dataforge/fn_registry
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

feat(cybersecurity): 8 IoC regex extractors + extract_iocs pipeline puro

Browse Source 
Extractores nuevos en python/functions/cybersecurity/:
- extract_ip_addresses (IPv4 + IPv6 con validacion ipaddress)
- extract_emails (RFC 5322 simplificado)
- extract_domains (FQDNs con TLD valido, lista estatica)
- extract_file_hashes (MD5/SHA1/SHA256/SHA512, algoritmo por longitud)
- extract_crypto_wallets (BTC legacy + bech32, ETH 0x+40hex)
- extract_cve_ids (CVE-YYYY-NNNN+)
- extract_mac_addresses (xx:xx:xx + xx-xx-xx, separador uniforme)
- extract_phone_numbers (E.164 + ES local 9 digitos)

Pipeline:
- extract_iocs corre todos, deduplica spans contenidos. Mantiene
  purity:pure (kind:function con uses_functions no vacio) porque la
  regla del registry exige que los pipelines sean impuros.

Todas devuelven list[dict] con value/start/end/type para que el
caller (issues 0038-0040) pueda reconciliar offsets con spans NER
sin reparsing.

Refs #0037

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
egutierrez
2026-04-30 16:24:11 +02:00
parent 0904409c59
commit dff0c0d2b7
19 changed files with 823 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
python/functions/cybersecurity/extract_file_hashes.md
+42
View File
@@ -0,0 +1,42 @@
---
name: extract_file_hashes
kind: function
lang: py
domain: cybersecurity
version: "1.0.0"
purity: pure
signature: "def extract_file_hashes(text: str) -> list[dict]"
description: "Extrae hashes MD5/SHA1/SHA256/SHA512 de un texto, con offsets y algoritmo deducido por longitud (32, 40, 64 o 128 hex). Util para extraer IoCs de reportes de threat intelligence."
tags: [ioc, hash, md5, sha1, sha256, sha512, regex, extract, cybersecurity, python]
uses_functions: []
uses_types: []
returns: []
returns_optional: false
error_type: ""
imports: [re]
params:
- name: text
desc: "string de texto del que extraer hashes hex"
output: "lista de dicts con {value, start, end, type='file_hash', algorithm} por cada hash encontrado"
tested: true
tests:
- "MD5 (32 hex), SHA1 (40), SHA256 (64), SHA512 (128)"
- "Longitudes intermedias se ignoran"
- "Insensible a mayusculas en hex"
test_file_path: "python/functions/cybersecurity/tests/test_extract_iocs.py"
file_path: "python/functions/cybersecurity/extract_file_hashes.py"
---
## Ejemplo
```python
extract_file_hashes("MD5: 5d41402abc4b2a76b9719d911017c592 SHA1: aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d")
# [{"value": "5d41402abc4b2a76b9719d911017c592", "start": 5, "end": 37,
# "type": "file_hash", "algorithm": "md5"},
# {"value": "aaf4c61ddcc5e8a2dabede0f3b482cd9aea9434d", "start": 44, "end": 84,
# "type": "file_hash", "algorithm": "sha1"}]
```
## Notas
Detecta solo longitudes canonicas (32/40/64/128 hex). Una secuencia hex de 50 caracteres se ignora. Word-boundary `\b` evita matchear sub-strings de hex mas largo. ETH wallets (`0x` + 40 hex = 42 chars totales) NO matchean este extractor por el `\b` y la ausencia del prefijo `0x` en este patron — el pipeline `extract_iocs` deduplica overlaps si los hubiera.