From d5c62337163f1c75a6ad6bf7d3535320484d339c Mon Sep 17 00:00:00 2001
From: Thomas Stromberg <t+github@chainguard.dev>
Date: Fri, 9 Jun 2023 07:12:16 -0400
Subject: [PATCH] hidden executable: Add provisio exception

---
 detection/evasion/hidden-executable.sql | 1 +
 1 file changed, 1 insertion(+)

diff --git a/detection/evasion/hidden-executable.sql b/detection/evasion/hidden-executable.sql
index 6a57f89..db76131 100644
--- a/detection/evasion/hidden-executable.sql
+++ b/detection/evasion/hidden-executable.sql
@@ -48,6 +48,7 @@ WHERE
   AND NOT f.directory LIKE '%/.bin-unwrapped'
   AND NOT f.directory LIKE '%/.cargo/bin'
   AND NOT f.directory LIKE '%/.config/nvm/%/bin'
+  AND NOT f.directory LIKE '%/.provisio/bin/%'
   AND NOT f.directory LIKE '%/.local/%'
   AND NOT f.directory LIKE '%/node_modules/.bin/%'
   AND NOT f.directory LIKE '%/.nvm/versions/%/bin'