conpar 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/.coveralls.yml ADDED
@@ -0,0 +1 @@
1
+ service_name: travis-ci
data/.travis.yml CHANGED
@@ -1,7 +1,6 @@
1
1
  script: "bundle exec rake"
2
2
  language: ruby
3
3
  rvm:
4
- - 1.9.2
5
4
  - 1.9.3
6
5
  - 2.0.0
7
6
  - 2.1.0
data/README.md CHANGED
@@ -1,6 +1,8 @@
1
- # Conpar [![Build Status](https://travis-ci.org/CITguy/conpar.png?branch=master)](https://travis-ci.org/CITguy/conpar)
1
+ # Conpar
2
+ [![Build Status](https://travis-ci.org/CITguy/conpar.png?branch=master)](https://travis-ci.org/CITguy/conpar)
3
+ [![Coverage Status](https://coveralls.io/repos/CITguy/conpar/badge.png?branch=master)](https://coveralls.io/r/CITguy/conpar?branch=master)
2
4
 
3
- Conpar (short for **Con**figuration **Par**ser) is designed to be a flexible and extendable library for parsing through a Firewall configuration file by tokenizing the configuration directives into ruby objects for evaluation.
5
+ Conpar (short for Configuration Parser) is designed to be a flexible and extendable library for parsing through a Firewall configuration file by tokenizing the configuration directives into ruby objects for evaluation.
4
6
 
5
7
  **NOTE**: This gem is still in a very _alpha_ state. It currently only knows how to tokenize Comments and Access Lists for Cisco ASA firewall configurations.
6
8
 
@@ -20,10 +22,10 @@ Or install it yourself as:
20
22
 
21
23
  ## Supported Rubies
22
24
 
23
- **MRE 1.9.2, 1.9.3, 2.0.0, 2.1.0**
25
+ **MRE 1.9.3, 2.0.0, 2.1.0**
24
26
 
25
- Versions prior to 1.9.2 will **NOT** be supported with this gem.
26
- Since 1.8.7 and ree are EOL, they no longer desirable to code against.
27
+ Versions prior to 1.9.3 will **NOT** be supported with this gem.
28
+ Since 1.8.7 and ree are EOL, they no longer desirable to code against. Also, there are some incompatibilities with ruby 1.9.2.
27
29
 
28
30
  ## Usage
29
31
 
data/conpar.gemspec CHANGED
@@ -27,4 +27,6 @@ Gem::Specification.new do |spec|
27
27
  spec.add_development_dependency "guard"
28
28
  spec.add_development_dependency "guard-rspec"
29
29
  spec.add_development_dependency "pry"
30
+
31
+ spec.add_development_dependency "coveralls"
30
32
  end
@@ -14,6 +14,7 @@ module Conpar
14
14
  if line =~ SIGNATURE
15
15
  # Deeper ACL Testing - Which type of ACL is it?
16
16
  [
17
+ Remark,
17
18
  Standard,
18
19
  Extended,
19
20
  WebType,
@@ -6,6 +6,7 @@
6
6
  ether_type
7
7
  web_type
8
8
  unknown_type
9
+ remark
9
10
  ].each do |src|
10
11
  require_relative "#{src}"
11
12
  end
@@ -5,6 +5,8 @@ module Conpar
5
5
  class Base < Conpar::Directive::Base
6
6
  SIGNATURE = /^(access-list)\b/
7
7
 
8
+ NAME = /[^\s\t]+/ # any non-line-breaking whitespace
9
+
8
10
  def initialize(content="", options={})
9
11
  super
10
12
  @ilk = :access_list
@@ -4,20 +4,20 @@ module Conpar
4
4
  # Class that maps directly to Cisco ethertype ACL definition
5
5
  # See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_ethertype.html
6
6
  class EtherType < Base
7
- SIGNATURE = /^(access-list)\b.*\b(ethertype)\b/i
7
+ SIGNATURE = /^(access-list)\b.*\s(ethertype)\s/i
8
8
 
9
9
  def initialize(content="", options={})
10
10
  super
11
11
 
12
12
  @sub_ilk = "ethertype"
13
13
 
14
- parse_regex = %r/
15
- (access-list)\s* # Directive Signature
16
- (?<name>[\-\w]+)\s* # ACL Name
17
- (?<type>(ethertype))\s* # Ethertype ACL Type
14
+ parse_regex = %r/^
15
+ (access-list)\s* # Directive Signature
16
+ (?<name>#{NAME})\s* # ACL Name
17
+ (?<type>(ethertype))\s* # Ethertype ACL Type
18
18
  (?<permission>(permit|deny))?\s* # permit or deny
19
19
  (?<rule>.+)
20
- /x
20
+ $/x
21
21
  @match_data = parse_regex.match(@content)
22
22
 
23
23
  self
@@ -29,11 +29,7 @@ module Conpar
29
29
  :rule
30
30
  ].each do |m|
31
31
  define_method(m) do
32
- begin
33
- @match_data[m]
34
- rescue IndexError
35
- nil
36
- end
32
+ @match_data[m]
37
33
  end
38
34
  end
39
35
 
@@ -4,7 +4,7 @@ module Conpar
4
4
  # Class that maps directly to Cisco extended ACL definition
5
5
  # See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_extended.html
6
6
  class Extended < Base
7
- SIGNATURE = /^(access-list)\b.*\b(extended)\b/i
7
+ SIGNATURE = /^(access-list)\b.*\s(extended)\s/i
8
8
 
9
9
  def initialize(content="", options={})
10
10
  super
@@ -20,9 +20,9 @@ module Conpar
20
20
  # {deny | permit} protocol_argument source_address_argument dest_address_argument
21
21
  # [log [[level] [interval secs] | disable | default]]
22
22
  # [inactive | time-range time_range_name]
23
- parse_regex = %r/
23
+ parse_regex = %r/^
24
24
  (access-list)\s* # Directive Signature
25
- (?<name>[\-\w]+)\s* # ACL Name
25
+ (?<name>#{NAME})\s* # ACL Name
26
26
  (line\s+(?<line>\d+))?\s* # (optional) line number
27
27
  (?<type>extended)\s* # ACL type
28
28
  (?<permission>(permit|deny))?\s* # permit or deny
@@ -43,11 +43,7 @@ module Conpar
43
43
  :protocol
44
44
  ].each do |m|
45
45
  define_method(m) do
46
- begin
47
- @match_data[m]
48
- rescue IndexError
49
- nil
50
- end
46
+ @match_data[m]
51
47
  end
52
48
  end
53
49
  end
@@ -0,0 +1,34 @@
1
+ module Conpar
2
+ module Directive
3
+ module AccessList
4
+ # Class that maps directly to Cisco Commented ACL
5
+ # See http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/23602-confaccesslists.html#comments
6
+ class Remark < Base
7
+ SIGNATURE = /^(access-list)\b.*\b(remark)\b/i
8
+
9
+ def initialize(content="", options={})
10
+ super
11
+ @sub_ilk = "remark"
12
+
13
+ # access-list access_list_name remark remark_content
14
+ parse_regex = %r/^
15
+ (access-list)\s* # Directive Signature
16
+ (?<name>#{NAME})\s* # ACL Name
17
+ (?<type>remark)\s* # ACL Type
18
+ (?<remark>.+) # Everything else on line
19
+ $/x
20
+ @match_data = parse_regex.match(@content)
21
+ end#initialize
22
+
23
+ [ :name,
24
+ :type,
25
+ :remark
26
+ ].each do |m|
27
+ define_method(m) do
28
+ @match_data[m]
29
+ end
30
+ end
31
+ end#Remark
32
+ end#AccessList
33
+ end#Directive
34
+ end#Conpar
@@ -4,16 +4,16 @@ module Conpar
4
4
  # Class that maps directly to Cisco standard ACL definition
5
5
  # See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_standard.html
6
6
  class Standard < Base
7
- SIGNATURE = /^(access-list)\b.*\b(standard)\b/i
7
+ SIGNATURE = /^(access-list)\b.*\s(standard)\s/i
8
8
 
9
9
  def initialize(content="", options={})
10
10
  super
11
11
 
12
12
  @sub_ilk = "standard"
13
13
 
14
- parse_regex = %r/
14
+ parse_regex = %r/^
15
15
  (access-list)\s* # Directive signature
16
- (?<name>[\-\w]+)\s* # ACL Name
16
+ (?<name>#{NAME})\s* # ACL Name
17
17
  (?<type>(standard))\s* # Standard ACL Type
18
18
  (?<permission>(permit|deny))?\s* # permit or deny
19
19
  (?<rule>.+) # Everything else on line
@@ -29,11 +29,7 @@ module Conpar
29
29
  :rule
30
30
  ].each do |m|
31
31
  define_method(m) do
32
- begin
33
- @match_data[m]
34
- rescue IndexError
35
- nil
36
- end
32
+ @match_data[m]
37
33
  end
38
34
  end
39
35
  end
@@ -4,20 +4,20 @@ module Conpar
4
4
  # Class that maps directly to Cisco webtype ACL definition
5
5
  # See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_webtype.html
6
6
  class WebType < Base
7
- SIGNATURE = /^(access-list)\b.*\b(webtype)\b/i
7
+ SIGNATURE = /^(access-list)\b.*\s(webtype)\s/i
8
8
 
9
9
  def initialize(content="", options={})
10
10
  super
11
11
 
12
12
  @sub_ilk = "webtype"
13
13
 
14
- parse_regex = %r/
14
+ parse_regex = %r/^
15
15
  (access-list)\s* # Directive Signature
16
- (?<name>[\-\w]+)\s* # ACL name
16
+ (?<name>#{NAME})\s* # ACL name
17
17
  (?<type>(webtype))\s* # Webtype ACL Type
18
18
  (?<permission>(permit|deny))?\s* # permit or deny
19
19
  (?<rule>.+) # Everything else on line
20
- /x
20
+ $/x
21
21
  @match_data = parse_regex.match(@content)
22
22
 
23
23
  self
@@ -29,11 +29,7 @@ module Conpar
29
29
  :rule
30
30
  ].each do |m|
31
31
  define_method(m) do
32
- begin
33
- @match_data[m]
34
- rescue IndexError
35
- nil
36
- end
32
+ @match_data[m]
37
33
  end
38
34
  end
39
35
  end
@@ -42,7 +42,7 @@ module Conpar
42
42
  def initialize(content="", options={})
43
43
  @line_number = options[:line_number]
44
44
  @line_span = options.fetch(:line_span, 1)
45
- @content = content
45
+ @content = content.to_s.strip
46
46
  @ilk = :directive
47
47
  @sub_ilk = ""
48
48
  self
@@ -7,6 +7,7 @@ module Conpar
7
7
  def initialize(content="", options={})
8
8
  super
9
9
  @ilk = :comment
10
+ @sub_ilk = "comment"
10
11
  end
11
12
  end
12
13
  end
@@ -1,3 +1,3 @@
1
1
  module Conpar
2
- VERSION = "0.1.0"
2
+ VERSION = "0.1.2"
3
3
  end
@@ -2,4 +2,11 @@ require 'spec_helper'
2
2
 
3
3
  describe Conpar::Directive::AccessList::Base do
4
4
  let(:klass) { Conpar::Directive::AccessList::Base }
5
+
6
+ context "#to_s" do
7
+ it "should be same as #content" do
8
+ obj = klass.new("foobar")
9
+ expect(obj.to_s).to eq(obj.content)
10
+ end
11
+ end
5
12
  end
@@ -2,6 +2,15 @@ require 'spec_helper'
2
2
 
3
3
  describe Conpar::Directive::AccessList::Extended do
4
4
  let(:klass) { Conpar::Directive::AccessList::Extended }
5
+
6
+ context "extended acl with 'standard' in name of object-group" do
7
+ subject { "access-list ACL_IN extended permit ip any object-group standard-grp" }
8
+
9
+ it "::SIGNATURE should match" do
10
+ expect(subject).to match(klass::SIGNATURE)
11
+ end
12
+ end
13
+
5
14
  {
6
15
  # example from cisco documenation
7
16
  # rule any any
@@ -0,0 +1,33 @@
1
+ require 'spec_helper'
2
+
3
+ describe Conpar::Directive::AccessList::Remark do
4
+ let(:klass) { Conpar::Directive::AccessList::Remark }
5
+ let(:remark) { "access-list 101 remark ***Some Remark***" }
6
+
7
+ context "::SIGNATURE" do
8
+ it "should match 'access-list 101 remark ***Some Remark***'" do
9
+ expect(remark).to match(klass::SIGNATURE)
10
+ end
11
+ end
12
+
13
+ context "#new" do
14
+ subject { klass.new(remark) }
15
+ [ :name, :type, :remark ].each do |m|
16
+ it "should respond to #{m}" do
17
+ expect(subject).to respond_to(m)
18
+ end
19
+ end
20
+ it ".sub_ilk should be 'remark'" do
21
+ expect(subject.sub_ilk).to eq("remark")
22
+ end
23
+ it ".name should be '101'" do
24
+ expect(subject.name).to eq("101")
25
+ end
26
+ it ".type should be 'remark'" do
27
+ expect(subject.type).to eq("remark")
28
+ end
29
+ it ".remark should be '***Some Remark***'" do
30
+ expect(subject.remark).to eq("***Some Remark***")
31
+ end
32
+ end
33
+ end
@@ -2,6 +2,14 @@ require 'spec_helper'
2
2
 
3
3
  describe Conpar::Directive::AccessList::Standard do
4
4
  let(:klass) { Conpar::Directive::AccessList::Standard }
5
+
6
+ context "extended acl with 'standard' in name of object-group" do
7
+ subject { "access-list ACL_IN extended permit ip any object-group standard-grp" }
8
+
9
+ it "::SIGNATURE should not match" do
10
+ expect(subject).not_to match(klass::SIGNATURE)
11
+ end
12
+ end
5
13
  {
6
14
  "access-list OSPF standard permit 192.168.1.0 255.255.255.0" => {
7
15
  name: "OSPF",
@@ -1,13 +1,23 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Conpar::Directive::Comment do
4
+ let(:klass) { Conpar::Directive::Comment }
5
+
4
6
  context "::SIGNATURE" do
5
- subject { Conpar::Directive::Comment::SIGNATURE }
6
7
  it "should match ': no comment'" do
7
- expect(": no comment").to match(subject)
8
+ expect(": no comment").to match(klass::SIGNATURE)
8
9
  end
9
10
  it "should not match empty string" do
10
- expect(" ").not_to match(subject)
11
+ expect(" ").not_to match(klass::SIGNATURE)
12
+ end
13
+ end
14
+ context "valid comment" do
15
+ subject { klass.new(": no comment") }
16
+ it ".ilk should be :comment" do
17
+ expect(subject.ilk).to eq(:comment)
18
+ end
19
+ it ".sub_ilk should be 'comment'" do
20
+ expect(subject.sub_ilk).to eq("comment")
11
21
  end
12
22
  end
13
23
  end
data/spec/spec_helper.rb CHANGED
@@ -1,3 +1,6 @@
1
+ require 'coveralls'
2
+ Coveralls.wear!
3
+
1
4
  require 'rspec'
2
5
  require 'conpar'
3
6
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: conpar
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.2
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2014-04-10 00:00:00.000000000 Z
12
+ date: 2014-04-15 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler
@@ -139,6 +139,22 @@ dependencies:
139
139
  - - ! '>='
140
140
  - !ruby/object:Gem::Version
141
141
  version: '0'
142
+ - !ruby/object:Gem::Dependency
143
+ name: coveralls
144
+ requirement: !ruby/object:Gem::Requirement
145
+ none: false
146
+ requirements:
147
+ - - ! '>='
148
+ - !ruby/object:Gem::Version
149
+ version: '0'
150
+ type: :development
151
+ prerelease: false
152
+ version_requirements: !ruby/object:Gem::Requirement
153
+ none: false
154
+ requirements:
155
+ - - ! '>='
156
+ - !ruby/object:Gem::Version
157
+ version: '0'
142
158
  description: Full-featured firewall configuration parser library.
143
159
  email:
144
160
  - ryan.johnson@rackspace.com
@@ -146,6 +162,7 @@ executables: []
146
162
  extensions: []
147
163
  extra_rdoc_files: []
148
164
  files:
165
+ - .coveralls.yml
149
166
  - .gitignore
150
167
  - .travis.yml
151
168
  - Gemfile
@@ -164,6 +181,7 @@ files:
164
181
  - lib/conpar/directive/access_list/base.rb
165
182
  - lib/conpar/directive/access_list/ether_type.rb
166
183
  - lib/conpar/directive/access_list/extended.rb
184
+ - lib/conpar/directive/access_list/remark.rb
167
185
  - lib/conpar/directive/access_list/standard.rb
168
186
  - lib/conpar/directive/access_list/unknown_type.rb
169
187
  - lib/conpar/directive/access_list/web_type.rb
@@ -177,6 +195,7 @@ files:
177
195
  - spec/lib/directive/access_list/base_spec.rb
178
196
  - spec/lib/directive/access_list/ether_type_spec.rb
179
197
  - spec/lib/directive/access_list/extended_spec.rb
198
+ - spec/lib/directive/access_list/remark_spec.rb
180
199
  - spec/lib/directive/access_list/standard_spec.rb
181
200
  - spec/lib/directive/access_list/unknown_spec.rb
182
201
  - spec/lib/directive/access_list/web_type_spec.rb
@@ -207,7 +226,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
207
226
  version: '0'
208
227
  segments:
209
228
  - 0
210
- hash: -4307823525324721916
229
+ hash: 4397279224083911622
211
230
  required_rubygems_version: !ruby/object:Gem::Requirement
212
231
  none: false
213
232
  requirements:
@@ -216,7 +235,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
216
235
  version: '0'
217
236
  segments:
218
237
  - 0
219
- hash: -4307823525324721916
238
+ hash: 4397279224083911622
220
239
  requirements: []
221
240
  rubyforge_project:
222
241
  rubygems_version: 1.8.23
@@ -229,6 +248,7 @@ test_files:
229
248
  - spec/lib/directive/access_list/base_spec.rb
230
249
  - spec/lib/directive/access_list/ether_type_spec.rb
231
250
  - spec/lib/directive/access_list/extended_spec.rb
251
+ - spec/lib/directive/access_list/remark_spec.rb
232
252
  - spec/lib/directive/access_list/standard_spec.rb
233
253
  - spec/lib/directive/access_list/unknown_spec.rb
234
254
  - spec/lib/directive/access_list/web_type_spec.rb