✨ Add InstallLocation to files for Windows packages (#5770)

```
  6: {
    purl: "pkg:windows/windows/Microsoft%20Edge@138.0.3351.65?arch=AMD64"
    files: [
      0: pkgFileInfo path="C:\\Program Files (x86)\\Microsoft\\Edge\\Application"
    ]
  }
```

Signed-off-by: Christian Zunker <christian@mondoo.com>

Author: czunker

providers/os/resources/packages/testdata/windows_2019.toml

@@ -1,5 +1,5 @@
 # Packages
-[commands."powershell -c \"Get-AppxPackage -AllUsers | Select Name, PackageFullName, Architecture, Version, Publisher  | ConvertTo-Json\""]
+[commands."powershell -c \"Get-AppxPackage -AllUsers | Select Name, PackageFullName, Architecture, Version, Publisher, InstallLocation | ConvertTo-Json\""]
 stdout="""
 [
     {
@@ -197,6 +197,14 @@ stdout="""
         "Architecture":  11,
         "Version":  "6.2.1.0",
         "Publisher":  "CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
+    },
+    {
+        "Name":  "Microsoft.MicrosoftEdge.Stable",
+        "PackageFullName":  "Microsoft.MicrosoftEdge.Stable_112.0.1722.39_neutral__8wekyb3d8bbwe",
+        "Architecture":  11,
+        "Version":  "112.0.1722.39",
+        "InstallLocation":  "C:\\\\Program Files\\\\WindowsApps\\\\Microsoft.MicrosoftEdge.Stable_112.0.1722.39_neutral__8wekyb3d8bbwe",
+        "Publisher":  "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
     }
 ]
 """

providers/os/resources/packages/windows_packages.go

@@ -101,20 +101,21 @@ Get-ItemProperty (@(
   'HKLM:\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*',
   'HKCU:\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\*'
 ) | Where-Object { Test-Path $_ }) |
-Select-Object -Property DisplayName,DisplayVersion,Publisher,EstimatedSize,InstallSource,UninstallString | ConvertTo-Json -Compress
+Select-Object -Property DisplayName,DisplayVersion,Publisher,EstimatedSize,InstallSource,UninstallString,InstallLocation | ConvertTo-Json -Compress
 `
 
 var (
 	WINDOWS_QUERY_HOTFIXES      = `Get-HotFix | Select-Object -Property Status, Description, HotFixId, Caption, InstalledOn, InstalledBy | ConvertTo-Json`
-	WINDOWS_QUERY_APPX_PACKAGES = `Get-AppxPackage -AllUsers | Select Name, PackageFullName, Architecture, Version, Publisher  | ConvertTo-Json`
+	WINDOWS_QUERY_APPX_PACKAGES = `Get-AppxPackage -AllUsers | Select Name, PackageFullName, Architecture, Version, Publisher, InstallLocation | ConvertTo-Json`
 )
 
 type winAppxPackages struct {
-	Name         string `json:"Name"`
-	FullName     string `json:"PackageFullName"`
-	Architecture int    `json:"Architecture"`
-	Version      string `json:"Version"`
-	Publisher    string `json:"Publisher"`
+	Name            string `json:"Name"`
+	FullName        string `json:"PackageFullName"`
+	Architecture    int    `json:"Architecture"`
+	Version         string `json:"Version"`
+	Publisher       string `json:"Publisher"`
+	InstallLocation string `json:"InstallLocation"`
 	// can directly set it to the architecture string, the pwsh script returns it as int (Architecture)
 	arch string `json:"-"`
 }
@@ -137,6 +138,14 @@ func (p winAppxPackages) toPackage(platform *inventory.Platform) Package {
 		Vendor:  p.Publisher,
 		PUrl:    purl.NewPackageURL(platform, purl.TypeAppx, p.Name, p.Version).String(),
 	}
+	if p.InstallLocation != "" {
+		pkg.Files = []FileRecord{
+			{
+				Path: p.InstallLocation,
+			},
+		}
+		pkg.FilesAvailable = PkgFilesIncluded
+	}
 
 	if p.Version != "" {
 		cpeWfns, err := cpe.NewPackage2Cpe(p.Publisher, p.Name, p.Version, "", "")
@@ -452,6 +461,7 @@ func getPackageFromRegistryKeyItems(children []registry.RegistryKeyItem, platfor
 	var displayName string
 	var displayVersion string
 	var publisher string
+	var installLocation string
 
 	for _, i := range children {
 		switch i.Key {
@@ -463,6 +473,8 @@ func getPackageFromRegistryKeyItems(children []registry.RegistryKeyItem, platfor
 			displayVersion = i.Value.String
 		case "Publisher":
 			publisher = i.Value.String
+		case "InstallLocation":
+			installLocation = i.Value.String
 		}
 	}
 
@@ -488,6 +500,14 @@ func getPackageFromRegistryKeyItems(children []registry.RegistryKeyItem, platfor
 			platform, purl.TypeWindows, displayName, displayVersion,
 		).String(),
 	}
+	if installLocation != "" {
+		pkg.Files = []FileRecord{
+			{
+				Path: installLocation,
+			},
+		}
+		pkg.FilesAvailable = PkgFilesIncluded
+	}
 
 	if displayVersion != "" {
 		cpeWfns, err := cpe.NewPackage2Cpe(publisher, displayName, displayVersion, "", "")
@@ -561,6 +581,7 @@ func ParseWindowsAppPackages(platform *inventory.Platform, input io.Reader) ([]P
 		InstallSource   string `json:"InstallSource"`
 		EstimatedSize   int    `json:"EstimatedSize"`
 		UninstallString string `json:"UninstallString"`
+		InstallLocation string `json:"InstallLocation"`
 	}
 
 	var entries []powershellUninstallEntry
@@ -594,7 +615,7 @@ func ParseWindowsAppPackages(platform *inventory.Platform, input io.Reader) ([]P
 		} else {
 			log.Debug().Msg("ignored package since information is missing")
 		}
-		pkgs = append(pkgs, Package{
+		pkg := Package{
 			Name:    entry.DisplayName,
 			Version: entry.DisplayVersion,
 			Format:  "windows/app",
@@ -604,7 +625,15 @@ func ParseWindowsAppPackages(platform *inventory.Platform, input io.Reader) ([]P
 			PUrl: purl.NewPackageURL(
 				platform, purl.TypeWindows, entry.DisplayName, entry.DisplayVersion,
 			).String(),
-		})
+		}
+		if entry.InstallLocation != "" {
+			pkg.Files = []FileRecord{
+				{
+					Path: entry.InstallLocation,
+				},
+			}
+		}
+		pkgs = append(pkgs, pkg)
 	}
 
 	return pkgs, nil

providers/os/resources/packages/windows_packages_test.go

@@ -76,8 +76,8 @@ func TestWindowsAppxPackagesParser(t *testing.T) {
 	}
 
 	pkgs, err := ParseWindowsAppxPackages(pf, c.Stdout)
-	assert.Nil(t, err)
-	assert.Equal(t, 28, len(pkgs), "detected the right amount of packages")
+	require.NoError(t, err)
+	require.Equal(t, 29, len(pkgs), "detected the right amount of packages")
 
 	p := findPkg(pkgs, "Microsoft.Windows.Cortana")
 	assert.Equal(t, Package{
@@ -94,6 +94,27 @@ func TestWindowsAppxPackagesParser(t *testing.T) {
 		Vendor: "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US",
 	}, p)
 
+	p = findPkg(pkgs, "Microsoft.MicrosoftEdge.Stable")
+	assert.Equal(t, Package{
+		Name:    "Microsoft.MicrosoftEdge.Stable",
+		Version: "112.0.1722.39",
+		Arch:    "neutral",
+		Format:  "windows/appx",
+		PUrl:    "pkg:appx/windows/Microsoft.MicrosoftEdge.Stable@112.0.1722.39?arch=x86",
+		// TODO: this is a bug in the CPE generation, we need to extract the publisher from the package
+		CPEs: []string{
+			"cpe:2.3:a:cn\\=microsoft_corporation\\,_o\\=microsoft_corporation\\,_l\\=redmond\\,_s\\=washington\\,_c\\=us:microsoft.microsoftedge.stable:112.0.1722.39:*:*:*:*:*:*:*",
+			"cpe:2.3:a:cn\\=microsoft_corporation\\,_o\\=microsoft_corporation\\,_l\\=redmond\\,_s\\=washington\\,_c\\=us:microsoft.microsoftedge.stable:112.0.1722:*:*:*:*:*:*:*",
+		},
+		Vendor: "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US",
+		Files: []FileRecord{
+			{
+				Path: "C:\\Program Files\\WindowsApps\\Microsoft.MicrosoftEdge.Stable_112.0.1722.39_neutral__8wekyb3d8bbwe",
+			},
+		},
+		FilesAvailable: PkgFilesIncluded,
+	}, p)
+
 	// check empty return
 	pkgs, err = ParseWindowsAppxPackages(pf, strings.NewReader(""))
 	assert.Nil(t, err)