Merge pull request #413 from egibs/20241029-exceptions
Add exceptions for Xcode, Zen browser, Hugo, Krew, and more
This commit is contained in:
commit
bcdc354126
|
@ -81,6 +81,7 @@ WHERE
|
|||
'Socket Process,8.8.8.8,53',
|
||||
'com.docker.backend,8.8.8.8,53',
|
||||
'ZoomPhone,8.8.8.8,53',
|
||||
'ZoomPhone,200.48.225.130,53',
|
||||
'gvproxy,170.247.170.2,53',
|
||||
'CapCut,8.8.8.8,53',
|
||||
'ZaloCall,8.8.8.8,53',
|
||||
|
|
|
@ -108,6 +108,7 @@ WHERE
|
|||
AND NOT exception_key IN (
|
||||
'0,AGSService,AGSService,Developer ID Application: Adobe Inc. (JQ525L2MZD),com.adobe.ags',
|
||||
'0,licenseDaemon,licenseDaemon,Developer ID Application: PACE Anti-Piracy, Inc. (TFZ8226T6X),com.paceap.eden.licenseDaemon',
|
||||
'0,chainctl,chainctl,,a.out',
|
||||
'500,agent,agent,Developer ID Application: Datadog, Inc. (JKFCB4CN7C),agent',
|
||||
'500,Authy,Authy,Apple iPhone OS Application Signing,com.authy',
|
||||
'500,podman,podman,Developer ID Application: Red Hat, Inc. (HYSCB8KRL2),podman',
|
||||
|
@ -135,6 +136,7 @@ WHERE
|
|||
'500,melange,melange,,a.out',
|
||||
'500,ngrok,ngrok,Developer ID Application: ngrok LLC (TEX8MHRDQ9),a.out',
|
||||
'500,node,node,Developer ID Application: Node.js Foundation (HX7739G8FX),node',
|
||||
'500,odo-darwin-amd64-b4853e1fa,odo-darwin-amd64-b4853e1fa,500u,20g',
|
||||
'500,Paintbrush,Paintbrush,Developer ID Application: Michael Schreiber (G966ML7VBG),com.soggywaffles.paintbrush',
|
||||
'500,PlexMobile,PlexMobile,Apple iPhone OS Application Signing,com.plexapp.plex',
|
||||
'500,Plex,Plex,Developer ID Application: Plex Inc. (K4QJ56KR4A),tv.plex.desktop',
|
||||
|
|
|
@ -181,6 +181,7 @@ WHERE protocol > 0
|
|||
'80,6,500,WebKitNetworkProcess,0u,0g,WebKitNetworkPr',
|
||||
'80,6,500,wget,0u,0g,wget',
|
||||
'80,6,500,wine64-preloader,0u,0g,control.exe',
|
||||
'80,6,500,zen,u,g,zen',
|
||||
'80,6,500,zoom,0u,0g,zoom',
|
||||
'80,6,500,zoom.real,u,g,zoom.real',
|
||||
'8080,6,500,brave,0u,0g,brave',
|
||||
|
@ -286,4 +287,4 @@ WHERE protocol > 0
|
|||
OR p.cgroup_path LIKE '/user.slice/user-%.slice/user@%.service/user.slice/nerdctl-%'
|
||||
)
|
||||
)
|
||||
GROUP BY p.cmdline
|
||||
GROUP BY p.cmdline
|
||||
|
|
|
@ -101,4 +101,8 @@ WHERE pos.pid IN (
|
|||
unsigned_exception = '500,6,80,main,main'
|
||||
AND p0.path LIKE '/var/folders/%/T/go-build%/b001/exe/main'
|
||||
)
|
||||
GROUP BY p0.cmdline
|
||||
AND NOT (
|
||||
unsigned_exception = '500,6,32768,gvproxy,gvproxy'
|
||||
AND p0.path LIKE '/opt/homebrew/Cellar/podman/%/libexec/podman/gvproxy'
|
||||
)
|
||||
GROUP BY p0.cmdline
|
||||
|
|
|
@ -67,6 +67,7 @@ WHERE
|
|||
'HueSync,com.lighting.huesync,Developer ID Application: Signify Netherlands B.V. (PREPN2W95S)',
|
||||
'Hyperkey,com.knollsoft.Hyperkey,Developer ID Application: Ryan Hanson (XSYZ3E4B7D)',
|
||||
'Lunar,fyi.lunar.Lunar,Developer ID Application: Alin Panaitiu (RDDXV84A73)',
|
||||
'Magnet,com.crowdcafe.windowmagnet,Apple Mac OS Application Signing',
|
||||
'MonitorControl,me.guillaumeb.MonitorControl,Developer ID Application: Joni Van Roost (CYC8C8R4K9)',
|
||||
'Rocket,net.matthewpalmer.Rocket,Developer ID Application: Matthew Palmer (Z4JV2M65MH)',
|
||||
'Superkey,com.knollsoft.Superkey,Developer ID Application: Ryan Hanson (XSYZ3E4B7D)',
|
||||
|
|
|
@ -81,7 +81,8 @@ WHERE (
|
|||
'~/.supermaven',
|
||||
'~/.terraform',
|
||||
'~/.tflint.d',
|
||||
'~/.vs-kubernetes'
|
||||
'~/.vs-kubernetes',
|
||||
'~/.krew'
|
||||
)
|
||||
AND NOT top3_dir IN (
|
||||
'~/.arkade/bin',
|
||||
|
@ -113,6 +114,7 @@ WHERE (
|
|||
)
|
||||
AND NOT dir LIKE '~/Library/Application Support/Code/User/globalStorage/ms-dotnettools.vscode-dotnet-runtime/.dotnet/%'
|
||||
AND NOT dir LIKE '%/.terraform/providers/%'
|
||||
AND NOT dir LIKE '%/node_modulues/.bin/hugo'
|
||||
AND NOT dir LIKE '%/node_modules/.pnpm/%'
|
||||
AND NOT f.directory LIKE '/Applications/Corsair iCUE5 Software/.cuepkg-%'
|
||||
AND NOT f.directory LIKE '%/Applications/PSI Bridge Secure Browser.app/Contents/Resources/.apps/darwin/%'
|
||||
|
@ -122,5 +124,7 @@ WHERE (
|
|||
f.path LIKE '/nix/store/%'
|
||||
AND p0.name LIKE '%-wrappe%'
|
||||
)
|
||||
AND NOT f.path LIKE '%/.Trash/1Password %.app/Contents/Library/LoginItems/1Password Extension Helper.app/Contents/MacOS'
|
||||
AND NOT f.path LIKE '/private/var/root/.Trash/OneDrive %.app/Contents/StandaloneUpdater.app/Contents/MacOS'
|
||||
GROUP BY f.path
|
||||
AND NOT f.path LIKE '/home/%/.local/share/AppImage/ZenBrowser.AppImage'
|
||||
GROUP BY f.path
|
||||
|
|
|
@ -55,6 +55,7 @@ WHERE -- Filter out stock exceptions to decrease overhead
|
|||
'Developer ID Application: Adguard Software Limited (TC3Q7MAJXF),com.adguard.mac.adguard.network-extension,/Library/SystemExtensions/AD3BCA34-237A-4135-B7A4-0F7477D9144C/com.adguard.mac.adguard.network-extension.systemextension/,0',
|
||||
'Developer ID Application: Python Software Foundation (BMM5U3QVKW),org.python.python,/Library/Frameworks/Python.framework/Versions/3.11/Resources/Python.app/,0',
|
||||
'Developer ID Application: Python Software Foundation (BMM5U3QVKW),org.python.python,/Library/Frameworks/Python.framework/Versions/3.12/Resources/Python.app/,0',
|
||||
'Developer ID Application: Ned Deily (DJ3H93M7VJ),org.python.python,/Library/Frameworks/Python.framework/Versions/3.11/Resources/Python.app/,0',
|
||||
'Developer ID Application: Tailscale Inc. (W5364U7YZB),io.tailscale.ipn.macsys.network-extension,/Library/SystemExtensions/A30AF854-E980-4345-A658-17000BF66D00/io.tailscale.ipn.macsys.network-extension.systemextension/,0',
|
||||
'/System/Volumes/Preboot/Cryptexes/OS/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/',
|
||||
',,/Users/cpanato/code/src/github.com/sigstore/docs/node_modules/.bin/hugo/hugo,501'
|
||||
|
|
|
@ -78,6 +78,8 @@ WHERE
|
|||
'/.mozilla/',
|
||||
'/tmp/.accounts-agent/',
|
||||
'/tmp/.audio-agent/',
|
||||
-- Xcode; see https://github.com/pyenv/pyenv/issues/1066#issuecomment-536782897
|
||||
'/tmp/.BBE72B41371180178E084EEAF106AED4F350939DB95D3516864A1CC62E7AE82',
|
||||
'/tmp/.bazelci/',
|
||||
'/tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress',
|
||||
'/tmp/.content-agent/',
|
||||
|
|
|
@ -106,6 +106,7 @@ WHERE
|
|||
AND NOT pname LIKE '__%go_build_%'
|
||||
AND NOT pname LIKE '__%go_test_%'
|
||||
AND NOT pname LIKE '__Test%'
|
||||
AND NOT pname LIKE '___%Test_%.test'
|
||||
-- example: 85C27NK92C.com.flexibits.fantastical2.mac.helper
|
||||
AND NOT pname LIKE "%.com.flexibits.fantastical2.mac.helper"
|
||||
AND NOT s.authority = "Software Signing"
|
||||
|
|
|
@ -128,3 +128,7 @@ WHERE
|
|||
p0.name = 'ShortcutDroplet'
|
||||
AND f.mode = '0751'
|
||||
)
|
||||
AND NOT (
|
||||
f.path = '/home/%/.local/share/AppImage/ZenBrowser.AppImage'
|
||||
AND f.mode = '0600'
|
||||
)
|
||||
|
|
|
@ -84,6 +84,7 @@ WHERE -- Focus on longer-running programs
|
|||
)
|
||||
AND exception_key NOT IN (
|
||||
'0,velociraptor,a.out,',
|
||||
'500,cloud_sql_proxy,a.out,',
|
||||
'500,sdzoomplugin,,',
|
||||
'500,sdaudioswitch,,',
|
||||
'500,gopls,a.out,',
|
||||
|
@ -94,4 +95,4 @@ WHERE -- Focus on longer-running programs
|
|||
AND NOT exception_key LIKE '500,___Test%.test,a.out'
|
||||
AND NOT exception_key LIKE '500,nvim,bob-%,'
|
||||
AND NOT exception_key LIKE '500,sm-agent,sm_agent-%'
|
||||
GROUP BY p0.pid
|
||||
GROUP BY p0.pid
|
||||
|
|
|
@ -193,6 +193,7 @@ WHERE
|
|||
'fbcdn.net',
|
||||
'figma.com',
|
||||
'flipperzero.one',
|
||||
'fnord.com',
|
||||
'getkap.co',
|
||||
'github.com',
|
||||
'gitbutler.com',
|
||||
|
@ -213,6 +214,7 @@ WHERE
|
|||
'obsproject.com',
|
||||
'opalcamera.com',
|
||||
'persistent.oaistatic.com',
|
||||
'portswigger-cdn.net',
|
||||
'posit.co',
|
||||
'presenting.app',
|
||||
'proton.me',
|
||||
|
|
|
@ -116,6 +116,7 @@ WHERE
|
|||
'32768,6,500,Code Helper (Plugin)',
|
||||
'24024,17,500,MTGA',
|
||||
'32768,6,500,Python',
|
||||
'32768,6,500,python3',
|
||||
'32768,17,499,viscosity_openvpn',
|
||||
'1,1,500,ping'
|
||||
)
|
||||
|
|
|
@ -80,6 +80,7 @@ WHERE
|
|||
)
|
||||
AND program_arguments NOT IN (
|
||||
'/Applications/AeroSpace.app/Contents/MacOS/AeroSpace --started-at-login',
|
||||
'/Applications/RODE Virtual Channels.app/Contents/MacOS/RODE Virtual Channels',
|
||||
'/Applications/Stream Deck.app/Contents/MacOS/Stream Deck --runinbk',
|
||||
'/Applications/Tunnelblick.app/Contents/Resources/launchAtLogin.sh',
|
||||
'/Library/Application Support/Sony Application Launcher/SonyAutoLauncher.app/Contents/MacOS/SonyAutoLauncher',
|
||||
|
|
|
@ -76,6 +76,7 @@ WHERE port != 0
|
|||
'22000,6,500,syncthing,Developer ID Application: Jakob Borg (LQE5SYM783)',
|
||||
'22000,6,500,syncthing,Developer ID Application: Kastelo AB (LQE5SYM783)',
|
||||
'22,6,0,launchd,Software Signing',
|
||||
'22,6,500,com.docker.backend,Developer ID Application: Docker Inc (9BNSXJN65R)',
|
||||
'2345,6,500,dlv,',
|
||||
'24678,6,500,node,',
|
||||
'24800,6,500,deskflow-server,',
|
||||
|
@ -268,4 +269,10 @@ WHERE port != 0
|
|||
AND lp.protocol = 6
|
||||
)
|
||||
)
|
||||
GROUP BY exception_key
|
||||
AND NOT (
|
||||
(
|
||||
exception_key LIKE '80,6,500,ssh,Software Signing'
|
||||
AND p.cmdline LIKE '%/.colima/_lima/colima-docker/ssh.sock'
|
||||
)
|
||||
)
|
||||
GROUP BY exception_key
|
||||
|
|
Loading…
Reference in New Issue