From 290c8ba5d7d921c83b8260e37e388d9a241795dd Mon Sep 17 00:00:00 2001 From: Nadav Strahilevitz Date: Mon, 23 Sep 2024 15:59:54 +0000 Subject: [PATCH] chore: move finding event conversion to a package Opportunistic refactor. Logic does not relate to eBPF and does relate to event data. Also allows importing this logic without importing eBPF related code. --- cmd/tracee/cmd/analyze.go | 4 ++-- pkg/ebpf/signature_engine.go | 3 ++- pkg/{ebpf/finding.go => events/findings/findings.go} | 2 +- .../finding_test.go => events/findings/findings_test.go} | 5 +++-- 4 files changed, 8 insertions(+), 6 deletions(-) rename pkg/{ebpf/finding.go => events/findings/findings.go} (99%) rename pkg/{ebpf/finding_test.go => events/findings/findings_test.go} (97%) diff --git a/cmd/tracee/cmd/analyze.go b/cmd/tracee/cmd/analyze.go index 41cae0f1aa6b..3c2065c9e0eb 100644 --- a/cmd/tracee/cmd/analyze.go +++ b/cmd/tracee/cmd/analyze.go @@ -14,8 +14,8 @@ import ( "github.com/aquasecurity/tracee/pkg/cmd/flags" "github.com/aquasecurity/tracee/pkg/cmd/initialize/sigs" - tracee "github.com/aquasecurity/tracee/pkg/ebpf" "github.com/aquasecurity/tracee/pkg/events" + "github.com/aquasecurity/tracee/pkg/events/findings" "github.com/aquasecurity/tracee/pkg/logger" "github.com/aquasecurity/tracee/pkg/signatures/engine" "github.com/aquasecurity/tracee/pkg/signatures/signature" @@ -214,7 +214,7 @@ func produce(ctx context.Context, inputFile *os.File, engineInput chan<- protoco func findingProcessor(engineInput chan<- protocol.Event) func(finding *detect.Finding) { return func(finding *detect.Finding) { - event, err := tracee.FindingToEvent(finding) + event, err := findings.FindingToEvent(finding) if err != nil { logger.Fatalw("Failed to convert finding to event", "err", err) } diff --git a/pkg/ebpf/signature_engine.go b/pkg/ebpf/signature_engine.go index b1b74c92ae4f..77b8fbae7533 100644 --- a/pkg/ebpf/signature_engine.go +++ b/pkg/ebpf/signature_engine.go @@ -6,6 +6,7 @@ import ( "github.com/aquasecurity/tracee/pkg/containers" "github.com/aquasecurity/tracee/pkg/dnscache" "github.com/aquasecurity/tracee/pkg/events" + "github.com/aquasecurity/tracee/pkg/events/findings" "github.com/aquasecurity/tracee/pkg/logger" "github.com/aquasecurity/tracee/pkg/proctree" "github.com/aquasecurity/tracee/pkg/signatures/engine" @@ -114,7 +115,7 @@ func (t *Tracee) engineEvents(ctx context.Context, in <-chan *trace.Event) (<-ch continue // might happen during initialization (ctrl+c seg faults) } - event, err := FindingToEvent(finding) + event, err := findings.FindingToEvent(finding) if err != nil { t.handleError(err) continue diff --git a/pkg/ebpf/finding.go b/pkg/events/findings/findings.go similarity index 99% rename from pkg/ebpf/finding.go rename to pkg/events/findings/findings.go index 08ea68f49e9b..69774d8cb9bf 100644 --- a/pkg/ebpf/finding.go +++ b/pkg/events/findings/findings.go @@ -1,4 +1,4 @@ -package ebpf +package findings import ( "github.com/aquasecurity/tracee/pkg/errfmt" diff --git a/pkg/ebpf/finding_test.go b/pkg/events/findings/findings_test.go similarity index 97% rename from pkg/ebpf/finding_test.go rename to pkg/events/findings/findings_test.go index 17e34a693ed6..f36b5328dfe0 100644 --- a/pkg/ebpf/finding_test.go +++ b/pkg/events/findings/findings_test.go @@ -1,4 +1,4 @@ -package ebpf +package findings_test import ( "sort" @@ -7,6 +7,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/aquasecurity/tracee/pkg/events" + "github.com/aquasecurity/tracee/pkg/events/findings" "github.com/aquasecurity/tracee/types/detect" "github.com/aquasecurity/tracee/types/protocol" "github.com/aquasecurity/tracee/types/trace" @@ -100,7 +101,7 @@ func TestFindingToEvent(t *testing.T) { } finding := createFakeEventAndFinding() - got, err := FindingToEvent(&finding) + got, err := findings.FindingToEvent(&finding) assert.NoError(t, err)