From 1a1d647a4bf40b4164b451c15dde5fbb88c5ffe9 Mon Sep 17 00:00:00 2001
From: Hilko Bengen <bengen@hilluzination.de>
Date: Mon, 18 Dec 2023 17:21:32 +0100
Subject: [PATCH] Hex-encode/decode the sha256 container ID

---
 Cargo.lock      | 10 ++++++++++
 Cargo.toml      |  1 +
 src/coalesce.rs |  4 +++-
 src/proc.rs     | 14 ++------------
 src/procfs.rs   | 19 +++++++++----------
 5 files changed, 25 insertions(+), 23 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 6bca5ba..07d217b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -205,6 +205,15 @@ dependencies = [
  "uuid",
 ]
 
+[[package]]
+name = "faster-hex"
+version = "0.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2a2b11eda1d40935b26cf18f6833c526845ae8c41e58d09af6adeb6f0269183"
+dependencies = [
+ "serde",
+]
+
 [[package]]
 name = "getopts"
 version = "0.2.21"
@@ -315,6 +324,7 @@ dependencies = [
  "bindgen",
  "caps",
  "exacl",
+ "faster-hex",
  "getopts",
  "gperftools",
  "indexmap",
diff --git a/Cargo.toml b/Cargo.toml
index c47cbbd..fc1609d 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -35,6 +35,7 @@ simple_logger = ">= 1"
 syslog = "6"
 thiserror = "1"
 anyhow = "1"
+faster-hex = "0.9"
 
 [target.'cfg(target_os = "linux")'.dependencies]
 caps = "0.5"
diff --git a/src/coalesce.rs b/src/coalesce.rs
index c109932..09be331 100644
--- a/src/coalesce.rs
+++ b/src/coalesce.rs
@@ -4,6 +4,8 @@ use std::io::Write;
 use std::ops::Range;
 use std::time::{SystemTime, UNIX_EPOCH};
 
+use faster_hex::hex_string;
+
 use serde_json::json;
 
 use crate::constants::{msg_type::*, ARCH_NAMES, SYSCALL_NAMES};
@@ -988,7 +990,7 @@ impl<'a> Coalesce<'a> {
                 #[cfg(all(feature = "procfs", target_os = "linux"))]
                 if let (true, Some(c)) = (self.settings.enrich_container, &proc.container_info) {
                     let mut ci = Record::default();
-                    let r = ci.put(&c.id);
+                    let r = ci.put(hex_string(&c.id));
                     ci.elems
                         .push((Key::Literal("ID"), Value::Str(r, Quote::None)));
                     ev.body.insert(CONTAINER_INFO, EventValues::Single(ci));
diff --git a/src/proc.rs b/src/proc.rs
index c388277..54c6e68 100644
--- a/src/proc.rs
+++ b/src/proc.rs
@@ -6,7 +6,6 @@ use std::fmt::{self, Display};
 use std::iter::Iterator;
 use std::vec::Vec;
 
-use serde::ser::SerializeMap;
 use serde::{Serialize, Serializer};
 
 use crate::label_matcher::LabelMatcher;
@@ -15,21 +14,12 @@ use crate::types::EventID;
 #[cfg(all(feature = "procfs", target_os = "linux"))]
 use crate::procfs;
 
-#[derive(Clone, Debug, Default)]
+#[derive(Clone, Debug, Default, Serialize)]
 pub struct ContainerInfo {
+    #[serde(with = "faster_hex::nopfx_lowercase")]
     pub id: Vec<u8>,
 }
 
-impl Serialize for ContainerInfo {
-    fn serialize<S: Serializer>(&self, s: S) -> Result<S::Ok, S::Error> {
-        let mut map = s.serialize_map(Some(1))?;
-        // safety: id contains entirely of hex-digits
-        let converted = unsafe { std::str::from_utf8_unchecked(&self.id) };
-        map.serialize_entry("id", converted)?;
-        map.end()
-    }
-}
-
 /// Host-unique identifier for processes
 #[derive(Clone, Copy, Debug, PartialEq, Eq)]
 pub enum ProcessKey {
diff --git a/src/procfs.rs b/src/procfs.rs
index 9c2653a..34c4cb1 100644
--- a/src/procfs.rs
+++ b/src/procfs.rs
@@ -5,6 +5,7 @@ use std::os::unix::ffi::OsStrExt;
 use std::path::Path;
 use std::str::FromStr;
 
+use faster_hex::hex_decode;
 use lazy_static::lazy_static;
 use nix::sys::time::TimeSpec;
 use nix::time::{clock_gettime, ClockId};
@@ -178,15 +179,13 @@ pub(crate) fn parse_proc_pid(pid: u32) -> Result<ProcPidInfo, ProcFSError> {
     })
 }
 
-fn extract_sha256(buf: &[u8]) -> Option<&[u8]> {
-    if buf.len() < 64 {
-        None
-    } else if buf[buf.len() - 64..].iter().all(u8::is_ascii_hexdigit) {
-        Some(&buf[buf.len() - 64..])
-    } else if buf[..64].iter().all(u8::is_ascii_hexdigit) {
-        Some(&buf[..64])
-    } else {
-        None
+fn extract_sha256(buf: &[u8]) -> Option<Vec<u8>> {
+    let mut dec = [0u8; 32];
+    match buf.len() {
+        n if n < 64 => None,
+        _ if hex_decode(&buf[buf.len() - 64..], &mut dec).is_ok() => Some(Vec::from(dec)),
+        _ if hex_decode(&buf[..64], &mut dec).is_ok() => Some(Vec::from(dec)),
+        _ => None,
     }
 }
 
@@ -209,7 +208,7 @@ fn parse_cgroup_buf(buf: &[u8]) -> Result<Option<Vec<u8>>, ProcFSError> {
             };
             match extract_sha256(fragment) {
                 None => continue,
-                Some(id) => return Ok(Some(Vec::from(id))),
+                Some(id) => return Ok(Some(id)),
             }
         }
     }