Allow RegistryValueType to take any value (#956)

dissect/target/helpers/regutil.py

@@ -12,7 +12,7 @@
 from pathlib import Path
 from typing import BinaryIO, Iterator, Optional, TextIO, Union
 
-from dissect.regf import regf
+from dissect.regf import c_regf, regf
 
 from dissect.target.exceptions import (
     RegistryError,
@@ -31,16 +31,33 @@
 
 
 class RegistryValueType(IntEnum):
-    NONE = regf.REG_NONE
-    SZ = regf.REG_SZ
-    EXPAND_SZ = regf.REG_EXPAND_SZ
-    BINARY = regf.REG_BINARY
-    DWORD = regf.REG_DWORD
-    DWORD_BIG_ENDIAN = regf.REG_DWORD_BIG_ENDIAN
-    MULTI_SZ = regf.REG_MULTI_SZ
-    FULL_RESOURCE_DESCRIPTOR = regf.REG_FULL_RESOURCE_DESCRIPTOR
-    RESOURCE_REQUIREMENTS_LIST = regf.REG_RESOURCE_REQUIREMENTS_LIST
-    QWORD = regf.REG_QWORD
+    """Registry value types as defined in ``winnt.h``.
+
+    Resources:
+        - https://learn.microsoft.com/en-us/windows/win32/sysinfo/registry-value-types
+        - https://github.com/fox-it/dissect.regf/blob/main/dissect/regf/c_regf.py
+    """
+
+    NONE = c_regf.REG_NONE
+    SZ = c_regf.REG_SZ
+    EXPAND_SZ = c_regf.REG_EXPAND_SZ
+    BINARY = c_regf.REG_BINARY
+    DWORD = c_regf.REG_DWORD
+    DWORD_BIG_ENDIAN = c_regf.REG_DWORD_BIG_ENDIAN
+    LINK = c_regf.REG_LINK
+    MULTI_SZ = c_regf.REG_MULTI_SZ
+    RESOURCE_LIST = c_regf.REG_RESOURCE_LIST
+    FULL_RESOURCE_DESCRIPTOR = c_regf.REG_FULL_RESOURCE_DESCRIPTOR
+    RESOURCE_REQUIREMENTS_LIST = c_regf.REG_RESOURCE_REQUIREMENTS_LIST
+    QWORD = c_regf.REG_QWORD
+
+    @classmethod
+    def _missing_(cls, value: int) -> IntEnum:
+        # Allow values other than defined members
+        member = int.__new__(cls, value)
+        member._name_ = None
+        member._value_ = value
+        return member
 
 
 class RegistryHive:

tests/helpers/test_regutil.py

@@ -1,6 +1,7 @@
-from typing import Union
+from __future__ import annotations
 
 import pytest
+from dissect.regf import c_regf
 
 from dissect.target.helpers.regutil import (
     HiveCollection,
@@ -172,7 +173,7 @@ def key_collection(hivecollection: HiveCollection) -> KeyCollection:
         ("some\\other\\bla\\", "bla"),
     ],
 )
-def test_registry_key_get(hive: RegistryHive, key_path: str, key_name: Union[str, RegistryKeyNotFoundError]) -> None:
+def test_registry_key_get(hive: RegistryHive, key_path: str, key_name: str | RegistryKeyNotFoundError) -> None:
     key = hive.key("\\")
 
     if key_name is RegistryKeyNotFoundError:
@@ -194,7 +195,7 @@ def test_registry_key_get(hive: RegistryHive, key_path: str, key_name: Union[str
 def test_key_collection_get(
     key_collection: KeyCollection,
     key_path: str,
-    key_name: Union[str, RegistryKeyNotFoundError],
+    key_name: str | RegistryKeyNotFoundError,
 ) -> None:
     if key_name is RegistryKeyNotFoundError:
         with pytest.raises(key_name):
@@ -339,3 +340,28 @@ def test_glob_ext(key_collection: KeyCollection, pattern: str, key_paths: list[s
         collection_paths.append(key_collection.path)
 
     assert sorted(collection_paths) == sorted(key_paths)
+
+
+@pytest.mark.parametrize(
+    "input, expected_name, expected_value",
+    [
+        (c_regf.REG_NONE, "NONE", 0),
+        (c_regf.REG_SZ, "SZ", 1),
+        (c_regf.REG_EXPAND_SZ, "EXPAND_SZ", 2),
+        (c_regf.REG_BINARY, "BINARY", 3),
+        (c_regf.REG_DWORD, "DWORD", 4),
+        (c_regf.REG_DWORD_BIG_ENDIAN, "DWORD_BIG_ENDIAN", 5),
+        (c_regf.REG_LINK, "LINK", 6),
+        (c_regf.REG_MULTI_SZ, "MULTI_SZ", 7),
+        (c_regf.REG_RESOURCE_LIST, "RESOURCE_LIST", 8),
+        (c_regf.REG_FULL_RESOURCE_DESCRIPTOR, "FULL_RESOURCE_DESCRIPTOR", 9),
+        (c_regf.REG_RESOURCE_REQUIREMENTS_LIST, "RESOURCE_REQUIREMENTS_LIST", 10),
+        (c_regf.REG_QWORD, "QWORD", 11),
+        (1337, None, 1337),
+    ],
+)
+def test_registry_value_type_enum(input: int, expected_name: str | None, expected_value: int) -> None:
+    """test if registry value types are not parsed strictly within the Enum"""
+    regf_value = RegistryValueType(input)
+    assert regf_value == expected_value
+    assert regf_value.name == expected_name