mirrors/Mole
1
0
Fork 0
mirror of https://github.com/tw93/Mole.git synced 2026-02-10 10:14:23 +00:00
Code Activity

Adjust indentation of path safety checks and file processing within app protection.

Browse Source
This commit is contained in:
Tw93
2025-12-12 14:36:17 +08:00
parent 23b6dedd88
commit dbdc9cdb45
1 changed files with 43 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
lib/core/app_protection.sh
View File

@@ -736,54 +736,54 @@ find_app_receipt_files() {
# Whitelisted prefixes # Whitelisted prefixes
case "$clean_path" in case "$clean_path" in
/Applications/*) is_safe=true ;; /Applications/*) is_safe=true ;;
/Users/*) is_safe=true ;; /Users/*) is_safe=true ;;
/usr/local/*) is_safe=true ;; /usr/local/*) is_safe=true ;;
/opt/*) is_safe=true ;; /opt/*) is_safe=true ;;
/Library/*) /Library/*)
# Filter sub-paths in /Library to avoid system damage # Filter sub-paths in /Library to avoid system damage
# Allow safely: Application Support, Caches, Logs, Preferences # Allow safely: Application Support, Caches, Logs, Preferences
case "$clean_path" in case "$clean_path" in
/Library/Application\ Support/*) is_safe=true ;; /Library/Application\ Support/*) is_safe=true ;;
/Library/Caches/*) is_safe=true ;; /Library/Caches/*) is_safe=true ;;
/Library/Logs/*) is_safe=true ;; /Library/Logs/*) is_safe=true ;;
/Library/Preferences/*) is_safe=true ;; /Library/Preferences/*) is_safe=true ;;
/Library/PrivilegedHelperTools/*) is_safe=true ;; /Library/PrivilegedHelperTools/*) is_safe=true ;;
/Library/LaunchAgents/*) is_safe=true ;; /Library/LaunchAgents/*) is_safe=true ;;
/Library/LaunchDaemons/*) is_safe=true ;; /Library/LaunchDaemons/*) is_safe=true ;;
/Library/Internet\ Plug-Ins/*) is_safe=true ;; /Library/Internet\ Plug-Ins/*) is_safe=true ;;
/Library/Audio/Plug-Ins/*) is_safe=true ;; /Library/Audio/Plug-Ins/*) is_safe=true ;;
/Library/Extensions/*) is_safe=false ;; # Default unsafe /Library/Extensions/*) is_safe=false ;; # Default unsafe
*) is_safe=false ;; *) is_safe=false ;;
esac esac
;; ;;
esac esac
# Hard blocks # Hard blocks
case "$clean_path" in case "$clean_path" in
/System/* | /usr/bin/* | /usr/lib/* | /bin/* | /sbin/*) is_safe=false ;; /System/* | /usr/bin/* | /usr/lib/* | /bin/* | /sbin/*) is_safe=false ;;
esac esac
if [[ "$is_safe" == "true" && -e "$clean_path" ]]; then if [[ "$is_safe" == "true" && -e "$clean_path" ]]; then
# Only valid files # Only valid files
# Don't delete directories if they are non-empty parents? # Don't delete directories if they are non-empty parents?
# lsbom lists directories too. # lsbom lists directories too.
# If we return a directory, `safe_remove` logic handles it. # If we return a directory, `safe_remove` logic handles it.
# `uninstall.sh` uses `remove_file_list`. # `uninstall.sh` uses `remove_file_list`.
# If `lsbom` lists `/Applications` (it shouldn't, only contents), we must be careful. # If `lsbom` lists `/Applications` (it shouldn't, only contents), we must be careful.
# `lsbom` usually lists `./Applications/MyApp.app`. # `lsbom` usually lists `./Applications/MyApp.app`.
# If it lists `./Applications`, we must skip it. # If it lists `./Applications`, we must skip it.
# Extra check: path must be deep enough? # Extra check: path must be deep enough?
# If path is just "/Applications", skip. # If path is just "/Applications", skip.
if [[ "$clean_path" == "/Applications" || "$clean_path" == "/Library" || "$clean_path" == "/usr/local" ]]; then if [[ "$clean_path" == "/Applications" || "$clean_path" == "/Library" || "$clean_path" == "/usr/local" ]]; then
continue continue
fi
receipt_files+=("$clean_path")
fi fi
receipt_files+=("$clean_path") done <<< "$bom_content"
fi done
done <<< "$bom_content"
done
fi fi
if [[ ${#receipt_files[@]} -gt 0 ]]; then if [[ ${#receipt_files[@]} -gt 0 ]]; then
printf '%s\n' "${receipt_files[@]}" printf '%s\n' "${receipt_files[@]}"