mirrors/Mole
1
0
Fork 0
mirror of https://github.com/tw93/Mole.git synced 2026-02-16 14:43:39 +00:00
Code Activity

fix: harden cleanup path validation

Browse Source
This commit is contained in:
tw93
2026-01-26 15:43:11 +08:00
parent 43a92a1847
commit 0fbf88a6c6
4 changed files with 66 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
SECURITY_AUDIT.md
View File

@@ -2,7 +2,7 @@
<div align="center">
**Status:** PASSED | **Risk Level:** LOW | **Version:** 1.22.1 (2026-01-17)
**Status:** PASSED | **Risk Level:** LOW | **Version:** 1.23.2 (2026-01-26)
</div>
@@ -12,24 +12,31 @@
| Attribute | Details |
|-----------|---------|
| Audit Date | January 17, 2026 |
| Audit Date | January 26, 2026 |
| Audit Conclusion | **PASSED** |
| Mole Version | V1.22.0 |
| Mole Version | V1.23.2 |
| Audited Branch | `main` (HEAD) |
| Scope | Shell scripts, Go binaries, Configuration |
| Methodology | Static analysis, Threat modeling, Code review |
| Review Cycle | Every 6 months or after major feature additions |
| Next Review | June 2026 |
| Next Review | July 2026 |
**Key Findings:**
- Multi-layer validation effectively blocks risky system modifications.
- Conservative cleaning logic ensures safety (e.g., 60-day dormancy rule).
- Comprehensive protection for VPNs, AI tools, and core system components.
- Operations logging improves traceability while remaining optional (MO_NO_OPLOG=1).
- Atomic operations prevent state corruption during crashes.
- Dry-run and whitelist features give users full control.
- Installer cleanup scans safely and requires user confirmation.
**Recent Remediations:**
- Symlink cleanup in `bin/clean.sh` now routes through `safe_remove` for target validation.
- Orphaned helper cleanup in `lib/clean/apps.sh` now uses `safe_sudo_remove`.
- ByHost preference cleanup in `lib/uninstall/batch.sh` validates bundle IDs and deletes via `safe_remove`.
---
## Security Philosophy

8
bin/clean.sh
View File

@@ -539,13 +539,9 @@ safe_clean() {
read -r size count < "$result_file" 2> /dev/null || true
local removed=0
if [[ "$DRY_RUN" != "true" ]]; then
if [[ -L "$path" ]]; then
rm "$path" 2>/dev/null && removed=1
else
if safe_remove "$path" true; then
removed=1
fi
fi
else
removed=1
fi
@@ -581,13 +577,9 @@ safe_clean() {
local removed=0
if [[ "$DRY_RUN" != "true" ]]; then
if [[ -L "$path" ]]; then
rm "$path" 2>/dev/null && removed=1
else
if safe_remove "$path" true; then
removed=1
fi
fi
else
removed=1
fi

2
lib/clean/apps.sh
View File

@@ -500,7 +500,7 @@ clean_orphaned_system_services() {
if [[ "$orphan_file" == *.plist ]]; then
sudo launchctl unload "$orphan_file" 2> /dev/null || true
fi
if sudo rm -f "$orphan_file" 2> /dev/null; then
if safe_sudo_remove "$orphan_file"; then
debug_log "Removed orphaned service: $orphan_file"
fi
fi

10
lib/uninstall/batch.sh
View File

@@ -502,8 +502,14 @@ batch_uninstall_applications() {
fi
# ByHost preferences (machine-specific).
if [[ -d ~/Library/Preferences/ByHost ]]; then
find ~/Library/Preferences/ByHost -maxdepth 1 -name "${bundle_id}.*.plist" -delete 2> /dev/null || true
if [[ -d "$HOME/Library/Preferences/ByHost" ]]; then
if [[ "$bundle_id" =~ ^[A-Za-z0-9._-]+$ ]]; then
while IFS= read -r -d '' plist_file; do
safe_remove "$plist_file" true > /dev/null || true
done < <(command find "$HOME/Library/Preferences/ByHost" -maxdepth 1 -type f -name "${bundle_id}.*.plist" -print0 2> /dev/null || true)
else
debug_log "Skipping ByHost cleanup, invalid bundle id: $bundle_id"
fi
fi
fi