go.mondoo.com/cnquery@v0.0.0-20231005093811-59568235f6ea/providers/os/resources/secpol.go (about) 1 // Copyright (c) Mondoo, Inc. 2 // SPDX-License-Identifier: BUSL-1.1 3 4 package resources 5 6 import ( 7 "fmt" 8 "strings" 9 10 "go.mondoo.com/cnquery/llx" 11 "go.mondoo.com/cnquery/providers/os/resources/powershell" 12 "go.mondoo.com/cnquery/providers/os/resources/windows" 13 ) 14 15 type mqlSecpolInternal struct { 16 _policy *windows.Secpol 17 } 18 19 func (s *mqlSecpol) policy() (*windows.Secpol, error) { 20 if s._policy != nil { 21 return s._policy, nil 22 } 23 24 encoded := powershell.Encode(windows.SecpolScript) 25 26 o, err := CreateResource(s.MqlRuntime, "command", map[string]*llx.RawData{ 27 "command": llx.StringData(encoded), 28 }) 29 if err != nil { 30 return nil, err 31 } 32 33 cmd := o.(*mqlCommand) 34 out := cmd.GetStdout() 35 if out.Error != nil { 36 return nil, fmt.Errorf("could not run auditpol: " + out.Error.Error()) 37 } 38 39 policy, err := windows.ParseSecpol(strings.NewReader(out.Data)) 40 if err != nil { 41 return nil, err 42 } 43 s._policy = policy 44 45 return policy, nil 46 } 47 48 func (s *mqlSecpol) systemaccess() (map[string]interface{}, error) { 49 policy, err := s.policy() 50 if err != nil { 51 return nil, err 52 } 53 return policy.SystemAccess, nil 54 } 55 56 func (s *mqlSecpol) eventaudit() (map[string]interface{}, error) { 57 policy, err := s.policy() 58 if err != nil { 59 return nil, err 60 } 61 return policy.EventAudit, nil 62 } 63 64 func (s *mqlSecpol) registryvalues() (map[string]interface{}, error) { 65 policy, err := s.policy() 66 if err != nil { 67 return nil, err 68 } 69 return policy.RegistryValues, nil 70 } 71 72 func (s *mqlSecpol) privilegerights() (map[string]interface{}, error) { 73 policy, err := s.policy() 74 if err != nil { 75 return nil, err 76 } 77 return policy.PrivilegeRights, nil 78 }