dataforge/fn_registry
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity
Files
fa5bcca1555d80c40eeb4e77dcddaac1323378cf
fn_registry/python/functions/cybersecurity/extract_cve_ids.md
T
egutierrez 6526da32dc feat(cybersecurity): 8 IoC regex extractors + extract_iocs pipeline puro 
Extractores nuevos en python/functions/cybersecurity/:
- extract_ip_addresses (IPv4 + IPv6 con validacion ipaddress)
- extract_emails (RFC 5322 simplificado)
- extract_domains (FQDNs con TLD valido, lista estatica)
- extract_file_hashes (MD5/SHA1/SHA256/SHA512, algoritmo por longitud)
- extract_crypto_wallets (BTC legacy + bech32, ETH 0x+40hex)
- extract_cve_ids (CVE-YYYY-NNNN+)
- extract_mac_addresses (xx:xx:xx + xx-xx-xx, separador uniforme)
- extract_phone_numbers (E.164 + ES local 9 digitos)

Pipeline:
- extract_iocs corre todos, deduplica spans contenidos. Mantiene
  purity:pure (kind:function con uses_functions no vacio) porque la
  regla del registry exige que los pipelines sean impuros.

Todas devuelven list[dict] con value/start/end/type para que el
caller (issues 0038-0040) pueda reconciliar offsets con spans NER
sin reparsing.

Refs #0037

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-30 16:24:11 +02:00

1.3 KiB
Raw Blame History

name, kind, lang, domain, version, purity, signature, description, tags, uses_functions, uses_types, returns, returns_optional, error_type, imports, params, output, tested, tests, test_file_path, file_path
name kind lang domain version purity signature description tags uses_functions uses_types returns returns_optional error_type imports params output tested tests test_file_path file_path
extract_cve_ids function py cybersecurity 1.0.0 pure def extract_cve_ids(text: str) -> list[dict] Extrae IDs CVE en formato `CVE-YYYY-NNNN+` de un texto, con offsets. No valida que el CVE exista en NVD.
ioc
cve
vulnerability
regex
extract
cybersecurity
python
false
re
name desc
text string de texto del que extraer CVEs
lista de dicts con {value, start, end, type='cve_id'} por cada CVE encontrado true
CVE basico (4 digitos)
CVE con 5+ digitos (post-2014)
Multiples CVEs en mismo texto
python/functions/cybersecurity/tests/test_extract_iocs.py python/functions/cybersecurity/extract_cve_ids.py

Ejemplo

extract_cve_ids("Patches CVE-2021-44228 and CVE-2024-1234567")
# [{"value": "CVE-2021-44228", "start": 8, "end": 22, "type": "cve_id"},
#  {"value": "CVE-2024-1234567", "start": 27, "end": 43, "type": "cve_id"}]

Notas

Acepta el rango oficial NVD: año de 4 digitos seguido de 4 a 7 digitos. No valida que exista en NVD — solo estructura. La parte numerica creciente permite CVEs grandes (post-2014, donde NVD elimino el limite de 4 digitos).

Reference in New Issue View Git Blame Copy Permalink