CRITICAL SECURITY FIX
Enhanced the receipt file parsing in uninstall operations to prevent
accidental deletion of critical system files while maintaining deep
cleanup capabilities.
Changes:
- Tightened whitelist in find_app_receipt_files() to exclude /Users/*,
/usr/*, and /opt/* broad patterns
- Added explicit blacklist for /private/* with safe exceptions for
logs, temp files, and diagnostic data
- Integrated should_protect_path() check for additional protection
- Added file deduplication with sort -u to prevent duplicate deletions
- Removed dry-run feature from batch uninstall (unused entry point)
Path Protection:
✅ Blocked: /etc/passwd, /var/db/*, /private/etc/*, all system binaries
✅ Allowed: /Applications/*, specific /Library/* subdirs, safe /private/* paths
✅ Additional: Keychain files, system preferences via should_protect_path()
This fixes a critical security issue where parsing .bom receipt files
could result in deletion of system files like /etc/passwd and /var/db/*,
leading to system corruption and data loss.
Affects: V1.12.14 and later versions
Testing: Validated against critical system paths, all blocked correctly
Remove -icanon mode from stty settings to fix password authentication
failures when passwords contain special characters like '.' or '@'.
The non-canonical mode (-icanon min 1 time 0) caused character loss
in Terminal.app. Using only -echo keeps canonical mode which provides
more reliable character handling across all terminal emulators.
- URL-encode paths when matching against Dock persistent-apps
- Fixes issue where apps with spaces in names (e.g. 'Clash Party') were not removed from Dock
Fixes#307
- Add Firefox to DATA_PROTECTED_BUNDLES to prevent cleaning
- Protects IndexedDB, localStorage, and other complex storage
- Prevents Gmail and other web apps from breaking after clean
- Add Homebrew cask detection and use 'brew uninstall --cask' for proper cleanup
- Add real-time progress feedback during uninstallation
- Optimize scroll performance by only redrawing visible items
- Replace Python-based Dock removal with PlistBuddy for better compatibility
- Add comprehensive tests for Homebrew functionality
Fixes#306
Fixes#263
- Change regex from \.\. to (^|/)\.\.(/|$) to only match path components
- Firefox uses ..files suffix in IndexedDB dirs (e.g., name..files)
- Still blocks actual traversal: /tmp/../etc
- Added test cases for Firefox compatibility
- All 16 tests passing
- Add '/Library/Input Methods' to application scan paths
- Unprotect Sogou, QQ, and Baidu input methods from system critical list
- Enhance file cleanup logic to detect input method plugins and caches
- Allow clean uninstallation and deep cleaning of WeType, Sogou, etc.
- Add file metadata logging in safe_remove() and safe_sudo_remove()
- Log file type, size, and age when in debug mode
- Support both dry-run and actual removal scenarios
- Part of GitHub issue #242 implementation
- Add debug_operation_start() for operation section headers
- Add debug_operation_detail() for detailed operation info
- Add debug_file_action() for file operations with metadata
- Add debug_risk_level() for risk classification with colors
- All functions output to both stderr and log file
- Addresses GitHub issue #242
- Protect Dropbox, OneDrive, Google Drive, Backblaze, Box (Issue #204)
- Add homebrew.mxcl.* services protection
- Document mo optimize --dry-run in help and README
- Bump version to 1.16.2
