File Coverage

blib/lib/STIX/Observable/Extension/WindowsProcess.pm
Criterion Covered Total %
statement 29 29 100.0
branch n/a
condition n/a
subroutine 10 10 100.0
pod n/a
total 39 39 100.0


line stmt bran cond sub pod time code
1             package STIX::Observable::Extension::WindowsProcess;
2              
3 24     24   567 use 5.010001;
  24         114  
4 24     24   2648 use strict;
  24         1213  
  24         2255  
5 24     24   185 use warnings;
  24         613  
  24         1580  
6 24     24   174 use utf8;
  24         51  
  24         240  
7              
8 24     24   824 use STIX::Common::Enum;
  24         54  
  24         913  
9 24     24   133 use Types::Standard qw(Str Bool Enum HashRef);
  24         46  
  24         219  
10              
11 24     24   94058 use Moo;
  24         62  
  24         235  
12 24     24   12056 use namespace::autoclean;
  24         82  
  24         288  
13              
14             extends 'STIX::Object';
15              
16 24         2397 use constant PROPERTIES => (qw[
17             aslr_enabled
18             dep_enabled
19             priority
20             owner_sid
21             window_title
22             startup_info
23             integrity_level
24 24     24   3002 ]);
  24         63  
25              
26 24     24   168 use constant EXTENSION_TYPE => 'windows-process-ext';
  24         57  
  24         6009  
27              
28             has aslr_enabled => (is => 'rw', isa => Bool);
29             has dep_enabled => (is => 'rw', isa => Bool);
30             has priority => (is => 'rw', isa => Str);
31             has owner_sid => (is => 'rw', isa => Str);
32             has window_title => (is => 'rw', isa => Str);
33             has startup_info => (is => 'rw', isa => HashRef);
34             has integrity_level => (is => 'rw', isa => Enum [STIX::Common::Enum->WINDOWS_INTEGRITY_LEVEL()]);
35              
36             1;
37              
38             =encoding utf-8
39              
40             =head1 NAME
41              
42             STIX::Observable::Extension::WindowsProcess - STIX Cyber-observable Object (SCO) - Windows Process Extension
43              
44             =head1 SYNOPSIS
45              
46             use STIX::Observable::Extension::WindowsProcess;
47              
48             my $windows_process_ext = STIX::Observable::Extension::WindowsProcess->new();
49              
50              
51             =head1 DESCRIPTION
52              
53             The Windows Process extension specifies a default extension for capturing
54             properties specific to Windows processes.
55              
56              
57             =head2 METHODS
58              
59             L inherits all methods from L
60             and implements the following new ones.
61              
62             =over
63              
64             =item STIX::Observable::Extension::WindowsProcess->new(%properties)
65              
66             Create a new instance of L.
67              
68             =item $windows_process_ext->aslr_enabled
69              
70             Specifies whether Address Space Layout Randomization (ASLR) is enabled for the process.
71              
72             =item $windows_process_ext->dep_enabled
73              
74             Specifies whether Data Execution Prevention (DEP) is enabled for the process.
75              
76             =item $windows_process_ext->priority
77              
78             Specifies the current priority class of the process in Windows.
79              
80             =item $windows_process_ext->owner_sid
81              
82             Specifies the Security ID (SID) value of the owner of the process.
83              
84             =item $windows_process_ext->window_title
85              
86             Specifies the title of the main window of the process.
87              
88             =item $windows_process_ext->startup_info
89              
90             Specifies the STARTUP_INFO struct used by the process, as a dictionary.
91              
92             =item $windows_process_ext->integrity_level
93              
94             Specifies the Windows integrity level, or trustworthiness, of the process
95             (see C in L).
96              
97             =back
98              
99              
100             =head2 HELPERS
101              
102             =over
103              
104             =item $windows_process_ext->TO_JSON
105              
106             Helper for JSON encoders.
107              
108             =item $windows_process_ext->to_hash
109              
110             Return the object HASH.
111              
112             =item $windows_process_ext->to_string
113              
114             Encode the object in JSON.
115              
116             =item $windows_process_ext->validate
117              
118             Validate the object using JSON Schema (see L).
119              
120             =back
121              
122              
123             =head1 SUPPORT
124              
125             =head2 Bugs / Feature Requests
126              
127             Please report any bugs or feature requests through the issue tracker
128             at L.
129             You will be notified automatically of any progress on your issue.
130              
131             =head2 Source Code
132              
133             This is open source software. The code repository is available for
134             public review and contribution under the terms of the license.
135              
136             L
137              
138             git clone https://github.com/giterlizzi/perl-STIX.git
139              
140              
141             =head1 AUTHOR
142              
143             =over 4
144              
145             =item * Giuseppe Di Terlizzi
146              
147             =back
148              
149              
150             =head1 LICENSE AND COPYRIGHT
151              
152             This software is copyright (c) 2024 by Giuseppe Di Terlizzi.
153              
154             This is free software; you can redistribute it and/or modify it under
155             the same terms as the Perl 5 programming language system itself.
156              
157             =cut