def search(self, policy_tuples): policies = [] for policy_tuple in policy_tuples: src = [] dest = [] services = [] action = None description = None src_zone = policy_tuple[0] dest_zone = policy_tuple[1] policy_name = policy_tuple[2] if src_zone == dest_zone == "global": match_line = "global policy " + self.rpad(policy_name) else: match_line = "from-zone" + self.pad(src_zone) + "to-zone" + self.pad(dest_zone) + "policy" + self.pad(policy_name) for policy_line in self.config.get_filtered_lines("policy", [match_line], []): for address_type in ["source-address", "destination-address"]: if address_type in policy_line: target_address = re.search(address_type + ' (.*)', policy_line) if target_address: target_address = target_address.group(1) if address_type == "source-address": if target_address == "any": src.append(Address("any", "any", "any")) else: src.append(self.parse_address(target_address)) else: if target_address == "any": dest.append(Address("any", "any", "any")) else: dest.append(self.parse_address(target_address)) # services if "match application " in policy_line: service = re.search('match application (.*)', policy_line) service = service.group(1) if service == "any": service_objcet = Service("any", "any", "any") elif "junos-" in service: protocol, destination_port = self.get_junos_default_service(service) service_objcet = Service(service, protocol, destination_port) else: stdout = self.config.get_filtered_lines("service", ["application-set", self.pad(service)], ["description"]) if len(stdout) != 0: # services in the set service_objcet = ServiceGroup(service) for service_set_line in stdout: if " application " in service_set_line: service_set_service = re.search('application (.*)', service_set_line) service_set_service = service_set_service.group(1) if "junos-" in service_set_service: protocol, destination_port = self.get_junos_default_service(service_set_service) service_objcet.add_service(Service(service_set_service, protocol, destination_port)) else: stdout = self.config.get_filtered_lines("service", [self.pad(service_set_service)], ["application-set", "description"]) if " term " not in service_set_line[0]: # found the actual service protocol, destination_port = self.get_generic_service(stdout) service_objcet.add_service(Service(service_set_service, protocol, destination_port)) else: # termed service object terms = set() for lines in stdout: group_term = re.search(' term (.+?) ', service_set_line) group_term = group_term.group(1) terms.add(group_term) for term in terms: protocol, destination_port = self.get_generic_service(self.config.get_filtered_lines("service", [self.pad(service_set_service), self.pad(term)], ["application-set", "description"])) service_objcet.add_service(Service(term, protocol, destination_port)) else: protocol, destination_port = self.get_generic_service(self.config.get_filtered_lines("service", [self.pad(service)], ["application-set", "description"])) service_objcet = Service(service, protocol, destination_port) services.append(service_objcet) # action if action is None: if " then " in policy_line and " log " not in policy_line: action = re.search('then (permit|deny|reject)', policy_line) action = action.group(1) # description if " description " in policy_line: description = re.search('description (.*)', policy_line) description = description.group(1) description = description.strip('"') if description is None: description = "" policies.append(Policy(policy_name, description, src, dest, action, services, src_zone, dest_zone)) return policies
def search(self, policy_tuples): policies = [] for policy_tuple in policy_tuples: src = [] dest = [] services = [] action = None description = None src_zone = policy_tuple[0] dest_zone = policy_tuple[1] policy_name = policy_tuple[2] if src_zone == dest_zone == "global": match_line = "global policy " + self.rpad(policy_name) else: match_line = "from-zone" + self.pad( src_zone) + "to-zone" + self.pad( dest_zone) + "policy" + self.pad(policy_name) for policy_line in self.config.get_filtered_lines( "policy", [match_line], []): for address_type in ["source-address", "destination-address"]: if address_type in policy_line: target_address = re.search(address_type + ' (.*)', policy_line) if target_address: target_address = target_address.group(1) if address_type == "source-address": if target_address == "any": src.append(Address("any", "any", "any")) else: src.append( self.parse_address(target_address)) else: if target_address == "any": dest.append(Address("any", "any", "any")) else: dest.append( self.parse_address(target_address)) # services if "match application " in policy_line: service = re.search('match application (.*)', policy_line) service = service.group(1) if service == "any": service_objcet = Service("any", "any", "any") elif "junos-" in service: protocol, destination_port = self.get_junos_default_service( service) service_objcet = Service(service, protocol, destination_port) else: stdout = self.config.get_filtered_lines( "service", ["application-set", self.pad(service)], ["description"]) if len(stdout) != 0: # services in the set service_objcet = ServiceGroup(service) for service_set_line in stdout: if " application " in service_set_line: service_set_service = re.search( 'application (.*)', service_set_line) service_set_service = service_set_service.group( 1) if "junos-" in service_set_service: protocol, destination_port = self.get_junos_default_service( service_set_service) service_objcet.add_service( Service(service_set_service, protocol, destination_port)) else: stdout = self.config.get_filtered_lines( "service", [self.pad(service_set_service)], ["application-set", "description"]) if " term " not in service_set_line[0]: # found the actual service protocol, destination_port = self.get_generic_service( stdout) service_objcet.add_service( Service( service_set_service, protocol, destination_port)) else: # termed service object terms = set() for lines in stdout: group_term = re.search( ' term (.+?) ', service_set_line) group_term = group_term.group( 1) terms.add(group_term) for term in terms: protocol, destination_port = self.get_generic_service( self.config. get_filtered_lines( "service", [ self.pad( service_set_service ), self.pad(term) ], [ "application-set", "description" ])) service_objcet.add_service( Service( term, protocol, destination_port)) else: protocol, destination_port = self.get_generic_service( self.config.get_filtered_lines( "service", [self.pad(service)], ["application-set", "description"])) service_objcet = Service(service, protocol, destination_port) services.append(service_objcet) # action if action is None: if " then " in policy_line and " log " not in policy_line: action = re.search('then (permit|deny|reject)', policy_line) action = action.group(1) # description if " description " in policy_line: description = re.search('description (.*)', policy_line) description = description.group(1) description = description.strip('"') if description is None: description = "" policies.append( Policy(policy_name, description, src, dest, action, services, src_zone, dest_zone)) return policies