kondukto-io · msrexe · Jun 19, 2024 · Jun 19, 2024 · Jun 19, 2024 · Jun 19, 2024
diff --git a/cmd/cli/tracer.go b/cmd/cli/tracer.go
@@ -21,7 +21,9 @@ func initTracerCommand() *cobra.Command {
 	tracerCMD.Flags().Bool("allow-local-ranges", true, "allows access to local IP ranges")
 	tracerCMD.Flags().Bool("allow-github-meta", false, "allows access to GitHub meta IP ranges (https://api.github.com/meta)")
 	tracerCMD.Flags().String("allowed-hosts", "", "enter allowed hostnames (example.com, .github.com)")
+	tracerCMD.MarkFlagRequired("allowed-hosts")
 	tracerCMD.Flags().String("allowed-ips", "", "enter allowed IP addresses")
+	tracerCMD.MarkFlagRequired("allowed-ips")
 	tracerCMD.Flags().StringP("output-file-name", "o", "/tmp/kntrl.out", "output file name")
 
 	return tracerCMD

diff --git a/pkg/parser/flag.go b/pkg/parser/flag.go
@@ -49,15 +49,12 @@ func parseAllowedIPAddr(ips string) (iplist []net.IP) {
 
 func parseAllowedHosts(hosts string) (hl []string) {
 	for _, host := range strings.Split(hosts, ",") {
-		hl = append(hl, host)
-		//alias, err := net.LookupCNAME(host)
-		//if err != nil {
-		//	continue
-		//}
-		//hl = append(hl, strings.TrimRight(alias, "."))
+		if parts := strings.Split(host, "."); len(parts) > 1 {
+			hl = append(hl, host)
+		}
 	}
 
-	return hl
+	return
 }
 
 // find a better solution
@@ -85,19 +82,16 @@ func getDNSServers() (hosts []string, ips []net.IP) {
 	}
 	defer file.Close()
 
-	var srvhosts []string
-	var srvips []net.IP
-
 	scanner := bufio.NewScanner(file)
 	for scanner.Scan() {
 		line := scanner.Text()
 		fields := strings.Fields(line)
 
 		if len(fields) >= 2 && fields[0] == "nameserver" {
 			if ok := net.ParseIP(fields[1]); ok == nil {
-				srvhosts = append(srvhosts, fields[1])
+				hosts = append(hosts, fields[1])
 			} else {
-				srvips = append(srvips, net.ParseIP(fields[1]))
+				ips = append(ips, net.ParseIP(fields[1]))
 			}
 		}
 	}
@@ -106,5 +100,5 @@ func getDNSServers() (hosts []string, ips []net.IP) {
 		return nil, nil
 	}
 
-	return srvhosts, srvips
+	return
 }
diff --git a/pkg/policy/policy.go b/pkg/policy/policy.go
@@ -85,7 +85,12 @@ func (p *Policy) Eval(ctx context.Context, input map[string]interface{}) (bool,
 		return false, fmt.Errorf("failed to eval rego query: %w", err)
 	}
 
-	// TODO: check for nil pointer
+	if len(result) == 0 ||
+		len(result[0].Expressions) == 0 ||
+		result[0].Expressions[0].Value == nil {
+		return false, fmt.Errorf("failed to get result from rego query")
+	}
+
 	return result[0].Expressions[0].Value.(bool), nil
 }
 
@@ -94,8 +99,11 @@ func (p *Policy) EvalEvent(ctx context.Context, event domain.ReportEvent) (bool,
 	if err != nil {
 		return false, err
 	}
-	var outmap map[string]any
-	json.Unmarshal(data, &outmap)
+
+	outmap, err := unmarshal(data)
+	if err != nil {
+		return false, err
+	}
 
 	return p.Eval(ctx, outmap)
 }

diff --git a/pkg/reporter/report.go b/pkg/reporter/report.go
@@ -107,7 +107,7 @@ func (r *Reporter) PrintReportTable() {
 	}
 
 	for _, v := range r.events {
-		res := make([]string, 0)
+		res := make([]string, 0, len(v.Domains)+5)
 		res = append(res, strconv.FormatUint(uint64(v.ProcessID), 10))
 		res = append(res, v.TaskName)
 		res = append(res, v.Protocol)

diff --git a/pkg/utils/filter.go b/pkg/utils/filter.go
@@ -2,19 +2,9 @@ package utils
 
 import "strings"
 
-// OneOf returns true if the given string is one of the given values
-func OneOf(s string, values []string) bool {
-	for _, v := range values {
-		if s == v {
-			return true
-		}
-	}
-
-	return false
-}
-
-// OneOfInt32 returns true if the given string is one of the given values
-func OneOfInt32(s int32, values []int32) bool {
+// OneOf returns true if the given value is in the given list
+// Note: This func is not used in the project.
+func OneOf[T comparable](s T, values []T) bool {
 	for _, v := range values {
 		if s == v {
 			return true