feat: 16 funciones cybersecurity — análisis, crypto e IO de seguridad

12 funciones puras con implementación real: HashSHA256, HashMD5, EntropyShannon, IsBase64, IsHex, ExtractURLs, ParseIPCIDR, IPInRange, NormalizeURL, DetectSQLInjection, LevenshteinDistance, JaccardSimilarity 4 funciones impuras con implementación real (stdlib): LookupWhois, ResolveDNS, FetchHTTPHeaders, ScanPortTCP Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-28 02:23:41 +01:00
parent fc734029c1
commit bd9383fd82
32 changed files with 759 additions and 0 deletions
@@ -0,0 +1,33 @@
 package cybersecurity
 import (
 	"regexp"
 	"strings"
 )
 var sqliPatterns = []struct {
 	name string
 	re   *regexp.Regexp
 }{
 	{"union_select", regexp.MustCompile(`(?i)\bunion\s+(all\s+)?select\b`)},
 	{"or_1_eq_1", regexp.MustCompile(`(?i)\bor\s+1\s*=\s*1`)},
 	{"comment_injection", regexp.MustCompile(`(--|#|/\*)\s*$`)},
 	{"single_quote_or", regexp.MustCompile(`(?i)'\s*(or|and)\s+'`)},
 	{"drop_table", regexp.MustCompile(`(?i)\bdrop\s+(table|database)\b`)},
 	{"sleep_benchmark", regexp.MustCompile(`(?i)\b(sleep|benchmark)\s*\(`)},
 	{"exec_xp", regexp.MustCompile(`(?i)\b(exec|xp_)\w*`)},
 	{"tautology", regexp.MustCompile(`(?i)\bor\s+['"]?\w+['"]?\s*=\s*['"]?\w+['"]?`)},
 	{"stacked_query", regexp.MustCompile(`;\s*(select|insert|update|delete|drop|alter)\b`)},
 }
 // DetectSQLInjection analiza un input en busca de patrones heuristicos de inyeccion SQL.
 // Devuelve si se detecto una amenaza y el nombre del patron encontrado.
 func DetectSQLInjection(input string) (isThreat bool, pattern string) {
 	normalized := strings.TrimSpace(input)
 	for _, p := range sqliPatterns {
 		if p.re.MatchString(normalized) {
 			return true, p.name
 		}
 	}
 	return false, ""
 }
@@ -0,0 +1,21 @@
 ---
 name: detect_sql_injection
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: pure
 signature: "func DetectSQLInjection(input string) (isThreat bool, pattern string)"
 description: "Analiza un input en busca de patrones heuristicos de inyeccion SQL y devuelve si se detecto amenaza y el patron encontrado."
 tags: [cybersecurity, sqli, detection, security]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: ""
 imports: [regexp, strings]
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/detect_sql_injection.go"
 ---
@@ -0,0 +1,26 @@
 package cybersecurity
 import "math"
 // EntropyShannon calcula la entropia de Shannon de los datos proporcionados.
 // Devuelve un valor entre 0 (datos uniformes) y 8 (datos completamente aleatorios para bytes).
 func EntropyShannon(data []byte) float64 {
 	if len(data) == 0 {
 		return 0
 	}
 	var freq [256]float64
 	for _, b := range data {
 		freq[b]++
 	}
 	n := float64(len(data))
 	entropy := 0.0
 	for _, f := range freq {
 		if f > 0 {
 			p := f / n
 			entropy -= p * math.Log2(p)
 		}
 	}
 	return entropy
 }
@@ -0,0 +1,21 @@
 ---
 name: entropy_shannon
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: pure
 signature: "func EntropyShannon(data []byte) float64"
 description: "Calcula la entropia de Shannon de un slice de bytes. Retorna un valor entre 0 y 8 bits por byte."
 tags: [cybersecurity, entropy, shannon, analysis]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: ""
 imports: [math]
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/entropy_shannon.go"
 ---
@@ -0,0 +1,14 @@
 package cybersecurity
 import "regexp"
 var urlRegex = regexp.MustCompile(`https?://[^\s<>"'` + "`" + `\)\]\}]+`)
 // ExtractURLs extrae todas las URLs (http/https) encontradas en el texto proporcionado.
 func ExtractURLs(text string) []string {
 	matches := urlRegex.FindAllString(text, -1)
 	if matches == nil {
 		return []string{}
 	}
 	return matches
 }
@@ -0,0 +1,21 @@
 ---
 name: extract_urls
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: pure
 signature: "func ExtractURLs(text string) []string"
 description: "Extrae todas las URLs HTTP/HTTPS de un texto usando expresiones regulares."
 tags: [cybersecurity, extract, url, parse]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: ""
 imports: [regexp]
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/extract_urls.go"
 ---
@@ -0,0 +1,27 @@
 package cybersecurity
 import (
 	"fmt"
 	"net/http"
 	"time"
 )
 // FetchHTTPHeaders realiza una solicitud HTTP HEAD a la URL y devuelve los headers de respuesta.
 func FetchHTTPHeaders(url string) (map[string][]string, error) {
 	client := &http.Client{
 		Timeout: 10 * time.Second,
 	}
 	resp, err := client.Head(url)
 	if err != nil {
 		return nil, fmt.Errorf("error realizando solicitud HEAD a %s: %w", url, err)
 	}
 	defer resp.Body.Close()
 	headers := make(map[string][]string, len(resp.Header))
 	for k, v := range resp.Header {
 		headers[k] = v
 	}
 	return headers, nil
 }
@@ -0,0 +1,21 @@
 ---
 name: fetch_http_headers
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: impure
 signature: "func FetchHTTPHeaders(url string) (map[string][]string, error)"
 description: "Realiza una solicitud HTTP HEAD a una URL y devuelve los headers de la respuesta."
 tags: [cybersecurity, io, http, headers]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: "error_go_core"
 imports: [fmt, net/http, time]
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/fetch_http_headers.go"
 ---
@@ -0,0 +1,12 @@
 package cybersecurity
 import (
 	"crypto/md5"
 	"encoding/hex"
 )
 // HashMD5 calcula el hash MD5 de los datos proporcionados y devuelve el resultado como string hexadecimal.
 func HashMD5(data []byte) string {
 	h := md5.Sum(data)
 	return hex.EncodeToString(h[:])
 }
@@ -0,0 +1,21 @@
 ---
 name: hash_md5
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: pure
 signature: "func HashMD5(data []byte) string"
 description: "Calcula el hash MD5 de un slice de bytes y devuelve el resultado como string hexadecimal."
 tags: [cybersecurity, hash, md5, crypto]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: ""
 imports: [crypto/md5, encoding/hex]
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/hash_md5.go"
 ---
@@ -0,0 +1,12 @@
 package cybersecurity
 import (
 	"crypto/sha256"
 	"encoding/hex"
 )
 // HashSHA256 calcula el hash SHA-256 de los datos proporcionados y devuelve el resultado como string hexadecimal.
 func HashSHA256(data []byte) string {
 	h := sha256.Sum256(data)
 	return hex.EncodeToString(h[:])
 }
@@ -0,0 +1,21 @@
 ---
 name: hash_sha256
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: pure
 signature: "func HashSHA256(data []byte) string"
 description: "Calcula el hash SHA-256 de un slice de bytes y devuelve el resultado como string hexadecimal."
 tags: [cybersecurity, hash, sha256, crypto]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: ""
 imports: [crypto/sha256, encoding/hex]
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/hash_sha256.go"
 ---
@@ -0,0 +1,16 @@
 package cybersecurity
 import "net"
 // IPInRange verifica si una direccion IP esta dentro de un rango CIDR dado.
 func IPInRange(ip, cidr string) bool {
 	parsedIP := net.ParseIP(ip)
 	if parsedIP == nil {
 		return false
 	}
 	_, ipNet, err := net.ParseCIDR(cidr)
 	if err != nil {
 		return false
 	}
 	return ipNet.Contains(parsedIP)
 }
@@ -0,0 +1,21 @@
 ---
 name: ip_in_range
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: pure
 signature: "func IPInRange(ip, cidr string) bool"
 description: "Verifica si una direccion IP se encuentra dentro de un rango CIDR dado."
 tags: [cybersecurity, network, cidr, check]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: ""
 imports: [net]
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/ip_in_range.go"
 ---
@@ -0,0 +1,12 @@
 package cybersecurity
 import "encoding/base64"
 // IsBase64 verifica si el string proporcionado es una cadena base64 valida (standard encoding).
 func IsBase64(s string) bool {
 	if len(s) == 0 {
 		return false
 	}
 	_, err := base64.StdEncoding.DecodeString(s)
 	return err == nil
 }
@@ -0,0 +1,21 @@
 ---
 name: is_base64
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: pure
 signature: "func IsBase64(s string) bool"
 description: "Valida si un string es una cadena base64 valida segun el encoding estandar."
 tags: [cybersecurity, validation, base64, format]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: ""
 imports: [encoding/base64]
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/is_base64.go"
 ---
@@ -0,0 +1,15 @@
 package cybersecurity
 // IsHex verifica si el string proporcionado es una cadena hexadecimal valida.
 // Requiere longitud par y que todos los caracteres sean digitos hex (0-9, a-f, A-F).
 func IsHex(s string) bool {
 	if len(s) == 0 || len(s)%2 != 0 {
 		return false
 	}
 	for _, c := range s {
 		if !((c >= '0' && c <= '9') || (c >= 'a' && c <= 'f') || (c >= 'A' && c <= 'F')) {
 			return false
 		}
 	}
 	return true
 }
@@ -0,0 +1,21 @@
 ---
 name: is_hex
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: pure
 signature: "func IsHex(s string) bool"
 description: "Valida si un string es una cadena hexadecimal valida (longitud par, caracteres 0-9 a-f A-F)."
 tags: [cybersecurity, validation, hex, format]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: ""
 imports: []
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/is_hex.go"
 ---
@@ -0,0 +1,37 @@
 package cybersecurity
 // JaccardSimilarity calcula la similitud de Jaccard entre dos conjuntos de tokens.
 // Devuelve un valor entre 0.0 (sin interseccion) y 1.0 (conjuntos identicos).
 func JaccardSimilarity(a, b []string) float64 {
 	if len(a) == 0 && len(b) == 0 {
 		return 1.0
 	}
 	if len(a) == 0 || len(b) == 0 {
 		return 0.0
 	}
 	setA := make(map[string]struct{}, len(a))
 	for _, s := range a {
 		setA[s] = struct{}{}
 	}
 	setB := make(map[string]struct{}, len(b))
 	for _, s := range b {
 		setB[s] = struct{}{}
 	}
 	intersection := 0
 	for k := range setA {
 		if _, ok := setB[k]; ok {
 			intersection++
 		}
 	}
 	// Union = |A| + |B| - |A intersect B| (usando conjuntos sin duplicados)
 	union := len(setA) + len(setB) - intersection
 	if union == 0 {
 		return 0.0
 	}
 	return float64(intersection) / float64(union)
 }
@@ -0,0 +1,21 @@
 ---
 name: jaccard_similarity
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: pure
 signature: "func JaccardSimilarity(a, b []string) float64"
 description: "Calcula la similitud de Jaccard entre dos conjuntos de tokens. Retorna un valor entre 0.0 y 1.0."
 tags: [cybersecurity, similarity, jaccard, tokens]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: ""
 imports: []
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/jaccard_similarity.go"
 ---
@@ -0,0 +1,49 @@
 package cybersecurity
 // LevenshteinDistance calcula la distancia de edicion (Levenshtein) entre dos strings.
 func LevenshteinDistance(a, b string) int {
 	ra := []rune(a)
 	rb := []rune(b)
 	la := len(ra)
 	lb := len(rb)
 	if la == 0 {
 		return lb
 	}
 	if lb == 0 {
 		return la
 	}
 	// Usar solo dos filas para optimizar memoria
 	prev := make([]int, lb+1)
 	curr := make([]int, lb+1)
 	for j := 0; j <= lb; j++ {
 		prev[j] = j
 	}
 	for i := 1; i <= la; i++ {
 		curr[0] = i
 		for j := 1; j <= lb; j++ {
 			cost := 1
 			if ra[i-1] == rb[j-1] {
 				cost = 0
 			}
 			del := prev[j] + 1
 			ins := curr[j-1] + 1
 			sub := prev[j-1] + cost
 			m := del
 			if ins < m {
 				m = ins
 			}
 			if sub < m {
 				m = sub
 			}
 			curr[j] = m
 		}
 		prev, curr = curr, prev
 	}
 	return prev[lb]
 }
@@ -0,0 +1,21 @@
 ---
 name: levenshtein_distance
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: pure
 signature: "func LevenshteinDistance(a, b string) int"
 description: "Calcula la distancia de edicion de Levenshtein entre dos strings. Util para deteccion de typosquatting."
 tags: [cybersecurity, string, distance, typosquatting]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: ""
 imports: []
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/levenshtein_distance.go"
 ---
@@ -0,0 +1,33 @@
 package cybersecurity
 import (
 	"fmt"
 	"io"
 	"net"
 	"strings"
 	"time"
 )
 // LookupWhois realiza una consulta WHOIS para el dominio proporcionado conectandose al servidor whois.iana.org.
 func LookupWhois(domain string) (string, error) {
 	conn, err := net.DialTimeout("tcp", "whois.iana.org:43", 10*time.Second)
 	if err != nil {
 		return "", fmt.Errorf("error conectando al servidor WHOIS: %w", err)
 	}
 	defer conn.Close()
 	_ = conn.SetDeadline(time.Now().Add(10 * time.Second))
 	_, err = fmt.Fprintf(conn, "%s\r\n", domain)
 	if err != nil {
 		return "", fmt.Errorf("error enviando consulta WHOIS: %w", err)
 	}
 	var sb strings.Builder
 	_, err = io.Copy(&sb, conn)
 	if err != nil {
 		return "", fmt.Errorf("error leyendo respuesta WHOIS: %w", err)
 	}
 	return sb.String(), nil
 }
@@ -0,0 +1,21 @@
 ---
 name: lookup_whois
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: impure
 signature: "func LookupWhois(domain string) (string, error)"
 description: "Realiza una consulta WHOIS para un dominio conectandose al servidor whois.iana.org por TCP."
 tags: [cybersecurity, io, whois, recon]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: "error_go_core"
 imports: [fmt, io, net, strings, time]
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/lookup_whois.go"
 ---
@@ -0,0 +1,44 @@
 package cybersecurity
 import (
 	"net/url"
 	"strings"
 )
 // trackingParams lista de parametros de tracking comunes a eliminar.
 var trackingParams = map[string]bool{
 	"utm_source":   true,
 	"utm_medium":   true,
 	"utm_campaign": true,
 	"utm_term":     true,
 	"utm_content":  true,
 	"fbclid":       true,
 	"gclid":        true,
 	"ref":          true,
 	"mc_cid":       true,
 	"mc_eid":       true,
 }
 // NormalizeURL normaliza una URL: convierte el host a minusculas, elimina fragmentos
 // y remueve parametros de tracking comunes.
 func NormalizeURL(rawURL string) string {
 	u, err := url.Parse(rawURL)
 	if err != nil {
 		return rawURL
 	}
 	// Lowercase host
 	u.Host = strings.ToLower(u.Host)
 	// Eliminar fragmento
 	u.Fragment = ""
 	// Eliminar parametros de tracking
 	q := u.Query()
 	for param := range trackingParams {
 		q.Del(param)
 	}
 	u.RawQuery = q.Encode()
 	return u.String()
 }
@@ -0,0 +1,21 @@
 ---
 name: normalize_url
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: pure
 signature: "func NormalizeURL(rawURL string) string"
 description: "Normaliza una URL: convierte el host a minusculas, elimina fragmentos y remueve parametros de tracking comunes."
 tags: [cybersecurity, url, normalize, sanitize]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: ""
 imports: [net/url, strings]
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/normalize_url.go"
 ---
@@ -0,0 +1,44 @@
 package cybersecurity
 import (
 	"encoding/binary"
 	"fmt"
 	"net"
 )
 // ParseIPCIDR parsea una notacion CIDR y devuelve la direccion de red, broadcast, cantidad de hosts y error.
 func ParseIPCIDR(cidr string) (network string, broadcast string, hosts int, err error) {
 	ip, ipNet, err := net.ParseCIDR(cidr)
 	if err != nil {
 		return "", "", 0, fmt.Errorf("CIDR invalido: %w", err)
 	}
 	// Solo soportamos IPv4
 	ip4 := ip.To4()
 	if ip4 == nil {
 		return "", "", 0, fmt.Errorf("solo se soporta IPv4")
 	}
 	mask := ipNet.Mask
 	networkIP := ipNet.IP.To4()
 	network = networkIP.String()
 	// Calcular broadcast
 	broadcastIP := make(net.IP, 4)
 	for i := 0; i < 4; i++ {
 		broadcastIP[i] = networkIP[i] | ^mask[i]
 	}
 	broadcast = broadcastIP.String()
 	// Calcular hosts usables
 	netInt := binary.BigEndian.Uint32(networkIP)
 	bcastInt := binary.BigEndian.Uint32(broadcastIP)
 	total := int(bcastInt - netInt + 1)
 	if total > 2 {
 		hosts = total - 2 // excluir network y broadcast
 	} else {
 		hosts = total // /31 o /32
 	}
 	return network, broadcast, hosts, nil
 }
@@ -0,0 +1,21 @@
 ---
 name: parse_ip_cidr
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: pure
 signature: "func ParseIPCIDR(cidr string) (network string, broadcast string, hosts int, err error)"
 description: "Parsea una notacion CIDR IPv4 y devuelve la direccion de red, broadcast y cantidad de hosts usables."
 tags: [cybersecurity, network, cidr, parse]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: ""
 imports: [encoding/binary, fmt, net]
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/parse_ip_cidr.go"
 ---
@@ -0,0 +1,15 @@
 package cybersecurity
 import (
 	"fmt"
 	"net"
 )
 // ResolveDNS resuelve un hostname a sus direcciones IP usando el resolver del sistema.
 func ResolveDNS(host string) ([]string, error) {
 	ips, err := net.LookupHost(host)
 	if err != nil {
 		return nil, fmt.Errorf("error resolviendo DNS para %s: %w", host, err)
 	}
 	return ips, nil
 }
@@ -0,0 +1,21 @@
 ---
 name: resolve_dns
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: impure
 signature: "func ResolveDNS(host string) ([]string, error)"
 description: "Resuelve un hostname a sus direcciones IP usando el resolver DNS del sistema."
 tags: [cybersecurity, io, dns, resolve]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: "error_go_core"
 imports: [fmt, net]
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/resolve_dns.go"
 ---
@@ -0,0 +1,34 @@
 package cybersecurity
 import (
 	"fmt"
 	"net"
 	"time"
 )
 // ScanPortTCP intenta conectarse a un puerto TCP y devuelve el estado ("open", "closed", "filtered"),
 // un banner si el puerto esta abierto, y un posible error.
 func ScanPortTCP(host string, port int, timeoutMs int) (status string, banner string, err error) {
 	address := fmt.Sprintf("%s:%d", host, port)
 	timeout := time.Duration(timeoutMs) * time.Millisecond
 	conn, err := net.DialTimeout("tcp", address, timeout)
 	if err != nil {
 		// Distinguir entre conexion rechazada (closed) y timeout (filtered)
 		if netErr, ok := err.(net.Error); ok && netErr.Timeout() {
 			return "filtered", "", nil
 		}
 		return "closed", "", nil
 	}
 	defer conn.Close()
 	// Intentar leer un banner con timeout corto
 	_ = conn.SetReadDeadline(time.Now().Add(2 * time.Second))
 	buf := make([]byte, 1024)
 	n, _ := conn.Read(buf)
 	if n > 0 {
 		banner = string(buf[:n])
 	}
 	return "open", banner, nil
 }
@@ -0,0 +1,21 @@
 ---
 name: scan_port_tcp
 kind: function
 lang: go
 domain: cybersecurity
 version: "1.0.0"
 purity: impure
 signature: "func ScanPortTCP(host string, port int, timeoutMs int) (status string, banner string, err error)"
 description: "Escanea un puerto TCP en un host dado. Devuelve el estado (open/closed/filtered) y un banner si esta abierto."
 tags: [cybersecurity, io, port, scan]
 uses_functions: []
 uses_types: []
 returns: []
 returns_optional: false
 error_type: "error_go_core"
 imports: [fmt, net, time]
 tested: false
 tests: []
 test_file_path: ""
 file_path: "functions/cybersecurity/scan_port_tcp.go"
 ---