dataforge/fn_registry
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
6526da32dc3f1ee31f0594d2f4c097503c2dd401
fn_registry/python/functions/cybersecurity/extract_ip_addresses.py
T
egutierrez 6526da32dc feat(cybersecurity): 8 IoC regex extractors + extract_iocs pipeline puro 
Extractores nuevos en python/functions/cybersecurity/:
- extract_ip_addresses (IPv4 + IPv6 con validacion ipaddress)
- extract_emails (RFC 5322 simplificado)
- extract_domains (FQDNs con TLD valido, lista estatica)
- extract_file_hashes (MD5/SHA1/SHA256/SHA512, algoritmo por longitud)
- extract_crypto_wallets (BTC legacy + bech32, ETH 0x+40hex)
- extract_cve_ids (CVE-YYYY-NNNN+)
- extract_mac_addresses (xx:xx:xx + xx-xx-xx, separador uniforme)
- extract_phone_numbers (E.164 + ES local 9 digitos)

Pipeline:
- extract_iocs corre todos, deduplica spans contenidos. Mantiene
  purity:pure (kind:function con uses_functions no vacio) porque la
  regla del registry exige que los pipelines sean impuros.

Todas devuelven list[dict] con value/start/end/type para que el
caller (issues 0038-0040) pueda reconciliar offsets con spans NER
sin reparsing.

Refs #0037

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-30 16:24:11 +02:00

54 lines
1.4 KiB
Python
Raw Blame History

"""Extrae IPv4 + IPv6 validas de un texto, con offsets."""
import ipaddress
import re
_IPV4_CANDIDATE = re.compile(r"\b\d{1,3}(?:\.\d{1,3}){3}\b")
_IPV6_CANDIDATE = re.compile(
r"(?<![0-9A-Fa-f:])"
r"(?:[0-9A-Fa-f]{0,4}:){2,7}[0-9A-Fa-f]{0,4}"
r"(?:%[0-9A-Za-z]+)?"
r"(?![0-9A-Fa-f:])"
)
def extract_ip_addresses(text: str) -> list[dict]:
"""Extrae IPv4 e IPv6 validas con offsets.
Filtra candidatos que no parsean como IP valida con `ipaddress`. No
distingue IP privadas (10.x, 192.168.x) de publicas — el filtrado de
relevancia es responsabilidad del caller.
"""
results: list[dict] = []
for m in _IPV4_CANDIDATE.finditer(text):
candidate = m.group(0)
try:
ipaddress.IPv4Address(candidate)
except ValueError:
continue
results.append({
"value": candidate,
"start": m.start(),
"end": m.end(),
"type": "ip_address",
})
for m in _IPV6_CANDIDATE.finditer(text):
candidate = m.group(0).split("%", 1)[0]
if candidate.count(":") < 2:
continue
try:
ipaddress.IPv6Address(candidate)
except ValueError:
continue
results.append({
"value": m.group(0),
"start": m.start(),
"end": m.end(),
"type": "ip_address",
})
results.sort(key=lambda r: r["start"])
return results
Reference in New Issue View Git Blame Copy Permalink