-
Notifications
You must be signed in to change notification settings - Fork 918
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue with removing multiple secrets on consecutive lines on ios.rb due to \s matching linebreaks. #3239
Comments
cfg = cfg.each_line.map { |line| line.gsub(....) }.join Or cfg = cfg.each_line.map do |line|
line.gsub ..1..
line.gsub ..2..
end.join Or In this case, as the regep ends with \s*, we can maybe make it non-greedy and match for lineend, so I think it may work if we replace the end |
Only issue I could see with single line would be if someone is matching multi-lines which is pretty rare on IOS but I have noticed a few folks doing multi-line matching for things in my learning how to best utilize Oxidized. Maybe having both options? For the time being I am using the ~/.config/oxidized/model/ overwrite method to use the modified Model so this doesn't need to be fixed ASAP and I think time can be spent coming up with the best solution. It will be about 6 months before I can sit down and create a PR for this so if someone else wants to take it they are more then welcome. |
I found a problem with the ios.rb file when you have multiple snmp-server host lines. As it is now it will only remove the first secret and keep the rest in tact. This is due to the \s matching \r\n which causes it to match most likely would be the rest of the file so it does not match the 2nd and on items.
Example IOS config of what ios.rb produces now.
The issue is due to this line https://github.com/ytti/oxidized/blob/master/lib/oxidized/model/ios.rb#L30
(in case this link does not work down the road the line in question is
cfg.gsub! /^(snmp-server host \S+( vrf \S+)?( informs?)?( version (1|2c|3 (noauth|auth|priv)))?)\s+\S+((\s+\S*)*)\s*/, '\\1 <secret hidden> \\7'
This matches the snmp-server host the secret and then keeps matching \s and \S which in theory should just be matching the rest of the document (I did not verify this but I suspect thats what is happening)
To fix this I adjusted all the lowercase
\s
matchers with[\t\f\v ]
and this allows the gsub to work correctly.That means that the line mentioned above now looks like such.
cfg.gsub! /^(snmp-server host \S+( vrf \S+)?( informs?)?( version (1|2c|3 (noauth|auth|priv)))?)[\t\f\v ]+\S+(([\t\f\v ]+\S*)*)[\t\f\v ]*/, '\\1 <secret hidden> \\7'
The text was updated successfully, but these errors were encountered: