Beispiel #1
0
def testVal_object_group_service_01():
    ## This can only be configured as protocol object-group
    conf = ['!',
        'object-group service APP01_svc',
        ' service-object tcp destination smtp',
        ' service-object tcp destination https',
        '!',]
    cfg_factory = CiscoConfParse(conf, factory=True, syntax='asa')
    obj = cfg_factory.find_objects(r'object-group\sservice')[0]
    result_correct = [L4Object(protocol='tcp', port_spec='eq 25', 
        syntax='asa'), L4Object(protocol='tcp', port_spec='eq 443', 
        syntax='asa')]
    assert (obj.name=='APP01_svc')
    assert (obj.ports==result_correct)
    assert (obj.L4Objects_are_directional is True)
    assert (obj.protocol_type=='')
Beispiel #2
0
def testVal_object_group_service_03():
    ## This can only be configured as an object group after a host / network
    conf = ['!',
        'object-group service APP03_svc tcp-udp',
        ' port-object eq domain',
        '!',]
    cfg_factory = CiscoConfParse(conf, factory=True, syntax='asa')
    obj = cfg_factory.find_objects(r'object-group\sservice')[0]
    ## Test whether the proper port objects are returned
    results_correct = [L4Object(port_spec='eq 53', protocol='tcp', 
        syntax='asa'), 
        L4Object(port_spec='eq 53', protocol='udp', syntax='asa')]
    assert (obj.name=='APP03_svc')
    assert (obj.ports==results_correct)
    assert (obj.L4Objects_are_directional is False)
    assert (obj.protocol_type=='tcp-udp')
Beispiel #3
0
def testVal_object_group_service_02():
    ## This can only be configured as an object group after a host / network
    conf = ['!',
        'object-group service APP02_svc tcp',
        ' port-object eq smtp',
        ' port-object eq https',
        ' port-object range 8080 8081',
        '!',]
    cfg_factory = CiscoConfParse(conf, factory=True, syntax='asa')
    obj = cfg_factory.find_objects(r'object-group\sservice')[0]
    result_correct = [L4Object(protocol='tcp', port_spec='eq 25', 
        syntax='asa'), L4Object(protocol='tcp', port_spec='eq 443', 
        syntax='asa'), L4Object(protocol='tcp', port_spec='range 8080 8081',
        syntax='asa')]
    assert (obj.name=='APP02_svc')
    assert (obj.ports==result_correct)
    assert (obj.L4Objects_are_directional is False)
    assert (obj.protocol_type=='tcp')
Beispiel #4
0
    def ports(self):
        """Return a list of objects which represent the protocol and ports allowed by this object-group"""
        retval = list()
        ## TODO: implement processing for group-objects (which obviously
        ##    involves iteration
        #GROUP_OBJ_REGEX = r'^\s*group-object\s+(\S+)'
        SERVICE_OBJ_REGEX = r'^\s*service-object\s+(tcp|udp|tcp-udp)\s+(\S+)\s+(\S+)'
        PORT_OBJ_REGEX = r'^\s*port-object\s+(eq|range)\s+(\S.+)'
        for obj in self.children:
            if 'service-object ' in obj.text:
                protocol = obj.re_match_typed(SERVICE_OBJ_REGEX,
                                              group=1,
                                              result_type=str)
                src_dst = obj.re_match_typed(SERVICE_OBJ_REGEX,
                                             group=2,
                                             result_type=str)
                port = obj.re_match_typed(SERVICE_OBJ_REGEX,
                                          group=3,
                                          result_type=str)

                if protocol == 'tcp-udp':
                    retval.append(
                        L4Object(protocol='tcp', port_spec=port, syntax='asa'))
                    retval.append(
                        L4Object(protocol='udp', port_spec=port, syntax='asa'))
                else:
                    retval.append(
                        L4Object(protocol=protocol,
                                 port_spec=port,
                                 syntax='asa'))

            elif 'port-object ' in obj.text:
                op = obj.re_match_typed(PORT_OBJ_REGEX,
                                        group=1,
                                        result_type=str)
                port = obj.re_match_typed(PORT_OBJ_REGEX,
                                          group=2,
                                          result_type=str)

                port_spec = "{0} {1}".format(op, port)
                if self.protocol_type == 'tcp-udp':
                    retval.append(
                        L4Object(protocol='tcp',
                                 port_spec=port_spec,
                                 syntax='asa'))
                    retval.append(
                        L4Object(protocol='udp',
                                 port_spec=port_spec,
                                 syntax='asa'))
                else:
                    retval.append(
                        L4Object(protocol=self.protocol_type,
                                 port_spec=port_spec,
                                 syntax='asa'))
            elif 'group-object ' in obj.text:
                name = obj.re_match_typed(r'^\s*group-object\s+(\S+)',
                                          group=1,
                                          result_type=str)
                group_ports = self.confobj.object_group_service.get(name, None)
                if name == self.name:
                    ## Throw an error when importing self
                    raise ValueError(
                        "FATAL: Cannot recurse through group-object {0} in object-group service {1}"
                        .format(name, self.name))
                if (group_ports is None):
                    raise ValueError(
                        "FATAL: Cannot find group-object named {0}".format(
                            name))
                else:
                    retval.extend(group_ports.ports)
            elif 'description ' in obj.text:
                pass
            else:
                raise NotImplementedError("Cannot parse '{0}'".format(
                    obj.text))
        return retval
 def testL4Object_asa_lt02(self):
     pp = L4Object(protocol='tcp', port_spec='lt 7', syntax='asa')
     self.assertEqual(pp.protocol, 'tcp')
     self.assertEqual(pp.port_list, range(1, 7))
 def testL4Object_asa_range01(self):
     pp = L4Object(protocol='tcp', port_spec='range smtp 32', syntax='asa')
     self.assertEqual(pp.protocol, 'tcp')
     self.assertEqual(pp.port_list, range(25, 33))
 def testL4Object_asa_eq02(self):
     pp = L4Object(protocol='tcp', port_spec='smtp', syntax='asa')
     self.assertEqual(pp.protocol, 'tcp')
     self.assertEqual(pp.port_list, [25])
Beispiel #8
0
def testL4Object_asa_eq02():
    pp = L4Object(protocol='tcp', port_spec='smtp', syntax='asa')
    assert pp.protocol == 'tcp'
    assert pp.port_list == [25]
Beispiel #9
0
def testL4Object_asa_lt02():
    pp = L4Object(protocol='tcp', port_spec='lt 7', syntax='asa')
    assert pp.protocol == 'tcp'
    assert pp.port_list == range(1, 7)
Beispiel #10
0
def testL4Object_asa_range01():
    pp = L4Object(protocol='tcp', port_spec='range smtp 32', syntax='asa')
    assert pp.protocol == 'tcp'
    assert pp.port_list == range(25, 33)
Beispiel #11
0
    def ports(self):
        """Return a list of objects which represent the protocol and ports allowed by this object-group"""
        retval = list()
        ## TODO: implement processing for group-objects (which obviously
        ##    involves iteration
        #GROUP_OBJ_REGEX = r'^\s*group-object\s+(\S+)'
        for obj in self.children:

            ## Parse out 'service-object ...' and 'port-object' lines...
            mm = _RE_PORTOBJECT.search(obj.text)
            if not (mm is None):
                svc_obj = mm.groupdict()
            else:
                svc_obj = dict()

            if svc_obj.get('protocol', None):
                protocol = svc_obj.get('protocol')
                src_dst = svc_obj.get('src_dst', '')
                port = svc_obj.get('s_port', '')

                if protocol == 'tcp-udp':
                    retval.append(
                        L4Object(protocol='tcp', port_spec=port, syntax='asa'))
                    retval.append(
                        L4Object(protocol='udp', port_spec=port, syntax='asa'))
                else:
                    retval.append(
                        L4Object(protocol=protocol,
                                 port_spec=port,
                                 syntax='asa'))

            elif svc_obj.get('operator', None):
                op = svc_obj.get('operator', '')
                port = svc_obj.get('p_port', '')
                port_spec = "{0} {1}".format(op, port)

                if self.protocol_type == 'tcp-udp':
                    retval.append(
                        L4Object(protocol='tcp',
                                 port_spec=port_spec,
                                 syntax='asa'))
                    retval.append(
                        L4Object(protocol='udp',
                                 port_spec=port_spec,
                                 syntax='asa'))
                else:
                    retval.append(
                        L4Object(protocol=self.protocol_type,
                                 port_spec=port_spec,
                                 syntax='asa'))

            elif svc_obj.get('groupobject', None):
                name = svc_obj.get('groupobject')
                group_ports = self.confobj.object_group_service.get(name, None)
                if name == self.name:
                    ## Throw an error when importing self
                    raise ValueError(
                        "FATAL: Cannot recurse through group-object {0} in object-group service {1}"
                        .format(name, self.name))
                if (group_ports is None):
                    raise ValueError(
                        "FATAL: Cannot find group-object named {0}".format(
                            name))
                else:
                    retval.extend(group_ports.ports)
            elif 'description ' in obj.text:
                pass
            else:
                raise NotImplementedError("Cannot parse '{0}'".format(
                    obj.text))
        return retval