✨ support querypack execution (#944)

* ✨ support querypack execution

Requires: mondoohq/cnquery#2545 + updated
`go.mod`.

```bash
cnspec scan -f ../cnquery/examples/os.mql.yaml
```

... now works as advertised:

```bash
Data queries:
services.where.list: [
  0: service name="sshd" running=false enabled=false type="systemd"
  1: service name="sshdgenkeys" running=false enabled=false type="systemd"
]
packages.where.list: [
  0: package name="lib32-libssh2" version="1.11.0-1"
  1: package name="libssh" version="0.10.5-1"
  2: package name="libssh2" version="1.11.0-1"
  3: package name="openssh" version="9.5p1-1"
  4: package name="sshfs" version="3.7.3-1"
]
...
```

Signed-off-by: Dominik Richter <[email protected]>

* go.mod bump.

---------

Signed-off-by: Dominik Richter <[email protected]>
Co-authored-by: Preslav <[email protected]>

apps/cnspec/cmd/scan.go

@@ -324,6 +324,8 @@ func (c *scanConfig) loadPolicies() error {
 			return err
 		}
 
+		bundle.ConvertQuerypacks()
+
 		_, err = bundle.CompileExt(context.Background(), policy.BundleCompileConf{
 			Schema: c.runtime.Schema(),
 			// We don't care about failing queries for local runs. We may only

go.mod

@@ -6,7 +6,7 @@ go 1.21
 
 toolchain go1.21.3
 
-require go.mondoo.com/cnquery/v9 v9.6.1
+require go.mondoo.com/cnquery/v9 v9.6.2-0.20231109164815-e81f9d5724ee
 
 require (
 	github.com/Masterminds/semver v1.5.0

go.sum

@@ -939,14 +939,8 @@ go-simpler.org/assert v0.6.0 h1:QxSrXa4oRuo/1eHMXSBFHKvJIpWABayzKldqZyugG7E=
 go-simpler.org/assert v0.6.0/go.mod h1:74Eqh5eI6vCK6Y5l3PI8ZYFXG4Sa+tkr70OIPJAUr28=
 go-simpler.org/sloglint v0.2.0 h1:XpOhA+7BCQJnl7KlDLmnFUFTSrl989ZmaVPSWWCWEtc=
 go-simpler.org/sloglint v0.2.0/go.mod h1:/RQr0TeTf89IyRjLJ9ogUbIp1Zs5zJJAj02pwQoDQdg=
-go.mondoo.com/cnquery/v9 v9.5.2 h1:zoe5JM288rET0ZOT8bwTR9h87w94qLf7q8NwAsYm12U=
-go.mondoo.com/cnquery/v9 v9.5.2/go.mod h1:msoStMJwKnXJsBuA13ecw7jppR2SjmAaDCH7Lnd1u/w=
-go.mondoo.com/cnquery/v9 v9.5.3 h1:qS3msdIXJ5417bcqgpgklYZJ3J9dpZWv5Zrq0M4nXDk=
-go.mondoo.com/cnquery/v9 v9.5.3/go.mod h1:msoStMJwKnXJsBuA13ecw7jppR2SjmAaDCH7Lnd1u/w=
-go.mondoo.com/cnquery/v9 v9.6.0 h1:X6sodwk/92GlXScPJwWwDLgLn2RAPv/DAJQVb4KtAmE=
-go.mondoo.com/cnquery/v9 v9.6.0/go.mod h1:msoStMJwKnXJsBuA13ecw7jppR2SjmAaDCH7Lnd1u/w=
-go.mondoo.com/cnquery/v9 v9.6.1 h1:1LXig8dvPXxYvVgny3QJibU5ZXgAzS5j1cADEIffLBQ=
-go.mondoo.com/cnquery/v9 v9.6.1/go.mod h1:msoStMJwKnXJsBuA13ecw7jppR2SjmAaDCH7Lnd1u/w=
+go.mondoo.com/cnquery/v9 v9.6.2-0.20231109164815-e81f9d5724ee h1:vTnq9XlzPhXin/OcdUWe7y2qKKa9ZRa6J5c3xk3/YOk=
+go.mondoo.com/cnquery/v9 v9.6.2-0.20231109164815-e81f9d5724ee/go.mod h1:msoStMJwKnXJsBuA13ecw7jppR2SjmAaDCH7Lnd1u/w=
 go.mondoo.com/ranger-rpc v0.5.2 h1:UrcVtMIinzfWsuSzZKibbMqcGZSARInKJi0Xs2AxXeU=
 go.mondoo.com/ranger-rpc v0.5.2/go.mod h1:y5qqdFhOnSLKnAo8lXC0FKZoKLUYgLENvneww+q+7ws=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

policy/bundle.go

@@ -148,13 +148,15 @@ func aggregateBundles(a *Bundle, b *Bundle) *Bundle {
 
 	// merge in a
 	res.Policies = append(res.Policies, a.Policies...)
+	res.Packs = append(res.Packs, a.Packs...)
 	res.Props = append(res.Props, a.Props...)
 	res.Queries = append(res.Queries, a.Queries...)
 	res.Frameworks = append(res.Frameworks, a.Frameworks...)
 	res.FrameworkMaps = append(res.FrameworkMaps, a.FrameworkMaps...)
 
 	// merge in b
 	res.Policies = append(res.Policies, b.Policies...)
+	res.Packs = append(res.Packs, b.Packs...)
 	res.Props = append(res.Props, b.Props...)
 	res.Queries = append(res.Queries, b.Queries...)
 	res.Frameworks = append(res.Frameworks, b.Frameworks...)
@@ -181,6 +183,10 @@ func (p *Bundle) ConvertQuerypacks() {
 	for i := range p.Packs {
 		pack := p.Packs[i]
 
+		// Remove this once we reach v10 vv
+		pack.DeprecatedV9_ensureUIDs()
+		// ^^
+
 		policy := Policy{
 			Mrn:      pack.Mrn,
 			Uid:      pack.Uid,