From f3a376d6eea3425edef9da8cd2fb6847284971be Mon Sep 17 00:00:00 2001 From: kruskall <99559985+kruskall@users.noreply.github.com> Date: Fri, 27 Sep 2024 03:04:47 +0200 Subject: [PATCH] test: drop custom sys package and use stdlib x/sys (#40984) * feat: drop custom sys package and use stdlib x/sys drop custom fork of x/sys and use upstream package regenerate notice copy over custom methods * lint: fix linting issues (cherry picked from commit adbddfeea81832f4c7b8f4f9dc98683dc3721e40) --- NOTICE.txt | 37 --------- go.mod | 1 - go.sum | 2 - winlogbeat/eventlog/bench_test.go | 4 +- winlogbeat/eventlog/wineventlog_test.go | 88 ++++++++++++++++++--- winlogbeat/sys/wineventlog/iterator_test.go | 3 +- winlogbeat/sys/wineventlog/renderer_test.go | 6 +- winlogbeat/sys/wineventlog/util_test.go | 86 ++++++++++++++++++-- 8 files changed, 161 insertions(+), 66 deletions(-) diff --git a/NOTICE.txt b/NOTICE.txt index 7290e270f49..8e2702c0924 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -3017,43 +3017,6 @@ Contents of probable licence file $GOMODCACHE/github.com/aerospike/aerospike-cli limitations under the License. --------------------------------------------------------------------------------- -Dependency : github.com/andrewkroh/sys -Version: v0.0.0-20151128191922-287798fe3e43 -Licence type (autodetected): BSD-3-Clause --------------------------------------------------------------------------------- - -Contents of probable licence file $GOMODCACHE/github.com/andrewkroh/sys@v0.0.0-20151128191922-287798fe3e43/LICENSE: - -Copyright (c) 2009 The Go Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - - * Redistributions of source code must retain the above copyright -notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above -copyright notice, this list of conditions and the following disclaimer -in the documentation and/or other materials provided with the -distribution. - * Neither the name of Google Inc. nor the names of its -contributors may be used to endorse or promote products derived from -this software without specific prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - - -------------------------------------------------------------------------------- Dependency : github.com/apache/arrow/go/v14 Version: v14.0.2 diff --git a/go.mod b/go.mod index 7eb598ed384..438e5aa6337 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,6 @@ require ( github.com/StackExchange/wmi v1.2.1 github.com/aerospike/aerospike-client-go v1.27.1-0.20170612174108-0f3b54da6bdc github.com/akavel/rsrc v0.8.0 // indirect - github.com/andrewkroh/sys v0.0.0-20151128191922-287798fe3e43 github.com/apoydence/eachers v0.0.0-20181020210610-23942921fe77 // indirect github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 github.com/aws/aws-lambda-go v1.44.0 diff --git a/go.sum b/go.sum index 1e3c87b17f5..d9cf99c3cb1 100644 --- a/go.sum +++ b/go.sum @@ -251,8 +251,6 @@ github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3Uu github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/andrewkroh/goja v0.0.0-20190128172624-dd2ac4456e20 h1:7rj9qZ63knnVo2ZeepYHvHuRdG76f3tRUTdIQDzRBeI= github.com/andrewkroh/goja v0.0.0-20190128172624-dd2ac4456e20/go.mod h1:cI59GRkC2FRaFYtgbYEqMlgnnfvAwXzjojyZKXwklNg= -github.com/andrewkroh/sys v0.0.0-20151128191922-287798fe3e43 h1:WFwa9pqou0Nb4DdfBOyaBTH0GqLE74Qwdf61E7ITHwQ= -github.com/andrewkroh/sys v0.0.0-20151128191922-287798fe3e43/go.mod h1:tJPYQG4mnMeUtQvQKNkbsFrnmZOg59Qnf8CcctFv5v4= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs= diff --git a/winlogbeat/eventlog/bench_test.go b/winlogbeat/eventlog/bench_test.go index 9bd84ff636d..44b25fb81f2 100644 --- a/winlogbeat/eventlog/bench_test.go +++ b/winlogbeat/eventlog/bench_test.go @@ -27,8 +27,6 @@ import ( "strconv" "testing" - "golang.org/x/sys/windows/svc/eventlog" - "github.com/elastic/elastic-agent-libs/mapstr" ) @@ -57,7 +55,7 @@ func TestBenchmarkRead(t *testing.T) { // Publish test messages: for i := 0; i < *injectAmount; i++ { - safeWriteEvent(t, writer, eventlog.Info, uint32(rand.Int63()%1000), []string{strconv.Itoa(i) + " " + randomSentence(256)}) + safeWriteEvent(t, writer, uint32(rand.Int63()%1000), strconv.Itoa(i)+" "+randomSentence(256)) } for _, api := range []string{winEventLogAPIName, winEventLogExpAPIName} { diff --git a/winlogbeat/eventlog/wineventlog_test.go b/winlogbeat/eventlog/wineventlog_test.go index c0616021d22..81e32afa373 100644 --- a/winlogbeat/eventlog/wineventlog_test.go +++ b/winlogbeat/eventlog/wineventlog_test.go @@ -20,6 +20,7 @@ package eventlog import ( + "fmt" "io" "os/exec" "path/filepath" @@ -28,9 +29,10 @@ import ( "testing" "time" - "github.com/andrewkroh/sys/windows/svc/eventlog" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "golang.org/x/sys/windows/registry" + "golang.org/x/sys/windows/svc/eventlog" "github.com/elastic/beats/v7/winlogbeat/checkpoint" "github.com/elastic/beats/v7/winlogbeat/sys/wineventlog" @@ -182,7 +184,7 @@ func testWindowsEventLog(t *testing.T, api string) { const messageSize = 256 // Originally 31800, such a large value resulted in an empty eventlog under Win10. const totalEvents = 1000 for i := 0; i < totalEvents; i++ { - safeWriteEvent(t, writer, eventlog.Info, uint32(i%1000)+1, []string{strconv.Itoa(i) + " " + randomSentence(messageSize)}) + safeWriteEvent(t, writer, uint32(i%1000)+1, strconv.Itoa(i)+" "+randomSentence(messageSize)) } openLog := func(t testing.TB, config map[string]interface{}) EventLog { @@ -339,7 +341,7 @@ func createLog(t testing.TB, messageFiles ...string) (log *eventlog.Log, tearDow messageFile = strings.Join(messageFiles, ";") } - existed, err := eventlog.Install(name, source, messageFile, true, eventlog.Error|eventlog.Warning|eventlog.Info) + existed, err := install(name, source, messageFile, eventlog.Error|eventlog.Warning|eventlog.Info) if err != nil { t.Fatal(err) } @@ -351,8 +353,8 @@ func createLog(t testing.TB, messageFiles ...string) (log *eventlog.Log, tearDow log, err = eventlog.Open(source) //nolint:errcheck // This is just a resource release. if err != nil { - eventlog.RemoveSource(name, source) - eventlog.RemoveProvider(name) + removeSource(name, source) + removeProvider(name) t.Fatal(err) } @@ -360,17 +362,17 @@ func createLog(t testing.TB, messageFiles ...string) (log *eventlog.Log, tearDow tearDown = func() { log.Close() wineventlog.EvtClearLog(wineventlog.NilHandle, name, "") - eventlog.RemoveSource(name, source) - eventlog.RemoveProvider(name) + removeSource(name, source) + removeProvider(name) } return log, tearDown } -func safeWriteEvent(t testing.TB, log *eventlog.Log, etype uint16, eid uint32, msgs []string) { +func safeWriteEvent(t testing.TB, log *eventlog.Log, eid uint32, msg string) { deadline := time.Now().Add(time.Second * 10) for { - err := log.Report(etype, eid, msgs) + err := log.Info(eid, msg) if err == nil { return } @@ -420,3 +422,71 @@ func openLog(t testing.TB, api string, state *checkpoint.EventLogState, config m return log } + +const Application = "Application" + +const eventLogKeyName = `SYSTEM\CurrentControlSet\Services\EventLog` + +// removeSource deletes all registry elements installed for an event logging source. +func removeSource(provider, src string) error { + providerKeyName := fmt.Sprintf("%s\\%s", eventLogKeyName, provider) + pk, err := registry.OpenKey(registry.LOCAL_MACHINE, providerKeyName, registry.SET_VALUE) + if err != nil { + return err + } + defer pk.Close() + return registry.DeleteKey(pk, src) +} + +// removeProvider deletes all registry elements installed for an event logging provider. +// Only use this method if you have installed a custom provider. +func removeProvider(provider string) error { + // Protect against removing Application. + if provider == Application { + return fmt.Errorf("%s cannot be removed. Only custom providers can be removed.", provider) + } + + eventLogKey, err := registry.OpenKey(registry.LOCAL_MACHINE, eventLogKeyName, registry.SET_VALUE) + if err != nil { + return err + } + defer eventLogKey.Close() + return registry.DeleteKey(eventLogKey, provider) +} + +func install(provider, src, msgFile string, eventsSupported uint32) (bool, error) { + eventLogKey, err := registry.OpenKey(registry.LOCAL_MACHINE, eventLogKeyName, registry.CREATE_SUB_KEY) + if err != nil { + return false, err + } + defer eventLogKey.Close() + + pk, _, err := registry.CreateKey(eventLogKey, provider, registry.SET_VALUE) + if err != nil { + return false, err + } + defer pk.Close() + + sk, alreadyExist, err := registry.CreateKey(pk, src, registry.SET_VALUE) + if err != nil { + return false, err + } + defer sk.Close() + if alreadyExist { + return true, nil + } + + err = sk.SetDWordValue("CustomSource", 1) + if err != nil { + return false, err + } + err = sk.SetExpandStringValue("EventMessageFile", msgFile) + if err != nil { + return false, err + } + err = sk.SetDWordValue("TypesSupported", eventsSupported) + if err != nil { + return false, err + } + return false, nil +} diff --git a/winlogbeat/sys/wineventlog/iterator_test.go b/winlogbeat/sys/wineventlog/iterator_test.go index f9c38f631cd..be1578dca8e 100644 --- a/winlogbeat/sys/wineventlog/iterator_test.go +++ b/winlogbeat/sys/wineventlog/iterator_test.go @@ -23,7 +23,6 @@ import ( "strconv" "testing" - "github.com/andrewkroh/sys/windows/svc/eventlog" "github.com/stretchr/testify/assert" "golang.org/x/sys/windows" @@ -38,7 +37,7 @@ func TestEventIterator(t *testing.T) { const eventCount = 1500 for i := 0; i < eventCount; i++ { - safeWriteEvent(t, writer, eventlog.Info, 1, []string{"Test message " + strconv.Itoa(i+1)}) + safeWriteEvent(t, writer, 1, "Test message "+strconv.Itoa(i+1)) } // Validate the assumption that 1024 is the max number of handles supported diff --git a/winlogbeat/sys/wineventlog/renderer_test.go b/winlogbeat/sys/wineventlog/renderer_test.go index 5c6bdad990d..026082df5a5 100644 --- a/winlogbeat/sys/wineventlog/renderer_test.go +++ b/winlogbeat/sys/wineventlog/renderer_test.go @@ -30,8 +30,6 @@ import ( "text/template" "time" - "github.com/andrewkroh/sys/windows/svc/eventlog" - "github.com/stretchr/testify/assert" "github.com/elastic/beats/v7/libbeat/common/atomic" @@ -208,9 +206,9 @@ func BenchmarkRenderer(b *testing.B) { defer teardown() const totalEvents = 1000000 - msg := []string{strings.Repeat("Hello world! ", 21)} + msg := strings.Repeat("Hello world! ", 21) for i := 0; i < totalEvents; i++ { - safeWriteEvent(b, writer, eventlog.Info, 10, msg) + safeWriteEvent(b, writer, 10, msg) } setup := func() (*EventIterator, *Renderer) { diff --git a/winlogbeat/sys/wineventlog/util_test.go b/winlogbeat/sys/wineventlog/util_test.go index 8f434176c4a..7927f91ce8b 100644 --- a/winlogbeat/sys/wineventlog/util_test.go +++ b/winlogbeat/sys/wineventlog/util_test.go @@ -21,15 +21,17 @@ package wineventlog import ( "encoding/json" + "fmt" "os" "path/filepath" "strings" "testing" "time" - "github.com/andrewkroh/sys/windows/svc/eventlog" "github.com/stretchr/testify/assert" "golang.org/x/sys/windows" + "golang.org/x/sys/windows/registry" + "golang.org/x/sys/windows/svc/eventlog" ) const ( @@ -49,7 +51,7 @@ func createLog(t testing.TB) (log *eventlog.Log, tearDown func()) { const name = winlogbeatTestLogName const source = "wineventlog_test" - existed, err := eventlog.InstallAsEventCreate(name, source, eventlog.Error|eventlog.Warning|eventlog.Info) + existed, err := installAsEventCreate(name, source, eventlog.Error|eventlog.Warning|eventlog.Info) if err != nil { t.Fatalf("eventlog.InstallAsEventCreate failed: %v", err) } @@ -60,8 +62,8 @@ func createLog(t testing.TB) (log *eventlog.Log, tearDown func()) { log, err = eventlog.Open(source) if err != nil { - eventlog.RemoveSource(name, source) - eventlog.RemoveProvider(name) + removeSource(name, source) + removeProvider(name) t.Fatalf("eventlog.Open failed: %v", err) } @@ -70,18 +72,18 @@ func createLog(t testing.TB) (log *eventlog.Log, tearDown func()) { tearDown = func() { log.Close() EvtClearLog(NilHandle, name, "") - eventlog.RemoveSource(name, source) - eventlog.RemoveProvider(name) + removeSource(name, source) + removeProvider(name) } return log, tearDown } -func safeWriteEvent(t testing.TB, log *eventlog.Log, etype uint16, eid uint32, msgs []string) { +func safeWriteEvent(t testing.TB, log *eventlog.Log, eid uint32, msg string) { t.Helper() deadline := time.Now().Add(time.Second * 10) for { - err := log.Report(etype, eid, msgs) + err := log.Info(eid, msg) if err == nil { return } @@ -173,3 +175,71 @@ func assertEqualIgnoreCase(t *testing.T, expected, actual string) { strings.ToLower(actual), ) } + +const Application = "Application" + +const eventLogKeyName = `SYSTEM\CurrentControlSet\Services\EventLog` + +// removeSource deletes all registry elements installed for an event logging source. +func removeSource(provider, src string) error { + providerKeyName := fmt.Sprintf("%s\\%s", eventLogKeyName, provider) + pk, err := registry.OpenKey(registry.LOCAL_MACHINE, providerKeyName, registry.SET_VALUE) + if err != nil { + return err + } + defer pk.Close() + return registry.DeleteKey(pk, src) +} + +// removeProvider deletes all registry elements installed for an event logging provider. +// Only use this method if you have installed a custom provider. +func removeProvider(provider string) error { + // Protect against removing Application. + if provider == Application { + return fmt.Errorf("%s cannot be removed. Only custom providers can be removed.", provider) + } + + eventLogKey, err := registry.OpenKey(registry.LOCAL_MACHINE, eventLogKeyName, registry.SET_VALUE) + if err != nil { + return err + } + defer eventLogKey.Close() + return registry.DeleteKey(eventLogKey, provider) +} + +func installAsEventCreate(provider, src string, eventsSupported uint32) (bool, error) { + eventLogKey, err := registry.OpenKey(registry.LOCAL_MACHINE, eventLogKeyName, registry.CREATE_SUB_KEY) + if err != nil { + return false, err + } + defer eventLogKey.Close() + + pk, _, err := registry.CreateKey(eventLogKey, provider, registry.SET_VALUE) + if err != nil { + return false, err + } + defer pk.Close() + + sk, alreadyExist, err := registry.CreateKey(pk, src, registry.SET_VALUE) + if err != nil { + return false, err + } + defer sk.Close() + if alreadyExist { + return true, nil + } + + err = sk.SetDWordValue("CustomSource", 1) + if err != nil { + return false, err + } + err = sk.SetExpandStringValue("EventMessageFile", "%SystemRoot%\\System32\\EventCreate.exe") + if err != nil { + return false, err + } + err = sk.SetDWordValue("TypesSupported", eventsSupported) + if err != nil { + return false, err + } + return false, nil +}