1# Copyright (c) 2017, The MITRE Corporation. All rights reserved.
2# See LICENSE.txt for complete terms.
3
4from mixbox import entities
5from mixbox import fields
6
7import cybox.bindings.win_registry_key_object as win_registry_key_binding
8
9from cybox.common import (ByteRuns, DateTime, ObjectProperties, String,
10        UnsignedInteger)
11from cybox.objects.win_handle_object import WinHandleList
12
13
14class RegistryValue(entities.Entity):
15    _binding = win_registry_key_binding
16    _binding_class = win_registry_key_binding.RegistryValueType
17    _namespace = "http://cybox.mitre.org/objects#WinRegistryKeyObject-2"
18
19    name = fields.TypedField("Name", String)
20    data = fields.TypedField("Data", String)
21    datatype = fields.TypedField("Datatype", String)
22    byte_runs = fields.TypedField("Byte_Runs", ByteRuns)
23
24
25class RegistryValues(entities.EntityList):
26    _binding = win_registry_key_binding
27    _binding_class = win_registry_key_binding.RegistryValuesType
28    _namespace = "http://cybox.mitre.org/objects#WinRegistryKeyObject-2"
29
30    value = fields.TypedField("Value", RegistryValue, multiple=True)
31
32
33class RegistrySubkeys(entities.EntityList):
34    _binding = win_registry_key_binding
35    _binding_class = win_registry_key_binding.RegistrySubkeysType
36    _namespace = "http://cybox.mitre.org/objects#WinRegistryKeyObject-2"
37
38    subkey = fields.TypedField("Subkey", type_="cybox.objects.win_registry_key_object.WinRegistryKey", multiple=True)
39
40
41class WinRegistryKey(ObjectProperties):
42    _binding = win_registry_key_binding
43    _binding_class = win_registry_key_binding.WindowsRegistryKeyObjectType
44    _namespace = "http://cybox.mitre.org/objects#WinRegistryKeyObject-2"
45    _XSI_NS = "WinRegistryKeyObj"
46    _XSI_TYPE = "WindowsRegistryKeyObjectType"
47
48    key = fields.TypedField("Key", String)
49    hive = fields.TypedField("Hive", String)
50    number_values = fields.TypedField("Number_Values", UnsignedInteger)
51    values = fields.TypedField("Values", RegistryValues)
52    modified_time = fields.TypedField("Modified_Time", DateTime)
53    creator_username = fields.TypedField("Creator_Username", String)
54    handle_list = fields.TypedField("Handle_List", WinHandleList)
55    number_subkeys = fields.TypedField("Number_Subkeys", UnsignedInteger)
56    subkeys = fields.TypedField("Subkeys", RegistrySubkeys)
57    byte_runs = fields.TypedField("Byte_Runs", ByteRuns)
58