test: drop custom sys package and use stdlib x/sys (#40984)

* feat: drop custom sys package and use stdlib x/sys

drop custom fork of x/sys and use upstream package
regenerate notice

copy over custom methods

* lint: fix linting issues

NOTICE.txt

@@ -3017,43 +3017,6 @@ Contents of probable licence file $GOMODCACHE/github.com/aerospike/aerospike-cli
    limitations under the License.
 
 
---------------------------------------------------------------------------------
-Dependency : github.com/andrewkroh/sys
-Version: v0.0.0-20151128191922-287798fe3e43
-Licence type (autodetected): BSD-3-Clause
---------------------------------------------------------------------------------
-
-Contents of probable licence file $GOMODCACHE/github.com/andrewkroh/[email protected]/LICENSE:
-
-Copyright (c) 2009 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
-
 --------------------------------------------------------------------------------
 Dependency : github.com/apache/arrow/go/v14
 Version: v14.0.2

go.mod

@@ -24,7 +24,6 @@ require (
 	github.com/StackExchange/wmi v1.2.1
 	github.com/aerospike/aerospike-client-go v1.27.1-0.20170612174108-0f3b54da6bdc
 	github.com/akavel/rsrc v0.8.0 // indirect
-	github.com/andrewkroh/sys v0.0.0-20151128191922-287798fe3e43
 	github.com/apoydence/eachers v0.0.0-20181020210610-23942921fe77 // indirect
 	github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5
 	github.com/aws/aws-lambda-go v1.44.0

go.sum

@@ -251,8 +251,6 @@ github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3Uu
 github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4=
 github.com/andrewkroh/goja v0.0.0-20190128172624-dd2ac4456e20 h1:7rj9qZ63knnVo2ZeepYHvHuRdG76f3tRUTdIQDzRBeI=
 github.com/andrewkroh/goja v0.0.0-20190128172624-dd2ac4456e20/go.mod h1:cI59GRkC2FRaFYtgbYEqMlgnnfvAwXzjojyZKXwklNg=
-github.com/andrewkroh/sys v0.0.0-20151128191922-287798fe3e43 h1:WFwa9pqou0Nb4DdfBOyaBTH0GqLE74Qwdf61E7ITHwQ=
-github.com/andrewkroh/sys v0.0.0-20151128191922-287798fe3e43/go.mod h1:tJPYQG4mnMeUtQvQKNkbsFrnmZOg59Qnf8CcctFv5v4=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
 github.com/andybalholm/brotli v1.0.5 h1:8uQZIdzKmjc/iuPu7O2ioW48L81FgatrcpfFmiq/cCs=

winlogbeat/eventlog/bench_test.go

@@ -27,8 +27,6 @@ import (
 	"strconv"
 	"testing"
 
-	"golang.org/x/sys/windows/svc/eventlog"
-
 	"github.com/elastic/elastic-agent-libs/mapstr"
 )
 
@@ -57,7 +55,7 @@ func TestBenchmarkRead(t *testing.T) {
 
 	// Publish test messages:
 	for i := 0; i < *injectAmount; i++ {
-		safeWriteEvent(t, writer, eventlog.Info, uint32(rand.Int63()%1000), []string{strconv.Itoa(i) + " " + randomSentence(256)})
+		safeWriteEvent(t, writer, uint32(rand.Int63()%1000), strconv.Itoa(i)+" "+randomSentence(256))
 	}
 
 	for _, api := range []string{winEventLogAPIName, winEventLogExpAPIName} {

winlogbeat/eventlog/wineventlog_test.go

@@ -20,6 +20,7 @@
 package eventlog
 
 import (
+	"fmt"
 	"io"
 	"os/exec"
 	"path/filepath"
@@ -28,9 +29,10 @@ import (
 	"testing"
 	"time"
 
-	"github.com/andrewkroh/sys/windows/svc/eventlog"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"golang.org/x/sys/windows/registry"
+	"golang.org/x/sys/windows/svc/eventlog"
 
 	"github.com/elastic/beats/v7/winlogbeat/checkpoint"
 	"github.com/elastic/beats/v7/winlogbeat/sys/wineventlog"
@@ -182,7 +184,7 @@ func testWindowsEventLog(t *testing.T, api string) {
 	const messageSize = 256 // Originally 31800, such a large value resulted in an empty eventlog under Win10.
 	const totalEvents = 1000
 	for i := 0; i < totalEvents; i++ {
-		safeWriteEvent(t, writer, eventlog.Info, uint32(i%1000)+1, []string{strconv.Itoa(i) + " " + randomSentence(messageSize)})
+		safeWriteEvent(t, writer, uint32(i%1000)+1, strconv.Itoa(i)+" "+randomSentence(messageSize))
 	}
 
 	openLog := func(t testing.TB, config map[string]interface{}) EventLog {
@@ -339,7 +341,7 @@ func createLog(t testing.TB, messageFiles ...string) (log *eventlog.Log, tearDow
 		messageFile = strings.Join(messageFiles, ";")
 	}
 
-	existed, err := eventlog.Install(name, source, messageFile, true, eventlog.Error|eventlog.Warning|eventlog.Info)
+	existed, err := install(name, source, messageFile, eventlog.Error|eventlog.Warning|eventlog.Info)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -351,26 +353,26 @@ func createLog(t testing.TB, messageFiles ...string) (log *eventlog.Log, tearDow
 	log, err = eventlog.Open(source)
 	//nolint:errcheck // This is just a resource release.
 	if err != nil {
-		eventlog.RemoveSource(name, source)
-		eventlog.RemoveProvider(name)
+		removeSource(name, source)
+		removeProvider(name)
 		t.Fatal(err)
 	}
 
 	//nolint:errcheck // This is just a resource release.
 	tearDown = func() {
 		log.Close()
 		wineventlog.EvtClearLog(wineventlog.NilHandle, name, "")
-		eventlog.RemoveSource(name, source)
-		eventlog.RemoveProvider(name)
+		removeSource(name, source)
+		removeProvider(name)
 	}
 
 	return log, tearDown
 }
 
-func safeWriteEvent(t testing.TB, log *eventlog.Log, etype uint16, eid uint32, msgs []string) {
+func safeWriteEvent(t testing.TB, log *eventlog.Log, eid uint32, msg string) {
 	deadline := time.Now().Add(time.Second * 10)
 	for {
-		err := log.Report(etype, eid, msgs)
+		err := log.Info(eid, msg)
 		if err == nil {
 			return
 		}
@@ -420,3 +422,71 @@ func openLog(t testing.TB, api string, state *checkpoint.EventLogState, config m
 
 	return log
 }
+
+const Application = "Application"
+
+const eventLogKeyName = `SYSTEM\CurrentControlSet\Services\EventLog`
+
+// removeSource deletes all registry elements installed for an event logging source.
+func removeSource(provider, src string) error {
+	providerKeyName := fmt.Sprintf("%s\\%s", eventLogKeyName, provider)
+	pk, err := registry.OpenKey(registry.LOCAL_MACHINE, providerKeyName, registry.SET_VALUE)
+	if err != nil {
+		return err
+	}
+	defer pk.Close()
+	return registry.DeleteKey(pk, src)
+}
+
+// removeProvider deletes all registry elements installed for an event logging provider.
+// Only use this method if you have installed a custom provider.
+func removeProvider(provider string) error {
+	// Protect against removing Application.
+	if provider == Application {
+		return fmt.Errorf("%s cannot be removed. Only custom providers can be removed.", provider)
+	}
+
+	eventLogKey, err := registry.OpenKey(registry.LOCAL_MACHINE, eventLogKeyName, registry.SET_VALUE)
+	if err != nil {
+		return err
+	}
+	defer eventLogKey.Close()
+	return registry.DeleteKey(eventLogKey, provider)
+}
+
+func install(provider, src, msgFile string, eventsSupported uint32) (bool, error) {
+	eventLogKey, err := registry.OpenKey(registry.LOCAL_MACHINE, eventLogKeyName, registry.CREATE_SUB_KEY)
+	if err != nil {
+		return false, err
+	}
+	defer eventLogKey.Close()
+
+	pk, _, err := registry.CreateKey(eventLogKey, provider, registry.SET_VALUE)
+	if err != nil {
+		return false, err
+	}
+	defer pk.Close()
+
+	sk, alreadyExist, err := registry.CreateKey(pk, src, registry.SET_VALUE)
+	if err != nil {
+		return false, err
+	}
+	defer sk.Close()
+	if alreadyExist {
+		return true, nil
+	}
+
+	err = sk.SetDWordValue("CustomSource", 1)
+	if err != nil {
+		return false, err
+	}
+	err = sk.SetExpandStringValue("EventMessageFile", msgFile)
+	if err != nil {
+		return false, err
+	}
+	err = sk.SetDWordValue("TypesSupported", eventsSupported)
+	if err != nil {
+		return false, err
+	}
+	return false, nil
+}

winlogbeat/sys/wineventlog/iterator_test.go

@@ -23,7 +23,6 @@ import (
 	"strconv"
 	"testing"
 
-	"github.com/andrewkroh/sys/windows/svc/eventlog"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/sys/windows"
 
@@ -38,7 +37,7 @@ func TestEventIterator(t *testing.T) {
 
 	const eventCount = 1500
 	for i := 0; i < eventCount; i++ {
-		safeWriteEvent(t, writer, eventlog.Info, 1, []string{"Test message " + strconv.Itoa(i+1)})
+		safeWriteEvent(t, writer, 1, "Test message "+strconv.Itoa(i+1))
 	}
 
 	// Validate the assumption that 1024 is the max number of handles supported

winlogbeat/sys/wineventlog/renderer_test.go

@@ -30,8 +30,6 @@ import (
 	"text/template"
 	"time"
 
-	"github.com/andrewkroh/sys/windows/svc/eventlog"
-
 	"github.com/stretchr/testify/assert"
 
 	"github.com/elastic/beats/v7/libbeat/common/atomic"
@@ -208,9 +206,9 @@ func BenchmarkRenderer(b *testing.B) {
 	defer teardown()
 
 	const totalEvents = 1000000
-	msg := []string{strings.Repeat("Hello world! ", 21)}
+	msg := strings.Repeat("Hello world! ", 21)
 	for i := 0; i < totalEvents; i++ {
-		safeWriteEvent(b, writer, eventlog.Info, 10, msg)
+		safeWriteEvent(b, writer, 10, msg)
 	}
 
 	setup := func() (*EventIterator, *Renderer) {

winlogbeat/sys/wineventlog/util_test.go

@@ -21,15 +21,17 @@ package wineventlog
 
 import (
 	"encoding/json"
+	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 	"time"
 
-	"github.com/andrewkroh/sys/windows/svc/eventlog"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/sys/windows"
+	"golang.org/x/sys/windows/registry"
+	"golang.org/x/sys/windows/svc/eventlog"
 )
 
 const (
@@ -49,7 +51,7 @@ func createLog(t testing.TB) (log *eventlog.Log, tearDown func()) {
 	const name = winlogbeatTestLogName
 	const source = "wineventlog_test"
 
-	existed, err := eventlog.InstallAsEventCreate(name, source, eventlog.Error|eventlog.Warning|eventlog.Info)
+	existed, err := installAsEventCreate(name, source, eventlog.Error|eventlog.Warning|eventlog.Info)
 	if err != nil {
 		t.Fatalf("eventlog.InstallAsEventCreate failed: %v", err)
 	}
@@ -60,8 +62,8 @@ func createLog(t testing.TB) (log *eventlog.Log, tearDown func()) {
 
 	log, err = eventlog.Open(source)
 	if err != nil {
-		eventlog.RemoveSource(name, source)
-		eventlog.RemoveProvider(name)
+		removeSource(name, source)
+		removeProvider(name)
 		t.Fatalf("eventlog.Open failed: %v", err)
 	}
 
@@ -70,18 +72,18 @@ func createLog(t testing.TB) (log *eventlog.Log, tearDown func()) {
 	tearDown = func() {
 		log.Close()
 		EvtClearLog(NilHandle, name, "")
-		eventlog.RemoveSource(name, source)
-		eventlog.RemoveProvider(name)
+		removeSource(name, source)
+		removeProvider(name)
 	}
 
 	return log, tearDown
 }
 
-func safeWriteEvent(t testing.TB, log *eventlog.Log, etype uint16, eid uint32, msgs []string) {
+func safeWriteEvent(t testing.TB, log *eventlog.Log, eid uint32, msg string) {
 	t.Helper()
 	deadline := time.Now().Add(time.Second * 10)
 	for {
-		err := log.Report(etype, eid, msgs)
+		err := log.Info(eid, msg)
 		if err == nil {
 			return
 		}
@@ -173,3 +175,71 @@ func assertEqualIgnoreCase(t *testing.T, expected, actual string) {
 		strings.ToLower(actual),
 	)
 }
+
+const Application = "Application"
+
+const eventLogKeyName = `SYSTEM\CurrentControlSet\Services\EventLog`
+
+// removeSource deletes all registry elements installed for an event logging source.
+func removeSource(provider, src string) error {
+	providerKeyName := fmt.Sprintf("%s\\%s", eventLogKeyName, provider)
+	pk, err := registry.OpenKey(registry.LOCAL_MACHINE, providerKeyName, registry.SET_VALUE)
+	if err != nil {
+		return err
+	}
+	defer pk.Close()
+	return registry.DeleteKey(pk, src)
+}
+
+// removeProvider deletes all registry elements installed for an event logging provider.
+// Only use this method if you have installed a custom provider.
+func removeProvider(provider string) error {
+	// Protect against removing Application.
+	if provider == Application {
+		return fmt.Errorf("%s cannot be removed. Only custom providers can be removed.", provider)
+	}
+
+	eventLogKey, err := registry.OpenKey(registry.LOCAL_MACHINE, eventLogKeyName, registry.SET_VALUE)
+	if err != nil {
+		return err
+	}
+	defer eventLogKey.Close()
+	return registry.DeleteKey(eventLogKey, provider)
+}
+
+func installAsEventCreate(provider, src string, eventsSupported uint32) (bool, error) {
+	eventLogKey, err := registry.OpenKey(registry.LOCAL_MACHINE, eventLogKeyName, registry.CREATE_SUB_KEY)
+	if err != nil {
+		return false, err
+	}
+	defer eventLogKey.Close()
+
+	pk, _, err := registry.CreateKey(eventLogKey, provider, registry.SET_VALUE)
+	if err != nil {
+		return false, err
+	}
+	defer pk.Close()
+
+	sk, alreadyExist, err := registry.CreateKey(pk, src, registry.SET_VALUE)
+	if err != nil {
+		return false, err
+	}
+	defer sk.Close()
+	if alreadyExist {
+		return true, nil
+	}
+
+	err = sk.SetDWordValue("CustomSource", 1)
+	if err != nil {
+		return false, err
+	}
+	err = sk.SetExpandStringValue("EventMessageFile", "%SystemRoot%\\System32\\EventCreate.exe")
+	if err != nil {
+		return false, err
+	}
+	err = sk.SetDWordValue("TypesSupported", eventsSupported)
+	if err != nil {
+		return false, err
+	}
+	return false, nil
+}