File Coverage

blib/lib/STIX/Observable/Process.pm
Criterion Covered Total %
statement 38 38 100.0
branch n/a
condition n/a
subroutine 13 13 100.0
pod n/a
total 51 51 100.0


line stmt bran cond sub pod time code
1             package STIX::Observable::Process;
2              
3 24     24   579 use 5.010001;
  24         111  
4 24     24   154 use strict;
  24         56  
  24         668  
5 24     24   141 use warnings;
  24         50  
  24         1616  
6 24     24   154 use utf8;
  24         56  
  24         202  
7              
8 24     24   956 use STIX::Common::List;
  24         87  
  24         1154  
9 24     24   168 use Types::Standard qw(Str Bool HashRef Int InstanceOf);
  24         42  
  24         330  
10 24     24   92828 use Types::TypeTiny qw(ArrayLike);
  24         62  
  24         204  
11              
12 24     24   13874 use Moo;
  24         64  
  24         223  
13 24     24   28834 use namespace::autoclean;
  24         60  
  24         300  
14              
15             extends 'STIX::Observable';
16              
17 24         2849 use constant SCHEMA =>
18 24     24   2922 'http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/process.json';
  24         63  
19              
20 24         1751 use constant PROPERTIES => (
21             qw(type id),
22             qw(spec_version object_marking_refs granular_markings defanged extensions),
23             qw(is_hidden pid created_time cwd command_line environment_variables opened_connection_refs creator_user_ref image_ref parent_ref child_refs),
24 24     24   189 );
  24         81  
25              
26 24     24   153 use constant STIX_OBJECT => 'SCO';
  24         55  
  24         1291  
27 24     24   142 use constant STIX_OBJECT_TYPE => 'process';
  24         48  
  24         9566  
28              
29             has is_hidden => (is => 'rw', isa => Bool);
30             has pid => (is => 'rw', isa => Int);
31              
32             has created_time => (
33             is => 'rw',
34             isa => InstanceOf ['STIX::Common::Timestamp'],
35             coerce => sub { ref($_[0]) ? $_[0] : STIX::Common::Timestamp->new($_[0]) },
36             );
37              
38             has cwd => (is => 'rw', isa => Str);
39             has command_line => (is => 'rw', isa => Str);
40             has environment_variables => (is => 'rw', isa => HashRef);
41              
42             has opened_connection_refs => (
43             is => 'rw',
44             isa => ArrayLike [InstanceOf ['STIX::Observable::NetworkTraffic', 'STIX::Common::Identifier']],
45             default => sub { STIX::Common::List->new }
46             );
47              
48             has creator_user_ref => (is => 'rw', isa => InstanceOf ['STIX::Observable::UserAccount', 'STIX::Common::Identifier']);
49             has image_ref => (is => 'rw', isa => InstanceOf ['STIX::Observable::File', 'STIX::Common::Identifier']);
50             has parent_ref => (is => 'rw', isa => InstanceOf ['STIX::Observable::Process', 'STIX::Common::Identifier']);
51              
52             has child_refs => (
53             is => 'rw',
54             isa => ArrayLike [InstanceOf ['STIX::Observable::Process', 'STIX::Common::Identifier']],
55             default => sub { STIX::Common::List->new }
56             );
57              
58             1;
59              
60             =encoding utf-8
61              
62             =head1 NAME
63              
64             STIX::Observable::Process - STIX Cyber-observable Object (SCO) - Process
65              
66             =head1 SYNOPSIS
67              
68             use STIX::Observable::Process;
69              
70             my $process = STIX::Observable::Process->new();
71              
72              
73             =head1 DESCRIPTION
74              
75             The Process Object represents common properties of an instance of a
76             computer program as executed on an operating system.
77              
78              
79             =head2 METHODS
80              
81             L inherits all methods from L
82             and implements the following new ones.
83              
84             =over
85              
86             =item STIX::Observable::Process->new(%properties)
87              
88             Create a new instance of L.
89              
90             =item $process->child_refs
91              
92             Specifies the other processes that were spawned by (i.e. children of) this
93             process, as a reference to one or more other Process Objects.
94              
95             =item $process->command_line
96              
97             Specifies the full command line used in executing the process, including
98             the process name (which may be specified individually via the
99             binary_ref.name property) and any arguments.
100              
101             =item $process->created_time
102              
103             Specifies the date/time at which the process was created.
104              
105             =item $process->creator_user_ref
106              
107             Specifies the user that created the process, as a reference to a User
108             Account Object.
109              
110             =item $process->cwd
111              
112             Specifies the current working directory of the process.
113              
114             =item $process->environment_variables
115              
116             Specifies the list of environment variables associated with the process as
117             a dictionary.
118              
119             =item $process->extensions
120              
121             The Process Object defines the following extensions. In addition to these,
122             producers MAY create their own. Extensions: windows-process-ext,
123             windows-service-ext.
124              
125             =item $process->id
126              
127             =item $process->image_ref
128              
129             Specifies the executable binary that was executed as the process image, as
130             a reference to a File Object.
131              
132             =item $process->is_hidden
133              
134             Specifies whether the process is hidden.
135              
136             =item $process->opened_connection_refs
137              
138             Specifies the list of network connections opened by the process, as a
139             reference to one or more Network Traffic Objects.
140              
141             =item $process->parent_ref
142              
143             Specifies the other process that spawned (i.e. is the parent of) this one,
144             as represented by a Process Object.
145              
146             =item $process->pid
147              
148             Specifies the Process ID, or PID, of the process.
149              
150             =item $process->type
151              
152             The value of this property MUST be C.
153              
154             =back
155              
156              
157             =head2 HELPERS
158              
159             =over
160              
161             =item $process->TO_JSON
162              
163             Encode the object in JSON.
164              
165             =item $process->to_hash
166              
167             Return the object HASH.
168              
169             =item $process->to_string
170              
171             Encode the object in JSON.
172              
173             =item $process->validate
174              
175             Validate the object using JSON Schema
176             (see L).
177              
178             =back
179              
180              
181             =head1 SUPPORT
182              
183             =head2 Bugs / Feature Requests
184              
185             Please report any bugs or feature requests through the issue tracker
186             at L.
187             You will be notified automatically of any progress on your issue.
188              
189             =head2 Source Code
190              
191             This is open source software. The code repository is available for
192             public review and contribution under the terms of the license.
193              
194             L
195              
196             git clone https://github.com/giterlizzi/perl-STIX.git
197              
198              
199             =head1 AUTHOR
200              
201             =over 4
202              
203             =item * Giuseppe Di Terlizzi
204              
205             =back
206              
207              
208             =head1 LICENSE AND COPYRIGHT
209              
210             This software is copyright (c) 2024 by Giuseppe Di Terlizzi.
211              
212             This is free software; you can redistribute it and/or modify it under
213             the same terms as the Perl 5 programming language system itself.
214              
215             =cut