pub fn check_network_policy(
input: &str,
shell: ShellType,
deny: &[String],
allow: &[String],
) -> Vec<Finding>Expand description
Check command destination hosts against policy network deny/allow lists.
For each source command (curl, wget, etc.), extracts the destination host and checks against deny/allow lists. Allow takes precedence (exempts from deny).