Turn evt def instantiable

.revive.toml

@@ -9,8 +9,7 @@ enableAllRules = true
 [rule.add-constant]
     Disabled = true
 [rule.argument-limit]
-    Disabled = false
-    Arguments = [5]
+    Disabled = true
 [rule.atomic]
     Disabled = false
 [rule.bare-return]

pkg/bufferdecoder/decoder.go

@@ -88,26 +88,26 @@ func (decoder *EbpfDecoder) DecodeContext(ctx *Context) error {
 // It should be called last, and after decoding the argnum with DecodeUint8.
 //
 // Argument array passed should be initialized with the size of len(eventDefinition.Params).
-func (decoder *EbpfDecoder) DecodeArguments(args []trace.Argument, argnum int, eventDefinition events.Event, eventId events.ID) error {
+func (decoder *EbpfDecoder) DecodeArguments(args []trace.Argument, argnum int, eventDefinition *events.Event, eventId events.ID) error {
 	for i := 0; i < argnum; i++ {
 		idx, arg, err := readArgFromBuff(
 			eventId,
 			decoder,
-			eventDefinition.Params,
+			eventDefinition.GetParams(),
 		)
 		if err != nil {
-			logger.Errorw("error reading argument from buffer", "error", errfmt.Errorf("failed to read argument %d of event %s: %v", i, eventDefinition.Name, err))
+			logger.Errorw("error reading argument from buffer", "error", errfmt.Errorf("failed to read argument %d of event %s: %v", i, eventDefinition.GetName(), err))
 			continue
 		}
 		if args[idx].Value != nil {
-			logger.Warnw("argument overridden from buffer", "error", errfmt.Errorf("read more than one instance of argument %s of event %s. Saved value: %v. New value: %v", arg.Name, eventDefinition.Name, args[idx].Value, arg.Value))
+			logger.Warnw("argument overridden from buffer", "error", errfmt.Errorf("read more than one instance of argument %s of event %s. Saved value: %v. New value: %v", arg.Name, eventDefinition.GetName(), args[idx].Value, arg.Value))
 		}
 		args[idx] = arg
 	}
 	// Fill missing arguments metadata
-	for i := 0; i < len(eventDefinition.Params); i++ {
+	for i := 0; i < eventDefinition.GetParamsLength(); i++ {
 		if args[i].Value == nil {
-			args[i].ArgMeta = eventDefinition.Params[i]
+			args[i].ArgMeta = eventDefinition.GetParams()[i]
 		}
 	}
 	return nil

pkg/cmd/cobra/cobra.go

@@ -24,6 +24,14 @@ import (
 )
 
 func GetTraceeRunner(c *cobra.Command, version string) (cmd.Runner, error) {
+	// Initialize event definitions
+
+	// events.Definitions = events.NewEventGroup()
+	// err := events.Definitions.AddBatch(events.CoreDefinitions)
+	// if err != nil {
+	// 	return cmd.Runner{}, err
+	// }
+
 	var runner cmd.Runner
 
 	// Log command line flags

pkg/cmd/flags/filter.go

@@ -111,10 +111,10 @@ func PrepareFilterMapFromFlags(filtersArr []string) (PolicyFilterMap, error) {
 }
 
 func CreatePolicies(filterMap PolicyFilterMap, newBinary bool) (*policy.Policies, error) {
-	eventsNameToID := events.Definitions.NamesToIDs()
+	eventsNameToID := events.Core.NamesToIDs()
 	// remove internal events since they shouldn't be accessible by users
 	for event, id := range eventsNameToID {
-		if events.Definitions.Get(id).Internal {
+		if events.Core.GetEventByID(id).IsInternal() {
 			delete(eventsNameToID, event)
 		}
 	}
@@ -362,8 +362,8 @@ func prepareEventsToTrace(
 	isExcluded := make(map[events.ID]bool)
 
 	// build a map: k:set, v:eventID
-	for id, event := range events.Definitions.Events() {
-		for _, set := range event.Sets {
+	for id, event := range events.Core.GetAllEvents() {
+		for _, set := range event.GetSets() {
 			setsToEvents[set] = append(setsToEvents[set], id)
 		}
 	}
@@ -422,7 +422,7 @@ func prepareEventsToTrace(
 	}
 
 	// build a map: k:eventID, v:eventName with all events to trace
-	res = make(map[events.ID]string, events.Definitions.Length())
+	res = make(map[events.ID]string, events.Core.Length())
 	for _, name := range eventsToTrace {
 		if strings.HasSuffix(name, "*") { // handle event prefixes with wildcards
 			found := false
@@ -453,7 +453,7 @@ func prepareEventsToTrace(
 		}
 		for _, id := range setEvents {
 			if !isExcluded[id] {
-				res[id] = events.Definitions.Get(id).Name
+				res[id] = events.Core.GetEventByID(id).GetName()
 			}
 		}
 	}

pkg/cmd/flags/filter_test.go

@@ -91,10 +91,10 @@ func TestFilter_prepareEventsToTrace(t *testing.T) {
 			expectedErr: InvalidSetError("blah"),
 		},
 	}
-	eventsNameToID := events.Definitions.NamesToIDs()
+	eventsNameToID := events.Core.NamesToIDs()
 	// remove internal events since they shouldn't be accessible by users
 	for event, id := range eventsNameToID {
-		if events.Definitions.Get(id).Internal {
+		if events.Core.GetEventByID(id).IsInternal() {
 			delete(eventsNameToID, event)
 		}
 	}

pkg/cmd/gptdocs.go

@@ -48,7 +48,7 @@ func (r GPTDocsRunner) Run(ctx context.Context) error {
 		return fmt.Errorf("error reading events template: %v", err)
 	}
 
-	evtChannel := make(chan events.Event, 1)
+	evtChannel := make(chan *events.Event, 1)
 	retChannel := make(chan WorkRet, 1)
 	wrkChannel := make(chan string, 1)
 
@@ -65,10 +65,10 @@ func (r GPTDocsRunner) Run(ctx context.Context) error {
 				case <-ctx.Done():
 					return
 				case evt := <-evtChannel:
-					wrkChannel <- evt.Name
+					wrkChannel <- evt.GetName()
 					ctxTimeout, cancel := context.WithTimeout(ctx, timeoutInSec*time.Second)
 					fileName, err := r.GenerateSyscall(ctxTimeout, template, evt)
-					retChannel <- WorkRet{evt.Name, fileName, err}
+					retChannel <- WorkRet{evt.GetName(), fileName, err}
 					cancel()
 				}
 			}
@@ -106,14 +106,14 @@ func (r GPTDocsRunner) Run(ctx context.Context) error {
 
 	// Pick all events
 
-	var evt events.Event
+	var evt *events.Event
 
-	allEvents := events.Definitions.Events()
+	allEvents := events.Core.GetAllEvents()
 
 	// Check if the given events exist
 
 	for _, given := range r.GivenEvents {
-		_, ok := events.Definitions.GetID(given)
+		_, ok := events.Core.GetEventIDByName(given)
 		if !ok {
 			logger.Errorw("Event definition not found", "event", given)
 		}
@@ -122,13 +122,13 @@ func (r GPTDocsRunner) Run(ctx context.Context) error {
 	// Run all the events map through the GPT3 API
 
 	for _, evt = range allEvents {
-		if !evt.Syscall {
+		if !evt.IsSyscall() {
 			continue
 		}
 
 		// Check if the filename exists already and skip if it does
 
-		fileName := outputDirectory + "/" + evt.Name + ".md"
+		fileName := outputDirectory + "/" + evt.GetName() + ".md"
 		_, err := os.Stat(fileName)
 		if err == nil {
 			select {
@@ -145,17 +145,17 @@ func (r GPTDocsRunner) Run(ctx context.Context) error {
 		if len(r.GivenEvents) > 0 {
 			found := false
 			for _, given := range r.GivenEvents {
-				if strings.Contains(evt.Name, given) {
+				if strings.Contains(evt.GetName(), given) {
 					found = true
 				}
 			}
 			if !found {
-				logger.Debugw("Event not in given list", "event", evt.Name)
+				logger.Debugw("Event not in given list", "event", evt.GetName())
 				continue
 			}
 		}
 
-		logger.Debugw("Picked event", "event", evt.Name)
+		logger.Debugw("Picked event", "event", evt.GetName())
 
 		// Submit event to be processed
 
@@ -172,7 +172,7 @@ func (r GPTDocsRunner) Run(ctx context.Context) error {
 }
 
 func (r GPTDocsRunner) GenerateSyscall(
-	ctx context.Context, template []byte, evt events.Event,
+	ctx context.Context, template []byte, evt *events.Event,
 ) (
 	string, error,
 ) {
@@ -182,7 +182,7 @@ func (r GPTDocsRunner) GenerateSyscall(
 		}
 	})
 
-	fileName := outputDirectory + "/" + evt.Name + ".md"
+	fileName := outputDirectory + "/" + evt.GetName() + ".md"
 
 	_, err := os.Stat(fileName)
 	if err == nil {
@@ -193,7 +193,7 @@ func (r GPTDocsRunner) GenerateSyscall(
 
 	var y []byte
 
-	y, err = yaml.Marshal(evt.Params)
+	y, err = yaml.Marshal(evt.GetParams())
 	if err != nil {
 		logger.Errorw("Error marshaling event", "err", err)
 	}
@@ -215,7 +215,7 @@ given syscall. The template for this markdown file is the following:
 		"The event, or syscall, name is \"%s\" "+
 		"and the parameter names and types are:\n"+
 		"\n%s\n",
-		headNote, templateYaml, evt.Name, eventArgsYaml,
+		headNote, templateYaml, evt.GetName(), eventArgsYaml,
 	)
 
 	evtChannel := gogpt.NewClient(r.OpenAIKey)

pkg/cmd/initialize/sigs.go

@@ -4,6 +4,7 @@ import (
 	"github.com/aquasecurity/tracee/pkg/events"
 	"github.com/aquasecurity/tracee/pkg/logger"
 	"github.com/aquasecurity/tracee/types/detect"
+	"github.com/aquasecurity/tracee/types/trace"
 )
 
 func CreateEventsFromSignatures(startId events.ID, sigs []detect.Signature) {
@@ -22,21 +23,37 @@ func CreateEventsFromSignatures(startId events.ID, sigs []detect.Signature) {
 			continue
 		}
 
-		dependencies := make([]events.ID, 0)
+		evtDependency := make([]events.ID, 0)
 
 		for _, s := range selectedEvents {
-			eventID, found := events.Definitions.GetID(s.Name)
+			eventID, found := events.Core.GetEventIDByName(s.Name)
 			if !found {
 				logger.Errorw("Failed to load event dependency", "event", s.Name)
 				continue
 			}
 
-			dependencies = append(dependencies, eventID)
+			evtDependency = append(evtDependency, eventID)
 		}
 
-		event := events.NewEventDefinition(m.EventName, []string{"signatures", "default"}, dependencies)
+		event := events.NewEvent(
+			id,                                // id,
+			events.Sys32Undefined,             // id32
+			m.EventName,                       // eventName
+			"",                                // docPath
+			false,                             // internal
+			false,                             // syscall
+			[]string{"signatures", "default"}, // sets
+			events.NewDependencies(
+				evtDependency, // ids
+				nil,           // probes
+				nil,           // ksyms
+				nil,           // tailcalls
+				nil,           // capabilities
+			),
+			[]trace.ArgMeta{},
+		)
 
-		err = events.Definitions.Add(id, event)
+		err = events.Core.Add(id, event)
 		if err != nil {
 			logger.Errorw("Failed to add event definition", "error", err)
 			continue