def _set_search_items_from_win_registry_key_object(patterns, prop):
u'''
extract and set search key/value items from Cybox binding WindowsRegistryKey Object
'''
if prop is None or type(prop) != WindowsRegistryKeyObjectType:
return
# translate cybox.bindings object to cybox.objects object
obj = WinRegistryKey.from_obj(prop)
# Win Registry Key
if obj.key is not None:
keyname = unicode(obj.key)
if keyname[0] == '[' and keyname[len(keyname) - 1] == ']':
for key in keyname[1:len(keyname) - 2].split(','):
if obj.hive is not None:
key = u"%s\\%s" % (obj.hive, key)
_add_search_item(patterns, u"RegistryKey", key)
else:
key = keyname
if obj.hive is not None:
key = u"%s\\%s" % (obj.hive, key)
_add_search_item(patterns, u"RegistryKey", key)
# Win Registry Value
if obj.values is not None:
for value in obj.values:
if value is not None:
if value.data is not None:
value_data = unicode(value.data)
if value_data[0] == '[' and value_data[len(value_data) -
1] == ']':
_add_search_item(
patterns, u"RegistryValue",
value_data[1:len(value_data) - 2].split(','))
else:
_add_search_item(patterns, u"RegistryValue",
value_data)
