Add exceptions for Xcode, Zen browser, Hugo, Krew, and more

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
This commit is contained in:
egibs 2024-10-29 12:08:43 -05:00
parent 29c2844af0
commit 9a95064139
Failed to extract signature
15 changed files with 39 additions and 6 deletions

View File

@ -81,6 +81,7 @@ WHERE
'Socket Process,8.8.8.8,53',
'com.docker.backend,8.8.8.8,53',
'ZoomPhone,8.8.8.8,53',
'ZoomPhone,200.48.225.130,53',
'gvproxy,170.247.170.2,53',
'CapCut,8.8.8.8,53',
'ZaloCall,8.8.8.8,53',

View File

@ -108,6 +108,7 @@ WHERE
AND NOT exception_key IN (
'0,AGSService,AGSService,Developer ID Application: Adobe Inc. (JQ525L2MZD),com.adobe.ags',
'0,licenseDaemon,licenseDaemon,Developer ID Application: PACE Anti-Piracy, Inc. (TFZ8226T6X),com.paceap.eden.licenseDaemon',
'0,chainctl,chainctl,,a.out',
'500,agent,agent,Developer ID Application: Datadog, Inc. (JKFCB4CN7C),agent',
'500,Authy,Authy,Apple iPhone OS Application Signing,com.authy',
'500,podman,podman,Developer ID Application: Red Hat, Inc. (HYSCB8KRL2),podman',
@ -135,6 +136,7 @@ WHERE
'500,melange,melange,,a.out',
'500,ngrok,ngrok,Developer ID Application: ngrok LLC (TEX8MHRDQ9),a.out',
'500,node,node,Developer ID Application: Node.js Foundation (HX7739G8FX),node',
'500,odo-darwin-amd64-b4853e1fa,odo-darwin-amd64-b4853e1fa,500u,20g',
'500,Paintbrush,Paintbrush,Developer ID Application: Michael Schreiber (G966ML7VBG),com.soggywaffles.paintbrush',
'500,PlexMobile,PlexMobile,Apple iPhone OS Application Signing,com.plexapp.plex',
'500,Plex,Plex,Developer ID Application: Plex Inc. (K4QJ56KR4A),tv.plex.desktop',

View File

@ -181,6 +181,7 @@ WHERE protocol > 0
'80,6,500,WebKitNetworkProcess,0u,0g,WebKitNetworkPr',
'80,6,500,wget,0u,0g,wget',
'80,6,500,wine64-preloader,0u,0g,control.exe',
'80,6,500,zen,u,g,zen',
'80,6,500,zoom,0u,0g,zoom',
'80,6,500,zoom.real,u,g,zoom.real',
'8080,6,500,brave,0u,0g,brave',
@ -286,4 +287,4 @@ WHERE protocol > 0
OR p.cgroup_path LIKE '/user.slice/user-%.slice/user@%.service/user.slice/nerdctl-%'
)
)
GROUP BY p.cmdline
GROUP BY p.cmdline

View File

@ -101,4 +101,8 @@ WHERE pos.pid IN (
unsigned_exception = '500,6,80,main,main'
AND p0.path LIKE '/var/folders/%/T/go-build%/b001/exe/main'
)
GROUP BY p0.cmdline
AND NOT (
unsigned_exception = '500,6,32768,gvproxy,gvproxy'
AND p0.path LIKE '/opt/homebrew/Cellar/podman/%/libexec/podman/gvproxy'
)
GROUP BY p0.cmdline

View File

@ -67,6 +67,7 @@ WHERE
'HueSync,com.lighting.huesync,Developer ID Application: Signify Netherlands B.V. (PREPN2W95S)',
'Hyperkey,com.knollsoft.Hyperkey,Developer ID Application: Ryan Hanson (XSYZ3E4B7D)',
'Lunar,fyi.lunar.Lunar,Developer ID Application: Alin Panaitiu (RDDXV84A73)',
'Magnet,com.crowdcafe.windowmagnet,Apple Mac OS Application Signing',
'MonitorControl,me.guillaumeb.MonitorControl,Developer ID Application: Joni Van Roost (CYC8C8R4K9)',
'Rocket,net.matthewpalmer.Rocket,Developer ID Application: Matthew Palmer (Z4JV2M65MH)',
'Superkey,com.knollsoft.Superkey,Developer ID Application: Ryan Hanson (XSYZ3E4B7D)',

View File

@ -81,7 +81,8 @@ WHERE (
'~/.supermaven',
'~/.terraform',
'~/.tflint.d',
'~/.vs-kubernetes'
'~/.vs-kubernetes',
'~/.krew'
)
AND NOT top3_dir IN (
'~/.arkade/bin',
@ -113,6 +114,7 @@ WHERE (
)
AND NOT dir LIKE '~/Library/Application Support/Code/User/globalStorage/ms-dotnettools.vscode-dotnet-runtime/.dotnet/%'
AND NOT dir LIKE '%/.terraform/providers/%'
AND NOT dir LIKE '%/node_modulues/.bin/hugo'
AND NOT dir LIKE '%/node_modules/.pnpm/%'
AND NOT f.directory LIKE '/Applications/Corsair iCUE5 Software/.cuepkg-%'
AND NOT f.directory LIKE '%/Applications/PSI Bridge Secure Browser.app/Contents/Resources/.apps/darwin/%'
@ -122,5 +124,7 @@ WHERE (
f.path LIKE '/nix/store/%'
AND p0.name LIKE '%-wrappe%'
)
AND NOT f.path LIKE '%/.Trash/1Password %.app/Contents/Library/LoginItems/1Password Extension Helper.app/Contents/MacOS'
AND NOT f.path LIKE '/private/var/root/.Trash/OneDrive %.app/Contents/StandaloneUpdater.app/Contents/MacOS'
GROUP BY f.path
AND NOT f.path LIKE '/home/%/.local/share/AppImage/ZenBrowser.AppImage'
GROUP BY f.path

View File

@ -55,6 +55,7 @@ WHERE -- Filter out stock exceptions to decrease overhead
'Developer ID Application: Adguard Software Limited (TC3Q7MAJXF),com.adguard.mac.adguard.network-extension,/Library/SystemExtensions/AD3BCA34-237A-4135-B7A4-0F7477D9144C/com.adguard.mac.adguard.network-extension.systemextension/,0',
'Developer ID Application: Python Software Foundation (BMM5U3QVKW),org.python.python,/Library/Frameworks/Python.framework/Versions/3.11/Resources/Python.app/,0',
'Developer ID Application: Python Software Foundation (BMM5U3QVKW),org.python.python,/Library/Frameworks/Python.framework/Versions/3.12/Resources/Python.app/,0',
'Developer ID Application: Ned Deily (DJ3H93M7VJ),org.python.python,/Library/Frameworks/Python.framework/Versions/3.11/Resources/Python.app/,0',
'Developer ID Application: Tailscale Inc. (W5364U7YZB),io.tailscale.ipn.macsys.network-extension,/Library/SystemExtensions/A30AF854-E980-4345-A658-17000BF66D00/io.tailscale.ipn.macsys.network-extension.systemextension/,0',
'/System/Volumes/Preboot/Cryptexes/OS/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/',
',,/Users/cpanato/code/src/github.com/sigstore/docs/node_modules/.bin/hugo/hugo,501'

View File

@ -78,6 +78,8 @@ WHERE
'/.mozilla/',
'/tmp/.accounts-agent/',
'/tmp/.audio-agent/',
-- Xcode; see https://github.com/pyenv/pyenv/issues/1066#issuecomment-536782897
'/tmp/.BBE72B41371180178E084EEAF106AED4F350939DB95D3516864A1CC62E7AE82',
'/tmp/.bazelci/',
'/tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress',
'/tmp/.content-agent/',

View File

@ -106,6 +106,7 @@ WHERE
AND NOT pname LIKE '__%go_build_%'
AND NOT pname LIKE '__%go_test_%'
AND NOT pname LIKE '__Test%'
AND NOT pname LIKE '___%Test_%.test'
-- example: 85C27NK92C.com.flexibits.fantastical2.mac.helper
AND NOT pname LIKE "%.com.flexibits.fantastical2.mac.helper"
AND NOT s.authority = "Software Signing"

View File

@ -128,3 +128,7 @@ WHERE
p0.name = 'ShortcutDroplet'
AND f.mode = '0751'
)
AND NOT (
f.path = '/home/%/.local/share/AppImage/ZenBrowser.AppImage'
AND f.mode = '0600'
)

View File

@ -84,6 +84,7 @@ WHERE -- Focus on longer-running programs
)
AND exception_key NOT IN (
'0,velociraptor,a.out,',
'500,cloud_sql_proxy,a.out,',
'500,sdzoomplugin,,',
'500,sdaudioswitch,,',
'500,gopls,a.out,',
@ -94,4 +95,4 @@ WHERE -- Focus on longer-running programs
AND NOT exception_key LIKE '500,___Test%.test,a.out'
AND NOT exception_key LIKE '500,nvim,bob-%,'
AND NOT exception_key LIKE '500,sm-agent,sm_agent-%'
GROUP BY p0.pid
GROUP BY p0.pid

View File

@ -193,6 +193,7 @@ WHERE
'fbcdn.net',
'figma.com',
'flipperzero.one',
'fnord.com',
'getkap.co',
'github.com',
'gitbutler.com',
@ -213,6 +214,7 @@ WHERE
'obsproject.com',
'opalcamera.com',
'persistent.oaistatic.com',
'portswigger-cdn.net',
'posit.co',
'presenting.app',
'proton.me',

View File

@ -116,6 +116,7 @@ WHERE
'32768,6,500,Code Helper (Plugin)',
'24024,17,500,MTGA',
'32768,6,500,Python',
'32768,6,500,python3',
'32768,17,499,viscosity_openvpn',
'1,1,500,ping'
)

View File

@ -80,6 +80,7 @@ WHERE
)
AND program_arguments NOT IN (
'/Applications/AeroSpace.app/Contents/MacOS/AeroSpace --started-at-login',
'/Applications/RODE Virtual Channels.app/Contents/MacOS/RODE Virtual Channels',
'/Applications/Stream Deck.app/Contents/MacOS/Stream Deck --runinbk',
'/Applications/Tunnelblick.app/Contents/Resources/launchAtLogin.sh',
'/Library/Application Support/Sony Application Launcher/SonyAutoLauncher.app/Contents/MacOS/SonyAutoLauncher',

View File

@ -76,6 +76,7 @@ WHERE port != 0
'22000,6,500,syncthing,Developer ID Application: Jakob Borg (LQE5SYM783)',
'22000,6,500,syncthing,Developer ID Application: Kastelo AB (LQE5SYM783)',
'22,6,0,launchd,Software Signing',
'22,6,500,com.docker.backend,Developer ID Application: Docker Inc (9BNSXJN65R)',
'2345,6,500,dlv,',
'24678,6,500,node,',
'24800,6,500,deskflow-server,',
@ -268,4 +269,10 @@ WHERE port != 0
AND lp.protocol = 6
)
)
GROUP BY exception_key
AND NOT (
(
exception_key LIKE '80,6,500,ssh,Software Signing'
AND p.cmdline LIKE '%/.colima/_lima/colima-docker/ssh.sock'
)
)
GROUP BY exception_key