visidata: add IOC types with cached, throttled lookups

Centralize provider caching and rate-limit handling, then add Domain/URL/Hash IOC types and safer VT/IPInfo key resolution so lookups stay reliable on free-tier APIs.
2026-02-21 23:10:44 +01:00
parent a931be4707
commit 84d912ac0a
9 changed files with 1048 additions and 173 deletions
--- a/config/visidata/scripts/validate_ioclib.py
+++ b/config/visidata/scripts/validate_ioclib.py
@@ -0,0 +1,45 @@
+#!/usr/bin/env python3
+"""
+Offline validation for plugins/ioclib.py helpers.
+"""
+
+from __future__ import annotations
+
+import os
+import sys
+
+sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+
+from plugins.ioclib import parse_mb_info, vt_url_id  # noqa: E402
+
+
+def _assert(cond: bool, msg: str):
+    if not cond:
+        raise AssertionError(msg)
+
+
+def main() -> int:
+    _assert(vt_url_id("http://example.com/") == "aHR0cDovL2V4YW1wbGUuY29tLw", "vt_url_id known example")
+
+    mb = parse_mb_info(
+        {
+            "query_status": "ok",
+            "data": [
+                {
+                    "sha256_hash": "0" * 64,
+                    "signature": "Emotet",
+                    "tags": ["tag1", "tag2"],
+                }
+            ],
+        }
+    )
+    _assert(mb.status == "ok", "mb.status")
+    _assert(mb.signature == "Emotet", "mb.signature")
+    _assert(mb.tags == ("tag1", "tag2"), "mb.tags")
+    print("ok")
+    return 0
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())
+