In pedantic mode, IPv6 entries are not correctly validated. These are listed with support since version 6.1.
Minimum PoC:
{
"reports": [
{
"link": "https://nccgroup.com/blog/",
"id": "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c",
"score": 50,
"title": "IOCs from NCC Group APT123 blog post",
"iocs": {
"ipv6": [
"2001:DB8::1"
]
}
}
],
"feedinfo": {
"summary": "This is my feed",
"tech_data": "Some technical data",
"provider_url": "https://nccgroup.com/",
"display_name": "NCC Group collated feed",
"name": "nccgroup"
}
}Test case:
-> % python validate_feed.py --pedantic -f temp.json
-> Validated that file exists and is readable
-> Validated that feed file is valid JSON
-> Unable to validate that the file is a valid CB feed
-> Details:
Report IOCs section contains extra keys: set([u'ipv6'])
It seems likely the function iter_iocs needs to be updated.
In pedantic mode, IPv6 entries are not correctly validated. These are listed with support since version 6.1.
Minimum PoC:
{ "reports": [ { "link": "https://nccgroup.com/blog/", "id": "50d858e0985ecc7f60418aaf0cc5ab587f42c2570a884095a9e8ccacd0f6545c", "score": 50, "title": "IOCs from NCC Group APT123 blog post", "iocs": { "ipv6": [ "2001:DB8::1" ] } } ], "feedinfo": { "summary": "This is my feed", "tech_data": "Some technical data", "provider_url": "https://nccgroup.com/", "display_name": "NCC Group collated feed", "name": "nccgroup" } }Test case:
It seems likely the function
iter_iocsneeds to be updated.