Third Party Modules¶
securecrt_tools.textfsm¶
Template based text parser.
This module implements a parser, intended to be used for converting human readable text, such as command output from a router CLI, into a list of records, containing values extracted from the input text.
A simple template language is used to describe a state machine to parse a specific type of text input, returning a record of values for each input entity.
-
class
securecrt_tools.textfsm.
CopyableRegexObject
(pattern)¶ Bases:
object
Like a re.RegexObject, but can be copied.
-
match
(*args, **kwargs)¶
-
sub
(*args, **kwargs)¶
-
-
exception
securecrt_tools.textfsm.
Error
¶ Bases:
exceptions.Exception
Base class for errors.
-
exception
securecrt_tools.textfsm.
FSMAction
¶ Bases:
exceptions.Exception
Base class for actions raised with the FSM.
-
exception
securecrt_tools.textfsm.
SkipRecord
¶ Bases:
securecrt_tools.textfsm.FSMAction
Indicate a record is to be skipped.
-
exception
securecrt_tools.textfsm.
SkipValue
¶ Bases:
securecrt_tools.textfsm.FSMAction
Indicate a value is to be skipped.
-
class
securecrt_tools.textfsm.
TextFSM
(template, options_class=<class 'securecrt_tools.textfsm.TextFSMOptions'>)¶ Bases:
object
Parses template and creates Finite State Machine (FSM).
- Attributes:
- states: (str), Dictionary of FSMState objects. values: (str), List of FSMVariables. value_map: (map), For substituting values for names in the expressions. header: Ordered list of values. state_list: Ordered list of valid states.
-
GetValuesByAttrib
(attribute)¶ Returns the list of values that have a particular attribute.
-
MAX_NAME_LEN
= 48¶
-
ParseText
(text, eof=True)¶ Passes CLI output through FSM and returns list of tuples.
First tuple is the header, every subsequent tuple is a row.
- Args:
- text: (str), Text to parse with embedded newlines. eof: (boolean), Set to False if we are parsing only part of the file. Suppresses triggering EOF state.
- Raises:
- TextFSMError: An error occurred within the FSM.
- Returns:
- List of Lists.
-
Reset
()¶ Preserves FSM but resets starting state and current record.
-
comment_regex
= <_sre.SRE_Pattern object>¶
-
header
¶ Returns header.
-
state_name_re
= <_sre.SRE_Pattern object>¶
-
exception
securecrt_tools.textfsm.
TextFSMError
¶ Bases:
securecrt_tools.textfsm.Error
Error in the FSM state execution.
-
class
securecrt_tools.textfsm.
TextFSMOptions
¶ Bases:
object
Class containing all valid TextFSMValue options.
Each nested class here represents a TextFSM option. The format is “option<name>”. Each class may override any of the methods inside the OptionBase class.
A user of this module can extend options by subclassing TextFSMOptionsBase, adding the new option class(es), then passing that new class to the TextFSM constructor with the ‘option_class’ argument.
-
class
Filldown
(value)¶ Bases:
securecrt_tools.textfsm.OptionBase
Value defaults to the previous line’s value.
-
OnAssignVar
()¶ Called when a matched value is being assigned.
-
OnClearAllVar
()¶ Called when a value has clearalled.
-
OnClearVar
()¶ Called when value has been cleared.
-
OnCreateOptions
()¶ Called after all options have been parsed for a Value.
-
-
class
Fillup
(value)¶ Bases:
securecrt_tools.textfsm.OptionBase
Like Filldown, but upwards until it finds a non-empty entry.
-
OnAssignVar
()¶ Called when a matched value is being assigned.
-
-
classmethod
GetOption
(name)¶ Returns the class of the requested option name.
-
class
Key
(value)¶ Bases:
securecrt_tools.textfsm.OptionBase
Value constitutes part of the Key of the record.
-
class
List
(value)¶ Bases:
securecrt_tools.textfsm.OptionBase
Value takes the form of a list.
-
OnAssignVar
()¶ Called when a matched value is being assigned.
-
OnClearAllVar
()¶ Called when a value has clearalled.
-
OnClearVar
()¶ Called when value has been cleared.
-
OnCreateOptions
()¶ Called after all options have been parsed for a Value.
-
OnSaveRecord
()¶ Called just prior to a record being committed.
-
-
class
OptionBase
(value)¶ Bases:
object
Factory methods for option class.
- Attributes:
- value: A TextFSMValue, the parent Value.
-
OnAssignVar
()¶ Called when a matched value is being assigned.
-
OnClearAllVar
()¶ Called when a value has clearalled.
-
OnClearVar
()¶ Called when value has been cleared.
-
OnCreateOptions
()¶ Called after all options have been parsed for a Value.
-
OnGetValue
()¶ Called when the value name is being requested.
-
OnSaveRecord
()¶ Called just prior to a record being committed.
-
name
¶
-
class
Required
(value)¶ Bases:
securecrt_tools.textfsm.OptionBase
The Value must be non-empty for the row to be recorded.
-
OnSaveRecord
()¶ Called just prior to a record being committed.
-
-
classmethod
ValidOptions
()¶ Returns a list of valid option names.
-
class
-
class
securecrt_tools.textfsm.
TextFSMRule
(line, line_num=-1, var_map=None)¶ Bases:
object
A rule in each FSM state.
A value has syntax like:
^<regexp> -> Next.Record State2Where ‘<regexp>’ is a regular expression. ‘Next’ is a Line operator. ‘Record’ is a Record operator. ‘State2’ is the next State.
- Attributes:
- match: Regex to match this rule. regex: match after template substitution. line_op: Operator on input line on match. record_op: Operator on output record on match. new_state: Label to jump to on action regex_obj: Compiled regex for which the rule matches. line_num: Integer row number of Value.
-
ACTION2_RE
= <_sre.SRE_Pattern object>¶
-
ACTION3_RE
= <_sre.SRE_Pattern object>¶
-
ACTION_RE
= <_sre.SRE_Pattern object>¶
-
LINE_OP
= ('Continue', 'Next', 'Error')¶
-
LINE_OP_RE
= '(?P<ln_op>Continue|Next|Error)'¶
-
MATCH_ACTION
= <_sre.SRE_Pattern object>¶
-
NEWSTATE_RE
= '(?P<new_state>\\w+|\\".*\\")'¶
-
OPERATOR_RE
= '((?P<ln_op>Continue|Next|Error)(\\.(?P<rec_op>Clear|Clearall|Record|NoRecord))?)'¶
-
RECORD_OP
= ('Clear', 'Clearall', 'Record', 'NoRecord')¶
-
RECORD_OP_RE
= '(?P<rec_op>Clear|Clearall|Record|NoRecord)'¶
-
exception
securecrt_tools.textfsm.
TextFSMTemplateError
¶ Bases:
securecrt_tools.textfsm.Error
Errors while parsing templates.
-
class
securecrt_tools.textfsm.
TextFSMValue
(fsm=None, max_name_len=48, options_class=None)¶ Bases:
object
A TextFSM value.
A value has syntax like:
‘Value Filldown,Required helloworld (.*)’
Where ‘Value’ is a keyword. ‘Filldown’ and ‘Required’ are options. ‘helloworld’ is the value name. ‘(.*) is the regular expression to match in the input data.
- Attributes:
- max_name_len: (int), maximum character length os a variable name. name: (str), Name of the value. options: (list), A list of current Value Options. regex: (str), Regex which the value is matched on. template: (str), regexp with named groups added. fsm: A TextFSMBase(), the containing FSM. value: (str), the current value.
-
AssignVar
(value)¶ Assign a value to this Value.
-
ClearAllVar
()¶ Clear this Value.
-
ClearVar
()¶ Clear this Value.
-
Header
()¶ Fetch the header name of this Value.
-
OnSaveRecord
()¶ Called just prior to a record being committed.
-
OptionNames
()¶ Returns a list of option names for this Value.
-
Parse
(value)¶ Parse a ‘Value’ declaration.
- Args:
- value: String line from a template file, must begin with ‘Value ‘.
- Raises:
- TextFSMTemplateError: Value declaration contains an error.
-
exception
securecrt_tools.textfsm.
Usage
¶ Bases:
exceptions.Exception
Error in command line execution.
-
securecrt_tools.textfsm.
main
(argv=None)¶ Validate text parsed with FSM or validate an FSM via command line.
securecrt_tools.ipaddress¶
A fast, lightweight IPv4/IPv6 manipulation library in Python.
This library is used to create/poke/manipulate IPv4 and IPv6 addresses and networks.
-
exception
securecrt_tools.ipaddress.
AddressValueError
¶ Bases:
exceptions.ValueError
A Value Error related to the address.
-
class
securecrt_tools.ipaddress.
IPv4Address
(address)¶ Bases:
securecrt_tools.ipaddress._BaseV4
,securecrt_tools.ipaddress._BaseAddress
Represent and manipulate single IPv4 Addresses.
-
is_global
¶
-
is_link_local
¶ Test if the address is reserved for link-local.
- Returns:
- A boolean, True if the address is link-local per RFC 3927.
-
is_loopback
¶ Test if the address is a loopback address.
- Returns:
- A boolean, True if the address is a loopback per RFC 3330.
-
is_multicast
¶ Test if the address is reserved for multicast use.
- Returns:
- A boolean, True if the address is multicast. See RFC 3171 for details.
-
is_private
¶ Test if this address is allocated for private networks.
- Returns:
- A boolean, True if the address is reserved per iana-ipv4-special-registry.
-
is_reserved
¶ Test if the address is otherwise IETF reserved.
- Returns:
- A boolean, True if the address is within the reserved IPv4 Network range.
-
is_unspecified
¶ Test if the address is unspecified.
- Returns:
- A boolean, True if this is the unspecified address as defined in RFC 5735 3.
-
packed
¶ The binary representation of this address.
-
-
class
securecrt_tools.ipaddress.
IPv4Interface
(address)¶ Bases:
securecrt_tools.ipaddress.IPv4Address
-
ip
¶
-
with_hostmask
¶
-
with_netmask
¶
-
with_prefixlen
¶
-
-
class
securecrt_tools.ipaddress.
IPv4Network
(address, strict=True)¶ Bases:
securecrt_tools.ipaddress._BaseV4
,securecrt_tools.ipaddress._BaseNetwork
This class represents and manipulates 32-bit IPv4 network + addresses..
- Attributes: [examples for IPv4Network(‘192.0.2.0/27’)]
- .network_address: IPv4Address(‘192.0.2.0’) .hostmask: IPv4Address(‘0.0.0.31’) .broadcast_address: IPv4Address(‘192.0.2.32’) .netmask: IPv4Address(‘255.255.255.224’) .prefixlen: 27
-
is_global
¶ Test if this address is allocated for public networks.
- Returns:
- A boolean, True if the address is not reserved per iana-ipv4-special-registry.
-
class
securecrt_tools.ipaddress.
IPv6Address
(address)¶ Bases:
securecrt_tools.ipaddress._BaseV6
,securecrt_tools.ipaddress._BaseAddress
Represent and manipulate single IPv6 Addresses.
-
ipv4_mapped
¶ Return the IPv4 mapped address.
- Returns:
- If the IPv6 address is a v4 mapped address, return the IPv4 mapped address. Return None otherwise.
-
is_global
¶ Test if this address is allocated for public networks.
- Returns:
- A boolean, true if the address is not reserved per iana-ipv6-special-registry.
-
is_link_local
¶ Test if the address is reserved for link-local.
- Returns:
- A boolean, True if the address is reserved per RFC 4291.
-
is_loopback
¶ Test if the address is a loopback address.
- Returns:
- A boolean, True if the address is a loopback address as defined in RFC 2373 2.5.3.
-
is_multicast
¶ Test if the address is reserved for multicast use.
- Returns:
- A boolean, True if the address is a multicast address. See RFC 2373 2.7 for details.
-
is_private
¶ Test if this address is allocated for private networks.
- Returns:
- A boolean, True if the address is reserved per iana-ipv6-special-registry.
-
is_reserved
¶ Test if the address is otherwise IETF reserved.
- Returns:
- A boolean, True if the address is within one of the reserved IPv6 Network ranges.
-
is_site_local
¶ Test if the address is reserved for site-local.
Note that the site-local address space has been deprecated by RFC 3879. Use is_private to test if this address is in the space of unique local addresses as defined by RFC 4193.
- Returns:
- A boolean, True if the address is reserved per RFC 3513 2.5.6.
-
is_unspecified
¶ Test if the address is unspecified.
- Returns:
- A boolean, True if this is the unspecified address as defined in RFC 2373 2.5.2.
-
packed
¶ The binary representation of this address.
-
sixtofour
¶ Return the IPv4 6to4 embedded address.
- Returns:
- The IPv4 6to4-embedded address if present or None if the address doesn’t appear to contain a 6to4 embedded address.
-
teredo
¶ Tuple of embedded teredo IPs.
- Returns:
- Tuple of the (server, client) IPs or None if the address doesn’t appear to be a teredo address (doesn’t start with 2001::/32)
-
-
class
securecrt_tools.ipaddress.
IPv6Interface
(address)¶ Bases:
securecrt_tools.ipaddress.IPv6Address
-
ip
¶
-
is_loopback
¶
-
is_unspecified
¶
-
with_hostmask
¶
-
with_netmask
¶
-
with_prefixlen
¶
-
-
class
securecrt_tools.ipaddress.
IPv6Network
(address, strict=True)¶ Bases:
securecrt_tools.ipaddress._BaseV6
,securecrt_tools.ipaddress._BaseNetwork
This class represents and manipulates 128-bit IPv6 networks.
- Attributes: [examples for IPv6(‘2001:db8::1000/124’)]
- .network_address: IPv6Address(‘2001:db8::1000’) .hostmask: IPv6Address(‘::f’) .broadcast_address: IPv6Address(‘2001:db8::100f’) .netmask: IPv6Address(‘ffff:ffff:ffff:ffff:ffff:ffff:ffff:fff0’) .prefixlen: 124
-
hosts
()¶ Generate Iterator over usable hosts in a network.
This is like __iter__ except it doesn’t return the Subnet-Router anycast address.
-
is_site_local
¶ Test if the address is reserved for site-local.
Note that the site-local address space has been deprecated by RFC 3879. Use is_private to test if this address is in the space of unique local addresses as defined by RFC 4193.
- Returns:
- A boolean, True if the address is reserved per RFC 3513 2.5.6.
-
exception
securecrt_tools.ipaddress.
NetmaskValueError
¶ Bases:
exceptions.ValueError
A Value Error related to the netmask.
-
securecrt_tools.ipaddress.
collapse_addresses
(addresses)¶ Collapse a list of IP objects.
- Example:
- collapse_addresses([IPv4Network(‘192.0.2.0/25’),
- IPv4Network(‘192.0.2.128/25’)]) -> [IPv4Network(‘192.0.2.0/24’)]
- Args:
- addresses: An iterator of IPv4Network or IPv6Network objects.
- Returns:
- An iterator of the collapsed IPv(4|6)Network objects.
- Raises:
- TypeError: If passed a list of mixed version objects.
-
securecrt_tools.ipaddress.
get_mixed_type_key
(obj)¶ Return a key suitable for sorting between networks and addresses.
Address and Network objects are not sortable by default; they’re fundamentally different so the expression
IPv4Address(‘192.0.2.0’) <= IPv4Network(‘192.0.2.0/24’)doesn’t make any sense. There are some times however, where you may wish to have ipaddress sort these for you anyway. If you need to do this, you can use this function as the key= argument to sorted().
- Args:
- obj: either a Network or Address object.
- Returns:
- appropriate key.
-
securecrt_tools.ipaddress.
ip_address
(address)¶ Take an IP string/int and return an object of the correct type.
- Args:
- address: A string or integer, the IP address. Either IPv4 or
- IPv6 addresses may be supplied; integers less than 2**32 will be considered to be IPv4 by default.
- Returns:
- An IPv4Address or IPv6Address object.
- Raises:
- ValueError: if the address passed isn’t either a v4 or a v6
- address
-
securecrt_tools.ipaddress.
ip_interface
(address)¶ Take an IP string/int and return an object of the correct type.
- Args:
- address: A string or integer, the IP address. Either IPv4 or
- IPv6 addresses may be supplied; integers less than 2**32 will be considered to be IPv4 by default.
- Returns:
- An IPv4Interface or IPv6Interface object.
- Raises:
- ValueError: if the string passed isn’t either a v4 or a v6
- address.
- Notes:
- The IPv?Interface classes describe an Address on a particular Network, so they’re basically a combination of both the Address and Network classes.
-
securecrt_tools.ipaddress.
ip_network
(address, strict=True)¶ Take an IP string/int and return an object of the correct type.
- Args:
- address: A string or integer, the IP network. Either IPv4 or
- IPv6 networks may be supplied; integers less than 2**32 will be considered to be IPv4 by default.
- Returns:
- An IPv4Network or IPv6Network object.
- Raises:
- ValueError: if the string passed isn’t either a v4 or a v6
- address. Or if the network has host bits set.
-
securecrt_tools.ipaddress.
summarize_address_range
(first, last)¶ Summarize a network range given the first and last IP addresses.
- Example:
>>> list(summarize_address_range(IPv4Address('192.0.2.0'), ... IPv4Address('192.0.2.130'))) ... #doctest: +NORMALIZE_WHITESPACE [IPv4Network('192.0.2.0/25'), IPv4Network('192.0.2.128/31'), IPv4Network('192.0.2.130/32')]
- Args:
- first: the first IPv4Address or IPv6Address in the range. last: the last IPv4Address or IPv6Address in the range.
- Returns:
- An iterator of the summarized IPv(4|6) network objects.
- Raise:
- TypeError:
- If the first and last objects are not IP addresses. If the first and last objects are not the same version.
- ValueError:
- If the last object is not greater than the first. If the version of the first address is not 4 or 6.
-
securecrt_tools.ipaddress.
v4_int_to_packed
(address)¶ Represent an address as 4 packed bytes in network (big-endian) order.
- Args:
- address: An integer representation of an IPv4 IP address.
- Returns:
- The integer address packed as 4 bytes in network (big-endian) order.
- Raises:
- ValueError: If the integer is negative or too large to be an
- IPv4 IP address.
-
securecrt_tools.ipaddress.
v6_int_to_packed
(address)¶ Represent an address as 16 packed bytes in network (big-endian) order.
- Args:
- address: An integer representation of an IPv6 IP address.
- Returns:
- The integer address packed as 16 bytes in network (big-endian) order.
securecrt_tools.manuf¶
Parser library for Wireshark’s OUI database.
Converts MAC addresses into a manufacturer using Wireshark’s OUI database.
See README.md.
-
class
securecrt_tools.manuf.
MacParser
(manuf_name='manuf', update=False)¶ Bases:
object
Class that contains a parser for Wireshark’s OUI database.
Optimized for quick lookup performance by reading the entire file into memory on initialization. Maps ranges of MAC addresses to manufacturers and comments (descriptions). Contains full support for netmasks and other strange things in the database.
See https://www.wireshark.org/tools/oui-lookup.html
- Args:
- manuf_name (str): Location of the manuf database file. Defaults to “manuf” in the same directory. update (bool): Whether to update the manuf file automatically. Defaults to False.
- Raises:
- IOError: If manuf file could not be found.
-
MANUF_URL
= 'https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf'¶
-
get_all
(mac)¶ Get a Vendor tuple containing (manuf, comment) from a MAC address.
- Args:
- mac (str): MAC address in standard format.
- Returns:
- Vendor: Vendor namedtuple containing (manuf, comment). Either or both may be None if not found.
- Raises:
- ValueError: If the MAC could not be parsed.
-
get_comment
(mac)¶ Returns comment from a MAC address.
- Args:
- mac (str): MAC address in standard format.
- Returns:
- string: String containing comment, or None if not found.
- Raises:
- ValueError: If the MAC could not be parsed.
-
get_manuf
(mac)¶ Returns manufacturer from a MAC address.
- Args:
- mac (str): MAC address in standard format.
- Returns:
- string: String containing manufacturer, or None if not found.
- Raises:
- ValueError: If the MAC could not be parsed.
-
refresh
(manuf_name=None)¶ Refresh/reload manuf database. Call this when manuf file is updated.
- Args:
- manuf_name (str): Location of the manuf data base file. Defaults to “manuf” in the
- same directory.
- Raises:
- IOError: If manuf file could not be found.
-
search
(mac, maximum=1)¶ Search for multiple Vendor tuples possibly matching a MAC address.
- Args:
- mac (str): MAC address in standard format. maximum (int): Maximum results to return. Defaults to 1.
- Returns:
- List of Vendor namedtuples containing (manuf, comment), with closest result first. May be empty if no results found.
- Raises:
- ValueError: If the MAC could not be parsed.
-
update
(manuf_url=None, manuf_name=None, refresh=True)¶ Update the Wireshark OUI database to the latest version.
- Args:
- manuf_url (str): URL pointing to OUI database. Defaults to database located at
- code.wireshark.org.
- manuf_name (str): Location to store the new OUI database. Defaults to “manuf” in the
- same directory.
- refresh (bool): Refresh the database once updated. Defaults to True. Uses database
- stored at manuf_name.
- Raises:
- URLError: If the download fails
-
class
securecrt_tools.manuf.
Vendor
(manuf, comment)¶ Bases:
tuple
-
comment
¶ Alias for field number 1
-
manuf
¶ Alias for field number 0
-
-
securecrt_tools.manuf.
main
()¶ Simple command line wrapping for MacParser.