refactor: enhance uninstall safety and fix dock removal

- Add symlink/bundle_id/BOM validation to prevent injection attacks - Fix Dock removal for /Applications symlink (use pwd not pwd -P) - Fix brew uninstall test hanging (skip sudo in non-interactive mode) - Remove unused SENSITIVE_DATA_REGEX
2026-02-05 03:19:42 +00:00 · 2026-01-17 09:49:42 +08:00
parent 12cacaa6cc
commit 060c48c48d
7 changed files with 22 additions and 33 deletions
--- a/lib/core/app_protection.sh
+++ b/lib/core/app_protection.sh
@@ -749,6 +749,8 @@ find_app_files() {

    # Launch Agents by name (special handling)
    # Note: LaunchDaemons are system-level and handled in find_app_system_files()
+    # Minimum 5-char threshold prevents false positives (e.g., "Time" matching system agents)
+    # Short-name apps (e.g., Zoom, Arc) are still cleaned via bundle_id matching above
    if [[ ${#app_name} -ge 5 ]] && [[ -d ~/Library/LaunchAgents ]]; then
        while IFS= read -r -d '' plist; do
            local plist_name=$(basename "$plist")
--- a/lib/core/common.sh
+++ b/lib/core/common.sh
@@ -133,7 +133,7 @@ remove_apps_from_dock() {
        fi

        if [[ -e "$app_path" ]]; then
-            if full_path=$(cd "$(dirname "$app_path")" 2>/dev/null && pwd -P); then
+            if full_path=$(cd "$(dirname "$app_path")" 2>/dev/null && pwd); then
                full_path="$full_path/$(basename "$app_path")"
            else
                continue
--- a/lib/core/file_ops.sh
+++ b/lib/core/file_ops.sh
@@ -47,11 +47,19 @@ validate_path_for_deletion() {
            return 1
        }

-        # If symlink points to absolute path, validate target
-        if [[ "$link_target" == /* ]]; then
-            case "$link_target" in
+        # Resolve relative symlinks to absolute paths for validation
+        local resolved_target="$link_target"
+        if [[ "$link_target" != /* ]]; then
+            local link_dir
+            link_dir=$(dirname "$path")
+            resolved_target=$(cd "$link_dir" 2>/dev/null && cd "$(dirname "$link_target")" 2>/dev/null && pwd)/$(basename "$link_target") || resolved_target=""
+        fi
+
+        # Validate resolved target against protected paths
+        if [[ -n "$resolved_target" ]]; then
+            case "$resolved_target" in
            /System/* | /usr/bin/* | /usr/lib/* | /bin/* | /sbin/* | /private/etc/*)
-                log_error "Symlink points to protected system path: $path -> $link_target"
+                log_error "Symlink points to protected system path: $path -> $resolved_target"
                return 1
                ;;
            esac