⭐️ Add Purl to macOS and Windows systems (#4996)

Fixes #4957

🛠️ Refactored the `purl` package.

**Basic usage.**

No platform information.

```go
purl.NewPackageURL(nil, purl.TypeDebian, "curl", "7.50.3-1").String()
```

Will produce the purl: `pkg:deb/[email protected]`

**Main usage. (with platform info)**

We rely on the `inventory.Platform` that already has information like the architecture
that can't change. Also we guess the linux distribution from here.
```go
platform := &inventory.Platform{
	Arch:    "x86_64",
	Version: "22.04",
	Labels: map[string]string{
		"distro-id": "jessie",
	},
}

purl.NewPackageURL(platform, purl.TypeDebian, "curl", "7.50.3-1").String()
```

Will produce the purl: `pkg:deb/debian/[email protected]?arch=x86_64&distro=jessie`

**Extended usage. (with modifiers)**

We can override optional attributes, like the architecture, epoch and namespace.

This is useful for non-linux systems.

```go
platform := &inventory.Platform{
	Name:    "windows",
	Version: "10.0.18363",
	Family:  []string{"windows"},
}

purl.NewPackageURL(platform, purl.TypeAppx, "Microsoft.Windows.Cortana", "1.11.5.17763",
	purl.WithArch("x86"),
	purl.WithNamespace("windows"),
).String()
```

Will produce the purl: `pkg:appx/windows/[email protected]?arch=x86`

---------

Signed-off-by: Salim Afiune Maya <[email protected]>

providers/os/resources/packages/aix_packages.go

@@ -9,7 +9,6 @@ import (
 	"io"
 	"strings"
 
-	"github.com/package-url/packageurl-go"
 	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
 	cpe2 "go.mondoo.com/cnquery/v11/providers/os/resources/cpe"
 	"go.mondoo.com/cnquery/v11/providers/os/resources/purl"
@@ -43,8 +42,10 @@ func parseAixPackages(pf *inventory.Platform, r io.Reader) ([]Package, error) {
 			Version:     record[2],
 			Description: strings.TrimSpace(record[6]),
 			Format:      AixPkgFormat,
-			PUrl:        purl.NewPackageUrl(pf, record[1], record[2], "", "", packageurl.TypeGeneric),
-			CPEs:        cpes,
+			PUrl: purl.NewPackageURL(
+				pf, purl.TypeGeneric, record[1], record[2], purl.WithNamespace(pf.Name),
+			).String(),
+			CPEs: cpes,
 		})
 
 	}

providers/os/resources/packages/aix_packages_test.go

@@ -31,7 +31,7 @@ func TestParseAixPackages(t *testing.T) {
 		Name:        "X11.apps.msmit",
 		Version:     "7.3.0.0",
 		Description: "AIXwindows msmit Application",
-		PUrl:        "pkg:generic/aix/[email protected]?distro=aix-7.2",
+		PUrl:        "pkg:generic/aix/[email protected]?arch=powerpc&distro=aix-7.2",
 		CPEs: []string{
 			"cpe:2.3:a:x11.apps.msmit:x11.apps.msmit:7.3.0.0:*:*:*:*:*:powerpc:*",
 			"cpe:2.3:a:x11.apps.msmit:x11.apps.msmit:7.3.0:*:*:*:*:*:powerpc:*",

providers/os/resources/packages/apk_packages.go

@@ -10,7 +10,6 @@ import (
 	"path/filepath"
 	"regexp"
 
-	"github.com/package-url/packageurl-go"
 	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
 	cpe2 "go.mondoo.com/cnquery/v11/providers/os/resources/cpe"
 	"go.mondoo.com/cnquery/v11/providers/os/resources/purl"
@@ -44,7 +43,10 @@ func ParseApkDbPackages(pf *inventory.Platform, input io.Reader) []Package {
 		}
 
 		pkg.Format = AlpinePkgFormat
-		pkg.PUrl = purl.NewPackageUrl(pf, pkg.Name, pkg.Version, pkg.Arch, pkg.Epoch, packageurl.TypeApk)
+		pkg.PUrl = purl.NewPackageURL(pf, purl.TypeApk, pkg.Name, pkg.Version,
+			purl.WithArch(pkg.Arch),
+			purl.WithEpoch(pkg.Epoch),
+		).String()
 
 		cpes, _ := cpe2.NewPackage2Cpe(pkg.Vendor, pkg.Name, pkg.Version, "", pf.Arch)
 		pkg.CPEs = cpes

providers/os/resources/packages/dpkg_packages.go

@@ -11,7 +11,6 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/package-url/packageurl-go"
 	"github.com/rs/zerolog/log"
 	"github.com/spf13/afero"
 	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
@@ -39,7 +38,10 @@ func ParseDpkgPackages(pf *inventory.Platform, input io.Reader) ([]Package, erro
 	add := func(pkg Package) {
 		// do sanitization checks to ensure we have minimal information
 		if pkg.Name != "" && pkg.Version != "" {
-			pkg.PUrl = purl.NewPackageUrl(pf, pkg.Name, pkg.Version, pkg.Arch, pkg.Epoch, packageurl.TypeDebian)
+			pkg.PUrl = purl.NewPackageURL(pf, purl.TypeDebian, pkg.Name, pkg.Version,
+				purl.WithArch(pkg.Arch),
+				purl.WithEpoch(pkg.Epoch),
+			).String()
 			cpes, _ := cpe.NewPackage2Cpe(pkg.Name, pkg.Name, pkg.Version, pkg.Epoch, pkg.Arch)
 			cpesWithoutArch, _ := cpe.NewPackage2Cpe(pkg.Name, pkg.Name, pkg.Version, pkg.Epoch, "")
 			cpes = append(cpes, cpesWithoutArch...)

providers/os/resources/packages/macos_packages.go

@@ -9,7 +9,9 @@ import (
 	"strings"
 
 	"github.com/cockroachdb/errors"
+	"go.mondoo.com/cnquery/v11/providers-sdk/v1/inventory"
 	"go.mondoo.com/cnquery/v11/providers/os/connection/shared"
+	"go.mondoo.com/cnquery/v11/providers/os/resources/purl"
 	plist "howett.net/plist"
 )
 
@@ -18,7 +20,7 @@ const (
 )
 
 // parse macos system version property list
-func ParseMacOSPackages(input io.Reader) ([]Package, error) {
+func ParseMacOSPackages(platform *inventory.Platform, input io.Reader) ([]Package, error) {
 	var r io.ReadSeeker
 	r, ok := input.(io.ReadSeeker)
 
@@ -58,6 +60,9 @@ func ParseMacOSPackages(input io.Reader) ([]Package, error) {
 		pkgs[i].Version = entry.Version
 		pkgs[i].Format = MacosPkgFormat
 		pkgs[i].FilesAvailable = PkgFilesIncluded
+		pkgs[i].PUrl = purl.NewPackageURL(
+			platform, purl.TypeMacos, entry.Name, entry.Version,
+		).String()
 		if entry.Path != "" {
 			pkgs[i].Files = []FileRecord{
 				{
@@ -72,7 +77,8 @@ func ParseMacOSPackages(input io.Reader) ([]Package, error) {
 
 // MacOS
 type MacOSPkgManager struct {
-	conn shared.Connection
+	conn     shared.Connection
+	platform *inventory.Platform
 }
 
 func (mpm *MacOSPkgManager) Name() string {
@@ -89,7 +95,7 @@ func (mpm *MacOSPkgManager) List() ([]Package, error) {
 		return nil, fmt.Errorf("could not read package list")
 	}
 
-	return ParseMacOSPackages(cmd.Stdout)
+	return ParseMacOSPackages(mpm.platform, cmd.Stdout)
 }
 
 func (mpm *MacOSPkgManager) Available() (map[string]PackageUpdate, error) {

providers/os/resources/packages/macos_packages_test.go

@@ -23,19 +23,27 @@ func TestMacOsXPackageParser(t *testing.T) {
 	}
 	assert.Nil(t, err)
 
-	m, err := packages.ParseMacOSPackages(c.Stdout)
+	pf := &inventory.Platform{
+		Name:    "macos",
+		Version: "15.2",
+		Arch:    "x86_64",
+		Family:  []string{"darwin", "bsd", "unix", "os"},
+	}
+	m, err := packages.ParseMacOSPackages(pf, c.Stdout)
 	assert.Nil(t, err)
 	assert.Equal(t, 2, len(m), "detected the right amount of packages")
 
 	assert.Equal(t, "Preview", m[0].Name, "pkg name detected")
 	assert.Equal(t, "10.0", m[0].Version, "pkg version detected")
 	assert.Equal(t, packages.MacosPkgFormat, m[0].Format, "pkg format detected")
 	assert.Equal(t, packages.PkgFilesIncluded, m[0].FilesAvailable)
+	assert.Equal(t, "pkg:macos/[email protected]?arch=x86_64", m[0].PUrl)
 	assert.Equal(t, []packages.FileRecord{{Path: "/Applications/Preview.app"}}, m[0].Files)
 
 	assert.Equal(t, "Contacts", m[1].Name, "pkg name detected")
 	assert.Equal(t, "11.0", m[1].Version, "pkg version detected")
 	assert.Equal(t, packages.MacosPkgFormat, m[1].Format, "pkg format detected")
 	assert.Equal(t, packages.PkgFilesIncluded, m[1].FilesAvailable)
+	assert.Equal(t, "pkg:macos/[email protected]?arch=x86_64", m[1].PUrl)
 	assert.Equal(t, []packages.FileRecord{{Path: "/Applications/Contacts.app"}}, m[1].Files)
 }

providers/os/resources/packages/packages.go

@@ -111,7 +111,7 @@ func ResolveSystemPkgManager(conn shared.Connection) (OperatingSystemPkgManager,
 	case asset.Platform.Name == "alpine" || asset.Platform.Name == "wolfi": // alpine & wolfi share apk
 		pm = &AlpinePkgManager{conn: conn, platform: asset.Platform}
 	case asset.Platform.Name == "macos": // mac os family
-		pm = &MacOSPkgManager{conn: conn}
+		pm = &MacOSPkgManager{conn: conn, platform: asset.Platform}
 	case asset.Platform.Name == "windows":
 		pm = &WinPkgManager{conn: conn, platform: asset.Platform}
 	case asset.Platform.Name == "scratch" || asset.Platform.Name == "coreos":