def testVal_object_group_service_01():
## This can only be configured as protocol object-group
conf = ['!',
'object-group service APP01_svc',
' service-object tcp destination smtp',
' service-object tcp destination https',
'!',]
cfg_factory = CiscoConfParse(conf, factory=True, syntax='asa')
obj = cfg_factory.find_objects(r'object-group\sservice')[0]
result_correct = [L4Object(protocol='tcp', port_spec='eq 25',
syntax='asa'), L4Object(protocol='tcp', port_spec='eq 443',
syntax='asa')]
assert (obj.name=='APP01_svc')
assert (obj.ports==result_correct)
assert (obj.L4Objects_are_directional is True)
assert (obj.protocol_type=='')
def testVal_object_group_service_03():
## This can only be configured as an object group after a host / network
conf = ['!',
'object-group service APP03_svc tcp-udp',
' port-object eq domain',
'!',]
cfg_factory = CiscoConfParse(conf, factory=True, syntax='asa')
obj = cfg_factory.find_objects(r'object-group\sservice')[0]
## Test whether the proper port objects are returned
results_correct = [L4Object(port_spec='eq 53', protocol='tcp',
syntax='asa'),
L4Object(port_spec='eq 53', protocol='udp', syntax='asa')]
assert (obj.name=='APP03_svc')
assert (obj.ports==results_correct)
assert (obj.L4Objects_are_directional is False)
assert (obj.protocol_type=='tcp-udp')
def testVal_object_group_service_02():
## This can only be configured as an object group after a host / network
conf = ['!',
'object-group service APP02_svc tcp',
' port-object eq smtp',
' port-object eq https',
' port-object range 8080 8081',
'!',]
cfg_factory = CiscoConfParse(conf, factory=True, syntax='asa')
obj = cfg_factory.find_objects(r'object-group\sservice')[0]
result_correct = [L4Object(protocol='tcp', port_spec='eq 25',
syntax='asa'), L4Object(protocol='tcp', port_spec='eq 443',
syntax='asa'), L4Object(protocol='tcp', port_spec='range 8080 8081',
syntax='asa')]
assert (obj.name=='APP02_svc')
assert (obj.ports==result_correct)
assert (obj.L4Objects_are_directional is False)
assert (obj.protocol_type=='tcp')
def ports(self):
"""Return a list of objects which represent the protocol and ports allowed by this object-group"""
retval = list()
## TODO: implement processing for group-objects (which obviously
## involves iteration
#GROUP_OBJ_REGEX = r'^\s*group-object\s+(\S+)'
SERVICE_OBJ_REGEX = r'^\s*service-object\s+(tcp|udp|tcp-udp)\s+(\S+)\s+(\S+)'
PORT_OBJ_REGEX = r'^\s*port-object\s+(eq|range)\s+(\S.+)'
for obj in self.children:
if 'service-object ' in obj.text:
protocol = obj.re_match_typed(SERVICE_OBJ_REGEX,
group=1,
result_type=str)
src_dst = obj.re_match_typed(SERVICE_OBJ_REGEX,
group=2,
result_type=str)
port = obj.re_match_typed(SERVICE_OBJ_REGEX,
group=3,
result_type=str)
if protocol == 'tcp-udp':
retval.append(
L4Object(protocol='tcp', port_spec=port, syntax='asa'))
retval.append(
L4Object(protocol='udp', port_spec=port, syntax='asa'))
else:
retval.append(
L4Object(protocol=protocol,
port_spec=port,
syntax='asa'))
elif 'port-object ' in obj.text:
op = obj.re_match_typed(PORT_OBJ_REGEX,
group=1,
result_type=str)
port = obj.re_match_typed(PORT_OBJ_REGEX,
group=2,
result_type=str)
port_spec = "{0} {1}".format(op, port)
if self.protocol_type == 'tcp-udp':
retval.append(
L4Object(protocol='tcp',
port_spec=port_spec,
syntax='asa'))
retval.append(
L4Object(protocol='udp',
port_spec=port_spec,
syntax='asa'))
else:
retval.append(
L4Object(protocol=self.protocol_type,
port_spec=port_spec,
syntax='asa'))
elif 'group-object ' in obj.text:
name = obj.re_match_typed(r'^\s*group-object\s+(\S+)',
group=1,
result_type=str)
group_ports = self.confobj.object_group_service.get(name, None)
if name == self.name:
## Throw an error when importing self
raise ValueError(
"FATAL: Cannot recurse through group-object {0} in object-group service {1}"
.format(name, self.name))
if (group_ports is None):
raise ValueError(
"FATAL: Cannot find group-object named {0}".format(
name))
else:
retval.extend(group_ports.ports)
elif 'description ' in obj.text:
pass
else:
raise NotImplementedError("Cannot parse '{0}'".format(
obj.text))
return retval
def testL4Object_asa_lt02(self):
pp = L4Object(protocol='tcp', port_spec='lt 7', syntax='asa')
self.assertEqual(pp.protocol, 'tcp')
self.assertEqual(pp.port_list, range(1, 7))
def testL4Object_asa_range01(self):
pp = L4Object(protocol='tcp', port_spec='range smtp 32', syntax='asa')
self.assertEqual(pp.protocol, 'tcp')
self.assertEqual(pp.port_list, range(25, 33))
def testL4Object_asa_eq02(self):
pp = L4Object(protocol='tcp', port_spec='smtp', syntax='asa')
self.assertEqual(pp.protocol, 'tcp')
self.assertEqual(pp.port_list, [25])
def testL4Object_asa_eq02():
pp = L4Object(protocol='tcp', port_spec='smtp', syntax='asa')
assert pp.protocol == 'tcp'
assert pp.port_list == [25]
def testL4Object_asa_lt02():
pp = L4Object(protocol='tcp', port_spec='lt 7', syntax='asa')
assert pp.protocol == 'tcp'
assert pp.port_list == range(1, 7)
def testL4Object_asa_range01():
pp = L4Object(protocol='tcp', port_spec='range smtp 32', syntax='asa')
assert pp.protocol == 'tcp'
assert pp.port_list == range(25, 33)
def ports(self):
"""Return a list of objects which represent the protocol and ports allowed by this object-group"""
retval = list()
## TODO: implement processing for group-objects (which obviously
## involves iteration
#GROUP_OBJ_REGEX = r'^\s*group-object\s+(\S+)'
for obj in self.children:
## Parse out 'service-object ...' and 'port-object' lines...
mm = _RE_PORTOBJECT.search(obj.text)
if not (mm is None):
svc_obj = mm.groupdict()
else:
svc_obj = dict()
if svc_obj.get('protocol', None):
protocol = svc_obj.get('protocol')
src_dst = svc_obj.get('src_dst', '')
port = svc_obj.get('s_port', '')
if protocol == 'tcp-udp':
retval.append(
L4Object(protocol='tcp', port_spec=port, syntax='asa'))
retval.append(
L4Object(protocol='udp', port_spec=port, syntax='asa'))
else:
retval.append(
L4Object(protocol=protocol,
port_spec=port,
syntax='asa'))
elif svc_obj.get('operator', None):
op = svc_obj.get('operator', '')
port = svc_obj.get('p_port', '')
port_spec = "{0} {1}".format(op, port)
if self.protocol_type == 'tcp-udp':
retval.append(
L4Object(protocol='tcp',
port_spec=port_spec,
syntax='asa'))
retval.append(
L4Object(protocol='udp',
port_spec=port_spec,
syntax='asa'))
else:
retval.append(
L4Object(protocol=self.protocol_type,
port_spec=port_spec,
syntax='asa'))
elif svc_obj.get('groupobject', None):
name = svc_obj.get('groupobject')
group_ports = self.confobj.object_group_service.get(name, None)
if name == self.name:
## Throw an error when importing self
raise ValueError(
"FATAL: Cannot recurse through group-object {0} in object-group service {1}"
.format(name, self.name))
if (group_ports is None):
raise ValueError(
"FATAL: Cannot find group-object named {0}".format(
name))
else:
retval.extend(group_ports.ports)
elif 'description ' in obj.text:
pass
else:
raise NotImplementedError("Cannot parse '{0}'".format(
obj.text))
return retval