fix(plugins/container): redefine port binding port and IP as integers

ekoops · ekoops · commit 77084dbeb834 · 2025-06-03T09:58:37.000+02:00
Signed-off-by: Leonardo Di Giovanna &lt;leonardodigiovanna1@gmail.com&gt;
diff --git a/plugins/container/go-worker/pkg/container/docker.go b/plugins/container/go-worker/pkg/container/docker.go
@@ -4,13 +4,15 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/events"
 	"github.com/docker/docker/api/types/filters"
 	"github.com/docker/docker/client"
 	"github.com/falcosecurity/plugins/plugins/container/go-worker/pkg/config"
 	"github.com/falcosecurity/plugins/plugins/container/go-worker/pkg/event"
+	"strconv"
 	"strings"
 	"sync"
 	"time"
@@ -102,7 +104,7 @@ func parseHealthcheckProbe(hcheck *container.HealthConfig) *event.Probe {
 	return &p
 }
 
-func (dc *dockerEngine) ctrToInfo(ctx context.Context, ctr types.ContainerJSON) event.Info {
+func (dc *dockerEngine) ctrToInfo(ctx context.Context, ctr types.ContainerJSON) (*event.Info, error) {
 	hostCfg := ctr.HostConfig
 	if hostCfg == nil {
 		hostCfg = &container.HostConfig{
@@ -139,9 +141,22 @@ func (dc *dockerEngine) ctrToInfo(ctx context.Context, ctr types.ContainerJSON)
 		}
 		containerPort := port.Int()
 		for _, portBinding := range portBindings {
+			rawHostIP, rawHostPort := portBinding.HostIP, portBinding.HostPort
+			hostIP, err := strconv.ParseUint(rawHostIP, 10, 32)
+			if err != nil {
+				return nil, fmt.Errorf("error converting port binding's host IP %s into 32-bit unsigned integer: %w",
+					rawHostIP, err)
+			}
+
+			hostPort, err := strconv.ParseUint(rawHostPort, 10, 16)
+			if err != nil {
+				return nil, fmt.Errorf("error converting port binding's port %s into 16-bit unsigned integer: %w",
+					rawHostPort, err)
+			}
+
 			portMappings = append(portMappings, event.PortMapping{
-				HostIp:        portBinding.HostIP,
-				HostPort:      portBinding.HostPort,
+				HostIP:        (uint32)(hostIP),
+				HostPort:      (uint16)(hostPort),
 				ContainerPort: containerPort,
 			})
 		}
@@ -259,7 +274,7 @@ func (dc *dockerEngine) ctrToInfo(ctx context.Context, ctr types.ContainerJSON)
 		size = *ctr.SizeRw
 	}
 
-	return event.Info{
+	return &event.Info{
 		Container: event.Container{
 			Type:             typeDocker.ToCTValue(),
 			ID:               shortContainerID(ctr.ID),
@@ -293,17 +308,23 @@ func (dc *dockerEngine) ctrToInfo(ctx context.Context, ctr types.ContainerJSON)
 			ReadinessProbe:   readinessProbe,
 			HealthcheckProbe: healthcheckProbe,
 		},
-	}
+	}, nil
 }
 
 func (dc *dockerEngine) get(ctx context.Context, containerId string) (*event.Event, error) {
 	ctrJson, _, err := dc.ContainerInspectWithRaw(ctx, containerId, config.GetWithSize())
 	if err != nil {
 		return nil, err
 	}
+
+	info, err := dc.ctrToInfo(ctx, ctrJson)
+	if err != nil {
+		return nil, fmt.Errorf("error converting container to info: %w", err)
+	}
+
 	return &event.Event{
+		Info:     *info,
 		IsCreate: true,
-		Info:     dc.ctrToInfo(ctx, ctrJson),
 	}, nil
 }
 
@@ -340,9 +361,14 @@ func (dc *dockerEngine) List(ctx context.Context) ([]event.Event, error) {
 				IsCreate: true,
 			}
 		}
+		info, err := dc.ctrToInfo(ctx, ctrJson)
+		if err != nil {
+			return nil, fmt.Errorf("error converting container %s (index %d) to info: %w", ctr.ID, idx, err)
+		}
+
 		evts[idx] = event.Event{
+			Info:     *info,
 			IsCreate: true,
-			Info:     dc.ctrToInfo(ctx, ctrJson),
 		}
 	}
 	return evts, nil
@@ -379,17 +405,20 @@ func (dc *dockerEngine) Listen(ctx context.Context, wg *sync.WaitGroup) (<-chan
 				case events.ActionCreate, events.ActionStart:
 					ctrJson, _, err = dc.ContainerInspectWithRaw(ctx, msg.Actor.ID, config.GetWithSize())
 					if err == nil {
-						outCh <- event.Event{
-							Info:     dc.ctrToInfo(ctx, ctrJson),
-							IsCreate: true,
+						var info *event.Info
+						if info, err = dc.ctrToInfo(ctx, ctrJson); err == nil {
+							outCh <- event.Event{
+								Info:     *info,
+								IsCreate: true,
+							}
 						}
 					}
 				case events.ActionDestroy:
 					err = errors.New("inspect useless on action destroy")
 				}
 
 				// This is called for ActionDestroy
-				// AND as a fallback whenever ContainerInspectWithRaw fails.
+				// AND as a fallback whenever ContainerInspectWithRaw or dockerEngine.ctrToInfo fail.
 				if err != nil {
 					// At least send an event with the minimum set of data
 					outCh <- event.Event{
diff --git a/plugins/container/go-worker/pkg/container/podman.go b/plugins/container/go-worker/pkg/container/podman.go
@@ -6,6 +6,7 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"github.com/containers/podman/v5/libpod/define"
 	"github.com/containers/podman/v5/pkg/bindings"
 	"github.com/containers/podman/v5/pkg/bindings/containers"
@@ -41,7 +42,7 @@ func (pc *podmanEngine) copy(ctx context.Context) (Engine, error) {
 	return newPodmanEngine(ctx, pc.socket)
 }
 
-func (pc *podmanEngine) ctrToInfo(ctr *define.InspectContainerData) event.Info {
+func (pc *podmanEngine) ctrToInfo(ctr *define.InspectContainerData) (*event.Info, error) {
 	cfg := ctr.Config
 	if cfg == nil {
 		cfg = &define.InspectContainerConfig{}
@@ -80,9 +81,22 @@ func (pc *podmanEngine) ctrToInfo(ctr *define.InspectContainerData) event.Info {
 			continue
 		}
 		for _, portBinding := range portBindings {
+			rawHostIP, rawHostPort := portBinding.HostIP, portBinding.HostPort
+			hostIP, err := strconv.ParseUint(rawHostIP, 10, 32)
+			if err != nil {
+				return nil, fmt.Errorf("error converting port binding's host IP %s into 32-bit unsigned integer: %w",
+					rawHostIP, err)
+			}
+
+			hostPort, err := strconv.ParseUint(rawHostPort, 10, 16)
+			if err != nil {
+				return nil, fmt.Errorf("error converting port binding's port %s into 16-bit unsigned integer: %w",
+					rawHostPort, err)
+			}
+
 			portMappings = append(portMappings, event.PortMapping{
-				HostIp:        portBinding.HostIP,
-				HostPort:      portBinding.HostPort,
+				HostIP:        (uint32)(hostIP),
+				HostPort:      (uint16)(hostPort),
 				ContainerPort: containerPort,
 			})
 		}
@@ -149,7 +163,7 @@ func (pc *podmanEngine) ctrToInfo(ctr *define.InspectContainerData) event.Info {
 		size = *ctr.SizeRw
 	}
 
-	return event.Info{
+	return &event.Info{
 		Container: event.Container{
 			Type:             typePodman.ToCTValue(),
 			ID:               shortContainerID(ctr.ID),
@@ -183,7 +197,7 @@ func (pc *podmanEngine) ctrToInfo(ctr *define.InspectContainerData) event.Info {
 			ReadinessProbe:   readinessProbe,
 			HealthcheckProbe: healthcheckProbe,
 		},
-	}
+	}, nil
 }
 
 func (pc *podmanEngine) get(_ context.Context, containerId string) (*event.Event, error) {
@@ -192,8 +206,14 @@ func (pc *podmanEngine) get(_ context.Context, containerId string) (*event.Event
 	if err != nil {
 		return nil, err
 	}
+
+	info, err := pc.ctrToInfo(ctrInfo)
+	if err != nil {
+		return nil, fmt.Errorf("error converting container to info: %w", err)
+	}
+
 	return &event.Event{
-		Info:     pc.ctrToInfo(ctrInfo),
+		Info:     *info,
 		IsCreate: true,
 	}, nil
 }
@@ -214,7 +234,7 @@ func (pc *podmanEngine) List(_ context.Context) ([]event.Event, error) {
 	if err != nil {
 		return nil, err
 	}
-	for _, c := range cList {
+	for idx, c := range cList {
 		ctrInfo, err := containers.Inspect(pc.pCtx, c.ID, &containers.InspectOptions{Size: &size})
 		if err != nil {
 			evts = append(evts, event.Event{
@@ -231,8 +251,13 @@ func (pc *podmanEngine) List(_ context.Context) ([]event.Event, error) {
 				IsCreate: true,
 			})
 		} else {
+			info, err := pc.ctrToInfo(ctrInfo)
+			if err != nil {
+				return nil, fmt.Errorf("error converting container %s (index %d) to info: %w", ctrInfo.ID, idx, err)
+			}
+
 			evts = append(evts, event.Event{
-				Info:     pc.ctrToInfo(ctrInfo),
+				Info:     *info,
 				IsCreate: true,
 			})
 		}
@@ -290,17 +315,20 @@ func (pc *podmanEngine) Listen(ctx context.Context, wg *sync.WaitGroup) (<-chan
 				case events.ActionCreate, events.ActionStart:
 					ctr, err = containers.Inspect(pc.pCtx, ev.Actor.ID, &containers.InspectOptions{Size: &size})
 					if err == nil {
-						outCh <- event.Event{
-							Info:     pc.ctrToInfo(ctr),
-							IsCreate: true,
+						var info *event.Info
+						if info, err = pc.ctrToInfo(ctr); err == nil {
+							outCh <- event.Event{
+								Info:     *info,
+								IsCreate: true,
+							}
 						}
 					}
 				case events.ActionRemove:
 					err = errors.New("inspect useless on action destroy")
 				}
 
 				// This is called for ActionRemove
-				// AND as a fallback whenever Inspect fails.
+				// AND as a fallback whenever Inspect or podmanEngine.ctrToInfo fail.
 				if err != nil {
 					// At least send an event with the minimal set of data
 					outCh <- event.Event{
diff --git a/plugins/container/go-worker/pkg/event/event.go b/plugins/container/go-worker/pkg/event/event.go
@@ -3,8 +3,8 @@ package event
 import "encoding/json"
 
 type PortMapping struct {
-	HostIp        string `json:"HostIp"`
-	HostPort      string `json:"HostPort"`
+	HostIP        uint32 `json:"HostIp"`
+	HostPort      uint16 `json:"HostPort"`
 	ContainerPort int    `json:"ContainerPort"`
 }
 

Original file line number	Diff line number	Diff line change
`@@ -3,8 +3,8 @@ package event`
`3`	`3`	`import "encoding/json"`
`4`	`4`
`5`	`5`	`type PortMapping struct {`
`6`		- HostIp string `json:"HostIp"`
`7`		- HostPort string `json:"HostPort"`
	`6`	+ HostIP uint32 `json:"HostIp"`
	`7`	+ HostPort uint16 `json:"HostPort"`
`8`	`8`	ContainerPort int `json:"ContainerPort"`
`9`	`9`	`}`
`10`	`10`