Third Party Modules

securecrt_tools.textfsm

Template based text parser.

This module implements a parser, intended to be used for converting human readable text, such as command output from a router CLI, into a list of records, containing values extracted from the input text.

A simple template language is used to describe a state machine to parse a specific type of text input, returning a record of values for each input entity.

class securecrt_tools.textfsm.CopyableRegexObject(pattern)

Bases: object

Like a re.RegexObject, but can be copied.

match(*args, **kwargs)
sub(*args, **kwargs)
exception securecrt_tools.textfsm.Error

Bases: exceptions.Exception

Base class for errors.

exception securecrt_tools.textfsm.FSMAction

Bases: exceptions.Exception

Base class for actions raised with the FSM.

exception securecrt_tools.textfsm.SkipRecord

Bases: securecrt_tools.textfsm.FSMAction

Indicate a record is to be skipped.

exception securecrt_tools.textfsm.SkipValue

Bases: securecrt_tools.textfsm.FSMAction

Indicate a value is to be skipped.

class securecrt_tools.textfsm.TextFSM(template, options_class=<class 'securecrt_tools.textfsm.TextFSMOptions'>)

Bases: object

Parses template and creates Finite State Machine (FSM).

Attributes:
states: (str), Dictionary of FSMState objects. values: (str), List of FSMVariables. value_map: (map), For substituting values for names in the expressions. header: Ordered list of values. state_list: Ordered list of valid states.
GetValuesByAttrib(attribute)

Returns the list of values that have a particular attribute.

MAX_NAME_LEN = 48
ParseText(text, eof=True)

Passes CLI output through FSM and returns list of tuples.

First tuple is the header, every subsequent tuple is a row.

Args:
text: (str), Text to parse with embedded newlines. eof: (boolean), Set to False if we are parsing only part of the file. Suppresses triggering EOF state.
Raises:
TextFSMError: An error occurred within the FSM.
Returns:
List of Lists.
Reset()

Preserves FSM but resets starting state and current record.

comment_regex = <_sre.SRE_Pattern object>
header

Returns header.

state_name_re = <_sre.SRE_Pattern object>
exception securecrt_tools.textfsm.TextFSMError

Bases: securecrt_tools.textfsm.Error

Error in the FSM state execution.

class securecrt_tools.textfsm.TextFSMOptions

Bases: object

Class containing all valid TextFSMValue options.

Each nested class here represents a TextFSM option. The format is “option<name>”. Each class may override any of the methods inside the OptionBase class.

A user of this module can extend options by subclassing TextFSMOptionsBase, adding the new option class(es), then passing that new class to the TextFSM constructor with the ‘option_class’ argument.

class Filldown(value)

Bases: securecrt_tools.textfsm.OptionBase

Value defaults to the previous line’s value.

OnAssignVar()

Called when a matched value is being assigned.

OnClearAllVar()

Called when a value has clearalled.

OnClearVar()

Called when value has been cleared.

OnCreateOptions()

Called after all options have been parsed for a Value.

class Fillup(value)

Bases: securecrt_tools.textfsm.OptionBase

Like Filldown, but upwards until it finds a non-empty entry.

OnAssignVar()

Called when a matched value is being assigned.

classmethod GetOption(name)

Returns the class of the requested option name.

class Key(value)

Bases: securecrt_tools.textfsm.OptionBase

Value constitutes part of the Key of the record.

class List(value)

Bases: securecrt_tools.textfsm.OptionBase

Value takes the form of a list.

OnAssignVar()

Called when a matched value is being assigned.

OnClearAllVar()

Called when a value has clearalled.

OnClearVar()

Called when value has been cleared.

OnCreateOptions()

Called after all options have been parsed for a Value.

OnSaveRecord()

Called just prior to a record being committed.

class OptionBase(value)

Bases: object

Factory methods for option class.

Attributes:
value: A TextFSMValue, the parent Value.
OnAssignVar()

Called when a matched value is being assigned.

OnClearAllVar()

Called when a value has clearalled.

OnClearVar()

Called when value has been cleared.

OnCreateOptions()

Called after all options have been parsed for a Value.

OnGetValue()

Called when the value name is being requested.

OnSaveRecord()

Called just prior to a record being committed.

name
class Required(value)

Bases: securecrt_tools.textfsm.OptionBase

The Value must be non-empty for the row to be recorded.

OnSaveRecord()

Called just prior to a record being committed.

classmethod ValidOptions()

Returns a list of valid option names.

class securecrt_tools.textfsm.TextFSMRule(line, line_num=-1, var_map=None)

Bases: object

A rule in each FSM state.

A value has syntax like:

^<regexp> -> Next.Record State2

Where ‘<regexp>’ is a regular expression. ‘Next’ is a Line operator. ‘Record’ is a Record operator. ‘State2’ is the next State.

Attributes:
match: Regex to match this rule. regex: match after template substitution. line_op: Operator on input line on match. record_op: Operator on output record on match. new_state: Label to jump to on action regex_obj: Compiled regex for which the rule matches. line_num: Integer row number of Value.
ACTION2_RE = <_sre.SRE_Pattern object>
ACTION3_RE = <_sre.SRE_Pattern object>
ACTION_RE = <_sre.SRE_Pattern object>
LINE_OP = ('Continue', 'Next', 'Error')
LINE_OP_RE = '(?P<ln_op>Continue|Next|Error)'
MATCH_ACTION = <_sre.SRE_Pattern object>
NEWSTATE_RE = '(?P<new_state>\\w+|\\".*\\")'
OPERATOR_RE = '((?P<ln_op>Continue|Next|Error)(\\.(?P<rec_op>Clear|Clearall|Record|NoRecord))?)'
RECORD_OP = ('Clear', 'Clearall', 'Record', 'NoRecord')
RECORD_OP_RE = '(?P<rec_op>Clear|Clearall|Record|NoRecord)'
exception securecrt_tools.textfsm.TextFSMTemplateError

Bases: securecrt_tools.textfsm.Error

Errors while parsing templates.

class securecrt_tools.textfsm.TextFSMValue(fsm=None, max_name_len=48, options_class=None)

Bases: object

A TextFSM value.

A value has syntax like:

‘Value Filldown,Required helloworld (.*)’

Where ‘Value’ is a keyword. ‘Filldown’ and ‘Required’ are options. ‘helloworld’ is the value name. ‘(.*) is the regular expression to match in the input data.

Attributes:
max_name_len: (int), maximum character length os a variable name. name: (str), Name of the value. options: (list), A list of current Value Options. regex: (str), Regex which the value is matched on. template: (str), regexp with named groups added. fsm: A TextFSMBase(), the containing FSM. value: (str), the current value.
AssignVar(value)

Assign a value to this Value.

ClearAllVar()

Clear this Value.

ClearVar()

Clear this Value.

Header()

Fetch the header name of this Value.

OnSaveRecord()

Called just prior to a record being committed.

OptionNames()

Returns a list of option names for this Value.

Parse(value)

Parse a ‘Value’ declaration.

Args:
value: String line from a template file, must begin with ‘Value ‘.
Raises:
TextFSMTemplateError: Value declaration contains an error.
exception securecrt_tools.textfsm.Usage

Bases: exceptions.Exception

Error in command line execution.

securecrt_tools.textfsm.main(argv=None)

Validate text parsed with FSM or validate an FSM via command line.

securecrt_tools.ipaddress

A fast, lightweight IPv4/IPv6 manipulation library in Python.

This library is used to create/poke/manipulate IPv4 and IPv6 addresses and networks.

exception securecrt_tools.ipaddress.AddressValueError

Bases: exceptions.ValueError

A Value Error related to the address.

class securecrt_tools.ipaddress.IPv4Address(address)

Bases: securecrt_tools.ipaddress._BaseV4, securecrt_tools.ipaddress._BaseAddress

Represent and manipulate single IPv4 Addresses.

is_global

Test if the address is reserved for link-local.

Returns:
A boolean, True if the address is link-local per RFC 3927.
is_loopback

Test if the address is a loopback address.

Returns:
A boolean, True if the address is a loopback per RFC 3330.
is_multicast

Test if the address is reserved for multicast use.

Returns:
A boolean, True if the address is multicast. See RFC 3171 for details.
is_private

Test if this address is allocated for private networks.

Returns:
A boolean, True if the address is reserved per iana-ipv4-special-registry.
is_reserved

Test if the address is otherwise IETF reserved.

Returns:
A boolean, True if the address is within the reserved IPv4 Network range.
is_unspecified

Test if the address is unspecified.

Returns:
A boolean, True if this is the unspecified address as defined in RFC 5735 3.
packed

The binary representation of this address.

class securecrt_tools.ipaddress.IPv4Interface(address)

Bases: securecrt_tools.ipaddress.IPv4Address

ip
with_hostmask
with_netmask
with_prefixlen
class securecrt_tools.ipaddress.IPv4Network(address, strict=True)

Bases: securecrt_tools.ipaddress._BaseV4, securecrt_tools.ipaddress._BaseNetwork

This class represents and manipulates 32-bit IPv4 network + addresses..

Attributes: [examples for IPv4Network(‘192.0.2.0/27’)]
.network_address: IPv4Address(‘192.0.2.0’) .hostmask: IPv4Address(‘0.0.0.31’) .broadcast_address: IPv4Address(‘192.0.2.32’) .netmask: IPv4Address(‘255.255.255.224’) .prefixlen: 27
is_global

Test if this address is allocated for public networks.

Returns:
A boolean, True if the address is not reserved per iana-ipv4-special-registry.
class securecrt_tools.ipaddress.IPv6Address(address)

Bases: securecrt_tools.ipaddress._BaseV6, securecrt_tools.ipaddress._BaseAddress

Represent and manipulate single IPv6 Addresses.

ipv4_mapped

Return the IPv4 mapped address.

Returns:
If the IPv6 address is a v4 mapped address, return the IPv4 mapped address. Return None otherwise.
is_global

Test if this address is allocated for public networks.

Returns:
A boolean, true if the address is not reserved per iana-ipv6-special-registry.

Test if the address is reserved for link-local.

Returns:
A boolean, True if the address is reserved per RFC 4291.
is_loopback

Test if the address is a loopback address.

Returns:
A boolean, True if the address is a loopback address as defined in RFC 2373 2.5.3.
is_multicast

Test if the address is reserved for multicast use.

Returns:
A boolean, True if the address is a multicast address. See RFC 2373 2.7 for details.
is_private

Test if this address is allocated for private networks.

Returns:
A boolean, True if the address is reserved per iana-ipv6-special-registry.
is_reserved

Test if the address is otherwise IETF reserved.

Returns:
A boolean, True if the address is within one of the reserved IPv6 Network ranges.
is_site_local

Test if the address is reserved for site-local.

Note that the site-local address space has been deprecated by RFC 3879. Use is_private to test if this address is in the space of unique local addresses as defined by RFC 4193.

Returns:
A boolean, True if the address is reserved per RFC 3513 2.5.6.
is_unspecified

Test if the address is unspecified.

Returns:
A boolean, True if this is the unspecified address as defined in RFC 2373 2.5.2.
packed

The binary representation of this address.

sixtofour

Return the IPv4 6to4 embedded address.

Returns:
The IPv4 6to4-embedded address if present or None if the address doesn’t appear to contain a 6to4 embedded address.
teredo

Tuple of embedded teredo IPs.

Returns:
Tuple of the (server, client) IPs or None if the address doesn’t appear to be a teredo address (doesn’t start with 2001::/32)
class securecrt_tools.ipaddress.IPv6Interface(address)

Bases: securecrt_tools.ipaddress.IPv6Address

ip
is_loopback
is_unspecified
with_hostmask
with_netmask
with_prefixlen
class securecrt_tools.ipaddress.IPv6Network(address, strict=True)

Bases: securecrt_tools.ipaddress._BaseV6, securecrt_tools.ipaddress._BaseNetwork

This class represents and manipulates 128-bit IPv6 networks.

Attributes: [examples for IPv6(‘2001:db8::1000/124’)]
.network_address: IPv6Address(‘2001:db8::1000’) .hostmask: IPv6Address(‘::f’) .broadcast_address: IPv6Address(‘2001:db8::100f’) .netmask: IPv6Address(‘ffff:ffff:ffff:ffff:ffff:ffff:ffff:fff0’) .prefixlen: 124
hosts()

Generate Iterator over usable hosts in a network.

This is like __iter__ except it doesn’t return the Subnet-Router anycast address.

is_site_local

Test if the address is reserved for site-local.

Note that the site-local address space has been deprecated by RFC 3879. Use is_private to test if this address is in the space of unique local addresses as defined by RFC 4193.

Returns:
A boolean, True if the address is reserved per RFC 3513 2.5.6.
exception securecrt_tools.ipaddress.NetmaskValueError

Bases: exceptions.ValueError

A Value Error related to the netmask.

securecrt_tools.ipaddress.collapse_addresses(addresses)

Collapse a list of IP objects.

Example:
collapse_addresses([IPv4Network(‘192.0.2.0/25’),
IPv4Network(‘192.0.2.128/25’)]) -> [IPv4Network(‘192.0.2.0/24’)]
Args:
addresses: An iterator of IPv4Network or IPv6Network objects.
Returns:
An iterator of the collapsed IPv(4|6)Network objects.
Raises:
TypeError: If passed a list of mixed version objects.
securecrt_tools.ipaddress.get_mixed_type_key(obj)

Return a key suitable for sorting between networks and addresses.

Address and Network objects are not sortable by default; they’re fundamentally different so the expression

IPv4Address(‘192.0.2.0’) <= IPv4Network(‘192.0.2.0/24’)

doesn’t make any sense. There are some times however, where you may wish to have ipaddress sort these for you anyway. If you need to do this, you can use this function as the key= argument to sorted().

Args:
obj: either a Network or Address object.
Returns:
appropriate key.
securecrt_tools.ipaddress.ip_address(address)

Take an IP string/int and return an object of the correct type.

Args:
address: A string or integer, the IP address. Either IPv4 or
IPv6 addresses may be supplied; integers less than 2**32 will be considered to be IPv4 by default.
Returns:
An IPv4Address or IPv6Address object.
Raises:
ValueError: if the address passed isn’t either a v4 or a v6
address
securecrt_tools.ipaddress.ip_interface(address)

Take an IP string/int and return an object of the correct type.

Args:
address: A string or integer, the IP address. Either IPv4 or
IPv6 addresses may be supplied; integers less than 2**32 will be considered to be IPv4 by default.
Returns:
An IPv4Interface or IPv6Interface object.
Raises:
ValueError: if the string passed isn’t either a v4 or a v6
address.
Notes:
The IPv?Interface classes describe an Address on a particular Network, so they’re basically a combination of both the Address and Network classes.
securecrt_tools.ipaddress.ip_network(address, strict=True)

Take an IP string/int and return an object of the correct type.

Args:
address: A string or integer, the IP network. Either IPv4 or
IPv6 networks may be supplied; integers less than 2**32 will be considered to be IPv4 by default.
Returns:
An IPv4Network or IPv6Network object.
Raises:
ValueError: if the string passed isn’t either a v4 or a v6
address. Or if the network has host bits set.
securecrt_tools.ipaddress.summarize_address_range(first, last)

Summarize a network range given the first and last IP addresses.

Example:
>>> list(summarize_address_range(IPv4Address('192.0.2.0'),
...                              IPv4Address('192.0.2.130')))
...                                #doctest: +NORMALIZE_WHITESPACE
[IPv4Network('192.0.2.0/25'), IPv4Network('192.0.2.128/31'),
 IPv4Network('192.0.2.130/32')]
Args:
first: the first IPv4Address or IPv6Address in the range. last: the last IPv4Address or IPv6Address in the range.
Returns:
An iterator of the summarized IPv(4|6) network objects.
Raise:
TypeError:
If the first and last objects are not IP addresses. If the first and last objects are not the same version.
ValueError:
If the last object is not greater than the first. If the version of the first address is not 4 or 6.
securecrt_tools.ipaddress.v4_int_to_packed(address)

Represent an address as 4 packed bytes in network (big-endian) order.

Args:
address: An integer representation of an IPv4 IP address.
Returns:
The integer address packed as 4 bytes in network (big-endian) order.
Raises:
ValueError: If the integer is negative or too large to be an
IPv4 IP address.
securecrt_tools.ipaddress.v6_int_to_packed(address)

Represent an address as 16 packed bytes in network (big-endian) order.

Args:
address: An integer representation of an IPv6 IP address.
Returns:
The integer address packed as 16 bytes in network (big-endian) order.

securecrt_tools.manuf

Parser library for Wireshark’s OUI database.

Converts MAC addresses into a manufacturer using Wireshark’s OUI database.

See README.md.

class securecrt_tools.manuf.MacParser(manuf_name='manuf', update=False)

Bases: object

Class that contains a parser for Wireshark’s OUI database.

Optimized for quick lookup performance by reading the entire file into memory on initialization. Maps ranges of MAC addresses to manufacturers and comments (descriptions). Contains full support for netmasks and other strange things in the database.

See https://www.wireshark.org/tools/oui-lookup.html

Args:
manuf_name (str): Location of the manuf database file. Defaults to “manuf” in the same directory. update (bool): Whether to update the manuf file automatically. Defaults to False.
Raises:
IOError: If manuf file could not be found.
MANUF_URL = 'https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob_plain;f=manuf'
get_all(mac)

Get a Vendor tuple containing (manuf, comment) from a MAC address.

Args:
mac (str): MAC address in standard format.
Returns:
Vendor: Vendor namedtuple containing (manuf, comment). Either or both may be None if not found.
Raises:
ValueError: If the MAC could not be parsed.
get_comment(mac)

Returns comment from a MAC address.

Args:
mac (str): MAC address in standard format.
Returns:
string: String containing comment, or None if not found.
Raises:
ValueError: If the MAC could not be parsed.
get_manuf(mac)

Returns manufacturer from a MAC address.

Args:
mac (str): MAC address in standard format.
Returns:
string: String containing manufacturer, or None if not found.
Raises:
ValueError: If the MAC could not be parsed.
refresh(manuf_name=None)

Refresh/reload manuf database. Call this when manuf file is updated.

Args:
manuf_name (str): Location of the manuf data base file. Defaults to “manuf” in the
same directory.
Raises:
IOError: If manuf file could not be found.
search(mac, maximum=1)

Search for multiple Vendor tuples possibly matching a MAC address.

Args:
mac (str): MAC address in standard format. maximum (int): Maximum results to return. Defaults to 1.
Returns:
List of Vendor namedtuples containing (manuf, comment), with closest result first. May be empty if no results found.
Raises:
ValueError: If the MAC could not be parsed.
update(manuf_url=None, manuf_name=None, refresh=True)

Update the Wireshark OUI database to the latest version.

Args:
manuf_url (str): URL pointing to OUI database. Defaults to database located at
code.wireshark.org.
manuf_name (str): Location to store the new OUI database. Defaults to “manuf” in the
same directory.
refresh (bool): Refresh the database once updated. Defaults to True. Uses database
stored at manuf_name.
Raises:
URLError: If the download fails
class securecrt_tools.manuf.Vendor(manuf, comment)

Bases: tuple

comment

Alias for field number 1

manuf

Alias for field number 0

securecrt_tools.manuf.main()

Simple command line wrapping for MacParser.