Floyd
Floyd
Considering move [port grammar](https://github.com/fhightower/ioc-finder/blob/main/ioc_finder/ioc_grammars.py#L112) to be part of the domain grammar.
Is there a way to programatically find the data being collected [here](https://github.com/fhightower/ioc-finder/blob/eb4a451f2bef0fcf9eb5395a73edca52e3fa1f6d/tests/find_iocs_cases/__init__.py#L9)?
E.g.: 1. (Fork and) create branch 2. Make changes 3. Test/lint them 4. Push 5. Create PR
The `find_iocs` function currently fails the cognitive complexity lint (hence why `CCR001` is disabled for that line). Update the function so that it passes.
https://collaborate.mitre.org/attackics/index.php/All_Techniques
The following test was failing for registry keys: ```python s = """HKLM\SOFTWARE\Microsoft\Windows ... NT\CurrentVersion\Console\ConsoleIME""" iocs = find_iocs(s) assert len(iocs['registry_key_paths']) == 1 assert iocs['registry_key_paths'][0] == 'HKLM\SOFTWARE\Microsoft\Windows' ``` Should this test pass?
I would like the following tests to pass: ```python s = r'test /Library/Storage/File System/HFS/25cf5d02-e50b-4288-870a-528d56c3cf6e file' iocs = find_iocs(s) assert iocs['file_paths'] == [r'/Library/Storage/File System/HFS/25cf5d02-e50b-4288-870a-528d56c3cf6e'] s = r'test /Library/Storage/File System/HFS/25cf5d02-e50b-4288-870a-528d56c3cf6e/ file' iocs...
I would like the following test to pass: ```python def test_unicode_domain_name(): s = "ȩxample.com" iocs = find_iocs(s) assert iocs['domains'] == ['\\u0229xample.com'] ```
The `windows_file_path` grammar is pretty naive right now... the file_ending is very basic and it would be nice to have a list of common file endings. The `windows_file_path` grammar assumes...
I disabled some of the experimental tests in `test_urls.py` and `test_hypothesis.py`.