Added NAP V5 support: Lookup for docker0 interface IP, if configured

kamalchaturvedi · kamalchaturvedi · commit 8a918e51580e · 2026-01-30T16:13:45.000-08:00
diff --git a/internal/datasource/config/nginx_config_parser.go b/internal/datasource/config/nginx_config_parser.go
@@ -73,6 +73,7 @@ var globFunction = func(path string) ([]string, error) {
 type (
 	NginxConfigParser struct {
 		agentConfig *config.Config
+		docker0IP   string
 	}
 )
 
@@ -102,9 +103,35 @@ type createAPIDetailsParams struct {
 func NewNginxConfigParser(agentConfig *config.Config) *NginxConfigParser {
 	return &NginxConfigParser{
 		agentConfig: agentConfig,
+		docker0IP:   getDocker0IP(),
 	}
 }
 
+// getDocker0IP discovers the docker0 interface IP address
+// Returns empty string if docker0 interface is not found
+func getDocker0IP() string {
+	ifaces, err := net.Interfaces()
+	if err != nil {
+		return ""
+	}
+
+	for _, iface := range ifaces {
+		if iface.Name == "docker0" {
+			addrs, err := iface.Addrs()
+			if err != nil {
+				continue
+			}
+			for _, addr := range addrs {
+				if ipnet, ok := addr.(*net.IPNet); ok && ipnet.IP.To4() != nil {
+					return ipnet.IP.String()
+				}
+			}
+		}
+	}
+
+	return ""
+}
+
 func (ncp *NginxConfigParser) Parse(ctx context.Context, instance *mpi.Instance) (*model.NginxConfigContext, error) {
 	configPath, _ := filepath.Abs(instance.GetInstanceRuntime().GetConfigPath())
 
@@ -324,6 +351,10 @@ func (ncp *NginxConfigParser) findLocalSysLogServers(sysLogServer string) string
 		if ip.IsLoopback() || strings.EqualFold(host, "localhost") {
 			return matches[1]
 		}
+
+		if ncp.docker0IP != "" && strings.EqualFold(host, ncp.docker0IP) {
+			return matches[1]
+		}
 	}
 
 	return ""
diff --git a/internal/datasource/config/nginx_config_parser_test.go b/internal/datasource/config/nginx_config_parser_test.go
@@ -9,6 +9,7 @@ import (
 	"bytes"
 	"context"
 	"fmt"
+	"net"
 	"net/http"
 	"net/http/httptest"
 	"os"
@@ -575,6 +576,21 @@ func TestNginxConfigParser_Parse(t *testing.T) {
 			allowedDirectories: []string{dir},
 			expectedLog:        "Found NAP syslog server",
 		},
+		{
+			name:     "Test 10a: NAP V5 syslog server without docker0 interface",
+			instance: protos.NginxPlusInstance([]string{}),
+			content: testconfig.NginxConfigWithMultipleSysLogs(errorLog.Name(), accessLog.Name(),
+				"192.168.12.34:1517", "my.domain.com:1517", "192.0.10.1:1514"),
+			expectedConfigContext: modelHelpers.ConfigContextWithSysLog(
+				accessLog.Name(),
+				errorLog.Name(),
+				protos.NginxPlusInstance([]string{}).GetInstanceMeta().GetInstanceId(),
+				"", // Empty because docker0 interface not found and 192.0.10.1 is not localhost
+			),
+			allowedDirectories: []string{dir},
+			expectedLog: "Could not find available local NGINX App Protect syslog server " +
+				"configured on port 1514. Security violations will not be collected.",
+		},
 		{
 			name:     "Test 11: Unavailable NAP syslog server",
 			instance: protos.NginxPlusInstance([]string{}),
@@ -732,18 +748,64 @@ func TestNginxConfigParser_SyslogServerParse(t *testing.T) {
 }
 
 func TestNginxConfigParser_findValidSysLogServers(t *testing.T) {
-	servers := []string{
-		"syslog:server=192.168.12.34:1517", "syslog:server=my.domain.com:1517", "syslog:server=127.0.0.1:1514",
-		"syslog:server=localhost:1516", "syslog:server=localhost:1514", "syslog:server=127.255.255.255:1517",
-	}
-	expected := []string{"", "", "127.0.0.1:1514", "", "localhost:1514", ""}
-	ncp := NewNginxConfigParser(types.AgentConfig())
+	// Test with no docker0 interface (empty docker0IP)
+	t.Run("without docker0 interface", func(t *testing.T) {
+		servers := []string{
+			"syslog:server=192.168.12.34:1517", "syslog:server=my.domain.com:1517", "syslog:server=127.0.0.1:1514",
+			"syslog:server=localhost:1516", "syslog:server=localhost:1514", "syslog:server=127.255.255.255:1517",
+			"syslog:server=192.0.10.1:1514",
+		}
+		// When docker0IP is empty, only localhost and loopback addresses should match
+		expected := []string{"", "", "127.0.0.1:1514", "", "localhost:1514", "", ""}
+		ncp := NewNginxConfigParser(types.AgentConfig())
+		ncp.docker0IP = "" // Simulate no docker0 interface
 
-	for i, server := range servers {
-		result := ncp.findLocalSysLogServers(server)
+		for i, server := range servers {
+			result := ncp.findLocalSysLogServers(server)
 
-		assert.Equal(t, expected[i], result)
-	}
+			assert.Equal(t, expected[i], result)
+		}
+	})
+
+	// Test with custom docker0 IP
+	t.Run("with custom docker0 IP", func(t *testing.T) {
+		ncp := NewNginxConfigParser(types.AgentConfig())
+		// Override the docker0IP with a custom value for testing
+		ncp.docker0IP = "172.17.0.1"
+
+		servers := []string{
+			"syslog:server=172.17.0.1:1514", // should match custom docker0 IP
+			"syslog:server=192.0.10.1:1514", // should NOT match (old default)
+			"syslog:server=127.0.0.1:1514",  // should match localhost
+			"syslog:server=172.17.0.1:1515", // wrong port
+			"syslog:server=172.17.0.2:1514", // wrong IP
+		}
+		expected := []string{"172.17.0.1:1514", "", "127.0.0.1:1514", "", ""}
+
+		for i, server := range servers {
+			result := ncp.findLocalSysLogServers(server)
+
+			assert.Equal(t, expected[i], result, "server: %s", server)
+		}
+	})
+
+	// Test with another docker0 IP variation
+	t.Run("with docker0 IP 172.18.0.1", func(t *testing.T) {
+		ncp := NewNginxConfigParser(types.AgentConfig())
+		ncp.docker0IP = "172.18.0.1"
+
+		servers := []string{
+			"syslog:server=172.18.0.1:1514",
+			"syslog:server=localhost:1514",
+		}
+		expected := []string{"172.18.0.1:1514", "localhost:1514"}
+
+		for i, server := range servers {
+			result := ncp.findLocalSysLogServers(server)
+
+			assert.Equal(t, expected[i], result)
+		}
+	})
 }
 
 func TestNginxConfigParser_checkLog(t *testing.T) {
@@ -1522,6 +1584,23 @@ func TestNginxConfigParser_checkDuplicate(t *testing.T) {
 	}
 }
 
+func TestGetDocker0IP(t *testing.T) {
+	t.Run("getDocker0IP returns valid IP or empty string", func(t *testing.T) {
+		ip := getDocker0IP()
+
+		// The function should return either:
+		// 1. A valid IP address if docker0 interface exists
+		// 2. Empty string if docker0 doesn't exist
+		if ip != "" {
+			// If an IP is returned, validate it's a proper IPv4 address
+			parsedIP := net.ParseIP(ip)
+			assert.NotNil(t, parsedIP, "should return a valid IP address")
+			assert.NotNil(t, parsedIP.To4(), "should be an IPv4 address")
+		}
+		// Empty string is also valid when docker0 doesn't exist
+	})
+}
+
 func TestNginxConfigParser_parseIncludeDirective(t *testing.T) {
 	parser := NewNginxConfigParser(types.AgentConfig())
 
