From 15a1ba1ca98f9f73961a6691b6116ae5b821bdfe Mon Sep 17 00:00:00 2001
From: Kapil Sharma <ks3913688@gmail.com>
Date: Tue, 16 Apr 2024 22:54:47 +0530
Subject: [PATCH] using udp connection from go/net module instead of netcat

Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
---
 .../unexpected_k8s_nodeport_connection.go     | 21 ++++++++++---------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/events/syscall/unexpected_k8s_nodeport_connection.go b/events/syscall/unexpected_k8s_nodeport_connection.go
index cc358c46..d3b0cf6b 100644
--- a/events/syscall/unexpected_k8s_nodeport_connection.go
+++ b/events/syscall/unexpected_k8s_nodeport_connection.go
@@ -14,9 +14,9 @@ limitations under the License.
 package syscall
 
 import (
+	"fmt"
+	"net"
 	"github.com/falcosecurity/event-generator/events"
-	"os/exec"
-	"strconv"
 )
 
 var _ = events.Register(
@@ -28,24 +28,25 @@ func UnexpectedK8sNodePortConnection(h events.Helper) error {
 	if h.InContainer() {
 		port := 31000
 
+		// Get the IP address of the "eth0" interface
 		hostIP, err := getHostEth0IP()
 		if err != nil {
 			return err
 		}
-		path, err := exec.LookPath("nc")
+
+		addr, err := net.ResolveUDPAddr("udp", fmt.Sprintf("%s:%d", hostIP, port))
 		if err != nil {
-			// If we don't have an netcat, just bail
-			return &events.ErrSkipped{
-				Reason: "netcat utility not found in path",
-			}
+			return err
 		}
-		cmd := exec.Command(path, hostIP, strconv.Itoa(port), "<", "/dev/null")
-		err = cmd.Run()
+
+		// Establish a UDP connection to the address
+
+		conn, err := net.DialUDP("udp", nil, addr)
 		if err != nil {
 			return err
 		}
+		defer conn.Close() // Close the connection when the function returns
 	}
-
 	return &events.ErrSkipped{
 		Reason: "'Unexpected k8s Nodeport connection' is applicable only to containers.",
 	}