From 6e0bc3aa13613c05b74529639c031ccedd9a90f8 Mon Sep 17 00:00:00 2001
From: Yash Sancheti <32770175+Onyx2406@users.noreply.github.com>
Date: Sat, 1 Jul 2023 16:44:15 +0530
Subject: [PATCH] Update flowalerts.py

---
 modules/flowalerts/flowalerts.py | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/modules/flowalerts/flowalerts.py b/modules/flowalerts/flowalerts.py
index a084cde3d..849a0b05d 100644
--- a/modules/flowalerts/flowalerts.py
+++ b/modules/flowalerts/flowalerts.py
@@ -2,6 +2,7 @@
 from slips_files.common.imports import *
 from .TimerThread import TimerThread
 from .set_evidence import Helper
+from urllib.parse import urlparse
 from slips_files.core.helpers.whitelist import Whitelist
 import multiprocessing
 import json
@@ -722,15 +723,16 @@ def check_dns_without_connection(
         # - When there is an NXDOMAIN as answer, it means
         # the domain isn't resolved, so we should not expect any connection later
 
+        parsed_domain = urlparse('http://' + domain).hostname
+
         if (
-            'arpa' in domain
-            or '.local' in domain
-            or '*' in domain
-            or '.cymru.com' in domain[-10:]
-            or len(domain.split('.')) == 1
-            or domain == 'WPAD'
+            'arpa' in parsed_domain
+            or '.local' in parsed_domain
+            or '*' in parsed_domain
+            or parsed_domain.endswith('.cymru.com')
+            or len(parsed_domain.split('.')) == 1
+            or parsed_domain == 'WPAD'
             or rcode_name != 'NOERROR'
-
         ):
             return False
         # One DNS query may not be answered exactly by UID, but the computer can re-ask the domain,