From 581f9398e06f6dcd840d1cb8ff6a3896c0790aff Mon Sep 17 00:00:00 2001 From: Tw93 Date: Sat, 13 Dec 2025 12:16:25 +0800 Subject: [PATCH] feat: Add comprehensive protection for various VPN and proxy applications and bump version. --- SECURITY_AUDIT.md | 3 +++ bin/clean.sh | 2 +- lib/core/app_protection.sh | 36 ++++++++++++++++++++++++++++++++++++ mole | 2 +- 4 files changed, 41 insertions(+), 2 deletions(-) diff --git a/SECURITY_AUDIT.md b/SECURITY_AUDIT.md index d00d343..6a92c38 100644 --- a/SECURITY_AUDIT.md +++ b/SECURITY_AUDIT.md @@ -62,6 +62,9 @@ Mole's "Smart Uninstall" and orphan detection (`lib/clean/apps.sh`) are intentio - **Time Machine Preservation** Before cleaning failed backups, Mole checks for the `backupd` process. If a backup is currently running, the cleanup task is strictly **aborted** to prevent data corruption. +- **VPN & Proxy Protection** + Mole includes a comprehensive protection layer for VPN and Proxy applications (e.g., Shadowsocks, V2Ray, Tailscale). It protects both their application bundles and data directories from automated cleanup to prevent network configuration loss. + ## 4. Atomic Operations & Crash Safety We anticipate that scripts can be interrupted (e.g., power loss, `Ctrl+C`). diff --git a/bin/clean.sh b/bin/clean.sh index 54adca3..8560a46 100755 --- a/bin/clean.sh +++ b/bin/clean.sh @@ -223,7 +223,7 @@ safe_clean() { # Hard-coded protection for critical apps (cannot be disabled by user) case "$path" in - *clash* | *Clash* | *surge* | *Surge* | *mihomo* | *openvpn* | *OpenVPN*) + *clash* | *Clash* | *surge* | *Surge* | *mihomo* | *openvpn* | *OpenVPN* | *verge* | *Verge* | *shadowsocks* | *Shadowsocks* | *v2ray* | *V2Ray* | *sing-box* | *tailscale* | *nordvpn* | *NordVPN* | *expressvpn* | *ExpressVPN* | *protonvpn* | *ProtonVPN* | *mullvad* | *Mullvad* | *hiddify* | *Hiddify* | *loon* | *Loon*) skip=true ((skipped_count++)) ;; diff --git a/lib/core/app_protection.sh b/lib/core/app_protection.sh index 58570ca..20bbf6d 100755 --- a/lib/core/app_protection.sh +++ b/lib/core/app_protection.sh @@ -140,10 +140,46 @@ readonly DATA_PROTECTED_BUNDLES=( # Network Proxy & VPN Tools (protect all variants) "*clash*" # All Clash variants (ClashX, ClashX Pro, Clash Verge, etc) "*Clash*" # Capitalized variants + "*clash-verge*" # Explicit Clash Verge protection + "*verge*" # Verge variants (lowercase) + "*Verge*" # Verge variants (capitalized) "com.nssurge.surge-mac" # Surge "mihomo*" # Mihomo Party and variants "*openvpn*" # OpenVPN Connect and variants "*OpenVPN*" # OpenVPN capitalized variants + + # Proxy Clients (Shadowsocks, V2Ray, etc) + "*ShadowsocksX-NG*" # ShadowsocksX-NG + "com.qiuyuzhou.*" # ShadowsocksX-NG bundle + "*v2ray*" # V2Ray variants + "*V2Ray*" # V2Ray variants + "*v2box*" # V2Box + "*V2Box*" # V2Box + "*nekoray*" # Nekoray + "*sing-box*" # Sing-box + "*OneBox*" # OneBox + "*hiddify*" # Hiddify + "*Hiddify*" # Hiddify + "*loon*" # Loon + "*Loon*" # Loon + "*quantumult*" # Quantumult X + + # Mesh & Corporate VPNs + "*tailscale*" # Tailscale + "io.tailscale.*" # Tailscale bundle + "*zerotier*" # ZeroTier + "com.zerotier.*" # ZeroTier bundle + "*1dot1dot1dot1*" # Cloudflare WARP + "*cloudflare*warp*" # Cloudflare WARP + + # Commercial VPNs + "*nordvpn*" # NordVPN + "*expressvpn*" # ExpressVPN + "*protonvpn*" # ProtonVPN + "*surfshark*" # Surfshark + "*windscribe*" # Windscribe + "*mullvad*" # Mullvad + "*privateinternetaccess*" # PIA "net.openvpn.*" # OpenVPN bundle IDs # ============================================================================ diff --git a/mole b/mole index d2decbf..40c7dbb 100755 --- a/mole +++ b/mole @@ -22,7 +22,7 @@ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" source "$SCRIPT_DIR/lib/core/common.sh" # Version info -VERSION="1.12.19" +VERSION="1.12.20" MOLE_TAGLINE="can dig deep to clean your Mac." # Check if Touch ID is already configured