feat: Add path protection mechanism to prevent deletion of system dir (#11130)

* feat: Add path protection mechanism to prevent deletion of critical system directories

* feat: Enhance recycle bin service with path protection for deletion requests

agent/app/service/recycle_bin.go

@@ -76,6 +76,9 @@ func (r RecycleBinService) Page(search dto.PageInfo) (int64, []response.RecycleB
 }
 
 func (r RecycleBinService) Create(create request.RecycleBinCreate) error {
+	if files.IsProtected(create.SourcePath) {
+		return buserr.New("ErrPathNotDelete")
+	}
 	op := files.NewFileOp()
 	if !op.Stat(create.SourcePath) {
 		return buserr.New("ErrLinkPathNotFound")

agent/utils/files/file_op.go

@@ -33,6 +33,40 @@ import (
 	"github.com/spf13/afero"
 )
 
+var protectedPaths = []string{
+	"/",
+	"/bin",
+	"/sbin",
+	"/etc",
+	"/boot",
+	"/usr",
+	"/lib",
+	"/lib64",
+	"/dev",
+	"/proc",
+	"/sys",
+	"/root",
+}
+
+func IsProtected(path string) bool {
+	real, err := filepath.EvalSymlinks(path)
+	if err == nil {
+		path = real
+	}
+
+	abs, err := filepath.Abs(path)
+	if err == nil {
+		path = abs
+	}
+
+	for _, p := range protectedPaths {
+		if path == p {
+			return true
+		}
+	}
+	return false
+}
+
 type FileOp struct {
 	Fs afero.Fs
 }
@@ -104,6 +138,9 @@ func (f FileOp) LinkFile(source string, dst string, isSymlink bool) error {
 }
 
 func (f FileOp) DeleteDir(dst string) error {
+	if IsProtected(dst) {
+		return buserr.New("ErrPathNotDelete")
+	}
 	return f.Fs.RemoveAll(dst)
 }
 
@@ -113,14 +150,23 @@ func (f FileOp) Stat(dst string) bool {
 }
 
 func (f FileOp) DeleteFile(dst string) error {
+	if IsProtected(dst) {
+		return buserr.New("ErrPathNotDelete")
+	}
 	return f.Fs.Remove(dst)
 }
 
 func (f FileOp) CleanDir(dst string) error {
+	if IsProtected(dst) {
+		return buserr.New("ErrPathNotDelete")
+	}
 	return cmd.RunDefaultBashCf("rm -rf %s/*", dst)
 }
 
 func (f FileOp) RmRf(dst string) error {
+	if IsProtected(dst) {
+		return buserr.New("ErrPathNotDelete")
+	}
 	return cmd.RunDefaultBashCf("rm -rf %s", dst)
 }