Skip to content

[NTC-4957] Fixed parsing Palo banners that start on the same line #794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
joewesch wants to merge 2 commits into
base: develop
Choose a base branch
from
Open

[NTC-4957] Fixed parsing Palo banners that start on the same line #794

joewesch wants to merge 2 commits into from

Conversation

@joewesch
Copy link
Collaborator

@joewesch joewesch commented Jan 27, 2026

Closes: #780

This PR changes the logic a bit when dealing with Palo Alto banners that start on the same line as login-banner. The existing test only tests if they start with an empty line:

          login-banner "
************************************************************************

But a banner isn't required to have a blank line on the first line.

          login-banner "####################################################
WARNING TO UNAUTHORIZED USERS:

@itdependsnetworks
Copy link
Contributor

itdependsnetworks commented Jan 27, 2026

Can you add a ConfigLine output of this as well? Want to make sure it renders correctly. Otherwise, looks good :)

jeffkala
jeffkala reviewed Jan 27, 2026
View reviewed changes
netutils/config/conversion.py
line = "set " + line
cfg_value.append(line.strip())
elif line.endswith('login-banner "') or line.endswith('content "'):
elif 'login-banner "' in line or line.endswith('content "'):
Copy link
Collaborator

@jeffkala jeffkala Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is " the only allowed delimeter?

Copy link
Collaborator Author

@joewesch joewesch Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems that way, yes. Because it's technically saved in XML it is just using double quotes here for this format.

      <login-banner admin="ntc" dirtyId="23" time="2026/01/27 16:15:46">####################################################
WARNING TO UNAUTHORIZED USERS:
This system is for use by authorized users only.
Any individual using this system, by such use,
acknowledges and consents to the right of the
company to monitor, access, use, and disclose any
information generated, received, or stored on the
systems, and waives any right of privacy or
expectation of privacy on the part of that
individual in connection with his or her use of
this system. Unauthorized and/or improper use of
this system, as delineated by corporate policies,
is not tolerated and the company may take formal
action against such individuals.
####################################################
</login-banner>

You can't even escape the double quotes:

ntc@pa-ntc# set deviceconfig system login-banner "test"

[edit]
ntc@pa-ntc# set deviceconfig system login-banner "test"test"

Invalid syntax.
[edit]
ntc@pa-ntc# set deviceconfig system login-banner "test\"test"

Invalid syntax.
[edit]
ntc@pa-ntc#

itdependsnetworks
itdependsnetworks reviewed Jan 27, 2026
View reviewed changes
tests/unit/mock/config/parser/base/paloalto_panos/paloalto_banner_same_line_received.py
config_line="set deviceconfig system ntp-servers primary-ntp-server authentication-type none", parents=()
),
ConfigLine(
config_line='set deviceconfig system login-banner "####################################################',
Copy link
Contributor

@itdependsnetworks itdependsnetworks Jan 27, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't all of this be in a single config_line? I think that is how we do banners.

Copy link
Collaborator Author

@joewesch joewesch Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. The line that starts the banner (e.g., banner motd or banner login) is one line and the whole banner is another line that has a parent of the banner start. It just so happens that part of this banner is on the first line.

Arista banner for example:

netutils/tests/unit/mock/config/parser/base/arista_eos/eos_full_received.py

Lines 158 to 162 in fab65da

ConfigLine(config_line="banner login", parents=()),
ConfigLine(
config_line="********************************************************************\n* This system is the property of Allied Widget Co. *\n* UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED *\n* *\n* You must have explicit, authorized permission to access or *\n* configure this device. Unauthorized attempts and actions to *\n* access or use this system may result in civil and/or criminal *\n* penalties. *\n* *\n* All activities performed on this deviceare logged and monitored. *\n********************************************************************\nEOF",
parents=("banner login",),
),

Copy link
Collaborator Author

@joewesch joewesch Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The config has it on the same line, so having the parent be just set deviceconfig system login-banner would not be exact.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@itdependsnetworks itdependsnetworks itdependsnetworks left review comments

@jeffkala jeffkala jeffkala left review comments

@qduk qduk Awaiting requested review from qduk qduk is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

paloalto_panos_brace_to_set does not handle banner correctly

4 participants

@joewesch @itdependsnetworks @jeffkala