netpicker · netpicker · Oct 22, 2025 · Oct 22, 2025 · Oct 22, 2025 · Oct 22, 2025
diff --git a/...32_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py b/...32_require_ospf_auth_if_used/rule_3321_set_authentication_message_digest_for_ospf_area.py
@@ -0,0 +1,46 @@
+from comfy import medium
+import re
+
+
+@medium(
+    name='rule_3321_set_authentication_message_digest_for_ospf_area',
+    platform=['cisco_ios', 'cisco_xe'],
+)
+def rule_3321_set_authentication_message_digest_for_ospf_area(configuration, device, ref):
+    config = str(configuration)
+    interfaces = re.split(r'\ninterface ', config)
+    failed_interfaces = []
+
+    for section in interfaces[1:]:  # skip any preamble before the first interface
+        lines = section.strip().splitlines()
+        if not lines:
+            continue
+
+        interface_name = lines[0].strip()
+
+        # exclude loopbacks
+        if interface_name.lstrip().lower().startswith('loopback'):
+            continue
+
+        # Check if this interface has OSPF enabled
+        has_ospf = any(re.search(r'\bip ospf\b', line) for line in lines)
+
+        if has_ospf:
+            # Check for authentication
+            has_auth = any(
+                re.search(r'\bip ospf authentication message-digest\b', line)
+                for line in lines
+            )
+            if not has_auth:
+                failed_interfaces.append(interface_name)
+
+    combined_message = {
+        "message": (
+            "OSPF authentication (message-digest) missing on interfaces: "
+            + ", ".join(failed_interfaces)
+        ),
+        "ref": ref,
+    }
+    assert (
+        len(failed_interfaces) == 0
+    ), combined_message
diff --git a/...nication_message_digest_for_ospf_area.ref → ...tication_message_digest_for_ospf_area.ref b/...nication_message_digest_for_ospf_area.ref → ...tication_message_digest_for_ospf_area.ref
@@ -1,4 +1,4 @@
-.rule_3321_set_authetnication_message_digest_for_ospf_area
+.rule_3321_set_authentication_message_digest_for_ospf_area
 
   References: 1. http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/command/ospf-i1.html#GUID-3D5781A3-F8DF-4760-A551-6A3AB80A42ED
               2. http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/command/ospf-a1.html#GUID-81D0F753-D8D5-494E-9A10-B15433CFD445

diff --git a/...32_require_ospf_auth_if_used/rule_3321_set_authetnication_message_digest_for_ospf_area.py b/...32_require_ospf_auth_if_used/rule_3321_set_authetnication_message_digest_for_ospf_area.py
diff --git a/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3322_set_ip_ospf_message_digest_key_md5.py b/CIS/cisco_ios/332_require_ospf_auth_if_used/rule_3322_set_ip_ospf_message_digest_key_md5.py
@@ -1,19 +1,46 @@
-import pytest
 from comfy import medium
+import re
 
 
-@pytest.mark.skip("has to be reviewed")
 @medium(
     name='rule_3322_set_ip_ospf_message_digest_key_md5',
-    platform=['cisco_ios', 'cisco_xe'],
-    commands={'interface_config': 'sh run int {interface_name}'}
+    platform=['cisco_ios'],
 )
-def rule_3322_set_ip_ospf_message_digest_key_md5(commands, ref):
-    # Replace {interface_name} with the actual interface you want to test in the command dictionary or
-    # modify the rule to iterate through a list of interfaces if needed.
+def rule_3322_set_ip_ospf_message_digest_key_md5(configuration, device, ref):
+    config = str(configuration)
+    interfaces = re.split(r'\ninterface ', config)
+    failed_interfaces = []
 
-    # Extracting the OSPF MD5 key configuration from the command output
-    interface_config = commands.interface_config
+    for section in interfaces[1:]:  # skip any preamble before the first interface
+        lines = section.strip().splitlines()
+        if not lines:
+            continue
 
-    # Verifying the presence of the OSPF MD5 key in the interface configuration
-    assert 'ip ospf message-digest-key' in interface_config and 'md5' in interface_config, ref
+        interface_name = lines[0].strip()
+
+        # exclude loopbacks
+        if interface_name.lstrip().lower().startswith('loopback'):
+            continue
+
+        # Check if this interface has OSPF enabled
+        has_ospf = any(re.search(r'\bip ospf\b', line) for line in lines)
+
+        if has_ospf:
+            # Check for authentication
+            has_auth = any(
+                re.search(r'\bip ospf authentication message-digest key\b', line)
+                for line in lines
+            )
+            if not has_auth:
+                failed_interfaces.append(interface_name)
+
+    combined_message = {
+        "message": (
+            "OSPF authentication (message-digest-key) missing on interfaces: "
+            + ", ".join(failed_interfaces)
+        ),
+        "ref": ref,
+    }
+    assert (
+        len(failed_interfaces) == 0
+    ), combined_message