def parse_list_security_policy(filename, conn):
f = open(filename, 'rU')
sql_security_policy = ''' (Rule_Number,section,name,comments,src,src_neg,dst,dst_neg,services,action)
VALUES(?,?,?,?,?,?,?,?,?,?) '''
tree = ET.parse(filename)
root = tree.getroot()
print(root)
count_enabled_rules = 1
for rule in root.findall('./fw_policie/rule/rule'):
if rule.find('Class_Name') is not None and rule.find(
'disabled').text == 'false' and rule.find(
'time/time/Name').text == 'Any':
number = db_worker.del_nt(rule.find('Rule_Number').text)
name = db_worker.del_nt(rule.find('name').text)
comments = db_worker.del_nt(rule.find('comments').text)
action = db_worker.del_nt(rule.find('action/action/Name').text)
sources = []
destinations = []
services = []
for src in rule.findall('src/members/reference'):
sources.append(db_worker.del_nt(src.find('Name').text))
for dst in rule.findall('dst/members/reference'):
destinations.append(db_worker.del_nt(dst.find('Name').text))
for service_ in rule.findall('services/members/reference'):
services.append(
db_worker.del_g(
db_worker.del_nt(service_.find('Name').text)))
if db_worker.del_nt(rule.find('src/op').text) == "not in":
sources_neg = "True"
else:
sources_neg = "False"
if db_worker.del_nt(rule.find('dst/op').text) == "not in":
destinations_neg = "True"
else:
destinations_neg = "False"
sources_str = ",".join(sources)
destinations_str = ",".join(destinations)
services_str = ",".join(services)
net_obj = (str(count_enabled_rules), "False", name, comments,
sources_str, sources_neg, destinations_str,
destinations_neg, services_str, action)
db_worker.create_net_obj(conn, net_obj, 'security_policy',
sql_security_policy)
logging.info(net_obj)
count_enabled_rules += 1
elif rule.find('header_text') is not None:
name = db_worker.del_nt(rule.find('header_text').text)
print(name)
net_obj = (str(count_enabled_rules), "True", name, "", "", "", "",
"", "", "")
db_worker.create_net_obj(conn, net_obj, 'security_policy',
sql_security_policy)
logging.info(net_obj)
count_enabled_rules += 1
conn.commit()
logging.info('Numbers of enabled and no time rules and sections = ' +
str(count_enabled_rules))
print('Numbers of enabled and no time rules and sections = ' +
str(count_enabled_rules - 1))
def parser_type4(net_obj_):
"""
Parser for network objects types: network
:param net_obj_:
:return net_obj_tail:
"""
ip_addr = db_worker.del_nt(net_obj_.find('ipaddr').text)
netmask = db_worker.del_nt(net_obj_.find('netmask').text)
return (ip_addr + '/' + netmask, )
def parser_type3(net_obj_):
"""
Parser for network objects types: address_range
:param net_obj_:
:return net_obj_tail:
"""
ipaddr_first = db_worker.del_nt(net_obj_.find('ipaddr_first').text)
ipaddr_last = db_worker.del_nt(net_obj_.find('ipaddr_last').text)
return (ipaddr_first, ipaddr_last)
def parser_type7(net_obj_):
"""
Parser for network objects types: group_with_exception
:param net_obj_:
:return net_obj_tail:
"""
members = []
exceptions = []
for obj in net_obj_.findall('base'):
members.append(db_worker.del_nt(obj.find('Name').text))
for obj in net_obj_.findall('exception'):
exceptions.append(db_worker.del_nt(obj.find('Name').text))
members_str = ",".join(members)
exceptions_str = ",".join(exceptions)
return (members_str, exceptions_str)
def parser_type2(net_obj_):
"""
Parser for network objects types: host_plain, host_ckp
:param net_obj_:
:return net_obj_tail:
"""
ipaddr = db_worker.del_nt(net_obj_.find('ipaddr').text)
return (ipaddr, )
def parser_type1(net_obj_):
"""
Parser for network objects types: cluster_member, gateway_ckp, connectra, gateway_plain, sofaware_gateway
:param net_obj_:
:return net_obj_tail:
"""
interfaces = []
for interface in net_obj_.findall('interfaces'):
interfaces_ = interface.findall('interfaces')
for interface_ in interfaces_:
ip = db_worker.del_nt(interface_.find('ipaddr').text)
if is_ip_addr(ip):
interfaces.append(ip)
ipaddr = db_worker.del_nt(net_obj_.find('ipaddr').text)
if ipaddr not in interfaces and ipaddr is not None:
interfaces.append(ipaddr)
interfaces_str = ",".join(interfaces)
return (interfaces_str, )
def parser_type6(net_obj_):
"""
Parser for network objects types: network_object_group
:param net_obj_:
:return net_obj_tail:
"""
members = []
for group_member in net_obj_.findall('members'):
elements = group_member.findall('reference')
for element in elements:
members.append(db_worker.del_nt(element.find('Name').text))
members_str = ",".join(members)
return (members_str, )
def parser_type5(net_obj_):
"""
Parser for network objects types: gateway_cluster
:param net_obj_:
:return net_obj_tail:
"""
nodes = []
for cluster_members in net_obj_.findall('cluster_members'):
cluster_members_ = cluster_members.findall('cluster_members')
for cluster_member_ in cluster_members_:
nodes.append(db_worker.del_nt(cluster_member_.find('Name').text))
nodes_str = ",".join(nodes)
return (nodes_str, )
def parse_list_network_object(filename, conn):
f = open(filename, 'rU')
type_net_obj = []
tree = ET.parse(filename)
root = tree.getroot()
print(root)
net_obj_type_dict = {
'cluster_member':
''' (name,comments,color,interfaces)
VALUES(?,?,?,?) ''',
'gateway_ckp':
''' (name,comments,color,interfaces)
VALUES(?,?,?,?) ''',
'gateway_plain':
''' (name,comments,color,interfaces)
VALUES(?,?,?,?) ''',
'sofaware_gateway':
''' (name,comments,color,interfaces)
VALUES(?,?,?,?) ''',
'connectra':
''' (name,comments,color,interfaces)
VALUES(?,?,?,?) ''',
'host_plain':
''' (name,comments,color,ip_address)
VALUES(?,?,?,?) ''',
'host_ckp':
''' (name,comments,color,ip_address)
VALUES(?,?,?,?) ''',
'address_range':
''' (name,comments,color,ipaddr_first,ipaddr_last)
VALUES(?,?,?,?,?) ''',
'network':
''' (name,comments,color,ip_address)
VALUES(?,?,?,?) ''',
'gateway_cluster':
''' (name,comments,color,nodes)
VALUES(?,?,?,?) ''',
'network_object_group':
''' (name,comments,color,members)
VALUES(?,?,?,?) ''',
'group_with_exception':
''' (name,comments,color,members,exceptions)
VALUES(?,?,?,?,?) '''
}
count_cluster_member = 0
count_gateway_ckp = 0
count_connectra = 0
count_gateway_plain = 0
count_sofaware_gateway = 0
count_host_plain = 0
count_host_ckp = 0
count_address_range = 0
count_network = 0
count_gateway_cluster = 0
count_network_group = 0
count_group_with_exception = 0
# Determine how many network object types we have
for net_obj_ in root.findall('network_object'):
if net_obj_.find('Class_Name').text not in type_net_obj:
type_net_obj.append(net_obj_.find('Class_Name').text)
# Print all network object types
print(
"***************** We have following network object types:***********************"
)
logging.info(
"***************** We have following network object types:***********************"
)
for net_obj_type_ in type_net_obj:
print(net_obj_type_)
logging.info(net_obj_type_)
for net_obj_ in root.findall('network_object'):
class_name = net_obj_.find('Class_Name').text
name = db_worker.del_nt(net_obj_.find('Name').text)
comment = db_worker.del_nt(net_obj_.find('comments').text)
color = db_worker.del_nt(net_obj_.find('color').text)
logging.info("Now under analyze... " + name)
j = 0
if class_name == 'cluster_member':
net_obj = (name, comment, color) + parser_type1(net_obj_)
count_cluster_member += 1
j = 1
elif class_name == 'gateway_ckp':
net_obj = (name, comment, color) + parser_type1(net_obj_)
count_gateway_ckp += 1
j = 1
elif class_name == 'connectra':
net_obj = (name, comment, color) + parser_type1(net_obj_)
count_connectra += 1
j = 1
elif class_name == 'gateway_plain':
net_obj = (name, comment, color) + parser_type1(net_obj_)
count_gateway_plain += 1
j = 1
elif class_name == 'sofaware_gateway':
net_obj = (name, comment, color) + parser_type1(net_obj_)
count_sofaware_gateway += 1
j = 1
elif class_name == 'host_plain':
net_obj = (name, comment, color) + parser_type2(net_obj_)
count_host_plain += 1
j = 1
elif class_name == 'host_ckp':
net_obj = (name, comment, color) + parser_type2(net_obj_)
count_host_ckp += 1
j = 1
elif class_name == 'address_range':
net_obj = (name, comment, color) + parser_type3(net_obj_)
count_address_range += 1
j = 1
elif class_name == 'network':
net_obj = (name, comment, color) + parser_type4(net_obj_)
count_network += 1
j = 1
elif class_name == 'gateway_cluster':
net_obj = (name, comment, color) + parser_type5(net_obj_)
count_gateway_cluster += 1
j = 1
elif class_name == 'network_object_group':
net_obj = (name, comment, color) + parser_type6(net_obj_)
count_network_group += 1
j = 1
elif class_name == 'group_with_exception':
net_obj = (name, comment, color) + parser_type7(net_obj_)
count_group_with_exception += 1
j = 1
if j == 1:
db_worker.create_net_obj(conn, net_obj, class_name,
net_obj_type_dict[class_name])
logging.info(net_obj)
conn.commit()
print(
'**********************************************************************'
)
print('Numbers of cluster_member = ' + str(count_cluster_member))
print('Numbers of gateway_ckp = ' + str(count_gateway_ckp))
print('Numbers of connectra = ' + str(count_connectra))
print('Numbers of gateway_plain = ' + str(count_gateway_plain))
print('Numbers of sofaware_gateway = ' + str(count_sofaware_gateway))
print('Numbers of host_plain = ' + str(count_host_plain))
print('Numbers of host_ckp = ' + str(count_host_ckp))
print('Numbers of address_range = ' + str(count_address_range))
print('Numbers of network = ' + str(count_network))
print('Numbers of gateway_cluster = ' + str(count_gateway_cluster))
print('Numbers of network_group = ' + str(count_network_group))
print('Numbers of group_with_exception = ' +
str(count_group_with_exception))
logging.info(
'**********************************************************************'
)
logging.info('Numbers of cluster_member = ' + str(count_cluster_member))
logging.info('Numbers of gateway_ckp = ' + str(count_gateway_ckp))
logging.info('Numbers of connectra = ' + str(count_connectra))
logging.info('Numbers of gateway_plain = ' + str(count_gateway_plain))
logging.info('Numbers of sofaware_gateway = ' +
str(count_sofaware_gateway))
logging.info('Numbers of host_plain = ' + str(count_host_plain))
logging.info('Numbers of host_ckp = ' + str(count_host_ckp))
logging.info('Numbers of address_range = ' + str(count_address_range))
logging.info('Numbers of network = ' + str(count_network))
logging.info('Numbers of gateway_cluster = ' + str(count_gateway_cluster))
logging.info('Numbers of network_group = ' + str(count_network_group))
logging.info('Numbers of group_with_exception = ' +
str(count_group_with_exception))
db_worker.create_index_table(conn, "cluster_member",
"network_object_index")
db_worker.create_index_table(conn, "connectra", "network_object_index")
db_worker.create_index_table(conn, "gateway_ckp", "network_object_index")
db_worker.create_index_table(conn, "gateway_plain", "network_object_index")
db_worker.create_index_table(conn, "sofaware_gateway",
"network_object_index")
db_worker.create_index_table(conn, "gateway_cluster",
"network_object_index")
db_worker.create_index_table(conn, "address_range", "network_object_index")
db_worker.create_index_table(conn, "host_plain", "network_object_index")
db_worker.create_index_table(conn, "host_ckp", "network_object_index")
db_worker.create_index_table(conn, "network", "network_object_index")
db_worker.create_index_table(conn, "group_with_exception",
"network_object_index")
db_worker.create_index_table(conn, "network_object_group",
"network_object_index")
cur = conn.cursor()
try:
cur.execute(
"CREATE UNIQUE INDEX idx_network_object_index ON network_object_index (name)"
)
except Error as e:
logging.warning(e)
logging.info(str(e))
f.close()
def parse_list_service(filename, conn):
f = open(filename, 'rU')
sql_service = ''' (name,comments,color,type,port)
VALUES(?,?,?,?,?) '''
sql_service_group = ''' (name,comments,color,members)
VALUES(?,?,?,?) '''
tree_services = ET.parse(filename)
root_services = tree_services.getroot()
count_services = 0
for service_ in root_services.findall('service'):
# Add to all objects database tcp and udp services as object class service
if service_.find('Class_Name').text == 'tcp_service' or service_.find(
'Class_Name').text == 'udp_service':
name = db_worker.del_nt(service_.find('Name').text)
comment = db_worker.del_nt(service_.find('comments').text)
type = db_worker.del_nt(service_.find('type').text)
port = db_worker.del_nt(service_.find('port').text)
color = db_worker.del_nt(service_.find('color').text)
logging.info("Now under analyze... " + name)
service = (db_worker.del_g(name), comment, color, type, port)
logging.info(service)
db_worker.create_net_obj(conn, service, "services", sql_service)
count_services += 1
# Add to all objects database all other services
else:
if service_.find('Class_Name').text != 'service_group':
name = db_worker.del_nt(service_.find('Name').text)
type = "other_service"
comment = db_worker.del_nt(service_.find('comments').text)
color = db_worker.del_nt(service_.find('color').text)
logging.info("Now under analyze... " + name)
port = None
service = (db_worker.del_g(name), comment, color, type, port)
logging.info(service)
db_worker.create_net_obj(conn, service, "services",
sql_service)
count_services += 1
conn.commit()
# Add to all objects database service groups as lists
for service_ in root_services.findall('service'):
if service_.find('Class_Name').text == 'service_group':
name = db_worker.del_nt(service_.find('Name').text)
comment = db_worker.del_nt(service_.find('comments').text)
color = db_worker.del_nt(service_.find('color').text)
logging.info("Now under analyze... " + name)
members = []
for service_gr_mem in service_.findall('members'):
elements = service_gr_mem.findall('reference')
for element in elements:
members.append(
db_worker.del_g(
db_worker.del_nt(element.find('Name').text)))
members_str = ",".join(members)
service_group = (db_worker.del_g(name), comment, color,
members_str)
logging.info(service_group)
db_worker.create_net_obj(conn, service_group, "service_groups",
sql_service_group)
count_services += 1
conn.commit()
cur = conn.cursor()
try:
cur.execute("CREATE UNIQUE INDEX idx_services_name ON services (name)")
except Error as e:
logging.warning(e)
logging.info(str(e))
try:
cur.execute(
"CREATE UNIQUE INDEX idx_service_groups_name ON service_groups (name)"
)
except Error as e:
logging.warning(e)
logging.info(str(e))
print('Numbers of services and groups = ' + str(count_services))
db_worker.create_index_table(conn, "services", "service_index")
db_worker.create_index_table(conn, "service_groups", "service_index")
cur = conn.cursor()
try:
cur.execute(
"CREATE UNIQUE INDEX idx_service_index ON service_index (name)")
except Error as e:
logging.warning(e)
logging.info(str(e))
f.close()