def search(self, policy_tuples):
policies = []
for policy_tuple in policy_tuples:
src = []
dest = []
services = []
action = None
description = None
src_zone = policy_tuple[0]
dest_zone = policy_tuple[1]
policy_name = policy_tuple[2]
if src_zone == dest_zone == "global":
match_line = "global policy " + self.rpad(policy_name)
else:
match_line = "from-zone" + self.pad(src_zone) + "to-zone" + self.pad(dest_zone) + "policy" + self.pad(policy_name)
for policy_line in self.config.get_filtered_lines("policy", [match_line], []):
for address_type in ["source-address", "destination-address"]:
if address_type in policy_line:
target_address = re.search(address_type + ' (.*)', policy_line)
if target_address:
target_address = target_address.group(1)
if address_type == "source-address":
if target_address == "any":
src.append(Address("any", "any", "any"))
else:
src.append(self.parse_address(target_address))
else:
if target_address == "any":
dest.append(Address("any", "any", "any"))
else:
dest.append(self.parse_address(target_address))
# services
if "match application " in policy_line:
service = re.search('match application (.*)', policy_line)
service = service.group(1)
if service == "any":
service_objcet = Service("any", "any", "any")
elif "junos-" in service:
protocol, destination_port = self.get_junos_default_service(service)
service_objcet = Service(service, protocol, destination_port)
else:
stdout = self.config.get_filtered_lines("service", ["application-set", self.pad(service)], ["description"])
if len(stdout) != 0:
# services in the set
service_objcet = ServiceGroup(service)
for service_set_line in stdout:
if " application " in service_set_line:
service_set_service = re.search('application (.*)', service_set_line)
service_set_service = service_set_service.group(1)
if "junos-" in service_set_service:
protocol, destination_port = self.get_junos_default_service(service_set_service)
service_objcet.add_service(Service(service_set_service, protocol, destination_port))
else:
stdout = self.config.get_filtered_lines("service", [self.pad(service_set_service)], ["application-set", "description"])
if " term " not in service_set_line[0]:
# found the actual service
protocol, destination_port = self.get_generic_service(stdout)
service_objcet.add_service(Service(service_set_service, protocol, destination_port))
else:
# termed service object
terms = set()
for lines in stdout:
group_term = re.search(' term (.+?) ', service_set_line)
group_term = group_term.group(1)
terms.add(group_term)
for term in terms:
protocol, destination_port = self.get_generic_service(self.config.get_filtered_lines("service", [self.pad(service_set_service), self.pad(term)], ["application-set", "description"]))
service_objcet.add_service(Service(term, protocol, destination_port))
else:
protocol, destination_port = self.get_generic_service(self.config.get_filtered_lines("service", [self.pad(service)], ["application-set", "description"]))
service_objcet = Service(service, protocol, destination_port)
services.append(service_objcet)
# action
if action is None:
if " then " in policy_line and " log " not in policy_line:
action = re.search('then (permit|deny|reject)', policy_line)
action = action.group(1)
# description
if " description " in policy_line:
description = re.search('description (.*)', policy_line)
description = description.group(1)
description = description.strip('"')
if description is None:
description = ""
policies.append(Policy(policy_name, description, src, dest, action, services, src_zone, dest_zone))
return policies
def search(self, policy_tuples):
policies = []
for policy_tuple in policy_tuples:
src = []
dest = []
services = []
action = None
description = None
src_zone = policy_tuple[0]
dest_zone = policy_tuple[1]
policy_name = policy_tuple[2]
if src_zone == dest_zone == "global":
match_line = "global policy " + self.rpad(policy_name)
else:
match_line = "from-zone" + self.pad(
src_zone) + "to-zone" + self.pad(
dest_zone) + "policy" + self.pad(policy_name)
for policy_line in self.config.get_filtered_lines(
"policy", [match_line], []):
for address_type in ["source-address", "destination-address"]:
if address_type in policy_line:
target_address = re.search(address_type + ' (.*)',
policy_line)
if target_address:
target_address = target_address.group(1)
if address_type == "source-address":
if target_address == "any":
src.append(Address("any", "any", "any"))
else:
src.append(
self.parse_address(target_address))
else:
if target_address == "any":
dest.append(Address("any", "any", "any"))
else:
dest.append(
self.parse_address(target_address))
# services
if "match application " in policy_line:
service = re.search('match application (.*)', policy_line)
service = service.group(1)
if service == "any":
service_objcet = Service("any", "any", "any")
elif "junos-" in service:
protocol, destination_port = self.get_junos_default_service(
service)
service_objcet = Service(service, protocol,
destination_port)
else:
stdout = self.config.get_filtered_lines(
"service", ["application-set",
self.pad(service)], ["description"])
if len(stdout) != 0:
# services in the set
service_objcet = ServiceGroup(service)
for service_set_line in stdout:
if " application " in service_set_line:
service_set_service = re.search(
'application (.*)', service_set_line)
service_set_service = service_set_service.group(
1)
if "junos-" in service_set_service:
protocol, destination_port = self.get_junos_default_service(
service_set_service)
service_objcet.add_service(
Service(service_set_service,
protocol,
destination_port))
else:
stdout = self.config.get_filtered_lines(
"service",
[self.pad(service_set_service)],
["application-set", "description"])
if " term " not in service_set_line[0]:
# found the actual service
protocol, destination_port = self.get_generic_service(
stdout)
service_objcet.add_service(
Service(
service_set_service,
protocol,
destination_port))
else:
# termed service object
terms = set()
for lines in stdout:
group_term = re.search(
' term (.+?) ',
service_set_line)
group_term = group_term.group(
1)
terms.add(group_term)
for term in terms:
protocol, destination_port = self.get_generic_service(
self.config.
get_filtered_lines(
"service", [
self.pad(
service_set_service
),
self.pad(term)
], [
"application-set",
"description"
]))
service_objcet.add_service(
Service(
term, protocol,
destination_port))
else:
protocol, destination_port = self.get_generic_service(
self.config.get_filtered_lines(
"service", [self.pad(service)],
["application-set", "description"]))
service_objcet = Service(service, protocol,
destination_port)
services.append(service_objcet)
# action
if action is None:
if " then " in policy_line and " log " not in policy_line:
action = re.search('then (permit|deny|reject)',
policy_line)
action = action.group(1)
# description
if " description " in policy_line:
description = re.search('description (.*)', policy_line)
description = description.group(1)
description = description.strip('"')
if description is None:
description = ""
policies.append(
Policy(policy_name, description, src, dest, action, services,
src_zone, dest_zone))
return policies
