Add containerName

Signed-off-by: jnathangreeg <[email protected]>
kubescape · Aug 25, 2024 · 7833b9e · 7833b9e
1 parent 1adea67
commit 7833b9e
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 10 deletions.
diff --git a/admission/rules/v1/r2000_exec_to_pod.go b/admission/rules/v1/r2000_exec_to_pod.go
@@ -77,6 +77,13 @@ func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access inte
 		return nil
 	}
 
+	object := event.GetObject().(*unstructured.Unstructured)
+	containerName, isOk, err := unstructured.NestedString(object.Object, "container")
+	if !isOk || err != nil {
+		logger.L().Error("Failed to get container name", helpers.Error(err))
+		containerName = ""
+	}
+
 	ruleFailure := GenericRuleFailure{
 		BaseRuntimeAlert: apitypes.BaseRuntimeAlert{
 			AlertName:      rule.Name(),
@@ -90,7 +97,7 @@ func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access inte
 			RequestNamespace: event.GetNamespace(),
 			Resource:         event.GetResource(),
 			Operation:        event.GetOperation(),
-			Object:           event.GetObject().(*unstructured.Unstructured),
+			Object:           object,
 			Subresource:      event.GetSubresource(),
 			UserInfo: &user.DefaultInfo{
 				Name:   event.GetUserInfo().GetName(),
@@ -107,14 +114,13 @@ func (rule *R2000ExecToPod) ProcessEvent(event admission.Attributes, access inte
 			RuleDescription: fmt.Sprintf("Exec to pod detected on pod %s", event.GetName()),
 		},
 		RuntimeAlertK8sDetails: apitypes.RuntimeAlertK8sDetails{
-			PodName:   event.GetName(),
-			Namespace: event.GetNamespace(),
-			PodNamespace: 	event.GetNamespace(),
+			PodName:           event.GetName(),
+			Namespace:         event.GetNamespace(),
 			WorkloadName:      workloadName,
 			WorkloadNamespace: workloadNamespace,
 			WorkloadKind:      workloadKind,
 			NodeName:          nodeName,
-
+			ContainerName:     containerName,
 		},
 		RuleID: R2000ID,
 	}

diff --git a/admission/rules/v1/r2000_exec_to_pod_test.go b/admission/rules/v1/r2000_exec_to_pod_test.go
@@ -41,7 +41,6 @@ func TestR2000(t *testing.T) {
 	result := rule.ProcessEvent(event, objectcache.KubernetesCacheMockImpl{})
 
 	assert.NotNil(t, result)
-	assert.Equal(t, "test-namespace", result.GetRuntimeAlertK8sDetails().PodNamespace)
 	assert.Equal(t, "test-workload", result.GetRuntimeAlertK8sDetails().WorkloadName)
 	assert.Equal(t, "test-namespace", result.GetRuntimeAlertK8sDetails().WorkloadNamespace)
 	assert.Equal(t, "ReplicaSet", result.GetRuntimeAlertK8sDetails().WorkloadKind)

diff --git a/admission/rules/v1/r2001_portforward.go b/admission/rules/v1/r2001_portforward.go
@@ -76,6 +76,12 @@ func (rule *R2001PortForward) ProcessEvent(event admission.Attributes, access in
 		logger.L().Error("Failed to get parent workload details", helpers.Error(err))
 		return nil
 	}
+	object := event.GetObject().(*unstructured.Unstructured)
+	containerName, isOk, err := unstructured.NestedString(object.Object, "container")
+	if !isOk || err != nil {
+		logger.L().Error("Failed to get container name", helpers.Error(err))
+		containerName = ""
+	}
 
 	ruleFailure := GenericRuleFailure{
 		BaseRuntimeAlert: apitypes.BaseRuntimeAlert{
@@ -90,7 +96,7 @@ func (rule *R2001PortForward) ProcessEvent(event admission.Attributes, access in
 			RequestNamespace: event.GetNamespace(),
 			Resource:         event.GetResource(),
 			Operation:        event.GetOperation(),
-			Object:           event.GetObject().(*unstructured.Unstructured),
+			Object:           object,
 			Subresource:      event.GetSubresource(),
 			UserInfo: &user.DefaultInfo{
 				Name:   event.GetUserInfo().GetName(),
@@ -109,12 +115,11 @@ func (rule *R2001PortForward) ProcessEvent(event admission.Attributes, access in
 		RuntimeAlertK8sDetails: apitypes.RuntimeAlertK8sDetails{
 			PodName:           event.GetName(),
 			Namespace:         event.GetNamespace(),
-			PodNamespace: 	event.GetNamespace(),
 			WorkloadName:      workloadName,
 			WorkloadNamespace: workloadNamespace,
 			WorkloadKind:      workloadKind,
 			NodeName:          nodeName,
-
+			ContainerName:     containerName,
 		},
 		RuleID: R2001ID,
 	}

diff --git a/admission/rules/v1/r2001_portforward_test.go b/admission/rules/v1/r2001_portforward_test.go
@@ -41,7 +41,6 @@ func TestR2001(t *testing.T) {
 	result := rule.ProcessEvent(event, objectcache.KubernetesCacheMockImpl{})
 
 	assert.NotNil(t, result)
-	assert.Equal(t, "test-namespace", result.GetRuntimeAlertK8sDetails().PodNamespace)
 	assert.Equal(t, "test-workload", result.GetRuntimeAlertK8sDetails().WorkloadName)
 	assert.Equal(t, "test-namespace", result.GetRuntimeAlertK8sDetails().WorkloadNamespace)
 	assert.Equal(t, "ReplicaSet", result.GetRuntimeAlertK8sDetails().WorkloadKind)