Add visual studio extensions to software inventory (#17501)

#17003

- [X] Changes file added for user-visible changes in `changes/` or
`orbit/changes/`.
See [Changes
files](https://fleetdm.com/docs/contributing/committing-changes#changes-files)
for more information.
- [X] Added support on fleet's osquery simulator `cmd/osquery-perf` for
new osquery data ingestion features.
- [x] Added/updated tests
- [X] Manual QA for all new/changed functionality

changes/17003-ingest-vscode_extensions

@@ -0,0 +1 @@
+* Visual Studio extensions added to Fleet's software inventory.

cmd/osquery-perf/vscode_extensions_vulnerable.software

@@ -0,0 +1,5 @@
+Microsoft##ms-vscode-remote.remote-wsl##0.63.10
+GitHub##github.vscode-pull-request-github##0.66.1
+Microsoft##ms-python.python##2020.4.0
+Microsoft##ms-toolsai.jupyter##2023.10.10
+Microsoft##dbaeumer.vscode-eslint##2.0.0

server/service/osquery.go

@@ -952,6 +952,8 @@ func (svc *Service) SubmitDistributedQueryResults(
 
 	svc.maybeDebugHost(ctx, host, results, statuses, messages, stats)
 
+	preProcessSoftwareResults(host.ID, &results, &statuses, &messages, svc.logger)
+
 	var hostWithoutPolicies bool
 	for query, rows := range results {
 		// When receiving this query in the results, we will update the host's
@@ -1091,6 +1093,74 @@ func (svc *Service) SubmitDistributedQueryResults(
 	return nil
 }
 
+// preProcessSoftwareResults will run pre-processing on the responses of the software queries.
+// It will move the results from the software extra queries (e.g. software_vscode_extensions)
+// into the main software query results (software_{macos|linux|windows}).
+// We do this to not grow the main software queries and to ingest
+// all software together (one direct ingest function for all software).
+func preProcessSoftwareResults(
+	hostID uint,
+	results *fleet.OsqueryDistributedQueryResults,
+	statuses *map[string]fleet.OsqueryStatus,
+	messages *map[string]string,
+	logger log.Logger,
+) {
+	vsCodeExtensionsExtraQuery := hostDetailQueryPrefix + "software_vscode_extensions"
+	preProcessSoftwareExtraResults(vsCodeExtensionsExtraQuery, hostID, results, statuses, messages, logger)
+}
+
+func preProcessSoftwareExtraResults(
+	softwareExtraQuery string,
+	hostID uint,
+	results *fleet.OsqueryDistributedQueryResults,
+	statuses *map[string]fleet.OsqueryStatus,
+	messages *map[string]string,
+	logger log.Logger,
+) {
+	// We always remove the extra query and its results
+	// in case the main or extra software query failed to execute.
+	defer delete(*results, softwareExtraQuery)
+
+	status, ok := (*statuses)[softwareExtraQuery]
+	if !ok {
+		return // query did not execute, e.g. the table does not exist.
+	}
+	failed := status != fleet.StatusOK
+	if failed {
+		// extra query executed but with errors, so we return without changing anything.
+		level.Error(logger).Log(
+			"query", softwareExtraQuery,
+			"message", (*messages)[softwareExtraQuery],
+			"hostID", hostID,
+		)
+		return
+	}
+
+	// Extract the results of the extra query.
+	softwareExtraRows, _ := (*results)[softwareExtraQuery]
+	if len(softwareExtraRows) == 0 {
+		return
+	}
+
+	// Append the results of the extra query to the main query.
+	for _, query := range []string{
+		// Only one of these execute in each host.
+		hostDetailQueryPrefix + "software_macos",
+		hostDetailQueryPrefix + "software_windows",
+		hostDetailQueryPrefix + "software_linux",
+	} {
+		if _, ok := (*results)[query]; !ok {
+			continue
+		}
+		if status, ok := (*statuses)[query]; ok && status != fleet.StatusOK {
+			// Do not append results if the main query failed to run.
+			continue
+		}
+		(*results)[query] = append((*results)[query], softwareExtraRows...)
+		return
+	}
+}
+
 // globalPolicyAutomationsEnabled returns true if any of the global policy automations are enabled.
 // globalPolicyAutomationsEnabled and teamPolicyAutomationsEnabled are effectively identical.
 // We could not use Go generics because Go generics does not support accessing common struct fields right now.