[tac_plus] regex for pipe in command syntax
Asif Iqbal
vadud3 at gmail.com
Fri Feb 20 16:03:01 UTC 2015
On Fri, Feb 20, 2015 at 10:23 AM, John Heasley <heas at shrubbery.net> wrote:
> Am 20.02.2015 um 04:54 schrieb Alan McKinnon <alan.mckinnon at gmail.com>:
> >
> > The deny/permit statements are regexes, so it treats the pipe character
> as
> > an "OR". Try this for 3409:
> >
> > permit "^logging\|include foo$"
>
> | should only be a regex atom inside ()s. So it should not need to be
> escaped, though it should have no effect.
>
>
John, Yep. | has not effect.
Alan, permit "^logging|include foo$" is the correct syntax. permit
"^logging\|include foo$" gets complain like below
Fri Feb 20 10:54:34 2015 [4614]: Error expecting '}' but found 'include'
on line 3409
With permit "^logging|include foo$" I see T+ only sees ``show logging''
Fri Feb 20 10:59:41 2015 [4658]: line 3409 compare show permit '^logging |
include ERRINTR' & 'logging <cr>' no match
Fri Feb 20 10:59:41 2015 [4658]: show logging <cr> permitted by line 3409
So it looks like T+ only sees whatever before the pipe(|) and makes
decision on permit/deny based on that.
> (pls excuse the top post, have to use Gmail in a browse for now)
> >
> > Alan
> >
> >
> >> On Thu, Feb 19, 2015 at 9:34 PM, Asif Iqbal <vadud3 at gmail.com> wrote:
> >>
> >> Hi All,
> >>
> >> How do I allow ``show logging | include foo'' but not ``show logging'' ?
> >> Some security requirement that we are trying to achieve where
> >> you are allowed to search for specific string ``foo'', but not allowed
> to
> >> see all the logs.
> >>
> >> This is what I tried and did not work
> >>
> >> cmd = show {
> >> deny "^logging$"
> >> permit "^logging|include foo" # line 3409
> >> deny .*
> >> }
> >>
> >> And I am getting
> >>
> >> Thu Feb 19 14:25:44 2015 [3506]: show logging <cr> permitted by line
> 3409
> >>
> >> I ran
> >> router#show logging<enter>
> >>
> >> If I try ``permit "^logging\s+|include foo'' I get the following error
> >>
> >> Thu Feb 19 14:22:43 2015 [3434]: Error expecting '}' but found '+|' on
> >> line 3409
> >>
> >> Any suggestion is appreciated.
> >>
> >>
> >>
> >>
> >> --
> >> Asif Iqbal
> >> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> >> A: Because it messes up the order in which people normally read text.
> >> Q: Why is top-posting such a bad thing?
> >> -------------- next part --------------
> >> An HTML attachment was scrubbed...
> >> URL: <
> >>
> http://www.shrubbery.net/pipermail/tac_plus/attachments/20150219/d92d91d9/attachment.html
> >> _______________________________________________
> >> tac_plus mailing list
> >> tac_plus at shrubbery.net
> >> http://www.shrubbery.net/mailman/listinfo/tac_plus
> >
> >
> >
> > --
> > Alan McKinnon
> > alan dot mckinnon at gmail dot com
> > -------------- next part --------------
> > An HTML attachment was scrubbed...
> > URL: <
> http://www.shrubbery.net/pipermail/tac_plus/attachments/20150220/07bd05ce/attachment.html
> >
> > _______________________________________________
> > tac_plus mailing list
> > tac_plus at shrubbery.net
> > http://www.shrubbery.net/mailman/listinfo/tac_plus
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150220/2e1404a1/attachment.html>
More information about the tac_plus
mailing list