Missing variable sequences in EventDetailURL

[disenchant]

I might just be missing something but if I understand it correctly, santad will on a regular basis talk to the sync server and uploads the events in the "Event Upload" stage of the sync protocol to the server. Now if I want to allow a user to vote for the allow listing of a signing ID (e.g. EQHXZ8M8AV:com.google.Chrome) I can't really do that because the EventDetailURL configuration key does not allow for the signing ID to be included in the link. This would mean that unless there was already a sync after an application was blocked, I can't map e.g. the value of %bundle_or_file_identifier% to a signing ID in my logs and therefore only offer the user to allowlist a specific hash but not a signing ID as the mapping information would only be available to me after the next sync.

Is this actually the case or is there a way that I'm missing to include the signing ID (or at least team ID and bundle ID in two separate values) in the EventDetailURL?

If it's not possible I'd recommend that the available sequences which can be used in EventDetailURL get extended by at least the following:

• team_id
• file_bundle_id
• signing_id (should also cover platform:...)

And optional / nice-to-have would also be the following:

• file_bundle_path
• file_name
• signing_chain (format of this one TBD or maybe even split it into multiple sequences)

[disenchant]

I don't have the dev setup ready to check it out right now but maybe just adding the following in Source/common/SNTBlockMessage.m:180 would already be enough to address this:

      ^{ return event.teamID; },                 @"%team_id%",
      ^{ return event.fileBundleID; },           @"%file_bundle_id%",
      ^{ return event.signingID; },              @"%signing_id%",

[russellhancox]

Need to document the additions in https://santa.dev/deployment/configuration.html#eventdetailurl