engine: add Config struct

cmd/tracee-rules/main.go

@@ -104,7 +104,11 @@ func main() {
 			if err != nil {
 				return err
 			}
-			e, err := engine.NewEngine(sigs, inputs, output, os.Stderr, c.Bool("rego-enable-parsed-events"))
+
+			config := engine.Config{
+				ParsedEvents: c.Bool("rego-enable-parsed-events"),
+			}
+			e, err := engine.NewEngine(sigs, inputs, output, os.Stderr, config)
 			if err != nil {
 				return fmt.Errorf("constructing engine: %w", err)
 			}

tracee-rules/benchmark/benchmark_test.go

@@ -98,7 +98,9 @@ func BenchmarkEngineWithCodeInjectionSignature(b *testing.B) {
 				s, err := bc.sigFunc()
 				require.NoError(b, err, bc.name)
 
-				e, err := engine.NewEngine([]types.Signature{s}, inputs, output, os.Stderr, bc.preparedEvents)
+				e, err := engine.NewEngine([]types.Signature{s}, inputs, output, os.Stderr, engine.Config{
+					ParsedEvents: bc.preparedEvents,
+				})
 				require.NoError(b, err, "constructing engine")
 				b.StartTimer()
 
@@ -153,7 +155,9 @@ func BenchmarkEngineWithMultipleSignatures(b *testing.B) {
 				inputs := ProduceEventsInMemory(inputEventsCount)
 				output := make(chan types.Finding, inputEventsCount*len(sigs))
 
-				e, err := engine.NewEngine(sigs, inputs, output, os.Stderr, bc.preparedEvents)
+				e, err := engine.NewEngine(sigs, inputs, output, os.Stderr, engine.Config{
+					ParsedEvents: bc.preparedEvents,
+				})
 				require.NoError(b, err, "constructing engine")
 				b.StartTimer()
 
@@ -213,7 +217,7 @@ func BenchmarkEngineWithNSignatures(b *testing.B) {
 					b.StopTimer()
 					inputs := ProduceEventsInMemory(inputEventsCount)
 					output := make(chan types.Finding, inputEventsCount*len(sigs))
-					e, err := engine.NewEngine(sigs, inputs, output, os.Stderr, false)
+					e, err := engine.NewEngine(sigs, inputs, output, os.Stderr, engine.Config{})
 					require.NoError(b, err, "constructing engine")
 					b.StartTimer()
 

tracee-rules/engine/engine.go

@@ -19,6 +19,12 @@ const EVENT_CONTAINER_ORIGIN = "container"
 const EVENT_HOST_ORIGIN = "host"
 const ALL_EVENT_TYPES = "*"
 
+// Config defines the engine's configurable values
+type Config struct {
+	ParsedEvents        bool
+	SignatureBufferSize int
+}
+
 // Engine is a rule-engine that can process events coming from a set of input sources against a set of loaded signatures, and report the signatures' findings
 type Engine struct {
 	logger          log.Logger
@@ -28,7 +34,7 @@ type Engine struct {
 	inputs          EventSources
 	output          chan types.Finding
 	waitGroup       sync.WaitGroup
-	parsedEvents    bool
+	config          Config
 }
 
 //EventSources is a bundle of input sources used to configure the Engine
@@ -38,7 +44,7 @@ type EventSources struct {
 
 // NewEngine creates a new rules-engine with the given arguments
 // inputs and outputs are given as channels created by the consumer
-func NewEngine(sigs []types.Signature, sources EventSources, output chan types.Finding, logWriter io.Writer, parsedEvents bool) (*Engine, error) {
+func NewEngine(sigs []types.Signature, sources EventSources, output chan types.Finding, logWriter io.Writer, config Config) (*Engine, error) {
 	if sources.Tracee == nil || output == nil || logWriter == nil {
 		return nil, fmt.Errorf("nil input received")
 	}
@@ -47,7 +53,7 @@ func NewEngine(sigs []types.Signature, sources EventSources, output chan types.F
 	engine.logger = *log.New(logWriter, "", 0)
 	engine.inputs = sources
 	engine.output = output
-	engine.parsedEvents = parsedEvents
+	engine.config = config
 	engine.signaturesMutex.Lock()
 	engine.signatures = make(map[types.Signature]chan types.Event)
 	engine.signaturesIndex = make(map[types.SignatureEventSelector][]types.Signature)
@@ -208,7 +214,7 @@ func (engine *Engine) consumeSources(done <-chan bool) {
 func (engine *Engine) dispatchEvent(s types.Signature, event external.Event) {
 	switch {
 	case strings.Contains(reflect.TypeOf(s).String(), "rego"):
-		if engine.parsedEvents {
+		if engine.config.ParsedEvents {
 			pe, err := ToParsedEvent(event)
 			if err != nil {
 				engine.logger.Printf("error converting tracee event to OPA ast.Value: %v", err)

tracee-rules/engine/engine_test.go

@@ -68,7 +68,7 @@ func TestConsumeSources(t *testing.T) {
 		expectedNumEvents int
 		expectedError     string
 		expectedEvent     interface{}
-		enableParsedEvent bool
+		config            Config
 	}{
 		{
 			name: "happy path - with one matching selector, parsed event enabled",
@@ -100,7 +100,9 @@ func TestConsumeSources(t *testing.T) {
 				ProcessID: 2, ParentProcessID: 1, Args: []external.Argument{{ArgMeta: external.ArgMeta{Name: "pathname", Type: ""}, Value: "/proc/self/mem"}},
 				EventName: "test_event",
 			},
-			enableParsedEvent: true,
+			config: Config{
+				ParsedEvents: true,
+			},
 		},
 		{
 			name: "happy path - with one matching selector",
@@ -378,7 +380,7 @@ func TestConsumeSources(t *testing.T) {
 
 			var gotNumEvents int
 			tc.inputSignature.onEvent = func(event types.Event) error {
-				if tc.enableParsedEvent {
+				if tc.config.ParsedEvents {
 					assert.Equal(t, tc.expectedEvent, event.(ParsedEvent).Event, tc.name)
 				} else {
 					assert.Equal(t, tc.expectedEvent, event.(external.Event), tc.name)
@@ -387,7 +389,7 @@ func TestConsumeSources(t *testing.T) {
 				return nil
 			}
 
-			e, err := NewEngine(sigs, inputs, outputChan, logger, tc.enableParsedEvent)
+			e, err := NewEngine(sigs, inputs, outputChan, logger, tc.config)
 			require.NoError(t, err, "constructing engine")
 			go func() {
 				e.Start(done)
@@ -446,7 +448,7 @@ func TestGetSelectedEvents(t *testing.T) {
 			},
 		},
 	}
-	e, err := NewEngine(sigs, EventSources{Tracee: make(chan types.Event)}, make(chan types.Finding), &bytes.Buffer{}, false)
+	e, err := NewEngine(sigs, EventSources{Tracee: make(chan types.Event)}, make(chan types.Finding), &bytes.Buffer{}, Config{})
 	require.NoError(t, err, "constructing engine")
 	se := e.GetSelectedEvents()
 	expected := []types.SignatureEventSelector{