def testVal_object_group_service_03():
## This can only be configured as an object group after a host / network
conf = [
"!",
"object-group service APP03_svc tcp-udp",
" port-object eq domain",
"!",
]
cfg_factory = CiscoConfParse(conf, factory=True, syntax="asa")
obj = cfg_factory.find_objects(r"object-group\sservice")[0]
## Test whether the proper port objects are returned
results_correct = [
L4Object(port_spec="eq 53", protocol="tcp", syntax="asa"),
L4Object(port_spec="eq 53", protocol="udp", syntax="asa"),
]
assert obj.name == "APP03_svc"
assert obj.ports == results_correct
assert obj.L4Objects_are_directional is False
assert obj.protocol_type == "tcp-udp"
def testVal_object_group_service_01():
## This can only be configured as protocol object-group
conf = [
"!",
"object-group service APP01_svc",
" service-object tcp destination smtp",
" service-object tcp destination https",
"!",
]
cfg_factory = CiscoConfParse(conf, factory=True, syntax="asa")
obj = cfg_factory.find_objects(r"object-group\sservice")[0]
result_correct = [
L4Object(protocol="tcp", port_spec="eq 25", syntax="asa"),
L4Object(protocol="tcp", port_spec="eq 443", syntax="asa"),
]
assert obj.name == "APP01_svc"
assert obj.ports == result_correct
assert obj.L4Objects_are_directional is True
assert obj.protocol_type == ""
def testVal_object_group_service_02():
## This can only be configured as an object group after a host / network
conf = [
"!",
"object-group service APP02_svc tcp",
" port-object eq smtp",
" port-object eq https",
" port-object range 8080 8081",
"!",
]
cfg_factory = CiscoConfParse(conf, factory=True, syntax="asa")
obj = cfg_factory.find_objects(r"object-group\sservice")[0]
result_correct = [
L4Object(protocol="tcp", port_spec="eq 25", syntax="asa"),
L4Object(protocol="tcp", port_spec="eq 443", syntax="asa"),
L4Object(protocol="tcp", port_spec="range 8080 8081", syntax="asa"),
]
assert obj.name == "APP02_svc"
assert obj.ports == result_correct
assert obj.L4Objects_are_directional is False
assert obj.protocol_type == "tcp"
def ports(self):
"""Return a list of objects which represent the protocol and ports allowed by this object-group"""
retval = list()
## TODO: implement processing for group-objects (which obviously
## involves iteration
#GROUP_OBJ_REGEX = r'^\s*group-object\s+(\S+)'
for obj in self.children:
## Parse out 'service-object ...' and 'port-object' lines...
mm = _RE_PORTOBJECT.search(obj.text)
if not (mm is None):
svc_obj = mm.groupdict()
else:
svc_obj = dict()
if svc_obj.get('protocol', None):
protocol = svc_obj.get('protocol')
src_dst = svc_obj.get('src_dst', '')
port = svc_obj.get('s_port', '')
if protocol=='tcp-udp':
retval.append(L4Object(protocol='tcp',
port_spec=port, syntax='asa'))
retval.append(L4Object(protocol='udp',
port_spec=port, syntax='asa'))
else:
retval.append(L4Object(protocol=protocol,
port_spec=port, syntax='asa'))
elif svc_obj.get('operator', None):
op = svc_obj.get('operator', '')
port = svc_obj.get('p_port', '')
port_spec="{0} {1}".format(op, port)
if self.protocol_type=='tcp-udp':
retval.append(L4Object(protocol='tcp',
port_spec=port_spec, syntax='asa'))
retval.append(L4Object(protocol='udp',
port_spec=port_spec, syntax='asa'))
else:
retval.append(L4Object(protocol=self.protocol_type,
port_spec=port_spec, syntax='asa'))
elif svc_obj.get('groupobject', None):
name = svc_obj.get('groupobject')
group_ports = self.confobj.object_group_service.get(name, None)
if name==self.name:
## Throw an error when importing self
raise ValueError("FATAL: Cannot recurse through group-object {0} in object-group service {1}".format(name, self.name))
if (group_ports is None):
raise ValueError("FATAL: Cannot find group-object named {0}".format(name))
else:
retval.extend(group_ports.ports)
elif 'description ' in obj.text:
pass
else:
raise NotImplementedError("Cannot parse '{0}'".format(obj.text))
return retval
def testL4Object_asa_eq02():
pp = L4Object(protocol="tcp", port_spec="smtp", syntax="asa")
assert pp.protocol == "tcp"
assert pp.port_list == [25]
def testL4Object_asa_lt02():
pp = L4Object(protocol="tcp", port_spec="lt 7", syntax="asa")
assert pp.protocol == "tcp"
assert pp.port_list == range(1, 7)
def testL4Object_asa_range01():
pp = L4Object(protocol="tcp", port_spec="range smtp 32", syntax="asa")
assert pp.protocol == "tcp"
assert pp.port_list == range(25, 33)
def testL4Object_asa_eq02():
pp = L4Object(protocol='tcp', port_spec='smtp', syntax='asa')
assert pp.protocol == 'tcp'
assert pp.port_list == [25]
def testL4Object_asa_lt02():
pp = L4Object(protocol='tcp', port_spec='lt 7', syntax='asa')
assert pp.protocol == 'tcp'
assert pp.port_list == range(1, 7)
def testL4Object_asa_range01():
pp = L4Object(protocol='tcp', port_spec='range smtp 32', syntax='asa')
assert pp.protocol == 'tcp'
assert pp.port_list == range(25, 33)
def testL4Object_asa_gt01():
pp = L4Object(protocol="tcp", port_spec="gt 65534", syntax="asa")
assert pp.protocol == "tcp"
assert pp.port_list == [65535]
def testL4Object_asa_lt01():
pp = L4Object(protocol="tcp", port_spec="lt echo", syntax="asa")
assert pp.protocol == "tcp"
assert pp.port_list == sorted(range(1, 7))