mirror of
https://github.com/tw93/Mole.git
synced 2026-02-16 14:43:39 +00:00
fix: harden cleanup path validation
This commit is contained in:
@@ -2,7 +2,7 @@
|
||||
|
||||
<div align="center">
|
||||
|
||||
**Status:** PASSED | **Risk Level:** LOW | **Version:** 1.22.1 (2026-01-17)
|
||||
**Status:** PASSED | **Risk Level:** LOW | **Version:** 1.23.2 (2026-01-26)
|
||||
|
||||
</div>
|
||||
|
||||
@@ -12,24 +12,31 @@
|
||||
|
||||
| Attribute | Details |
|
||||
|-----------|---------|
|
||||
| Audit Date | January 17, 2026 |
|
||||
| Audit Date | January 26, 2026 |
|
||||
| Audit Conclusion | **PASSED** |
|
||||
| Mole Version | V1.22.0 |
|
||||
| Mole Version | V1.23.2 |
|
||||
| Audited Branch | `main` (HEAD) |
|
||||
| Scope | Shell scripts, Go binaries, Configuration |
|
||||
| Methodology | Static analysis, Threat modeling, Code review |
|
||||
| Review Cycle | Every 6 months or after major feature additions |
|
||||
| Next Review | June 2026 |
|
||||
| Next Review | July 2026 |
|
||||
|
||||
**Key Findings:**
|
||||
|
||||
- Multi-layer validation effectively blocks risky system modifications.
|
||||
- Conservative cleaning logic ensures safety (e.g., 60-day dormancy rule).
|
||||
- Comprehensive protection for VPNs, AI tools, and core system components.
|
||||
- Operations logging improves traceability while remaining optional (MO_NO_OPLOG=1).
|
||||
- Atomic operations prevent state corruption during crashes.
|
||||
- Dry-run and whitelist features give users full control.
|
||||
- Installer cleanup scans safely and requires user confirmation.
|
||||
|
||||
**Recent Remediations:**
|
||||
|
||||
- Symlink cleanup in `bin/clean.sh` now routes through `safe_remove` for target validation.
|
||||
- Orphaned helper cleanup in `lib/clean/apps.sh` now uses `safe_sudo_remove`.
|
||||
- ByHost preference cleanup in `lib/uninstall/batch.sh` validates bundle IDs and deletes via `safe_remove`.
|
||||
|
||||
---
|
||||
|
||||
## Security Philosophy
|
||||
|
||||
@@ -539,13 +539,9 @@ safe_clean() {
|
||||
read -r size count < "$result_file" 2> /dev/null || true
|
||||
local removed=0
|
||||
if [[ "$DRY_RUN" != "true" ]]; then
|
||||
if [[ -L "$path" ]]; then
|
||||
rm "$path" 2>/dev/null && removed=1
|
||||
else
|
||||
if safe_remove "$path" true; then
|
||||
removed=1
|
||||
fi
|
||||
fi
|
||||
else
|
||||
removed=1
|
||||
fi
|
||||
@@ -581,13 +577,9 @@ safe_clean() {
|
||||
|
||||
local removed=0
|
||||
if [[ "$DRY_RUN" != "true" ]]; then
|
||||
if [[ -L "$path" ]]; then
|
||||
rm "$path" 2>/dev/null && removed=1
|
||||
else
|
||||
if safe_remove "$path" true; then
|
||||
removed=1
|
||||
fi
|
||||
fi
|
||||
else
|
||||
removed=1
|
||||
fi
|
||||
|
||||
@@ -500,7 +500,7 @@ clean_orphaned_system_services() {
|
||||
if [[ "$orphan_file" == *.plist ]]; then
|
||||
sudo launchctl unload "$orphan_file" 2> /dev/null || true
|
||||
fi
|
||||
if sudo rm -f "$orphan_file" 2> /dev/null; then
|
||||
if safe_sudo_remove "$orphan_file"; then
|
||||
debug_log "Removed orphaned service: $orphan_file"
|
||||
fi
|
||||
fi
|
||||
|
||||
@@ -502,8 +502,14 @@ batch_uninstall_applications() {
|
||||
fi
|
||||
|
||||
# ByHost preferences (machine-specific).
|
||||
if [[ -d ~/Library/Preferences/ByHost ]]; then
|
||||
find ~/Library/Preferences/ByHost -maxdepth 1 -name "${bundle_id}.*.plist" -delete 2> /dev/null || true
|
||||
if [[ -d "$HOME/Library/Preferences/ByHost" ]]; then
|
||||
if [[ "$bundle_id" =~ ^[A-Za-z0-9._-]+$ ]]; then
|
||||
while IFS= read -r -d '' plist_file; do
|
||||
safe_remove "$plist_file" true > /dev/null || true
|
||||
done < <(command find "$HOME/Library/Preferences/ByHost" -maxdepth 1 -type f -name "${bundle_id}.*.plist" -print0 2> /dev/null || true)
|
||||
else
|
||||
debug_log "Skipping ByHost cleanup, invalid bundle id: $bundle_id"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
Reference in New Issue
Block a user