feat: refactor event types to use unified Type structure across events

[cfc4n]

This pull request introduces significant refactoring and enhancements to the event processing system. The primary focus is on standardizing the event type representation, adding a Base structure to events for common metadata, and improving type consistency across the codebase. These changes aim to improve maintainability, readability, and extensibility of the code.

Standardization of Event Type Representation:

• Replaced EventType with Type across all event structures for consistency. (pkg/event_processor/base_event.go, user/event/event_bash.go, user/event/event_gnutls.go, user/event/event_masterkey.go, etc.) [1] [2] [3] [4] [5] [6] [7] [8] [9]

Introduction of Base Structure for Common Metadata:

• Added a reusable Base structure to encapsulate common metadata fields such as Timestamp, UUID, PID, and PName. This structure is now included in various event types (e.g., BashEvent, GnutlsDataEvent, MasterSecretEvent, etc.). (user/event/event_bash.go, user/event/event_gnutls.go, user/event/event_masterkey.go, etc.) [1] [2] [3] [4] [5] [6] [7] [8] [9]

Enhancements to Event Processing Logic:

• Updated the BaseEvent and eventWorker logic to utilize the new Base structure, ensuring consistent handling of event metadata. (pkg/event_processor/base_event.go, pkg/event_processor/iworker.go) [1] [2] [3]

Type Consistency and Field Updates:

• Updated field types for improved precision and consistency, such as changing PID from int32 to int64 in the Base structure. (user/event/event_base.go)
• Added missing imports to support new functionality, such as time for timestamp handling. (user/event/event_bash.go)

Event-Specific Refactoring:

• Refactored event-specific methods (e.g., Base() and EventType()) to align with the new Base structure and Type representation. This was done across multiple event types such as BashEvent, GoTLSEvent, MysqldEvent, and others. (user/event/event_bash.go, user/event/event_gotls.go, user/event/event_mysqld.go, etc.) [1] [2] [3]

These changes collectively improve the modularity and scalability of the event processing system, making it easier to add new event types or modify existing ones in the future.

[github-actions]

Failed to generate code suggestions for PR

[Copilot]

Pull Request Overview

This PR refactors the event type system by replacing EventType with Type across all event structures and introduces a unified Base structure for common event metadata. The changes standardize event handling and improve code consistency throughout the event processing system.

Key changes:

• Renamed EventType to Type across all event structures and constants
• Added a Base structure containing common metadata fields (timestamp, UUID, PID, process name, etc.)
• Updated all event types to implement a new Base() method returning the unified metadata structure

Reviewed Changes

Copilot reviewed 17 out of 17 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
user/module/imodule.go	Updated event type constants from EventType* to Type*
user/event/ievent.go	Renamed EventType to Type and added Base() method to interface
user/event/event_*.go	Updated all event structures to use Type instead of EventType and implement Base() method
user/event/event_base.go	Changed PID field type from int32 to int64 in Base structure
pkg/event_processor/*.go	Updated event processor to use new Type naming and Base structure

[Copilot]

Using time.Now().Unix() in the Base() method creates inconsistent timestamps. Each call to Base() will return a different timestamp, which could cause issues if the method is called multiple times for the same event. Consider storing the timestamp when the event is created or use a field from the event structure.

[Copilot]

Converting ne.Comm[:] directly to string may include null bytes and garbage data. Use the commStr() helper function that properly handles C-style null-terminated strings, similar to other event implementations.

Suggested change

	PName: string(ne.Comm[:]),
	PName: commStr(ne.Comm[:]),

[Copilot]

Converting me.Comm[:] directly to string may include null bytes and garbage data. Use the commStr() helper function that properly handles C-style null-terminated strings, similar to other event implementations.

Suggested change

	PName: string(me.Comm[:]),
	PName: commStr(me.Comm[:]),

[Copilot]

Converting be.Comm[:] directly to string may include null bytes and garbage data. Use the commStr() helper function that properly handles C-style null-terminated strings, similar to other event implementations.

[Copilot]

Converting ge.Comm[:] directly to string may include null bytes and garbage data. Use the commStr() helper function that properly handles C-style null-terminated strings, similar to other event implementations.

Suggested change

	PName: string(ge.Comm[:]),
	PName: commStr(ge.Comm[:]),

[Copilot]

Converting ge.Comm[:] directly to string may include null bytes and garbage data. Use the commStr() helper function that properly handles C-style null-terminated strings, similar to other event implementations.

Suggested change

	PName: string(ge.Comm[:]),
	PName: commStr(ge.Comm[:]),