Fixed PR comment: Added proper exception handling.

Added logging for this hunter.

src/modules/hunting/apiserver.py

@@ -37,23 +37,29 @@ class AccessApiServerViaServiceAccountToken(Hunter):
 
     def access_api_server(self):
         logging.debug(self.event.host)
-        res = requests.get("https://{host}:{port}/api".format(host=self.event.host, port=6443), headers={'Authorization': 'Bearer ' + self.service_account_token_evidence},
-                     verify=False)
-        self.api_server_evidence = res.content
-        return res.status_code == 200 and res.content != ''
+        logging.debug('Passive Hunter is attempting to access the API server using the pod\'s service account token')
+        try:
+            res = requests.get("https://{host}:{port}/api".format(host=self.event.host, port=6443),
+                               headers={'Authorization': 'Bearer ' + self.service_account_token_evidence}, verify=False)
+            self.api_server_evidence = res.content
+            return res.status_code == 200 and res.content != ''
+        except requests.exceptions.ConnectionError:  # e.g. DNS failure, refused connection, etc
+            return False
 
     def get_service_account_token(self):
         logging.debug(self.event.host)
-        with open('/var/run/secrets/kubernetes.io/serviceaccount/token', 'r') as token:
-            data = token.read()
-            self.service_account_token_evidence = data
-        return True
+        logging.debug('Passive Hunter is attempting to access pod\'s service account token')
+        try:
+            with open('/var/run/secrets/kubernetes.io/serviceaccount/token', 'r') as token:
+                data = token.read()
+                self.service_account_token_evidence = data
+                return True
+        except IOError:  # Couldn't read file
+            return False
 
     def execute(self):
-        try:
-            if self.get_service_account_token():
-                self.publish_event(ServiceAccountTokenAccess(self.service_account_token_evidence))
-                if self.access_api_server():
-                    self.publish_event(ServerApiAccess(self.api_server_evidence))
-        except:  #We dont want to interrupt the program on any connection error)
-            pass
+        if self.get_service_account_token():
+            self.publish_event(ServiceAccountTokenAccess(self.service_account_token_evidence))
+            if self.access_api_server():
+                self.publish_event(ServerApiAccess(self.api_server_evidence))
+