mirrors/Mole
1
0
Fork 0
mirror of https://github.com/tw93/Mole.git synced 2026-02-04 11:31:46 +00:00
Code Activity

security: restrict BOM whitelist to prevent shared component deletion

Browse Source 
- Removes shared directories (Frameworks, Plugins, etc) from receipt scanning whitelist
- Ensures that uninstalling an app won't accidentally delete shared system libraries
- Updates SECURITY_AUDIT.md to reflect stricter receipt scanning policy
This commit is contained in:
Tw93
2026-01-16 09:54:36 +08:00
parent 93953abad6
commit 06342de24f
2 changed files with 1 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
SECURITY_AUDIT.md
View File

@@ -166,7 +166,7 @@ For user-selected app removal:
- **Safety Limit:** 3-char minimum (prevents "Go" matching "Google")
- **Disabled:** Fuzzy matching and wildcard expansion for short names.
- **User Confirmation:** Required before deletion.
- **Receipt Scans:** BOM-derived files are limited to safe system prefixes and filtered by `should_protect_path()`.
- **Receipt Scans:** BOM-derived files are restricted to app-specific prefixes (e.g., `/Applications`, `/Library/Application Support`). Shared directories like `/Library/Frameworks` are **excluded** to prevent collateral damage.
**Code:** `lib/clean/apps.sh:uninstall_app()`