filepath.Abs resolves ".." components, so the existing validatePath call
on the resolved path could never catch traversal attempts. Move validation
before Abs to reject raw input with "..", keeping the post-Abs check as
defense-in-depth.
- Add TestValidatePath covering Chinese, emoji, and special characters
- Add TestValidatePathWithChineseAndSpecialChars for filesystem tests
- Fix validatePath to detect .. components without rejecting valid paths
Ensures paths with $, ;, :, emoji, Chinese chars are not rejected
while still blocking path traversal attempts.
All files in cmd/analyze/ are macOS-only but several were missing the
//go:build darwin constraint. On Linux (e.g. CodeQL CI), Go compiled
these files without the types defined in main.go (which had the tag),
causing undefined symbol errors for dirEntry, fileEntry, scanResult,
cacheEntry, historyEntry and model.
- Add //go:build darwin to heap.go, cache.go, scanner.go, cleanable.go,
delete.go, format.go, constants.go and all *_test.go files
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Change delete confirmation from double-delete to Delete→Enter
- Move files to macOS Trash instead of permanent deletion
- Allow file recovery from Trash if accidentally deleted
- Update UI prompts to show 'Press Enter to confirm'
- Skip Finder-dependent tests in CI environments
- Update SECURITY_AUDIT.md with new safety mechanisms
Closes#288
