chore: make tracee-rules mode work with sigs of sigs, decoupling sigs…

… from initialize package
aquasecurity · Sep 22, 2024 · 894f514 · 894f514
1 parent bd0dea3
commit 894f514
Show file tree

Hide file tree

Showing 6 changed files with 21 additions and 9 deletions.
diff --git a/cmd/tracee-rules/main.go b/cmd/tracee-rules/main.go
@@ -4,6 +4,8 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"github.com/aquasecurity/tracee/pkg/cmd/initialize/initialize_sigs"
+	"github.com/aquasecurity/tracee/pkg/events"
 	"io"
 	"os"
 	"os/signal"
@@ -27,6 +29,8 @@ const (
 	signatureBufferFlag = "sig-buffer"
 )
 
+var inputs engine.EventSources
+
 func main() {
 	app := &cli.App{
 		Name:  "tracee-rules",
@@ -116,8 +120,6 @@ func main() {
 				return nil
 			}
 
-			var inputs engine.EventSources
-
 			opts, err := parseTraceeInputOptions(c.StringSlice("input-tracee"))
 			if err == errHelp {
 				printHelp()
@@ -142,7 +144,7 @@ func main() {
 			if err != nil {
 				return err
 			}
-
+			_ = initialize_sigs.CreateEventsFromSignatures(events.StartSignatureID, sigs)
 			config := engine.Config{
 				SignatureBufferSize: c.Uint(signatureBufferFlag),
 				Signatures:          sigs,

diff --git a/cmd/tracee-rules/output.go b/cmd/tracee-rules/output.go
@@ -57,8 +57,17 @@ func setupOutput(w io.Writer, webhook string, webhookTemplate string, contentTyp
 
 	go func(w io.Writer, tWebhook, tOutput *template.Template) {
 		for res := range out {
-			switch res.Event.Payload.(type) {
+			switch e := res.Event.Payload.(type) {
 			case trace.Event:
+				select {
+				case _, ok := <-inputs.Tracee:
+					if !ok {
+						logger.Debugw("Tracee input channel closed")
+						return
+					}
+				default:
+					inputs.Tracee <- e.ToProtocol()
+				}
 				if err := tOutput.Execute(w, res); err != nil {
 					logger.Errorw("Writing to output: " + err.Error())
 				}

diff --git a/cmd/tracee/cmd/list.go b/cmd/tracee/cmd/list.go
@@ -1,13 +1,13 @@
 package cmd
 
 import (
+	"github.com/aquasecurity/tracee/pkg/cmd/initialize/initialize_sigs"
 	"os"
 
 	"github.com/open-policy-agent/opa/compile"
 	"github.com/spf13/cobra"
 
 	"github.com/aquasecurity/tracee/pkg/cmd"
-	"github.com/aquasecurity/tracee/pkg/cmd/initialize"
 	"github.com/aquasecurity/tracee/pkg/events"
 	"github.com/aquasecurity/tracee/pkg/logger"
 	"github.com/aquasecurity/tracee/pkg/signatures/signature"
@@ -53,7 +53,7 @@ var listCmd = &cobra.Command{
 			os.Exit(1)
 		}
 
-		initialize.CreateEventsFromSignatures(events.StartSignatureID, sigs)
+		initialize_sigs.CreateEventsFromSignatures(events.StartSignatureID, sigs)
 
 		includeSigs := true
 		wideOutput := c.Flags().Lookup("wide").Value.String() == "true"

diff --git a/pkg/cmd/cobra/cobra.go b/pkg/cmd/cobra/cobra.go
@@ -2,6 +2,7 @@ package cobra
 
 import (
 	"errors"
+	"github.com/aquasecurity/tracee/pkg/cmd/initialize/initialize_sigs"
 
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -67,7 +68,7 @@ func GetTraceeRunner(c *cobra.Command, version string) (cmd.Runner, error) {
 		return runner, err
 	}
 
-	sigNameToEventId := initialize.CreateEventsFromSignatures(events.StartSignatureID, sigs)
+	sigNameToEventId := initialize_sigs.CreateEventsFromSignatures(events.StartSignatureID, sigs)
 
 	// Initialize a tracee config structure
 

diff --git a/pkg/cmd/initialize/sigs.go → pkg/cmd/initialize/initialize_sigs/sigs.go b/pkg/cmd/initialize/sigs.go → pkg/cmd/initialize/initialize_sigs/sigs.go
@@ -1,4 +1,4 @@
-package initialize
+package initialize_sigs
 
 import (
 	"strconv"

diff --git a/pkg/cmd/initialize/sigs_test.go → ...d/initialize/initialize_sigs/sigs_test.go b/pkg/cmd/initialize/sigs_test.go → ...d/initialize/initialize_sigs/sigs_test.go
@@ -1,4 +1,4 @@
-package initialize
+package initialize_sigs
 
 import (
 	"testing"