Unexpected santactl fileinfo output when using --filter

[macjustice]

I am working on a way of reporting what binaries on a device are blocked by rule.

Per the usage text for santactl fileinfo, it looked like the --filter option would be the way to go. However, providing --filter Type=Executable --filter Rule=Blocked returned output that included executables without block rules.

To reproduce:

1. Block an arbitrary binary: sudo santactl rule --block --path /usr/bin/yes
2. Validate: sudo santactl rule --check --path /usr/bin/yes
3. Try listing blocked binaries: santactl fileinfo --recursive --filter Type=Executable --filter Rule=Blocked --key Path --key Rule /usr/bin/
   1. output includes every binary in /usr/bin, with Rule: Could not communicate with daemon
   2. Expected output would be just /usr/bin/yes with Rule: Blocked (Binary)

[tburgin]

#1383 fixes the issues with handling a path with a lot of files, but the issue with multiple --filter still exists.

The problem is that --filter checks are not currently implemented as inclusive. Currently if any --filter matches then the item will be included :/

We will fix this.

[pmarkowsky]

This was fixed in #1388 by adding a new flag to make the checks inclusive. Should be in the next release 2024.6

[russellhancox]

The fix was included in 2024.6, released on Friday. To use inclusive filters pass the --filter-inclusive flag.