Skip to content

IPv4 address Extractor regex does not match only IPv4 address #198

New issue
New issue
Closed
Closed
IPv4 address Extractor regex does not match only IPv4 address#198
Labels
category:enhancementIssue is related to an existing feature to improvescope:question
@srilumpa

Description

@srilumpa
srilumpa
opened on Feb 22, 2018

Request Type

Bug

Work Environment

Question Answer
OS version (server) Debian
Cortex Analyzer Name cortexutils
Cortex Analyzer Version 1.2.0
Cortex Version 1.0.0, hash of the commit

Description

The regular expression used to detect if an artifact is an IPv4 address is "too wide" and will detect as an IP address every string containing four groups of one, two or three digits separated by dots.

Steps to Reproduce

  1. Call Extractor().check_string("1.0.0.127.localhost.localdomain.")
  2. This will return ip but should return fqdn (or an empty string)

Possible Solutions

Use the following regular expression for ip type detection/extraction: ^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:\/\d\d?)?$

Metadata

Metadata

Assignees

No one assigned

    Labels

    category:enhancementIssue is related to an existing feature to improvescope:question

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions