#!/usr/bin/env ruby
=begin
**
** lucent_metaparser.rb
** 28/NOV/2008
** ETD-Software
**  - Daniel Martin Gomez <etd[-at-]nomejortu.com>
**
** Desc:
**  Parser Lucent Firewall Brick ruleset 
**
** Version:
**  v1.0 [28/Nov/2008]: first released
**
** Found at: 
**  http://usefulfor.com/security/2008/11/29/lucent-firewall-ruleset-parser/
**
**  This program is free software: you can redistribute it and/or modify
**  it under the terms of the GNU General Public License as published by
**  the Free Software Foundation, either version 2 of the License, or
**  (at your option) any later version.
**
**  This program is distributed in the hope that it will be useful,
**  but WITHOUT ANY WARRANTY; without even the implied warranty of
**  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
**  GNU General Public License for more details.
**
**  You should have received a copy of the GNU General Public License
**  along with this program.  If not, see <http://www.gnu.org/licenses/>.
**
=end



if (ARGV.size < 3)
  puts "usage:\n\t#{__FILE__} <rules_file> <service-groups_file> <host-groups_file>"
  exit -1
end

rules=[]
services={}
hosts={}

rules_str = File.read( ARGV[0] )

rules_str.scan(/ruleNumber=(\d+)\nruleDescription=(.*)?\ndisabled=(true|false)\nsourceIP=(.*)?\n+?destinationIP=(.*)?\nservice=(.*)?\ndirection=(.*)\nact=(.*)?/).each do |n, comment, disabled, src, dst, service, direction, action|
  rules << [n, service, src, direction, dst, comment, disabled, action]
end


services_str = File.read( ARGV[1] )
services_str.scan(/protocol=(.*)?\ntimeout=.*?\nsvcDescription=.*?\napplicationFilterName=.*?\nnestedServiceGroupName=.*?\nuseGlobally=.*?\ndescription=(.*)?\nname=(.*)?\n/).each do |proto, desc, name|
  services[name] = [proto, desc]
end


hosts_str = File.read( ARGV[2] )

hosts_str.scan(/ipAddressOrRange=(.*)?\nhostDescription=.*?\nnestedHostGroupName=.*?\nuseGlobally=.*?\ndescription=(.*)?\nname=(.*)?\n/).each do |range, desc, name|
  hosts[name] = [range, desc]
end


rules.each do |n, service, src, direction, dst, comment, disabled, action|
  puts "#{n}: (#{service}) #{src} ---(#{direction})--- #{dst} [#{comment}] - #{ disabled == 'true' ? 'disabled' : 'enabled' } | #{action}"
  serv = services[service]
  source = hosts[src]
  destination = hosts[dst]
  if serv.nil?
    puts "\t#{service}"
  else
    puts "\t#{service}: #{serv[0]} (#{serv[1]})"
  end
  if source.nil?
    puts "\t#{src}"
  else
    puts "\t#{src}: #{source[0]} (#{source[1]})"
  end
  if destination.nil?
    puts "\t#{dst}"
  else
    puts "\t#{dst}: #{destination[0]} (#{destination[1]})"
  end
  if (disabled == "true")
    puts "\t***************** DISABLED *****************"
  end
end