falcosecurity · poiana · Jul 17, 2025 · Jul 17, 2025 · Jul 17, 2025 · Jul 17, 2025
diff --git a/plugins/container/src/caps/async/async.tpp b/plugins/container/src/caps/async/async.tpp
@@ -1,5 +1,7 @@
 #pragma once
 
+#include "container_info_json.h"
+
 #include <libworker.h>
 #include <chrono>
 
@@ -40,7 +42,7 @@ void generate_async_event(const char *json, bool added, bool initial_state)
         //       we need pre-existing containers to be already cached.
         if (initial_state) {
             auto json_event = nlohmann::json::parse(json);
-            auto cinfo = json_event.get<std::shared_ptr<container_info>>();
+            auto cinfo = json_event.get<container_info::ptr_t>();
             s_preexisting_containers[cinfo->m_id] = cinfo;
         }
     }

diff --git a/plugins/container/src/caps/parse/parse.cpp b/plugins/container/src/caps/parse/parse.cpp
@@ -1,4 +1,5 @@
-#include <plugin.h>
+#include "plugin.h"
+#include "container_info_json.h"
 
 //////////////////////////
 // Parse capability
@@ -72,7 +73,7 @@ bool my_plugin::parse_async_event(const falcosecurity::parse_event_input& in)
         return false;
     }
     auto json_event = nlohmann::json::parse(json_charbuf_pointer);
-    auto cinfo = json_event.get<std::shared_ptr<container_info>>();
+    auto cinfo = json_event.get<container_info::ptr_t>();
     if(added)
     {
         m_logger.log(fmt::format("Adding container: {}", cinfo->m_id),
@@ -136,7 +137,7 @@ bool my_plugin::parse_container_json_event(
     std::string json_str = (char*)json_param.param_pointer;
     auto json_event = nlohmann::json::parse(json_str);
 
-    auto cinfo = json_event.get<std::shared_ptr<container_info>>();
+    auto cinfo = json_event.get<container_info::ptr_t>();
     m_logger.log(
             fmt::format("Adding container from old container_json event: {}",
                         cinfo->m_id),
@@ -155,7 +156,7 @@ bool my_plugin::parse_container_json_2_event(
     std::string json_str = (char*)json_param.param_pointer;
     auto json_event = nlohmann::json::parse(json_str);
 
-    auto cinfo = json_event.get<std::shared_ptr<container_info>>();
+    auto cinfo = json_event.get<container_info::ptr_t>();
     m_logger.log(
             fmt::format("Adding container from old container_json_2 event: {}",
                         cinfo->m_id),

diff --git a/plugins/container/src/container_info.h b/plugins/container/src/container_info.h
@@ -1,15 +1,13 @@
 #pragma once
 
-#include <cassert>
+#include "container_type.h"
+
 #include <cstdint>
 #include <map>
 #include <memory>
 #include <list>
 #include <string>
 #include <vector>
-#include <nlohmann/json.hpp>
-#include "container_type.h"
-#include "consts.h"
 
 #define HOST_CONTAINER_ID "host"
 
@@ -88,6 +86,8 @@ class container_health_probe
 class container_info
 {
     public:
+    using ptr_t = std::shared_ptr<container_info>;
+
     container_info():
             m_type(CT_UNKNOWN), m_privileged(false), m_host_pid(false),
             m_host_network(false), m_host_ipc(false), m_memory_limit(0),
@@ -106,7 +106,7 @@ class container_info
     bool is_pod_sandbox() const { return m_is_pod_sandbox; }
 
     // static utilities to build a container_info
-    static std::shared_ptr<container_info> host_container_info()
+    static container_info::ptr_t host_container_info()
     {
         auto host_info = std::make_shared<container_info>();
         host_info->m_id = HOST_CONTAINER_ID;
@@ -130,7 +130,7 @@ class container_info
     std::string m_imagerepo;
     std::string m_imagetag;
     std::string m_imagedigest;
-    std::string m_container_ip; // TODO: to be exposed by state API
+    std::string m_container_ip;
     bool m_privileged;
     bool m_host_pid;
     bool m_host_network;
@@ -150,7 +150,7 @@ class container_info
     std::map<std::string, std::string> m_pod_sandbox_labels;
     std::string m_pod_sandbox_cniresult;
     bool m_is_pod_sandbox;
-    std::string m_container_user; // TODO: to be exposed by state API
+    std::string m_container_user;
 
     /**
      * The time at which the container was created (IN SECONDS), cast from a
@@ -161,15 +161,3 @@ class container_info
     int64_t m_created_time;
     int64_t m_size_rw_bytes; // TODO: to be exposed by state API
 };
-
-/* Nlhomann adapters (implemented by container_info_json.cpp) */
-void from_json(const nlohmann::json& j, container_health_probe& probe);
-void from_json(const nlohmann::json& j, container_mount_info& mount);
-void from_json(const nlohmann::json& j, container_port_mapping& port);
-void from_json(const nlohmann::json& j, std::shared_ptr<container_info>& cinfo);
-
-void to_json(nlohmann::json& j, const container_health_probe& probe);
-void to_json(nlohmann::json& j, const container_mount_info& mount);
-void to_json(nlohmann::json& j, const container_port_mapping& port);
-void to_json(nlohmann::json& j,
-             const std::shared_ptr<const container_info>& cinfo);
diff --git a/plugins/container/src/container_info_json.cpp b/plugins/container/src/container_info_json.cpp
@@ -1,4 +1,4 @@
-#include "container_info.h"
+#include "container_info_json.h"
 
 /*
 {
@@ -87,9 +87,9 @@ void from_json(const nlohmann::json& j, container_port_mapping& port)
     port.m_container_port = j.value("ContainerPort", 0);
 }
 
-void from_json(const nlohmann::json& j, std::shared_ptr<container_info>& cinfo)
+void from_json(const nlohmann::json& j, container_info::ptr_t& cinfo)
 {
-    std::shared_ptr<container_info> info = std::make_shared<container_info>();
+    container_info::ptr_t info = std::make_shared<container_info>();
     const nlohmann::json& container = j["container"];
     info->m_type = container.value("type", CT_UNKNOWN);
     info->m_id = container.value("id", "");

diff --git a/plugins/container/src/container_info_json.h b/plugins/container/src/container_info_json.h
@@ -0,0 +1,16 @@
+#pragma once
+
+#include "container_info.h"
+
+#include <nlohmann/json.hpp>
+
+void from_json(const nlohmann::json& j, container_health_probe& probe);
+void from_json(const nlohmann::json& j, container_mount_info& mount);
+void from_json(const nlohmann::json& j, container_port_mapping& port);
+void from_json(const nlohmann::json& j, container_info::ptr_t& cinfo);
+
+void to_json(nlohmann::json& j, const container_health_probe& probe);
+void to_json(nlohmann::json& j, const container_mount_info& mount);
+void to_json(nlohmann::json& j, const container_port_mapping& port);
+void to_json(nlohmann::json& j,
+             const std::shared_ptr<const container_info>& cinfo);
diff --git a/plugins/container/src/container_type.h b/plugins/container/src/container_type.h
@@ -1,5 +1,7 @@
 #pragma once
 
+#include <string>
+
 enum container_type
 {
     CT_DOCKER = 0,

diff --git a/plugins/container/src/matchers/bpm.cpp b/plugins/container/src/matchers/bpm.cpp
@@ -27,8 +27,7 @@ bool bpm::resolve(const std::string& cgroup, std::string& container_id)
     return false;
 }
 
-std::shared_ptr<container_info>
-bpm::to_container(const std::string& container_id)
+container_info::ptr_t bpm::to_container(const std::string& container_id)
 {
     auto ctr = std::make_shared<container_info>();
     ctr->m_id = container_id;

diff --git a/plugins/container/src/matchers/bpm.h b/plugins/container/src/matchers/bpm.h
@@ -5,6 +5,6 @@
 class bpm : public cgroup_matcher
 {
     bool resolve(const std::string& cgroup, std::string& container_id) override;
-    std::shared_ptr<container_info>
+    container_info::ptr_t
     to_container(const std::string& container_id) override;
 };
diff --git a/plugins/container/src/matchers/libvirt_lxc.cpp b/plugins/container/src/matchers/libvirt_lxc.cpp
@@ -52,8 +52,7 @@ bool libvirt_lxc::resolve(const std::string& cgroup, std::string& container_id)
     return false;
 }
 
-std::shared_ptr<container_info>
-libvirt_lxc::to_container(const std::string& container_id)
+container_info::ptr_t libvirt_lxc::to_container(const std::string& container_id)
 {
     auto ctr = std::make_shared<container_info>();
     ctr->m_id = container_id;

diff --git a/plugins/container/src/matchers/libvirt_lxc.h b/plugins/container/src/matchers/libvirt_lxc.h
@@ -5,6 +5,6 @@
 class libvirt_lxc : public cgroup_matcher
 {
     bool resolve(const std::string& cgroup, std::string& container_id) override;
-    std::shared_ptr<container_info>
+    container_info::ptr_t
     to_container(const std::string& container_id) override;
 };
diff --git a/plugins/container/src/matchers/lxc.cpp b/plugins/container/src/matchers/lxc.cpp
@@ -23,8 +23,7 @@ bool lxc::resolve(const std::string& cgroup, std::string& container_id)
     return false;
 }
 
-std::shared_ptr<container_info>
-lxc::to_container(const std::string& container_id)
+container_info::ptr_t lxc::to_container(const std::string& container_id)
 {
     auto ctr = std::make_shared<container_info>();
     ctr->m_id = container_id;

diff --git a/plugins/container/src/matchers/lxc.h b/plugins/container/src/matchers/lxc.h
@@ -5,6 +5,6 @@
 class lxc : public cgroup_matcher
 {
     bool resolve(const std::string& cgroup, std::string& container_id) override;
-    std::shared_ptr<container_info>
+    container_info::ptr_t
     to_container(const std::string& container_id) override;
 };
diff --git a/plugins/container/src/matchers/matcher.cpp b/plugins/container/src/matchers/matcher.cpp
@@ -58,7 +58,7 @@ matcher_manager::matcher_manager(const Engines& cfg)
 
 bool matcher_manager::match_cgroup(const std::string& cgroup,
                                    std::string& container_id,
-                                   std::shared_ptr<container_info>& ctr)
+                                   container_info::ptr_t& ctr)
 {
     for(const auto& matcher : m_matchers)
     {

diff --git a/plugins/container/src/matchers/matcher.h b/plugins/container/src/matchers/matcher.h
@@ -14,8 +14,7 @@ class cgroup_matcher
     /// and container type). For those, it's ok to immediately send the async
     /// event since we don't have to wait for the go-worker because they are not
     /// implemented in listener mode.
-    virtual std::shared_ptr<container_info>
-    to_container(const std::string& container_id)
+    virtual container_info::ptr_t to_container(const std::string& container_id)
     {
         return nullptr;
     }
@@ -27,7 +26,7 @@ class matcher_manager
     matcher_manager(const Engines& cfg);
 
     bool match_cgroup(const std::string& cgroup, std::string& container_id,
-                      std::shared_ptr<container_info>& ctr);
+                      container_info::ptr_t& ctr);
 
     private:
     std::list<std::shared_ptr<cgroup_matcher>> m_matchers;

diff --git a/plugins/container/src/matchers/static_container.cpp b/plugins/container/src/matchers/static_container.cpp
@@ -84,7 +84,7 @@ bool static_container::resolve(const std::string& cgroup,
     return true;
 }
 
-std::shared_ptr<container_info>
+container_info::ptr_t
 static_container::to_container(const std::string& container_id)
 {
     return m_static_container_info;

diff --git a/plugins/container/src/matchers/static_container.h b/plugins/container/src/matchers/static_container.h
@@ -9,9 +9,9 @@ class static_container : public cgroup_matcher
                      const std::string& image);
 
     bool resolve(const std::string& cgroup, std::string& container_id) override;
-    std::shared_ptr<container_info>
+    container_info::ptr_t
     to_container(const std::string& container_id) override;
 
     private:
-    std::shared_ptr<container_info> m_static_container_info;
+    container_info::ptr_t m_static_container_info;
 };
diff --git a/plugins/container/src/plugin.cpp b/plugins/container/src/plugin.cpp
@@ -171,8 +171,7 @@ FALCOSECURITY_PLUGIN(my_plugin);
 
 std::string my_plugin::compute_container_id_for_thread(
         const falcosecurity::table_entry& thread_entry,
-        const falcosecurity::table_reader& tr,
-        std::shared_ptr<container_info>& info)
+        const falcosecurity::table_reader& tr, container_info::ptr_t& info)
 {
     // retrieve tid cgroups, compute container_id and store it.
     std::string container_id;
@@ -336,7 +335,7 @@ void my_plugin::on_new_process(const falcosecurity::table_entry& thread_entry,
                                const falcosecurity::table_reader& tr,
                                const falcosecurity::table_writer& tw)
 {
-    std::shared_ptr<container_info> info = nullptr;
+    container_info::ptr_t info = nullptr;
     auto container_id = compute_container_id_for_thread(thread_entry, tr, info);
     m_container_id_field.write_value(tw, thread_entry, container_id);
 

diff --git a/plugins/container/src/plugin.h b/plugins/container/src/plugin.h
@@ -107,8 +107,7 @@ class my_plugin
                         const falcosecurity::table_writer& tw);
     std::string compute_container_id_for_thread(
             const falcosecurity::table_entry& thread_entry,
-            const falcosecurity::table_reader& tr,
-            std::shared_ptr<container_info>& info);
+            const falcosecurity::table_reader& tr, container_info::ptr_t& info);
     void
     write_thread_category(const std::shared_ptr<const container_info>& cinfo,
                           const falcosecurity::table_entry& thread_entry,

diff --git a/plugins/container/test/container_info_json.cpp b/plugins/container/test/container_info_json.cpp
@@ -1,5 +1,6 @@
 #include <gtest/gtest.h>
 #include <container_info.h>
+#include <container_info_json.h>
 
 TEST(container_info_json, null_healthcheck)
 {
@@ -46,5 +47,5 @@ TEST(container_info_json, null_healthcheck)
     }
 })";
     auto json_event = nlohmann::json::parse(json);
-    ASSERT_NO_THROW(json_event.get<std::shared_ptr<container_info>>());
+    ASSERT_NO_THROW(json_event.get<container_info::ptr_t>());
 }
diff --git a/plugins/container/test/matchers.cpp b/plugins/container/test/matchers.cpp
@@ -44,7 +44,7 @@ TEST_P(matchers_test, detect_container_id)
     const auto& test_case = GetParam();
 
     std::string container_id;
-    std::shared_ptr<container_info> info;
+    container_info::ptr_t info;
     EXPECT_EQ(m_mgr.match_cgroup(test_case.cgroup, container_id, info),
               test_case.should_match);