← Back to AI Insights
Gemini Executive Synthesis

Allow-list bypass vulnerability due to incorrect path prefix matching without trailing slash.

Technical Positioning
Secure file system operations; accurate allow-list validation; preventing unauthorized file deletion.
SaaS Insight & Market Implications
This issue identifies a critical allow-list bypass vulnerability in PureMac's `CleaningEngine.isSafeToDelete` function. The validation logic uses `resolvedPath.hasPrefix(root)` without ensuring a trailing path separator. This allows sibling directories that merely *start* with an allow-listed name to pass the safety check, enabling the deletion of files outside intended boundaries. For example, `/tmp` incorrectly validates `/tmpfoo/victim.secret`. This flaw, while seemingly minor, can be chained with other vulnerabilities (like env-steering of `brew --cache`) to facilitate arbitrary data deletion. The proposed fix, appending a trailing slash to roots for `hasPrefix` comparison, is essential. This highlights a fundamental error in path validation, compromising the core security guarantees of the cleaning engine.
Proprietary Technical Taxonomy
isSafeToDelete allow-list bypass hasPrefix trailing slash resolvedPath root sibling directories normalizedPath

Raw Developer Origin & Technical Request

Source Icon GitHub Issue Apr 16, 2026
Repo: momenbasel/PureMac
security: isSafeToDelete allow-list bypass via hasPrefix without trailing slash

### Summary
`CleaningEngine.isSafeToDelete` validates paths with `resolvedPath.hasPrefix(root)` — no separator. Sibling directories that merely start with an allow-listed name pass the check.

### Location
`PureMac/Services/CleaningEngine.swift` lines 111-139

### Evidence
10/10 adversarial paths pass the current check:
```
/tmp → accepts /tmpfoo/victim.secret
~/Library/Caches → accepts ~/Library/Caches-evil/payload
~/Library/LaunchAgents → accepts ~/Library/LaunchAgentsEvil/z.plist
~/Documents → accepts ~/Documents2/secret
~/Desktop → accepts ~/Desktopfoo/thing
~/Downloads → accepts ~/Downloadsfoo/x
~/.Trash → accepts ~/.Trash2/x
/private/var/tmp → accepts /private/var/tmpstealer/payload
/Library/Caches → accepts /Library/CachesX/evil
```

### Impact
Any cleanable item whose emitted path matches a sibling-of-root (via independent bugs, TOCTOU, or env-steering of `brew --cache`) is silently deleted outside the intended directories.

### Fix
```swift
// CleaningEngine.swift, isSafeToDelete(resolvedPath:)
let normalized = (resolvedPath as NSString).standardizingPath
return allowedRoots.contains { root in
let rootWithSeparator = root.hasSuffix("/") ? root : root + "/"
return normalized.hasPrefix(rootWithSeparator)
}
```

### Test
- Unit: each adversarial path above → `false`.
- Regression: real cache paths like `~/Library/Caches/com.microsoft.teams` → `true`.

Developer Debate & Comments

No active discussions extracted for this entry yet.

Adjacent Repository Pain Points

Other highly discussed features and pain points extracted from momenbasel/PureMac.

Extracted Positioning
Feature request for bulk selection and deletion of orphaned files, and clarification on scan accuracy.
Efficient and user-friendly cleanup; accurate identification of deletable files; transparent operation.
Top Replies
yanfosec • Apr 15, 2026
Just want to up-vote this. Would be a great enhancement.
oleksiibielai • Apr 16, 2026
For me Start Scan reports that 2.53 GB was freed and Scan Again reports exactly the same size. It doesn't remove anything even after Full Disk Access was explicitly granted. At least I was able to ...
telepati • Apr 16, 2026
Yeah, this enhancement would be great. But, I have also consideration how much safe the deletes all orphaned files? Because when I examined them, I saw that some files were associated with applicat...
Extracted Positioning
Ineffective or non-functional application uninstallation feature.
Comprehensive and reliable application uninstallation; clear user feedback on deletion status.
Extracted Positioning
Inconsistent version reporting between download source and application's 'About' information.
Clear and accurate product versioning; professional software presentation.
Extracted Positioning
Zero-click data loss vulnerability through environmental variable injection and insecure default scheduling.
Secure system interaction; preventing unauthorized data deletion; robust environment variable handling; secure default configurations.
Extracted Positioning
Time-of-check to time-of-use (TOCTOU) vulnerability in file deletion logic, allowing symlink-based allow-list bypass.
Secure file system operations; preventing unauthorized file deletion; robust symlink handling.

Frequently Asked Questions

Market intelligence mapped to Allow-list bypass vulnerability due to incorrect path prefix matching without trailing slash..

What problem does Allow-list bypass vulnerability due to incorrect path prefix matching without trailing slash. solve?
Based on our AI analysis of the original developer request, its primary technical positioning is: Secure file system operations; accurate allow-list validation; preventing unauthorized file deletion.
What are the foundational technologies related to Allow-list bypass vulnerability due to incorrect path prefix matching without trailing slash.?
Our proprietary extraction maps Allow-list bypass vulnerability due to incorrect path prefix matching without trailing slash. to adjacent architectural concepts including isSafeToDelete, allow-list bypass, hasPrefix, trailing slash.

Engagement Signals

0
Replies
open
Issue Status

Cross-Market Term Frequency

Quantifies the cross-market adoption of foundational terms like root and isSafeToDelete by tracking occurrence frequency across active SaaS architectures and enterprise developer debates.