def checkNetworkInclusion(parent, networks): interface = None for group1, group2 in combinaisons2(networks): for new_resource in flattenNetwork(group1): # Ensure that all networks are part of the same network interface if interface is None: interface = new_resource.interface elif new_resource.interface != interface: raise RulesetError( tr('Error in %s: the %s network (%s interface) is not part of the %s interface!'), unicode(parent), group1.formatID(), new_resource.interface.formatID(), interface.formatID()) # Check network inclusion for resource in flattenNetwork(group2): if resource.match(new_resource): raise RulesetError( tr('Error in %s: the %s network is already part of the %s network!'), unicode(parent), new_resource.formatID(), group2.formatID()) if new_resource.match(resource): raise RulesetError( tr('Error in %s: the %s network is already part of the %s network!'), unicode(parent), resource.formatID(), group1.formatID())
def checkConsistency(self, loader_context=None): if not (self.sources | self.source_platforms): raise RulesetError( tr("%s has no source."), unicode(self)) if not (self.destinations | self.destination_platforms): raise RulesetError( tr("%s has no destination."), unicode(self)) if not((self.source_platforms | self.destination_platforms) or self.protocols): raise RulesetError( tr("%s has no protocol."), unicode(self)) if self.sources and self.source_platforms: raise RulesetError( tr("%s source can not associate a platform with another type of object."), unicode(self)) if self.destinations and self.destination_platforms: raise RulesetError( tr("%s destination can not associate a platform with another type of object."), unicode(self)) if self.source_platforms and self.destination_platforms: raise RulesetError(tr('Platforms can not be used ' 'concurrently in source and destination')) if ((self.source_platforms or self.destination_platforms) and self.protocols): raise RulesetError( tr('Protocols can not be used together with platforms.')) checkNetworkInclusion(self, self.sources) checkNetworkInclusion(self, self.destinations) checkNetworkInclusion(self, flattenNetwork(self.source_platforms)) checkNetworkInclusion(self, flattenNetwork(self.destination_platforms)) if isinstance(self.input, FirewallResource) \ and isinstance(self.output, FirewallResource): raise RulesetError(tr("The firewall can not be the source and the destination of a rule!")) if self.user_groups: if not self.isForward(): raise RulesetError( tr("INPUT/OUTPUT rules (%s) can not use identity!"), unicode(self)) for protocol in self.listAllProtocols(): if protocol.layer4 in (u'tcp', u'udp'): continue raise RulesetError(tr("The protocol %s of the %s cannot be identified."), protocol.formatID(), unicode(self)) if 1 < len(self.periodicities): raise RulesetError( tr("%s can not use more than one time criterion!"), unicode(self)) if 1 < len(self.durations): raise RulesetError( tr("%s can not use more than one duration!"), unicode(self)) if 1 < len(self.periodicities) + len(self.durations): raise RulesetError( tr("%s can not use one period and one duration!"), unicode(self)) address_types = createAddressTypes( self.getSources(), self.getDestinations(), self.listAllProtocols()) if self.address_type not in address_types: raise RulesetError(self.ADDRESS_TYPE_ERROR)