aquasecurity · ShohamBit · Nov 18, 2024 · Nov 24, 2024 · Nov 26, 2024 · Nov 28, 2024
diff --git a/cmd/traceectl/cmd/event.go b/cmd/traceectl/cmd/event.go
@@ -0,0 +1,189 @@
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/spf13/cobra"
+
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/client"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/formatter"
+)
+
+var eventCmd = &cobra.Command{
+	Use:   "event [enable | disable | describe | list]",
+	Short: "Manage tracee events",
+	Long: `Manage events in tracee.
+
+	Subcommands:
+	  enable    Enable specific events.
+	  disable   Disable specific events.
+	  describe  Get descriptions of available events.
+	  list      List available events. 
+
+	Examples:
+	  tracee event enable security_file_open
+	  tracee event describe magic_write
+	  tracee event list
+	`,
+	Args: cobra.MinimumNArgs(1),
+	Run: func(cmd *cobra.Command, args []string) {
+		if len(args) == 0 {
+			cmd.PrintErrln("Error: no event names provided. Please specify at least one event to enable.")
+			return
+		}
+	},
+}
+
+func init() {
+	eventCmd.AddCommand(listEventCmd)
+	eventCmd.AddCommand(describeEventCmd)
+	eventCmd.AddCommand(enableEventCmd)
+	eventCmd.AddCommand(disableEventCmd)
+
+	listEventCmd.Flags().StringVarP(&formatFlag, "format", "f", formatter.FormatTable, "Output format (json|table)")
+	describeEventCmd.Flags().StringVarP(&formatFlag, "format", "f", formatter.FormatTable, "Output format (json|table)")
+}
+
+var listEventCmd = &cobra.Command{
+	Use:   "list",
+	Short: "List available events",
+	Long:  `Lists all available event definitions (built-in and plugin-defined), providing a brief summary of each.`,
+	Args:  cobra.NoArgs,
+	Run: func(cmd *cobra.Command, args []string) {
+		listEvents(cmd, args)
+	},
+}
+var describeEventCmd = &cobra.Command{
+	Use:   "describe <event_name>",
+	Short: "Describe an event",
+	Long:  `Retrieves the detailed definition of a specific event, including its fields, types, and other metadata.`,
+	Args:  cobra.ExactArgs(1),
+	Run: func(cmd *cobra.Command, args []string) {
+		eventDescriptions(cmd, args)
+	},
+}
+var enableEventCmd = &cobra.Command{
+	Use:   "enable <event_name>",
+	Short: "Enable an event",
+	Long:  `Enables capturing of a specific event type.`,
+	Args:  cobra.ExactArgs(1),
+	Run: func(cmd *cobra.Command, args []string) {
+		enableEvents(cmd, args[0])
+	},
+}
+var disableEventCmd = &cobra.Command{
+	Use:   "disable <event_name>",
+	Short: "Disable an event",
+	Long:  `Disables capturing of a specific event type.`,
+	Args:  cobra.ExactArgs(1),
+	Run: func(cmd *cobra.Command, args []string) {
+		disableEvents(cmd, args[0])
+	},
+}
+
+func listEvents(cmd *cobra.Command, args []string) {
+	traceeClient, err := client.NewServiceClient(server)
+	if err != nil {
+		cmd.PrintErrln("Error creating client: ", err)
+		return
+	}
+	defer traceeClient.CloseConnection()
+
+	response, err := traceeClient.GetEventDefinitions(context.Background(), &pb.GetEventDefinitionsRequest{EventNames: args})
+	if err != nil {
+		cmd.PrintErrln("Error getting event definitions: ", err)
+		return
+	}
+	format, err := formatter.NewFormatter(formatFlag, cmd)
+	if err != nil {
+		cmd.PrintErrln("Error creating formatter: ", err)
+		return
+	}
+	switch format.GetFormat() {
+	case formatter.FormatJson:
+		format.PrintJson(response)
+	case formatter.FormatTable:
+		format.PrintTableHeaders([]string{"ID", "Name", "Version", "Tags"})
+		for _, event := range response.Definitions {
+			// remove descriptions
+			format.PrintTableRow(prepareDescription(event)[:4])
+		}
+	default:
+		cmd.PrintErrln("output format not supported")
+		return
+	}
+}
+
+func eventDescriptions(cmd *cobra.Command, args []string) {
+	traceeClient, err := client.NewServiceClient(server)
+	if err != nil {
+		cmd.PrintErrln("Error creating client: ", err)
+		return
+	}
+	defer traceeClient.CloseConnection()
+
+	response, err := traceeClient.GetEventDefinitions(context.Background(), &pb.GetEventDefinitionsRequest{EventNames: args})
+	if err != nil {
+		cmd.PrintErrln("Error getting event definitions: ", err)
+		return
+	}
+	format, err := formatter.NewFormatter(formatFlag, cmd)
+	if err != nil {
+		cmd.PrintErrln("Error creating formatter: ", err)
+		return
+	}
+	switch format.GetFormat() {
+	case formatter.FormatJson:
+		format.PrintJson(response)
+	case formatter.FormatTable:
+		format.PrintTableHeaders([]string{"ID", "Name", "Version", "Tags", "Description"})
+		for _, event := range response.Definitions {
+			format.PrintTableRow(prepareDescription(event))
+		}
+	default:
+		cmd.PrintErrln("output format not supported")
+		return
+	}
+}
+func prepareDescription(event *pb.EventDefinition) []string {
+	return []string{
+		strconv.Itoa(int(event.Id)),
+		event.Name,
+		fmt.Sprintf("%d.%d.%d", event.Version.Major, event.Version.Minor, event.Version.Patch),
+		strings.Join(event.Tags, ", "),
+		event.Description,
+	}
+}
+func enableEvents(cmd *cobra.Command, eventName string) {
+	traceeClient, err := client.NewServiceClient(server)
+	if err != nil {
+		cmd.PrintErrln("Error creating client: ", err)
+		return
+	}
+	defer traceeClient.CloseConnection()
+
+	_, err = traceeClient.EnableEvent(context.Background(), &pb.EnableEventRequest{Name: eventName})
+	if err != nil {
+		cmd.PrintErrln("Error enabling event:", err)
+		return
+	}
+	cmd.Printf("Enabled event: %s\n", eventName)
+}
+func disableEvents(cmd *cobra.Command, eventName string) {
+	traceeClient, err := client.NewServiceClient(server)
+	if err != nil {
+		cmd.PrintErrln("Error creating client: ", err)
+		return
+	}
+	defer traceeClient.CloseConnection()
+	_, err = traceeClient.DisableEvent(context.Background(), &pb.DisableEventRequest{Name: eventName})
+	if err != nil {
+		cmd.PrintErrln("Error disabling event:", err)
+		return
+	}
+	cmd.Printf("Disabled event: %s\n", eventName)
+}
diff --git a/cmd/traceectl/cmd/event_test.go b/cmd/traceectl/cmd/event_test.go
@@ -0,0 +1,64 @@
+package cmd
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/test"
+)
+
+func TestEvent(t *testing.T) {
+	eventTests := []test.TestCase{
+		{
+			TestName:        "event",
+			OutputSlice:     []string{"event"},
+			ExpectedPrinter: nil,
+			ExpectedError:   fmt.Errorf("requires at least 1 arg(s), only received 0"),
+		},
+		{
+			TestName:        "events list",
+			OutputSlice:     []string{"event", "list", "--format", "json"},
+			ExpectedPrinter: "",
+			ExpectedError:   nil,
+		},
+		{
+			TestName:        "No events describe",
+			OutputSlice:     []string{"event", "describe", "--format", "json"},
+			ExpectedPrinter: nil,
+			ExpectedError:   fmt.Errorf("accepts 1 arg(s), received 0"),
+		},
+		{
+			TestName:        "describe <event_test1>",
+			OutputSlice:     []string{"event", "describe", "event_test1", "--format", "json"},
+			ExpectedPrinter: "event_test1",
+			ExpectedError:   nil,
+		},
+		{
+			TestName:        "No events enable",
+			OutputSlice:     []string{"event", "enable"},
+			ExpectedPrinter: nil,
+			ExpectedError:   fmt.Errorf("accepts 1 arg(s), received 0"),
+		},
+		{
+			TestName:        "enable event",
+			OutputSlice:     []string{"event", "enable", "event"},
+			ExpectedPrinter: "Enabled event: event",
+			ExpectedError:   nil,
+		},
+		{
+			TestName:        "No disable events",
+			OutputSlice:     []string{"event", "disable"},
+			ExpectedPrinter: nil,
+			ExpectedError:   fmt.Errorf("accepts 1 arg(s), received 0"),
+		},
+		{
+			TestName:        "disable event",
+			OutputSlice:     []string{"event", "disable", "event"},
+			ExpectedPrinter: "Disabled event: event",
+			ExpectedError:   nil,
+		},
+	}
+	for _, testCase := range eventTests {
+		t.Run(testCase.TestName, func(t *testing.T) { test.TestCommand(t, testCase, rootCmd) })
+	}
+}
diff --git a/cmd/traceectl/cmd/root.go b/cmd/traceectl/cmd/root.go
@@ -0,0 +1,123 @@
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/spf13/cobra"
+
+	pb "github.com/aquasecurity/tracee/api/v1beta1"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/client"
+	"github.com/aquasecurity/tracee/cmd/traceectl/pkg/cmd/flags"
+)
+
+var (
+	formatFlag string
+	outputFlag string
+	server     client.ServerInfo = client.ServerInfo{
+		ConnectionType: client.Protocol_UNIX,
+		Addr:           client.Socket,
+	}
+)
+
+var (
+	rootCmd = &cobra.Command{
+		Use:   "traceectl [flags] [command]",
+		Short: "traceectl is a CLI tool for tracee",
+		Long: `traceectl is a CLI tool for tracee:
+This tool allows you to manage events, stream events directly from tracee, and get info about tracee.
+`,
+		PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+			var err error
+			if err = flags.PrepareOutput(cmd, outputFlag); err != nil {
+				return err
+			}
+			if server, err = flags.PrepareServer(cmd, server); err != nil {
+				return err
+			}
+			return nil
+		},
+		Run: func(cmd *cobra.Command, args []string) {
+			cmd.Help()
+		},
+	}
+)
+
+func init() {
+	rootCmd.AddCommand(streamCmd)
+	rootCmd.AddCommand(eventCmd)
+	rootCmd.AddCommand(metricsCmd)
+	rootCmd.AddCommand(versionCmd)
+
+	rootCmd.PersistentFlags().StringVar(&server.Addr, "server", client.Socket, `Server connection path or address.
+	for unix socket <socket_path> (default: /tmp/tracee.sock)
+	for tcp <IP:Port>`)
+	rootCmd.PersistentFlags().StringVarP(&outputFlag, "output", "o", "", "Specify the output format")
+}
+
+var metricsCmd = &cobra.Command{
+	Use:   "metrics [--output <format>]",
+	Short: "Display Tracee metrics",
+	Long:  "Retrieves metrics about Tracee's performance and resource usage.",
+	Run: func(cmd *cobra.Command, args []string) {
+		displayMetrics(cmd, args)
+	},
+}
+
+var versionCmd = &cobra.Command{
+	Use:   "version",
+	Short: "Display the version of tracee",
+	Long:  "This is the version of the tracee application you connected to",
+	Run: func(cmd *cobra.Command, args []string) {
+		displayVersion(cmd, args)
+	},
+}
+
+func Execute() {
+	if err := rootCmd.Execute(); err != nil {
+		os.Exit(1)
+	}
+}
+
+func displayMetrics(cmd *cobra.Command, _ []string) {
+	traceeClient, err := client.NewDiagnosticClient(server)
+	if err != nil {
+		cmd.PrintErrln("Error creating client: ", err)
+		return
+	}
+	defer traceeClient.CloseConnection()
+
+	response, err := traceeClient.GetMetrics(context.Background(), &pb.GetMetricsRequest{})
+	if err != nil {
+		cmd.PrintErrln("Error getting metrics: ", err)
+		return
+	}
+
+	fmt.Fprintf(cmd.OutOrStdout(), "EventCount: %d\n", response.EventCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "EventsFiltered: %d\n", response.EventsFiltered)
+	fmt.Fprintf(cmd.OutOrStdout(), "NetCapCount: %d\n", response.NetCapCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "BPFLogsCount: %d\n", response.BPFLogsCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "ErrorCount: %d\n", response.ErrorCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "LostEvCount: %d\n", response.LostEvCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "LostWrCount: %d\n", response.LostWrCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "LostNtCapCount: %d\n", response.LostNtCapCount)
+	fmt.Fprintf(cmd.OutOrStdout(), "LostBPFLogsCount: %d\n", response.LostBPFLogsCount)
+}
+
+func displayVersion(cmd *cobra.Command, _ []string) {
+	traceeClient, err := client.NewServiceClient(server)
+	if err != nil {
+		cmd.PrintErrln("Error creating client: ", err)
+		return
+	}
+	defer traceeClient.CloseConnection()
+
+	response, err := traceeClient.GetVersion(context.Background(), &pb.GetVersionRequest{})
+
+	if err != nil {
+		cmd.PrintErrln("Error getting version: ", err)
+		return
+	}
+	fmt.Fprintf(cmd.OutOrStdout(), "Version: %s\n", response.Version)
+}