Add tables for rhel and arch package managers (#1275)

pkg/osquery/table/platform_tables_linux.go

@@ -10,7 +10,12 @@ import (
 	"github.com/kolide/launcher/pkg/osquery/tables/cryptsetup"
 	"github.com/kolide/launcher/pkg/osquery/tables/dataflattentable"
 	"github.com/kolide/launcher/pkg/osquery/tables/execparsers/apt"
+	"github.com/kolide/launcher/pkg/osquery/tables/execparsers/dnf"
 	"github.com/kolide/launcher/pkg/osquery/tables/execparsers/dpkg"
+	"github.com/kolide/launcher/pkg/osquery/tables/execparsers/pacman/group"
+	"github.com/kolide/launcher/pkg/osquery/tables/execparsers/pacman/info"
+	"github.com/kolide/launcher/pkg/osquery/tables/execparsers/pacman/upgradeable"
+	"github.com/kolide/launcher/pkg/osquery/tables/execparsers/rpm"
 	"github.com/kolide/launcher/pkg/osquery/tables/execparsers/simple_array"
 	"github.com/kolide/launcher/pkg/osquery/tables/fscrypt_info"
 	"github.com/kolide/launcher/pkg/osquery/tables/gsettings"
@@ -42,6 +47,11 @@ func platformTables(client *osquery.ExtensionManagerClient, logger log.Logger, c
 		),
 		dataflattentable.NewExecAndParseTable(logger, "kolide_falconctl_systags", simple_array.New("systags"), []string{"/opt/CrowdStrike/falconctl", "-g", "--systags"}),
 		dataflattentable.NewExecAndParseTable(logger, "kolide_apt_upgradeable", apt.Parser, []string{"/usr/bin/apt", "list", "--upgradeable"}, dataflattentable.WithIncludeStderr()),
+		dataflattentable.NewExecAndParseTable(logger, "kolide_dnf_upgradeable", dnf.Parser, []string{"/usr/bin/dnf", "check-update"}, dataflattentable.WithIncludeStderr()),
 		dataflattentable.NewExecAndParseTable(logger, "kolide_dpkg_version_info", dpkg.Parser, []string{"/usr/bin/dpkg", "-p"}, dataflattentable.WithIncludeStderr()),
+		dataflattentable.NewExecAndParseTable(logger, "kolide_pacman_group", pacman_group.Parser, []string{"/usr/bin/pacman", "-Qg"}, dataflattentable.WithIncludeStderr()),
+		dataflattentable.NewExecAndParseTable(logger, "kolide_pacman_version_info", pacman_info.Parser, []string{"/usr/bin/pacman", "-Qi"}, dataflattentable.WithIncludeStderr()),
+		dataflattentable.NewExecAndParseTable(logger, "kolide_pacman_upgradeable", pacman_upgradeable.Parser, []string{"/usr/bin/pacman", "-Qu"}, dataflattentable.WithIncludeStderr()),
+		dataflattentable.NewExecAndParseTable(logger, "kolide_rpm_version_info", rpm.Parser, []string{"/usr/bin/rpm", "-qai"}, dataflattentable.WithIncludeStderr()),
 	}
 }

pkg/osquery/tables/execparsers/dnf/dnf.go

@@ -0,0 +1,17 @@
+package dnf
+
+import (
+	"io"
+)
+
+type parser struct{}
+
+var Parser = New()
+
+func New() parser {
+	return parser{}
+}
+
+func (p parser) Parse(reader io.Reader) (any, error) {
+	return dnfParse(reader)
+}

pkg/osquery/tables/execparsers/dnf/parser.go

@@ -0,0 +1,35 @@
+package dnf
+
+import (
+	"bufio"
+	"io"
+	"strings"
+)
+
+func dnfParse(reader io.Reader) (any, error) {
+	results := make([]map[string]string, 0)
+
+	scanner := bufio.NewScanner(reader)
+	for scanner.Scan() {
+		line := scanner.Text()
+		// We expect dnf to return lines in the following format:
+		// `apr-util.x86_64 1.5.2-6.el7_9.1 updates`
+		// We split on the last period in the first string, and on the spaces to get the following output:
+		// `<package name>.<arch> <update version> <source>`
+		fields := strings.Fields(line)
+		if len(fields) != 3 {
+			continue
+		}
+
+		splitIndex := strings.LastIndex(fields[0], ".")
+
+		row := make(map[string]string)
+		row["package"] = strings.TrimSpace(fields[0][:splitIndex])
+		row["version"] = strings.TrimSpace(fields[1])
+		row["source"] = strings.TrimSpace(fields[2])
+
+		results = append(results, row)
+	}
+
+	return results, nil
+}

pkg/osquery/tables/execparsers/dnf/parser_test.go

@@ -0,0 +1,132 @@
+package dnf
+
+import (
+	"bytes"
+	_ "embed"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+//go:embed test-data/dnf_upgradeable.txt
+var dnf_upgradeable []byte
+
+func TestParse(t *testing.T) {
+	t.Parallel()
+
+	var tests = []struct {
+		name     string
+		input    []byte
+		expected []map[string]string
+	}{
+		{
+			name:     "empty input",
+			expected: make([]map[string]string, 0),
+		},
+		{
+			name:  "malformed input",
+			input: []byte("\n tester..wow\n\n Last\n*^$\npackage.          1.2.3 source\n\nfoo.bar 111\n   \n"),
+			expected: []map[string]string{
+				{
+					"package": "package",
+					"source":  "source",
+					"version": "1.2.3",
+				},
+			},
+		},
+		{
+			name:  "dnf_upgradeable",
+			input: dnf_upgradeable,
+			expected: []map[string]string{
+				{
+					"package": "apr-util",
+					"source":  "updates",
+					"version": "1.5.2-6.el7_9.1",
+				},
+				{
+					"package": "autofs",
+					"source":  "updates",
+					"version": "1:5.0.7-116.el7_9.1",
+				},
+				{
+					"package": "bind-libs",
+					"source":  "updates",
+					"version": "32:9.11.4-26.P2.el7_9.13",
+				},
+				{
+					"package": "brave-browser",
+					"source":  "brave-browser-rpm-release.s3.brave.com_x86_64_",
+					"version": "1.56.14-1",
+				},
+				{
+					"package": "brave-keyring",
+					"source":  "brave-browser-rpm-release.s3.brave.com_x86_64_",
+					"version": "1.14-1",
+				},
+				{
+					"package": "firefox",
+					"source":  "updates",
+					"version": "102.12.0-1.el7.centos",
+				},
+				{
+					"package": "java-1.8.0-openjdk",
+					"source":  "updates",
+					"version": "1:1.8.0.372.b07-1.el7_9",
+				},
+				{
+					"package": "java-1.8.0-openjdk-headless",
+					"source":  "updates",
+					"version": "1:1.8.0.372.b07-1.el7_9",
+				},
+				{
+					"package": "openssl",
+					"source":  "updates",
+					"version": "1:1.0.2k-26.el7_9",
+				},
+				{
+					"package": "openssl-libs",
+					"source":  "updates",
+					"version": "1:1.0.2k-26.el7_9",
+				},
+				{
+					"package": "osquery",
+					"source":  "osquery-s3-rpm-repo",
+					"version": "5.9.1-1.linux",
+				},
+				{
+					"package": "perf",
+					"source":  "updates",
+					"version": "3.10.0-1160.92.1.el7",
+				},
+				{
+					"package": "python",
+					"source":  "updates",
+					"version": "2.7.5-93.el7_9",
+				},
+				{
+					"package": "sudo",
+					"source":  "updates",
+					"version": "1.8.23-10.el7_9.3",
+				},
+				{
+					"package": "zlib",
+					"source":  "updates",
+					"version": "1.2.7-21.el7_9",
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+
+			p := New()
+			result, err := p.Parse(bytes.NewReader(tt.input))
+			require.NoError(t, err, "unexpected error parsing input")
+
+			require.ElementsMatch(t, tt.expected, result)
+		})
+	}
+}

pkg/osquery/tables/execparsers/dnf/test-data/dnf_upgradeable.txt

@@ -0,0 +1,17 @@
+Last metadata expiration check: 0:06:32 ago on Fri 28 Jul 2023 04:45:20 AM MDT.
+
+apr-util.x86_64                    1.5.2-6.el7_9.1          updates                                       
+autofs.x86_64                      1:5.0.7-116.el7_9.1      updates                                       
+bind-libs.x86_64                   32:9.11.4-26.P2.el7_9.13 updates                                       
+brave-browser.x86_64               1.56.14-1                brave-browser-rpm-release.s3.brave.com_x86_64_
+brave-keyring.noarch               1.14-1                   brave-browser-rpm-release.s3.brave.com_x86_64_
+firefox.x86_64                     102.12.0-1.el7.centos    updates                                       
+java-1.8.0-openjdk.x86_64          1:1.8.0.372.b07-1.el7_9  updates                                       
+java-1.8.0-openjdk-headless.x86_64 1:1.8.0.372.b07-1.el7_9  updates                                                                          
+openssl.x86_64                     1:1.0.2k-26.el7_9        updates                                       
+openssl-libs.x86_64                1:1.0.2k-26.el7_9        updates                                       
+osquery.x86_64                     5.9.1-1.linux            osquery-s3-rpm-repo                           
+perf.x86_64                        3.10.0-1160.92.1.el7     updates                                       
+python.x86_64                      2.7.5-93.el7_9           updates                                       
+sudo.x86_64                        1.8.23-10.el7_9.3        updates                                       
+zlib.x86_64                        1.2.7-21.el7_9           updates                                       

pkg/osquery/tables/execparsers/pacman/group/pacman_group.go

@@ -0,0 +1,17 @@
+package pacman_group
+
+import (
+	"io"
+)
+
+type parser struct{}
+
+var Parser = New()
+
+func New() parser {
+	return parser{}
+}
+
+func (p parser) Parse(reader io.Reader) (any, error) {
+	return pacmanParse(reader)
+}

pkg/osquery/tables/execparsers/pacman/group/parser.go

@@ -0,0 +1,33 @@
+package pacman_group
+
+import (
+	"bufio"
+	"io"
+	"strings"
+)
+
+func pacmanParse(reader io.Reader) (any, error) {
+	results := make([]map[string]string, 0)
+
+	scanner := bufio.NewScanner(reader)
+	for scanner.Scan() {
+		line := scanner.Text()
+		// We expect pacman to return lines in the following format:
+		// `base-devel autoconf`
+		// `gnome baobab`...
+		// We split each line by space to get a group and package pair.
+		// `<group> <package>`
+		data := strings.SplitN(line, " ", 2)
+		if len(data) != 2 {
+			continue
+		}
+
+		row := make(map[string]string)
+		row["group"] = strings.TrimSpace(data[0])
+		row["package"] = strings.TrimSpace(data[1])
+
+		results = append(results, row)
+	}
+
+	return results, nil
+}