conpar 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +1 -0
- data/lib/conpar/directive/access_list/ether_type.rb +5 -1
- data/lib/conpar/directive/access_list/extended.rb +2 -1
- data/lib/conpar/directive/access_list/standard.rb +4 -1
- data/lib/conpar/directive/access_list/web_type.rb +2 -1
- data/lib/conpar/version.rb +1 -1
- data/spec/lib/directive/access_list/extended_spec.rb +9 -5
- data/spec/lib/directive/access_list/standard_spec.rb +10 -5
- data/spec/lib/directive/access_list_spec.rb +2 -1
- data/spec/lib/document_spec.rb +15 -0
- data/spec/samples/sample6 +10 -0
- metadata +6 -4
data/README.md
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
# Conpar
|
2
|
+
[![Gem Version](https://badge.fury.io/rb/conpar.svg)](http://badge.fury.io/rb/conpar)
|
2
3
|
[![Build Status](https://travis-ci.org/CITguy/conpar.png?branch=master)](https://travis-ci.org/CITguy/conpar)
|
3
4
|
[![Coverage Status](https://coveralls.io/repos/CITguy/conpar/badge.png?branch=master)](https://coveralls.io/r/CITguy/conpar?branch=master)
|
4
5
|
|
@@ -4,13 +4,17 @@ module Conpar
|
|
4
4
|
# Class that maps directly to Cisco ethertype ACL definition
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_ethertype.html
|
6
6
|
class EtherType < Base
|
7
|
-
|
7
|
+
# (0.1.4): "ethertype" should be followed by "permit" or "deny"
|
8
|
+
SIGNATURE = /^(access-list)\b.*\s(ethertype)\s+(permit|deny)/i
|
8
9
|
|
9
10
|
def initialize(content="", options={})
|
10
11
|
super
|
11
12
|
|
12
13
|
@sub_ilk = "ethertype"
|
13
14
|
|
15
|
+
# access-list access_list_name ethertype
|
16
|
+
# {deny | permit}
|
17
|
+
# {ipx | bpdu | mpls-unicast | mpls-multicast | is-is | any | hex_number}
|
14
18
|
parse_regex = %r/^
|
15
19
|
(access-list)\s* # Directive Signature
|
16
20
|
(?<name>#{NAME})\s* # ACL Name
|
@@ -4,7 +4,8 @@ module Conpar
|
|
4
4
|
# Class that maps directly to Cisco extended ACL definition
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_extended.html
|
6
6
|
class Extended < Base
|
7
|
-
|
7
|
+
# (0.1.4): "extended" should be followed by "permit" or "deny"
|
8
|
+
SIGNATURE = /^(access-list)\b.*\s(extended)\s+(permit|deny)\s/i
|
8
9
|
|
9
10
|
def initialize(content="", options={})
|
10
11
|
super
|
@@ -4,13 +4,16 @@ module Conpar
|
|
4
4
|
# Class that maps directly to Cisco standard ACL definition
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_standard.html
|
6
6
|
class Standard < Base
|
7
|
-
|
7
|
+
# (0.1.4): "standard" should be followed by "permit" or "deny"
|
8
|
+
SIGNATURE = /^(access-list)\b.*\s(standard)\s+(permit|deny)/i
|
8
9
|
|
9
10
|
def initialize(content="", options={})
|
10
11
|
super
|
11
12
|
|
12
13
|
@sub_ilk = "standard"
|
13
14
|
|
15
|
+
# access-list access_list_name standard
|
16
|
+
# { deny | permit } { any4 | ip_address mask }
|
14
17
|
parse_regex = %r/^
|
15
18
|
(access-list)\s* # Directive signature
|
16
19
|
(?<name>#{NAME})\s* # ACL Name
|
@@ -4,7 +4,8 @@ module Conpar
|
|
4
4
|
# Class that maps directly to Cisco webtype ACL definition
|
5
5
|
# See http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_webtype.html
|
6
6
|
class WebType < Base
|
7
|
-
|
7
|
+
# (0.1.4) "webtype" should be followed by "permit" or "deny"
|
8
|
+
SIGNATURE = /^(access-list)\b.*\s(webtype)\s+(permit|deny)/i
|
8
9
|
|
9
10
|
def initialize(content="", options={})
|
10
11
|
super
|
data/lib/conpar/version.rb
CHANGED
@@ -3,11 +3,15 @@ require 'spec_helper'
|
|
3
3
|
describe Conpar::Directive::AccessList::Extended do
|
4
4
|
let(:klass) { Conpar::Directive::AccessList::Extended }
|
5
5
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
6
|
+
[
|
7
|
+
"access-list 101 extended permit icmp any object-group standard-grp",
|
8
|
+
"access-list 101 extended permit icmp any any object-group standard"
|
9
|
+
].each do |acl|
|
10
|
+
context "for '#{acl}'" do
|
11
|
+
subject { acl }
|
12
|
+
it "::SIGNATURE should MATCH" do
|
13
|
+
expect(subject).to match(klass::SIGNATURE)
|
14
|
+
end
|
11
15
|
end
|
12
16
|
end
|
13
17
|
|
@@ -3,13 +3,18 @@ require 'spec_helper'
|
|
3
3
|
describe Conpar::Directive::AccessList::Standard do
|
4
4
|
let(:klass) { Conpar::Directive::AccessList::Standard }
|
5
5
|
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
6
|
+
[
|
7
|
+
"access-list 101 extended permit icmp any any object-group standard-grp",
|
8
|
+
"access-list 101 extended permit icmp any any object-group standard"
|
9
|
+
].each do |acl|
|
10
|
+
context "for '#{acl}'" do
|
11
|
+
subject { acl }
|
12
|
+
it "::SIGNATURE should NOT match" do
|
13
|
+
expect(klass::SIGNATURE.match(subject)).to be_nil
|
14
|
+
end
|
11
15
|
end
|
12
16
|
end
|
17
|
+
|
13
18
|
{
|
14
19
|
"access-list OSPF standard permit 192.168.1.0 255.255.255.0" => {
|
15
20
|
name: "OSPF",
|
@@ -7,7 +7,8 @@ describe Conpar::Directive::AccessList do
|
|
7
7
|
"access-list foo extended deny all" => Conpar::Directive::AccessList::Extended,
|
8
8
|
"access-list foo webtype deny all" => Conpar::Directive::AccessList::WebType,
|
9
9
|
"access-list foo ethertype deny all" => Conpar::Directive::AccessList::EtherType,
|
10
|
-
"access-list foo unknowntype deny all" => Conpar::Directive::AccessList::Base
|
10
|
+
"access-list foo unknowntype deny all" => Conpar::Directive::AccessList::Base,
|
11
|
+
"access-list 101 extended permit ip any any object-group standard" => Conpar::Directive::AccessList::Extended
|
11
12
|
}.each do |line, klass_output|
|
12
13
|
it "for '#{line}' should return a #{klass_output.name}" do
|
13
14
|
expect(subject.new(line)).to be_a_kind_of(klass_output)
|
data/spec/lib/document_spec.rb
CHANGED
@@ -94,5 +94,20 @@ describe Conpar::Document do
|
|
94
94
|
it { expect(result.select{|r| r.ilk == :directive }).to have(2).items }
|
95
95
|
end
|
96
96
|
end
|
97
|
+
|
98
|
+
# 4 comments, 3 different known ACLs, 1 unknown ACL, 2 other directives
|
99
|
+
context 'sample5' do
|
100
|
+
let(:config) { File.read("spec/samples/sample6") }
|
101
|
+
|
102
|
+
context "result" do
|
103
|
+
let(:result) { subject.parse(config) }
|
104
|
+
it { expect(result.select{|r| r.ilk == :comment }).to have(4).items }
|
105
|
+
it { expect(result.select{|r| r.ilk == :access_list }).to have(4).items }
|
106
|
+
it { expect(result.select{|r| r.sub_ilk == "standard" }).to have(1).items }
|
107
|
+
it { expect(result.select{|r| r.sub_ilk == "extended" }).to have(2).items }
|
108
|
+
it { expect(result.select{|r| r.sub_ilk == "unknown" }).to have(1).items }
|
109
|
+
it { expect(result.select{|r| r.ilk == :directive }).to have(2).items }
|
110
|
+
end
|
111
|
+
end
|
97
112
|
end
|
98
113
|
end
|
@@ -0,0 +1,10 @@
|
|
1
|
+
: First Comment
|
2
|
+
access-list foo-bar standard deny all
|
3
|
+
: Second Comment
|
4
|
+
access-list bang-biz extended permit ip any any
|
5
|
+
access-list dne blahtype permit all
|
6
|
+
: additional directives
|
7
|
+
version 1.0.0
|
8
|
+
logging enable
|
9
|
+
: tricky acl (contains both "extended" and "standard" but is Extended)
|
10
|
+
access-list 101 extended permit ip any any object-group standard
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: conpar
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2014-04-
|
12
|
+
date: 2014-04-21 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -210,6 +210,7 @@ files:
|
|
210
210
|
- spec/samples/sample3
|
211
211
|
- spec/samples/sample4
|
212
212
|
- spec/samples/sample5
|
213
|
+
- spec/samples/sample6
|
213
214
|
- spec/spec_helper.rb
|
214
215
|
homepage: ''
|
215
216
|
licenses:
|
@@ -226,7 +227,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
226
227
|
version: '0'
|
227
228
|
segments:
|
228
229
|
- 0
|
229
|
-
hash: -
|
230
|
+
hash: -1371363594229726120
|
230
231
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
231
232
|
none: false
|
232
233
|
requirements:
|
@@ -235,7 +236,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
235
236
|
version: '0'
|
236
237
|
segments:
|
237
238
|
- 0
|
238
|
-
hash: -
|
239
|
+
hash: -1371363594229726120
|
239
240
|
requirements: []
|
240
241
|
rubyforge_project:
|
241
242
|
rubygems_version: 1.8.23
|
@@ -263,5 +264,6 @@ test_files:
|
|
263
264
|
- spec/samples/sample3
|
264
265
|
- spec/samples/sample4
|
265
266
|
- spec/samples/sample5
|
267
|
+
- spec/samples/sample6
|
266
268
|
- spec/spec_helper.rb
|
267
269
|
has_rdoc:
|