Gemini Executive Synthesis

Allow-list bypass vulnerability due to incorrect path prefix matching without trailing slash.

Technical Positioning

Secure file system operations; accurate allow-list validation; preventing unauthorized file deletion.

SaaS Insight & Market Implications

This issue identifies a critical allow-list bypass vulnerability in PureMac's `CleaningEngine.isSafeToDelete` function. The validation logic uses `resolvedPath.hasPrefix(root)` without ensuring a trailing path separator. This allows sibling directories that merely *start* with an allow-listed name to pass the safety check, enabling the deletion of files outside intended boundaries. For example, `/tmp` incorrectly validates `/tmpfoo/victim.secret`. This flaw, while seemingly minor, can be chained with other vulnerabilities (like env-steering of `brew --cache`) to facilitate arbitrary data deletion. The proposed fix, appending a trailing slash to roots for `hasPrefix` comparison, is essential. This highlights a fundamental error in path validation, compromising the core security guarantees of the cleaning engine.

Proprietary Technical Taxonomy

Raw Developer Origin & Technical Request

GitHub Issue Apr 16, 2026

Repo: momenbasel/PureMac

security: isSafeToDelete allow-list bypass via hasPrefix without trailing slash

### Summary
`CleaningEngine.isSafeToDelete` validates paths with `resolvedPath.hasPrefix(root)` — no separator. Sibling directories that merely start with an allow-listed name pass the check.

### Location
`PureMac/Services/CleaningEngine.swift` lines 111-139

### Evidence
10/10 adversarial paths pass the current check:
```
/tmp → accepts /tmpfoo/victim.secret
~/Library/Caches → accepts ~/Library/Caches-evil/payload
~/Library/LaunchAgents → accepts ~/Library/LaunchAgentsEvil/z.plist
~/Documents → accepts ~/Documents2/secret
~/Desktop → accepts ~/Desktopfoo/thing
~/Downloads → accepts ~/Downloadsfoo/x
~/.Trash → accepts ~/.Trash2/x
/private/var/tmp → accepts /private/var/tmpstealer/payload
/Library/Caches → accepts /Library/CachesX/evil
```

### Impact
Any cleanable item whose emitted path matches a sibling-of-root (via independent bugs, TOCTOU, or env-steering of `brew --cache`) is silently deleted outside the intended directories.

### Fix
```swift
// CleaningEngine.swift, isSafeToDelete(resolvedPath:)
let normalized = (resolvedPath as NSString).standardizingPath
return allowedRoots.contains { root in
let rootWithSeparator = root.hasSuffix("/") ? root : root + "/"
return normalized.hasPrefix(rootWithSeparator)
}
```

### Test
- Unit: each adversarial path above → `false`.
- Regression: real cache paths like `~/Library/Caches/com.microsoft.teams` → `true`.

View Raw Source

Developer Debate & Comments

No active discussions extracted for this entry yet.

Adjacent Repository Pain Points

Other highly discussed features and pain points extracted from momenbasel/PureMac.

[Feature] Orphaned -> select all -> delete

Extracted Positioning

Feature request for bulk selection and deletion of orphaned files, and clarification on scan accuracy.

Efficient and user-friendly cleanup; accurate identification of deletable files; transparent operation.

Apps uninstaller

Extracted Positioning

Ineffective or non-functional application uninstallation feature.

Comprehensive and reliable application uninstallation; clear user feedback on deletion status.

It says in the Download 2.0, but if you click the Application and Say about PureMac it says Version 1.0

Extracted Positioning

Inconsistent version reporting between download source and application's 'About' information.

Clear and accurate product versioning; professional software presentation.

security: zero-click cache deletion via HOMEBREW_CACHE env + pre-seeded ScheduleConfig

Extracted Positioning

Zero-click data loss vulnerability through environmental variable injection and insecure default scheduling.

Secure system interaction; preventing unauthorized data deletion; robust environment variable handling; secure default configurations.

security: TOCTOU between symlink check and removeItem in CleaningEngine.cleanItems

Extracted Positioning

Time-of-check to time-of-use (TOCTOU) vulnerability in file deletion logic, allowing symlink-based allow-list bypass.

Secure file system operations; preventing unauthorized file deletion; robust symlink handling.

Frequently Asked Questions

Market intelligence mapped to Allow-list bypass vulnerability due to incorrect path prefix matching without trailing slash..

What problem does Allow-list bypass vulnerability due to incorrect path prefix matching without trailing slash. solve?

Based on our AI analysis of the original developer request, its primary technical positioning is: Secure file system operations; accurate allow-list validation; preventing unauthorized file deletion.

Which technical concepts are associated with Allow-list bypass vulnerability due to incorrect path prefix matching without trailing slash.?

Our proprietary extraction maps Allow-list bypass vulnerability due to incorrect path prefix matching without trailing slash. to adjacent architectural concepts including isSafeToDelete, allow-list bypass, hasPrefix, trailing slash.

Engagement Signals

Replies

open

Issue Status

Cross-Market Term Frequency

Quantifies the cross-market adoption of foundational terms like root and isSafeToDelete by tracking occurrence frequency across active SaaS architectures and enterprise developer debates.