Feature/ip cidr conversion (#103)

* Add CIDR notation support for IP addresses and subnets

- Add UseCIDRNotation configuration option

- Add Convert-AbrFgtSubnetToCIDR function for IP/subnet conversion

- Implement CIDR conversion in firewall, route, system, and VPN IPsec sections

- Add error handling and maintain backward compatibility

* Add OutputType attributes to Convert-AbrFgtSubnetToCIDR functions

* Add UseCIDRNotation option and convert CIDR notation checks to PowerShell 5.1 compatible one-liners

Author: msoukhomlinov

AsBuiltReport.Fortinet.FortiGate.json

@@ -12,7 +12,8 @@
         "Port": 443,
         "VDOM": "",
         "PolicyLayout": "all",
-        "ExcludeDownInterfaces": true
+        "ExcludeDownInterfaces": true,
+        "UseCIDRNotation": false
     },
     "InfoLevel": {
         "_comment_": "0 = Disabled, 1 = Enabled / Summary, 2 = Adv Summary",

README.md

@@ -127,6 +127,7 @@ The **Options** schema allows certain options within the report to be toggled on
 | VDOM | VDOM Name | | Used to specify the VDOM (Virtual Domain)
 | PolicyLayout | Policy Layout | all | Use to display Policy Layout (normal, interfacepair, sequencegroup, all)
 | ExcludeDownInterfaces | true / false | true | Toggle to exclude interfaces that are in down state from the report
+| UseCIDRNotation | true / false | false | Toggle to display IP addresses in CIDR notation format (e.g., 192.168.1.0/24 instead of 192.168.1.0 255.255.255.0)
 
 <!-- ********** Add/Remove the number of InfoLevels as required ********** -->
 ### InfoLevel

Src/Private/Convert-AbrFgtSubnetToCIDR.ps1

@@ -0,0 +1,115 @@
+function Convert-AbrFgtSubnetToCIDR {
+    <#
+    .SYNOPSIS
+        Used by As Built Report to convert IP/Subnet to CIDR notation.
+    .DESCRIPTION
+        Converts IP addresses and subnet masks to CIDR notation format for Fortinet FortiGate As Built Report.
+    .NOTES
+        Version:        0.1.0
+        Author:         Alexis La Goutte
+        Twitter:        @alagoutte
+        Github:         alagoutte
+        Credits:        Iain Brighton (@iainbrighton) - PScribo module
+
+    .EXAMPLE
+        Convert-AbrFgtSubnetToCIDR "192.168.1.0 255.255.255.0"
+        Returns: 192.168.1.0/24
+
+    .EXAMPLE
+        Convert-AbrFgtSubnetToCIDR "10.0.0.0/8"
+        Returns: 10.0.0.0/8
+
+    .LINK
+        https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate
+    #>
+    [CmdletBinding()]
+    [OutputType([System.String])]
+    param (
+        [Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true)]
+        [string]$Input
+    )
+
+    process {
+        $subnetMaskRegex = '^(0|128|192|224|240|248|252|254|255)\.0\.0\.0$|^(255\.(0|128|192|224|240|248|252|254|255)\.0\.0)$|^(255\.255\.(0|128|192|224|240|248|252|254|255)\.0)$|^(255\.255\.255\.(0|128|192|224|240|248|252|254|255))$'
+        $ipAddressRegex = '^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$'
+
+        $parts = $Input -split '\s+'
+
+        if ($parts.Count -eq 2) {
+            # IP address and subnet mask
+            $ipAddress = $parts[0]
+            $subnetMask = $parts[1]
+
+            if ($ipAddress -match $ipAddressRegex -and $subnetMask -match $subnetMaskRegex) {
+                $cidr = Convert-AbrFgtSubnetMaskToCIDR -SubnetMask $subnetMask
+                Write-PScriboMessage "Converted IP address $ipAddress and subnet mask $subnetMask to CIDR $ipAddress/$cidr."
+                return "$ipAddress/$cidr"
+            }
+        } elseif ($parts.Count -eq 1) {
+            if ($Input -match $subnetMaskRegex) {
+                $cidr = Convert-AbrFgtSubnetMaskToCIDR -SubnetMask $Input
+                Write-PScriboMessage "Converted subnet mask $Input to CIDR /$cidr."
+                return "/$cidr"
+            } elseif ($Input -match $ipAddressRegex) {
+                Write-PScriboMessage "Input is a single IP address, assuming /32 CIDR."
+                return "$Input/32"
+            } elseif ($Input -match "^$ipAddressRegex/\d{1,2}$") {
+                Write-PScriboMessage "Input is already in CIDR notation."
+                return $Input
+            }
+        }
+
+        Write-Error "Invalid input format. Expected IP address with subnet mask, IP address, subnet mask, or IP address in CIDR notation."
+        return $Input
+    }
+}
+
+function Convert-AbrFgtSubnetMaskToCIDR {
+    <#
+    .SYNOPSIS
+        Used by As Built Report to convert subnet mask to CIDR prefix.
+    .DESCRIPTION
+        Converts subnet mask to CIDR prefix number for Fortinet FortiGate As Built Report.
+    .NOTES
+        Version:        0.1.0
+        Author:         Alexis La Goutte
+        Twitter:        @alagoutte
+        Github:         alagoutte
+        Credits:        Iain Brighton (@iainbrighton) - PScribo module
+
+    .EXAMPLE
+        Convert-AbrFgtSubnetMaskToCIDR "255.255.255.0"
+        Returns: 24
+
+    .EXAMPLE
+        Convert-AbrFgtSubnetMaskToCIDR "255.255.0.0"
+        Returns: 16
+
+    .EXAMPLE
+        Convert-AbrFgtSubnetMaskToCIDR "255.255.255.252"
+        Returns: 30
+
+    .LINK
+        https://github.com/AsBuiltReport/AsBuiltReport.Fortinet.FortiGate
+    #>
+    [CmdletBinding()]
+    [OutputType([System.String])]
+    param (
+        [Parameter(Mandatory=$true)]
+        [string]$SubnetMask
+    )
+
+    $cidr = [System.Net.IPAddress]::Parse($SubnetMask).GetAddressBytes() |
+            ForEach-Object { [Convert]::ToString($_, 2).PadLeft(8, '0') } |
+            ForEach-Object { $_.ToCharArray() } |
+            Where-Object { $_ -eq '1' } |
+            Measure-Object |
+            Select-Object -ExpandProperty Count
+
+    if ($cidr -lt 0 -or $cidr -gt 32) {
+        Write-Error "Invalid CIDR value. Expected a value between 0 and 32, but got $cidr."
+        return $SubnetMask
+    }
+
+    return $cidr
+}

Src/Private/Get-AbrFgtFirewall.ps1

@@ -1,4 +1,3 @@
-
 function Get-AbrFgtFirewall {
     <#
     .SYNOPSIS
@@ -117,7 +116,7 @@ function Get-AbrFgtFirewall {
 
                         switch ( $add.type ) {
                             "ipmask" {
-                                $value = $add.subnet.Replace(' ', '/')
+                                $value = $(if ($Options.UseCIDRNotation) { Convert-AbrFgtSubnetToCIDR -Input $add.subnet } else { $add.subnet.Replace(' ', '/') })
                             }
                             "iprange" {
                                 $value = $add.'start-ip' + "-" + $add.'end-ip'

Src/Private/Get-AbrFgtRoute.ps1

@@ -1,4 +1,3 @@
-
 function Get-AbrFgtRoute {
     <#
     .SYNOPSIS
@@ -74,7 +73,7 @@ function Get-AbrFgtRoute {
 
                         $OutObj += [pscustomobject]@{
                             "Type"                     = $route.type
-                            "IP/Mask"                  = $route.ip_mask
+                            "IP/Mask"                  = $(if ($Options.UseCIDRNotation) { Convert-AbrFgtSubnetToCIDR -Input $route.ip_mask } else { $route.ip_mask })
                             "Gateway"                  = $route.gateway
                             "Interface"                = $interface
                             "Distance/Metric/Priority" = "$($route.distance) / $($route.metric) / $($route.priority)"
@@ -110,7 +109,7 @@ function Get-AbrFgtRoute {
                             #TODO: add Lookup, only display the id...
                             $dst = $static.'internet-service'
                         } else {
-                            $dst = $static.dst
+                            $dst = $(if ($Options.UseCIDRNotation) { Convert-AbrFgtSubnetToCIDR -Input $static.dst } else { $static.dst })
                         }
 
                         #when Blackhole is enable, display blackhole for interface
@@ -153,13 +152,13 @@ function Get-AbrFgtRoute {
                     foreach ($pbr in $PolicyBasedRouting) {
 
                         if ($pbr.src) {
-                            $src = $pbr.src.subnet
+                            $src = $(if ($Options.UseCIDRNotation) { Convert-AbrFgtSubnetToCIDR -Input $pbr.src.subnet } else { $pbr.src.subnet })
                         }
                         else {
                             $src = $pbr.srcaddr.name
                         }
                         if ($pbr.dst) {
-                            $dst = $pbr.dst.subnet
+                            $dst = $(if ($Options.UseCIDRNotation) { Convert-AbrFgtSubnetToCIDR -Input $pbr.dst.subnet } else { $pbr.dst.subnet })
                         }
                         else {
                             $dst = $pbr.dstaddr.name

Src/Private/Get-AbrFgtSystem.ps1

@@ -198,25 +198,25 @@ function Get-AbrFgtSystem {
             $Admins = Get-FGTSystemAdmin
 
             if ($Admins -and $InfoLevel.System -ge 1) {
-                Section -Style Heading3 'Admin' {
+                Section -Style Heading3 'Administrators' {
                     $OutObj = @()
 
                     foreach ($admin in $Admins) {
 
-                        $trustedHosts = $admin.trusthost1 + "`n"
-                        $trustedHosts += $admin.trusthost2 + "`n"
-                        $trustedHosts += $admin.trusthost3 + "`n"
-                        $trustedHosts += $admin.trusthost4 + "`n"
-                        $trustedHosts += $admin.trusthost5 + "`n"
-                        $trustedHosts += $admin.trusthost6 + "`n"
-                        $trustedHosts += $admin.trusthost7 + "`n"
-                        $trustedHosts += $admin.trusthost8 + "`n"
-                        $trustedHosts += $admin.trusthost9 + "`n"
-                        $trustedHosts += $admin.trusthost10 + "`n"
-
-                        $trustedHosts = $trustedHosts -replace "0.0.0.0 0.0.0.0`n", "" #Remove 'All Network'
-                        if ($trustedHosts -eq "") {
-                            $trustedHosts = "All" #TODO: Add Health Warning !
+                        $trustedHosts = @()
+                        for ($i = 1; $i -le 10; $i++) {
+                            $hostProperty = "trusthost$i"
+                            $hostValue = $admin.$hostProperty
+
+                            if ($hostValue -and $hostValue -ne "0.0.0.0 0.0.0.0") {
+                                $trustedHosts += $(if ($Options.UseCIDRNotation) { Convert-AbrFgtSubnetToCIDR -Input $hostValue } else { $hostValue })
+                            }
+                        }
+
+                        $trustedHostsString = if ($trustedHosts.Count -eq 0) {
+                            "All" #TODO: Add Health Warning !
+                        } else {
+                            $trustedHosts -join "`n"
                         }
                         $OutObj += [pscustomobject]@{
                             "Name"          = $admin.name
@@ -269,10 +269,10 @@ function Get-AbrFgtSystem {
                                 $interface.member = $interface.member.count -gt 0 ? $interface.member.'interface-name' -join ', ' : ""
                                 $interface.mtu = $interface.'mtu-override' -eq 'disable' ? '' : $interface.mtu
                                 $interface.mode = $interface.mode -eq 'static' ? '' : $interface.mode
-                                $interface.ip = $interface.ip -eq '0.0.0.0 0.0.0.0' ? '' : $interface.ip
+                                $interface.ip = $interface.ip -eq '0.0.0.0 0.0.0.0' ? '' : $(if ($Options.UseCIDRNotation) { Convert-AbrFgtSubnetToCIDR -Input $interface.ip } else { $interface.ip })
                                 $interface.'secondaryip' = if ($interface.'secondary-ip' -eq 'enable' -and $null -ne $interface.'secondaryip') {
                                     ($interface.'secondaryip' | ForEach-Object {
-                                        $_.ip
+                                        $(if ($Options.UseCIDRNotation) { Convert-AbrFgtSubnetToCIDR -Input $_.ip } else { $_.ip })
                                     }) -join ', '
                                 } else {
                                     ""
@@ -281,7 +281,7 @@ function Get-AbrFgtSystem {
                                 $interface.vdom = $interface.vdom -eq 'root' ? '' : $interface.vdom
                                 $interface.vlanid = ($interface.vlanid -gt 0 ) ? $interface.vlanid : ""
                                 $interface.speed = $interface.speed -eq 'auto' ? '' : $interface.speed
-                                $interface.'remote-ip' = $interface.'remote-ip' -eq '0.0.0.0 0.0.0.0' ? '' : $interface.'remote-ip'
+                                $interface.'remote-ip' = $interface.'remote-ip' -eq '0.0.0.0 0.0.0.0' ? '' : $(if ($Options.UseCIDRNotation) { Convert-AbrFgtSubnetToCIDR -Input $interface.'remote-ip' } else { $interface.'remote-ip' })
 
 
                                 switch ($interfaceType) {

Src/Private/Get-AbrFgtVPNIPsec.ps1

@@ -1,4 +1,3 @@
-
 function Get-AbrFgtVPNIPsec {
     <#
     .SYNOPSIS
@@ -146,7 +145,7 @@ function Get-AbrFgtVPNIPsec {
                                     $src = $v2.'src-name'
                                 }
                                 "subnet" {
-                                    $src = $v2.'src-subnet' -replace " ", "/"
+                                    $src = $(if ($Options.UseCIDRNotation) { Convert-AbrFgtSubnetToCIDR -Input $v2.'src-subnet' } else { $v2.'src-subnet' -replace " ", "/" })
                                 }
                                 Default {}
                             }
@@ -155,7 +154,7 @@ function Get-AbrFgtVPNIPsec {
                                     $dst = $v2.'dst-name'
                                 }
                                 "subnet" {
-                                    $dst = $v2.'dst-subnet' -replace " ", "/"
+                                    $dst = $(if ($Options.UseCIDRNotation) { Convert-AbrFgtSubnetToCIDR -Input $v2.'dst-subnet' } else { $v2.'dst-subnet' -replace " ", "/" })
                                 }
                                 Default {}
                             }
@@ -202,10 +201,10 @@ function Get-AbrFgtVPNIPsec {
                                     "Keylife Kbs"                = $v2.keylifekbs
                                     'Source Address Type'        = $v2.'src-addr-type'
                                     'Source Address Name'        = $v2.'src-name'
-                                    'Source Address Subnet'      = $v2.'src-subnet'
+                                    'Source Address Subnet'      = $(if ($Options.UseCIDRNotation) { Convert-AbrFgtSubnetToCIDR -Input $v2.'src-subnet' } else { $v2.'src-subnet' })
                                     'Destination Address Type'   = $v2.'dst-addr-type'
                                     'Destination Address Name'   = $v2.'dst-name'
-                                    'Destination Address Subnet' = $v2.'dst-subnet'
+                                    'Destination Address Subnet' = $(if ($Options.UseCIDRNotation) { Convert-AbrFgtSubnetToCIDR -Input $v2.'dst-subnet' } else { $v2.'dst-subnet' })
                                 }