-
Notifications
You must be signed in to change notification settings - Fork 1
/
SRtoYAML.py
executable file
·166 lines (141 loc) · 5.06 KB
/
SRtoYAML.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#!/usr/bin/env python3
import sys
import yaml
if len(sys.argv) < 2:
print("Syntax: %s <infile> [objectfiles]" % sys.argv[0])
exit(1)
else:
try:
infile = open(sys.argv[1], 'r')
except (NameError, IOError):
print("Couldn't find %s" % infile)
exit(1)
try:
objectFiles = (sys.argv[2:])
except:
objectFiles = False
def fetchObjects(objectFiles):
for file in objectFiles:
with open(file, 'r') as f:
objects = f.read()
objects = yaml.safe_load_all(objects)
return list(objects)
def parseRule(rule):
newRule = {}
try:
newRule['description'] = rule['description']
except:
newRule['description'] = "NO DESCRIPTION PROVIDED"
try:
newRule['source'] = rule['source']
except:
newRule['source'] = "any"
try:
newRule['dest'] = rule['dest']
except:
newRule['dest'] = "any"
try:
if isinstance(rule['sport'], str):
newRule['sport'] = rule['sport']
elif isinstance(rule['sport'], list):
newRule['sport'] = {}
newRule['sport']['startrange'] = rule['sport'][0]
newRule['sport']['endrange'] = rule['sport'][1]
except:
newRule['sport'] = "any"
try:
if isinstance(rule['dport'], str):
newRule['dport'] = rule['dport']
elif isinstance(rule['dport'], list):
newRule['dport'] = {}
newRule['dport']['startrange'] = rule['dport'][0]
newRule['dport']['endrange'] = rule['dport'][1]
except:
newRule['dport'] = "any"
try:
newRule['actions'] = rule['actions']
except:
print("ERROR: Rule missing action")
exit(1)
return newRule
def fetchRules(infile):
ruleset = [] # Use an ordered list for rules
rule = {}
newEntry = False
for line in infile:
line = line.strip()
entry = line.split()
if entry[0] == "entry":
newEntry = True
rule.clear()
continue
elif newEntry == True:
if entry[0] == "description":
entry.pop(0)
rule['description'] = ' '.join(map(str, entry))
elif entry[0] == "src-ip":
rule['source'] = entry[1]
elif entry[0] == "dst-ip":
rule['dest'] = entry[1]
elif entry[0] == "src-port":
if entry[1] == "eq":
rule['sport'] = entry[2]
elif entry[1] == "range":
rule['sport'] = [entry[2], entry[3]]
elif entry[0] == "dst-port":
if entry[1] == "eq":
rule['dport'] = entry[2]
elif entry[1] == "range":
rule['dport'] = [entry[2], entry[3]]
elif entry[0] == "action" and entry[1] == "drop":
rule['actions'] = "deny"
newEntry = False # a rule should always end after the action
elif entry[0] == "action" and entry[1] == "forward":
rule['actions'] = "permit"
newEntry = False
if bool(rule) == True and newEntry == False:
ruleset.append(rule.copy()) # Add a copy of this dict to the ruleset list
rule.clear() # Then clear the dict so we can re-use it for the next rule
return ruleset
def findVar(search, objects):
for doc in objects:
for entry in doc:
if isinstance(doc[entry], str):
if search.strip('\"') == doc[entry].strip('\"'):
varname = entry
#print("%s matched %s" % (search, doc[entry]))
##########################################
### Can't reverse lookup an element with multiple entries as it will introduce unknowns
##########################################
#elif isinstance(doc[entry], list):
# if search.strip('"') in str(iter(doc[entry])).strip('"'):
# varname = entry
# print("%s matched %s" % (search, doc[entry]))
if 'varname' in locals():
return varname
else:
return False
def main():
yamlFile = {}
yamlFile['acl_type'] = '"ipv4-acl" OR "ipv6-acl"'
yamlFile['acl_id'] = 'ACL ID#'
yamlFile['description'] = '<FILL_ME>'
yamlFile['owner'] = '<FILL_ME>'
yamlFile['rules'] = []
ruleset = fetchRules(infile)
if objectFiles is not None:
objects = fetchObjects(objectFiles)
for rule in ruleset:
for key, value in rule.items():
#print("Checking: %s" % value)
varname = findVar(value, objects)
if varname is not False:
#print("Replacing %s with {{ %s }}" % (value, varname))
rule[key] = "{{ %s }}" % varname
yamlFile['rules'].append(parseRule(rule)) # Add the parsed rule dict to the YAML file as a new list item
print(yaml.dump(yamlFile, explicit_start=True, default_flow_style=False))
#print(yamlFile)
print('...')
infile.close()
if __name__ == "__main__":
main()