dissect.database 1.2.dev7__tar.gz → 1.2.dev9__tar.gz

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: dissect.database
-Version: 1.2.dev7
+Version: 1.2.dev9
 Summary: A Dissect module implementing parsers for various database formats, including Berkeley DB, Microsofts Extensible Storage Engine (ESE) and SQLite3
 Author-email: Dissect Team <dissect@fox-it.com>
 License-Expression: Apache-2.0

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/database.py

@@ -11,7 +11,7 @@ from dissect.database.ese.ntds.pek import PEK
 from dissect.database.ese.ntds.query import Query
 from dissect.database.ese.ntds.schema import Schema
 from dissect.database.ese.ntds.sd import SecurityDescriptor
-from dissect.database.ese.ntds.util import DN, DatabaseFlags, SearchFlags, encode_value
+from dissect.database.ese.ntds.util import DN, DatabaseFlag, SearchFlag, encode_value
 
 if TYPE_CHECKING:
     from collections.abc import Iterator
@@ -44,14 +44,14 @@ class Database:
         self.data._make_dn.cache_clear()
 
     @cached_property
-    def flags(self) -> DatabaseFlags | None:
+    def flags(self) -> DatabaseFlag | None:
         """Return the database flags."""
         if self.hiddeninfo is None:
             return None
 
-        result = DatabaseFlags(0)
+        result = DatabaseFlag(0)
         flags = self.hiddeninfo.get("flags_col")
-        for idx, member in enumerate(DatabaseFlags.__members__.values()):
+        for idx, member in enumerate(DatabaseFlag.__members__.values()):
             if flags[idx] == ord(b"1"):
                 result = member if result is None else result | member
 
@@ -256,9 +256,9 @@ class DataTable:
         if schema.search_flags is None:
             raise ValueError(f"Attribute is not indexed: {attribute!r}")
 
-        if SearchFlags.Indexed in schema.search_flags:
+        if SearchFlag.Indexed in schema.search_flags:
             name = f"INDEX_{schema.id:08x}"
-        elif SearchFlags.TupleIndexed in schema.search_flags:
+        elif SearchFlag.TupleIndexed in schema.search_flags:
             name = f"INDEX_T_{schema.id:08x}"
         else:
             # TODO add ContainerIndexed

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/ntds.py

@@ -20,6 +20,7 @@ if TYPE_CHECKING:
         TrustedDomain,
         User,
     )
+    from dissect.database.ese.ntds.objects.organizationalunit import OrganizationalUnit
     from dissect.database.ese.ntds.pek import PEK
 
 
@@ -83,11 +84,11 @@ class NTDS:
 
     def groups(self) -> Iterator[Group]:
         """Get all group objects from the database."""
-        yield from self.search(objectCategory="group")
+        yield from self.search(objectClass="group")
 
     def servers(self) -> Iterator[Server]:
         """Get all server objects from the database."""
-        yield from self.search(objectCategory="server")
+        yield from self.search(objectClass="server")
 
     def users(self) -> Iterator[User]:
         """Get all user objects from the database."""
@@ -95,7 +96,11 @@ class NTDS:
 
     def computers(self) -> Iterator[Computer]:
         """Get all computer objects from the database."""
-        yield from self.search(objectCategory="computer")
+        yield from self.search(objectClass="computer")
+
+    def domains(self) -> Iterator[DomainDNS]:
+        """Get all domain objects from the database."""
+        yield from self.search(objectClass="domainDNS")
 
     def trusts(self) -> Iterator[TrustedDomain]:
         """Get all trust objects from the database."""
@@ -105,6 +110,10 @@ class NTDS:
         """Get all group policy objects (GPO) objects from the database."""
         yield from self.search(objectClass="groupPolicyContainer")
 
+    def organizational_units(self) -> Iterator[OrganizationalUnit]:
+        """Get all organizational unit (OU) objects from the database."""
+        yield from self.search(objectClass="organizationalUnit")
+
     def secrets(self) -> Iterator[Secret]:
         """Get all secret objects from the database."""
         yield from self.search(objectClass="secret")

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/objects/__init__.py

@@ -68,6 +68,7 @@ from dissect.database.ese.ntds.objects.msds_resourceproperty import MSDSResource
 from dissect.database.ese.ntds.objects.msds_resourcepropertylist import MSDSResourcePropertyList
 from dissect.database.ese.ntds.objects.msds_shadowprincipalcontainer import MSDSShadowPrincipalContainer
 from dissect.database.ese.ntds.objects.msds_valuetype import MSDSValueType
+from dissect.database.ese.ntds.objects.msfve_recoveryinformation import MSFVERecoveryInformation
 from dissect.database.ese.ntds.objects.msimaging_psps import MSImagingPSPs
 from dissect.database.ese.ntds.objects.mskds_provserverconfiguration import MSKDSProvServerConfiguration
 from dissect.database.ese.ntds.objects.msmqenterprisesettings import MSMQEnterpriseSettings
@@ -174,6 +175,7 @@ __all__ = [
     "MSDSResourcePropertyList",
     "MSDSShadowPrincipalContainer",
     "MSDSValueType",
+    "MSFVERecoveryInformation",
     "MSImagingPSPs",
     "MSKDSProvServerConfiguration",
     "MSMQEnterpriseSettings",

dissect_database-1.2.dev9/dissect/database/ese/ntds/objects/attributeschema.py

@@ -0,0 +1,28 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING, ClassVar
+
+from dissect.database.ese.ntds.objects.top import Top
+from dissect.database.ese.ntds.util import SearchFlag, SystemFlagAttribute
+
+if TYPE_CHECKING:
+    from dissect.database.ese.ntds.objects.object import DecoderMap
+
+
+class AttributeSchema(Top):
+    """Represents an attribute schema object in the Active Directory.
+
+    References:
+        - https://learn.microsoft.com/en-us/windows/win32/adschema/c-attributeschema
+    """
+
+    __object_class__ = "attributeSchema"
+    __decoders__: ClassVar[DecoderMap] = {
+        "searchFlags": lambda db, value: SearchFlag(value),
+        "systemFlags": lambda db, value: SystemFlagAttribute(value),
+    }
+
+    @property
+    def search_flags(self) -> SearchFlag | None:
+        """Return the searchFlags of this attribute schema."""
+        return self.get("searchFlags")

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/objects/certificationauthority.py

@@ -11,3 +11,8 @@ class CertificationAuthority(Top):
     """
 
     __object_class__ = "certificationAuthority"
+
+    @property
+    def dns_host_name(self) -> str | None:
+        """Return the dNSHostName of this Certification Authority."""
+        return self.get("dNSHostName")

dissect_database-1.2.dev9/dissect/database/ese/ntds/objects/computer.py

@@ -0,0 +1,51 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+from dissect.database.ese.ntds.objects.msfve_recoveryinformation import MSFVERecoveryInformation
+from dissect.database.ese.ntds.objects.user import User
+
+if TYPE_CHECKING:
+    from collections.abc import Iterator
+
+    from dissect.database.ese.ntds.objects import Object
+
+
+class Computer(User):
+    """Represents a computer object in the Active Directory.
+
+    References:
+        - https://learn.microsoft.com/en-us/windows/win32/adschema/c-computer
+    """
+
+    __object_class__ = "computer"
+
+    def __repr_body__(self) -> str:
+        return f"name={self.name!r}"
+
+    @property
+    def dns_host_name(self) -> str | None:
+        """Return the dNSHostName of this computer."""
+        return self.get("dNSHostName")
+
+    @property
+    def operating_system(self) -> str | None:
+        """Return the operatingSystem of this computer."""
+        return self.get("operatingSystem")
+
+    @property
+    def operating_system_version(self) -> str | None:
+        """Return the operatingSystemVersion of this computer."""
+        return self.get("operatingSystemVersion")
+
+    def fve_recovery_information(self) -> Iterator[MSFVERecoveryInformation]:
+        """Return the BitLocker recovery information objects associated with this computer."""
+        for child in self.children():
+            if isinstance(child, MSFVERecoveryInformation):
+                yield child
+
+    def managed_by(self) -> Iterator[Object]:
+        """Return the objects that manage this computer."""
+        self._assert_local()
+
+        yield from self.db.link.links(self.dnt, "managedBy")

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/objects/configuration.py

@@ -11,3 +11,8 @@ class Configuration(Top):
     """
 
     __object_class__ = "configuration"
+
+    @property
+    def gp_link(self) -> str | None:
+        """Return the group policy link of the configuration."""
+        return self.get("gPLink")

dissect_database-1.2.dev9/dissect/database/ese/ntds/objects/crossref.py

@@ -0,0 +1,27 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING, ClassVar
+
+from dissect.database.ese.ntds.objects.top import Top
+from dissect.database.ese.ntds.util import SystemFlagCrossRef
+
+if TYPE_CHECKING:
+    from dissect.database.ese.ntds.objects.object import DecoderMap
+
+
+class CrossRef(Top):
+    """Represents a cross-reference object in the Active Directory.
+
+    References:
+        - https://learn.microsoft.com/en-us/windows/win32/adschema/c-crossref
+    """
+
+    __object_class__ = "crossRef"
+    __decoders__: ClassVar[DecoderMap] = {
+        "systemFlags": lambda db, value: SystemFlagCrossRef(value),
+    }
+
+    @property
+    def behavior_version(self) -> int | None:
+        """Return the msDS-Behavior-Version of this cross-reference."""
+        return self.get("msDS-Behavior-Version")

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/objects/crossrefcontainer.py

@@ -11,3 +11,8 @@ class CrossRefContainer(Top):
     """
 
     __object_class__ = "crossRefContainer"
+
+    @property
+    def behavior_version(self) -> int | None:
+        """Return the msDS-Behavior-Version of this cross-reference container."""
+        return self.get("msDS-Behavior-Version")

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/objects/domaindns.py

@@ -19,3 +19,8 @@ class DomainDNS(Domain):
         if (pek := self.get("pekList")) is not None:
             return PEK(pek)
         return None
+
+    @property
+    def behavior_version(self) -> int | None:
+        """Return the msDS-Behavior-Version of this domain DNS object."""
+        return self.get("msDS-Behavior-Version")

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/objects/group.py

@@ -24,6 +24,16 @@ class Group(Top):
         """Return the group's sAMAccountName."""
         return self.get("sAMAccountName")
 
+    @property
+    def mail(self) -> str | None:
+        """Return the mail address of this group."""
+        return self.get("mail")
+
+    @property
+    def admin_count(self) -> int | None:
+        """Return the group's adminCount."""
+        return self.get("adminCount")
+
     def managed_by(self) -> Iterator[Object]:
         """Return the objects that manage this group."""
         self._assert_local()

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/objects/grouppolicycontainer.py

@@ -11,3 +11,8 @@ class GroupPolicyContainer(Container):
     """
 
     __object_class__ = "groupPolicyContainer"
+
+    @property
+    def file_path(self) -> str | None:
+        """Return the gPCFileSysPath of this group policy container."""
+        return self.get("gPCFileSysPath")

dissect_database-1.2.dev9/dissect/database/ese/ntds/objects/msfve_recoveryinformation.py

@@ -0,0 +1,45 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+from uuid import UUID
+
+from dissect.database.ese.ntds.objects.top import Top
+
+if TYPE_CHECKING:
+    from dissect.database.ese.ntds.objects import Computer
+
+
+class MSFVERecoveryInformation(Top):
+    """Represents a msFVE-RecoveryInformation object in the Active Directory.
+
+    References:
+        - https://learn.microsoft.com/en-us/windows/win32/adschema/c-msfve-recoveryinformation
+    """
+
+    __object_class__ = "msFVE-RecoveryInformation"
+
+    @property
+    def volume_guid(self) -> UUID:
+        """Return the volume GUID associated with this recovery information."""
+        return UUID(bytes_le=self.get("msFVE-VolumeGuid"))
+
+    @property
+    def recovery_guid(self) -> UUID:
+        """Return the recovery GUID associated with this recovery information."""
+        return UUID(bytes_le=self.get("msFVE-RecoveryGuid"))
+
+    @property
+    def recovery_password(self) -> str | None:
+        """Return the recovery password associated with this recovery information."""
+        return self.get("msFVE-RecoveryPassword")
+
+    @property
+    def key_package(self) -> bytes | None:
+        """Return the key package associated with this recovery information, if any."""
+        return self.get("msFVE-KeyPackage")
+
+    def computer(self) -> Computer:
+        """Return the computer object associated with this recovery information."""
+        if (parent := self.parent()) is None:
+            raise ValueError("msFVE-RecoveryInformation object has no parent computer")
+        return parent

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/objects/ntdsdsa.py

@@ -19,6 +19,11 @@ class NTDSDSA(ApplicationSettings):
 
     __object_class__ = "nTDSDSA"
 
+    @property
+    def behavior_version(self) -> int | None:
+        """Return the msDS-Behavior-Version of this NTDS DSA object."""
+        return self.get("msDS-Behavior-Version")
+
     def domain(self) -> DomainDNS | None:
         """Return the domain object associated with this NTDS DSA object, if any."""
         self._assert_local()

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/objects/object.py

@@ -1,19 +1,23 @@
 from __future__ import annotations
 
+import struct
 from functools import cached_property
-from typing import TYPE_CHECKING, Any, ClassVar
+from typing import TYPE_CHECKING, Any, ClassVar, TypeAlias
+from uuid import UUID
 
-from dissect.database.ese.ntds.util import InstanceType, decode_value
+from dissect.database.ese.ntds.util import InstanceType, SystemFlag, decode_value
 
 if TYPE_CHECKING:
-    from collections.abc import Iterator
+    from collections.abc import Callable, Iterator
     from datetime import datetime
 
     from dissect.database.ese.ntds.database import Database
     from dissect.database.ese.ntds.sd import SecurityDescriptor
-    from dissect.database.ese.ntds.util import DN, SystemFlags
+    from dissect.database.ese.ntds.util import DN
     from dissect.database.ese.record import Record
 
+    DecoderMap: TypeAlias = dict[str, Callable[[Database, Any], Any]]
+
 
 class Object:
     """Base class for all objects in the NTDS database.
@@ -29,7 +33,19 @@ class Object:
         - https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adsc/041c6068-c710-4c74-968f-3040e4208701
     """
 
+    # Subclasses must override this to specify their object class
     __object_class__: str
+    """The objectClass value for this object."""
+
+    # Decoders for specific attributes to this object
+    __decoders__: ClassVar[DecoderMap] = {
+        "Ancestors": lambda db, value: [v[0] for v in struct.iter_unpack("<I", value)],
+        "instanceType": lambda db, value: InstanceType(value),
+        "systemFlags": lambda db, value: SystemFlag(value),
+        "objectGUID": lambda db, value: UUID(bytes_le=value),
+    }
+
+    # All known object classes
     __known_classes__: ClassVar[dict[str, type[Object]]] = {}
 
     def __init__(self, db: Database, record: Record):
@@ -39,6 +55,12 @@ class Object:
     def __init_subclass__(cls):
         cls.__known_classes__[cls.__object_class__] = cls
 
+        # Merge parent decoders with any new ones defined on the new class
+        decoders = {}
+        for parent in reversed(cls.__mro__[1:]):
+            decoders |= getattr(parent, "__decoders__", {})
+        cls.__decoders__ = decoders | cls.__decoders__
+
     def __repr__(self) -> str:
         suffix = self.__repr_suffix__()
         return f"<{self.__class__.__name__} {self.__repr_body__()}{' ' + suffix if suffix else ''}>"
@@ -57,6 +79,11 @@ class Object:
     def __getattr__(self, name: str) -> Any:
         return self.get(name)
 
+    def __eq__(self, other: object) -> bool:
+        if not isinstance(other, Object):
+            return NotImplemented
+        return self.record == other.record
+
     @classmethod
     def from_record(cls, db: Database, record: Record) -> Object:
         """Create an Object instance from a database record.
@@ -84,7 +111,13 @@ class Object:
             name: The attribute name to retrieve.
             raw: Whether to return the raw value without decoding.
         """
-        return _get_attribute(self.db, self.record, name, raw=raw)
+        value = _get_attribute(self.db, self.record, name, raw=raw)
+
+        # Allow custom decoders to override the default decoding logic for specific attributes
+        # This is convenient for things like enums or timestamps that we want to represent as more meaningful types
+        if value is not None and name in self.__decoders__:
+            value = self.__decoders__[name](self.db, value)
+        return value
 
     def as_dict(self) -> dict[str, Any]:
         """Return the object's attributes as a dictionary."""
@@ -92,7 +125,7 @@ class Object:
         for key in self.record.as_dict():
             if (schema := self.db.data.schema.lookup_attribute(column=key)) is not None:
                 key = schema.name
-                result[key] = _get_attribute(self.db, self.record, key)
+                result[key] = self.get(key)
         return result
 
     def parent(self) -> Object | None:
@@ -216,7 +249,7 @@ class Object:
         return self.get("instanceType")
 
     @property
-    def system_flags(self) -> SystemFlags | None:
+    def system_flags(self) -> SystemFlag | None:
         """Return the object's system flags."""
         return self.get("systemFlags")
 
@@ -235,9 +268,7 @@ class Object:
     @cached_property
     def sd(self) -> SecurityDescriptor | None:
         """Return the Security Descriptor for this object."""
-        if (sd_id := self.get("nTSecurityDescriptor")) is not None:
-            return self.db.sd.sd(sd_id)
-        return None
+        return self.get("nTSecurityDescriptor")
 
     @cached_property
     def well_known_objects(self) -> list[Object]:

dissect_database-1.2.dev9/dissect/database/ese/ntds/objects/organizationalperson.py

@@ -0,0 +1,33 @@
+from __future__ import annotations
+
+from dissect.database.ese.ntds.objects.person import Person
+
+
+class OrganizationalPerson(Person):
+    """Represents an organizational person object in the Active Directory.
+
+    References:
+        - https://learn.microsoft.com/en-us/windows/win32/adschema/c-organizationalperson
+    """
+
+    __object_class__ = "organizationalPerson"
+
+    @property
+    def city(self) -> str | None:
+        """Return the city (l) of this organizational person."""
+        return self.get("l")  # "l" (localityName) represents the city/locality.
+
+    @property
+    def mail(self) -> str | None:
+        """Return the mail address of this organizational person."""
+        return self.get("mail")
+
+    @property
+    def title(self) -> str | None:
+        """Return the title of this organizational person."""
+        return self.get("title")
+
+    @property
+    def allowed_to_act_on_behalf_of_other_identity(self) -> str | None:
+        """Return the msDS-AllowedToActOnBehalfOfOtherIdentity attribute of this organizational person."""
+        return self.get("msDS-AllowedToActOnBehalfOfOtherIdentity")

dissect_database-1.2.dev9/dissect/database/ese/ntds/objects/organizationalunit.py

@@ -0,0 +1,51 @@
+from __future__ import annotations
+
+from typing import TYPE_CHECKING, ClassVar
+
+from dissect.database.ese.ntds.objects.top import Top
+from dissect.database.ese.ntds.util import GroupPolicyOption
+
+if TYPE_CHECKING:
+    from collections.abc import Iterator
+
+    from dissect.database.ese.ntds.objects import Object
+    from dissect.database.ese.ntds.objects.object import DecoderMap
+
+
+class OrganizationalUnit(Top):
+    """Represents an organizational unit object in the Active Directory.
+
+    References:
+        - https://learn.microsoft.com/en-us/windows/win32/adschema/c-organizationalunit
+    """
+
+    __object_class__ = "organizationalUnit"
+    __decoders__: ClassVar[DecoderMap] = {
+        "gPOptions": lambda db, value: GroupPolicyOption(value),
+    }
+
+    @property
+    def gp_link(self) -> str | None:
+        """Return the group policy link of the organizational unit."""
+        return self.get("gPLink")
+
+    @property
+    def gp_options(self) -> int | None:
+        """Return the group policy options of the organizational unit."""
+        return self.get("gPOptions")
+
+    @property
+    def telephone_number(self) -> str | None:
+        """Return the telephone number of this organizational unit."""
+        return self.get("telephoneNumber")
+
+    @property
+    def user_password(self) -> str | None:
+        """Return the userPassword of this organizational unit."""
+        return self.get("userPassword")
+
+    def managed_by(self) -> Iterator[Object]:
+        """Return the objects that manage this organizational unit."""
+        self._assert_local()
+
+        yield from self.db.link.links(self.dnt, "managedBy")

dissect_database-1.2.dev9/dissect/database/ese/ntds/objects/person.py

@@ -0,0 +1,23 @@
+from __future__ import annotations
+
+from dissect.database.ese.ntds.objects.top import Top
+
+
+class Person(Top):
+    """Represents a person object in the Active Directory.
+
+    References:
+        - https://learn.microsoft.com/en-us/windows/win32/adschema/c-person
+    """
+
+    __object_class__ = "person"
+
+    @property
+    def telephone_number(self) -> str | None:
+        """Return the telephone number of this person."""
+        return self.get("telephoneNumber")
+
+    @property
+    def user_password(self) -> str | None:
+        """Return the userPassword attribute of this person."""
+        return self.get("userPassword")

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/objects/pkienrollmentservice.py

@@ -11,3 +11,8 @@ class PKIEnrollmentService(Top):
     """
 
     __object_class__ = "pKIEnrollmentService"
+
+    @property
+    def dns_host_name(self) -> str | None:
+        """Return the dNSHostName of this PKI Enrollment Service."""
+        return self.get("dNSHostName")

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/objects/server.py

@@ -19,6 +19,11 @@ class Server(Top):
 
     __object_class__ = "server"
 
+    @property
+    def dns_host_name(self) -> str | None:
+        """Return the dNSHostName of this server."""
+        return self.get("dNSHostName")
+
     def computer(self) -> Computer | None:
         """Return the computer object associated with this server, if any."""
         self._assert_local()

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/objects/site.py

@@ -1,13 +1,15 @@
 from __future__ import annotations
 
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, ClassVar
 
 from dissect.database.ese.ntds.objects.top import Top
+from dissect.database.ese.ntds.util import GroupPolicyOption
 
 if TYPE_CHECKING:
     from collections.abc import Iterator
 
     from dissect.database.ese.ntds.objects import Object
+    from dissect.database.ese.ntds.objects.object import DecoderMap
 
 
 class Site(Top):
@@ -18,6 +20,19 @@ class Site(Top):
     """
 
     __object_class__ = "site"
+    __decoders__: ClassVar[DecoderMap] = {
+        "gPOptions": lambda db, value: GroupPolicyOption(value),
+    }
+
+    @property
+    def gp_link(self) -> str:
+        """Return the group policy link of the site."""
+        return self.get("gPLink")
+
+    @property
+    def gp_options(self) -> int:
+        """Return the group policy options of the site."""
+        return self.get("gPOptions", 0)
 
     def managed_by(self) -> Iterator[Object]:
         """Return the objects that manage this site."""

{dissect_database-1.2.dev7 → dissect_database-1.2.dev9}/dissect/database/ese/ntds/objects/top.py

@@ -19,3 +19,8 @@ class Top(Object):
     def display_name(self) -> str | None:
         """Return the displayName for this object."""
         return self.get("displayName")
+
+    @property
+    def description(self) -> str | None:
+        """Return the description for this object."""
+        return self.get("description")