feat: SCA-6 windows patch scan

iseki0 · iseki0 · commit dfc276100ad7 · 2025-11-06T14:32:04.000+08:00
diff --git a/api/sbom_commit.go b/api/sbom_commit.go
@@ -4,12 +4,13 @@ import (
 	"bufio"
 	"context"
 	"encoding/json"
+	"os"
+
 	"github.com/murphysecurity/murphysec/env"
 	"github.com/murphysecurity/murphysec/model"
 	"github.com/murphysecurity/murphysec/scanerr"
 	"github.com/murphysecurity/murphysec/utils"
 	"github.com/murphysecurity/murphysec/utils/must"
-	"os"
 )
 
 func SubmitSBOM(ctx context.Context, client *Client, subtaskId string, modules []model.Module, codeFragments []model.ComponentCodeFragment) error {
diff --git a/envinspection/inspection.go b/envinspection/inspection.go
@@ -4,15 +4,16 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"github.com/iseki0/osname"
-	"github.com/murphysecurity/murphysec/infra/logctx"
-	"github.com/murphysecurity/murphysec/model"
-	"github.com/murphysecurity/murphysec/scanerr"
 	"io/fs"
 	"os/exec"
 	"reflect"
 	"runtime"
 	"strings"
+
+	"github.com/iseki0/osname"
+	"github.com/murphysecurity/murphysec/infra/logctx"
+	"github.com/murphysecurity/murphysec/model"
+	"github.com/murphysecurity/murphysec/scanerr"
 )
 
 func InspectEnv(ctx context.Context, scanProcess bool) error {
@@ -25,6 +26,15 @@ func InspectEnv(ctx context.Context, scanProcess bool) error {
 	var osn, _ = osname.OsName()
 	if runtime.GOOS == "linux" {
 		packageManager = getOsInfo()
+	} else if runtime.GOOS == "windows" {
+		version := getWindowsVersion()
+		var m = model.Module{
+			ModuleName:   "5ec239b6-715c-4d36-a3b8-a5a629b898a9",
+			Dependencies: []model.DependencyItem{{Component: version}},
+			Patches:      listPendingPatch(ctx),
+			ModulePath:   "/Windows",
+		}
+		task.Modules = append(task.Modules, m)
 	}
 	if s, ok := processByRule(osn); ok {
 		packageManager = s
diff --git a/envinspection/installed_software_all.go b/envinspection/installed_software_all.go
@@ -4,9 +4,16 @@ package envinspection
 
 import (
 	"context"
+
 	"github.com/murphysecurity/murphysec/model"
 )
 
 func listInstalledSoftwareWindows(ctx context.Context) ([]model.DependencyItem, error) {
 	return nil, nil
 }
+func listPendingPatch(ctx context.Context) []string {
+	return nil
+}
+func getWindowsVersion() model.Component {
+	return model.Component{}
+}
diff --git a/envinspection/installed_software_windows.go b/envinspection/installed_software_windows.go
@@ -5,10 +5,15 @@ package envinspection
 import (
 	"context"
 	"fmt"
+	"os/exec"
+	"path/filepath"
+	"strings"
+
+	"github.com/murphysecurity/murphysec/infra/logctx"
 	"github.com/murphysecurity/murphysec/model"
+	"github.com/repeale/fp-go"
 	"golang.org/x/sys/windows"
 	"golang.org/x/sys/windows/registry"
-	"path/filepath"
 )
 
 type listSubKeysError struct {
@@ -45,15 +50,16 @@ func listSubKeys(ctx context.Context, key registry.Key, path string) ([]string,
 	return r, nil
 }
 
+func getWindowsVersion() model.Component {
+	return model.Component{
+		CompName:    "Windows",
+		CompVersion: fmt.Sprintf("%d.%d.%d", windows.RtlGetVersion().MajorVersion, windows.RtlGetVersion().MinorVersion, windows.RtlGetVersion().BuildNumber),
+	}
+}
+
 func listInstalledSoftwareWindows(ctx context.Context) ([]model.DependencyItem, error) {
 	var rKeys = []registry.Key{registry.CURRENT_USER, registry.LOCAL_MACHINE}
 	var r []model.DependencyItem
-	r = append(r, model.DependencyItem{
-		Component: model.Component{
-			CompName:    "Windows",
-			CompVersion: fmt.Sprintf("%d.%d.%d", windows.RtlGetVersion().MajorVersion, windows.RtlGetVersion().MinorVersion, windows.RtlGetVersion().BuildNumber),
-		},
-	})
 	for _, rKey := range rKeys {
 		paths, e := listSubKeys(ctx, rKey, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall")
 		if e != nil {
@@ -80,3 +86,13 @@ func listInstalledSoftwareWindows(ctx context.Context) ([]model.DependencyItem,
 	}
 	return r, nil
 }
+
+func listPendingPatch(ctx context.Context) []string {
+	var logger = logctx.Use(ctx).Sugar()
+	data, e := exec.CommandContext(ctx, "wmic", "qfe", "get", "HotFixID").Output()
+	if e != nil {
+		logger.Warnf("wmic qfe get HotFixID failed: %s", e)
+	}
+	var isKB = func(s string) bool { return strings.HasPrefix(s, "KB") }
+	return fp.Pipe2(fp.Map(strings.TrimSpace), fp.Filter(isKB))(strings.Split(string(data), "\n"))
+}
diff --git a/model/module.go b/model/module.go
@@ -12,6 +12,7 @@ type Module struct {
 	MD5Hashes      []MD5Hash        `json:"md5_hashes,omitempty"` // MD5哈希列表
 	SHA1Hashes     []SHA1Hash       `json:"sha1_hashes,omitempty"`
 	SHA256Hashes   []SHA256Hash     `json:"sha256_hashes,omitempty"` // SHA256哈希列表
+	Patches        []string         `json:"patches,omitempty"`
 }
 
 func (m Module) String() string {

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@ type Module struct {`
`12`	`12`	MD5Hashes []MD5Hash `json:"md5_hashes,omitempty"` // MD5哈希列表
`13`	`13`	SHA1Hashes []SHA1Hash `json:"sha1_hashes,omitempty"`
`14`	`14`	SHA256Hashes []SHA256Hash `json:"sha256_hashes,omitempty"` // SHA256哈希列表
	`15`	+ Patches []string `json:"patches,omitempty"`
`15`	`16`	`}`
`16`	`17`
`17`	`18`	`func (m Module) String() string {`