From 32887a0f100d54bb7cd6c9a0554c6ee82875409f Mon Sep 17 00:00:00 2001
From: fallwith <fallwith@gmail.com>
Date: Tue, 24 Oct 2023 09:19:13 -0700
Subject: [PATCH] docker container id: ensure sha256 format

update the Docker cgroups v2 container id regex to insist on a sha256
formatted id string
---
 lib/new_relic/agent/system_info.rb       |  4 +++-
 test/new_relic/agent/system_info_test.rb | 18 ++++++++++++++++--
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/lib/new_relic/agent/system_info.rb b/lib/new_relic/agent/system_info.rb
index 062157e6d7..67224dc075 100644
--- a/lib/new_relic/agent/system_info.rb
+++ b/lib/new_relic/agent/system_info.rb
@@ -13,6 +13,8 @@
 module NewRelic
   module Agent
     module SystemInfo
+      DOCKER_CGROUPS_V2_PATTERN = %r{.*/docker/containers/([0-9a-f]{64})/.*}.freeze
+
       def self.ruby_os_identifier
         RbConfig::CONFIG['target_os']
       end
@@ -202,7 +204,7 @@ def self.docker_container_id_for_cgroupsv2
         mountinfo = proc_try_read('/proc/self/mountinfo')
         return unless mountinfo
 
-        Regexp.last_match(1) if mountinfo =~ %r{/docker/containers/([^/]+)/}
+        Regexp.last_match(1) if mountinfo =~ DOCKER_CGROUPS_V2_PATTERN
       end
 
       def self.parse_docker_container_id(cgroup_info)
diff --git a/test/new_relic/agent/system_info_test.rb b/test/new_relic/agent/system_info_test.rb
index 33fc104493..55b49b91c3 100644
--- a/test/new_relic/agent/system_info_test.rb
+++ b/test/new_relic/agent/system_info_test.rb
@@ -92,8 +92,7 @@ def setup
   # BEGIN cgroups v2
   def test_docker_container_id_is_gleaned_from_mountinfo_for_cgroups_v2
     skip_unless_minitest5_or_above
-
-    container_id = "And Autumn leaves lie thick and still o'er land that is lost now"
+    container_id = '3145490ee377105a4d3a7abd55083c61c0c2d616d786614e755176433c648d09'
     mountinfo = "line1\nline2\n/docker/containers/#{container_id}/other/content\nline4\nline5"
     NewRelic::Agent::SystemInfo.stub :ruby_os_identifier, 'linux' do
       NewRelic::Agent::SystemInfo.stub :proc_try_read, mountinfo, %w[/proc/self/mountinfo] do
@@ -101,6 +100,21 @@ def test_docker_container_id_is_gleaned_from_mountinfo_for_cgroups_v2
       end
     end
   end
+
+  def test_docker_container_id_must_match_sha_256_format
+    skip_unless_minitest5_or_above
+    bogus_container_ids = %w[3145490ee377105a4d3a7abd55083c61c0c2d616d786614e755176433c648d0
+      3145490ee377105a4d3a7abd55083c61c0c2d616d78g614e755176433c648d09
+      3145490ee377105a4d3a7abd55083C61c0c2d616d786614e755176433c648d09]
+    bogus_container_ids.each do |id|
+      mountinfo = "line1\nline2\n/docker/containers/#{id}/other/content\nline4\nline5"
+      NewRelic::Agent::SystemInfo.stub :ruby_os_identifier, 'linux' do
+        NewRelic::Agent::SystemInfo.stub :proc_try_read, mountinfo, %w[/proc/self/mountinfo] do
+          refute NewRelic::Agent::SystemInfo.docker_container_id
+        end
+      end
+    end
+  end
   # END cgroups v2
 
   each_cross_agent_test :dir => 'proc_meminfo', :pattern => '*.txt' do |file|