def run_it(chosen_dg): # Initialize log file for exceptions logging.basicConfig(level=logging.INFO, filename='exceptions.log') with open(PAN_CFG_FILE, 'r') as f: pan_cfg = xmltodict.parse(f.read())['response']['result'] device_groups = pan_cfg['config']['devices']['entry']['device-group'][ 'entry'] dg_tree = [a for a in device_groups if a['@name'] == chosen_dg][0] sec_tree = dg_tree['post-rulebase']['security']['rules']['entry'] # BUILD LIST FOR DUMPING TO WEBPAGE rows = list() for r in sec_tree: try: # resolve source address(es) src_ip = export.resolve_address(r['source'].get('member'), pan_cfg) # resolve destination address(es) dst_ip = export.resolve_address(r['destination'].get('member'), pan_cfg) # Resolve destination port object(s) to a list of ports if type(r['service']) == list: dport = r['service'][0].get('member') else: dport = r['service'].get('member') dst_port = export.resolve_service(dport, pan_cfg) # Fill out table row with all rule details row = ( str(r['@name']), str(r['from'].get('member')), str(r['source'].get('member')), str(src_ip), str(r['to'].get('member')), str(r['destination'].get('member')), str(dst_ip), str(r['application'].get('member')), str(r['service'].get('member')), str(dst_port), str(r['category'].get('member')), str(r['action']), str( r.get('profile-setting', {}).get('group', {}).get('member', 'none')), str(r['log-setting']), ) rows.append(row) except BaseException as e: logging.exception("UNABLE TO EXPORT RULE {} DUE TO {}".format( r, e)) return render_template('export.html', title='EXPORT RESULTS', rows=rows, chosen_dg=chosen_dg)
def test_service_group_nested(): assert resolve_service('sg_nested_mix_01', TEST_PAN_CFG) == [ 'udp_53', 'udp_69', 'udp_500', 'udp_4500', 'tcp_16', 'tcp_34', 'tcp_36', 'tcp_229', 'tcp_1109', 'tcp_40000-65535' ]
def test_service_group(): assert resolve_service('sg_random_mix', TEST_PAN_CFG) == ['tcp_2', 'tcp_161', 'udp_2', 'udp_40000-65535']
def test_port_range(): assert resolve_service('tcp_40000-65535', TEST_PAN_CFG) == 'tcp_40000-65535'
def test_single_port(): assert resolve_service('udp_4500', TEST_PAN_CFG) == 'udp_4500'
def test_application_default(): assert resolve_service('application-default', TEST_PAN_CFG) == 'application-default'
def test_any(): assert resolve_service('any', TEST_PAN_CFG) == 'any'
def test_nonexistent_object(): assert resolve_service('nobody_knows_me', TEST_PAN_CFG) == ['unknown']
def download(): chosen_dg = 'child_dg_lab01' # Initialize log file for exceptions logging.basicConfig(level=logging.INFO, filename='exceptions.log') with open(PAN_CFG_FILE, 'r') as f: pan_cfg = xmltodict.parse(f.read())['response']['result'] device_groups = pan_cfg['config']['devices']['entry']['device-group'][ 'entry'] dg_tree = [a for a in device_groups if a['@name'] == chosen_dg][0] sec_tree = dg_tree['post-rulebase']['security']['rules']['entry'] # BUILD LIST FOR DUMPING TO WEBPAGE rows = list() rows.append([ 'NAME', 'FROM', 'SOURCE', 'RESOLVED SRC', 'TO', 'DESTINATION', 'RESOLVED DST', 'APP', 'SERVICE', 'RESOLVED PT', 'CATEGORY', 'ACTION', 'PROFILE-SETTING', 'LOG-SETTING', ]) for r in sec_tree: try: # resolve source address(es) src_ip = export.resolve_address(r['source'].get('member'), pan_cfg) # resolve destination address(es) dst_ip = export.resolve_address(r['destination'].get('member'), pan_cfg) # Resolve destination port object(s) to a list of ports if type(r['service']) == list: dport = r['service'][0].get('member') else: dport = r['service'].get('member') dst_port = export.resolve_service(dport, pan_cfg) # Fill out table row with all rule details row = ( str(r['@name']), str(r['from'].get('member')), str(r['source'].get('member')), str(src_ip), str(r['to'].get('member')), str(r['destination'].get('member')), str(dst_ip), str(r['application'].get('member')), str(r['service'].get('member')), str(dst_port), str(r['category'].get('member')), str(r['action']), str( r.get('profile-setting', {}).get('group', {}).get('member', 'none')), str(r['log-setting']), ) rows.append(row) except BaseException as e: logging.exception("UNABLE TO EXPORT RULE {} DUE TO {}".format( r, e)) return flask_excel.make_response_from_array(rows, "xlsx")