mirror of
https://github.com/tw93/Mole.git
synced 2026-02-16 06:01:12 +00:00
fix: harden cleanup path validation
This commit is contained in:
tw93
@@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
<div align="center">
|
<div align="center">
|
||||||
|
|
||||||
**Status:** PASSED | **Risk Level:** LOW | **Version:** 1.22.1 (2026-01-17)
|
**Status:** PASSED | **Risk Level:** LOW | **Version:** 1.23.2 (2026-01-26)
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@@ -12,24 +12,31 @@
|
|||||||
|
|
||||||
| Attribute | Details |
|
| Attribute | Details |
|
||||||
|-----------|---------|
|
|-----------|---------|
|
||||||
| Audit Date | January 17, 2026 |
|
| Audit Date | January 26, 2026 |
|
||||||
| Audit Conclusion | **PASSED** |
|
| Audit Conclusion | **PASSED** |
|
||||||
| Mole Version | V1.22.0 |
|
| Mole Version | V1.23.2 |
|
||||||
| Audited Branch | `main` (HEAD) |
|
| Audited Branch | `main` (HEAD) |
|
||||||
| Scope | Shell scripts, Go binaries, Configuration |
|
| Scope | Shell scripts, Go binaries, Configuration |
|
||||||
| Methodology | Static analysis, Threat modeling, Code review |
|
| Methodology | Static analysis, Threat modeling, Code review |
|
||||||
| Review Cycle | Every 6 months or after major feature additions |
|
| Review Cycle | Every 6 months or after major feature additions |
|
||||||
| Next Review | June 2026 |
|
| Next Review | July 2026 |
|
||||||
|
|
||||||
**Key Findings:**
|
**Key Findings:**
|
||||||
|
|
||||||
- Multi-layer validation effectively blocks risky system modifications.
|
- Multi-layer validation effectively blocks risky system modifications.
|
||||||
- Conservative cleaning logic ensures safety (e.g., 60-day dormancy rule).
|
- Conservative cleaning logic ensures safety (e.g., 60-day dormancy rule).
|
||||||
- Comprehensive protection for VPNs, AI tools, and core system components.
|
- Comprehensive protection for VPNs, AI tools, and core system components.
|
||||||
|
- Operations logging improves traceability while remaining optional (MO_NO_OPLOG=1).
|
||||||
- Atomic operations prevent state corruption during crashes.
|
- Atomic operations prevent state corruption during crashes.
|
||||||
- Dry-run and whitelist features give users full control.
|
- Dry-run and whitelist features give users full control.
|
||||||
- Installer cleanup scans safely and requires user confirmation.
|
- Installer cleanup scans safely and requires user confirmation.
|
||||||
|
|
||||||
|
**Recent Remediations:**
|
||||||
|
|
||||||
|
- Symlink cleanup in `bin/clean.sh` now routes through `safe_remove` for target validation.
|
||||||
|
- Orphaned helper cleanup in `lib/clean/apps.sh` now uses `safe_sudo_remove`.
|
||||||
|
- ByHost preference cleanup in `lib/uninstall/batch.sh` validates bundle IDs and deletes via `safe_remove`.
|
||||||
|
|
||||||
---
|
---
|
||||||
|
|
||||||
## Security Philosophy
|
## Security Philosophy
|
||||||
|
|||||||
@@ -539,13 +539,9 @@ safe_clean() {
|
|||||||
read -r size count < "$result_file" 2> /dev/null || true
|
read -r size count < "$result_file" 2> /dev/null || true
|
||||||
local removed=0
|
local removed=0
|
||||||
if [[ "$DRY_RUN" != "true" ]]; then
|
if [[ "$DRY_RUN" != "true" ]]; then
|
||||||
if [[ -L "$path" ]]; then
|
|
||||||
rm "$path" 2>/dev/null && removed=1
|
|
||||||
else
|
|
||||||
if safe_remove "$path" true; then
|
if safe_remove "$path" true; then
|
||||||
removed=1
|
removed=1
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
else
|
else
|
||||||
removed=1
|
removed=1
|
||||||
fi
|
fi
|
||||||
@@ -581,13 +577,9 @@ safe_clean() {
|
|||||||
|
|
||||||
local removed=0
|
local removed=0
|
||||||
if [[ "$DRY_RUN" != "true" ]]; then
|
if [[ "$DRY_RUN" != "true" ]]; then
|
||||||
if [[ -L "$path" ]]; then
|
|
||||||
rm "$path" 2>/dev/null && removed=1
|
|
||||||
else
|
|
||||||
if safe_remove "$path" true; then
|
if safe_remove "$path" true; then
|
||||||
removed=1
|
removed=1
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
else
|
else
|
||||||
removed=1
|
removed=1
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -500,7 +500,7 @@ clean_orphaned_system_services() {
|
|||||||
if [[ "$orphan_file" == *.plist ]]; then
|
if [[ "$orphan_file" == *.plist ]]; then
|
||||||
sudo launchctl unload "$orphan_file" 2> /dev/null || true
|
sudo launchctl unload "$orphan_file" 2> /dev/null || true
|
||||||
fi
|
fi
|
||||||
if sudo rm -f "$orphan_file" 2> /dev/null; then
|
if safe_sudo_remove "$orphan_file"; then
|
||||||
debug_log "Removed orphaned service: $orphan_file"
|
debug_log "Removed orphaned service: $orphan_file"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -502,8 +502,14 @@ batch_uninstall_applications() {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
# ByHost preferences (machine-specific).
|
# ByHost preferences (machine-specific).
|
||||||
if [[ -d ~/Library/Preferences/ByHost ]]; then
|
if [[ -d "$HOME/Library/Preferences/ByHost" ]]; then
|
||||||
find ~/Library/Preferences/ByHost -maxdepth 1 -name "${bundle_id}.*.plist" -delete 2> /dev/null || true
|
if [[ "$bundle_id" =~ ^[A-Za-z0-9._-]+$ ]]; then
|
||||||
|
while IFS= read -r -d '' plist_file; do
|
||||||
|
safe_remove "$plist_file" true > /dev/null || true
|
||||||
|
done < <(command find "$HOME/Library/Preferences/ByHost" -maxdepth 1 -type f -name "${bundle_id}.*.plist" -print0 2> /dev/null || true)
|
||||||
|
else
|
||||||
|
debug_log "Skipping ByHost cleanup, invalid bundle id: $bundle_id"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user