From bb50caad4dfaefa309e747fd05b650186c5a80f4 Mon Sep 17 00:00:00 2001
From: Kelly Brazil <kellyjonbrazil@gmail.com>
Date: Thu, 22 Apr 2021 08:16:42 -0700
Subject: [PATCH] fix prefix int conversions. don't reset _transport if service
 is really a list of ports

---
 jc/parsers/ufw.py                            | 10 ++++++----
 tests/fixtures/ubuntu-18.04/ufw-numbered.out | 11 +++++++++++
 tests/fixtures/ubuntu-18.04/ufw-verbose.out  | 14 ++++++++++++++
 3 files changed, 31 insertions(+), 4 deletions(-)
 create mode 100644 tests/fixtures/ubuntu-18.04/ufw-numbered.out
 create mode 100644 tests/fixtures/ubuntu-18.04/ufw-verbose.out

diff --git a/jc/parsers/ufw.py b/jc/parsers/ufw.py
index ea98d15f..e04be244 100644
--- a/jc/parsers/ufw.py
+++ b/jc/parsers/ufw.py
@@ -313,7 +313,7 @@ def _process(proc_data):
 
         Dictionary. Structured to conform to the schema.
     """
-    int_list = ['index', 'to_subnet', 'to_start_port', 'to_end_port', 'from_subnet',
+    int_list = ['index', 'to_ip_prefix', 'to_start_port', 'to_end_port', 'from_ip_prefix',
                 'from_start_port', 'from_end_port']
 
     if 'rules' in proc_data:
@@ -397,8 +397,8 @@ def _parse_to_from(linedata, direction, rule_obj=None):
         rule_obj[direction + '_ip_prefix'] = str(valid_ip.with_prefixlen.split('/')[1])
         linedata = ' '.join(new_linedata_list)
 
-    # pull out anything ending in 'udp', 'tcp'. strip on '/' for ports
-    linedata_list = linedata.split('/', maxsplit=1)
+    # pull tcp/udp transport and strip on '/' for ports
+    linedata_list = linedata.rsplit('/', maxsplit=1)
     if len(linedata_list) > 1:
         rule_obj[direction + '_transport'] = linedata_list[1].strip()
         linedata = linedata_list[0]
@@ -423,7 +423,9 @@ def _parse_to_from(linedata, direction, rule_obj=None):
         rule_obj[direction + '_service'] = linedata.strip()
         rule_obj[direction + '_start_port'] = None
         rule_obj[direction + '_end_port'] = None
-        rule_obj[direction + '_transport'] = None
+        # if service name is really a list of ports, don't reset the _transport field to null
+        if ',' not in rule_obj[direction + '_service']:
+            rule_obj[direction + '_transport'] = None
 
     # check if to/from IP addresses exist. If not, set to 0.0.0.0/0 or ::/0
     if direction + '_ip' not in rule_obj:
diff --git a/tests/fixtures/ubuntu-18.04/ufw-numbered.out b/tests/fixtures/ubuntu-18.04/ufw-numbered.out
new file mode 100644
index 00000000..a9ba97ff
--- /dev/null
+++ b/tests/fixtures/ubuntu-18.04/ufw-numbered.out
@@ -0,0 +1,11 @@
+Status: active
+
+     To                         Action      From
+     --                         ------      ----
+[ 1] 22                         ALLOW IN    Anywhere                  
+[ 2] 80,443/tcp                 ALLOW IN    Anywhere                  
+[ 3] 80 on eth0                 ALLOW IN    Anywhere                   # test
+[ 4] 22 (v6)                    ALLOW IN    Anywhere (v6)             
+[ 5] 80,443/tcp (v6)            ALLOW IN    Anywhere (v6)             
+[ 6] 80 (v6) on eth0            ALLOW IN    Anywhere (v6)              # test
+
diff --git a/tests/fixtures/ubuntu-18.04/ufw-verbose.out b/tests/fixtures/ubuntu-18.04/ufw-verbose.out
new file mode 100644
index 00000000..a653d609
--- /dev/null
+++ b/tests/fixtures/ubuntu-18.04/ufw-verbose.out
@@ -0,0 +1,14 @@
+Status: active
+Logging: on (low)
+Default: deny (incoming), allow (outgoing), disabled (routed)
+New profiles: skip
+
+To                         Action      From
+--                         ------      ----
+22                         ALLOW IN    Anywhere                  
+80,443/tcp                 ALLOW IN    Anywhere                  
+80 on eth0                 ALLOW IN    Anywhere                   # test
+22 (v6)                    ALLOW IN    Anywhere (v6)             
+80,443/tcp (v6)            ALLOW IN    Anywhere (v6)             
+80 (v6) on eth0            ALLOW IN    Anywhere (v6)              # test
+