# PyNetCheck
## Python Network Checker
This project provides examples to extend the IP Fabric platform with custom device testing.
## Requesting New CVEs
To request a new CVE to be added to the checker please open an
[issue on GitLab](https://gitlab.com/ip-fabric/integrations/pynetcheck/-/issues) or
send an email to [contact-project+ip-fabric-integrations-pynetcheck-cve@incoming.gitlab.com](mailto:contact-project+ip-fabric-integrations-pynetcheck-cve@incoming.gitlab.com).
Please include the CVE ID or link to documentation.
## Requirements
* `Configuration saved` task must be enabled in [IP Fabric Discovery Settings](https://docs.ipfabric.io/latest/IP_Fabric_Settings/Discovery_and_Snapshots/Discovery_Settings/disabled_discovery_tasks/) for running against most vendors.
* This was previously disabled in older versions however it was determined there is no known impact to the network or devices after enabling it.
* Enabling this will allow you to see `Management > Saved Config Consistency` table which will report devices that are supported if their running configs have been saved.
* Environment variables or command line arguments with IP Fabric URL and credentials.
### IP Fabric Arguments
Currently implemented arguments:
* `--ipf-url https://demo.ipfabric.io`
* `--ipf-token 7bb0e03827d32f3dfb4d5995824f2e01` - Token to use for authentication.
* `--insecure` - Disable SSL verification, use flag if using a self-signed certificate.
* `--snapshot 33162920-8928-437d-9e4c-b125321f5686` - Defaults to `$last`.
These will take precedence over any environment variables or `.env` file settings.
### Environment Variables
These can be set in the environment or in a file named `.env` in the directory you are running.
Environment variables take precedence over `.env` variables.
```bash
IPF_URL=https://demo.ipfabric.io
# Use IPF_TOKEN OR (IPF_USERNAME AND IPF_PASSWORD):
IPF_TOKEN=TOKEN
# IPF_USERNAME=user
# IPF_PASSWORD='p@ssw0rd'
# OPTIONAL:
# IPF_SNAPSHOT defaults to $last
IPF_SNAPSHOT=$last
# IPF_SNAPSHOT=7e2d4bef-3f90-4c9c-851d-fc2f0990db35
# IPF_VERIFY defaults to True and can also be set to a path
IPF_VERIFY=true
# IPF_VERIFY="path/to/client.pem"
# IPF_TIMEOUT defaults to HTTPX default of 5.0 see https://www.python-httpx.org/advanced/#timeout-configuration
# IPF_TIMEOUT only accepts int/float arguments
IPF_TIMEOUT=5
```
## Installation
The project is available on PyPi and can be installed via pip:
```bash
pip install pynetcheck
```
## Running
### Running Against IP Fabric
To run tests with builtin cases, use the following command:
```bash
(venv) >pynetcheck --tb=line
========================================================================================== test session starts ==========================================================================================
platform win32 -- Python 3.9.9, pytest-7.4.2, pluggy-1.3.0
rootdir: C:\Code\_EXAMPLES\config_vulnerability\pynetcheck
configfile: pytest.ini
plugins: anyio-4.0.0, depends-1.0.1, html-reporter-0.2.9
collected 13 items
pynetcheck\tests\cve_2023_20198\ios_xe_test.py ..sFFFF.s.s.s [100%]
=============================================================================================== FAILURES ================================================================================================
C:\Code\_EXAMPLES\pynetcheck\tests\cve_2023_20198\ios_xe_test.py:34: AssertionError: Startup - HTTP secure-server Enabled
C:\Code\_EXAMPLES\pynetcheck\tests\cve_2023_20198\ios_xe_test.py:52: AssertionError: Startup - HTTP secure-server Vulnerable
C:\Code\_EXAMPLES\pynetcheck\tests\cve_2023_20198\ios_xe_test.py:30: AssertionError: Running - HTTP server Enabled
C:\Code\_EXAMPLES\pynetcheck\tests\cve_2023_20198\ios_xe_test.py:50: AssertionError: Running - HTTP server Vulnerable
======================================================================================== short test summary info ========================================================================================
FAILED pynetcheck\tests\cve_2023_20198\ios_xe_test.py::TestHTTPServerIPF::test_https_server_disabled[L77R11-LEAF5] - AssertionError: Startup - HTTP secure-server Enabled
FAILED pynetcheck\tests\cve_2023_20198\ios_xe_test.py::TestHTTPServerIPF::test_https_server_vulnerable[L77R11-LEAF5] - AssertionError: Startup - HTTP secure-server Vulnerable
FAILED pynetcheck\tests\cve_2023_20198\ios_xe_test.py::TestHTTPServerIPF::test_http_server_disabled[L67CSR16] - AssertionError: Running - HTTP server Enabled
FAILED pynetcheck\tests\cve_2023_20198\ios_xe_test.py::TestHTTPServerIPF::test_http_server_vulnerable[L67CSR16] - AssertionError: Running - HTTP server Vulnerable
================================================================================ 4 failed, 5 passed, 4 skipped in 1.94s =================================================================================
```
### Running Against Configuration Files Directory
To run using a directory that stores a list of configuration files:
```bash
pynetcheck --config-dir /path/to/dir
```
***This will attempt to run tests on all configs in the directory, please ensure the correct vendor and families are
sorted in separate directories and use pytest marks to filter the tests.***
### Filtering
Pytest Marks have been added to allow for filtering of tests.
Please see the [Working with custom markers](https://docs.pytest.org/en/latest/example/markers.html) for more information.
* `-m cve` - Filter only CVE tests
* `-m cisco` - Filter only Cisco tests
* `-m paloalto` - Filter only Palo Alto tests
`-m` can be used with `not` to exclude tests or a combination of marks, example: `-m "not cve"` or `-m "cisco and not cve"`.
You can also use the `-k` option to filter tests by name.
### Environment Variables
The following environment variables can be used to override how tests fail or pass:
| Type | Vendor | Variable | Accepted Values | Default | Description |
|--------|--------|--------------------|-----------------|---------|---------------------------------------|
| Vendor | Cisco | CISCO_HTTP_SERVER | DISABLED* | ENABLED | Will fail if HTTP server is enabled. |
| Vendor | Cisco | CISCO_HTTPS_SERVER | DISABLED* | ENABLED | Will fail if HTTPS server is enabled. |
| Vendor | Cisco | CISCO_SCP_SERVER | DISABLED* | ENABLED | Will fail if SCP server is enabled. |
*Only valid variable value, no other value will be accepted.
## Results
### HTML
Results are stored in the [pytest_html_report.html](https://gitlab.com/ip-fabric/integrations/pynetcheck/-/raw/main/example/pytest_html_report.html) which can be viewed in any browser.
### Exporting
The `pytest-html-reporter` also provides the ability to export via CSV or Excel formats, example: [pytest.csv](example/pytest.csv).
Table modified to show only the relevant information:
| Suite | Test Case | Status | Time (s) | Error Message |
|-------------------------------------|--------------------------------------------|--------|----------|-------------------------------------------------------------|
| tests/cve_2023_20198/ios_xe_test.py | test_saved_config_consistency | PASS | 0.21 | |
| tests/cve_2023_20198/ios_xe_test.py | test_https_server_vulnerable[L77R12-LEAF6] | SKIP | 0 | |
| tests/cve_2023_20198/ios_xe_test.py | test_https_server_vulnerable[L77R11-LEAF5] | FAIL | 0 | E AssertionError: Startup - HTTP secure-server Vulnerable |
| tests/cve_2023_20198/ios_xe_test.py | test_https_server_vulnerable[L67CSR16] | SKIP | 0 | |
| tests/cve_2023_20198/ios_xe_test.py | test_https_server_disabled[L77R12-LEAF6] | PASS | 0 | |
| tests/cve_2023_20198/ios_xe_test.py | test_https_server_disabled[L77R11-LEAF5] | FAIL | 0 | E AssertionError: Startup - HTTP secure-server Enabled |
| tests/cve_2023_20198/ios_xe_test.py | test_https_server_disabled[L67CSR16] | PASS | 0 | |
| tests/cve_2023_20198/ios_xe_test.py | test_http_server_vulnerable[L77R12-LEAF6] | SKIP | 0 | |
| tests/cve_2023_20198/ios_xe_test.py | test_http_server_vulnerable[L77R11-LEAF5] | SKIP | 0 | |
| tests/cve_2023_20198/ios_xe_test.py | test_http_server_vulnerable[L67CSR16] | FAIL | 0 | E AssertionError: Running - HTTP server Vulnerable |
| tests/cve_2023_20198/ios_xe_test.py | test_http_server_disabled[L77R12-LEAF6] | PASS | 0.13 | |
| tests/cve_2023_20198/ios_xe_test.py | test_http_server_disabled[L77R11-LEAF5] | PASS | 0.15 | |
| tests/cve_2023_20198/ios_xe_test.py | test_http_server_disabled[L67CSR16] | FAIL | 0.15 | E AssertionError: Running - HTTP server Enabled |
Raw data
{
"_id": null,
"home_page": "https://gitlab.com/ip-fabric/integrations/pynetcheck",
"name": "PyNetCheck",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0.0,>=3.8.1",
"maintainer_email": null,
"keywords": "ipfabric, ip-fabric, community-fabric",
"author": "Solution Architecture",
"author_email": "solution.architecture@ipfabric.io",
"download_url": "https://files.pythonhosted.org/packages/af/48/a531bd68fb73e823880329741c164d8bd60c8b1bb9e18949908785e1b813/pynetcheck-1.0.2.tar.gz",
"platform": null,
"description": "# PyNetCheck\n\n## Python Network Checker\n\nThis project provides examples to extend the IP Fabric platform with custom device testing.\n\n## Requesting New CVEs\n\nTo request a new CVE to be added to the checker please open an\n[issue on GitLab](https://gitlab.com/ip-fabric/integrations/pynetcheck/-/issues) or\nsend an email to [contact-project+ip-fabric-integrations-pynetcheck-cve@incoming.gitlab.com](mailto:contact-project+ip-fabric-integrations-pynetcheck-cve@incoming.gitlab.com).\n\nPlease include the CVE ID or link to documentation.\n\n## Requirements\n\n* `Configuration saved` task must be enabled in [IP Fabric Discovery Settings](https://docs.ipfabric.io/latest/IP_Fabric_Settings/Discovery_and_Snapshots/Discovery_Settings/disabled_discovery_tasks/) for running against most vendors.\n * This was previously disabled in older versions however it was determined there is no known impact to the network or devices after enabling it.\n * Enabling this will allow you to see `Management > Saved Config Consistency` table which will report devices that are supported if their running configs have been saved.\n* Environment variables or command line arguments with IP Fabric URL and credentials.\n\n### IP Fabric Arguments\n\nCurrently implemented arguments:\n\n* `--ipf-url https://demo.ipfabric.io`\n* `--ipf-token 7bb0e03827d32f3dfb4d5995824f2e01` - Token to use for authentication.\n* `--insecure` - Disable SSL verification, use flag if using a self-signed certificate.\n* `--snapshot 33162920-8928-437d-9e4c-b125321f5686` - Defaults to `$last`.\n\nThese will take precedence over any environment variables or `.env` file settings.\n\n### Environment Variables\n\nThese can be set in the environment or in a file named `.env` in the directory you are running.\nEnvironment variables take precedence over `.env` variables.\n\n```bash\nIPF_URL=https://demo.ipfabric.io\n\n# Use IPF_TOKEN OR (IPF_USERNAME AND IPF_PASSWORD):\nIPF_TOKEN=TOKEN\n# IPF_USERNAME=user\n# IPF_PASSWORD='p@ssw0rd'\n\n# OPTIONAL:\n\n# IPF_SNAPSHOT defaults to $last\nIPF_SNAPSHOT=$last\n# IPF_SNAPSHOT=7e2d4bef-3f90-4c9c-851d-fc2f0990db35\n\n# IPF_VERIFY defaults to True and can also be set to a path\nIPF_VERIFY=true\n# IPF_VERIFY=\"path/to/client.pem\"\n\n# IPF_TIMEOUT defaults to HTTPX default of 5.0 see https://www.python-httpx.org/advanced/#timeout-configuration\n# IPF_TIMEOUT only accepts int/float arguments\nIPF_TIMEOUT=5\n```\n\n## Installation\n\nThe project is available on PyPi and can be installed via pip:\n\n```bash\npip install pynetcheck\n```\n\n## Running\n\n### Running Against IP Fabric\n\nTo run tests with builtin cases, use the following command:\n\n```bash\n(venv) >pynetcheck --tb=line \n========================================================================================== test session starts ==========================================================================================\nplatform win32 -- Python 3.9.9, pytest-7.4.2, pluggy-1.3.0\nrootdir: C:\\Code\\_EXAMPLES\\config_vulnerability\\pynetcheck\nconfigfile: pytest.ini\nplugins: anyio-4.0.0, depends-1.0.1, html-reporter-0.2.9\ncollected 13 items \n\npynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py ..sFFFF.s.s.s [100%]\n\n=============================================================================================== FAILURES ================================================================================================ \nC:\\Code\\_EXAMPLES\\pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py:34: AssertionError: Startup - HTTP secure-server Enabled\nC:\\Code\\_EXAMPLES\\pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py:52: AssertionError: Startup - HTTP secure-server Vulnerable\nC:\\Code\\_EXAMPLES\\pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py:30: AssertionError: Running - HTTP server Enabled\nC:\\Code\\_EXAMPLES\\pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py:50: AssertionError: Running - HTTP server Vulnerable\n======================================================================================== short test summary info ========================================================================================\nFAILED pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py::TestHTTPServerIPF::test_https_server_disabled[L77R11-LEAF5] - AssertionError: Startup - HTTP secure-server Enabled\nFAILED pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py::TestHTTPServerIPF::test_https_server_vulnerable[L77R11-LEAF5] - AssertionError: Startup - HTTP secure-server Vulnerable\nFAILED pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py::TestHTTPServerIPF::test_http_server_disabled[L67CSR16] - AssertionError: Running - HTTP server Enabled\nFAILED pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py::TestHTTPServerIPF::test_http_server_vulnerable[L67CSR16] - AssertionError: Running - HTTP server Vulnerable\n================================================================================ 4 failed, 5 passed, 4 skipped in 1.94s ================================================================================= \n```\n\n### Running Against Configuration Files Directory\n\nTo run using a directory that stores a list of configuration files:\n\n```bash\npynetcheck --config-dir /path/to/dir\n```\n\n***This will attempt to run tests on all configs in the directory, please ensure the correct vendor and families are \nsorted in separate directories and use pytest marks to filter the tests.***\n\n### Filtering\n\nPytest Marks have been added to allow for filtering of tests. \nPlease see the [Working with custom markers](https://docs.pytest.org/en/latest/example/markers.html) for more information.\n\n* `-m cve` - Filter only CVE tests\n* `-m cisco` - Filter only Cisco tests\n* `-m paloalto` - Filter only Palo Alto tests\n\n`-m` can be used with `not` to exclude tests or a combination of marks, example: `-m \"not cve\"` or `-m \"cisco and not cve\"`.\n\nYou can also use the `-k` option to filter tests by name.\n\n### Environment Variables\n\nThe following environment variables can be used to override how tests fail or pass:\n\n| Type | Vendor | Variable | Accepted Values | Default | Description |\n|--------|--------|--------------------|-----------------|---------|---------------------------------------|\n| Vendor | Cisco | CISCO_HTTP_SERVER | DISABLED* | ENABLED | Will fail if HTTP server is enabled. |\n| Vendor | Cisco | CISCO_HTTPS_SERVER | DISABLED* | ENABLED | Will fail if HTTPS server is enabled. |\n| Vendor | Cisco | CISCO_SCP_SERVER | DISABLED* | ENABLED | Will fail if SCP server is enabled. |\n\n*Only valid variable value, no other value will be accepted.\n\n## Results\n\n### HTML\n\nResults are stored in the [pytest_html_report.html](https://gitlab.com/ip-fabric/integrations/pynetcheck/-/raw/main/example/pytest_html_report.html) which can be viewed in any browser. \n\n\n\n### Exporting\n\nThe `pytest-html-reporter` also provides the ability to export via CSV or Excel formats, example: [pytest.csv](example/pytest.csv).\n\nTable modified to show only the relevant information:\n\n| Suite | Test Case | Status | Time (s) | Error Message |\n|-------------------------------------|--------------------------------------------|--------|----------|-------------------------------------------------------------|\n| tests/cve_2023_20198/ios_xe_test.py | test_saved_config_consistency | PASS | 0.21 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_https_server_vulnerable[L77R12-LEAF6] | SKIP | 0 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_https_server_vulnerable[L77R11-LEAF5] | FAIL | 0 | E AssertionError: Startup - HTTP secure-server Vulnerable |\n| tests/cve_2023_20198/ios_xe_test.py | test_https_server_vulnerable[L67CSR16] | SKIP | 0 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_https_server_disabled[L77R12-LEAF6] | PASS | 0 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_https_server_disabled[L77R11-LEAF5] | FAIL | 0 | E AssertionError: Startup - HTTP secure-server Enabled |\n| tests/cve_2023_20198/ios_xe_test.py | test_https_server_disabled[L67CSR16] | PASS | 0 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_http_server_vulnerable[L77R12-LEAF6] | SKIP | 0 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_http_server_vulnerable[L77R11-LEAF5] | SKIP | 0 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_http_server_vulnerable[L67CSR16] | FAIL | 0 | E AssertionError: Running - HTTP server Vulnerable |\n| tests/cve_2023_20198/ios_xe_test.py | test_http_server_disabled[L77R12-LEAF6] | PASS | 0.13 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_http_server_disabled[L77R11-LEAF5] | PASS | 0.15 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_http_server_disabled[L67CSR16] | FAIL | 0.15 | E AssertionError: Running - HTTP server Enabled |\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Python Network device checker using Pytest and IP Fabric.",
"version": "1.0.2",
"project_urls": {
"Changelog": "https://gitlab.com/ip-fabric/integrations/pynetcheck/-/blob/main/CHANGELOG.md",
"Documentation": "https://gitlab.com/ip-fabric/integrations/pynetcheck",
"Homepage": "https://gitlab.com/ip-fabric/integrations/pynetcheck",
"IP Fabric": "https://ipfabric.io/",
"Repository": "https://gitlab.com/ip-fabric/integrations/pynetcheck"
},
"split_keywords": [
"ipfabric",
" ip-fabric",
" community-fabric"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "4ab12d07c1d442e1a5ac4e3c2914b9298e13bfaff3f94d30ebe2fe1f03f4502e",
"md5": "68ff265f7503a64473aff9c67f470fa5",
"sha256": "cb509b816da11824f77d931af24f914271ec1faea2560668f907dc88d517ebb5"
},
"downloads": -1,
"filename": "pynetcheck-1.0.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "68ff265f7503a64473aff9c67f470fa5",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0.0,>=3.8.1",
"size": 19943,
"upload_time": "2024-07-18T15:44:22",
"upload_time_iso_8601": "2024-07-18T15:44:22.771915Z",
"url": "https://files.pythonhosted.org/packages/4a/b1/2d07c1d442e1a5ac4e3c2914b9298e13bfaff3f94d30ebe2fe1f03f4502e/pynetcheck-1.0.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "af48a531bd68fb73e823880329741c164d8bd60c8b1bb9e18949908785e1b813",
"md5": "3707a37424a99edf4786b4e2dc0b9d38",
"sha256": "7f178c9ef5272fcb4638585d0ea549999b6d5b6d01df4add72d8d210bbe8d061"
},
"downloads": -1,
"filename": "pynetcheck-1.0.2.tar.gz",
"has_sig": false,
"md5_digest": "3707a37424a99edf4786b4e2dc0b9d38",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0.0,>=3.8.1",
"size": 12545,
"upload_time": "2024-07-18T15:44:24",
"upload_time_iso_8601": "2024-07-18T15:44:24.202097Z",
"url": "https://files.pythonhosted.org/packages/af/48/a531bd68fb73e823880329741c164d8bd60c8b1bb9e18949908785e1b813/pynetcheck-1.0.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-07-18 15:44:24",
"github": false,
"gitlab": true,
"bitbucket": false,
"codeberg": false,
"gitlab_user": "ip-fabric",
"gitlab_project": "integrations",
"lcname": "pynetcheck"
}
JSON