fix #5737: Add FileVersionRaw column to file table for windows

osquery/filesystem/fileops.h

@@ -91,6 +91,7 @@ typedef struct win_stat {
   std::string attributes;
   std::string volume_serial;
   std::string product_version;
+  std::string file_version;
 
 } WINDOWS_STAT;
 
@@ -191,14 +192,14 @@ Status windowsShortPathToLongPath(const std::string& shortPath,
                                   std::string& rLongPath);
 
 /*
- * @brief Get the product version associated with a file
+ * @brief Get the product and file version associated with a file
  *
  * @param path: Full path to the file
- * @param rVersion: String representing the product version, e.g. "16.0.8201.0"
- *
+ * @param product_version: String representing the product version, e.g. "16.0.8201.0"
+ * @param file_version: String representing the file version
  * @return Success if the version could be retrieved, otherwise failure
  */
-Status windowsGetFileVersion(const std::string& path, std::string& rVersion);
+Status windowsGetVersionInfo(const std::string& path, std::string& product_version, std::string& file_version);
 #endif
 
 /**

osquery/filesystem/windows/fileops.cpp

@@ -115,7 +115,7 @@ Status windowsShortPathToLongPath(const std::string& shortPath,
   return Status::success();
 }
 
-Status windowsGetFileVersion(const std::string& path, std::string& rVersion) {
+Status windowsGetVersionInfo(const std::string& path, std::string& product_version, std::string& file_version) {
   DWORD handle = 0;
   auto verSize = GetFileVersionInfoSize(path.c_str(), &handle);
   auto verInfo = std::make_unique<BYTE[]>(verSize);
@@ -133,11 +133,16 @@ Status windowsGetFileVersion(const std::string& path, std::string& rVersion) {
   if (err == 0) {
     return Status(GetLastError(), "Failed to query version value");
   }
-  rVersion =
+  product_version =
       std::to_string((pFileInfo->dwProductVersionMS >> 16 & 0xffff)) + "." +
       std::to_string((pFileInfo->dwProductVersionMS >> 0 & 0xffff)) + "." +
       std::to_string((pFileInfo->dwProductVersionLS >> 16 & 0xffff)) + "." +
       std::to_string((pFileInfo->dwProductVersionLS >> 0 & 0xffff));
+  file_version =
+      std::to_string((pFileInfo->dwFileVersionMS >> 16 & 0xffff)) + "." +
+      std::to_string((pFileInfo->dwFileVersionMS >> 0 & 0xffff)) + "." +
+      std::to_string((pFileInfo->dwFileVersionLS >> 16 & 0xffff)) + "." +
+      std::to_string((pFileInfo->dwFileVersionLS >> 0 & 0xffff));
   return Status::success();
 }
 
@@ -1830,7 +1835,7 @@ Status platformStat(const fs::path& path, WINDOWS_STAT* wfile_stat) {
   (!ret) ? wfile_stat->ctime = -1
          : wfile_stat->ctime = longIntToUnixtime(basic_info.ChangeTime);
 
-  windowsGetFileVersion(path.string(), wfile_stat->product_version);
+  windowsGetVersionInfo(path.string(), wfile_stat->product_version, wfile_stat->file_version);
 
   CloseHandle(file_handle);
 

osquery/tables/system/windows/ie_extensions.cpp

@@ -76,10 +76,10 @@ static inline Status getBHOs(QueryData& results) {
         r["path"] = std::move(fullPath);
       }
 
-      std::string version;
-      ret = windowsGetFileVersion(exec, version);
+      std::string productVersion, fileVersion;
+      ret = windowsGetVersionInfo(exec, productVersion, fileVersion);
       if (ret.ok()) {
-        r["version"] = std::move(version);
+        r["version"] = std::move(productVersion);
       }
 
       r["registry_path"] = res.at("path");

osquery/tables/utility/file.cpp

@@ -125,6 +125,7 @@ void genFileInfo(const fs::path& path,
   r["file_id"] = TEXT(file_stat.file_id);
   r["volume_serial"] = TEXT(file_stat.volume_serial);
   r["product_version"] = TEXT(file_stat.product_version);
+  r["file_version"] = TEXT(file_stat.file_version);
 
 #endif
 

tests/integration/tables/file.cpp

@@ -71,6 +71,7 @@ TEST_F(FileTests, test_sanity) {
   row_map["volume_serial"] = NormalType;
   row_map["file_id"] = NormalType;
   row_map["product_version"] = NormalType;
+  row_map["file_version"] = NormalType;
 #endif
 
   validate_rows(data, row_map);