Fix findings found after the analysis of the Wodles code

[AdriiiPRodri]

Wazuh version	Component
master	Wodles

Hi team,

In the wodles code there are some sections of code that can be improved.

First we have a part of the oscap.py module where an agent_id is calculated randomly. Basically it doesn't seem that the module ever enters this part, however, we should investigate it and either fix it or remove it.

The next thing we need to investigate is the use of the eval() functions and the subprocess module as they are being used to check that certain services are installed. This can be done in a better way.

More information here: #7998 (comment) and here: wazuh/wazuh-qa#1615 (comment)

ToDo

• Investigate the random agent_id generator.
• Replace eval and subprocess module.
• Test the changes.

Regards

[CarlosRS9]

Status update

It is true that the oscap module has these vulnerabilities. However, the module was deprecated in 4.0 and replaced by SCA, so we believe there is no reason to spend the time to modify this. The idea is to remove this code from our repository for the future 5.0 release.

The script itself from 4.0 onwards is no longer copied on the system during installation or when upgrading, so it would not pose a security risk either.