def p_network_line_1(p):
'''network_line : HOST IP_ADDR'''
object_dict[p_info['object_name']].append(
{'network': Operator('EQ', Ip(p[2]))})
def p_ip_dest_2(p):
'''ip_destination : BANG IP_DESTINATION ip_addr_list'''
for ip in p[3]:
p_info['current_rule'].ip_dest.append(Operator('NEQ', ip))
def check_ip_merge(self, final_list):
"""
Change each mask of ip into Range of IP
Then detect every possible link between range/ip
and merge the possible ip/range
"""
to_delete = {}
for idx, ip_check1 in enumerate(final_list):
# Value of ip 255.255.255.255 in int is 4294967295
if ip_check1.v1.mask != 4294967295:
tmp_val = 4294967295
ip_min_check = ip_check1.v1.ip & ip_check1.v1.mask
tmp_val = tmp_val ^ ip_check1.v1.mask
ip_max_check = ip_check1.v1.ip | tmp_val
ip_check1 = Operator("RANGE", Ip(ip_min_check),
Ip(ip_max_check))
final_list[idx] = ip_check1
for idx2, ip_check2 in enumerate(final_list):
if idx2 in to_delete or idx == idx2:
continue
if ip_check2.v1.mask != 4294967295:
tmp_val = 4294967295
ip_min_check = ip_check2.v1.ip & ip_check2.v1.mask
tmp_val = tmp_val ^ ip_check2.v1.mask
ip_max_check = ip_check2.v1.ip | tmp_val
ip_check2 = Operator("RANGE", Ip(ip_min_check),
Ip(ip_max_check))
final_list[idx2] = ip_check2
if ip_check1.operator == "EQ" and ip_check2.operator == "EQ":
val_ip1 = ip_check1.v1.ip & ip_check2.v1.mask
val_ip2 = ip_check2.v1.ip & ip_check2.v1.mask
if val_ip1 == val_ip2:
to_delete[idx] = ""
else:
ip_min = None
ip_max = None
ip_to_compare_min = None
ip_to_compare_max = None
if ip_check1.operator == "RANGE" and ip_check2.operator == "RANGE":
ip_min = ip_check1.v1
ip_max = ip_check1.v2
ip_to_compare_min = ip_check2.v1
ip_to_compare_max = ip_check2.v2
elif ip_check1.operator == "RANGE":
ip_min = ip_check1.v1
ip_max = ip_check1.v2
ip_to_compare_min = ip_check2.v1
elif ip_check2.operator == "RANGE":
ip_min = ip_check2.v1
ip_max = ip_check2.v2
ip_to_compare_min = ip_check1.v1
result = self.merge_ip_range(ip_min, ip_max,
ip_to_compare_min,
ip_to_compare_max)
if result:
if idx > idx2:
final_list[idx] = result
to_delete[idx2] = ""
else:
final_list[idx2] = result
to_delete[idx] = ""
final_list = [
i for j, i in enumerate(final_list) if j not in to_delete
]
return final_list
def p_ip_source_1(p):
'''ip_source : IP_SOURCE ip_addr_list'''
for ip in p[2]:
p_info['current_rule'].ip_source.append(Operator('EQ', ip))
def p_ip_source_2(p):
'''ip_source : BANG IP_SOURCE ip_addr_list'''
for ip in p[3]:
p_info['current_rule'].ip_source.append(Operator('NEQ', ip))
def p_network_line_5(p):
'''network_line : FQDN WORD'''
object_dict[p_info['object_name']].append(
{'network': Operator('EQ', Ip(socket.gethostbyname(p[2])))})
def p_addr_set_line_4(p):
'''addr_set_line : SET SUBNET IP_ADDR IP_ADDR'''
object_dict[p_info['current_object']].append(
{'address': Operator('EQ', Ip(p[3], p[4]))})
def p_port_service_1(p):
"""port_service : NUMBER"""
object_dict[p_info['current_object']].append(
{'port_dst': Operator('EQ', Port(p[1]))})
def p_port_service_3(p):
"""port_service : NUMBER MINUS NUMBER COLON NUMBER MINUS NUMBER"""
object_dict[p_info['current_object']].append(
{'port_dst': Operator('RANGE', Port(p[1]), Port(p[3]))})
object_dict[p_info['current_object']].append(
{'port_src': Operator('RANGE', Port(p[5]), Port(p[7]))})
def p_service_set_line_3_2(p):
"""service_set_line : SET PROTOCOL_NUMBER NUMBER"""
object_dict[p_info['current_object']].append(
{'protocol': Operator('EQ', Protocol(p[3]))})
def p_service_set_line_6(p):
"""service_set_line : SET UDP_PORTRANGE port_services"""
object_dict[p_info['current_object']].append(
{'protocol': Operator('EQ', Protocol('UDP'))})
def p_service_set_line_2_2(p):
"""service_set_line : SET IPRANGE IP_ADDR MINUS IP_ADDR"""
object_dict[p_info['current_object']].append(
{'address': Operator('RANGE', Ip(p[3]), Ip(p[5]))})
def p_addr_set_line_6(p):
"""addr_set_line : SET WILDCARD IP_ADDR IP_ADDR"""
object_dict[p_info['current_object']].append(
{'address': Operator('EQ', Ip(p[3], p[4]))})
def p_addr_set_line_5(p):
'''addr_set_line : SET SUBNET IP_ADDR SLASH NUMBER'''
object_dict[p_info['current_object']].append(
{'address': Operator('EQ', Ip(p[3], Ip.CidrToMask(int(p[5]))))})
def p_network_line_2(p):
'''network_line : NETWORK IP_ADDR'''
object_dict[p_info['object_name']].append(
{'network': Operator('EQ', Ip(p[2], None, True))})
def p_protocol_1(p):
'''protocol : PROTOCOL item'''
p_info['current_rule'].protocol.append(
Operator('EQ', Protocol(get_value(p[2]))))
def p_network_line_3(p):
'''network_line : OP_RANGE IP_ADDR IP_ADDR'''
object_dict[p_info['object_name']].append(
{'network': Operator('RANGE', Ip(p[2]), Ip(p[3]))})
def p_protocol_2(p):
'''protocol : BANG PROTOCOL item'''
p_info['current_rule'].protocol.append(
Operator('NEQ', Protocol(get_value(p[3]))))
def p_service_line_1(p):
'''service_line : SERVICE item'''
object_dict[p_info['object_name']].append(
{'protocol': Operator('EQ', Protocol(p[2]))})
def p_addr_set_line_2(p):
'''addr_set_line : SET FQDN WORD'''
object_dict[p_info['current_object']].append({
'address':
Operator('EQ', Ip(socket.gethostbyname(remove_quote(p[3]))))
})
