示例#1
0
    def testMatchDIP(self):
        grepper = ACLGrepper(None, None, "224.1.156.12")
        self.assertTrue(grepper.grep("10 permit udp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711"))
        self.assertFalse(grepper.grep("10 permit udp 10.221.224.120/29 eq 4711 224.2.3.102/16 eq 4711"))
        self.assertFalse(grepper.grep("access-list aclXFG line 46 extended deny udp any any eq netbios-ns (hitcnt=920296) 0x4c3b867e"))

        self.assertFalse(grepper.grep("just some random text"))
示例#2
0
    def testMatchSIP(self):
        grepper = ACLGrepper("192.168.2.12")
        self.assertTrue(grepper.grep("access-list acl762 line 2 extended permit ip 192.168.2.0 255.255.255.0 10.221.34.0 255.255.255.0 (hitcnt=9) 0xfe82efcc"))
        self.assertFalse(grepper.grep("access-list acl762 line 2 extended permit ip 192.168.0.0 255.255.255.0 10.221.34.0 255.255.255.0 (hitcnt=9) 0xfe82efcc"))
        self.assertFalse(grepper.grep("access-list aclXFG line 46 extended deny udp any any eq netbios-ns (hitcnt=920296) 0x4c3b867e"))

        self.assertFalse(grepper.grep("just some random text"))
示例#3
0
    def testMatchICMP(self):
        grepper = ACLGrepper(None, None, None, None, "icmp")
        
        self.assertTrue(grepper.grep("10 permit ip 10.221.224.120/29 224.1.2.102/16"))
        self.assertTrue(grepper.grep("10 permit icmp 10.221.224.120/29 224.1.2.102/16"))
        self.assertFalse(grepper.grep("10 permit udp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711"))
        self.assertFalse(grepper.grep("10 permit tcp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711"))

        self.assertFalse(grepper.grep("just some random text"))
示例#4
0
    def testMatchReal(self):
        grepper = ACLGrepper("10.221.216.201", "5401", "10.221.69.143", "1024")

        self.assertTrue(
            grepper.grep(
                "permit tcp 10.221.216.200 0.0.0.1 range 5400 5413 host 10.221.69.143 gt 1023 established"
            ))
        self.assertFalse(
            grepper.grep(
                "permit tcp 10.221.216.200 0.0.0.1 gt 1023 host 10.221.69.143 eq 22"
            ))
示例#5
0
 def testMatchAny(self):
     grepper = ACLGrepper("192.168.2.12", None, None, None, None, True)
     self.assertTrue(
         grepper.grep(
             "access-list aclXFG line 46 extended deny udp any any eq netbios-ns (hitcnt=920296) 0x4c3b867e"
         ))
     self.assertTrue(
         grepper.grep(
             "access-list aclXFG line 46 extended deny udp any host 10.1.1.1 eq netbios-ns (hitcnt=920296) 0x4c3b867e"
         ))
     self.assertFalse(
         grepper.grep(
             "access-list aclXFG line 46 extended deny udp host 10.1.1.1 any eq netbios-ns (hitcnt=920296) 0x4c3b867e"
         ))
示例#6
0
    def testNamedPorts(self):
        grepper = ACLGrepper(None, "80", None, "22")

        self.assertFalse(
            grepper.grep(
                "10 permit udp 10.221.224.120/29 eq ssh 224.1.2.102/16 eq telnet"
            ))
        self.assertFalse(
            grepper.grep(
                "10 permit tcp 10.221.224.120/29 eq ftp 224.1.2.102/16 eq ssh")
        )
        self.assertTrue(
            grepper.grep(
                "10 permit tcp 10.221.224.120/29 eq www 224.1.2.102/16 eq ssh")
        )
示例#7
0
    def testMatchTCP(self):
        grepper = ACLGrepper(None, None, None, None, "tcp")

        self.assertTrue(
            grepper.grep("10 permit ip 10.221.224.120/29 224.1.2.102/16 "))
        self.assertFalse(
            grepper.grep("10 permit icmp 10.221.224.120/29 224.1.2.102/16"))
        self.assertFalse(
            grepper.grep(
                "10 permit udp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711"
            ))
        self.assertTrue(
            grepper.grep(
                "10 permit tcp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711"
            ))

        self.assertFalse(grepper.grep("just some random text"))
示例#8
0
    def testPortsOnly(self):
        grepper = ACLGrepper(None, "4711", None, "124")

        self.assertFalse(
            grepper.grep(
                "10 permit udp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711"
            ))
        self.assertFalse(
            grepper.grep(
                "10 permit tcp 10.221.224.120/29 eq 124 224.1.2.102/16 eq 124")
        )
        self.assertTrue(
            grepper.grep(
                "10 permit tcp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 124"
            ))
        self.assertTrue(
            grepper.grep(
                "10 permit tcp 10.221.224.120/29 224.1.2.102/16 eq 124"))
        self.assertTrue(
            grepper.grep(
                "10 permit tcp 10.221.224.120/29 eq 4711 224.1.2.102/16"))
        self.assertTrue(
            grepper.grep("10 permit tcp 10.221.224.120/29 224.1.2.102/16"))
示例#9
0
    def testMatchDIP(self):
        grepper = ACLGrepper(None, None, "224.1.156.12")
        self.assertTrue(
            grepper.grep(
                "10 permit udp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711"
            ))
        self.assertFalse(
            grepper.grep(
                "10 permit udp 10.221.224.120/29 eq 4711 224.2.3.102/16 eq 4711"
            ))
        self.assertFalse(
            grepper.grep(
                "access-list aclXFG line 46 extended deny udp any any eq netbios-ns (hitcnt=920296) 0x4c3b867e"
            ))

        self.assertFalse(grepper.grep("just some random text"))
示例#10
0
    def testMatchSIP(self):
        grepper = ACLGrepper("192.168.2.12")
        self.assertTrue(
            grepper.grep(
                "access-list acl762 line 2 extended permit ip 192.168.2.0 255.255.255.0 10.221.34.0 255.255.255.0 (hitcnt=9) 0xfe82efcc"
            ))
        self.assertFalse(
            grepper.grep(
                "access-list acl762 line 2 extended permit ip 192.168.0.0 255.255.255.0 10.221.34.0 255.255.255.0 (hitcnt=9) 0xfe82efcc"
            ))
        self.assertFalse(
            grepper.grep(
                "access-list aclXFG line 46 extended deny udp any any eq netbios-ns (hitcnt=920296) 0x4c3b867e"
            ))

        self.assertFalse(grepper.grep("just some random text"))
示例#11
0
    def testMatchSPort(self):
        grepper = ACLGrepper("192.168.2.12", "123")
        
        # any
        self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 any 224.0.0.102/32 eq 4711"))

        # eq
        self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 eq 4711 224.0.0.102/32 eq 4711"))
        self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 eq 123 224.0.0.102/32 eq 4711"))
        self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 eq 4711 224.0.0.102/32 eq 123"))
        self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 eq 88 99 123 125 224.0.0.102/32 eq 4711"))

        # neq
        self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 neq 4711 224.0.0.102/32 neq 4711"))
        self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 neq 123 224.0.0.102/32 neq 4711"))
        self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 neq 4711 224.0.0.102/32 neq 123"))

        # gt
        self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 gt 123 224.0.0.102/32 eq 4711"))
        self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 gt 122 224.0.0.102/32 eq 4711"))
        self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 gt 4711 224.0.0.102/32 gt 90"))

        # lt
        self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 lt 123 224.0.0.102/32 eq 4711"))
        self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 lt 124 224.0.0.102/32 lt 4711"))
        self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 lt 100 224.0.0.102/32 lt 900"))

        # range
        self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 range 100 120 123 224.0.0.102/32 eq 4711"))
        self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 range 130 150 123 224.0.0.102/32 eq 4711"))
        self.assertTrue(grepper.grep("10 permit udp 192.168.2.0/24 range 100 140 123 224.0.0.102/32 eq 4711"))
        self.assertFalse(grepper.grep("10 permit udp 192.168.2.0/24 range 100 120 123 224.0.0.102/32 range 100 150"))

        self.assertFalse(grepper.grep("just some random text"))
示例#12
0
 def testMatchAny(self):
     grepper = ACLGrepper("192.168.2.12", None, None, None, None, True)
     self.assertTrue(grepper.grep("access-list aclXFG line 46 extended deny udp any any eq netbios-ns (hitcnt=920296) 0x4c3b867e"))
     self.assertTrue(grepper.grep("access-list aclXFG line 46 extended deny udp any host 10.1.1.1 eq netbios-ns (hitcnt=920296) 0x4c3b867e"))
     self.assertFalse(grepper.grep("access-list aclXFG line 46 extended deny udp host 10.1.1.1 any eq netbios-ns (hitcnt=920296) 0x4c3b867e"))        
示例#13
0
    def testNoICMPWhenPortGivenEvenIfAny(self):
        grepper = ACLGrepper(None, "80", None, "80", "any")

        self.assertFalse(
            grepper.grep("10 permit icmp 10.221.224.120/29 224.1.2.102/16"))
示例#14
0
    def testMatchReal(self):
        grepper = ACLGrepper("10.221.216.201", "5401", "10.221.69.143", "1024")

        self.assertTrue(grepper.grep("permit tcp 10.221.216.200 0.0.0.1 range 5400 5413 host 10.221.69.143 gt 1023 established"))
        self.assertFalse(grepper.grep("permit tcp 10.221.216.200 0.0.0.1 gt 1023 host 10.221.69.143 eq 22"))
示例#15
0
    def testNamedPorts(self):
        grepper = ACLGrepper(None, "80", None, "22")

        self.assertFalse(grepper.grep("10 permit udp 10.221.224.120/29 eq ssh 224.1.2.102/16 eq telnet"))
        self.assertFalse(grepper.grep("10 permit tcp 10.221.224.120/29 eq ftp 224.1.2.102/16 eq ssh"))
        self.assertTrue(grepper.grep("10 permit tcp 10.221.224.120/29 eq www 224.1.2.102/16 eq ssh"))
示例#16
0
    def testNoICMPWhenPortGivenEvenIfAny(self):
        grepper = ACLGrepper(None, "80", None, "80", "any")

        self.assertFalse(grepper.grep("10 permit icmp 10.221.224.120/29 224.1.2.102/16"))
示例#17
0
 def setUp(self):
     # the parameters do not matter for the generic tests
     self.ag = ACLGrepper()
示例#18
0
class patterns(unittest.TestCase):
    def setUp(self):
        # the parameters do not matter for the generic tests
        self.ag = ACLGrepper()

    def testIpToBits(self):
        # go over range
        for x in range(0, 256):
            ip = ("%d.%d.%d.%d" % (x, x, x, x))
            value = x * 0x1000000 + x * 0x10000 + x * 0x100 + x
            self.assertEqual(value, self.ag.ip_to_bits(ip))

        # corner cases
        self.assertRaises(ValueError, self.ag.ip_to_bits, "256.0.0.0")
        self.assertRaises(ValueError, self.ag.ip_to_bits, "a")
        self.assertRaises(ValueError, self.ag.ip_to_bits, "")

    def testIpMaskPair(self):
        # check values
        self.assertEqual((0x0a000000, 0xff000000),
                         self.ag.ip_and_mask_to_pair("10.0.0.0 255.0.0.0"))
        self.assertEqual(
            (0xc0a80200, 0xfffffc00),
            self.ag.ip_and_mask_to_pair("192.168.2.0 255.255.252.0"))
        # separator should not matter
        self.assertEqual(
            self.ag.ip_and_mask_to_pair("192.168.2.0 255.255.255.0"),
            self.ag.ip_and_mask_to_pair("192.168.2.0/255.255.255.0"))
        # equivalent subnet mask and wildcard mask
        self.assertEqual(
            self.ag.ip_and_mask_to_pair("192.168.2.0 255.255.255.0"),
            self.ag.ip_and_mask_to_pair("192.168.2.0 0.0.0.255"))

        # full bits -> interpret as host TODO: is this correct?
        self.assertEqual(
            (0x0a020304, 0xffffffff),
            self.ag.ip_and_mask_to_pair("10.2.3.4 255.255.255.255"))
        # no bits -> host
        self.assertEqual((0x0a010101, 0xffffffff),
                         self.ag.ip_and_mask_to_pair("10.1.1.1/0.0.0.0"))

    def testIpCidrPair(self):
        # check values
        self.assertEqual((0x0a000000, 0xff000000),
                         self.ag.ip_and_cidr_to_pair("10.0.0.0/8"))
        self.assertEqual((0xc0a80200, 0xfffffc00),
                         self.ag.ip_and_cidr_to_pair("192.168.2.0/22"))

    def testIpInNet(self):
        self.assertTrue(self.ag.ip_in_net(0x0a010101,
                                          (0x0a000000, 0xff000000)))
        self.assertFalse(
            self.ag.ip_in_net(0x0a010101, (0x0a000000, 0xffffff00)))
示例#19
0
    def testMatchSPort(self):
        grepper = ACLGrepper("192.168.2.12", "123")

        # any
        self.assertTrue(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 any 224.0.0.102/32 eq 4711"))

        # eq
        self.assertFalse(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 eq 4711 224.0.0.102/32 eq 4711"))
        self.assertTrue(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 eq 123 224.0.0.102/32 eq 4711"))
        self.assertFalse(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 eq 4711 224.0.0.102/32 eq 123"))
        self.assertTrue(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 eq 88 99 123 125 224.0.0.102/32 eq 4711"
            ))

        # neq
        self.assertTrue(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 neq 4711 224.0.0.102/32 neq 4711"
            ))
        self.assertFalse(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 neq 123 224.0.0.102/32 neq 4711")
        )
        self.assertTrue(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 neq 4711 224.0.0.102/32 neq 123")
        )

        # gt
        self.assertFalse(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 gt 123 224.0.0.102/32 eq 4711"))
        self.assertTrue(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 gt 122 224.0.0.102/32 eq 4711"))
        self.assertFalse(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 gt 4711 224.0.0.102/32 gt 90"))

        # lt
        self.assertFalse(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 lt 123 224.0.0.102/32 eq 4711"))
        self.assertTrue(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 lt 124 224.0.0.102/32 lt 4711"))
        self.assertFalse(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 lt 100 224.0.0.102/32 lt 900"))

        # range
        self.assertFalse(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 range 100 120 123 224.0.0.102/32 eq 4711"
            ))
        self.assertFalse(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 range 130 150 123 224.0.0.102/32 eq 4711"
            ))
        self.assertTrue(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 range 100 140 123 224.0.0.102/32 eq 4711"
            ))
        self.assertFalse(
            grepper.grep(
                "10 permit udp 192.168.2.0/24 range 100 120 123 224.0.0.102/32 range 100 150"
            ))

        self.assertFalse(grepper.grep("just some random text"))
示例#20
0
    def testPortsOnly(self):
        grepper = ACLGrepper(None, "4711", None, "124")

        self.assertFalse(grepper.grep("10 permit udp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 4711"))
        self.assertFalse(grepper.grep("10 permit tcp 10.221.224.120/29 eq 124 224.1.2.102/16 eq 124"))
        self.assertTrue(grepper.grep("10 permit tcp 10.221.224.120/29 eq 4711 224.1.2.102/16 eq 124"))
示例#21
0
 def setUp(self):
     # the parameters do not matter for the generic tests
     self.ag = ACLGrepper()
示例#22
0
class patterns(unittest.TestCase):

    def setUp(self):
        # the parameters do not matter for the generic tests
        self.ag = ACLGrepper()

    def testIpToBits(self):
        # go over range
        for x in range(0,256):
            ip = ("%d.%d.%d.%d" % (x,x,x,x))
            value = x * 0x1000000 + x * 0x10000 + x * 0x100 + x
            self.assertEqual(value, self.ag.ip_to_bits(ip))

        # corner cases
        self.assertRaises(ValueError, self.ag.ip_to_bits, "256.0.0.0")
        self.assertRaises(ValueError, self.ag.ip_to_bits, "a")
        self.assertRaises(ValueError, self.ag.ip_to_bits, "")

    def testIpMaskPair(self):
        # check values
        self.assertEqual((0x0a000000, 0xff000000), self.ag.ip_and_mask_to_pair("10.0.0.0 255.0.0.0"))
        self.assertEqual((0xc0a80200, 0xfffffc00), self.ag.ip_and_mask_to_pair("192.168.2.0 255.255.252.0"))
        # separator should not matter
        self.assertEqual(self.ag.ip_and_mask_to_pair("192.168.2.0 255.255.255.0"), self.ag.ip_and_mask_to_pair("192.168.2.0/255.255.255.0"))
        # equivalent subnet mask and wildcard mask
        self.assertEqual(self.ag.ip_and_mask_to_pair("192.168.2.0 255.255.255.0"), self.ag.ip_and_mask_to_pair("192.168.2.0 0.0.0.255"))

        # full bits -> interpret as host TODO: is this correct?
        self.assertEqual((0x0a020304, 0xffffffff), self.ag.ip_and_mask_to_pair("10.2.3.4 255.255.255.255"))
        # no bits -> host
        self.assertEqual((0x0a010101, 0xffffffff), self.ag.ip_and_mask_to_pair("10.1.1.1/0.0.0.0"))

    def testIpCidrPair(self):
        # check values
        self.assertEqual((0x0a000000, 0xff000000), self.ag.ip_and_cidr_to_pair("10.0.0.0/8"))
        self.assertEqual((0xc0a80200, 0xfffffc00), self.ag.ip_and_cidr_to_pair("192.168.2.0/22"))

    def testIpInNet(self):
        self.assertTrue(self.ag.ip_in_net(0x0a010101, (0x0a000000, 0xff000000)))
        self.assertFalse(self.ag.ip_in_net(0x0a010101, (0x0a000000, 0xffffff00)))