From 092f595742bdc141c9136fc4885fcff8bb5091a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Petr=20Kl=C3=ADma?= Date: Wed, 24 Apr 2024 10:06:31 +0200 Subject: [PATCH] Fetch command output - obfuscations (#99) * add IP and MAC obfuscation * Add obfuscate strings --- test/unit/commands.in | 47 ----------------- test/unit/fetch_command_output.cfg | 5 ++ test/unit/fetch_command_output.sh | 84 +++++++++++++++++++++++++++++- 3 files changed, 88 insertions(+), 48 deletions(-) delete mode 100644 test/unit/commands.in diff --git a/test/unit/commands.in b/test/unit/commands.in deleted file mode 100644 index f5a25ed..0000000 --- a/test/unit/commands.in +++ /dev/null @@ -1,47 +0,0 @@ -# Commands file for utility 'generate_mocked_data.sh' -# -# This will help you to make bunch of command output files for napalm drivers unit tests -# -# There is not any IP, MAC or names obfuscation or anonymizations! -# Before using outputs as a unit test files it is recommendet to protect -# your privacy information yourself by editing output files. - -# Available variables -# $INTERFACE - for detailed interface information -# $LLDPINTERFACE - for detailed LLDP information - -# Define empty array of commands -COMMANDS=() - -# This is example set of commands for napalm driver 's350' (Cisco SMB) - -# system info -COMMANDS+=("show version") -COMMANDS+=("show system") -COMMANDS+=("show inventory") - -# config commands -COMMANDS+=("show startup-config") -COMMANDS+=("show running-config") -COMMANDS+=("show running-config detailed") - -# interface commands -COMMANDS+=("show interfaces status") -COMMANDS+=("show interfaces description") -COMMANDS+=("show interface switchport $INTERFACE") -COMMANDS+=("show ports jumbo-frame") - -# ip commands -COMMANDS+=("show hosts") -COMMANDS+=("show ip interface") -COMMANDS+=("show ipv6 interface brief") -COMMANDS+=("show arp") - -# lldp commands -COMMANDS+=("show lldp neighbors") -COMMANDS+=("show lldp local $LLDPINTERFACE") -COMMANDS+=("show lldp neighbors $LLDPINTERFACE") - -# ntp commands -COMMANDS+=("show sntp status") - diff --git a/test/unit/fetch_command_output.cfg b/test/unit/fetch_command_output.cfg index cd11f46..62290a8 100644 --- a/test/unit/fetch_command_output.cfg +++ b/test/unit/fetch_command_output.cfg @@ -18,6 +18,7 @@ COMMANDS=() # system info COMMANDS+=("show version") COMMANDS+=("show system") +COMMANDS+=("show version") COMMANDS+=("show inventory") # config commands @@ -45,3 +46,7 @@ COMMANDS+=("show lldp neighbors $LLDPINTERFACE") # ntp commands COMMANDS+=("show sntp status") +OBFUSCATE=() +OBFUSCATE+=("sw-cb-&&&switch-") +OBFUSCATE+=("PSZ21221ECM&&&ABC12234XYZ") +OBFUSCATE+=("CZ;Ceske Budejovice;Rudolfovska 83;vr&&&Something;Somewhere;Somestreet;others") diff --git a/test/unit/fetch_command_output.sh b/test/unit/fetch_command_output.sh index ee0e032..24d5b5e 100755 --- a/test/unit/fetch_command_output.sh +++ b/test/unit/fetch_command_output.sh @@ -152,6 +152,88 @@ do echo "## Fetching '$CMD' to '$CMDSTR.txt'" # --debug - echo -e "$(napalm --user "$DEVUSERNAME" --password "$DEVPASSWORD" --vendor "$VENDOR" "$DEVICE" call --method-kwargs "command='$CMD'" "$METHOD" | sed 's/^"//;s/"$//;s/\\"/"/g')" > "$CMDFILE" + set -x + echo -e "$(napalm --debug --user "$DEVUSERNAME" --password "$DEVPASSWORD" --vendor "$VENDOR" "$DEVICE" call --method-kwargs "command='$CMD'" "$METHOD" | sed 's/^"//;s/"$//;s/\\"/"/g')" > "$CMDFILE" + set +x done +echo "#### Preparing obfuscate script" +echo "## IP addresses" +IPs=$(cat "$CODIR/$TYPE/"*.txt \ + | sed -rn 's/.*[^0-9\.](([0-9]{1,3}\.){3}[0-9]{1,3})[^0-9\.].*/\1/gp' \ + | sort \ + | uniq +) +echo $IPs + +for a in $IPs +do + oa=${a} + oa=${oa//1/3} + oa=${oa//2/3} + oa=${oa//4/3} + oa=${oa//5/3} + oa=${oa//6/7} + oa=${oa//8/7} + oa=${oa//9/7} + + oa=" -e s/$a/$oa/g " + + oIPs="$oIPs$oa " +done + +echo "## MAC addresses" +MACs=$(cat "$CODIR/$TYPE/"*.txt \ + | sed -rn -e 's/.*[^0-9\.:a-f-](([[:xdigit:]]{2}[:.-]?){5}[[:xdigit:]]{2})[^0-9\.:a-f-].*/\1/gp' \ + | sort \ + | uniq +) +echo $MACs + +for m in $MACs +do + om=${m} + om=${om//1/2} + om=${om//3/2} + om=${om//6/2} + om=${om//8/2} + om=${om//b/2} + om=${om//e/2} + om=${om//4/a} + om=${om//5/a} + om=${om//7/a} + om=${om//9/a} + om=${om//c/a} + om=${om//d/a} + + om=" -e s/$m/$om/g " + + oMACs="$oMACs$om " +done + +echo "## Obfuscate IPs and MACs" +echo oIPS=$oIPs +echo oMACs=$oMACs +set -x +sed -r -iOBF $oMACs $oIPs "$CODIR/$TYPE/"*.txt +set +x + +echo "## Obfuscate strings from OBFUSCATE config variable" + +for s in "${OBFUSCATE[@]}" +do + f="${s%%&&&*}" + t="${s##*&&&}" + oSTR="${oSTR}s/$f/$t/g;" +done + +echo $oSTR +sed -r -iSTR -e "$oSTR" "$CODIR/$TYPE/"*.txt + + + +echo "###################################################" +echo "## Do not forget obfuscate other output: ##" +echo "## passwords, secrets, keys, certificates ##" +echo "## descriptions, names and other ... ##" +echo "###################################################"