definition
+      # See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_extended.html
+      class Extended < Base
+        SIGNATURE = /^(access-list)\b.*\b(extended)\b/i
+
+        def initialize(content="", options={})
+          super
+
+          @sub_ilk = "extended"
+
+          # host (ipaddr) mask (ipaddr)
+          ipaddr_regex = %r/
+            (?<octet>1?[0-9]{1,2}|2([0-4][0-9]|5[0-5]))\.\k<octet>\.\k<octet>\.\k<octet>
+          /x
+
+          # access-list access_list_name [line line_number] extended
+          # {deny | permit} protocol_argument source_address_argument dest_address_argument
+          # [log [[level] [interval secs] | disable | default]]
+          # [inactive | time-range time_range_name]
+          parse_regex = %r/
+            (access-list)\s*                 # Directive Signature
+            (?<name>[\-\w]+)\s*              # ACL Name
+            (line\s+(?<line>\d+))?\s*        # (optional) line number
+            (?<type>extended)\s*             # ACL type
+            (?<permission>(permit|deny))?\s* # permit or deny
+            (?<protocol>\w+)\s*              # Protocol Argument
+            (?<rule>.+)                      # Everything else on line
+          $/x
+          @match_data = parse_regex.match(@content)
+
+          self
+        end#initialize
+
+        # Method for each match name in the parsed match data (see regex above)
+        [ :name,
+          :permission,
+          :rule,
+          # Additional for :extended ACL directive
+          :line,
+          :protocol
+        ].each do |m|
+          define_method(m) do
+            begin
+              @match_data[m]
+            rescue IndexError
+              nil
+            end
+          end
+        end
+      end
+    end
+  end
+end