mirrors/Mole
1
0
Fork 0
mirror of https://github.com/tw93/Mole.git synced 2026-03-22 19:40:07 +00:00
Code Activity
1,859 Commits 3 Branches 177 Tags
13274154d40251be00bcd5cd4379efe04ee5bb1d
Commit Graph

42 Commits

Author SHA1 Message Date
Tw93
2e6553ab2b Protect user launch agents during clean 2026-03-14 22:32:53 +08:00
Tw93
20a396b33e chore: add journal/ to gitignore, merge path docs into SECURITY_AUDIT 2026-03-11 11:25:03 +08:00
Tw93
af84d6f4be docs: strengthen public security signals 2026-03-10 15:31:07 +08:00
tw93
4df6c9c531 chore: prepare release v1.30.0 2026-03-08 16:43:59 +08:00
tw93
943e68bb1c docs: refresh security audit reference 2026-03-08 15:35:45 +08:00
tw93
a9433e4acd fix: preserve interrupt semantics and restore purge traps 2026-02-27 11:18:53 +08:00
tw93
194fe871e5 chore(release): bump to 1.28.0 and refresh security audit 2026-02-27 10:07:49 +08:00
tw93
fd5ceea743 feat(clean): expand conservative cache cleanup coverage 
- add conservative support/app/system cache targets\n- fix dry-run + success logging behavior for memory exception cleanup\n- add regression tests for new cleanup paths and safeguards\n\nRefs #477
 2026-02-22 11:06:48 +08:00
tw93
831aebfc3e docs(security): refresh audit for v1.27.0 cleanup hardening 
- document safe deletion flow changes in system/user cleanup

- update timeout reference and latest local security test results
 2026-02-21 23:38:41 +08:00
tw93
7760b36c74 Update Security Review 2026-01-27 20:22:30 +08:00
tw93
0fe72245ce docs: rewrite SECURITY_AUDIT.md as technical reference 2026-01-27 10:22:07 +08:00
tw93
3919a70300 fix: enhance uninstall security per audit review 
- Validate bundle_id format (reverse-DNS) in stop_launch_services() to prevent glob injection attacks
    - Add common word exclusion list for LaunchAgents name search to avoid false positive matches (Music, Notes, Photos, etc.) - Add security comments explaining symlink handling in remove_file_list()
    - Improve brew_uninstall_cask() timeout handling: exit code 124 now returns failure immediately
    - Update SECURITY_AUDIT.md with remediation details
 2026-01-26 20:27:46 +08:00
tw93
0fbf88a6c6 fix: harden cleanup path validation 2026-01-26 15:43:11 +08:00
Tw93
72f42a363e chore: remove redundant sensors card and bump version to 1.22.1 
- Disable sensors data collection (CPU temp already shown in CPU card)
- Remove unused sensor-related functions (collectSensors, prettifyLabel, hasSensorData, renderSensorsCard)
- Remove unused gopsutil/sensors import
- Fix inline spinner disown call with explicit PID
- Update version from 1.22.0 to 1.22.1
- Update SECURITY_AUDIT.md to match new version and date
 2026-01-17 10:46:11 +08:00
Tw93
06342de24f security: restrict BOM whitelist to prevent shared component deletion 
- Removes shared directories (Frameworks, Plugins, etc) from receipt scanning whitelist
- Ensures that uninstalling an app won't accidentally delete shared system libraries
- Updates SECURITY_AUDIT.md to reflect stricter receipt scanning policy
 2026-01-16 09:54:36 +08:00
Tw93
2cecb881a9 docs: update SECURITY_AUDIT for receipt processing safety 
- Document /private path exceptions for safe cleanup
- Add receipt file filtering details
- Auto-format shell scripts (shellcheck)
 2026-01-15 21:02:13 +08:00
Tw93
c34d91b36f feat: enhance uninstall with launch items and login items cleanup 
- Add automatic cleanup of LaunchAgents/Daemons (Issue #315)
- Support both system and user-level launch paths
- Add Login Items cleanup (fixing broken entries like CodexBar)
- Improve Homebrew uninstall logging visibility
- Update security audit and tests
 2026-01-15 11:39:33 +08:00
Tw93
54be4e30a2 fix: global optimization for safe_clean and doc update 2026-01-11 09:55:18 +08:00
Tw93
74fc3df455 Merge branch 'pr-287' into dev 2026-01-11 09:27:15 +08:00
Tw93
413b2c8f98 fix: disable aggressive cleanup and optimize directory checks 2026-01-11 09:27:12 +08:00
Tw93
fdacd3e087 update security audit 2026-01-11 08:51:01 +08:00
Tw93
ebb4f7a1e9 feat(analyze): safer deletion with Trash and two-key confirm 
- Change delete confirmation from double-delete to Delete→Enter
- Move files to macOS Trash instead of permanent deletion
- Allow file recovery from Trash if accidentally deleted
- Update UI prompts to show 'Press Enter to confirm'
- Skip Finder-dependent tests in CI environments
- Update SECURITY_AUDIT.md with new safety mechanisms

Closes #288
 2026-01-10 07:24:58 +08:00
Tw93
cbd777bf14 Update documents and instructions 2026-01-09 17:13:34 +08:00
Tw93
d3f1cdd834 fix(security): allow Firefox ..files directories in path validation 
Fixes #263

- Change regex from \.\. to (^|/)\.\.(/|$) to only match path components
- Firefox uses ..files suffix in IndexedDB dirs (e.g., name..files)
- Still blocks actual traversal: /tmp/../etc
- Added test cases for Firefox compatibility
- All 16 tests passing
 2026-01-06 09:51:34 +08:00
Tw93
d968cc0ab7 docs: update security audit report to v1.19.0 and add installer cleanup feature 2026-01-05 15:30:23 +08:00
Tw93
9aa569cbb6 feat: Enhance clean, optimize, analyze, and status commands, and update security audit documentation. 2025-12-31 16:23:31 +08:00
Tw93
af61748977 release binaries via GH releases and update installer fallback 2025-12-29 20:23:11 +08:00
Tw93
44e91be007 feat: add new system optimization tasks and implement orphaned startup item cleanup 2025-12-29 19:06:04 +08:00
Tw93
b67204f959 feat: remove SQLite vacuum optimization, enhance CJK/emoji width calculation, and improve system cleanup and UI feedback. 2025-12-29 00:29:42 +08:00
Tw93
50e47a3cd9 chore: bump version to 1.15.3 and update the security audit report following core protection and file operation refinements. 2025-12-28 21:30:39 +08:00
Tw93
cebbc8396a update Security Audit Report 2025-12-26 18:39:53 +08:00
Tw93
d2dc68da90 feat: Enhance app protection with centralized critical component checks, improve UI string width calculation, refine analysis and cleaning logic, and add new tests. 2025-12-22 11:24:04 +08:00
Tw93
8eeed7d079 feat(clean, optimize): enhance recent items cleanup safety 2025-12-18 17:19:18 +08:00
Tw93
af03452f6d feat: Enhance clean and optimize operations with new configuration constants 2025-12-18 17:02:04 +08:00
Tw93
125546545e docs: Update security audit report to reflect V1.12.25, including AI/LLM data protection and refined safety constraints. 2025-12-14 08:57:27 +08:00
Tw93
581f9398e0 feat: Add comprehensive protection for various VPN and proxy applications and bump version. 2025-12-13 12:16:25 +08:00
Tw93
ddce2a197d Parallelize metric collection, improve Touch ID script robustness, and add debug logging for clean command. 2025-12-12 14:11:20 +08:00
Tw93
f858d43b88 There is no blank line at the end of status 2025-12-12 10:49:57 +08:00
Tw93
18b177f486 docs(security): update audit with uninstallation heuristics protocols 2025-12-11 15:58:26 +08:00
Tw93
3a8199469f Supplemental Security Audit Report 2025-12-11 15:19:26 +08:00
Tw93
0384b3ffd2 Supplemental Security Audit Report 2025-12-11 15:18:04 +08:00
Tw93
6d2fdd7392 Supplemental Security Audit Report 2025-12-11 15:10:49 +08:00