Skip to content

[NTC-4957] Fixed parsing Palo banners that start on the same line #794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
joewesch merged 8 commits into from
Jan 30, 2026
Merged

[NTC-4957] Fixed parsing Palo banners that start on the same line #794

joewesch merged 8 commits into from
Jan 30, 2026
+70,119 −61

Conversation

@joewesch
Copy link
Collaborator

@joewesch joewesch commented Jan 27, 2026

Closes: #780

This PR changes the logic a bit when dealing with Palo Alto banners that start on the same line as login-banner. The existing test only tests if they start with an empty line:

          login-banner "
************************************************************************

But a banner isn't required to have a blank line on the first line.

          login-banner "####################################################
WARNING TO UNAUTHORIZED USERS:

@itdependsnetworks
Copy link
Contributor

itdependsnetworks commented Jan 27, 2026

Can you add a ConfigLine output of this as well? Want to make sure it renders correctly. Otherwise, looks good :)

jeffkala
jeffkala reviewed Jan 27, 2026
View reviewed changes
@jeffkala
Copy link
Collaborator

jeffkala commented Jan 29, 2026

just checking, @joewesch does everything work with a very short 1 line banner?

login-banner "BANNER"

I'd assume above is a valid banner and want to make sure the parsing isn't dependent on multilines.

@joewesch
Copy link
Collaborator Author

joewesch commented Jan 29, 2026

just checking, @joewesch does everything work with a very short 1 line banner?

login-banner "BANNER"

I'd assume above is a valid banner and want to make sure the parsing isn't dependent on multilines.

Ah, good call. It does not. Let me add a test for that and then fix it.

@joewesch joewesch marked this pull request as draft January 29, 2026 22:25
@joewesch
Copy link
Collaborator Author

joewesch commented Jan 29, 2026

I moved this back to draft for now. I determined that the current parsing logic does not account for single line banners so I'm going to need to create many more tests and verify they are all parsed correctly.

@joewesch
Copy link
Collaborator Author

joewesch commented Jan 30, 2026

After discovering that single line banners were not being properly parsed, I have refactored the config parsing to instead key off of set being at the beginning of every config line. This made the logic much simpler and more efficient. I have added a myriad of test cases for both converting brace format config to set format as well as for parsing the set format banners.

As mentioned in the comments in the code, this includes 2x points that could cause false positives:

  • When converting the brace config banner and a line in the multi-line banner ends with the delimiter and a semicolon (e.g., ";, ';, ;).
  • When parsing the set config banner and a line in the multi-line banner starts with set .

These should be considered edge cases and are easy to fix by simply adjusting the wording in the banner.

@joewesch joewesch marked this pull request as ready for review January 30, 2026 16:38
jeffkala
jeffkala reviewed Jan 30, 2026
View reviewed changes
changes/+invoke.housekeeping
@@ -0,0 +1 @@
Added `--pattern` and `--label` options to the `invoke pytest` task. No newline at end of file
Copy link
Collaborator

@jeffkala jeffkala Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh yea baby!!

@joewesch joewesch merged commit f533fe1 into develop Jan 30, 2026
13 checks passed
@joewesch joewesch deleted the u/joewesch-fix-palo-banner-parsing branch January 30, 2026 20:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@itdependsnetworks itdependsnetworks itdependsnetworks approved these changes

@jeffkala jeffkala jeffkala approved these changes

@qduk qduk Awaiting requested review from qduk qduk is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

paloalto_panos_brace_to_set does not handle banner correctly

4 participants

@joewesch @itdependsnetworks @jeffkala