chore: move finding event conversion to a package

Opportunistic refactor. Logic does not relate to eBPF and does relate to event data. Also allows importing this logic without importing eBPF related code.
aquasecurity · Sep 23, 2024 · 290c8ba · 290c8ba
1 parent 3f38b8f
commit 290c8ba
Show file tree

Hide file tree

Showing 4 changed files with 8 additions and 6 deletions.
diff --git a/cmd/tracee/cmd/analyze.go b/cmd/tracee/cmd/analyze.go
@@ -14,8 +14,8 @@ import (
 
 	"github.com/aquasecurity/tracee/pkg/cmd/flags"
 	"github.com/aquasecurity/tracee/pkg/cmd/initialize/sigs"
-	tracee "github.com/aquasecurity/tracee/pkg/ebpf"
 	"github.com/aquasecurity/tracee/pkg/events"
+	"github.com/aquasecurity/tracee/pkg/events/findings"
 	"github.com/aquasecurity/tracee/pkg/logger"
 	"github.com/aquasecurity/tracee/pkg/signatures/engine"
 	"github.com/aquasecurity/tracee/pkg/signatures/signature"
@@ -214,7 +214,7 @@ func produce(ctx context.Context, inputFile *os.File, engineInput chan<- protoco
 
 func findingProcessor(engineInput chan<- protocol.Event) func(finding *detect.Finding) {
 	return func(finding *detect.Finding) {
-		event, err := tracee.FindingToEvent(finding)
+		event, err := findings.FindingToEvent(finding)
 		if err != nil {
 			logger.Fatalw("Failed to convert finding to event", "err", err)
 		}

diff --git a/pkg/ebpf/signature_engine.go b/pkg/ebpf/signature_engine.go
@@ -6,6 +6,7 @@ import (
 	"github.com/aquasecurity/tracee/pkg/containers"
 	"github.com/aquasecurity/tracee/pkg/dnscache"
 	"github.com/aquasecurity/tracee/pkg/events"
+	"github.com/aquasecurity/tracee/pkg/events/findings"
 	"github.com/aquasecurity/tracee/pkg/logger"
 	"github.com/aquasecurity/tracee/pkg/proctree"
 	"github.com/aquasecurity/tracee/pkg/signatures/engine"
@@ -114,7 +115,7 @@ func (t *Tracee) engineEvents(ctx context.Context, in <-chan *trace.Event) (<-ch
 					continue // might happen during initialization (ctrl+c seg faults)
 				}
 
-				event, err := FindingToEvent(finding)
+				event, err := findings.FindingToEvent(finding)
 				if err != nil {
 					t.handleError(err)
 					continue

diff --git a/pkg/ebpf/finding.go → pkg/events/findings/findings.go b/pkg/ebpf/finding.go → pkg/events/findings/findings.go
@@ -1,4 +1,4 @@
-package ebpf
+package findings
 
 import (
 	"github.com/aquasecurity/tracee/pkg/errfmt"

diff --git a/pkg/ebpf/finding_test.go → pkg/events/findings/findings_test.go b/pkg/ebpf/finding_test.go → pkg/events/findings/findings_test.go
@@ -1,4 +1,4 @@
-package ebpf
+package findings_test
 
 import (
 	"sort"
@@ -7,6 +7,7 @@ import (
 	"github.com/stretchr/testify/assert"
 
 	"github.com/aquasecurity/tracee/pkg/events"
+	"github.com/aquasecurity/tracee/pkg/events/findings"
 	"github.com/aquasecurity/tracee/types/detect"
 	"github.com/aquasecurity/tracee/types/protocol"
 	"github.com/aquasecurity/tracee/types/trace"
@@ -100,7 +101,7 @@ func TestFindingToEvent(t *testing.T) {
 	}
 
 	finding := createFakeEventAndFinding()
-	got, err := FindingToEvent(&finding)
+	got, err := findings.FindingToEvent(&finding)
 
 	assert.NoError(t, err)