egutierrez
6526da32dc
Extractores nuevos en python/functions/cybersecurity/: - extract_ip_addresses (IPv4 + IPv6 con validacion ipaddress) - extract_emails (RFC 5322 simplificado) - extract_domains (FQDNs con TLD valido, lista estatica) - extract_file_hashes (MD5/SHA1/SHA256/SHA512, algoritmo por longitud) - extract_crypto_wallets (BTC legacy + bech32, ETH 0x+40hex) - extract_cve_ids (CVE-YYYY-NNNN+) - extract_mac_addresses (xx:xx:xx + xx-xx-xx, separador uniforme) - extract_phone_numbers (E.164 + ES local 9 digitos) Pipeline: - extract_iocs corre todos, deduplica spans contenidos. Mantiene purity:pure (kind:function con uses_functions no vacio) porque la regla del registry exige que los pipelines sean impuros. Todas devuelven list[dict] con value/start/end/type para que el caller (issues 0038-0040) pueda reconciliar offsets con spans NER sin reparsing. Refs #0037 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
41 lines
1.4 KiB
Markdown
41 lines
1.4 KiB
Markdown
---
|
|
name: extract_emails
|
|
kind: function
|
|
lang: py
|
|
domain: cybersecurity
|
|
version: "1.0.0"
|
|
purity: pure
|
|
signature: "def extract_emails(text: str) -> list[dict]"
|
|
description: "Extrae direcciones de email (RFC 5322 simplificado) de un texto, con offsets start/end. No valida MX ni que el TLD exista — solo estructura sintactica."
|
|
tags: [ioc, email, regex, extract, cybersecurity, python]
|
|
uses_functions: []
|
|
uses_types: []
|
|
returns: []
|
|
returns_optional: false
|
|
error_type: ""
|
|
imports: [re]
|
|
params:
|
|
- name: text
|
|
desc: "string de texto del que extraer emails"
|
|
output: "lista de dicts con {value, start, end, type='email'} por cada email encontrado"
|
|
tested: true
|
|
tests:
|
|
- "Email simple"
|
|
- "Multiples emails con caracteres validos en local part"
|
|
- "No matchea texto sin @"
|
|
test_file_path: "python/functions/cybersecurity/tests/test_extract_iocs.py"
|
|
file_path: "python/functions/cybersecurity/extract_emails.py"
|
|
---
|
|
|
|
## Ejemplo
|
|
|
|
```python
|
|
extract_emails("Contact: alice@example.com or bob+work@sub.test.org")
|
|
# [{"value": "alice@example.com", "start": 9, "end": 26, "type": "email"},
|
|
# {"value": "bob+work@sub.test.org", "start": 30, "end": 51, "type": "email"}]
|
|
```
|
|
|
|
## Notas
|
|
|
|
Acepta `._%+-` en parte local. El dominio exige al menos un punto y termina en componente alfanumerico de 1+ chars. No valida MX ni que el TLD aparezca en lista de TLDs validos — para extraer dominios independientemente, ver `extract_domains_py_cybersecurity`.
|