def run_it(chosen_dg):
# Initialize log file for exceptions
logging.basicConfig(level=logging.INFO, filename='exceptions.log')
with open(PAN_CFG_FILE, 'r') as f:
pan_cfg = xmltodict.parse(f.read())['response']['result']
device_groups = pan_cfg['config']['devices']['entry']['device-group'][
'entry']
dg_tree = [a for a in device_groups if a['@name'] == chosen_dg][0]
sec_tree = dg_tree['post-rulebase']['security']['rules']['entry']
# BUILD LIST FOR DUMPING TO WEBPAGE
rows = list()
for r in sec_tree:
try:
# resolve source address(es)
src_ip = export.resolve_address(r['source'].get('member'), pan_cfg)
# resolve destination address(es)
dst_ip = export.resolve_address(r['destination'].get('member'),
pan_cfg)
# Resolve destination port object(s) to a list of ports
if type(r['service']) == list:
dport = r['service'][0].get('member')
else:
dport = r['service'].get('member')
dst_port = export.resolve_service(dport, pan_cfg)
# Fill out table row with all rule details
row = (
str(r['@name']),
str(r['from'].get('member')),
str(r['source'].get('member')),
str(src_ip),
str(r['to'].get('member')),
str(r['destination'].get('member')),
str(dst_ip),
str(r['application'].get('member')),
str(r['service'].get('member')),
str(dst_port),
str(r['category'].get('member')),
str(r['action']),
str(
r.get('profile-setting',
{}).get('group', {}).get('member', 'none')),
str(r['log-setting']),
)
rows.append(row)
except BaseException as e:
logging.exception("UNABLE TO EXPORT RULE {} DUE TO {}".format(
r, e))
return render_template('export.html',
title='EXPORT RESULTS',
rows=rows,
chosen_dg=chosen_dg)
def test_service_group_nested():
assert resolve_service('sg_nested_mix_01', TEST_PAN_CFG) == [
'udp_53', 'udp_69', 'udp_500', 'udp_4500', 'tcp_16', 'tcp_34',
'tcp_36', 'tcp_229', 'tcp_1109', 'tcp_40000-65535'
]
def test_service_group():
assert resolve_service('sg_random_mix', TEST_PAN_CFG) == ['tcp_2', 'tcp_161', 'udp_2', 'udp_40000-65535']
def test_port_range():
assert resolve_service('tcp_40000-65535', TEST_PAN_CFG) == 'tcp_40000-65535'
def test_single_port():
assert resolve_service('udp_4500', TEST_PAN_CFG) == 'udp_4500'
def test_application_default():
assert resolve_service('application-default', TEST_PAN_CFG) == 'application-default'
def test_any():
assert resolve_service('any', TEST_PAN_CFG) == 'any'
def test_nonexistent_object():
assert resolve_service('nobody_knows_me', TEST_PAN_CFG) == ['unknown']
def download():
chosen_dg = 'child_dg_lab01'
# Initialize log file for exceptions
logging.basicConfig(level=logging.INFO, filename='exceptions.log')
with open(PAN_CFG_FILE, 'r') as f:
pan_cfg = xmltodict.parse(f.read())['response']['result']
device_groups = pan_cfg['config']['devices']['entry']['device-group'][
'entry']
dg_tree = [a for a in device_groups if a['@name'] == chosen_dg][0]
sec_tree = dg_tree['post-rulebase']['security']['rules']['entry']
# BUILD LIST FOR DUMPING TO WEBPAGE
rows = list()
rows.append([
'NAME',
'FROM',
'SOURCE',
'RESOLVED SRC',
'TO',
'DESTINATION',
'RESOLVED DST',
'APP',
'SERVICE',
'RESOLVED PT',
'CATEGORY',
'ACTION',
'PROFILE-SETTING',
'LOG-SETTING',
])
for r in sec_tree:
try:
# resolve source address(es)
src_ip = export.resolve_address(r['source'].get('member'), pan_cfg)
# resolve destination address(es)
dst_ip = export.resolve_address(r['destination'].get('member'),
pan_cfg)
# Resolve destination port object(s) to a list of ports
if type(r['service']) == list:
dport = r['service'][0].get('member')
else:
dport = r['service'].get('member')
dst_port = export.resolve_service(dport, pan_cfg)
# Fill out table row with all rule details
row = (
str(r['@name']),
str(r['from'].get('member')),
str(r['source'].get('member')),
str(src_ip),
str(r['to'].get('member')),
str(r['destination'].get('member')),
str(dst_ip),
str(r['application'].get('member')),
str(r['service'].get('member')),
str(dst_port),
str(r['category'].get('member')),
str(r['action']),
str(
r.get('profile-setting',
{}).get('group', {}).get('member', 'none')),
str(r['log-setting']),
)
rows.append(row)
except BaseException as e:
logging.exception("UNABLE TO EXPORT RULE {} DUE TO {}".format(
r, e))
return flask_excel.make_response_from_array(rows, "xlsx")