# PyNetCheck
## Python Network Checker
This project provides examples to extend the IP Fabric platform with custom device testing.
*This project is still in development and more test cases and examples will be added at a later time.*
## Requirements
* `Configuration saved` task must be enabled in [IP Fabric Discovery Settings](https://docs.ipfabric.io/latest/IP_Fabric_Settings/Discovery_and_Snapshots/Discovery_Settings/disabled_discovery_tasks/).
* `.env` file with IP Fabric URL and credentials.
Example `.env` file:
```bash
IPF_URL=https://demo.ipfabric.io
# Use IPF_TOKEN OR (IPF_USERNAME AND IPF_PASSWORD):
IPF_TOKEN=TOKEN
# IPF_USERNAME=user
# IPF_PASSWORD='p@ssw0rd'
# OPTIONAL:
# IPF_SNAPSHOT defaults to $last
IPF_SNAPSHOT=$last
# IPF_SNAPSHOT=7e2d4bef-3f90-4c9c-851d-fc2f0990db35
# IPF_VERIFY defaults to True and can also be set to a path
IPF_VERIFY=true
# IPF_VERIFY="path/to/client.pem"
# IPF_TIMEOUT defaults to HTTPX default of 5.0 see https://www.python-httpx.org/advanced/#timeout-configuration
# IPF_TIMEOUT only accepts int/float arguments
# To set to None use or advanced configuration use: `ipf = IPFClient(timeout=None)`
IPF_TIMEOUT=5
```
## Installation
The project is available on PyPi and can be installed via pip:
```bash
pip install pynetcheck
```
## Running
### Running Against IP Fabric
To run tests with builtin cases, use the following command:
```bash
(venv) >pynetcheck --tb=line
========================================================================================== test session starts ==========================================================================================
platform win32 -- Python 3.9.9, pytest-7.4.2, pluggy-1.3.0
rootdir: C:\Code\_EXAMPLES\config_vulnerability\pynetcheck
configfile: pytest.ini
plugins: anyio-4.0.0, depends-1.0.1, html-reporter-0.2.9
collected 13 items
pynetcheck\tests\cve_2023_20198\ios_xe_test.py ..sFFFF.s.s.s [100%]
=============================================================================================== FAILURES ================================================================================================
C:\Code\_EXAMPLES\pynetcheck\tests\cve_2023_20198\ios_xe_test.py:34: AssertionError: Startup - HTTP secure-server Enabled
C:\Code\_EXAMPLES\pynetcheck\tests\cve_2023_20198\ios_xe_test.py:52: AssertionError: Startup - HTTP secure-server Vulnerable
C:\Code\_EXAMPLES\pynetcheck\tests\cve_2023_20198\ios_xe_test.py:30: AssertionError: Running - HTTP server Enabled
C:\Code\_EXAMPLES\pynetcheck\tests\cve_2023_20198\ios_xe_test.py:50: AssertionError: Running - HTTP server Vulnerable
======================================================================================== short test summary info ========================================================================================
FAILED pynetcheck\tests\cve_2023_20198\ios_xe_test.py::TestHTTPServerIPF::test_https_server_disabled[L77R11-LEAF5] - AssertionError: Startup - HTTP secure-server Enabled
FAILED pynetcheck\tests\cve_2023_20198\ios_xe_test.py::TestHTTPServerIPF::test_https_server_vulnerable[L77R11-LEAF5] - AssertionError: Startup - HTTP secure-server Vulnerable
FAILED pynetcheck\tests\cve_2023_20198\ios_xe_test.py::TestHTTPServerIPF::test_http_server_disabled[L67CSR16] - AssertionError: Running - HTTP server Enabled
FAILED pynetcheck\tests\cve_2023_20198\ios_xe_test.py::TestHTTPServerIPF::test_http_server_vulnerable[L67CSR16] - AssertionError: Running - HTTP server Vulnerable
================================================================================ 4 failed, 5 passed, 4 skipped in 1.94s =================================================================================
```
### IP Fabric Arguments
Currently implemented arguments:
* `--snapshot` - Selects the snapshot to use, defaults to `$last`.
### Running Against Configuration Files Directory
To run using a directory that stores a list of configuration files:
```bash
pynetcheck --config-dir /path/to/dir
```
### Filtering
Pytest Marks have been added to allow for filtering of tests.
Please see the [Working with custom markers](https://docs.pytest.org/en/latest/example/markers.html) for more information.
* `-m cve` - Filter only CVE tests
* `-m cisco` - Filter only Cisco tests
`-m` can be used with `not` to exclude tests or a combination of marks, example: `-m "not cve"` or `-m "cisco and not cve"`.
You can also use the `-k` option to filter tests by name.
### Environment Variables
The following environment variables can be used to override how tests fail or pass:
| Type | Vendor | Variable | Accepted Values | Default | Description |
|--------|--------|--------------------|-----------------|---------|---------------------------------------|
| Vendor | Cisco | CISCO_HTTP_SERVER | DISABLED* | ENABLED | Will fail if HTTP server is enabled. |
| Vendor | Cisco | CISCO_HTTPS_SERVER | DISABLED* | ENABLED | Will fail if HTTPS server is enabled. |
| Vendor | Cisco | CISCO_SCP_SERVER | DISABLED* | ENABLED | Will fail if SCP server is enabled. |
*Only valid variable value, no other value will be accepted.
## Results
### HTML
Results are stored in the [pytest_html_report.html](https://gitlab.com/ip-fabric/integrations/pynetcheck/-/raw/main/example/pytest_html_report.html) which can be viewed in any browser.
![img.png](https://gitlab.com/ip-fabric/integrations/pynetcheck/-/raw/main/example/pytest_html.png)
### Exporting
The `pytest-html-reporter` also provides the ability to export via CSV or Excel formats, example: [pytest.csv](example/pytest.csv).
Table modified to show only the relevant information:
| Suite | Test Case | Status | Time (s) | Error Message |
|-------------------------------------|--------------------------------------------|--------|----------|-------------------------------------------------------------|
| tests/cve_2023_20198/ios_xe_test.py | test_saved_config_consistency | PASS | 0.21 | |
| tests/cve_2023_20198/ios_xe_test.py | test_https_server_vulnerable[L77R12-LEAF6] | SKIP | 0 | |
| tests/cve_2023_20198/ios_xe_test.py | test_https_server_vulnerable[L77R11-LEAF5] | FAIL | 0 | E AssertionError: Startup - HTTP secure-server Vulnerable |
| tests/cve_2023_20198/ios_xe_test.py | test_https_server_vulnerable[L67CSR16] | SKIP | 0 | |
| tests/cve_2023_20198/ios_xe_test.py | test_https_server_disabled[L77R12-LEAF6] | PASS | 0 | |
| tests/cve_2023_20198/ios_xe_test.py | test_https_server_disabled[L77R11-LEAF5] | FAIL | 0 | E AssertionError: Startup - HTTP secure-server Enabled |
| tests/cve_2023_20198/ios_xe_test.py | test_https_server_disabled[L67CSR16] | PASS | 0 | |
| tests/cve_2023_20198/ios_xe_test.py | test_http_server_vulnerable[L77R12-LEAF6] | SKIP | 0 | |
| tests/cve_2023_20198/ios_xe_test.py | test_http_server_vulnerable[L77R11-LEAF5] | SKIP | 0 | |
| tests/cve_2023_20198/ios_xe_test.py | test_http_server_vulnerable[L67CSR16] | FAIL | 0 | E AssertionError: Running - HTTP server Vulnerable |
| tests/cve_2023_20198/ios_xe_test.py | test_http_server_disabled[L77R12-LEAF6] | PASS | 0.13 | |
| tests/cve_2023_20198/ios_xe_test.py | test_http_server_disabled[L77R11-LEAF5] | PASS | 0.15 | |
| tests/cve_2023_20198/ios_xe_test.py | test_http_server_disabled[L67CSR16] | FAIL | 0.15 | E AssertionError: Running - HTTP server Enabled |
Raw data
{
"_id": null,
"home_page": "https://gitlab.com/ip-fabric/integrations/pynetcheck",
"name": "PyNetCheck",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0.0,>=3.8.1",
"maintainer_email": null,
"keywords": "ipfabric, ip-fabric, community-fabric",
"author": "Solution Architecture",
"author_email": "solution.architecture@ipfabric.io",
"download_url": "https://files.pythonhosted.org/packages/96/25/59c4fabbbed10f4690457f680f3c2047feeae3bccff531e53996e44286cd/pynetcheck-0.2.6.tar.gz",
"platform": null,
"description": "# PyNetCheck\n\n## Python Network Checker\n\nThis project provides examples to extend the IP Fabric platform with custom device testing.\n\n*This project is still in development and more test cases and examples will be added at a later time.*\n\n## Requirements\n\n* `Configuration saved` task must be enabled in [IP Fabric Discovery Settings](https://docs.ipfabric.io/latest/IP_Fabric_Settings/Discovery_and_Snapshots/Discovery_Settings/disabled_discovery_tasks/).\n* `.env` file with IP Fabric URL and credentials.\n\nExample `.env` file:\n\n```bash\nIPF_URL=https://demo.ipfabric.io\n\n# Use IPF_TOKEN OR (IPF_USERNAME AND IPF_PASSWORD):\nIPF_TOKEN=TOKEN\n# IPF_USERNAME=user\n# IPF_PASSWORD='p@ssw0rd'\n\n# OPTIONAL:\n\n# IPF_SNAPSHOT defaults to $last\nIPF_SNAPSHOT=$last\n# IPF_SNAPSHOT=7e2d4bef-3f90-4c9c-851d-fc2f0990db35\n\n# IPF_VERIFY defaults to True and can also be set to a path\nIPF_VERIFY=true\n# IPF_VERIFY=\"path/to/client.pem\"\n\n# IPF_TIMEOUT defaults to HTTPX default of 5.0 see https://www.python-httpx.org/advanced/#timeout-configuration\n# IPF_TIMEOUT only accepts int/float arguments\n# To set to None use or advanced configuration use: `ipf = IPFClient(timeout=None)`\nIPF_TIMEOUT=5\n```\n\n## Installation\n\nThe project is available on PyPi and can be installed via pip:\n\n```bash\npip install pynetcheck\n```\n\n## Running\n\n### Running Against IP Fabric\n\nTo run tests with builtin cases, use the following command:\n\n```bash\n(venv) >pynetcheck --tb=line \n========================================================================================== test session starts ==========================================================================================\nplatform win32 -- Python 3.9.9, pytest-7.4.2, pluggy-1.3.0\nrootdir: C:\\Code\\_EXAMPLES\\config_vulnerability\\pynetcheck\nconfigfile: pytest.ini\nplugins: anyio-4.0.0, depends-1.0.1, html-reporter-0.2.9\ncollected 13 items \n\npynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py ..sFFFF.s.s.s [100%]\n\n=============================================================================================== FAILURES ================================================================================================ \nC:\\Code\\_EXAMPLES\\pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py:34: AssertionError: Startup - HTTP secure-server Enabled\nC:\\Code\\_EXAMPLES\\pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py:52: AssertionError: Startup - HTTP secure-server Vulnerable\nC:\\Code\\_EXAMPLES\\pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py:30: AssertionError: Running - HTTP server Enabled\nC:\\Code\\_EXAMPLES\\pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py:50: AssertionError: Running - HTTP server Vulnerable\n======================================================================================== short test summary info ========================================================================================\nFAILED pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py::TestHTTPServerIPF::test_https_server_disabled[L77R11-LEAF5] - AssertionError: Startup - HTTP secure-server Enabled\nFAILED pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py::TestHTTPServerIPF::test_https_server_vulnerable[L77R11-LEAF5] - AssertionError: Startup - HTTP secure-server Vulnerable\nFAILED pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py::TestHTTPServerIPF::test_http_server_disabled[L67CSR16] - AssertionError: Running - HTTP server Enabled\nFAILED pynetcheck\\tests\\cve_2023_20198\\ios_xe_test.py::TestHTTPServerIPF::test_http_server_vulnerable[L67CSR16] - AssertionError: Running - HTTP server Vulnerable\n================================================================================ 4 failed, 5 passed, 4 skipped in 1.94s ================================================================================= \n```\n\n### IP Fabric Arguments\n\nCurrently implemented arguments:\n\n* `--snapshot` - Selects the snapshot to use, defaults to `$last`.\n\n### Running Against Configuration Files Directory\n\nTo run using a directory that stores a list of configuration files:\n\n```bash\npynetcheck --config-dir /path/to/dir\n```\n\n### Filtering\n\nPytest Marks have been added to allow for filtering of tests. \nPlease see the [Working with custom markers](https://docs.pytest.org/en/latest/example/markers.html) for more information.\n\n* `-m cve` - Filter only CVE tests\n* `-m cisco` - Filter only Cisco tests\n\n`-m` can be used with `not` to exclude tests or a combination of marks, example: `-m \"not cve\"` or `-m \"cisco and not cve\"`.\n\nYou can also use the `-k` option to filter tests by name.\n\n### Environment Variables\n\nThe following environment variables can be used to override how tests fail or pass:\n\n| Type | Vendor | Variable | Accepted Values | Default | Description |\n|--------|--------|--------------------|-----------------|---------|---------------------------------------|\n| Vendor | Cisco | CISCO_HTTP_SERVER | DISABLED* | ENABLED | Will fail if HTTP server is enabled. |\n| Vendor | Cisco | CISCO_HTTPS_SERVER | DISABLED* | ENABLED | Will fail if HTTPS server is enabled. |\n| Vendor | Cisco | CISCO_SCP_SERVER | DISABLED* | ENABLED | Will fail if SCP server is enabled. |\n\n*Only valid variable value, no other value will be accepted.\n\n## Results\n\n### HTML\n\nResults are stored in the [pytest_html_report.html](https://gitlab.com/ip-fabric/integrations/pynetcheck/-/raw/main/example/pytest_html_report.html) which can be viewed in any browser. \n\n![img.png](https://gitlab.com/ip-fabric/integrations/pynetcheck/-/raw/main/example/pytest_html.png)\n\n### Exporting\n\nThe `pytest-html-reporter` also provides the ability to export via CSV or Excel formats, example: [pytest.csv](example/pytest.csv).\n\nTable modified to show only the relevant information:\n\n| Suite | Test Case | Status | Time (s) | Error Message |\n|-------------------------------------|--------------------------------------------|--------|----------|-------------------------------------------------------------|\n| tests/cve_2023_20198/ios_xe_test.py | test_saved_config_consistency | PASS | 0.21 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_https_server_vulnerable[L77R12-LEAF6] | SKIP | 0 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_https_server_vulnerable[L77R11-LEAF5] | FAIL | 0 | E AssertionError: Startup - HTTP secure-server Vulnerable |\n| tests/cve_2023_20198/ios_xe_test.py | test_https_server_vulnerable[L67CSR16] | SKIP | 0 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_https_server_disabled[L77R12-LEAF6] | PASS | 0 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_https_server_disabled[L77R11-LEAF5] | FAIL | 0 | E AssertionError: Startup - HTTP secure-server Enabled |\n| tests/cve_2023_20198/ios_xe_test.py | test_https_server_disabled[L67CSR16] | PASS | 0 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_http_server_vulnerable[L77R12-LEAF6] | SKIP | 0 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_http_server_vulnerable[L77R11-LEAF5] | SKIP | 0 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_http_server_vulnerable[L67CSR16] | FAIL | 0 | E AssertionError: Running - HTTP server Vulnerable |\n| tests/cve_2023_20198/ios_xe_test.py | test_http_server_disabled[L77R12-LEAF6] | PASS | 0.13 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_http_server_disabled[L77R11-LEAF5] | PASS | 0.15 | |\n| tests/cve_2023_20198/ios_xe_test.py | test_http_server_disabled[L67CSR16] | FAIL | 0.15 | E AssertionError: Running - HTTP server Enabled |\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Python Network device checker using Pytest and IP Fabric.",
"version": "0.2.6",
"project_urls": {
"Changelog": "https://gitlab.com/ip-fabric/integrations/pynetcheck/-/blob/main/CHANGELOG.md",
"Documentation": "https://gitlab.com/ip-fabric/integrations/pynetcheck",
"Homepage": "https://gitlab.com/ip-fabric/integrations/pynetcheck",
"IP Fabric": "https://ipfabric.io/",
"Repository": "https://gitlab.com/ip-fabric/integrations/pynetcheck"
},
"split_keywords": [
"ipfabric",
" ip-fabric",
" community-fabric"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "af61ca73ceead585ec0fc1b1e9a47f72e642b627ed426fb84a52304e580c876e",
"md5": "d3a337dee2dec927b50a0dfcabeb062c",
"sha256": "fccb6234f33fdac4e2901dc2c874350a674b868031805fee94aad47c3e18983d"
},
"downloads": -1,
"filename": "pynetcheck-0.2.6-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d3a337dee2dec927b50a0dfcabeb062c",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0.0,>=3.8.1",
"size": 19173,
"upload_time": "2024-04-16T18:29:04",
"upload_time_iso_8601": "2024-04-16T18:29:04.224431Z",
"url": "https://files.pythonhosted.org/packages/af/61/ca73ceead585ec0fc1b1e9a47f72e642b627ed426fb84a52304e580c876e/pynetcheck-0.2.6-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "962559c4fabbbed10f4690457f680f3c2047feeae3bccff531e53996e44286cd",
"md5": "f0804894dde98b376e2ff7529ed33d2a",
"sha256": "698ec7a8f4e2dda4ff2531241dd75303f274bf54dd264e8d44d57eb637b67ee6"
},
"downloads": -1,
"filename": "pynetcheck-0.2.6.tar.gz",
"has_sig": false,
"md5_digest": "f0804894dde98b376e2ff7529ed33d2a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0.0,>=3.8.1",
"size": 11808,
"upload_time": "2024-04-16T18:29:06",
"upload_time_iso_8601": "2024-04-16T18:29:06.087463Z",
"url": "https://files.pythonhosted.org/packages/96/25/59c4fabbbed10f4690457f680f3c2047feeae3bccff531e53996e44286cd/pynetcheck-0.2.6.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-04-16 18:29:06",
"github": false,
"gitlab": true,
"bitbucket": false,
"codeberg": false,
"gitlab_user": "ip-fabric",
"gitlab_project": "integrations",
"lcname": "pynetcheck"
}