signature¶
File (executable, bundle, installer, disk) code signing status.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: signature
Mac OSX
Table schema¶
Name |
Type |
Description |
|---|---|---|
path |
TEXT |
Must provide a path or directory |
hash_resources |
INTEGER |
Set to 1 to also hash resources, or 0 otherwise. Default is 1 |
arch |
TEXT |
If applicable, the arch of the signed code |
signed |
INTEGER |
1 If the file is signed else 0 |
identifier |
TEXT |
The signing identifier sealed into the signature |
cdhash |
TEXT |
Hash of the application Code Directory |
team_identifier |
TEXT |
The team signing identifier sealed into the signature |
authority |
TEXT |
Certificate Common Name |
Query examples¶
SELECT * FROM signature WHERE path = '/bin/ls'
SELECT * FROM signature WHERE path = '/Applications/Xcode.app' AND hash_resources=0
SELECT * FROM (SELECT path, MIN(signed) AS all_signed, MIN(CASE WHEN authority = 'Software Signing' AND signed = 1 THEN 1 ELSE 0 END) AS all_signed_by_apple FROM signature WHERE path LIKE '/bin/%' GROUP BY path);