Fixing scripts to be compatible with both python2 and python3

nspepi/check_invalid_config

@@ -9,16 +9,16 @@ $ENV{PATH} = '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin'.$ENV
 use File::Basename;
 
 # checking if python and ply are present
-# Output would be /var/python/bin/python2 if python2 is
+# Output would be /var/python/bin/python if python is
 # present, otherwise output would be empty string.
-my $python_version_string = `which python2 2> /dev/null`;
+my $python_version_string = `which python 2> /dev/null`;
 if ($python_version_string eq "") {
 	# Python2 is not installed
-	print "\nAs python2 is not present, we can't check for an invalid configuration\n";
+	print "\nAs python is not present, we can't check for an invalid configuration\n";
 	exit;
 }
 
-my $python_module_list = `python2 -m pip freeze 2> /dev/null`;
+my $python_module_list = `python -m pip freeze 2> /dev/null`;
 if (!($python_module_list =~ m/\bply==/)) {
 	# ply is not present
 	print "\nAs required module PLY is not present, we can't check for an invalid configuration\n";
@@ -40,7 +40,7 @@ if (not -e $config_file) {
 
 my($filename, $dir_path) = fileparse($config_file);
 
-my $exit_status = system("python2 /netscaler/nspepi2/config_check_main.py -f $config_file");
+my $exit_status = system("python /netscaler/nspepi2/config_check_main.py -f $config_file");
 if ($exit_status != 0) {
 	print "Error in checking config file: $exit_status";
 	exit;

nspepi/nspepi

@@ -5,16 +5,16 @@
 # which accompany or are included with this software.
 
 # Checking if python and PLY are present
-# Output would be /var/python/bin/python2 if python2 is
+# Output would be /var/python/bin/python if python is
 # present, otherwise output would be empty string.
-python_version_string=$(which python2 2> /dev/null)
+python_version_string=$(which python 2> /dev/null)
 if [[ $python_version_string = "" ]]
 then
-	echo "As python2 is not present, we can't run the NSPEPI tool"
+	echo "As python is not present, we can't run the NSPEPI tool"
 	exit
 fi
 
-python_module_list=$(python2 -m pip freeze 2> /dev/null)
+python_module_list=$(python -m pip freeze 2> /dev/null)
 if ! grep -q "\bply==" <<< $python_module_list
 then
 	echo "As required module PLY is not present, we can't run the NSPEPI tool"

nspepi/nspepi2/check_classic_configs.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,

nspepi/nspepi2/check_classic_expr.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,
@@ -33,6 +33,7 @@ def check_classic_expr(classic_expr):
         # Log the error message
         logging.error(exc.output)
         return None
+    nspepi_tool_output = nspepi_tool_output.decode()
     if nspepi_tool_output.startswith('ERROR:'):
         """old nspepi tool throws "ERROR: Expression is in blocked list
         of conversion" error for vpn client security expression.

nspepi/nspepi2/cli_lex.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,

nspepi/nspepi2/cli_yacc.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,

nspepi/nspepi2/config_check_main.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,

nspepi/nspepi2/convert_auth_cmd.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,

nspepi/nspepi2/convert_classic_expr.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,
@@ -60,6 +60,7 @@ def convert_classic_expr(classic_expr):
         # Log the error message
         logging.error(exc.output)
         return None
+    nspepi_tool_output = nspepi_tool_output.decode()
     if nspepi_tool_output.startswith('ERROR:'):
         """old nspepi tool throws "ERROR: Expression is in blocked list
         of conversion" error for vpn client security expression."""

nspepi/nspepi2/convert_cli_commands.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,
@@ -774,6 +774,11 @@ def reprioritize_and_emit_4_level_dict(self, bind_dict):
                         binds = module_bind_dict[bind_type]
                         new_binds = self.reprioritize_binds(binds)
                         for bind_info in new_binds:
+                            if (bind_info.flow_type_direction and
+                                    bind_info.policy_type == "classic"):
+                                self.update_tree_arg(
+                                    bind_info.parse_tree, "type",
+                                    bind_info.flow_type_direction.upper())
                             if common.pols_binds.is_bind_unsupported(
                                     bind_info.orig_cmd):
                                 logging.error(
@@ -793,11 +798,6 @@ def reprioritize_and_emit_4_level_dict(self, bind_dict):
                                 bind_cmd_trees.append(
                                     "# {}".format(str(bind_info.parse_tree)))
                             else:
-                                if (bind_info.flow_type_direction and
-                                        bind_info.policy_type == "classic"):
-                                    self.update_tree_arg(
-                                        bind_info.parse_tree, "type",
-                                        bind_info.flow_type_direction.upper())
                                 bind_cmd_trees.append(bind_info.parse_tree)
         return bind_cmd_trees
 
@@ -849,7 +849,12 @@ def convert_cr_vserver(self, commandParseTree):
         vserver_protocol_dict - dict to store protocol as value to the
                   vserver name as key
         """
-        cr_protocol = commandParseTree.positional_value(1).value
+
+        if commandParseTree.keyword_exists('td'):
+            cr_protocol = str(commandParseTree.keyword_value('td')[1])
+        else:
+            cr_protocol = commandParseTree.positional_value(1).value
+
         crv_name = commandParseTree.positional_value(0).value
         vserver_protocol_dict[crv_name] = cr_protocol.upper()
         return [commandParseTree]
@@ -1733,7 +1738,12 @@ def convert_cs_vserver(self, commandParseTree):
         vserver_protocol_dict - dict to store protocol as value to the
                  vserver name as key
         """
-        cs_protocol = commandParseTree.positional_value(1).value
+
+        if commandParseTree.keyword_exists('td'):
+            cs_protocol = str(commandParseTree.keyword_value('td')[1])
+        else:
+            cs_protocol = commandParseTree.positional_value(1).value
+
         csv_name = commandParseTree.positional_value(0).value
         vserver_protocol_dict[csv_name] = cs_protocol.upper()
         commandParseTree = ContentSwitching.convert_adv_expr_list(
@@ -1808,54 +1818,51 @@ def convert_policy(self, commandParseTree):
             prefix_val = None
             suffix = None
             url_expr = commandParseTree.keyword_value('url')[0].value
-            if url_expr.endswith('.'):
+            last_url_expr = url_expr.rsplit('/', 1)
+            converted_url_expr = 'HTTP.REQ.URL.PATH.EQ("' + \
+                url_expr + '")'
+            if ((last_url_expr[1] == '') or
+                (('.' not in last_url_expr[1]) and
+                ('*' not in last_url_expr[1]))):
+                converted_url_expr = 'HTTP.REQ.URL.PATH.EQ(("' + \
+                    url_expr + '." + HTTP.REQ.URL.SUFFIX).' + \
+                    'STRIP_END_CHARS("."))'
+            elif url_expr.endswith('.'):
                 converted_url_expr = 'HTTP.REQ.URL.PATH.EQ("' + \
-                    url_expr + '.")'
+                    url_expr + '")'
+            elif url_expr.endswith('*'):
+                if (url_expr[-3:] == '*.*'):
+                    converted_url_expr = 'HTTP.REQ.URL.PATH.STARTSWITH("' + \
+                        url_expr[0: -3] + '")'
+                elif (url_expr[-2:] == '.*'):
+                    converted_url_expr = 'HTTP.REQ.URL.PATH.EQ(("' + \
+                        url_expr[0:-1] + \
+                        '" + HTTP.REQ.URL.SUFFIX).STRIP_END_CHARS("."))'                       
+                elif (url_expr == '/*'):
+                    converted_url_expr = 'true'
+                else:
+                    converted_url_expr =  'HTTP.REQ.URL.PATH.STARTSWITH("' + \
+                        url_expr[0:-1] + '")'
             else:
-                prefix_suffix = url_expr.rsplit('.', 1)
+                prefix_suffix = last_url_expr[1].rsplit('.', 1)
                 if len(prefix_suffix) is 1:
-                    """ No suffix is present in URL."""
-                    prefix = prefix_suffix[0]
-                    suffix = None
-                    if prefix.endswith('*'):
-                        prefix_val = prefix[:-1]
+                    converted_url_expr = 'HTTP.REQ.URL.PATH.EQ(("' + \
+                        url_expr + \
+                        '." + HTTP.REQ.URL.SUFFIX).STRIP_END_CHARS("."))'                       
                 else:
                     """ Suffix is present in URL."""
+                    prefix_suffix = url_expr.rsplit('.', 1)
                     prefix = prefix_suffix[0]
                     suffix = prefix_suffix[1]
-                    """
-                    If URL is abc..*.html, then
-                    in classic code, we don't check
-                    one dot before *, and this happens
-                    only if there is some suffix.
-                    """
-                    if prefix.endswith('*'):
-                        prefix_val = prefix[:-1]
-                        if prefix_val.endswith('.'):
-                            prefix_val = prefix_val[:-1]
-
-                if suffix and (prefix != '/') and (not prefix.endswith('*')):
-                    converted_url_expr = 'HTTP.REQ.URL.PATH.EQ("' + \
-                        url_expr + '")'
-                elif (suffix is None) and (not prefix.endswith('*')):
-                    converted_url_expr = 'HTTP.REQ.URL.PATH.EQ(("' + \
-                        prefix + '." + HTTP.REQ.URL.SUFFIX).' + \
-                        'STRIP_END_CHARS("."))'
-                elif (prefix == '/*') and (suffix is not None):
-                    converted_url_expr = 'HTTP.REQ.URL.SUFFIX.EQ("' + \
-                        suffix + '")'
-                elif (prefix.endswith('*')) and (suffix is not None):
-                    converted_url_expr = '(HTTP.REQ.URL.STARTSWITH("' + \
-                        prefix_val + '") && HTTP.REQ.URL.SUFFIX.EQ("' + \
-                        suffix + '"))'
-                elif (prefix == '/*'):
-                    converted_url_expr = 'true'
-                elif (prefix.endswith('*')):
-                    converted_url_expr = 'HTTP.REQ.URL.STARTSWITH("' + \
-                        prefix_val + '")'
-                elif (suffix is not None) and (prefix == '/'):
-                    converted_url_expr = 'HTTP.REQ.URL.SUFFIX.EQ("' + \
-                        suffix + '")'
+                    if prefix == '/':
+                        converted_url_expr = 'HTTP.REQ.URL.PATH.EQ(("/."' + \
+                            ' + HTTP.REQ.URL.SUFFIX).STRIP_END_CHARS(' + \
+                            '"."))'
+                    elif prefix.endswith('*'):
+                        converted_url_expr = '(HTTP.REQ.URL.PATH.STARTSWITH' + \
+                            '("' + prefix[0:-1] + \
+                            '") && HTTP.REQ.URL.SUFFIX.EQ("' + \
+                            suffix + '"))'
 
             if commandParseTree.keyword_exists('domain'):
                 domain_name = commandParseTree.keyword_value('domain')[0] \

nspepi/nspepi2/convert_cmp_cmd.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,

nspepi/nspepi2/convert_filter_command.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,
@@ -648,7 +648,7 @@ def convert_filter_policy(self, policy_parse_tree):
             # having value as prebody or postbody Since they belong to
             # html injection family
             return self.return_original_input(original_cmd, pol_obj)
-        for dict_key, dict_value in self._actionTypeName.iteritems():
+        for dict_key, dict_value in self._actionTypeName.items():
             """ Extract key and value from stored _actionTypeName
             dictionary through action convertion """
             if policy_action not in dict_value:

nspepi/nspepi2/convert_lb_cmd.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,

nspepi/nspepi2/convert_patclass_commands.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,

nspepi/nspepi2/convert_responder_command.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,

nspepi/nspepi2/convert_rewrite_command.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,

nspepi/nspepi2/nspepi_common.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python
 
 # Copyright 2021 Citrix Systems, Inc.  All rights reserved.
 # Use of this software is governed by the license terms, if any,
@@ -565,7 +565,7 @@ def do_priority_analysis(self, global_list, local_list,
                     else:
                         # no more valid states so all priorities including
                         # and after current priority cannot be converted
-                        res = list(itertools.chain(*(combined.values())))
+                        res.extend(combined[prio])
                         break
                 o.global_type = g_types[state]
                 res_gtypes.append(o)
@@ -611,30 +611,23 @@ def analyze_vserver_priorities(self):
         gbinds = PoliciesAndBinds.global_binds
         for gmodule in gbinds:
             for gbind_type in gbinds[gmodule]:
+                locals_list = []
                 if local_binds:
                     for entity_type in local_binds:
-                        locals_list = []
                         if (gmodule in local_binds[entity_type] and gbind_type
                                 in local_binds[entity_type][gmodule]):
                             # module and bind_type match for global and local
                             locals_list += (
                                  local_binds[entity_type][gmodule][gbind_type])
-                        logging.debug(
-                            "do_priority_analysis() for {} {}"
-                            "".format(gmodule, gbind_type))
-                        unsupp, updated_gtypes = self.do_priority_analysis(
-                             gbinds[gmodule][gbind_type], locals_list,
-                             gmodule in PoliciesAndBinds.
-                             get_skip_global_override())
-                        unsupported.update(unsupp)
-                        updated_global_types += updated_gtypes
-                else:
-                    unsupp, updated_gtypes = self.do_priority_analysis(
-                                              gbinds[gmodule][gbind_type], [],
-                                              gmodule in PoliciesAndBinds.
-                                              get_skip_global_override())
-                    unsupported.update(unsupp)
-                    updated_global_types += updated_gtypes
+                logging.debug(
+                    "do_priority_analysis() for {} {}"
+                    "".format(gmodule, gbind_type))
+                unsupp, updated_gtypes = self.do_priority_analysis(
+                                          gbinds[gmodule][gbind_type], locals_list,
+                                          gmodule in PoliciesAndBinds.
+                                          get_skip_global_override())
+                unsupported.update(unsupp)
+                updated_global_types += updated_gtypes
         # store analysis results
         res = PoliciesAndBinds.priority_analysis_results
         for bindobj in unsupported:
@@ -939,12 +932,13 @@ def do_priority_analysis_for_all_users_groups(self, user_list, group_list):
         weights = collections.defaultdict(set)
         [weights[int(self.get_group(o.entity_name).weight)].add(o)
             for o in group_list]
-        for v in weights.itervalues():
-            if len(set([o.entity_name for o in v])) > 1:
+        for v in weights.values():
+            same_weight_group_set = set([o.entity_name for o in v])
+            if len(same_weight_group_set) > 1:
                 logging.error("Groups: {} having the same weight and bindings"
                               " have no defined ordering in Advanced Policy"
                               " evaluation.".format(
-                                  ", ".join(set([o.entity_name for o in v]))))
+                                  ", ".join(sorted(same_weight_group_set))))
                 res.update(v)
         logging.debug("do_priority_analysis_for_all_users_groups(): ")
         logging.debug("\nusers: {}\n\ngroups: {}\n\nunsupported: {}"