✨ Add CPE to Windows packages (#3170)

* ✨ Add CPE to Windows packages Signed-off-by: Christian Zunker <[email protected]>
mondoohq · Feb 14, 2024 · c123c2c · c123c2c
1 parent f9a4c27
commit c123c2c
Show file tree

Hide file tree

Showing 3 changed files with 83 additions and 30 deletions.
diff --git a/providers/os/resources/packages/testdata/windows_2019.toml b/providers/os/resources/packages/testdata/windows_2019.toml
@@ -1,174 +1,202 @@
 # Packages
-[commands."powershell -c \"Get-AppxPackage -AllUsers | Select Name, PackageFullName, Architecture, Version  | ConvertTo-Json\""]
+[commands."powershell -c \"Get-AppxPackage -AllUsers | Select Name, PackageFullName, Architecture, Version, Publisher  | ConvertTo-Json\""]
 stdout="""
 [
     {
         "Name":  "1527c705-839a-4832-9118-54d4Bd6a0c89",
         "PackageFullName":  "1527c705-839a-4832-9118-54d4Bd6a0c89_10.0.17763.1_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "c5e2524a-ea46-4f67-841f-6a9465d9d515",
         "PackageFullName":  "c5e2524a-ea46-4f67-841f-6a9465d9d515_10.0.17763.1_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "E2A4F912-2574-4A75-9BB0-0D023378592B",
         "PackageFullName":  "E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.17763.1_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE",
         "PackageFullName":  "F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_10.0.17763.1_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "InputApp",
         "PackageFullName":  "InputApp_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "1000.17763.1.0"
+        "Version":  "1000.17763.1.0",
+        "Publisher":  "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.AAD.BrokerPlugin",
         "PackageFullName":  "Microsoft.AAD.BrokerPlugin_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "1000.17763.1.0"
+        "Version":  "1000.17763.1.0",
+        "Publisher":  "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.AccountsControl",
         "PackageFullName":  "Microsoft.AccountsControl_10.0.17763.1_neutral__cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.AsyncTextService",
         "PackageFullName":  "Microsoft.AsyncTextService_10.0.17763.1_neutral__8wekyb3d8bbwe",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.BioEnrollment",
         "PackageFullName":  "Microsoft.BioEnrollment_10.0.17763.1_neutral__cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.CredDialogHost",
         "PackageFullName":  "Microsoft.CredDialogHost_10.0.17763.1_neutral__cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.ECApp",
         "PackageFullName":  "Microsoft.ECApp_10.0.17763.1_neutral__8wekyb3d8bbwe",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.LockApp",
         "PackageFullName":  "Microsoft.LockApp_10.0.17763.1_neutral__cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.Win32WebViewHost",
         "PackageFullName":  "Microsoft.Win32WebViewHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.Windows.Apprep.ChxApp",
         "PackageFullName":  "Microsoft.Windows.Apprep.ChxApp_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "1000.17763.1.0"
+        "Version":  "1000.17763.1.0",
+        "Publisher":  "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.Windows.CapturePicker",
         "PackageFullName":  "Microsoft.Windows.CapturePicker_10.0.17763.1_neutral__cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.Windows.CloudExperienceHost",
         "PackageFullName":  "Microsoft.Windows.CloudExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.Windows.Cortana",
         "PackageFullName":  "Microsoft.Windows.Cortana_1.11.5.17763_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "1.11.5.17763"
+        "Version":  "1.11.5.17763",
+        "Publisher":  "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.Windows.NarratorQuickStart",
         "PackageFullName":  "Microsoft.Windows.NarratorQuickStart_10.0.17763.1_neutral_neutral_8wekyb3d8bbwe",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.Windows.OOBENetworkCaptivePortal",
         "PackageFullName":  "Microsoft.Windows.OOBENetworkCaptivePortal_10.0.17763.1_neutral__cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.Windows.OOBENetworkConnectionFlow",
         "PackageFullName":  "Microsoft.Windows.OOBENetworkConnectionFlow_10.0.17763.1_neutral__cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.Windows.PeopleExperienceHost",
         "PackageFullName":  "Microsoft.Windows.PeopleExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.Windows.PinningConfirmationDialog",
         "PackageFullName":  "Microsoft.Windows.PinningConfirmationDialog_1000.17763.1.0_neutral__cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "1000.17763.1.0"
+        "Version":  "1000.17763.1.0",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.Windows.SecHealthUI",
         "PackageFullName":  "Microsoft.Windows.SecHealthUI_10.0.17763.1_neutral__cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.Windows.ShellExperienceHost",
         "PackageFullName":  "Microsoft.Windows.ShellExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Microsoft.Windows.XGpuEjectDialog",
         "PackageFullName":  "Microsoft.Windows.XGpuEjectDialog_10.0.17763.1_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Windows.CBSPreview",
         "PackageFullName":  "Windows.CBSPreview_10.0.17763.1_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.17763.1"
+        "Version":  "10.0.17763.1",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "windows.immersivecontrolpanel",
         "PackageFullName":  "windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "10.0.2.1000"
+        "Version":  "10.0.2.1000",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     },
     {
         "Name":  "Windows.PrintDialog",
         "PackageFullName":  "Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy",
         "Architecture":  11,
-        "Version":  "6.2.1.0"
+        "Version":  "6.2.1.0",
+        "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     }
 ]
 """

diff --git a/providers/os/resources/packages/windows_packages.go b/providers/os/resources/packages/windows_packages.go
@@ -14,6 +14,7 @@ import (
 	"go.mondoo.com/cnquery/v10/providers-sdk/v1/inventory"
 	"go.mondoo.com/cnquery/v10/providers/os/connection/shared"
 	"go.mondoo.com/cnquery/v10/providers/os/detector/windows"
+	"go.mondoo.com/cnquery/v10/providers/os/resources/cpe"
 	"go.mondoo.com/cnquery/v10/providers/os/resources/powershell"
 )
 
@@ -82,14 +83,15 @@ const (
 
 var (
 	WINDOWS_QUERY_HOTFIXES      = `Get-HotFix | Select-Object -Property Status, Description, HotFixId, Caption, InstalledOn, InstalledBy | ConvertTo-Json`
-	WINDOWS_QUERY_APPX_PACKAGES = `Get-AppxPackage -AllUsers | Select Name, PackageFullName, Architecture, Version  | ConvertTo-Json`
+	WINDOWS_QUERY_APPX_PACKAGES = `Get-AppxPackage -AllUsers | Select Name, PackageFullName, Architecture, Version, Publisher  | ConvertTo-Json`
 )
 
 type powershellWinAppxPackages struct {
 	Name         string `json:"Name"`
 	FullName     string `json:"PackageFullName"`
 	Architecture int    `json:"Architecture"`
 	Version      string `json:"Version"`
+	Publisher    string `json:"Publisher"`
 }
 
 // Good read: https://www.wintips.org/view-installed-apps-and-packages-in-windows-10-8-1-8-from-powershell/
@@ -119,11 +121,22 @@ func ParseWindowsAppxPackages(input io.Reader) ([]Package, error) {
 			arch = "unknown"
 		}
 
+		cpeWfn := ""
+		if appxPackages[i].Name != "" && appxPackages[i].Version != "" {
+			cpeWfn, err = cpe.NewPackage2Cpe(appxPackages[i].Publisher, appxPackages[i].Name, appxPackages[i].Version, "", "")
+			if err != nil {
+				log.Debug().Err(err).Str("name", appxPackages[i].Name).Str("version", appxPackages[i].Version).Msg("could not create cpe for windows appx package")
+			}
+		} else {
+			log.Debug().Msg("ignored package since information is missing")
+		}
+
 		pkgs[i] = Package{
 			Name:    appxPackages[i].Name,
 			Version: appxPackages[i].Version,
 			Arch:    arch,
 			Format:  "windows/appx",
+			CPE:     cpeWfn,
 		}
 	}
 	return pkgs, nil
@@ -280,10 +293,20 @@ func ParseWindowsAppPackages(input io.Reader) ([]Package, error) {
 		if entry.UninstallString == "" {
 			continue
 		}
+		cpeWfn := ""
+		if entry.DisplayName != "" && entry.DisplayVersion != "" {
+			cpeWfn, err = cpe.NewPackage2Cpe(entry.Publisher, entry.DisplayName, entry.DisplayVersion, "", "")
+			if err != nil {
+				log.Debug().Err(err).Str("name", entry.DisplayName).Str("version", entry.DisplayVersion).Msg("could not create cpe for windows app package")
+			}
+		} else {
+			log.Debug().Msg("ignored package since information is missing")
+		}
 		pkgs = append(pkgs, Package{
 			Name:    entry.DisplayName,
 			Version: entry.DisplayVersion,
 			Format:  "windows/app",
+			CPE:     cpeWfn,
 		})
 	}
 

diff --git a/providers/os/resources/packages/windows_packages_test.go b/providers/os/resources/packages/windows_packages_test.go
@@ -29,6 +29,7 @@ func TestWindowsAppPackagesParser(t *testing.T) {
 		Version: "14.28.29913.0",
 		Arch:    "",
 		Format:  "windows/app",
+		CPE:     "cpe:2.3:a:microsoft corporation:microsoft_visual_c\\+\\+_2015-2019_redistributable_\\(x86\\)_-_14.28.29913:14.28.29913.0:*:*:*:*:*:*:*",
 	}
 	assert.Contains(t, m, p)
 
@@ -62,6 +63,7 @@ func TestWindowsAppxPackagesParser(t *testing.T) {
 		Version: "1.11.5.17763",
 		Arch:    "neutral",
 		Format:  "windows/appx",
+		CPE:     "cpe:2.3:a:cn=microsoft corporation, o=microsoft corporation, l=redmond, s=washington, c=us:microsoft.windows.cortana:1.11.5.17763:*:*:*:*:*:*:*",
 	}
 	assert.Contains(t, m, p)