From 11936bce577ef59d7fd328d96c5988023423f82f Mon Sep 17 00:00:00 2001 From: Tw93 Date: Mon, 1 Dec 2025 14:45:18 +0800 Subject: [PATCH] Whitelist capability optimization --- bin/clean.sh | 73 +++++++++++++++++++++++++--------------- lib/common.sh | 13 +++++++ lib/whitelist_manager.sh | 62 ++++++++++++++++++++++++---------- 3 files changed, 103 insertions(+), 45 deletions(-) diff --git a/bin/clean.sh b/bin/clean.sh index 89a9abe..accf149 100755 --- a/bin/clean.sh +++ b/bin/clean.sh @@ -32,18 +32,9 @@ readonly PROTECTED_SW_DOMAINS=( "photopea.com" "pixlr.com" ) -readonly FINDER_METADATA_SENTINEL="FINDER_METADATA" -# Default whitelist patterns (preselected, user can disable) -declare -a DEFAULT_WHITELIST_PATTERNS=( - "$HOME/Library/Caches/ms-playwright*" - "$HOME/.cache/huggingface*" - "$HOME/.m2/repository/*" - "$HOME/.ollama/models/*" - "$HOME/Library/Caches/com.nssurge.surge-mac/*" - "$HOME/Library/Application Support/com.nssurge.surge-mac/*" - "$HOME/Library/Caches/org.R-project.R/R/renv/*" - "$FINDER_METADATA_SENTINEL" -) + +# Whitelist patterns (loaded from common.sh) +# FINDER_METADATA_SENTINEL and DEFAULT_WHITELIST_PATTERNS defined in lib/common.sh declare -a WHITELIST_PATTERNS=() WHITELIST_WARNINGS=() @@ -66,17 +57,20 @@ if [[ -f "$HOME/.config/mole/whitelist" ]]; then continue fi - # Path validation with support for spaces and wildcards - # Allow: letters, numbers, /, _, ., -, @, spaces, and * anywhere in path - if [[ ! "$line" =~ ^[a-zA-Z0-9/_.@\ *-]+$ ]]; then - WHITELIST_WARNINGS+=("Invalid path format: $line") - continue - fi + # Skip validation for special sentinel values + if [[ "$line" != "$FINDER_METADATA_SENTINEL" ]]; then + # Path validation with support for spaces and wildcards + # Allow: letters, numbers, /, _, ., -, @, spaces, and * anywhere in path + if [[ ! "$line" =~ ^[a-zA-Z0-9/_.@\ *-]+$ ]]; then + WHITELIST_WARNINGS+=("Invalid path format: $line") + continue + fi - # Require absolute paths (must start with /) - if [[ "$line" != /* ]]; then - WHITELIST_WARNINGS+=("Must be absolute path: $line") - continue + # Require absolute paths (must start with /) + if [[ "$line" != /* ]]; then + WHITELIST_WARNINGS+=("Must be absolute path: $line") + continue + fi fi # Reject paths with consecutive slashes (e.g., //) @@ -525,12 +519,35 @@ perform_cleanup() { check_tcc_permissions # Show whitelist info if patterns are active - local active_count=${#WHITELIST_PATTERNS[@]} - if [[ $active_count -gt 2 ]]; then - local custom_count=$((active_count - 2)) - echo -e "${BLUE}${ICON_SUCCESS}${NC} Whitelist: $custom_count custom + 2 core patterns active" - elif [[ $active_count -eq 2 ]]; then - echo -e "${BLUE}${ICON_SUCCESS}${NC} Whitelist: 2 core patterns active" + if [[ ${#WHITELIST_PATTERNS[@]} -gt 0 ]]; then + # Count predefined vs custom patterns + local predefined_count=0 + local custom_count=0 + + for pattern in "${WHITELIST_PATTERNS[@]}"; do + local is_predefined=false + for default in "${DEFAULT_WHITELIST_PATTERNS[@]}"; do + if [[ "$pattern" == "$default" ]]; then + is_predefined=true + break + fi + done + + if [[ "$is_predefined" == "true" ]]; then + ((predefined_count++)) + else + ((custom_count++)) + fi + done + + # Display whitelist status + if [[ $custom_count -gt 0 && $predefined_count -gt 0 ]]; then + echo -e "${BLUE}${ICON_SUCCESS}${NC} Whitelist: $predefined_count core + $custom_count custom patterns active" + elif [[ $custom_count -gt 0 ]]; then + echo -e "${BLUE}${ICON_SUCCESS}${NC} Whitelist: $custom_count custom patterns active" + elif [[ $predefined_count -gt 0 ]]; then + echo -e "${BLUE}${ICON_SUCCESS}${NC} Whitelist: $predefined_count core patterns active" + fi fi # Initialize counters diff --git a/lib/common.sh b/lib/common.sh index 6a471a4..222737a 100755 --- a/lib/common.sh +++ b/lib/common.sh @@ -45,6 +45,19 @@ readonly MOLE_CRASH_REPORT_AGE_DAYS=30 # Crash report retention readonly MOLE_SAVED_STATE_AGE_DAYS=7 # App saved state retention readonly MOLE_TM_BACKUP_SAFE_HOURS=48 # Time Machine failed backup safety window +# Whitelist configuration +readonly FINDER_METADATA_SENTINEL="FINDER_METADATA" +declare -a DEFAULT_WHITELIST_PATTERNS=( + "$HOME/Library/Caches/ms-playwright*" + "$HOME/.cache/huggingface*" + "$HOME/.m2/repository/*" + "$HOME/.ollama/models/*" + "$HOME/Library/Caches/com.nssurge.surge-mac/*" + "$HOME/Library/Application Support/com.nssurge.surge-mac/*" + "$HOME/Library/Caches/org.R-project.R/R/renv/*" + "$FINDER_METADATA_SENTINEL" +) + # Get spinner characters (overridable via MO_SPINNER_CHARS) mo_spinner_chars() { local chars="${MO_SPINNER_CHARS:-|/-\\}" diff --git a/lib/whitelist_manager.sh b/lib/whitelist_manager.sh index 249d223..02f4923 100755 --- a/lib/whitelist_manager.sh +++ b/lib/whitelist_manager.sh @@ -12,17 +12,9 @@ source "$SCRIPT_DIR/menu_simple.sh" # Config file path WHITELIST_CONFIG="$HOME/.config/mole/whitelist" -# Default whitelist patterns (preselected on first run) -declare -a DEFAULT_WHITELIST_PATTERNS=( - "$HOME/Library/Caches/ms-playwright*" - "$HOME/.cache/huggingface*" - "$HOME/.m2/repository/*" - "$HOME/.ollama/models/*" - "$HOME/Library/Caches/com.nssurge.surge-mac/*" - "$HOME/Library/Application Support/com.nssurge.surge-mac/*" - "$HOME/Library/Caches/org.R-project.R/R/renv/*" - "FINDER_METADATA" -) +# Default whitelist patterns defined in lib/common.sh: +# - DEFAULT_WHITELIST_PATTERNS +# - FINDER_METADATA_SENTINEL # Save whitelist patterns to config save_whitelist_patterns() { @@ -131,8 +123,9 @@ Podman container cache|$HOME/.local/share/containers/cache/*|container_cache Font cache|$HOME/Library/Caches/com.apple.FontRegistry/*|system_cache Spotlight metadata cache|$HOME/Library/Caches/com.apple.spotlight/*|system_cache CloudKit cache|$HOME/Library/Caches/CloudKit/*|system_cache -Finder metadata (.DS_Store)|FINDER_METADATA|system_cache EOF + # Add FINDER_METADATA with constant reference + echo "Finder metadata (.DS_Store)|$FINDER_METADATA_SENTINEL|system_cache" } patterns_equivalent() { @@ -222,6 +215,23 @@ manage_whitelist_categories() { ((index++)) done < <(get_all_cache_items) + # Identify custom patterns (not in predefined list) + local -a custom_patterns=() + if [[ ${#CURRENT_WHITELIST_PATTERNS[@]} -gt 0 ]]; then + for current_pattern in "${CURRENT_WHITELIST_PATTERNS[@]}"; do + local is_predefined=false + for predefined_pattern in "${cache_patterns[@]}"; do + if patterns_equivalent "$current_pattern" "$predefined_pattern"; then + is_predefined=true + break + fi + done + if [[ "$is_predefined" == "false" ]]; then + custom_patterns+=("$current_pattern") + fi + done + fi + # Prioritize already-selected items to appear first local -a selected_cache_items=() local -a selected_cache_patterns=() @@ -293,16 +303,34 @@ manage_whitelist_categories() { done fi - # Save to whitelist config (bash 3.2 + set -u safe) + # Merge custom patterns with selected patterns + local -a all_patterns=() if [[ ${#selected_patterns[@]} -gt 0 ]]; then - save_whitelist_patterns "${selected_patterns[@]}" + all_patterns=("${selected_patterns[@]}") + fi + if [[ ${#custom_patterns[@]} -gt 0 ]]; then + for custom_pattern in "${custom_patterns[@]}"; do + all_patterns+=("$custom_pattern") + done + fi + + # Save to whitelist config (bash 3.2 + set -u safe) + if [[ ${#all_patterns[@]} -gt 0 ]]; then + save_whitelist_patterns "${all_patterns[@]}" else save_whitelist_patterns fi - print_summary_block "success" \ - "Protected ${#selected_patterns[@]} cache(s)" \ - "Saved to ${WHITELIST_CONFIG}" + local total_protected=$((${#selected_patterns[@]} + ${#custom_patterns[@]})) + local -a summary_lines=() + if [[ ${#custom_patterns[@]} -gt 0 ]]; then + summary_lines+=("Protected ${#selected_patterns[@]} predefined + ${#custom_patterns[@]} custom patterns") + else + summary_lines+=("Protected ${total_protected} cache(s)") + fi + summary_lines+=("Saved to ${WHITELIST_CONFIG}") + + print_summary_block "success" "${summary_lines[@]}" printf '\n' }