replace syscall with unix/windows packages where possible

.golangci.yml

@@ -144,7 +144,7 @@ linters:
       # See https://github.com/kisielk/errcheck#excluding-functions for details.
       exclude-functions:
         - (*bytes.Buffer).ReadFrom          # TODO
-        - syscall.FreeLibrary
+        - golang.org/x/sys/windows.FreeLibrary
         - golang.org/x/sys/windows.CloseHandle
         - golang.org/x/sys/windows.ResetEvent
         - (*golang.org/x/sys/windows/svc/eventlog.Log).Info

cmd/crowdsec/win_service.go

@@ -9,7 +9,6 @@ package main
 import (
 	"context"
 	"fmt"
-	"syscall"
 	"time"
 
 	log "github.com/sirupsen/logrus"
@@ -74,7 +73,7 @@ func runService(name string) error {
 	// All the calls to logging before the logger is configured are pretty much useless, but we keep them for clarity
 	err := eventlog.InstallAsEventCreate("CrowdSec", eventlog.Error|eventlog.Warning|eventlog.Info)
 	if err != nil {
-		if errno, ok := err.(syscall.Errno); ok {   //nolint:errorlint
+		if errno, ok := err.(windows.Errno); ok {   //nolint:errorlint
 			if errno == windows.ERROR_ACCESS_DENIED {
 				log.Warnf("Access denied when installing event source, running as non-admin ?")
 			} else {

pkg/acquisition/modules/wineventlog/config_windows.go

@@ -8,7 +8,6 @@ import (
 	"net/url"
 	"strconv"
 	"strings"
-	"syscall"
 
 	yaml "github.com/goccy/go-yaml"
 	"github.com/google/winops/winlog"
@@ -117,15 +116,15 @@ func (s *Source) generateConfig(query string, live bool) (*winlog.SubscribeConfi
 		}
 		config.Flags = wevtapi.EvtSubscribeToFutureEvents
 	} else {
-		config.ChannelPath, err = syscall.UTF16PtrFromString(s.config.EventFile)
+		config.ChannelPath, err = windows.UTF16PtrFromString(s.config.EventFile)
 		if err != nil {
-			return &config, fmt.Errorf("syscall.UTF16PtrFromString failed: %v", err)
+			return &config, fmt.Errorf("windows.UTF16PtrFromString failed: %v", err)
 		}
 		config.Flags = wevtapi.EvtQueryFilePath | wevtapi.EvtQueryForwardDirection
 	}
-	config.Query, err = syscall.UTF16PtrFromString(query)
+	config.Query, err = windows.UTF16PtrFromString(query)
 	if err != nil {
-		return &config, fmt.Errorf("syscall.UTF16PtrFromString failed: %v", err)
+		return &config, fmt.Errorf("windows.UTF16PtrFromString failed: %v", err)
 	}
 
 	return &config, nil

pkg/acquisition/modules/wineventlog/run_windows.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"syscall"
 	"time"
 
 	"github.com/google/winops/winlog"
@@ -88,7 +87,7 @@ func (s *Source) getEvents(out chan pipeline.Event, t *tomb.Tomb) error {
 				s.logger.Errorf("WaitForSingleObject failed: %s", err)
 				return err
 			}
-			if status == syscall.WAIT_OBJECT_0 {
+			if status == windows.WAIT_OBJECT_0 {
 				renderedEvents, err := s.getXMLEvents(s.evtConfig, publisherCache, subscription, 500)
 				if errors.Is(err, windows.ERROR_NO_MORE_ITEMS) {
 					windows.ResetEvent(s.evtConfig.SignalEvent)

pkg/csplugin/utils.go

@@ -15,6 +15,8 @@ import (
 	"strconv"
 	"strings"
 	"syscall"
+
+	"golang.org/x/sys/unix"
 )
 
 func (pb *PluginBroker) CreateCmd(ctx context.Context, binaryPath string) (*exec.Cmd, error) {
@@ -72,7 +74,7 @@ func getPluginTypeAndSubtypeFromPath(path string) (string, string, error) {
 	return strings.Join(parts[:len(parts)-1], "-"), parts[len(parts)-1], nil
 }
 
-func getProcessAttr(username string, groupname string) (*syscall.SysProcAttr, error) {
+func getProcessAttr(username string, groupname string) (*unix.SysProcAttr, error) {
 	uid, err := getUID(username)
 	if err != nil {
 		return nil, err
@@ -82,7 +84,7 @@ func getProcessAttr(username string, groupname string) (*syscall.SysProcAttr, er
 		return nil, err
 	}
 
-	return &syscall.SysProcAttr{
+	return &unix.SysProcAttr{
 		Credential: &syscall.Credential{
 			Uid: uid,
 			Gid: gid,

pkg/csplugin/utils_windows.go

@@ -20,7 +20,7 @@ import (
 )
 
 var (
-	advapi32 = syscall.NewLazyDLL("advapi32.dll")
+	advapi32 = windows.NewLazyDLL("advapi32.dll")
 	procGetAce = advapi32.NewProc("GetAce")
 )
 
@@ -155,7 +155,7 @@ func CheckPerms(path string) error {
 	return nil
 }
 
-func getProcessAttr() (*syscall.SysProcAttr, error) {
+func getProcessAttr() (*windows.SysProcAttr, error) {
 	var procToken, token windows.Token
 
 	proc := windows.CurrentProcess()
@@ -201,7 +201,7 @@ func getProcessAttr() (*syscall.SysProcAttr, error) {
 	}
 
 	return &windows.SysProcAttr{
-		CreationFlags: syscall.CREATE_NEW_PROCESS_GROUP,
+		CreationFlags: windows.CREATE_NEW_PROCESS_GROUP,
 		Token:         syscall.Token(token),
 	}, nil
 }

pkg/fsutil/getfstype_freebsd.go

@@ -3,14 +3,15 @@
 package fsutil
 
 import (
-    "fmt"
-    "syscall"
+	"fmt"
+
+	"golang.org/x/sys/unix"
 )
 
 func GetFSType(path string) (string, error) {
-	var fsStat syscall.Statfs_t
+	var fsStat unix.Statfs_t
 
-	if err := syscall.Statfs(path, &fsStat); err != nil {
+	if err := unix.Statfs(path, &fsStat); err != nil {
 		return "", fmt.Errorf("failed to get filesystem type: %w", err)
 	}
 

pkg/fsutil/getfstype_openbsd.go

@@ -3,14 +3,15 @@
 package fsutil
 
 import (
-    "fmt"
-    "syscall"
+	"fmt"
+
+	"golang.org/x/sys/unix"
 )
 
 func GetFSType(path string) (string, error) {
-	var fsStat syscall.Statfs_t
+	var fsStat unix.Statfs_t
 
-	if err := syscall.Statfs(path, &fsStat); err != nil {
+	if err := unix.Statfs(path, &fsStat); err != nil {
 		return "", fmt.Errorf("failed to get filesystem type: %w", err)
 	}
 

pkg/fsutil/getfstype_windows.go

@@ -4,16 +4,18 @@ import (
 	"path/filepath"
 	"syscall"
 	"unsafe"
+
+	"golang.org/x/sys/windows"
 )
 
 func GetFSType(path string) (string, error) {
-	kernel32, err := syscall.LoadLibrary("kernel32.dll")
+	kernel32, err := windows.LoadLibrary("kernel32.dll")
 	if err != nil {
 		return "", err
 	}
-	defer syscall.FreeLibrary(kernel32)
+	defer windows.FreeLibrary(kernel32)
 
-	getVolumeInformation, err := syscall.GetProcAddress(kernel32, "GetVolumeInformationW")
+	getVolumeInformation, err := windows.GetProcAddress(kernel32, "GetVolumeInformationW")
 	if err != nil {
 		return "", err
 	}
@@ -27,7 +29,7 @@ func GetFSType(path string) (string, error) {
 	// Get the root path of the volume
 	volumeRoot := filepath.VolumeName(absPath) + "\\"
 
-	volumeRootPtr, _ := syscall.UTF16PtrFromString(volumeRoot)
+	volumeRootPtr, _ := windows.UTF16PtrFromString(volumeRoot)
 
 	var (
 		fileSystemNameBuffer = make([]uint16, 260)
@@ -49,5 +51,5 @@ func GetFSType(path string) (string, error) {
 		return "", err
 	}
 
-	return syscall.UTF16ToString(fileSystemNameBuffer), nil
+	return windows.UTF16ToString(fileSystemNameBuffer), nil
 }