diff --git a/providers/os/resources/packages/testdata/windows_2019.toml b/providers/os/resources/packages/testdata/windows_2019.toml index 2bbf3317df..71b427b959 100644 --- a/providers/os/resources/packages/testdata/windows_2019.toml +++ b/providers/os/resources/packages/testdata/windows_2019.toml @@ -1,174 +1,202 @@ # Packages -[commands."powershell -c \"Get-AppxPackage -AllUsers | Select Name, PackageFullName, Architecture, Version | ConvertTo-Json\""] +[commands."powershell -c \"Get-AppxPackage -AllUsers | Select Name, PackageFullName, Architecture, Version, Publisher | ConvertTo-Json\""] stdout=""" [ { "Name": "1527c705-839a-4832-9118-54d4Bd6a0c89", "PackageFullName": "1527c705-839a-4832-9118-54d4Bd6a0c89_10.0.17763.1_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "c5e2524a-ea46-4f67-841f-6a9465d9d515", "PackageFullName": "c5e2524a-ea46-4f67-841f-6a9465d9d515_10.0.17763.1_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "E2A4F912-2574-4A75-9BB0-0D023378592B", "PackageFullName": "E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.17763.1_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE", "PackageFullName": "F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE_10.0.17763.1_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "InputApp", "PackageFullName": "InputApp_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "1000.17763.1.0" + "Version": "1000.17763.1.0", + "Publisher": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.AAD.BrokerPlugin", "PackageFullName": "Microsoft.AAD.BrokerPlugin_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "1000.17763.1.0" + "Version": "1000.17763.1.0", + "Publisher": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.AccountsControl", "PackageFullName": "Microsoft.AccountsControl_10.0.17763.1_neutral__cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.AsyncTextService", "PackageFullName": "Microsoft.AsyncTextService_10.0.17763.1_neutral__8wekyb3d8bbwe", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.BioEnrollment", "PackageFullName": "Microsoft.BioEnrollment_10.0.17763.1_neutral__cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.CredDialogHost", "PackageFullName": "Microsoft.CredDialogHost_10.0.17763.1_neutral__cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.ECApp", "PackageFullName": "Microsoft.ECApp_10.0.17763.1_neutral__8wekyb3d8bbwe", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.LockApp", "PackageFullName": "Microsoft.LockApp_10.0.17763.1_neutral__cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.Win32WebViewHost", "PackageFullName": "Microsoft.Win32WebViewHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.Windows.Apprep.ChxApp", "PackageFullName": "Microsoft.Windows.Apprep.ChxApp_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "1000.17763.1.0" + "Version": "1000.17763.1.0", + "Publisher": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.Windows.CapturePicker", "PackageFullName": "Microsoft.Windows.CapturePicker_10.0.17763.1_neutral__cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.Windows.CloudExperienceHost", "PackageFullName": "Microsoft.Windows.CloudExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.Windows.Cortana", "PackageFullName": "Microsoft.Windows.Cortana_1.11.5.17763_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "1.11.5.17763" + "Version": "1.11.5.17763", + "Publisher": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.Windows.NarratorQuickStart", "PackageFullName": "Microsoft.Windows.NarratorQuickStart_10.0.17763.1_neutral_neutral_8wekyb3d8bbwe", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.Windows.OOBENetworkCaptivePortal", "PackageFullName": "Microsoft.Windows.OOBENetworkCaptivePortal_10.0.17763.1_neutral__cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.Windows.OOBENetworkConnectionFlow", "PackageFullName": "Microsoft.Windows.OOBENetworkConnectionFlow_10.0.17763.1_neutral__cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.Windows.PeopleExperienceHost", "PackageFullName": "Microsoft.Windows.PeopleExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.Windows.PinningConfirmationDialog", "PackageFullName": "Microsoft.Windows.PinningConfirmationDialog_1000.17763.1.0_neutral__cw5n1h2txyewy", "Architecture": 11, - "Version": "1000.17763.1.0" + "Version": "1000.17763.1.0", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.Windows.SecHealthUI", "PackageFullName": "Microsoft.Windows.SecHealthUI_10.0.17763.1_neutral__cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.Windows.ShellExperienceHost", "PackageFullName": "Microsoft.Windows.ShellExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Microsoft.Windows.XGpuEjectDialog", "PackageFullName": "Microsoft.Windows.XGpuEjectDialog_10.0.17763.1_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Windows.CBSPreview", "PackageFullName": "Windows.CBSPreview_10.0.17763.1_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.17763.1" + "Version": "10.0.17763.1", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "windows.immersivecontrolpanel", "PackageFullName": "windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "10.0.2.1000" + "Version": "10.0.2.1000", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" }, { "Name": "Windows.PrintDialog", "PackageFullName": "Windows.PrintDialog_6.2.1.0_neutral_neutral_cw5n1h2txyewy", "Architecture": 11, - "Version": "6.2.1.0" + "Version": "6.2.1.0", + "Publisher": "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" } ] """ diff --git a/providers/os/resources/packages/windows_packages.go b/providers/os/resources/packages/windows_packages.go index 8df5306b9c..4442fe53be 100644 --- a/providers/os/resources/packages/windows_packages.go +++ b/providers/os/resources/packages/windows_packages.go @@ -14,6 +14,7 @@ import ( "go.mondoo.com/cnquery/v10/providers-sdk/v1/inventory" "go.mondoo.com/cnquery/v10/providers/os/connection/shared" "go.mondoo.com/cnquery/v10/providers/os/detector/windows" + "go.mondoo.com/cnquery/v10/providers/os/resources/cpe" "go.mondoo.com/cnquery/v10/providers/os/resources/powershell" ) @@ -82,7 +83,7 @@ const ( var ( WINDOWS_QUERY_HOTFIXES = `Get-HotFix | Select-Object -Property Status, Description, HotFixId, Caption, InstalledOn, InstalledBy | ConvertTo-Json` - WINDOWS_QUERY_APPX_PACKAGES = `Get-AppxPackage -AllUsers | Select Name, PackageFullName, Architecture, Version | ConvertTo-Json` + WINDOWS_QUERY_APPX_PACKAGES = `Get-AppxPackage -AllUsers | Select Name, PackageFullName, Architecture, Version, Publisher | ConvertTo-Json` ) type powershellWinAppxPackages struct { @@ -90,6 +91,7 @@ type powershellWinAppxPackages struct { FullName string `json:"PackageFullName"` Architecture int `json:"Architecture"` Version string `json:"Version"` + Publisher string `json:"Publisher"` } // Good read: https://www.wintips.org/view-installed-apps-and-packages-in-windows-10-8-1-8-from-powershell/ @@ -119,11 +121,22 @@ func ParseWindowsAppxPackages(input io.Reader) ([]Package, error) { arch = "unknown" } + cpeWfn := "" + if appxPackages[i].Name != "" && appxPackages[i].Version != "" { + cpeWfn, err = cpe.NewPackage2Cpe(appxPackages[i].Publisher, appxPackages[i].Name, appxPackages[i].Version, "", "") + if err != nil { + log.Debug().Err(err).Str("name", appxPackages[i].Name).Str("version", appxPackages[i].Version).Msg("could not create cpe for windows appx package") + } + } else { + log.Debug().Msg("ignored package since information is missing") + } + pkgs[i] = Package{ Name: appxPackages[i].Name, Version: appxPackages[i].Version, Arch: arch, Format: "windows/appx", + CPE: cpeWfn, } } return pkgs, nil @@ -280,10 +293,20 @@ func ParseWindowsAppPackages(input io.Reader) ([]Package, error) { if entry.UninstallString == "" { continue } + cpeWfn := "" + if entry.DisplayName != "" && entry.DisplayVersion != "" { + cpeWfn, err = cpe.NewPackage2Cpe(entry.Publisher, entry.DisplayName, entry.DisplayVersion, "", "") + if err != nil { + log.Debug().Err(err).Str("name", entry.DisplayName).Str("version", entry.DisplayVersion).Msg("could not create cpe for windows app package") + } + } else { + log.Debug().Msg("ignored package since information is missing") + } pkgs = append(pkgs, Package{ Name: entry.DisplayName, Version: entry.DisplayVersion, Format: "windows/app", + CPE: cpeWfn, }) } diff --git a/providers/os/resources/packages/windows_packages_test.go b/providers/os/resources/packages/windows_packages_test.go index 29d6e80962..692ec1f625 100644 --- a/providers/os/resources/packages/windows_packages_test.go +++ b/providers/os/resources/packages/windows_packages_test.go @@ -29,6 +29,7 @@ func TestWindowsAppPackagesParser(t *testing.T) { Version: "14.28.29913.0", Arch: "", Format: "windows/app", + CPE: "cpe:2.3:a:microsoft corporation:microsoft_visual_c\\+\\+_2015-2019_redistributable_\\(x86\\)_-_14.28.29913:14.28.29913.0:*:*:*:*:*:*:*", } assert.Contains(t, m, p) @@ -62,6 +63,7 @@ func TestWindowsAppxPackagesParser(t *testing.T) { Version: "1.11.5.17763", Arch: "neutral", Format: "windows/appx", + CPE: "cpe:2.3:a:cn=microsoft corporation, o=microsoft corporation, l=redmond, s=washington, c=us:microsoft.windows.cortana:1.11.5.17763:*:*:*:*:*:*:*", } assert.Contains(t, m, p)