From 85ae2adfa31aa8f62406269f7774fce308f7a5f6 Mon Sep 17 00:00:00 2001
From: Eswar Rajan Subramanian <eswar@accuknox.com>
Date: Mon, 7 Mar 2022 19:26:56 +0530
Subject: [PATCH 1/4] Segfault on policy handling

Signed-off-by: Eswar Rajan Subramanian <eswar@accuknox.com>
---
 KubeArmor/enforcer/appArmorProfile.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/KubeArmor/enforcer/appArmorProfile.go b/KubeArmor/enforcer/appArmorProfile.go
index bd0eb7ed6e..3f832b493a 100644
--- a/KubeArmor/enforcer/appArmorProfile.go
+++ b/KubeArmor/enforcer/appArmorProfile.go
@@ -23,8 +23,8 @@ func (ae *AppArmorEnforcer) ResolvedProcessWhiteListConflicts(processWhiteList *
 	copy(prunedProcessWhiteList, *processWhiteList)
 	numOfRemovedElements := 0
 
-	for index, line := range *processWhiteList {
-		for source := range fromSources {
+	for source := range fromSources {
+		for index, line := range *processWhiteList {
 			if strings.Contains(line, source) {
 				*fusionProcessWhiteList = append(*fusionProcessWhiteList, source)
 

From 19928f5f20c515aa9f11c617e62a50aca5198dfb Mon Sep 17 00:00:00 2001
From: Eswar Rajan Subramanian <eswar@accuknox.com>
Date: Tue, 8 Mar 2022 16:52:52 +0530
Subject: [PATCH 2/4] Sigfault on policy enforcement

Signed-off-by: Eswar Rajan Subramanian <eswar@accuknox.com>
---
 KubeArmor/enforcer/appArmorProfile.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/KubeArmor/enforcer/appArmorProfile.go b/KubeArmor/enforcer/appArmorProfile.go
index 3f832b493a..17256b834d 100644
--- a/KubeArmor/enforcer/appArmorProfile.go
+++ b/KubeArmor/enforcer/appArmorProfile.go
@@ -23,14 +23,18 @@ func (ae *AppArmorEnforcer) ResolvedProcessWhiteListConflicts(processWhiteList *
 	copy(prunedProcessWhiteList, *processWhiteList)
 	numOfRemovedElements := 0
 
-	for source := range fromSources {
-		for index, line := range *processWhiteList {
+	for index, line := range *processWhiteList {
+		processed := false
+		for source := range fromSources {
 			if strings.Contains(line, source) {
 				*fusionProcessWhiteList = append(*fusionProcessWhiteList, source)
 
-				// remove line from WhiteList
-				prunedProcessWhiteList = kl.RemoveStringElement(prunedProcessWhiteList, index-numOfRemovedElements)
-				numOfRemovedElements = numOfRemovedElements + 1
+				if !processed {
+					// remove line from WhiteList
+					prunedProcessWhiteList = kl.RemoveStringElement(prunedProcessWhiteList, index-numOfRemovedElements)
+					numOfRemovedElements = numOfRemovedElements + 1
+					processed = true
+				}
 			}
 		}
 	}

From 56cbec8e7deaf8d929b5e726e55cf5693c20807d Mon Sep 17 00:00:00 2001
From: Eswar Rajan Subramanian <eswar@accuknox.com>
Date: Thu, 10 Mar 2022 12:14:33 +0530
Subject: [PATCH 3/4] Segafult issue fix and compare fromSource with
 processWhiteList for generating fusionProcessWhiteList

Signed-off-by: Eswar Rajan Subramanian <eswar@accuknox.com>
---
 KubeArmor/enforcer/appArmorProfile.go | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/KubeArmor/enforcer/appArmorProfile.go b/KubeArmor/enforcer/appArmorProfile.go
index 17256b834d..05c64ebb92 100644
--- a/KubeArmor/enforcer/appArmorProfile.go
+++ b/KubeArmor/enforcer/appArmorProfile.go
@@ -24,17 +24,14 @@ func (ae *AppArmorEnforcer) ResolvedProcessWhiteListConflicts(processWhiteList *
 	numOfRemovedElements := 0
 
 	for index, line := range *processWhiteList {
-		processed := false
 		for source := range fromSources {
-			if strings.Contains(line, source) {
+			if strings.Contains(line, source) && line[:len(source)] == source {
 				*fusionProcessWhiteList = append(*fusionProcessWhiteList, source)
 
-				if !processed {
-					// remove line from WhiteList
-					prunedProcessWhiteList = kl.RemoveStringElement(prunedProcessWhiteList, index-numOfRemovedElements)
-					numOfRemovedElements = numOfRemovedElements + 1
-					processed = true
-				}
+				// remove line from WhiteList
+				prunedProcessWhiteList = kl.RemoveStringElement(prunedProcessWhiteList, index-numOfRemovedElements)
+				numOfRemovedElements = numOfRemovedElements + 1
+				break
 			}
 		}
 	}

From 61756fd87e05365919d009f7c4cd52c33ab9b6ad Mon Sep 17 00:00:00 2001
From: Eswar Rajan Subramanian <eswar@accuknox.com>
Date: Thu, 10 Mar 2022 13:23:06 +0530
Subject: [PATCH 4/4] String comparison modified

Signed-off-by: Eswar Rajan Subramanian <eswar@accuknox.com>
---
 KubeArmor/enforcer/appArmorProfile.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/KubeArmor/enforcer/appArmorProfile.go b/KubeArmor/enforcer/appArmorProfile.go
index 05c64ebb92..772df669c3 100644
--- a/KubeArmor/enforcer/appArmorProfile.go
+++ b/KubeArmor/enforcer/appArmorProfile.go
@@ -25,7 +25,7 @@ func (ae *AppArmorEnforcer) ResolvedProcessWhiteListConflicts(processWhiteList *
 
 	for index, line := range *processWhiteList {
 		for source := range fromSources {
-			if strings.Contains(line, source) && line[:len(source)] == source {
+			if strings.Split(line, " ")[0] == source {
 				*fusionProcessWhiteList = append(*fusionProcessWhiteList, source)
 
 				// remove line from WhiteList