Misc updates for cisco router configurations #466
Conversation
| @@ -491,6 +491,11 @@ variable_interface_name | |||
| NAME | NEWLINE | TAG | TRACK | VARIABLE ) | |||
| ; | |||
|
|
|||
| variable_password | |||
| : | |||
| (~NEWLINE)+ | |||
There was a problem hiding this comment.
With respect to ENCRYPTED:
Based on the usage above, the variable_password rule must specifically exclude ENCRYPTED, or it will swallow it. Therefore a potential definition here is: ~(NEWLINE | ENCRYPTED)+
Also, any definition that generally eats up non-newline tokens will necessarily swallow up the variable named seed in the change to enable_password above. That is, seed will never be assigned. In fact this is visible in the updated reference output in this PR. The only solution that will allow a multi-token password will necessitate use of lexer modes and at least some modification to variable_password. This is tricky, and we should discuss in depth if you want to fix yourself.
There was a problem hiding this comment.
I have no desire to learn the deep complexity of ANTLR... so if it's easy for you to fix, by all means do so. We encountered the 'enable password' line on an ASA, so... as long as that doesn't throw a parsing error as it did previously, that's all I care about. :)
I don't think Batfish currently does anything with the password anyways, so if it swallowed the seed then that's probably "ok", though probably not the Right Thing to do.
There was a problem hiding this comment.
That's fine. I'll just finish this one then.
| @@ -237,6 +238,7 @@ null_block | |||
| | TEMPLATE | |||
| | TERMINAL | |||
| | TIME_RANGE | |||
| | TIMEOUT | |||
There was a problem hiding this comment.
This is a breaking change. It needs to be more granular. In particular, it interferes with ts_timeout.
There was a problem hiding this comment.
Sad.. it's true, I hadn't ran the unit tests yet. Alright, I'll fix it on Friday. Here are some of the line(s):
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
... there are a bunch of other variations also
From ASA command reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T-Z/cmdref4/t1.html?dtid=osscdc0002833#pgfId-1649892
|
btw, If you made your other changes (the encrypted variable stuff), you could just cherry pick the first commit from this and push that and I'll fix the second commit later. |
| @@ -6,5 +6,6 @@ enable secret 5 $1$aaaaaaaaaaaaaaaaaaaaaaaaaaa | |||
| enable super-user-password aaaaaaaaaaaaaaaaaaaaa | |||
| enable telnet authentication | |||
| enable telnet password aaaaaaaaaaaaaaaaaaaaaaaaa | |||
| enable password $sha512$5000$98pqLCa2lpNvN6gnQl3zyQ==$QvdeF/4EqAATT2/e64ujg== woldj4 | |||
There was a problem hiding this comment.
What configuration language is this? I cannot enter this on my ASA VM. Also, it looks like it contains an invalid base64 string after the last $.
There was a problem hiding this comment.
The password was from an ASA and 'looks like' that (the important part that breaks parsing are the random $ symbols and the last part) -- but in reality I just randomly changed various characters so it wouldn't match, so I'm not surprised it's not a valid base64 string.
I didn't create the ASA config, @asydney did, so if the password isn't sensitive I suspect he could share the original string if you need it.
There was a problem hiding this comment.
No I just made it valid base64 by inserting a character. It's just a hash, so I don't need anything original.
|
#481 has been merged. You should update this branch before your next review request. |
dspicuzzbbn
force-pushed
the
fix-cisco-misc
branch
from
ca49057
to
3a56b45
Compare
|
Updated, should be good to go now. |
There was a problem hiding this comment.
The changes to the cisco_misc file do not nearly justify the changes to the grammar files. Please add complete unit tests justifying all changes.
By the way, a recently merged PR includes major changes to the Cisco parser/lexer files. Don't merge it into your PR - I will resolve conflicts myself after this is ready to go.
|
Alright. I won't have time to get to it until late next week. |
dspicuzzbbn
force-pushed
the
fix-cisco-misc
branch
from
3a56b45
to
0a248b4
Compare
|
Sorry for the delay on this, we got redirected and paused for awhile. I added more to the tests, this should be ready to be merged now. |
|
Hey thanks for the update! I just need a few more unit test lines from you. See inline comments. Reviewed 6 of 6 files at r1. projects/batfish/src/main/antlr4/org/batfish/grammar/cisco/Cisco_ignored.g4, line 919 at r1 (raw file):
Missing unit test. projects/batfish/src/main/antlr4/org/batfish/grammar/cisco/Cisco_ospf.g4, line 194 at r1 (raw file):
Missing unit test. projects/batfish/src/main/antlr4/org/batfish/grammar/cisco/CiscoLexer.g4, line 10678 at r1 (raw file):
Missing parser rule referencing this token, and missing unit test. Comments from Reviewable |
|
Updated. |
|
Reviewed 3 of 3 files at r2, 1 of 1 files at r3. Comments from Reviewable |
Found on a cisco ASA
This change is