feat(cybersecurity): 8 IoC regex extractors + extract_iocs pipeline puro
Extractores nuevos en python/functions/cybersecurity/: - extract_ip_addresses (IPv4 + IPv6 con validacion ipaddress) - extract_emails (RFC 5322 simplificado) - extract_domains (FQDNs con TLD valido, lista estatica) - extract_file_hashes (MD5/SHA1/SHA256/SHA512, algoritmo por longitud) - extract_crypto_wallets (BTC legacy + bech32, ETH 0x+40hex) - extract_cve_ids (CVE-YYYY-NNNN+) - extract_mac_addresses (xx:xx:xx + xx-xx-xx, separador uniforme) - extract_phone_numbers (E.164 + ES local 9 digitos) Pipeline: - extract_iocs corre todos, deduplica spans contenidos. Mantiene purity:pure (kind:function con uses_functions no vacio) porque la regla del registry exige que los pipelines sean impuros. Todas devuelven list[dict] con value/start/end/type para que el caller (issues 0038-0040) pueda reconciliar offsets con spans NER sin reparsing. Refs #0037 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,40 @@
|
||||
---
|
||||
name: extract_cve_ids
|
||||
kind: function
|
||||
lang: py
|
||||
domain: cybersecurity
|
||||
version: "1.0.0"
|
||||
purity: pure
|
||||
signature: "def extract_cve_ids(text: str) -> list[dict]"
|
||||
description: "Extrae IDs CVE en formato `CVE-YYYY-NNNN+` de un texto, con offsets. No valida que el CVE exista en NVD."
|
||||
tags: [ioc, cve, vulnerability, regex, extract, cybersecurity, python]
|
||||
uses_functions: []
|
||||
uses_types: []
|
||||
returns: []
|
||||
returns_optional: false
|
||||
error_type: ""
|
||||
imports: [re]
|
||||
params:
|
||||
- name: text
|
||||
desc: "string de texto del que extraer CVEs"
|
||||
output: "lista de dicts con {value, start, end, type='cve_id'} por cada CVE encontrado"
|
||||
tested: true
|
||||
tests:
|
||||
- "CVE basico (4 digitos)"
|
||||
- "CVE con 5+ digitos (post-2014)"
|
||||
- "Multiples CVEs en mismo texto"
|
||||
test_file_path: "python/functions/cybersecurity/tests/test_extract_iocs.py"
|
||||
file_path: "python/functions/cybersecurity/extract_cve_ids.py"
|
||||
---
|
||||
|
||||
## Ejemplo
|
||||
|
||||
```python
|
||||
extract_cve_ids("Patches CVE-2021-44228 and CVE-2024-1234567")
|
||||
# [{"value": "CVE-2021-44228", "start": 8, "end": 22, "type": "cve_id"},
|
||||
# {"value": "CVE-2024-1234567", "start": 27, "end": 43, "type": "cve_id"}]
|
||||
```
|
||||
|
||||
## Notas
|
||||
|
||||
Acepta el rango oficial NVD: año de 4 digitos seguido de 4 a 7 digitos. No valida que exista en NVD — solo estructura. La parte numerica creciente permite CVEs grandes (post-2014, donde NVD elimino el limite de 4 digitos).
|
||||
Reference in New Issue
Block a user