conpar 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.coveralls.yml +1 -0
- data/.travis.yml +0 -1
- data/README.md +7 -5
- data/conpar.gemspec +2 -0
- data/lib/conpar/directive/access_list.rb +1 -0
- data/lib/conpar/directive/access_list/_all.rb +1 -0
- data/lib/conpar/directive/access_list/base.rb +2 -0
- data/lib/conpar/directive/access_list/ether_type.rb +7 -11
- data/lib/conpar/directive/access_list/extended.rb +4 -8
- data/lib/conpar/directive/access_list/remark.rb +34 -0
- data/lib/conpar/directive/access_list/standard.rb +4 -8
- data/lib/conpar/directive/access_list/web_type.rb +5 -9
- data/lib/conpar/directive/base.rb +1 -1
- data/lib/conpar/directive/comment.rb +1 -0
- data/lib/conpar/version.rb +1 -1
- data/spec/lib/directive/access_list/base_spec.rb +7 -0
- data/spec/lib/directive/access_list/extended_spec.rb +9 -0
- data/spec/lib/directive/access_list/remark_spec.rb +33 -0
- data/spec/lib/directive/access_list/standard_spec.rb +8 -0
- data/spec/lib/directive/comment_spec.rb +13 -3
- data/spec/spec_helper.rb +3 -0
- metadata +24 -4
data/.coveralls.yml
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
service_name: travis-ci
|
data/.travis.yml
CHANGED
data/README.md
CHANGED
@@ -1,6 +1,8 @@
|
|
1
|
-
# Conpar
|
1
|
+
# Conpar
|
2
|
+
[](https://travis-ci.org/CITguy/conpar)
|
3
|
+
[](https://coveralls.io/r/CITguy/conpar?branch=master)
|
2
4
|
|
3
|
-
Conpar (short for
|
5
|
+
Conpar (short for Configuration Parser) is designed to be a flexible and extendable library for parsing through a Firewall configuration file by tokenizing the configuration directives into ruby objects for evaluation.
|
4
6
|
|
5
7
|
**NOTE**: This gem is still in a very _alpha_ state. It currently only knows how to tokenize Comments and Access Lists for Cisco ASA firewall configurations.
|
6
8
|
|
@@ -20,10 +22,10 @@ Or install it yourself as:
|
|
20
22
|
|
21
23
|
## Supported Rubies
|
22
24
|
|
23
|
-
**MRE 1.9.
|
25
|
+
**MRE 1.9.3, 2.0.0, 2.1.0**
|
24
26
|
|
25
|
-
Versions prior to 1.9.
|
26
|
-
Since 1.8.7 and ree are EOL, they no longer desirable to code against.
|
27
|
+
Versions prior to 1.9.3 will **NOT** be supported with this gem.
|
28
|
+
Since 1.8.7 and ree are EOL, they no longer desirable to code against. Also, there are some incompatibilities with ruby 1.9.2.
|
27
29
|
|
28
30
|
## Usage
|
29
31
|
|
data/conpar.gemspec
CHANGED
@@ -4,20 +4,20 @@ module Conpar
|
|
4
4
|
# Class that maps directly to Cisco ethertype ACL definition
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_ethertype.html
|
6
6
|
class EtherType < Base
|
7
|
-
SIGNATURE = /^(access-list)\b.*\
|
7
|
+
SIGNATURE = /^(access-list)\b.*\s(ethertype)\s/i
|
8
8
|
|
9
9
|
def initialize(content="", options={})
|
10
10
|
super
|
11
11
|
|
12
12
|
@sub_ilk = "ethertype"
|
13
13
|
|
14
|
-
parse_regex = %r
|
15
|
-
(access-list)\s*
|
16
|
-
(?<name
|
17
|
-
(?<type>(ethertype))\s*
|
14
|
+
parse_regex = %r/^
|
15
|
+
(access-list)\s* # Directive Signature
|
16
|
+
(?<name>#{NAME})\s* # ACL Name
|
17
|
+
(?<type>(ethertype))\s* # Ethertype ACL Type
|
18
18
|
(?<permission>(permit|deny))?\s* # permit or deny
|
19
19
|
(?<rule>.+)
|
20
|
-
|
20
|
+
$/x
|
21
21
|
@match_data = parse_regex.match(@content)
|
22
22
|
|
23
23
|
self
|
@@ -29,11 +29,7 @@ module Conpar
|
|
29
29
|
:rule
|
30
30
|
].each do |m|
|
31
31
|
define_method(m) do
|
32
|
-
|
33
|
-
@match_data[m]
|
34
|
-
rescue IndexError
|
35
|
-
nil
|
36
|
-
end
|
32
|
+
@match_data[m]
|
37
33
|
end
|
38
34
|
end
|
39
35
|
|
@@ -4,7 +4,7 @@ module Conpar
|
|
4
4
|
# Class that maps directly to Cisco extended ACL definition
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_extended.html
|
6
6
|
class Extended < Base
|
7
|
-
SIGNATURE = /^(access-list)\b.*\
|
7
|
+
SIGNATURE = /^(access-list)\b.*\s(extended)\s/i
|
8
8
|
|
9
9
|
def initialize(content="", options={})
|
10
10
|
super
|
@@ -20,9 +20,9 @@ module Conpar
|
|
20
20
|
# {deny | permit} protocol_argument source_address_argument dest_address_argument
|
21
21
|
# [log [[level] [interval secs] | disable | default]]
|
22
22
|
# [inactive | time-range time_range_name]
|
23
|
-
parse_regex = %r
|
23
|
+
parse_regex = %r/^
|
24
24
|
(access-list)\s* # Directive Signature
|
25
|
-
(?<name
|
25
|
+
(?<name>#{NAME})\s* # ACL Name
|
26
26
|
(line\s+(?<line>\d+))?\s* # (optional) line number
|
27
27
|
(?<type>extended)\s* # ACL type
|
28
28
|
(?<permission>(permit|deny))?\s* # permit or deny
|
@@ -43,11 +43,7 @@ module Conpar
|
|
43
43
|
:protocol
|
44
44
|
].each do |m|
|
45
45
|
define_method(m) do
|
46
|
-
|
47
|
-
@match_data[m]
|
48
|
-
rescue IndexError
|
49
|
-
nil
|
50
|
-
end
|
46
|
+
@match_data[m]
|
51
47
|
end
|
52
48
|
end
|
53
49
|
end
|
@@ -0,0 +1,34 @@
|
|
1
|
+
module Conpar
|
2
|
+
module Directive
|
3
|
+
module AccessList
|
4
|
+
# Class that maps directly to Cisco Commented ACL
|
5
|
+
# See http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#comments
|
6
|
+
class Remark < Base
|
7
|
+
SIGNATURE = /^(access-list)\b.*\b(remark)\b/i
|
8
|
+
|
9
|
+
def initialize(content="", options={})
|
10
|
+
super
|
11
|
+
@sub_ilk = "remark"
|
12
|
+
|
13
|
+
# access-list access_list_name remark remark_content
|
14
|
+
parse_regex = %r/^
|
15
|
+
(access-list)\s* # Directive Signature
|
16
|
+
(?<name>#{NAME})\s* # ACL Name
|
17
|
+
(?<type>remark)\s* # ACL Type
|
18
|
+
(?<remark>.+) # Everything else on line
|
19
|
+
$/x
|
20
|
+
@match_data = parse_regex.match(@content)
|
21
|
+
end#initialize
|
22
|
+
|
23
|
+
[ :name,
|
24
|
+
:type,
|
25
|
+
:remark
|
26
|
+
].each do |m|
|
27
|
+
define_method(m) do
|
28
|
+
@match_data[m]
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end#Remark
|
32
|
+
end#AccessList
|
33
|
+
end#Directive
|
34
|
+
end#Conpar
|
@@ -4,16 +4,16 @@ module Conpar
|
|
4
4
|
# Class that maps directly to Cisco standard ACL definition
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_standard.html
|
6
6
|
class Standard < Base
|
7
|
-
SIGNATURE = /^(access-list)\b.*\
|
7
|
+
SIGNATURE = /^(access-list)\b.*\s(standard)\s/i
|
8
8
|
|
9
9
|
def initialize(content="", options={})
|
10
10
|
super
|
11
11
|
|
12
12
|
@sub_ilk = "standard"
|
13
13
|
|
14
|
-
parse_regex = %r
|
14
|
+
parse_regex = %r/^
|
15
15
|
(access-list)\s* # Directive signature
|
16
|
-
(?<name
|
16
|
+
(?<name>#{NAME})\s* # ACL Name
|
17
17
|
(?<type>(standard))\s* # Standard ACL Type
|
18
18
|
(?<permission>(permit|deny))?\s* # permit or deny
|
19
19
|
(?<rule>.+) # Everything else on line
|
@@ -29,11 +29,7 @@ module Conpar
|
|
29
29
|
:rule
|
30
30
|
].each do |m|
|
31
31
|
define_method(m) do
|
32
|
-
|
33
|
-
@match_data[m]
|
34
|
-
rescue IndexError
|
35
|
-
nil
|
36
|
-
end
|
32
|
+
@match_data[m]
|
37
33
|
end
|
38
34
|
end
|
39
35
|
end
|
@@ -4,20 +4,20 @@ module Conpar
|
|
4
4
|
# Class that maps directly to Cisco webtype ACL definition
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_webtype.html
|
6
6
|
class WebType < Base
|
7
|
-
SIGNATURE = /^(access-list)\b.*\
|
7
|
+
SIGNATURE = /^(access-list)\b.*\s(webtype)\s/i
|
8
8
|
|
9
9
|
def initialize(content="", options={})
|
10
10
|
super
|
11
11
|
|
12
12
|
@sub_ilk = "webtype"
|
13
13
|
|
14
|
-
parse_regex = %r
|
14
|
+
parse_regex = %r/^
|
15
15
|
(access-list)\s* # Directive Signature
|
16
|
-
(?<name
|
16
|
+
(?<name>#{NAME})\s* # ACL name
|
17
17
|
(?<type>(webtype))\s* # Webtype ACL Type
|
18
18
|
(?<permission>(permit|deny))?\s* # permit or deny
|
19
19
|
(?<rule>.+) # Everything else on line
|
20
|
-
|
20
|
+
$/x
|
21
21
|
@match_data = parse_regex.match(@content)
|
22
22
|
|
23
23
|
self
|
@@ -29,11 +29,7 @@ module Conpar
|
|
29
29
|
:rule
|
30
30
|
].each do |m|
|
31
31
|
define_method(m) do
|
32
|
-
|
33
|
-
@match_data[m]
|
34
|
-
rescue IndexError
|
35
|
-
nil
|
36
|
-
end
|
32
|
+
@match_data[m]
|
37
33
|
end
|
38
34
|
end
|
39
35
|
end
|
data/lib/conpar/version.rb
CHANGED
@@ -2,4 +2,11 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe Conpar::Directive::AccessList::Base do
|
4
4
|
let(:klass) { Conpar::Directive::AccessList::Base }
|
5
|
+
|
6
|
+
context "#to_s" do
|
7
|
+
it "should be same as #content" do
|
8
|
+
obj = klass.new("foobar")
|
9
|
+
expect(obj.to_s).to eq(obj.content)
|
10
|
+
end
|
11
|
+
end
|
5
12
|
end
|
@@ -2,6 +2,15 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe Conpar::Directive::AccessList::Extended do
|
4
4
|
let(:klass) { Conpar::Directive::AccessList::Extended }
|
5
|
+
|
6
|
+
context "extended acl with 'standard' in name of object-group" do
|
7
|
+
subject { "access-list ACL_IN extended permit ip any object-group standard-grp" }
|
8
|
+
|
9
|
+
it "::SIGNATURE should match" do
|
10
|
+
expect(subject).to match(klass::SIGNATURE)
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
5
14
|
{
|
6
15
|
# example from cisco documenation
|
7
16
|
# rule any any
|
@@ -0,0 +1,33 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Conpar::Directive::AccessList::Remark do
|
4
|
+
let(:klass) { Conpar::Directive::AccessList::Remark }
|
5
|
+
let(:remark) { "access-list 101 remark ***Some Remark***" }
|
6
|
+
|
7
|
+
context "::SIGNATURE" do
|
8
|
+
it "should match 'access-list 101 remark ***Some Remark***'" do
|
9
|
+
expect(remark).to match(klass::SIGNATURE)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
context "#new" do
|
14
|
+
subject { klass.new(remark) }
|
15
|
+
[ :name, :type, :remark ].each do |m|
|
16
|
+
it "should respond to #{m}" do
|
17
|
+
expect(subject).to respond_to(m)
|
18
|
+
end
|
19
|
+
end
|
20
|
+
it ".sub_ilk should be 'remark'" do
|
21
|
+
expect(subject.sub_ilk).to eq("remark")
|
22
|
+
end
|
23
|
+
it ".name should be '101'" do
|
24
|
+
expect(subject.name).to eq("101")
|
25
|
+
end
|
26
|
+
it ".type should be 'remark'" do
|
27
|
+
expect(subject.type).to eq("remark")
|
28
|
+
end
|
29
|
+
it ".remark should be '***Some Remark***'" do
|
30
|
+
expect(subject.remark).to eq("***Some Remark***")
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
@@ -2,6 +2,14 @@ require 'spec_helper'
|
|
2
2
|
|
3
3
|
describe Conpar::Directive::AccessList::Standard do
|
4
4
|
let(:klass) { Conpar::Directive::AccessList::Standard }
|
5
|
+
|
6
|
+
context "extended acl with 'standard' in name of object-group" do
|
7
|
+
subject { "access-list ACL_IN extended permit ip any object-group standard-grp" }
|
8
|
+
|
9
|
+
it "::SIGNATURE should not match" do
|
10
|
+
expect(subject).not_to match(klass::SIGNATURE)
|
11
|
+
end
|
12
|
+
end
|
5
13
|
{
|
6
14
|
"access-list OSPF standard permit 192.168.1.0 255.255.255.0" => {
|
7
15
|
name: "OSPF",
|
@@ -1,13 +1,23 @@
|
|
1
1
|
require 'spec_helper'
|
2
2
|
|
3
3
|
describe Conpar::Directive::Comment do
|
4
|
+
let(:klass) { Conpar::Directive::Comment }
|
5
|
+
|
4
6
|
context "::SIGNATURE" do
|
5
|
-
subject { Conpar::Directive::Comment::SIGNATURE }
|
6
7
|
it "should match ': no comment'" do
|
7
|
-
expect(": no comment").to match(
|
8
|
+
expect(": no comment").to match(klass::SIGNATURE)
|
8
9
|
end
|
9
10
|
it "should not match empty string" do
|
10
|
-
expect(" ").not_to match(
|
11
|
+
expect(" ").not_to match(klass::SIGNATURE)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
context "valid comment" do
|
15
|
+
subject { klass.new(": no comment") }
|
16
|
+
it ".ilk should be :comment" do
|
17
|
+
expect(subject.ilk).to eq(:comment)
|
18
|
+
end
|
19
|
+
it ".sub_ilk should be 'comment'" do
|
20
|
+
expect(subject.sub_ilk).to eq("comment")
|
11
21
|
end
|
12
22
|
end
|
13
23
|
end
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conpar
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.2
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2014-04-
|
12
|
+
date: 2014-04-15 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -139,6 +139,22 @@ dependencies:
|
|
139
139
|
- - ! '>='
|
140
140
|
- !ruby/object:Gem::Version
|
141
141
|
version: '0'
|
142
|
+
- !ruby/object:Gem::Dependency
|
143
|
+
name: coveralls
|
144
|
+
requirement: !ruby/object:Gem::Requirement
|
145
|
+
none: false
|
146
|
+
requirements:
|
147
|
+
- - ! '>='
|
148
|
+
- !ruby/object:Gem::Version
|
149
|
+
version: '0'
|
150
|
+
type: :development
|
151
|
+
prerelease: false
|
152
|
+
version_requirements: !ruby/object:Gem::Requirement
|
153
|
+
none: false
|
154
|
+
requirements:
|
155
|
+
- - ! '>='
|
156
|
+
- !ruby/object:Gem::Version
|
157
|
+
version: '0'
|
142
158
|
description: Full-featured firewall configuration parser library.
|
143
159
|
email:
|
144
160
|
- ryan.johnson@rackspace.com
|
@@ -146,6 +162,7 @@ executables: []
|
|
146
162
|
extensions: []
|
147
163
|
extra_rdoc_files: []
|
148
164
|
files:
|
165
|
+
- .coveralls.yml
|
149
166
|
- .gitignore
|
150
167
|
- .travis.yml
|
151
168
|
- Gemfile
|
@@ -164,6 +181,7 @@ files:
|
|
164
181
|
- lib/conpar/directive/access_list/base.rb
|
165
182
|
- lib/conpar/directive/access_list/ether_type.rb
|
166
183
|
- lib/conpar/directive/access_list/extended.rb
|
184
|
+
- lib/conpar/directive/access_list/remark.rb
|
167
185
|
- lib/conpar/directive/access_list/standard.rb
|
168
186
|
- lib/conpar/directive/access_list/unknown_type.rb
|
169
187
|
- lib/conpar/directive/access_list/web_type.rb
|
@@ -177,6 +195,7 @@ files:
|
|
177
195
|
- spec/lib/directive/access_list/base_spec.rb
|
178
196
|
- spec/lib/directive/access_list/ether_type_spec.rb
|
179
197
|
- spec/lib/directive/access_list/extended_spec.rb
|
198
|
+
- spec/lib/directive/access_list/remark_spec.rb
|
180
199
|
- spec/lib/directive/access_list/standard_spec.rb
|
181
200
|
- spec/lib/directive/access_list/unknown_spec.rb
|
182
201
|
- spec/lib/directive/access_list/web_type_spec.rb
|
@@ -207,7 +226,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
207
226
|
version: '0'
|
208
227
|
segments:
|
209
228
|
- 0
|
210
|
-
hash:
|
229
|
+
hash: 4397279224083911622
|
211
230
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
212
231
|
none: false
|
213
232
|
requirements:
|
@@ -216,7 +235,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
216
235
|
version: '0'
|
217
236
|
segments:
|
218
237
|
- 0
|
219
|
-
hash:
|
238
|
+
hash: 4397279224083911622
|
220
239
|
requirements: []
|
221
240
|
rubyforge_project:
|
222
241
|
rubygems_version: 1.8.23
|
@@ -229,6 +248,7 @@ test_files:
|
|
229
248
|
- spec/lib/directive/access_list/base_spec.rb
|
230
249
|
- spec/lib/directive/access_list/ether_type_spec.rb
|
231
250
|
- spec/lib/directive/access_list/extended_spec.rb
|
251
|
+
- spec/lib/directive/access_list/remark_spec.rb
|
232
252
|
- spec/lib/directive/access_list/standard_spec.rb
|
233
253
|
- spec/lib/directive/access_list/unknown_spec.rb
|
234
254
|
- spec/lib/directive/access_list/web_type_spec.rb
|