From df6296fc6befa8387aeb01a7364a60517d62148b Mon Sep 17 00:00:00 2001
From: Shreya Malviya <shreya.malviya@gmail.com>
Date: Thu, 14 Jul 2022 14:20:27 +0530
Subject: [PATCH] Island: Use agent configuration in ZT segmentation check to
 get inaccessible subnets

---
 .../cc/services/telemetry/processing/state.py       |  2 +-
 .../telemetry/zero_trust_checks/segmentation.py     | 13 +++++++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/monkey/monkey_island/cc/services/telemetry/processing/state.py b/monkey/monkey_island/cc/services/telemetry/processing/state.py
index f0146fce7..208fe0c72 100644
--- a/monkey/monkey_island/cc/services/telemetry/processing/state.py
+++ b/monkey/monkey_island/cc/services/telemetry/processing/state.py
@@ -20,7 +20,7 @@ def process_state_telemetry(telemetry_json, agent_configuration: AgentConfigurat
 
     if telemetry_json["data"]["done"]:
         current_monkey = Monkey.get_single_monkey_by_guid(telemetry_json["monkey_guid"])
-        check_passed_findings_for_unreached_segments(current_monkey)
+        check_passed_findings_for_unreached_segments(current_monkey, agent_configuration)
 
     if telemetry_json["data"]["version"]:
         logger.info(
diff --git a/monkey/monkey_island/cc/services/telemetry/zero_trust_checks/segmentation.py b/monkey/monkey_island/cc/services/telemetry/zero_trust_checks/segmentation.py
index d26e2bd69..47a24d468 100644
--- a/monkey/monkey_island/cc/services/telemetry/zero_trust_checks/segmentation.py
+++ b/monkey/monkey_island/cc/services/telemetry/zero_trust_checks/segmentation.py
@@ -1,6 +1,7 @@
 import itertools
 
 import common.common_consts.zero_trust_consts as zero_trust_consts
+from common.configuration import AgentConfiguration
 from common.network.network_range import NetworkRange
 from common.network.segmentation_utils import get_ip_if_in_subnet, get_ip_in_src_and_not_in_dst
 from monkey_island.cc.models import Monkey
@@ -84,13 +85,21 @@ def get_segmentation_violation_event(current_monkey, source_subnet, target_ip, t
     )
 
 
-def check_passed_findings_for_unreached_segments(current_monkey):
+def check_passed_findings_for_unreached_segments(
+    current_monkey, agent_configuration: AgentConfiguration
+):
     flat_all_subnets = [
-        item for sublist in get_config_network_segments_as_subnet_groups() for item in sublist
+        item
+        for sublist in _get_config_network_segments_as_subnet_groups(agent_configuration)
+        for item in sublist
     ]
     create_or_add_findings_for_all_pairs(flat_all_subnets, current_monkey)
 
 
+def _get_config_network_segments_as_subnet_groups(agent_configuration: AgentConfiguration):
+    return agent_configuration.propagation.network_scan.targets.inaccessible_subnets
+
+
 def create_or_add_findings_for_all_pairs(all_subnets, current_monkey):
     # Filter the subnets that this monkey is part of.
     this_monkey_subnets = []