chore: move signatures into their own top level directory (aquasecuri…

…ty#1231)

Resolves: aquasecurity#1220
Resolves: aquasecurity#1229 
Resolves: aquasecurity#1199 

Signed-off-by: Simar <[email protected]>
Signed-off-by: Daniel Pacak <[email protected]>
Co-authored-by: Daniel Pacak <[email protected]>

Vagrantfile

@@ -10,6 +10,9 @@ Vagrant.configure("2") do |config|
   end
 
   config.vm.provision "shell", inline: <<-SHELL
+    GO_VERSION="1.16"
+    OPA_VERSION="v0.35.0"
+
     apt-get update
     apt-get install --yes build-essential pkgconf libelf-dev llvm-12 clang-12
 
@@ -22,9 +25,11 @@ Vagrant.configure("2") do |config|
     apt-get install --yes docker.io
     usermod -aG docker vagrant
 
-    wget --quiet https://golang.org/dl/go1.16.linux-amd64.tar.gz
-    tar -C /usr/local -xzf go1.16.linux-amd64.tar.gz
+    wget --quiet https://golang.org/dl/go$GO_VERSION.linux-amd64.tar.gz
+    tar -C /usr/local -xzf go$GO_VERSION.linux-amd64.tar.gz
     echo 'export PATH=$PATH:/usr/local/go/bin' >> /home/vagrant/.profile
+
+    curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/$OPA_VERSION/opa_linux_amd64
+    chmod 755 /usr/bin/opa
   SHELL
 end
-

embedded.go

@@ -0,0 +1,6 @@
+package tracee
+
+import _ "embed"
+
+//go:embed signatures/rego/helpers.rego
+var RegoHelpersCode string

tracee-rules/signatures/golang/kubernetes_api_connection.go → signatures/golang/kubernetes_api_connection.go

@@ -5,7 +5,7 @@ import (
 	"strings"
 
 	tracee "github.com/aquasecurity/tracee/pkg/external"
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/helpers"
+	"github.com/aquasecurity/tracee/signatures/helpers"
 	"github.com/aquasecurity/tracee/tracee-rules/types"
 )
 

tracee-rules/signatures/golang/kubernetes_api_connection_test.go → signatures/golang/kubernetes_api_connection_test.go

@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	tracee "github.com/aquasecurity/tracee/pkg/external"
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/signaturestest"
+	"github.com/aquasecurity/tracee/signatures/signaturestest"
 	"github.com/aquasecurity/tracee/tracee-rules/types"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

tracee-rules/signatures/golang/stdio_over_socket.go → signatures/golang/stdio_over_socket.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 
 	tracee "github.com/aquasecurity/tracee/pkg/external"
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/helpers"
+	"github.com/aquasecurity/tracee/signatures/helpers"
 	"github.com/aquasecurity/tracee/tracee-rules/types"
 )
 

tracee-rules/signatures/golang/stdio_over_socket_test.go → signatures/golang/stdio_over_socket_test.go

@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	tracee "github.com/aquasecurity/tracee/pkg/external"
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/signaturestest"
+	"github.com/aquasecurity/tracee/signatures/signaturestest"
 	"github.com/aquasecurity/tracee/tracee-rules/types"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"

tracee-rules/Dockerfile.builder

@@ -1,4 +1,4 @@
 FROM golang:1.17-buster as builder
 RUN DEBIAN_FRONTEND=noninteractive apt-get update -y && apt-get install -y --no-install-recommends curl && \
-    curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/v0.33.1/opa_linux_amd64 && chmod 755 /usr/bin/opa
+    curl -L -o /usr/bin/opa https://github.com/open-policy-agent/opa/releases/download/v0.35.0/opa_linux_amd64 && chmod 755 /usr/bin/opa
 WORKDIR /tracee

tracee-rules/Makefile

@@ -8,11 +8,11 @@ OUT_DIR ?= dist
 OUT_BIN := $(OUT_DIR)/tracee-rules
 OUT_RULES := $(OUT_DIR)/rules
 GO_SRC := $(shell find . -type f -name '*.go')
-GOSIGNATURES_DIR ?= signatures/golang
+GOSIGNATURES_DIR ?= ../signatures/golang
 GOSIGNATURES_SRC := $(shell find $(GOSIGNATURES_DIR) -type f -name '*.go' ! -name '*_test.go' ! -path '$(GOSIGNATURES_DIR)/examples/*')
 OUT_GOSIGNATURES := $(OUT_RULES)/builtin.so
-REGO_SIGNATURES_DIR ?= signatures/rego
-REGO_SIGNATURES_SRC := $(shell find $(REGO_SIGNATURES_DIR) -type f -name '*.rego' ! -name '*_test.rego' ! -path '$(REGO_SIGNATURES_DIR)/examples/*')
+REGO_SIGNATURES_DIR ?= ../signatures/rego
+REGO_SIGNATURES_SRC := $(shell find $(REGO_SIGNATURES_DIR) -type f -name '*.rego' ! -name '*_test.rego' ! -path '$(REGO_SIGNATURES_DIR)/examples/*' ! -name 'aio.rego')
 DOCKER_BUILDER ?= tracee-rules-builder
 
 $(OUT_DIR):
@@ -53,7 +53,7 @@ $(tools): % : check_%
 ifndef DOCKER
 test: $(GO_SRC) $(tools)
 	go test $(GOTEST_FLAGS) -v ./...
-	opa test . --verbose --ignore="examples" --ignore="dist" --ignore="benchmark"
+	opa test ../signatures/rego --verbose --ignore="examples" --ignore="dist" --ignore="benchmark"
 else
 test: $(DOCKER_BUILDER)
 	$(call docker_builder_make,$@)

tracee-rules/benchmark/signature/golang/anti_debugging.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 
 	tracee "github.com/aquasecurity/tracee/pkg/external"
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/helpers"
+	"github.com/aquasecurity/tracee/signatures/helpers"
 	"github.com/aquasecurity/tracee/tracee-rules/types"
 )
 

tracee-rules/benchmark/signature/golang/code_injection.go

@@ -5,7 +5,7 @@ import (
 	"regexp"
 
 	tracee "github.com/aquasecurity/tracee/pkg/external"
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/helpers"
+	"github.com/aquasecurity/tracee/signatures/helpers"
 	"github.com/aquasecurity/tracee/tracee-rules/types"
 )
 

tracee-rules/benchmark/signature/rego/signatures.go

@@ -3,10 +3,9 @@ package rego
 import (
 	_ "embed"
 
-	"github.com/open-policy-agent/opa/compile"
-
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/rego/regosig"
+	"github.com/aquasecurity/tracee/tracee-rules/regosig"
 	"github.com/aquasecurity/tracee/tracee-rules/types"
+	"github.com/open-policy-agent/opa/compile"
 )
 
 var (

tracee-rules/signatures/rego/regosig/aio_test.go → tracee-rules/regosig/aio_test.go

@@ -7,8 +7,8 @@ import (
 	"testing"
 
 	tracee "github.com/aquasecurity/tracee/pkg/external"
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/rego/regosig"
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/signaturestest"
+	"github.com/aquasecurity/tracee/signatures/signaturestest"
+	"github.com/aquasecurity/tracee/tracee-rules/regosig"
 	"github.com/aquasecurity/tracee/tracee-rules/types"
 	"github.com/open-policy-agent/opa/compile"
 	"github.com/stretchr/testify/assert"

tracee-rules/signatures/rego/regosig/traceerego_test.go → tracee-rules/regosig/traceerego_test.go

@@ -7,9 +7,9 @@ import (
 	"testing"
 
 	tracee "github.com/aquasecurity/tracee/pkg/external"
+	"github.com/aquasecurity/tracee/signatures/signaturestest"
 	"github.com/aquasecurity/tracee/tracee-rules/engine"
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/rego/regosig"
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/signaturestest"
+	"github.com/aquasecurity/tracee/tracee-rules/regosig"
 	"github.com/aquasecurity/tracee/tracee-rules/types"
 	"github.com/open-policy-agent/opa/compile"
 	"github.com/stretchr/testify/assert"

tracee-rules/signature.go

@@ -1,9 +1,9 @@
 package main
 
 import (
-	"bytes"
 	_ "embed"
 
+	"bytes"
 	"io/fs"
 	"io/ioutil"
 	"log"
@@ -12,13 +12,11 @@ import (
 	"plugin"
 	"strings"
 
-	"github.com/aquasecurity/tracee/tracee-rules/signatures/rego/regosig"
+	embedded "github.com/aquasecurity/tracee"
+	"github.com/aquasecurity/tracee/tracee-rules/regosig"
 	"github.com/aquasecurity/tracee/tracee-rules/types"
 )
 
-//go:embed signatures/rego/helpers.rego
-var regoHelpersCode string
-
 func getSignatures(target string, partialEval bool, rulesDir string, rules []string, aioEnabled bool) ([]types.Signature, error) {
 	if rulesDir == "" {
 		exePath, err := os.Executable()
@@ -81,9 +79,9 @@ func findGoSigs(dir string) ([]types.Signature, error) {
 
 func findRegoSigs(target string, partialEval bool, dir string, aioEnabled bool) ([]types.Signature, error) {
 	modules := make(map[string]string)
-	modules["helper.rego"] = regoHelpersCode
+	modules["helper.rego"] = embedded.RegoHelpersCode
 
-	regoHelpers := []string{regoHelpersCode}
+	regoHelpers := []string{embedded.RegoHelpersCode}
 	filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
 		if err != nil {
 			return err

tracee-rules/signature_test.go

@@ -9,15 +9,18 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/open-policy-agent/opa/compile"
-
 	"github.com/aquasecurity/tracee/tracee-rules/types"
+	"github.com/open-policy-agent/opa/compile"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 
+const (
+	exampleRulesDir = "../signatures/rego"
+)
+
 func Test_getSignatures(t *testing.T) {
-	sigs, err := getSignatures(compile.TargetRego, false, "signatures/rego", []string{"TRC-2"}, false)
+	sigs, err := getSignatures(compile.TargetRego, false, exampleRulesDir, []string{"TRC-2"}, false)
 	require.NoError(t, err)
 	require.Equal(t, 1, len(sigs))
 
@@ -104,7 +107,7 @@ func copyExampleSig(exampleName, destDir string) error {
 	var exampleDir string
 	extension := filepath.Ext(exampleName)
 	if extension == ".rego" {
-		exampleDir = "signatures/rego/%s"
+		exampleDir = fmt.Sprint(exampleRulesDir + "/%s")
 	} else {
 		return errors.New("unsupported signature type")
 	}