Hex-encode/decode the sha256 container ID

threathunters-io · Dec 18, 2023 · 1a1d647 · 1a1d647
1 parent 957f00f
commit 1a1d647
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 23 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -35,6 +35,7 @@ simple_logger = ">= 1"
 syslog = "6"
 thiserror = "1"
 anyhow = "1"
+faster-hex = "0.9"
 
 [target.'cfg(target_os = "linux")'.dependencies]
 caps = "0.5"

diff --git a/src/coalesce.rs b/src/coalesce.rs
@@ -4,6 +4,8 @@ use std::io::Write;
 use std::ops::Range;
 use std::time::{SystemTime, UNIX_EPOCH};
 
+use faster_hex::hex_string;
+
 use serde_json::json;
 
 use crate::constants::{msg_type::*, ARCH_NAMES, SYSCALL_NAMES};
@@ -988,7 +990,7 @@ impl<'a> Coalesce<'a> {
  #[cfg(all(feature = "procfs", target_os = "linux"))]
  if let (true, Some(c)) = (self.settings.enrich_container, &proc.container_info) {
  let mut ci = Record::default();
- let r = ci.put(&c.id);
+ let r = ci.put(hex_string(&c.id));
  ci.elems
  .push((Key::Literal("ID"), Value::Str(r, Quote::None)));
  ev.body.insert(CONTAINER_INFO, EventValues::Single(ci));

diff --git a/src/proc.rs b/src/proc.rs
@@ -6,7 +6,6 @@ use std::fmt::{self, Display};
 use std::iter::Iterator;
 use std::vec::Vec;
 
-use serde::ser::SerializeMap;
 use serde::{Serialize, Serializer};
 
 use crate::label_matcher::LabelMatcher;
@@ -15,21 +14,12 @@ use crate::types::EventID;
 #[cfg(all(feature = "procfs", target_os = "linux"))]
 use crate::procfs;
 
-#[derive(Clone, Debug, Default)]
+#[derive(Clone, Debug, Default, Serialize)]
 pub struct ContainerInfo {
+ #[serde(with = "faster_hex::nopfx_lowercase")]
  pub id: Vec<u8>,
 }
 
-impl Serialize for ContainerInfo {
- fn serialize<S: Serializer>(&self, s: S) -> Result<S::Ok, S::Error> {
- let mut map = s.serialize_map(Some(1))?;
- // safety: id contains entirely of hex-digits
- let converted = unsafe { std::str::from_utf8_unchecked(&self.id) };
- map.serialize_entry("id", converted)?;
- map.end()
- }
-}
-
 /// Host-unique identifier for processes
 #[derive(Clone, Copy, Debug, PartialEq, Eq)]
 pub enum ProcessKey {

diff --git a/src/procfs.rs b/src/procfs.rs
@@ -5,6 +5,7 @@ use std::os::unix::ffi::OsStrExt;
 use std::path::Path;
 use std::str::FromStr;
 
+use faster_hex::hex_decode;
 use lazy_static::lazy_static;
 use nix::sys::time::TimeSpec;
 use nix::time::{clock_gettime, ClockId};
@@ -178,15 +179,13 @@ pub(crate) fn parse_proc_pid(pid: u32) -> Result<ProcPidInfo, ProcFSError> {
  })
 }
 
-fn extract_sha256(buf: &[u8]) -> Option<&[u8]> {
- if buf.len() < 64 {
- None
- } else if buf[buf.len() - 64..].iter().all(u8::is_ascii_hexdigit) {
- Some(&buf[buf.len() - 64..])
- } else if buf[..64].iter().all(u8::is_ascii_hexdigit) {
- Some(&buf[..64])
- } else {
- None
+fn extract_sha256(buf: &[u8]) -> Option<Vec<u8>> {
+ let mut dec = [0u8; 32];
+ match buf.len() {
+ n if n < 64 => None,
+ _ if hex_decode(&buf[buf.len() - 64..], &mut dec).is_ok() => Some(Vec::from(dec)),
+ _ if hex_decode(&buf[..64], &mut dec).is_ok() => Some(Vec::from(dec)),
+ _ => None,
  }
 }
 
@@ -209,7 +208,7 @@ fn parse_cgroup_buf(buf: &[u8]) -> Result<Option<Vec<u8>>, ProcFSError> {
  };
  match extract_sha256(fragment) {
  None => continue,
- Some(id) => return Ok(Some(Vec::from(id))),
+ Some(id) => return Ok(Some(id)),
  }
  }
  }