From 806464285c9c72837fcaa533c0b3100b7d279540 Mon Sep 17 00:00:00 2001 From: h0x0er Date: Mon, 5 Sep 2022 16:10:52 +0530 Subject: [PATCH 1/3] adding annotation if agent reverts --- dnsproxy.go | 1 + 1 file changed, 1 insertion(+) diff --git a/dnsproxy.go b/dnsproxy.go index c8bf3c7..868ea48 100644 --- a/dnsproxy.go +++ b/dnsproxy.go @@ -195,6 +195,7 @@ func (proxy *DNSProxy) getIPByDomain(domain string) (string, error) { answer, err := proxy.ResolveDomain(domain) if err != nil { go WriteLog(fmt.Sprintf("unable to resolve domain: %s", domain)) + go WriteAnnotation(fmt.Sprintf("[AgentFailed] unable to resolve domain: %v", domain)) return "", fmt.Errorf("error in response from dns.google %v", err) } From d2bb915a7c6f5f67941663f34d955482d200499f Mon Sep 17 00:00:00 2001 From: h0x0er Date: Wed, 14 Sep 2022 14:14:25 +0530 Subject: [PATCH 2/3] changed the location of annotation logging --- agent.go | 2 ++ dnsproxy.go | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/agent.go b/agent.go index a4ddaab..2bdb1fa 100644 --- a/agent.go +++ b/agent.go @@ -12,6 +12,7 @@ import ( const ( StepSecurityLogCorrelationPrefix = "Step Security Job Correlation ID:" + StepSecurityAnnotationPrefix = "StepSecurity Harden Runner:" EgressPolicyAudit = "audit" EgressPolicyBlock = "block" ) @@ -109,6 +110,7 @@ func Run(ctx context.Context, configFilePath string, hostDNSServer DNSServer, ipAddress, err := dnsProxy.getIPByDomain(domainName) if err != nil { WriteLog(fmt.Sprintf("Error resolving allowed domain %v", err)) + WriteAnnotation(fmt.Sprintf("%s Reverting agent since allowed endpoint %s could not be resolved",StepSecurityAnnotationPrefix, domainName)) RevertChanges(iptables, nflog, cmd, resolvdConfigPath, dockerDaemonConfigPath, dnsConfig) return err } diff --git a/dnsproxy.go b/dnsproxy.go index 868ea48..c8bf3c7 100644 --- a/dnsproxy.go +++ b/dnsproxy.go @@ -195,7 +195,6 @@ func (proxy *DNSProxy) getIPByDomain(domain string) (string, error) { answer, err := proxy.ResolveDomain(domain) if err != nil { go WriteLog(fmt.Sprintf("unable to resolve domain: %s", domain)) - go WriteAnnotation(fmt.Sprintf("[AgentFailed] unable to resolve domain: %v", domain)) return "", fmt.Errorf("error in response from dns.google %v", err) } From e55b9a7830f01fe59c167f0826152848e53702a9 Mon Sep 17 00:00:00 2001 From: Varun Sharma Date: Sat, 24 Sep 2022 21:25:58 -0700 Subject: [PATCH 3/3] Update agent.go --- agent.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent.go b/agent.go index 2bdb1fa..4e6a6fb 100644 --- a/agent.go +++ b/agent.go @@ -110,7 +110,7 @@ func Run(ctx context.Context, configFilePath string, hostDNSServer DNSServer, ipAddress, err := dnsProxy.getIPByDomain(domainName) if err != nil { WriteLog(fmt.Sprintf("Error resolving allowed domain %v", err)) - WriteAnnotation(fmt.Sprintf("%s Reverting agent since allowed endpoint %s could not be resolved",StepSecurityAnnotationPrefix, domainName)) + WriteAnnotation(fmt.Sprintf("%s Reverting agent since allowed endpoint %s could not be resolved", StepSecurityAnnotationPrefix, domainName)) RevertChanges(iptables, nflog, cmd, resolvdConfigPath, dockerDaemonConfigPath, dnsConfig) return err }