oxidized 0.35.0 → 0.37.0

data/lib/oxidized/model/asa.rb

@@ -32,13 +32,13 @@ class ASA < Oxidized::Model
   end
 
   cmd 'show version' do |cfg|
-    # avoid commits due to uptime / ixo-router01 up 2 mins 28 secs / ixo-router01 up 1 days 2 hours
-    cfg = cfg.each_line.reject { |line| line.match /(\s+up\s+\d+\s+)|(.*days.*)/ }
-    cfg = cfg.join
-    cfg.gsub! /^Configuration has not been modified since last system restart.*\n/, ''
-    cfg.gsub! /^Configuration last modified by.*\n/, ''
-    cfg.gsub! /^Start-up time.*\n/, ''
-    comment cfg
+    comment cfg.reject_lines [
+      # avoid commits due to uptime / ixo-router01 up 2 mins 28 secs / ixo-router01 up 1 days 2 hours
+      /(\s+up\s+\d+\s+)|(.*days.*)/,
+      /^Configuration has not been modified since last system restart.*/,
+      /^Configuration last modified by.*/,
+      /^Start-up time.*/
+    ]
   end
 
   cmd 'show inventory' do |cfg|

data/lib/oxidized/model/comware.rb

@@ -21,8 +21,10 @@ class Comware < Oxidized::Model
 
   cmd :secret do |cfg|
     cfg.gsub! /^( snmp-agent community).*/, '\\1 <configuration removed>'
-    cfg.gsub! /^( password hash).*/, '\\1 <configuration removed>'
+    cfg.gsub! /(password hash).*/, '\\1 <configuration removed>'
     cfg.gsub! /^( password cipher).*/, '\\1 <configuration removed>'
+    cfg.gsub! /(key (authentication )?cipher) \S+/, '\\1 <configuration removed>'
+    cfg.gsub! /(cipher authentication-mode (md5|sha)).\S+ (privacy-mode (des56|3des|aes\d{0,3})) .\S+/, '\\1 <auth-pass> \\3 <priv-pass>'
     cfg
   end
 

data/lib/oxidized/model/cumulus.rb

@@ -5,9 +5,9 @@ class Cumulus < Oxidized::Model
   # ^                 : match begin of line, to have the most specific prompt
   # [\w.-]+@[\w.-]+   : user@hostname
   # (:mgmt)?          : optional when logged in out of band
-  # :~[#$] $          : end of prompt, containing the linux path,
-  #                     which is always "~" in our context
-  prompt /^[\w.-]+@[\w.-]+(:mgmt)?:~[#$] $/
+  # :?~[#$] ?$        : end of prompt, containing the linux path,
+  #                     which is always "~" in our context.
+  prompt /^[\w.-]+@[\w.-]+(:mgmt)?:?~[#$] ?$/
   clean :escape_codes
   comment '# '
 

data/lib/oxidized/model/defacto.rb

@@ -0,0 +1,26 @@
+class Defacto < Oxidized::Model
+  prompt /^(\r*[\w.:@()\/_-]+[#>]\s?)$/
+  comment '! '
+
+  clean :cut
+
+  post do
+    cmd "show running-config" do |cfg|
+      process_config cfg
+    end
+  end
+
+  cfg :telnet do
+    username /^(user ?name|login|user)/i
+    password /^password/i
+  end
+
+  cfg :telnet, :ssh do
+    post_login 'terminal length 0'
+    post_login 'terminal width 0'
+    pre_logout 'exit'
+    pre_logout 'logout'
+  end
+
+  def process_config(cfg) = cfg
+end

data/lib/oxidized/model/dlinknextgen.rb

@@ -8,6 +8,7 @@ class DlinkNextGen < Oxidized::Model
   comment '# '
 
   cmd :all do |cfg|
+    cfg.gsub!("\0", "") # Remove NULL bytes that cause Git to detect the file as binary
     cfg.each_line.to_a[2..-2].map { |line| line.delete("\r").rstrip }.join("\n") + "\n"
   end
 

data/lib/oxidized/model/dslcommands.rb

@@ -0,0 +1,93 @@
+module Oxidized
+  class Model
+    # Domain Specific Language for model commands
+    module DSLCommands
+      # Store a command to be run against the device
+      # cmd_arg can be:
+      #  - a string (the command to be run)
+      #  - a symbol:
+      #    - :all    - run the block against each command output
+      #    - :secret - run the block against each command output when
+      #                vars :remove_secret is true
+      #    - :significant_changes - use the block to remove unsignificant
+      #                changes
+      # Optional arguments (**args):
+      # - clear: true
+      #       replace all the stored blocks for this command (monkey patching)
+      # - prepend: true
+      #       prepend the block to the stored blocks for this command (monkey
+      #       patching)
+      # - if: lambda
+      #       run the command only if the lambda evaluates to true
+      # - input: symbol or array of symbols
+      #       for the inputs this command is to run against (default - run
+      #       every command)
+      def cmd(cmd_arg = nil, **args, &block)
+        if cmd_arg.instance_of?(Symbol)
+          process_args_block(@cmd[cmd_arg], args, block)
+        else
+          return unless valid_cmd_args?(cmd_arg, args)
+
+          # Always use an array for :input
+          args[:input] = Array(args[:input]) if args.include?(:input)
+          process_args_block(@cmd[:cmd], args,
+                             { cmd: cmd_arg, args: args, block: block })
+        end
+        logger.debug "Added #{cmd_arg} to the commands list"
+      end
+
+      def cmds
+        @cmd
+      end
+
+      # calls the block at the end of the model, prepending the output of the
+      # block to the output string
+      def pre(**args, &block)
+        process_args_block(@procs[:pre], args, block)
+      end
+
+      # calls the block at the end of the model, adding the output of the block
+      # to the output string
+      def post(**args, &block)
+        process_args_block(@procs[:post], args, block)
+      end
+
+      # @procs is a hash of procs (:pre+:post) to be prepended/postfixed to
+      # output
+      attr_reader :procs
+
+      private
+
+      def process_args_block(target, args, block)
+        if args[:clear]
+          if block.instance_of?(Array)
+            target.reject! { |k, _| k == block[0] }
+            target.push(block)
+          elsif block.instance_of?(Hash)
+            target.reject! { |item| item[:cmd] == block[:cmd] }
+            target.push(block)
+          else
+            target.replace([block])
+          end
+        else
+          method = args[:prepend] ? :unshift : :push
+          target.send(method, block)
+        end
+      end
+
+      def valid_cmd_args?(cmd_arg, args)
+        if args.include?(:if) && !(args[:if].is_a?(Proc) && args[:if].lambda?)
+          logger.error "cmd #{cmd_arg.dump}: if must be a lambda"
+          return false
+        end
+
+        if args.include?(:input) && ![Symbol, Array].include?(args[:input].class)
+          logger.error "cmd #{cmd_arg.dump}: input must be a symbol or an array of symbols"
+          return false
+        end
+
+        true
+      end
+    end
+  end
+end

data/lib/oxidized/model/dslsetup.rb

@@ -0,0 +1,102 @@
+module Oxidized
+  class Model
+    # Domain Specific Language for model setup
+    module DSLSetup
+      def prompt(regex = nil)
+        @prompt = regex || @prompt
+      end
+
+      def comment(str = "# ")
+        @comment = if block_given?
+                     yield
+                   elsif not @comment
+                     str
+                   else
+                     @comment
+                   end
+      end
+
+      def expect(regex, **args, &block)
+        process_args_block(@expect, args, [regex, block])
+      end
+
+      def expects
+        @expect
+      end
+
+      def cfg(*methods, **args, &block)
+        [methods].flatten.each do |method|
+          process_args_block(@cfg[method.to_s], args, block)
+        end
+      end
+
+      def cfgs
+        @cfg
+      end
+
+      # Define multiple inputs as a sequence of equivalent options
+      # Example: use ssh or telnet, then scp or ftp:
+      # [:ssh, [:scp, :ftp]]
+      def inputs(list = nil)
+        return @inputs if list.nil?
+
+        validate_inputs(list)
+        @inputs = list
+      end
+
+      # Returns the input sequence for the model as an array of arrays of input
+      # classes, filtered and ordered according to the provided +input_classes+
+      # (as specified in the oxidized configuration file).
+      def input_sequence(input_classes)
+        model_inputs = inputs || [
+          @cfg.filter_map do |input, block_list|
+            input.to_sym unless block_list.empty?
+          end
+        ]
+
+        model_inputs.map do |sequence|
+          sequence = [sequence] unless sequence.is_a? Array
+          selected = input_classes.select { |input| sequence.include?(input.to_sym) }
+          logger.error "Needs one of #{sequence.inspect} to be configured" if selected.empty?
+
+          selected
+        end
+      end
+
+      def metadata(position, value = nil, &block)
+        return unless %i[top bottom].include? position
+
+        if block_given?
+          @metadata[position] = block
+        else
+          @metadata[position] = value
+        end
+      end
+
+      private
+
+      def validate_inputs(list)
+        message = "inputs must be an array containing symbols or " \
+                  "arrays of symbols"
+
+        raise ArgumentError, message unless list.is_a? Array
+        raise ArgumentError, message if list.empty?
+
+        list.each do |group|
+          case group
+          when Symbol
+            # Everything is fine
+          when Array
+            raise ArgumentError, message if group.empty?
+
+            group.each do |input|
+              raise ArgumentError, message unless input.is_a? Symbol
+            end
+          else
+            raise ArgumentError, message
+          end
+        end
+      end
+    end
+  end
+end

data/lib/oxidized/model/efos.rb

@@ -19,11 +19,11 @@ class EFOS < Oxidized::Model
   end
 
   cmd 'show running-config' do |cfg|
-    cfg.each_line
-       .reject { |line| line.match(/System Up Time/) }
-       .reject { |line| line.match(/Current System Time:/) }
-       .reject { |line| line.match(/Current SNTP Synchronized Time:/) }
-       .join
+    cfg.reject_lines [
+      'System Up Time',
+      'Current System Time:',
+      'Current SNTP Synchronized Time:'
+    ]
   end
 
   cfg :telnet, :ssh do

data/lib/oxidized/model/exalink.rb

@@ -0,0 +1,36 @@
+class Exalink < Oxidized::Model
+  using Refinements
+
+  prompt /^([\w.@()-]+[#>]\s?)$/
+  comment '! '
+
+  cmd :all do |cfg|
+    cfg.gsub! /\r\n?/, "\n"
+    cfg.cut_both
+  end
+
+  cmd 'show version' do |cfg|
+    comment cfg.reject_lines /uptime/i
+  end
+
+  cmd 'show port' do |cfg|
+    comment cfg
+  end
+
+  cmd 'show running-config' do |cfg|
+    cfg.gsub! /^(show run.*)$/, '! \1'
+    cfg.gsub! /^!Time:[^\n]*\n/, ''
+    cfg
+  end
+
+  cfg :telnet do
+    username /^login:/
+    password /^Password:/
+  end
+
+  cfg :ssh, :telnet do
+    post_login 'terminal length 0'
+    post_login 'terminal width 0'
+    pre_logout 'logout'
+  end
+end

data/lib/oxidized/model/fastiron.rb

@@ -1,7 +1,7 @@
 class FastIron < Oxidized::Model
   using Refinements
 
-  prompt /^([\w.@()-]+[#>]\s?)$/
+  prompt /^([\w.@\/()-]+[#>]\s?)$/
   comment  '! '
 
   cmd :all do |cfg|
@@ -43,7 +43,7 @@ class FastIron < Oxidized::Model
     comment cfg
   end
 
-  cmd 'show stack' do |cfg|
+  cmd 'show stack | exclude T=' do |cfg|
     comment cfg
   end
 

data/lib/oxidized/model/firelinuxos.rb

@@ -31,9 +31,7 @@ class FireLinuxOS < Oxidized::Model
   end
 
   cmd 'show version system' do |cfg|
-    cfg = cfg.each_line.reject { |line| line.match /(\s+up\s+\d+\s+)|(.*days.*)/ }
-    cfg = cfg.join
-    comment cfg
+    comment cfg.reject_lines [/(\s+up\s+\d+\s+)|(.*days.*)/]
   end
 
   cmd 'show inventory' do |cfg|

data/lib/oxidized/model/fortigate.rb

@@ -0,0 +1,160 @@
+class FortiGate < Oxidized::Model
+  using Refinements
+
+  comment '# '
+
+  prompt /^(\(\w\) )?([-\w.~]+(\s[(\w\-.)]+)?~?\s?[#>$]\s?)$/
+
+  # When a post-login-banner is enabled, you have to press "a" to log in
+  expect /^\(Press\s'a'\sto\saccept\):/ do |data, re|
+    send 'a'
+    data.sub re, ''
+  end
+
+  expect /^--More--\s$/ do |data, re|
+    send ' '
+    data.sub re, ''
+  end
+
+  cmd :all do |cfg|
+    # Remove junk after --More-- pager
+    cfg = cfg.gsub(/\r +\r/, '')
+    # Remove \r\n after command echo
+    cfg = cfg.gsub("\r\n", "\n")
+    # remove command echo and prompt
+    cfg.cut_both
+  end
+
+  cmd :secret do |cfg|
+    # Remove private key for encrypted configs
+    cfg.gsub! /^(\#private-encryption-key=).+/, '\\1 <configuration removed>'
+    # ENC indicates an encrypted password, and secret indicates a secret string
+    cfg.gsub! /(set .+ ENC) .+/, '\\1 <configuration removed>'
+    cfg.gsub! /(set .*secret) .+/, '\\1 <configuration removed>'
+    # A number of other statements also contains sensitive strings
+    cfg.gsub! /(set (?:passwd|password|key|group-password|auth-password-l1|auth-password-l2|rsso|history0|history1)) .+/, '\\1 <configuration removed>'
+    cfg.gsub! /(set md5-key [0-9]+) .+/, '\\1 <configuration removed>'
+    cfg.gsub! /(set private-key ).*?-+END (ENCRYPTED|RSA|OPENSSH) PRIVATE KEY-+\n?"$/m, '\\1<configuration removed>'
+    cfg.gsub! /(set privatekey ).*?-+END (ENCRYPTED|RSA|OPENSSH) PRIVATE KEY-+\n?"$/m, '\\1<configuration removed>'
+    cfg.gsub! /(set ca )"-+BEGIN.*?-+END CERTIFICATE-+"$/m, '\\1<configuration removed>'
+    cfg.gsub! /(set csr ).*?-+END CERTIFICATE REQUEST-+"$/m, '\\1<configuration removed>'
+    cfg
+  end
+
+  cmd 'get system status' do |cfg|
+    @vdom_enabled = cfg.match(/^Virtual domain configuration: (enable|multiple)/)
+    @ha_cluster = cfg.match(/^Current HA mode: a-/) # a-p or a-a
+    cfg = cfg.keep_lines [
+      "Version: ",
+      "Security Level: ",
+      "Serial-Number: ",
+      "BIOS version: ",
+      "System Part-Number: ",
+      "Hostname: ",
+      "Operation Mode: ",
+      "Current virtual domain: ",
+      "Max number of virtual domains: ",
+      "Virtual domains status:",
+      "Virtual domain configuration: ",
+      "FIPS-CC mode: ",
+      "Current HA mode: ",
+      "Private Encryption: ",
+      # Lines in FortiGate-VM64
+      "License Expiration Date: ",
+      "License Status: ",
+      "VM Resources: "
+    ]
+    comment cfg + "\n"
+  end
+
+  cmd 'config global', if: -> { @vdom_enabled } do |_cfg|
+    ''
+  end
+
+  cmd 'get system ha status', if: -> { @ha_cluster } do |cfg|
+    cfg = cfg.keep_lines [
+      "HA Health Status:",
+      "Model: ",
+      "Mode: ",
+      "number of member: ",
+      /^(Master|Slave|Primary|Secondary): /
+    ]
+    comment cfg + "\n"
+  end
+
+  cmd 'get hardware status' do |cfg|
+    comment cfg
+  end
+
+  cmd "diagnose hardware deviceinfo psu" do |cfg|
+    skip_patterns = [
+      /Command fail\./,      # The device doesn't support this command
+      /Power Supply +Status/ # We only get a status, but no serial numbers
+    ]
+    if skip_patterns.any? { |p| cfg.match?(p) }
+      logger.debug "No PSU serial numbers available"
+      ''
+    else
+      comment cfg
+    end
+  end
+
+  cmd "get system interface transceiver" do |cfg|
+    cfg = cfg.keep_lines [
+      /^Interface \w/,
+      "Vendor Name",
+      "Part No.",
+      "Serial No."
+    ]
+    cfg = cfg.reject_lines ["Transceiver is not detected"]
+    comment cfg + "\n"
+  end
+
+  cmd 'diagnose autoupdate version', if: -> { vars(:fortios_autoupdate) || vars(:fortigate_autoupdate) } do |cfg|
+    if vars(:fortios_autoupdate)
+      logger.warn("The variable fortios_autoupdate is deprecated. Migrate to fortigate_autoupdate")
+    end
+
+    cfg = cfg.sub(/FDS Address\n---------\n.*\n/, '')
+    comment cfg.reject_lines ["Last Update", "Result :"]
+  end
+
+  cmd 'end', if: -> { @vdom_enabled } do |_cfg|
+    ''
+  end
+
+  def clean_config(cfg)
+    cfg = cfg.reject_lines ['#conf_file_ver=']
+    cfg.gsub!(/(set comments "Error \(No order found for account ID \d+\) on).*/,
+              '\\1 <stripped>')
+    cfg
+  end
+
+  # If vars fullconfig is set to true, we get the full config (including default
+  # values)
+  cmd "show full-configuration | grep .", if: -> { vars(:fullconfig) } do |cfg|
+    clean_config cfg
+  end
+  # else backup as in Fortigate GUI
+  cmd "show | grep .", if: -> { !vars(:fullconfig) } do |cfg|
+    clean_config cfg
+  end
+
+  cmd :significant_changes do |cfg|
+    cfg = cfg.reject_lines [
+      /^ +set \S+ ENC \S+$/
+    ]
+    cfg.gsub!(/(config firewall internet-service-name\n).*?(\nend\n)/m, '')
+    cfg.gsub!(/set private-key .*?-+END \S+ PRIVATE KEY-+\n?"$/m, '')
+    cfg
+  end
+
+  cfg :telnet do
+    username /^[lL]ogin:/
+    password /^Password:/
+  end
+
+  cfg :telnet, :ssh do
+    pre_logout "exit"
+  end
+end

data/lib/oxidized/model/fortios.rb

@@ -16,9 +16,13 @@ class FortiOS < Oxidized::Model
     data.sub re, ''
   end
 
-  cmd :all do |cfg, cmdstring|
-    new_cfg = comment "COMMAND: #{cmdstring}\n"
-    new_cfg << cfg.each_line.to_a[1..-2].map { |line| line.gsub(/(conf_file_ver=)(.*)/, '\1<stripped>\3') }.join
+  cmd :all do |cfg|
+    # Remove junk after --More-- pager
+    cfg = cfg.gsub(/\r +\r/, '')
+    # Remove \r\n after command echo
+    cfg = cfg.gsub("\r\n", "\n")
+    # remove command echo and prompt
+    cfg.cut_both
   end
 
   cmd :secret do |cfg|
@@ -38,74 +42,29 @@ class FortiOS < Oxidized::Model
   end
 
   cmd 'get system status' do |cfg|
-    @vdom_enabled = cfg.match /Virtual domain configuration: (enable|multiple)/
-    cfg.gsub! /(System time:).*/i, '\\1 <stripped>'
-    cfg.gsub! /(Cluster (?:uptime|state change time):).*/, '\\1 <stripped>'
-    cfg.gsub! /(Current Time\s+:\s+)(.*)/, '\1<stripped>'
-    cfg.gsub! /(Uptime:\s+)(.*)/, '\1<stripped>\3'
-    cfg.gsub! /(Last reboot:\s+)(.*)/i, '\1<stripped>\3'
-    cfg.gsub! /(Disk Usage\s+:\s+)(.*)/, '\1<stripped>'
-    cfg.gsub! /(^\S+ (?:disk|DB):\s+)(.*)/, '\1<stripped>\3'
-    cfg.gsub! /(VM Registration:\s+)(.*)/, '\1<stripped>\3'
-    cfg.gsub! /(Virus-DB|Extended DB|FMWP-DB|IPS-DB|IPS-ETDB|APP-DB|INDUSTRIAL-DB|Botnet DB|IPS Malicious URL Database|AV AI\/ML Model|IoT-Detect).*/, '\\1 <db version stripped>'
-    comment cfg
+    cfg = cfg.reject_lines [
+      "Current Time",
+      "Disk Usage",
+      "Release Version Information",
+      "Branch Point",
+      "Daylight Time Saving",
+      "Time Zone",
+      "x86-64 Applications",
+      "File System",
+      "Image Signature"
+    ]
+    comment cfg + "\n"
   end
 
-  post do
-    cfg = []
-    cfg << cmd('config global') if @vdom_enabled
-
-    cfg << cmd('get system ha status') do |cfg_ha|
-      cfg_ha = cfg_ha.each_line.select { |line| line.match /^(HA Health Status|Mode|Model|Master|Slave|Primary|Secondary|# COMMAND)(\s+)?:/ }.join
-      comment cfg_ha
-    end
-
-    cfg << cmd('get hardware status') do |cfg_hw|
-      comment cfg_hw
-    end
-
-    # default behaviour: include autoupdate output (backwards compatibility)
-    # do not include if variable "show_autoupdate" is set to false
-    if defined?(vars(:fortios_autoupdate)).nil? || vars(:fortios_autoupdate)
-      cfg << cmd('diagnose autoupdate version') do |cfg_auto|
-        cfg_auto.gsub! /(FDS Address\n---------\n).*/, '\\1IP Address removed'
-        comment cfg_auto.each_line.reject { |line| line.match /Last Update|Result/ }.join
-      end
-    end
-
-    cfg << cmd('end') if @vdom_enabled
-
-    # Different OS have different commands - we use the first that works
-    # - For fortigate > 7 and possibly earlier versions, we use:
-    #        show | grep .                     # backup as in fortigate GUI
-    #        show full-configuration | grep .  # bakup including default values
-    #   | grep is used to avoid the --More-- prompt
-    # - It is not documented which systems need the commands without | grep:
-    #        show full-configuration
-    #        show
-    #   Document it here and make a PR on github if you know!
-    # By default, we use the configuration without default values
-    # If fullconfig: true is set in the configuration, we get the full config
-    commandlist = if vars(:fullconfig)
-                    ['show full-configuration | grep .',
-                     'show full-configuration', 'show']
-                  else
-                    ['show | grep .',
-                     'show full-configuration', 'show']
-                  end
-
-    commandlist.each do |fullcmd|
-      fullcfg = cmd(fullcmd)
-      # Don't show for unsupported devices (e.g. FortiAnalyzer, FortiManager, FortiMail)
-      next if fullcfg.lines[1..3].join =~ /(Parsing error at|command parse error)/
-
-      fullcfg.gsub! /(set comments "Error \(No order (found )?for (account )?ID \d+\) on).*/, '\\1 <stripped>"'
-
-      cfg << fullcfg
-      break
-    end
+  cmd "show" do |cfg|
+    cfg.reject_lines ['#config-version=']
+  end
 
-    cfg.join
+  cmd :significant_changes do |cfg|
+    cfg = cfg.reject_lines [
+      /^ +set \S+ ENC \S+$/
+    ]
+    cfg.gsub(/set private-key .*?-+END \S+ PRIVATE KEY-+\n?"$/m, '')
   end
 
   cfg :telnet do
@@ -114,6 +73,6 @@ class FortiOS < Oxidized::Model
   end
 
   cfg :telnet, :ssh do
-    pre_logout "exit\n"
+    pre_logout "exit"
   end
 end

data/lib/oxidized/model/fsos.rb

@@ -22,9 +22,7 @@ class FSOS < Oxidized::Model
 
   cmd 'show version' do |cfg|
     # Remove uptime so the result doesn't change every time
-    cfg.gsub! /.*uptime is.*\n/, ''
-    cfg.gsub! /.*System uptime.*\n/, ''
-    comment cfg
+    comment cfg.reject_lines ['uptime is', 'System uptime']
   end
 
   cmd 'show running-config' do |cfg|

data/lib/oxidized/model/grandstreamht8xx.rb

@@ -0,0 +1,19 @@
+class GrandstreamHT8xx < Oxidized::Model
+  using Refinements
+
+  # Anchored prompt to avoid matching XML content
+  prompt /^(GS|CONFIG)>\s?$/
+  comment '# '
+
+  cfg :ssh do
+    # After login go to configuration submenu (looks like enabled in other devices)
+    post_login 'config'
+    # When logout use double exit - first from configuration submenu, and second to disconnect from device
+    pre_logout 'exit'
+    pre_logout 'exit'
+  end
+
+  cmd 'export' do |cfg|
+    cfg.cut_both
+  end
+end