Invalid URI values within external_references #16
Description
There are values in external_references that cause problems with validating against the OASIS schemas. The schemas specify "format: uri" for the "url" attribute (schemas/common/url-regex.json), and this may enforce validation of content against RFC3986, depending on the toolset that consumes ATT&CK data.
The problematic values include:
"url": "http://download.ahnlab.com/global/brochure/[Analysis]Andariel_Group.pdf"
"url": "https://global.ahnlab.com/global/upload/download/techreport/[Analysis_Report]Operation%20Kabar%20Cobra.pdf"
"url": "https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html "
"url": "https://www.dragos.com/wp-content/uploads/CRASHOVERRIDE2018.pdf "
"url": "https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf "
"url": "https://dragos.com/blog/crashoverride/CrashOverride-01.pdf "
"url": "https://www.wired.com/images_blogs/threatlevel/2010/11/w32_stuxnet_dossier.pdf "
"url": "https://redcanary.com/blog/how-one-hospital-thwarted-a-ryuk-ransomware-outbreak/ "
"url": " https://unit42.paloaltonetworks.com/ironnetinjector/"
"url": "https://www.zscaler.com/blogs/research/super-mario-run-malware-2-\u2013-droidjack-rat"
"url": "https://www.virustotal.com/gui/file/0b4c743246478a6a8c9fa3ff8e04f297507c2f0ea5d61a1284fe65387d172f81/detection "
"url": "https://www.winosbite.com/verclsid-exe/\u00a0"
"url": "https://blog.malwarebytes.com/101/2016/01/the-windows-vaults/ "
To meet RFC3986 the square brackets should be percent-escaped as "%5B". Leading/trailing spaces should be removed, and it looks like the \u2013 and \u00a0 characters should also just be removed from the URL.