Wrong paths when querying Windows agent configuration

[Cerv1]

Hi team,

I've seen that the character \ is scaped on every path when querying Windows agent configuration.

# curl -u foo/bar -k "https://localhost:55000/agents/034/config/wmodules/wmodules?pretty"
{
   "error": 0,
   "data": {
      "wmodules": [
         {
            "syscollector": {
               "hardware": "yes",
               "processes": "yes",
               "network": "yes",
               "interval": 3600,
               "disabled": "yes",
               "scan-on-start": "yes",
               "packages": "yes",
               "os": "yes",
               "ports": "yes",
               "ports_all": "no"
            }
         },
         {
            "cis-cat": {
               "interval": 86400,
               "disabled": "yes",
               "scan-on-start": "yes",
               "ciscat_path": "C:\\cis-cat",
               "java_path": "\\\\server\\jre\\bin\\java.exe",
               "timeout": 1800
            }
         },
         {
            "osquery": {
               "config_path": "C:\\ProgramData\\osquery\\osquery.conf",
               "log_path": "C:\\ProgramData\\osquery\\log\\osqueryd.results.log",
               "disabled": "yes",
               "bin_path": "C:\\ProgramData\\osquery\\osqueryd",
               "run_daemon": "yes",
               "add_labels": "yes"
            }
         }
      ]
   }
}

Best regards, Cerv1.

[mgmacias95]

Hello @Cerv1,

Those escape characters are added by Python's XML Etree library. Here's a screenshot debugging our XML reader with Pycharm: As you can see, those characters are already added when we're reading the XML. We should add something like this:

option_value.replace('\\','\')

Best regards, Marta