Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cisco ASA Banner Parsing Issue #556

Open
kisahae opened this issue Jul 26, 2024 · 7 comments
Open

Cisco ASA Banner Parsing Issue #556

kisahae opened this issue Jul 26, 2024 · 7 comments

Comments

@kisahae
Copy link

kisahae commented Jul 26, 2024

Environment

  • Python version: 3.11.1
  • netutils version: 1.9

Expected Behavior

Banner as children probably should not be parsed like banner login or banner motd.

Observed Behavior

Example config:
We have a snippet code like this
group-policy Grs-POLICY attributes
  banner value xxx
  banner value xxxxx
  dns-server value x.x.x.x x.x.x.x
This raises an error message raise ValueError("There was an error parsing your banner, the end of the banner could not be found")

Steps to Reproduce

from netutils.config.parser import ASAConfigParser, ConfigLine
config = '''
group-policy Grs-POLICY attributes
 banner value xxx
 banner value xxxxx
 dns-server value x.x.x.x x.x.x.x'''
config_tree = ASAConfigParser(str(config))
print(config_tree)

NB: Our temporary solution is to remove the lstrip() from def is_banner_start(self, line: str) in parser.py file. We are still not sure if this can affect other device platform. Perhaps opening the issue and discussing it together is a better option. Have a nice day everyone!

@itdependsnetworks
Copy link
Contributor

Can you show the actual config on the asa, e.g. not what you put in your Python shell, but the actual show run of the device?

@huacchob
Copy link
Contributor

huacchob commented Oct 30, 2024

The config is similar to what is shown in the issue description.

In the issue I am facing, there is no top level banner config, like banner motd or banner login, just this implementation of the banner

group-policy Grs-POLICY attributes
 banner value xxx
 banner value xxxxx
 dns-server value x.x.x.x x.x.x.x

It seems that when a banner message is multiline, and implemented like so, you would write the banner as

group-policy Grs-POLICY attributes
 banner value banner message line 1
 banner value banner message line 2

Please let me know if there is any other information I can provide to assist

@itdependsnetworks
Copy link
Contributor

@jmcgill298 can you help?

@jmcgill298
Copy link
Contributor

ya, someone else asked me about a similar situation, and my suggestion was to update the code to only look for banner at the root level. I don't believe the banner config issues are the same in any of the nested banners, but I'm not certain on that.

@jeffkala
Copy link
Collaborator

Seems like we want banner_start = ["banner motd", "banner exec", "banner login", "banner asdm"] in the ciscoAsa parser class

Then these nested banners banner value under a policy wont be treated as a banner at all.

@jmcgill298
Copy link
Contributor

I think just universally moving the check for banner configs so it only looks at the root level is probably better. I'm not sure what all banner xyz options there are (I do remember coming across some that I did not expect before)

@kisahae
Copy link
Author

kisahae commented Dec 18, 2024

ya, someone else asked me about a similar situation, and my suggestion was to update the code to only look for banner at the root level. I don't believe the banner config issues are the same in any of the nested banners, but I'm not certain on that.

We also do the same. We assume that there is no banner configuration starts with the whitespace. So the word "banner" as child config would not be treated as the real banner configuration. In this case, it is just treated as a usual config. I would like to contribute if removing the "lstrip" (as I suggested before) can fix the issue and doesn't affect other platform types.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants