File Coverage

blib/lib/STIX/Observable/UserAccount.pm

Criterion	Covered	Total	%
statement	35	35	100.0
branch			n/a
condition			n/a
subroutine	12	12	100.0
pod			n/a
total	47	47	100.0

line	stmt	sub	time	code
1				package STIX::Observable::UserAccount;
2
3	24	24	554	use 5.010001;
	24		123
4	24	24	153	use strict;
	24		54
	24		764
5	24	24	164	use warnings;
	24		51
	24		1429
6	24	24	178	use utf8;
	24		51
	24		200
7
8	24	24	1060	use STIX::Common::OpenVocabulary;
	24		64
	24		1159
9	24	24	135	use Types::Standard qw(Str Bool Enum InstanceOf);
	24		46
	24		245
10
11	24	24	56527	use Moo;
	24		69
	24		183
12	24	24	11405	use namespace::autoclean;
	24		81
	24		242
13
14				extends 'STIX::Observable';
15
16	24		3793	use constant SCHEMA =>
17	24	24	2774	'http://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/user-account.json';
	24		59
18
19	24		2036	use constant PROPERTIES => (
20				qw(type id),
21				qw(spec_version object_marking_refs granular_markings defanged extensions),
22				qw(user_id credential account_login account_type display_name is_service_account is_privileged can_escalate_privs is_disabled account_created account_expires credential_last_changed account_first_login account_last_login),
23	24	24	181	);
	24		58
24
25	24	24	205	use constant STIX_OBJECT => 'SCO';
	24		55
	24		1510
26	24	24	146	use constant STIX_OBJECT_TYPE => 'user-account';
	24		60
	24		14049
27
28				has user_id => (is => 'rw', isa => Str);
29				has credential => (is => 'rw', isa => Str);
30				has account_login => (is => 'rw', isa => Str);
31				has account_type => (is => 'rw', isa => Enum [STIX::Common::OpenVocabulary->ACCOUNT_TYPE()]);
32				has display_name => (is => 'rw', isa => Str);
33				has is_service_account => (is => 'rw', isa => Bool);
34				has is_privileged => (is => 'rw', isa => Bool);
35				has can_escalate_privs => (is => 'rw', isa => Bool);
36				has is_disabled => (is => 'rw', isa => Bool);
37
38				has account_created => (
39				is => 'rw',
40				isa => InstanceOf ['STIX::Common::Timestamp'],
41				coerce => sub { ref($_[0]) ? $_[0] : STIX::Common::Timestamp->new($_[0]) },
42				);
43
44				has account_expires => (
45				is => 'rw',
46				isa => InstanceOf ['STIX::Common::Timestamp'],
47				coerce => sub { ref($_[0]) ? $_[0] : STIX::Common::Timestamp->new($_[0]) },
48				);
49
50				has credential_last_changed => (
51				is => 'rw',
52				isa => InstanceOf ['STIX::Common::Timestamp'],
53				coerce => sub { ref($_[0]) ? $_[0] : STIX::Common::Timestamp->new($_[0]) },
54				);
55
56				has account_first_login => (
57				is => 'rw',
58				isa => InstanceOf ['STIX::Common::Timestamp'],
59				coerce => sub { ref($_[0]) ? $_[0] : STIX::Common::Timestamp->new($_[0]) },
60				);
61
62				has account_last_login => (
63				is => 'rw',
64				isa => InstanceOf ['STIX::Common::Timestamp'],
65				coerce => sub { ref($_[0]) ? $_[0] : STIX::Common::Timestamp->new($_[0]) },
66				);
67
68				1;
69
70				=encoding utf-8
71
72				=head1 NAME
73
74				STIX::Observable::UserAccount - STIX Cyber-observable Object (SCO) - User Account
75
76				=head1 SYNOPSIS
77
78				use STIX::Observable::UserAccount;
79
80				my $user_account = STIX::Observable::UserAccount->new();
81
82
83				=head1 DESCRIPTION
84
85				The User Account Object represents an instance of any type of user account,
86				including but not limited to operating system, device, messaging service,
87				and social media platform accounts.
88
89
90				=head2 METHODS
91
92				L inherits all methods from L
93				and implements the following new ones.
94
95				=over
96
97				=item STIX::Observable::UserAccount->new(%properties)
98
99				Create a new instance of L.
100
101				=item $user_account->account_created
102
103				Specifies when the account was created.
104
105				=item $user_account->account_expires
106
107				Specifies the expiration date of the account.
108
109				=item $user_account->account_first_login
110
111				Specifies when the account was first accessed.
112
113				=item $user_account->account_last_login
114
115				Specifies when the account was last accessed.
116
117				=item $user_account->account_login
118
119				Specifies the account login string, used in cases where the user_id
120				property specifies something other than what a user would type when they
121				login.
122
123				=item $user_account->account_type
124
125				Specifies the type of the account. This is an open vocabulary and values
126				SHOULD come from the account-type-ov vocabulary.
127
128				=item $user_account->can_escalate_privs
129
130				Specifies that the account has the ability to escalate privileges (i.e., in
131				the case of sudo on Unix or a Windows Domain Admin account).
132
133				=item $user_account->credential
134
135				Specifies a cleartext credential. This is only intended to be used in
136				capturing metadata from malware analysis (e.g., a hard-coded domain
137				administrator password that the malware attempts to use for lateral
138				movement) and SHOULD NOT be used for sharing of PII.
139
140				=item $user_account->credential_last_changed
141
142				Specifies when the account credential was last changed.
143
144				=item $user_account->display_name
145
146				Specifies the display name of the account, to be shown in user interfaces,
147				if applicable.
148
149				=item $user_account->extensions
150
151				The User Account Object defines the following extensions. In addition to
152				these, producers MAY create their own. Extensions: unix-account-ext.
153
154				=item $user_account->id
155
156				=item $user_account->is_disabled
157
158				Specifies if the account is disabled.
159
160				=item $user_account->is_privileged
161
162				Specifies that the account has elevated privileges (i.e., in the case of
163				root on Unix or the Windows Administrator account).
164
165				=item $user_account->is_service_account
166
167				Indicates that the account is associated with a network service or system
168				process (daemon), not a specific individual.
169
170				=item $user_account->type
171
172				The value of this property MUST be C.
173
174				=item $user_account->user_id
175
176				Specifies the identifier of the account.
177
178				=back
179
180
181				=head2 HELPERS
182
183				=over
184
185				=item $user_account->TO_JSON
186
187				Encode the object in JSON.
188
189				=item $user_account->to_hash
190
191				Return the object HASH.
192
193				=item $user_account->to_string
194
195				Encode the object in JSON.
196
197				=item $user_account->validate
198
199				Validate the object using JSON Schema
200				(see L).
201
202				=back
203
204
205				=head1 SUPPORT
206
207				=head2 Bugs / Feature Requests
208
209				Please report any bugs or feature requests through the issue tracker
210				at L.
211				You will be notified automatically of any progress on your issue.
212
213				=head2 Source Code
214
215				This is open source software. The code repository is available for
216				public review and contribution under the terms of the license.
217
218				L
219
220				git clone https://github.com/giterlizzi/perl-STIX.git
221
222
223				=head1 AUTHOR
224
225				=over 4
226
227				=item * Giuseppe Di Terlizzi
228
229				=back
230
231
232				=head1 LICENSE AND COPYRIGHT
233
234				This software is copyright (c) 2024 by Giuseppe Di Terlizzi.
235
236				This is free software; you can redistribute it and/or modify it under
237				the same terms as the Perl 5 programming language system itself.
238
239				=cut