filepath.Abs resolves ".." components, so the existing validatePath call
on the resolved path could never catch traversal attempts. Move validation
before Abs to reject raw input with "..", keeping the post-Abs check as
defense-in-depth.
- Add TestValidatePath covering Chinese, emoji, and special characters
- Add TestValidatePathWithChineseAndSpecialChars for filesystem tests
- Fix validatePath to detect .. components without rejecting valid paths
Ensures paths with $, ;, :, emoji, Chinese chars are not rejected
while still blocking path traversal attempts.
All files in cmd/analyze/ are macOS-only but several were missing the
//go:build darwin constraint. On Linux (e.g. CodeQL CI), Go compiled
these files without the types defined in main.go (which had the tag),
causing undefined symbol errors for dirEntry, fileEntry, scanResult,
cacheEntry, historyEntry and model.
- Add //go:build darwin to heap.go, cache.go, scanner.go, cleanable.go,
delete.go, format.go, constants.go and all *_test.go files
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
* feat: add JSON output tests and README docs for analyze and status
Add 7 BATS tests covering `--json` output for `mo analyze` and `mo status`:
- schema structure
- field types
- pipe auto-detection.
Also document the `--json` flag in a new "Machine-Readable Output" README section, including the auto-detection behavior when piped.
* chore: use waitgroup go in status collector
---------
Co-authored-by: Tw93 <hitw93@gmail.com>
* feat: add --json flag to analyze command
* feat: implement JSON output mode for analyze
* refactor: rename jsonOutput flag to jsonMode to avoid conflict
Network rate calculation requires two samples to compute the delta.
In JSON mode, the collector was only called once, causing the network
field to always return nil.
This change adds a second collection call with a 1-second interval,
allowing the network rates to be calculated properly.
Add --json command-line flag to mo status that outputs system metrics
in JSON format without requiring a TTY environment.
This enables:
- Integration with GUI applications (e.g., native macOS apps)
- Use in automation scripts and monitoring systems
- Piping output to tools like jq for data extraction
- Recording metrics for analysis
Implementation:
- Add JSON struct tags to all metric types
- Add --json flag using Go's flag package
- Implement runJSONMode() for one-time metric collection
- Refactor main() to support both TUI and JSON modes
- Maintain 100% backward compatibility (default TUI unchanged)
Testing:
- All 454 existing tests pass
- JSON output validated with jq and python json.tool
- Pipeline and redirection work correctly
- No breaking changes to existing functionality
- Switch bytes_to_human (shell) and humanizeBytes (Go) from Base-2
(1024) to Base-10 (1000) to match Apple's storage calculation
standard since Snow Leopard
- Add proper decimal rounding instead of truncation
- Use mdls kMDItemLogicalSize for .app bundles to avoid APFS clone
file undercounting by du
Fixes#511
- renderHeader now returns empty string as second return value when
error message is present, avoiding duplicate mole in main.go View
- Add unit tests to prevent regression
Fixes P2 issue: view.go (line 184) + main.go (line 160)
When multiple disks are connected, the status command was sorting
only by size, causing external disks to appear first when they are
larger than the internal disk. This resulted in showing incorrect
free space (external disk size) instead of the internal disk.
The sort now prioritizes internal disks before sorting by size,
ensuring the internal disk always appears first.
Fixes#466
When the terminal is stretched wide, the header info line may wrap to
multiple lines but the mole position was calculated independently based
on terminal width, causing vertical misalignment.
Separate header and mole rendering so mole always appears on dedicated
lines below the header regardless of terminal width.
Created optional flag `--exclude-volumes` for `mo analyze` to consent the users to analyze the filesystem without taking in consideration attached Volumes.
Normal behaviour (with volumes included) is left untouched.
- Replace time.After() with reusable timer to reduce GC pressure
- Use pre-compiled regex for app bundle matching (O(1) vs O(N))
- Fix Bash 3.2 compatibility (remove local -n usage)
Add unit tests for parsing functions in `cmd/status/view_test.go`:
- `parseInt`: parses integers from strings with padding/decimals
- `parseRefreshRate`: parses display refresh rates from system output
- `isNoiseInterface`: filters noise network interfaces
- `parsePMSet`: parses macOS pmset battery output
Coverage for `cmd/status` improved from 8.4% to 12.6%.
- Add get_timestamp() helper and optimize log rotation
- Create mo log viewer with search/filter capabilities
- Improve test coverage to 18.4% with better assertions
- Add security fixes for grep injection prevention
Add unit tests for additional utility functions in `cmd/status/view_test.go`:
- `humanBytes`: byte formatting with decimals and units
- `humanBytesCompact`: compact byte formatting
- `splitDisks`: separates internal/external disks
- `diskLabel`: generates numbered disk labels
Coverage for cmd/status improved from 6.9% to 8.4%.
Add unit tests for utility functions in cmd/status/view_test.go:
- formatRate: MB/s rate formatting with adaptive precision
- shorten: string truncation with ellipsis
- humanBytesShort: byte formatting with binary units
Add unit tests for heap implementations in cmd/analyze/heap_test.go:
- entryHeap: min-heap for dirEntry (basic ops, empty, single element)
- largeFileHeap: min-heap for fileEntry (basic ops, top N pattern)
- Replace parentheses with commas for supplementary info
- Use commas instead of em-dashes for separators
- Update bullet points from - to * in some contexts
- Improve version extraction regex with fallback logic
