Spike to get packages from HP-UX

[Dwordcito]

Description

This issue aims to gather enough information and the mechanisms to use to recover the installed packages.

An explanation of the mechanism to be used to retrieve said information is expected.

DoD

• [x] Identify the source of the command /usr/sbin/swlist -v output to see if it is possible to implement any parser from compilable code.
• [x] PoC if the time box for this issue allows it.

[Dwordcito]

Based on the execution of the command /usr/sbin/swlist -v and using the "tusc" tool, I identify that this process opens the file /var/adm/sw/products/INDEX and uses this information to display the information of the installed packages.

execve("/usr/sbin/swlist", 0x87fffffffffff868, 0x87fffffffffff880) .......................................................................................................................... = 0 [32-bit]
stat64("//var/adm/sw/products/INDEX", 0x7fffdd90) ........................................................................................................................................... = 0
open("//var/adm/sw/products/INDEX", O_RDONLY|0x800, 0666) ................................................................................................................................... = 6

This particular file(attached) has a particular format, which has tags as element separators, and then per line of the file it displays the data as a key-value, with a space separator between them.

INDEX.txt

[Dwordcito]

Many of these changes were already made in epic #9103, from there the following items are revealed:

Among the changes that need to be made, one of them is to update the environment provisioning with gcc 9.4 and cmake compiled on HPUX.

https://github.com/wazuh/wazuh-packages/commit/8b9cb237f48735c4f3fcaa680af4c0cba0b52266

Then make some changes so that the dbsync, rsync, data provider and syscollector libraries are compiled.

https://github.com/wazuh/wazuh/pull/12116

As for the implementation, the parser is simple, you just have to read the file and separate it based on the "product" tag.

Then the mapping is done as follows, Under product tag.

package["name"] = tag; -> -> PK
package["version"] = revision; -> PK
package["groups"] = UNKNOWN_VALUE;
package["description"] = title;
package["architecture"] = architecture; // Split with _ and user the 3rd element. IA=ia64, PA=parisc, IA/PA=ia64/parisc -> PK
package["format"] = "depot";
package["source"] = install_source;
package["location"] = location;
package["priority"] = UNKNOWN_VALUE;
package["size"] = UNKNOWN_VALUE;
package["vendor"] = vendor_tag;
package["install_time"] = install_date;
package["multiarch"] = UNKNOWN_VALUE;

[Damian-Mangold]

Analyzing the INDEX.txt file, it was possible to identify a pattern and develop an algorithm that collects all the information of interest and stores it in an nlohmann::json object.

An extract of the created json object can be seen below:

{
    "products": [
        {
            "architecture": "IA",
            "description": "HPVM Guest AVIO Storage Software",
            "format": "depot",
            "groups": "UNKNOWN_VALUE",
            "install_time": "202208231025.20",
            "location": "/",
            "multiarch": "UNKNOWN_VALUE",
            "name": "AVIO-GVSD",
            "priority": "UNKNOWN_VALUE",
            "size": "UNKNOWN_VALUE",
            "source": "192.168.253.90:/var/opt/ignite/depots/Rel_B.11.31/core_media",
            "vendor": "HP",
            "version": "B.11.31.1705"
        },
        {
            "architecture": "IA/PA",
            "description": "HP-UX_Lanlink_Product",
            "format": "depot",
            "groups": "UNKNOWN_VALUE",
            "install_time": "202208231025.22",
            "location": "/",
            "multiarch": "UNKNOWN_VALUE",
            "name": "Networking",
            "priority": "UNKNOWN_VALUE",
            "size": "UNKNOWN_VALUE",
            "source": "192.168.253.90:/var/opt/ignite/depots/Rel_B.11.31/core_media",
            "vendor": "HP",
            "version": "B.11.31"
        }
    ]
}

Here you can see the full exported json object: output.zip

A performance test was run and the entire parsing process takes approximately 37ms (this time depends on the hardware where the test is run):

The project with the parsing algorithm is shared below: HPUXParser.zip

in it you can find the following structure:

.
├── CMakeLists.txt
├── README.md
└── src
    ├──benchmark
    │ ├── benchmark.cpp
    │ └── CMakeLists.txt
    ├── CMakeLists.txt
    ├── input_files
    │ └── INDEX.txt
    ├── src
    │ ├── genericClass.cpp
    │ ├── genericClass.hpp
    │ ├── main.cpp
    │ └── stringHelper.h
    └── tests
        ├── CMakeLists.txt
        ├── genericClass_test.cpp
        └── genericClass_test.hpp

where:

• src/src contains the parsing algorithm
• src/input_files contains the file to be parsed
• src/benchmark performance test
• src/tests unit test

[Dwordcito]

Closed based on the DoD, the estimation to apply these changes, dev-qa, PR review is 5 points.