fix: add reparse point guards to all recursive deletion paths — prevent symlink/junction traversal attacks

Author: SysAdminDoc

src/DeepPurge.Core/FileSystem/FileLeftoverScanner.cs

@@ -323,6 +323,7 @@ private void ScanDirectory(string basePath, List<LeftoverItem> leftovers, string
                 var dirName = Path.GetFileName(dir);
                 if (SharedFolderNames.Contains(dirName)) continue;
                 if (IsProtected(dir)) continue;
+                if (Safety.SafetyGuard.IsReparsePoint(dir)) continue;
 
                 var confidence = MatchConfidence(dirName, dir);
                 if (confidence == null) continue;
@@ -610,7 +611,12 @@ public static long GetDirectorySize(string path)
         try
         {
             return new DirectoryInfo(path)
-                .EnumerateFiles("*", SearchOption.AllDirectories)
+                .EnumerateFiles("*", new EnumerationOptions
+                {
+                    RecurseSubdirectories = true,
+                    IgnoreInaccessible = true,
+                    AttributesToSkip = FileAttributes.ReparsePoint,
+                })
                 .Sum(fi => { try { return fi.Length; } catch { return 0; } });
         }
         catch { return 0; }

src/DeepPurge.Core/FileSystem/JunkFilesCleaner.cs

@@ -132,6 +132,7 @@ public static DeleteSummary DeleteJunkSafe(
             {
                 if (file.IsDirectory && Directory.Exists(file.Path))
                 {
+                    if (Safety.SafetyGuard.IsReparsePoint(file.Path)) { skipped++; continue; }
                     if (options.SecureDelete) SecureDelete.WipeDirectory(file.Path);
                     else Directory.Delete(file.Path, recursive: true);
                     freed += file.Size;
@@ -635,7 +636,12 @@ private static long GetDirSize(string path)
         try
         {
             return new DirectoryInfo(path)
-                .EnumerateFiles("*", SearchOption.AllDirectories)
+                .EnumerateFiles("*", new EnumerationOptions
+                {
+                    RecurseSubdirectories = true,
+                    IgnoreInaccessible = true,
+                    AttributesToSkip = FileAttributes.ReparsePoint,
+                })
                 .Sum(fi => { try { return fi.Length; } catch { return 0L; } });
         }
         catch { return 0; }

src/DeepPurge.Core/Privacy/EvidenceRemover.cs

@@ -121,6 +121,7 @@ public static DeleteSummary CleanTracesSafe(
                 }
                 else if (item.IsDirectory && Directory.Exists(item.Path))
                 {
+                    if (Safety.SafetyGuard.IsReparsePoint(item.Path)) { skipped++; continue; }
                     if (options.SecureDelete) SecureDelete.WipeDirectory(item.Path);
                     else Directory.Delete(item.Path, recursive: true);
                     freed += item.SizeBytes;
@@ -528,7 +529,12 @@ private static long GetDirSize(string path)
         try
         {
             return new DirectoryInfo(path)
-                .EnumerateFiles("*", SearchOption.AllDirectories)
+                .EnumerateFiles("*", new EnumerationOptions
+                {
+                    RecurseSubdirectories = true,
+                    IgnoreInaccessible = true,
+                    AttributesToSkip = FileAttributes.ReparsePoint,
+                })
                 .Sum(fi => { try { return fi.Length; } catch { return 0L; } });
         }
         catch { return 0; }

src/DeepPurge.Core/Safety/SafetyGuard.cs

@@ -212,6 +212,17 @@ public static bool IsJunkPathSafeToDelete(string path)
             normalized.StartsWith(parent, StringComparison.OrdinalIgnoreCase));
     }
 
+    /// <summary>Returns true if the path is a reparse point (symlink, junction, mount point). Callers must NOT recurse into reparse points during deletion.</summary>
+    public static bool IsReparsePoint(string path)
+    {
+        try
+        {
+            var attr = File.GetAttributes(path);
+            return (attr & FileAttributes.ReparsePoint) != 0;
+        }
+        catch { return false; }
+    }
+
     /// <summary>Get a human-readable safety assessment</summary>
     public static (bool Safe, string Reason) AssessOperation(string operationType, string target)
     {