chore: move finding event conversion to a package

Opportunistic refactor. Logic does not relate to eBPF and does relate to
event data. Also allows importing this logic without importing eBPF
related code.

pkg/ebpf/signature_engine.go

@@ -7,6 +7,7 @@ import (
 	"github.com/aquasecurity/tracee/pkg/containers"
 	"github.com/aquasecurity/tracee/pkg/dnscache"
 	"github.com/aquasecurity/tracee/pkg/events"
+	"github.com/aquasecurity/tracee/pkg/events/findings"
 	"github.com/aquasecurity/tracee/pkg/logger"
 	"github.com/aquasecurity/tracee/pkg/proctree"
 	"github.com/aquasecurity/tracee/pkg/signatures/engine"
@@ -124,7 +125,7 @@ func (t *Tracee) engineEvents(ctx context.Context, in <-chan *trace.Event) (<-ch
 					continue // might happen during initialization (ctrl+c seg faults)
 				}
 
-				event, err := FindingToEvent(finding)
+				event, err := findings.FindingToEvent(finding)
 				if err != nil {
 					t.handleError(err)
 					continue

pkg/ebpf/finding.go → pkg/events/findings/findings.go

@@ -1,4 +1,4 @@
-package ebpf
+package findings
 
 import (
 	"github.com/aquasecurity/tracee/pkg/errfmt"

pkg/ebpf/finding_test.go → pkg/events/findings/findings_test.go

@@ -1,4 +1,4 @@
-package ebpf
+package findings_test
 
 import (
 	"sort"
@@ -7,6 +7,7 @@ import (
 	"github.com/stretchr/testify/assert"
 
 	"github.com/aquasecurity/tracee/pkg/events"
+	"github.com/aquasecurity/tracee/pkg/events/findings"
 	"github.com/aquasecurity/tracee/types/detect"
 	"github.com/aquasecurity/tracee/types/protocol"
 	"github.com/aquasecurity/tracee/types/trace"
@@ -100,7 +101,7 @@ func TestFindingToEvent(t *testing.T) {
 	}
 
 	finding := createFakeEventAndFinding()
-	got, err := FindingToEvent(&finding)
+	got, err := findings.FindingToEvent(&finding)
 
 	assert.NoError(t, err)