正则表达式可交换IP访问列表中的源和目标

时间:2019-07-07 06:11:53

标签: python regex

我正在尝试交换IP访问列表的源地址和目标地址/前缀,这些地址将获取现有的ACL条目并按相反的方向创建该条目,如下所示:

输入:

  

允许ip任何主机10.22.122.161

     

允许ip主机10.11.198.18任何

     

允许ip主机10.22.122.161 192.168.150.16 0.0.0.7

     

允许ip主机10.22.122.161主机10.22.122.255

     

允许ip任何主机10.22.122.255

     

允许ip 192.168.150.16 0.0.0.7主机10.22.122.255

     

允许ip任意192.168.150.16 0.0.0.7

     

允许ip 192.168.150.16 0.0.0.7任何

     

允许ip任意172.16.150.208 0.0.0.15

     

允许tcp any 172.16.150.208 0.0.0.15

     

许可tcp 172.16.150.208 0.0.0.15 192.168.150.16 0.0.0.7

预期输出:

  

允许ip主机10.22.122.161任意

     

允许ip主机10.11.198.18

     

允许ip 192.168.150.16 0.0.0.7主机10.22.122.161

     

允许ip主机10.22.122.255主机10.22.122.161

     

允许ip主机10.22.122.255任何

     

允许ip主机10.22.122.255 192.168.150.16 0.0.0.7

     

允许ip 192.168.150.16 0.0.0.7任何

     

允许ip任意192.168.150.16 0.0.0.7

     

许可ip 172.16.150.208 0.0.0.15任何

     

允许tcp 172.16.150.208 0.0.0.15任何

     

许可tcp 172.16.150.208 0.0.0.15 192.168.150.16 0.0.0.7

     

允许tcp 192.168.150.16 0.0.0.7 172.16.150.208 0.0.0.15

但是在某些情况下,我的函数无法交换源和目标

我的代码在以下测试案例中失败:

  

允许ip主机10.22.122.161 192.168.150.16 0.0.0.7

以下正则表达式无法将192.168.150.16 0.0.0.7与(。*)匹配

  

p = re.sub(r'(。)(\ bany \ b | \ bhost \ b \ d {1,3}。\ d {1,3}。\ d {1,3} 。\ d {1,3})(。)',r'\ 1 \ 3 \ 2',ACELine)

#!/usr/bin/python3
import re

def ChangeACESrcDst(ACELine):
  ReversedACE = str()
  protocols_list = [
    'ip',
    'tcp',
    'udp',
    'gre',
    'icmp'
  ]
  if (bool(re.search(r'(\bpermit\b|\bdeny\b)',ACELine))):
    ACE_ITEMS = ACELine.split()
    if  ACE_ITEMS[1] in protocols_list:
      if len(ACE_ITEMS) == 5:
        if ACE_ITEMS[2] == 'host' or ACE_ITEMS[2] == 'any':
          p = re.sub(r'(.*)(\bany\b|\bhost \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (.*)',r'\1\3 \2',ACELine)
          print(ACELine)
          print(p)
        elif ACE_ITEMS[4] == 'host' or ACE_ITEMS[4] == 'any':  
          p = re.sub(r'(.*) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (\bany\b|\bhost \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})',r'\1 \3 \2',ACELine)
          print(ACELine)
          print(p)
      elif len(ACE_ITEMS) == 6: 
        if ACE_ITEMS[2] == 'host' and ACE_ITEMS[4] == 'host':
          p = re.sub(r'(.*) (host \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (host \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})',r'\1 \3 \2',ACELine)
          print(ACELine)
          print(p)
        else:
          p = re.sub(r'(.*) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})',r'\1 \3 \2',ACELine)
          print(ACELine)
          print(p)
      else:
        print(f'ERROR: ACE items length must be either 5 or 6 : {ACELine}')
    else:
      print(f'ERROR: Protocols not supported : {ACE_ITEMS[1]}') 
      exit() 
    print('\n')

  return ReversedACE


if __name__ == "__main__":
 aces = [
 'permit ip any host 10.22.122.161',
 'permit ip host 10.11.198.18 any',
 'permit ip host 10.22.122.161 192.168.150.16 0.0.0.7',
 'permit ip host 10.22.122.161 host 10.22.122.255',
 'permit ip any host 10.22.122.255',
 'permit ip 192.168.150.16 0.0.0.7 host 10.22.122.255',
 'permit ip any 192.168.150.16 0.0.0.7',
 'permit ip 192.168.150.16 0.0.0.7 any',
 'permit ip any 172.16.150.208 0.0.0.15',
 'permit tcp any 172.16.150.208 0.0.0.15',
 'permit tcp 172.16.150.208 0.0.0.15 192.168.150.16 0.0.0.7'
 ]
 for ace in aces:
   ace = (ChangeACESrcDst(ace))

输入:

  

允许ip主机10.22.122.161 192.168.150.16 0.0.0.7

预期输出:

  

允许ip 192.168.150.16 0.0.0.7主机10.22.122.161

4 个答案:

答案 0 :(得分:0)

您可以尝试这样

import re
host_ip_pos = re.search(r'host\s\d*.\d*.\d*.\d*', str1).span()
print(host_ip_pos)
(10, 28)

new_str = str1[:host_ip_pos[0]] + str1[host_ip_pos[1]+1:] + ' ' + str1[host_ip_pos[0]: host_ip_pos[1]]
print(new_str)
permit ip 192.168.150.16 0.0.0.7 host 10.22.122.161

答案 1 :(得分:0)

您可以尝试使用正则表达式和f字符串,如下所示:

import re

def swap_ips(text: str) -> str:
    ip = r'\d+\.\d+.\d+.\d+'
    ip_pattern = f'(host {ip}) ({ip}) ({ip})'
    match = re.search(ip_pattern, text)
    host, mid, dest = match.groups()

    new_order = f'{mid} {dest} {host}'
    return text[:match.start()] + new_order + text[match.end():]

if __name__ == "__main__":
    text = 'permit ip host 10.22.122.161 192.168.150.16 0.0.0.7'
    print(swap_ips(text))

输出:

permit ip 192.168.150.16 0.0.0.7 host 10.22.122.161

答案 2 :(得分:0)

是否有更有效的实现方式,所以我可以从“输入”列表的所有变体中交换“源”和“目的地”吗?

答案 3 :(得分:0)

实际问题出在我的if / else逻辑上,解决了这个问题,得到了预期的结果,我正在寻找一种更有效的实现功能的方法

#!/usr/bin/python3.7
import re

def ChangeACESrcDst(ACELine):
  ReversedACE = str()
  protocols_list = [
    'ip',
    'tcp',
    'udp',
    'gre',
    'icmp'
  ]
  if (bool(re.search(r'(\bpermit\b|\bdeny\b)',ACELine))):
    ACE_ITEMS = ACELine.split()
    if  ACE_ITEMS[1] in protocols_list:
      if len(ACE_ITEMS) == 5:
        if ACE_ITEMS[2] == 'host' or ACE_ITEMS[2] == 'any':
          p = re.sub(r'(.*)(\bany\b|\bhost \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (.*)',r'\1\3 \2',ACELine)
          print(ACELine)
          print(p)
        elif ACE_ITEMS[4] == 'host' or ACE_ITEMS[4] == 'any':  
          p = re.sub(r'(.*) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (\bany\b|\bhost \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})',r'\1 \3 \2',ACELine)
          print(ACELine)
          print(p)
      elif len(ACE_ITEMS) == 6: 
        if ACE_ITEMS[2] == 'host' and ACE_ITEMS[4] == 'host':
          p = re.sub(r'(.*) (host \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (host \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})',r'\1 \3 \2',ACELine)
          print(ACELine)
          print(p)
        elif ACE_ITEMS[2] == 'host' and bool(re.search(r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})',ACE_ITEMS[4])) and bool(re.search(r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})',ACE_ITEMS[5])):
          p = re.sub(r'(.*)(\bhost \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (.*)',r'\1\3 \2',ACELine)
          print(ACELine)
          print(p)
        elif ACE_ITEMS[4] == 'host' and bool(re.search(r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})',ACE_ITEMS[2])) and bool(re.search(r'(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})',ACE_ITEMS[3])):
          p = re.sub(r'(.*) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (\bhost \b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})',r'\1 \3 \2',ACELine)          
          print(ACELine)
          print(p)
        else:
          p = re.sub(r'(.*) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})',r'\1 \3 \2',ACELine)
          print(ACELine)
          print(p)
      else:
        print(f'ERROR: ACE items length must be either 5 or 6 : {ACELine}')
    else:
      print(f'ERROR: Protocols not supported : {ACE_ITEMS[1]}') 
      exit()

  return ReversedACE


if __name__ == "__main__":
 aces = [
 'permit ip any host 10.22.122.161',
 'permit ip host 10.11.198.18 any',
 'permit ip host 10.22.122.161 192.168.150.16 0.0.0.7',
 'permit ip host 10.22.122.161 host 10.22.122.255',
 'permit ip any host 10.22.122.255',
 'permit ip 192.168.150.16 0.0.0.7 host 10.22.122.255',
 'permit ip any 192.168.150.16 0.0.0.7',
 'permit ip 192.168.150.16 0.0.0.7 any',
 'permit ip any 172.16.150.208 0.0.0.15',
 'permit tcp any 172.16.150.208 0.0.0.15',
 'permit tcp 172.16.150.208 0.0.0.15 192.168.150.16 0.0.0.7'
 ]
 for ace in aces:
   ChangeACESrcDst(ace)
相关问题
最新问题