def testMatchSIP(self): grepper = ACLGrepper("192.168.2.12") self.assertTrue(grepper.grep("access-list acl762 line 2 extended permit ip 192.168.2.0 255.255.255.0 10.221.34.0 255.255.255.0 (hitcnt=9) 0xfe82efcc")) self.assertFalse(grepper.grep("access-list acl762 line 2 extended permit ip 192.168.0.0 255.255.255.0 10.221.34.0 255.255.255.0 (hitcnt=9) 0xfe82efcc")) self.assertFalse(grepper.grep("access-list aclXFG line 46 extended deny udp any any eq netbios-ns (hitcnt=920296) 0x4c3b867e")) self.assertFalse(grepper.grep("just some random text"))
def testMatchDIP(self): grepper = ACLGrepper(None, None, "224.1.156.12") self.assertTrue(grepper.grep("10 permit udp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711")) self.assertFalse(grepper.grep("10 permit udp 10.221.224.120/29 eq 4711 224.2.3.102/16 eq 4711")) self.assertFalse(grepper.grep("access-list aclXFG line 46 extended deny udp any any eq netbios-ns (hitcnt=920296) 0x4c3b867e")) self.assertFalse(grepper.grep("just some random text"))
def testMatchUDP(self): grepper = ACLGrepper(None, None, None, None, "udp") self.assertTrue(grepper.grep("10 permit ip 10.221.224.120/29 224.1.2.102/16")) self.assertFalse(grepper.grep("10 permit icmp 10.221.224.120/29 224.1.2.102/16")) self.assertTrue(grepper.grep("10 permit udp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711")) self.assertFalse(grepper.grep("10 permit tcp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711")) self.assertFalse(grepper.grep("just some random text"))
def testMatchReal(self): grepper = ACLGrepper("10.221.216.201", "5401", "10.221.69.143", "1024") self.assertTrue( grepper.grep( "permit tcp 10.221.216.200 0.0.0.1 range 5400 5413 host 10.221.69.143 gt 1023 established" )) self.assertFalse( grepper.grep( "permit tcp 10.221.216.200 0.0.0.1 gt 1023 host 10.221.69.143 eq 22" ))
def testMatchAny(self): grepper = ACLGrepper("192.168.2.12", None, None, None, None, True) self.assertTrue( grepper.grep( "access-list aclXFG line 46 extended deny udp any any eq netbios-ns (hitcnt=920296) 0x4c3b867e" )) self.assertTrue( grepper.grep( "access-list aclXFG line 46 extended deny udp any host 10.1.1.1 eq netbios-ns (hitcnt=920296) 0x4c3b867e" )) self.assertFalse( grepper.grep( "access-list aclXFG line 46 extended deny udp host 10.1.1.1 any eq netbios-ns (hitcnt=920296) 0x4c3b867e" ))
def testNamedPorts(self): grepper = ACLGrepper(None, "80", None, "22") self.assertFalse( grepper.grep( "10 permit udp 10.221.224.120/29 eq ssh 224.1.2.102/16 eq telnet" )) self.assertFalse( grepper.grep( "10 permit tcp 10.221.224.120/29 eq ftp 224.1.2.102/16 eq ssh") ) self.assertTrue( grepper.grep( "10 permit tcp 10.221.224.120/29 eq www 224.1.2.102/16 eq ssh") )
def testMatchSIP(self): grepper = ACLGrepper("192.168.2.12") self.assertTrue( grepper.grep( "access-list acl762 line 2 extended permit ip 192.168.2.0 255.255.255.0 10.221.34.0 255.255.255.0 (hitcnt=9) 0xfe82efcc" )) self.assertFalse( grepper.grep( "access-list acl762 line 2 extended permit ip 192.168.0.0 255.255.255.0 10.221.34.0 255.255.255.0 (hitcnt=9) 0xfe82efcc" )) self.assertFalse( grepper.grep( "access-list aclXFG line 46 extended deny udp any any eq netbios-ns (hitcnt=920296) 0x4c3b867e" )) self.assertFalse(grepper.grep("just some random text"))
def testMatchDIP(self): grepper = ACLGrepper(None, None, "224.1.156.12") self.assertTrue( grepper.grep( "10 permit udp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711" )) self.assertFalse( grepper.grep( "10 permit udp 10.221.224.120/29 eq 4711 224.2.3.102/16 eq 4711" )) self.assertFalse( grepper.grep( "access-list aclXFG line 46 extended deny udp any any eq netbios-ns (hitcnt=920296) 0x4c3b867e" )) self.assertFalse(grepper.grep("just some random text"))
def testMatchTCP(self): grepper = ACLGrepper(None, None, None, None, "tcp") self.assertTrue( grepper.grep("10 permit ip 10.221.224.120/29 224.1.2.102/16 ")) self.assertFalse( grepper.grep("10 permit icmp 10.221.224.120/29 224.1.2.102/16")) self.assertFalse( grepper.grep( "10 permit udp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711" )) self.assertTrue( grepper.grep( "10 permit tcp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711" )) self.assertFalse(grepper.grep("just some random text"))
def testPortsOnly(self): grepper = ACLGrepper(None, "4711", None, "124") self.assertFalse( grepper.grep( "10 permit udp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711" )) self.assertFalse( grepper.grep( "10 permit tcp 10.221.224.120/29 eq 124 224.1.2.102/16 eq 124") ) self.assertTrue( grepper.grep( "10 permit tcp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 124" )) self.assertTrue( grepper.grep( "10 permit tcp 10.221.224.120/29 224.1.2.102/16 eq 124")) self.assertTrue( grepper.grep( "10 permit tcp 10.221.224.120/29 eq 4711 224.1.2.102/16")) self.assertTrue( grepper.grep("10 permit tcp 10.221.224.120/29 224.1.2.102/16"))
def testPortsOnly(self): grepper = ACLGrepper(None, "4711", None, "124") self.assertFalse(grepper.grep("10 permit udp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711")) self.assertFalse(grepper.grep("10 permit tcp 10.221.224.120/29 eq 124 224.1.2.102/16 eq 124")) self.assertTrue(grepper.grep("10 permit tcp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 124"))
def testMatchSPort(self): grepper = ACLGrepper("192.168.2.12", "123") # any self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 any 224.0.0.102/32 eq 4711")) # eq self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 eq 4711 224.0.0.102/32 eq 4711")) self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 eq 123 224.0.0.102/32 eq 4711")) self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 eq 4711 224.0.0.102/32 eq 123")) self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 eq 88 99 123 125 224.0.0.102/32 eq 4711")) # neq self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 neq 4711 224.0.0.102/32 neq 4711")) self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 neq 123 224.0.0.102/32 neq 4711")) self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 neq 4711 224.0.0.102/32 neq 123")) # gt self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 gt 123 224.0.0.102/32 eq 4711")) self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 gt 122 224.0.0.102/32 eq 4711")) self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 gt 4711 224.0.0.102/32 gt 90")) # lt self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 lt 123 224.0.0.102/32 eq 4711")) self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 lt 124 224.0.0.102/32 lt 4711")) self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 lt 100 224.0.0.102/32 lt 900")) # range self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 range 100 120 123 224.0.0.102/32 eq 4711")) self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 range 130 150 123 224.0.0.102/32 eq 4711")) self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 range 100 140 123 224.0.0.102/32 eq 4711")) self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 range 100 120 123 224.0.0.102/32 range 100 150")) self.assertFalse(grepper.grep("just some random text"))
def testMatchAny(self): grepper = ACLGrepper("192.168.2.12", None, None, None, None, True) self.assertTrue(grepper.grep("access-list aclXFG line 46 extended deny udp any any eq netbios-ns (hitcnt=920296) 0x4c3b867e")) self.assertTrue(grepper.grep("access-list aclXFG line 46 extended deny udp any host 10.1.1.1 eq netbios-ns (hitcnt=920296) 0x4c3b867e")) self.assertFalse(grepper.grep("access-list aclXFG line 46 extended deny udp host 10.1.1.1 any eq netbios-ns (hitcnt=920296) 0x4c3b867e"))
def testMatchReal(self): grepper = ACLGrepper("10.221.216.201", "5401", "10.221.69.143", "1024") self.assertTrue(grepper.grep("permit tcp 10.221.216.200 0.0.0.1 range 5400 5413 host 10.221.69.143 gt 1023 established")) self.assertFalse(grepper.grep("permit tcp 10.221.216.200 0.0.0.1 gt 1023 host 10.221.69.143 eq 22"))
def testNamedPorts(self): grepper = ACLGrepper(None, "80", None, "22") self.assertFalse(grepper.grep("10 permit udp 10.221.224.120/29 eq ssh 224.1.2.102/16 eq telnet")) self.assertFalse(grepper.grep("10 permit tcp 10.221.224.120/29 eq ftp 224.1.2.102/16 eq ssh")) self.assertTrue(grepper.grep("10 permit tcp 10.221.224.120/29 eq www 224.1.2.102/16 eq ssh"))
def testNoICMPWhenPortGivenEvenIfAny(self): grepper = ACLGrepper(None, "80", None, "80", "any") self.assertFalse(grepper.grep("10 permit icmp 10.221.224.120/29 224.1.2.102/16"))
def testNoICMPWhenPortGivenEvenIfAny(self): grepper = ACLGrepper(None, "80", None, "80", "any") self.assertFalse( grepper.grep("10 permit icmp 10.221.224.120/29 224.1.2.102/16"))
def testMatchSPort(self): grepper = ACLGrepper("192.168.2.12", "123") # any self.assertTrue( grepper.grep( "10 permit udp 192.168.2.0/24 any 224.0.0.102/32 eq 4711")) # eq self.assertFalse( grepper.grep( "10 permit udp 192.168.2.0/24 eq 4711 224.0.0.102/32 eq 4711")) self.assertTrue( grepper.grep( "10 permit udp 192.168.2.0/24 eq 123 224.0.0.102/32 eq 4711")) self.assertFalse( grepper.grep( "10 permit udp 192.168.2.0/24 eq 4711 224.0.0.102/32 eq 123")) self.assertTrue( grepper.grep( "10 permit udp 192.168.2.0/24 eq 88 99 123 125 224.0.0.102/32 eq 4711" )) # neq self.assertTrue( grepper.grep( "10 permit udp 192.168.2.0/24 neq 4711 224.0.0.102/32 neq 4711" )) self.assertFalse( grepper.grep( "10 permit udp 192.168.2.0/24 neq 123 224.0.0.102/32 neq 4711") ) self.assertTrue( grepper.grep( "10 permit udp 192.168.2.0/24 neq 4711 224.0.0.102/32 neq 123") ) # gt self.assertFalse( grepper.grep( "10 permit udp 192.168.2.0/24 gt 123 224.0.0.102/32 eq 4711")) self.assertTrue( grepper.grep( "10 permit udp 192.168.2.0/24 gt 122 224.0.0.102/32 eq 4711")) self.assertFalse( grepper.grep( "10 permit udp 192.168.2.0/24 gt 4711 224.0.0.102/32 gt 90")) # lt self.assertFalse( grepper.grep( "10 permit udp 192.168.2.0/24 lt 123 224.0.0.102/32 eq 4711")) self.assertTrue( grepper.grep( "10 permit udp 192.168.2.0/24 lt 124 224.0.0.102/32 lt 4711")) self.assertFalse( grepper.grep( "10 permit udp 192.168.2.0/24 lt 100 224.0.0.102/32 lt 900")) # range self.assertFalse( grepper.grep( "10 permit udp 192.168.2.0/24 range 100 120 123 224.0.0.102/32 eq 4711" )) self.assertFalse( grepper.grep( "10 permit udp 192.168.2.0/24 range 130 150 123 224.0.0.102/32 eq 4711" )) self.assertTrue( grepper.grep( "10 permit udp 192.168.2.0/24 range 100 140 123 224.0.0.102/32 eq 4711" )) self.assertFalse( grepper.grep( "10 permit udp 192.168.2.0/24 range 100 120 123 224.0.0.102/32 range 100 150" )) self.assertFalse(grepper.grep("just some random text"))