void ParseAccessListLinesIntoGroups(ParserArgs args) { var aclCollections = new List <AccessListCollection>(); int sequence = 0; foreach (var line in args.Lines) { var split = line.Trim().Split(new[] { " " }, StringSplitOptions.RemoveEmptyEntries); var name = split[1]; var stringType = split[2]; var stringPermission = split[3]; var originalName = string.Join(" ", AccessList.AccessListTag, name); var collection = aclCollections.Where(x => x.Name == name).FirstOrDefault(); var accessList = new AccessList() { Name = name, OriginalName = originalName, Sequence = sequence++, Permission = FindAccessListPermission(stringPermission), LinesToProcess = split.Skip(3) }; try { accessList.Type = FindAccessListType(stringType); } catch (Exception) { if (args.Results.CompletionSeverity != ResultSeverity.Errors) { args.Results.CompletionSeverity = ResultSeverity.Warnings; } var message = string.Join(Environment.NewLine, string.Format("Unknown ACL Type '{0}' for Access-list '{1}'", stringType, name), string.Format("Affected line in configuration (Line# {0} in access List section): {1}", sequence, line), "This line will be skipped."); args.Results.Messages.Add(message); continue; } if (collection != null) { collection.AccessLists.Add(accessList); } else { collection = new AccessListCollection() { Name = name, OriginalName = originalName }; collection.AccessLists.Add(accessList); aclCollections.Add(collection); } } args.Results.AccessListResults.AddRange(aclCollections); }
void ParseAccessListByType(ParserArgs args, AccessList acl) { switch (acl.Type) { case AccessListType.Standard: ParseStandardAccesList(acl, args); break; case AccessListType.Extended: ParseExtendedAccessList(acl, args); break; case AccessListType.Remark: ParseRemarksAccessList(acl, args); break; default: break; } if (acl.HasAliases) { if (acl.SourceIPGroup.HasAlias) { AddIPAddressToIPGroup(acl.SourceIPGroup, args, acl.Comments); } if (acl.DestinationIPGroup.HasAlias) { AddIPAddressToIPGroup(acl.DestinationIPGroup, args, acl.Comments); } } }
void MicroManageExtendedAccessList(AccessList acl, List <string> lines) { acl.SourceType = acl.Protocol; acl.Protocol = null; acl.SourceIPGroup.IPAlias = lines[1]; if (lines[2].StartsWith(AccessList.ObjectTag)) { acl.DestinationType = lines[2]; acl.DestinationIPGroup.IPAlias = lines[3]; if (lines.Count > 4) { acl.DestinationIPGroup.Port1 = lines[4]; } } else if (lines[2].StartsWith(AccessList.IpWildCardPrefix) && lines.Count == 4) { acl.SourceIPGroup.IPWildCard = lines[2]; acl.DestinationIPGroup.IPWildCard = lines[3]; } else if (lines[2].StartsWith(AccessList.IpWildCardPrefix)) { acl.SourceIPGroup.IPWildCard = lines[2]; acl.DestinationType = lines[3]; acl.DestinationIPGroup.IPAlias = lines[4]; } if (lines.Count > 5) { acl.DestinationIPGroup.Port1 = lines[5]; } return; }
void ParseStandardAccesList(AccessList acl, ParserArgs parseArgs) { foreach (var line in acl.LinesToProcess.Skip(1)) { IPAddress address; if (line == AccessList.HostTag) { acl.SourceType = AccessList.HostTag; } else if (IPAddress.TryParse(line, out address)) { if (acl.SourceIPGroup.IPAddress == null) { acl.SourceIPGroup.IP = address; } else if (acl.SourceIPGroup.Subnet == null) { acl.SourceType = AccessList.SubnetTag; acl.SourceIPGroup.Subnet = address; } } else { //TOOD: Figure out if there are other conditions I should be aware of... if (line == AccessList.HostTag) { continue; } else if (string.IsNullOrEmpty(acl.SourceIPGroup.IPWildCard)) { acl.SourceIPGroup.IPWildCard = line; } } } }
void ParseRemarksAccessList(AccessList acl, ParserArgs parseArgs) { var value = string.Join(" ", acl.LinesToProcess); acl.Comments.Append(string.Format("\"{0}\"", value)); }
void ParseExtendedAccessList(AccessList acl, ParserArgs parseArgs) { //access-list outside_cryptomap_8 extended permit ip 10.251.27.0 255.255.255.0 host 10.42.8.233 //access-list OpenSys_access_in extended deny ip any4 object DMZ-LAN //access-list mgmtzone_access_in extended permit udp object HPS_TP_PROD_LAN object-group HPS_remote_offices var lines = acl.LinesToProcess.Skip(1).ToList(); acl.Protocol = lines[0]; int sequence = 0; var stepArgs = new AccessListStepArgs() { Acl = acl }; //access-list inside_access_in extended permit object-group HPSNETMON_GRP object HPSNetMon1 any4 //access-list inside_access_in extended permit object-group client_to_mgmtzone_services any object mgmtzone_servers if (acl.Protocol.StartsWith(AccessList.ObjectTag)) { MicroManageExtendedAccessList(acl, lines); return; } foreach (var line in lines.Skip(1)) { stepArgs.Line = line; IPAddress ip = null; if (stepArgs.CollectionType != AccessListStepType.None) { ParseAccessListStepByCollectionType(stepArgs, parseArgs); } else if (GetIPAddress(line, out ip)) { if (!acl.SourceIPGroup.HasMinimumIPCriteria) { acl.SourceIPGroup.IP = ip; acl.SourceType = AccessList.SubnetTag; stepArgs.CollectionType = AccessListStepType.SourceSubnet; } else if (!acl.DestinationIPGroup.HasMinimumIPCriteria) { acl.DestinationIPGroup.IP = ip; acl.DestinationType = AccessList.SubnetTag; stepArgs.CollectionType = AccessListStepType.DestinationSubnet; } } else if (line.StartsWith(AccessList.ObjectTag)) { if (sequence == 0) { acl.SourceType = line; stepArgs.CollectionType = AccessListStepType.SourceAlias; } else { acl.DestinationType = line; stepArgs.CollectionType = AccessListStepType.DestinationAlias; } } else if (line == AccessList.HostTag) { if (!acl.SourceIPGroup.HasMinimumIPCriteria) { acl.SourceType = line; stepArgs.CollectionType = AccessListStepType.SourceIPAddress; } else { acl.DestinationType = line; stepArgs.CollectionType = AccessListStepType.DestinationIPAddress; } } else if (line.StartsWith(AccessList.IpWildCardPrefix)) { if (sequence == 0) { acl.SourceIPGroup.IPWildCard = line; } else { acl.DestinationIPGroup.IPWildCard = line; } } else if (AccessList.MatchConditionSymbol.ToList().Any(x => x == line.Trim())) { acl.PortMatchType = line; bool source = false; if (sequence <= 1 && !string.IsNullOrEmpty(acl.SourceIPGroup.IPWildCard)) { source = true; } else if (acl.SourceIPGroup.IPWildCard == acl.DestinationIPGroup.IPWildCard) { source = false; } else if (sequence <= 2 && acl.SourceIPGroup.HasMinimumIPCriteria) { source = true; } else { source = false; } if (source) { if (line == AccessList.PortRangeTag) { stepArgs.CollectionType = AccessListStepType.SourceRange1; } else { stepArgs.CollectionType = AccessListStepType.SourcePort; } } else { if (line == AccessList.PortRangeTag) { stepArgs.CollectionType = AccessListStepType.DestinationRange1; } else { stepArgs.CollectionType = AccessListStepType.DestinationPort; } } } else if (line.Contains(AccessList.HitCountPrefix)) { acl.HitCount = line.Replace("(", null) .Replace(")", null) .Split(new[] { "=" }, StringSplitOptions.RemoveEmptyEntries) .Last(); } else { stepArgs.CollectionType = AccessListStepType.DestinationPort; } sequence++; } }