Spencer Fraint issues

Results 15 issues of


                                            Spencer Fraint

CI: Add GitHub Actions version of Pre-Commit

GitHub Actions version of the Buildkite pre-commit pipeline. See [the successful run here](https://github.com/batfish/batfish/actions/runs/2828347961). ---- Changes from the pipeline: * Run on bare `runners` instead of inside containers * ran into...

Palo Alto: support applications with definitions split across namespaces

Referencing an application(-group) whose definition is split across namespaces does not currently work in Batfish. ---- For example, consider this configuration where `app_group2` is partially defined in the `device-group DG1`...

Support quoted sensitive phrases with spaces in them

Running `netconan -p -i input_file -o output_file` On this `input_file`: ``` set license keys key "something something" ``` produces a partially anonymized `output_file`: ``` set license keys key "netconanRemoved0 something"...

Better external IP anonymization interface

Today, to use IP-address-anonymization from `Netconan` externally, you can do something like: ``` from netconan.ip_anonymization import IpAnonymizer, anonymize_ip_addr import uuid salt = str(uuid.uuid4()) anonymizer = IpAnonymizer(salt=salt) anon_str = anonymize_ip_addr(anonymizer, '1.2.3.4')...

Add support for tracking reversible passwords

In `sensitive_item_removal.py`, add in ability to reverse encrypted passwords (where applicable) to make sure anonymized passwords match when the original encrypted passwords matched. Specifically, this applies to Cisco type 7...

enhancement

Sensitive line anonymization consistency

A given sensitive item (from a config line known to contain sensitive info) is anonymized based on the number of the sensitive items encountered before it. This means inserting a...

enhancement

Sensitive words overlapping with reserved words may be anonymized

Running `netconan -p -w test -i input -o output` (anonymize `test`, which is a reserved word) where `input` is a file containing: ``` password test password "test" ``` produces the...

Add support for anonymizing more snmp-server data

Add support for anonymizing lines like: * snmp-server location sensitive location info here * snmp-server contact sensitive contact info here Where the anonymized output would be something like: * snmp-sever...

Review and add tests for Juniper sensitive lines

Password/snmp community regexes for Juniper configs in `sensitive_item_removal.py` may need tweaking to catch all allowed syntax/options and some do not have any tests. The JUNOS regexes for `md5`, `hello-authentication-key`, and...

Review and add additional tests for Cisco and Arista sensitive lines

Some password regexes for Cisco-like configs in `sensitive_item_removal.py` are unverified and untested. They need to be tested against a variety of config lines generated on a router (to make sure...