From 93064f121031c30bef12d7ff2d16d5ac8370878e Mon Sep 17 00:00:00 2001
From: Jatin <84621253+h0x0er@users.noreply.github.com>
Date: Wed, 22 Apr 2026 11:36:33 +0530
Subject: [PATCH] dont send net-connection for sinkhole ip

---
 eventhandler.go | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/eventhandler.go b/eventhandler.go
index c657c7f..1051338 100644
--- a/eventhandler.go
+++ b/eventhandler.go
@@ -164,6 +164,11 @@ func printContainerInfo(pid, ppid string) {
 
 func (eventHandler *EventHandler) handleNetworkEvent(event *Event) {
 
+	// sinkhole is returned in-case of dns-block
+	if event.IPAddress == StepSecuritySinkHoleIPAddress {
+		return
+	}
+
 	if !isPrivateIPAddress(event.IPAddress) &&
 		// commenting out AzureIPAddress since it should not be called
 		// strings.Compare(event.IPAddress, AzureIPAddress) != 0 &&
@@ -191,16 +196,10 @@ func (eventHandler *EventHandler) handleNetworkEvent(event *Event) {
 			} else {
 				tool = Tool{Name: image, SHA256: image} // TODO: Set container image checksum
 			}
+
 			reverseLookUp := eventHandler.DNSProxy.GetReverseIPLookup(event.IPAddress)
-			status := ""
-			matchedPolicy := ""
-			reason := ""
-			if eventHandler.DNSProxy.GlobalBlocklist != nil && eventHandler.DNSProxy.GlobalBlocklist.IsIPAddressBlocked(event.IPAddress) {
-				status = "Dropped"
-				matchedPolicy = GlobalBlocklistMatchedPolicy
-				reason = eventHandler.DNSProxy.GlobalBlocklist.BlockedIPAddressReason(event.IPAddress)
-			}
-			eventHandler.ApiClient.sendNetConnection(eventHandler.CorrelationId, eventHandler.Repo, event.IPAddress, event.Port, reverseLookUp, status, matchedPolicy, reason, event.Timestamp, tool)
+			eventHandler.ApiClient.sendNetConnection(eventHandler.CorrelationId, eventHandler.Repo, event.IPAddress, event.Port, reverseLookUp, "", "", "", event.Timestamp, tool)
+
 			process := ""
 			if image == "" {
 				process = tool.Name