⭐️ extract files that are used by a package (#3313)

providers/os/resources/os.lr

@@ -623,6 +623,14 @@ package @defaults("name version") {
   installed bool
   // Whether the package is outdated
   outdated() bool
+
+  // Package files
+  files() []pkgFileInfo
+}
+
+private pkgFileInfo @defaults("path") {
+  // Path to the file
+  path string
 }
 
 // List of packages on this system

providers/os/resources/os.lr.manifest.yaml

@@ -561,6 +561,8 @@ resources:
         min_mondoo_version: latest
       description: {}
       epoch: {}
+      files:
+        min_mondoo_version: latest
       format: {}
       installed: {}
       name: {}
@@ -647,6 +649,11 @@ resources:
       file: {}
       params: {}
     min_mondoo_version: 5.15.0
+  pkgFileInfo:
+    fields:
+      path: {}
+    is_private: true
+    min_mondoo_version: latest
   platform:
     fields:
       vulnerabilityReport: {}

providers/os/resources/packages.go

@@ -29,6 +29,16 @@ func (x *mqlPackage) id() (string, error) {
 	return x.Format.Data + "://" + x.Name.Data + "/" + x.Version.Data + "/" + x.Arch.Data, nil
 }
 
+type mqlPackageInternal struct {
+	filesState   packages.PkgFilesAvailable
+	filesOnDisks []packages.FileRecord
+}
+
+// TODO: this is not accurate enough, we need to tie it to the package
+func (x *mqlPkgFileInfo) id() (string, error) {
+	return x.Path.Data, nil
+}
+
 func initPackage(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[string]*llx.RawData, plugin.Resource, error) {
 	// we only look up the package, if we have been supplied by its name and nothing else
 	raw, ok := args["name"]
@@ -65,6 +75,7 @@ func initPackage(runtime *plugin.Runtime, args map[string]*llx.RawData) (map[str
 	res.Format.State = plugin.StateIsSet | plugin.StateIsNull
 	res.Origin.State = plugin.StateIsSet | plugin.StateIsNull
 	res.Status.State = plugin.StateIsSet | plugin.StateIsNull
+	res.Files.State = plugin.StateIsSet | plugin.StateIsNull
 	return nil, res, nil
 }
 
@@ -83,6 +94,42 @@ func (p *mqlPackage) origin() (string, error) {
 	return "", nil
 }
 
+func (p *mqlPackage) files() ([]interface{}, error) {
+	if p.filesState == packages.PkgFilesNotAvailable {
+		return nil, nil
+	}
+
+	var filesOnDisk []packages.FileRecord
+
+	if p.filesState == packages.PkgFilesIncluded {
+		// we already have the data
+		filesOnDisk = p.filesOnDisks
+	} else {
+		// we need to retrieve the data on-demand
+		conn := p.MqlRuntime.Connection.(shared.Connection)
+		pm, err := packages.ResolveSystemPkgManager(conn)
+		if pm == nil || err != nil {
+			return nil, errors.New("could not detect suitable package manager for platform")
+		}
+		filesOnDisk, err = pm.Files(p.Name.Data, p.Version.Data, p.Arch.Data)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	var pkgFiles []interface{}
+	for _, file := range filesOnDisk {
+		pkgFile, err := CreateResource(p.MqlRuntime, "pkgFileInfo", map[string]*llx.RawData{
+			"path": llx.StringData(file.Path),
+		})
+		if err != nil {
+			return nil, err
+		}
+		pkgFiles = append(pkgFiles, pkgFile)
+	}
+	return pkgFiles, nil
+}
+
 type mqlPackagesInternal struct {
 	lock           sync.Mutex
 	packagesByName map[string]*mqlPackage
@@ -159,7 +206,10 @@ func (x *mqlPackages) list() ([]interface{}, error) {
 			return nil, err
 		}
 
-		pkgs[i] = pkg
+		s := pkg.(*mqlPackage)
+		s.filesState = osPkg.FilesAvailable
+		s.filesOnDisks = osPkg.Files
+		pkgs[i] = s
 	}
 
 	return pkgs, x.refreshCache(pkgs)

providers/os/resources/packages/aix_packages.go

@@ -55,23 +55,28 @@ type AixPkgManager struct {
 	platform *inventory.Platform
 }
 
-func (f *AixPkgManager) Name() string {
+func (a *AixPkgManager) Name() string {
 	return "AIX Package Manager"
 }
 
-func (f *AixPkgManager) Format() string {
+func (a *AixPkgManager) Format() string {
 	return AixPkgFormat
 }
 
-func (f *AixPkgManager) List() ([]Package, error) {
-	cmd, err := f.conn.RunCommand("lslpp -cl ")
+func (a *AixPkgManager) List() ([]Package, error) {
+	cmd, err := a.conn.RunCommand("lslpp -cl ")
 	if err != nil {
 		return nil, fmt.Errorf("could not read freebsd package list")
 	}
 
-	return parseAixPackages(f.platform, cmd.Stdout)
+	return parseAixPackages(a.platform, cmd.Stdout)
 }
 
-func (f *AixPkgManager) Available() (map[string]PackageUpdate, error) {
+func (a *AixPkgManager) Available() (map[string]PackageUpdate, error) {
 	return map[string]PackageUpdate{}, nil
 }
+
+func (a *AixPkgManager) Files(name string, version string, arch string) ([]FileRecord, error) {
+	// not yet implemented
+	return nil, nil
+}

providers/os/resources/packages/aix_packages_test.go

@@ -26,8 +26,7 @@ func TestParseAixPackages(t *testing.T) {
 	require.Nil(t, err)
 	assert.Equal(t, 16, len(m), "detected the right amount of packages")
 
-	var p Package
-	p = Package{
+	p := Package{
 		Name:        "X11.apps.msmit",
 		Version:     "7.3.0.0",
 		Description: "AIXwindows msmit Application",

providers/os/resources/packages/apk_packages.go

@@ -11,6 +11,7 @@ import (
 	cpe2 "go.mondoo.com/cnquery/v10/providers/os/resources/cpe"
 	"go.mondoo.com/cnquery/v10/providers/os/resources/purl"
 	"io"
+	"path/filepath"
 	"regexp"
 
 	"github.com/rs/zerolog/log"
@@ -58,6 +59,7 @@ func ParseApkDbPackages(pf *inventory.Platform, input io.Reader) []Package {
 	scanner := bufio.NewScanner(input)
 	pkg := Package{}
 	var key string
+	var dir string
 	for scanner.Scan() {
 		line := scanner.Text()
 
@@ -95,6 +97,14 @@ func ParseApkDbPackages(pf *inventory.Platform, input io.Reader) []Package {
 			pkg.Origin = m[2] // origin
 		case "T":
 			pkg.Description = m[2] // description
+		case "F":
+			dir = m[2]
+		case "R":
+			// files
+			pkg.FilesAvailable = PkgFilesIncluded
+			pkg.Files = append(pkg.Files, FileRecord{
+				Path: filepath.Join(dir, m[2]),
+			})
 		}
 	}
 
@@ -158,3 +168,8 @@ func (apm *AlpinePkgManager) Available() (map[string]PackageUpdate, error) {
 	}
 	return ParseApkUpdates(cmd.Stdout)
 }
+
+func (apm *AlpinePkgManager) Files(name string, version string, arch string) ([]FileRecord, error) {
+	// not yet implemented
+	return nil, nil
+}