- Replace parentheses with commas for supplementary info
- Use commas instead of em-dashes for separators
- Update bullet points from - to * in some contexts
- Improve version extraction regex with fallback logic
Previously, apps matching DATA_PROTECTED_BUNDLES patterns (VPNs, dev tools, etc.)
could not be uninstalled because should_protect_path blocked their deletion.
Now use MOLE_UNINSTALL_MODE to distinguish between cleanup and explicit uninstall,
allowing users to remove these apps when they choose to while still protecting
their data during normal cleanup operations.
Also allow deletion of installer receipts in /private/var/db/receipts/.
CRITICAL SECURITY FIX
Enhanced the receipt file parsing in uninstall operations to prevent
accidental deletion of critical system files while maintaining deep
cleanup capabilities.
Changes:
- Tightened whitelist in find_app_receipt_files() to exclude /Users/*,
/usr/*, and /opt/* broad patterns
- Added explicit blacklist for /private/* with safe exceptions for
logs, temp files, and diagnostic data
- Integrated should_protect_path() check for additional protection
- Added file deduplication with sort -u to prevent duplicate deletions
- Removed dry-run feature from batch uninstall (unused entry point)
Path Protection:
✅ Blocked: /etc/passwd, /var/db/*, /private/etc/*, all system binaries
✅ Allowed: /Applications/*, specific /Library/* subdirs, safe /private/* paths
✅ Additional: Keychain files, system preferences via should_protect_path()
This fixes a critical security issue where parsing .bom receipt files
could result in deletion of system files like /etc/passwd and /var/db/*,
leading to system corruption and data loss.
Affects: V1.12.14 and later versions
Testing: Validated against critical system paths, all blocked correctly
Fixes#263
- Change regex from \.\. to (^|/)\.\.(/|$) to only match path components
- Firefox uses ..files suffix in IndexedDB dirs (e.g., name..files)
- Still blocks actual traversal: /tmp/../etc
- Added test cases for Firefox compatibility
- All 16 tests passing
- Add file metadata logging in safe_remove() and safe_sudo_remove()
- Log file type, size, and age when in debug mode
- Support both dry-run and actual removal scenarios
- Part of GitHub issue #242 implementation
- Fix safe_remove set -e trap in command substitution
- Fix has_full_disk_access false positives and unknown state handling
- Use set +e in perform_cleanup for graceful degradation
- Track removal failures and only count actually deleted items (#180)
- Add "Skipped X items (permission denied or in use)" notification
- Improve spinner reliability with cooperative stop mechanism (#175)
