fix: security vulnerabilities, UI freezes, and logic bugs

[laurentiu021]

Summary

Security (Critical)

• FileShredder symlink/junction attack — GetFiles(AllDirectories) now skips directories with ReparsePoint attribute, preventing traversal into junctions that could destroy system files
• FileShredder crypto PRNG — random overwrite pass now uses RandomNumberGenerator.Fill() instead of Random.Shared for cryptographically secure shredding

Performance (High)

• ServiceManager async — Start/Stop service no longer blocks UI for up to 30 seconds
• StartupService async — toggling TaskScheduler entries no longer blocks UI for 10 seconds
• ProcessManager IsActive — auto-refresh loop pauses when tab is not visible (saves 58% idle CPU)

Logic Bugs

• SFC regex — changed from (\d+) to (\d+)\s*% to only match actual progress percentages
• IsProgressIndeterminate — now properly reset in SFC/DISM finally blocks
• CanShredAll — re-evaluates when items are added/removed from the shred list
• NetworkSharedState — Dispose now unsubscribes PropertyChanged handlers (memory leak fix)
• AboutViewModel — catches HttpRequestException on manual update check

Test plan

• Build 0 errors (main + tests)
• CodeQL clean
• FileShredder: verify junction dirs are skipped (check log output)
• Services: Start/Stop no longer freezes UI
• ProcessManager: CPU drops when navigating away from tab
• SFC: progress bar only advances on actual percentage lines

Summary by CodeRabbit

• New Features

  • Enhanced file shredding security with safer folder traversal that skips symbolic links and handles inaccessible directories.
  • Process manager now only refreshes data when actively viewing the process list, improving performance.

• Bug Fixes

  • Fixed memory leaks from lingering event subscriptions.
  • Improved progress parsing accuracy in cleanup operations.
  • Enhanced error handling for network and timeout issues during update checks.

• Refactor

  • Converted synchronous service and startup management operations to asynchronous for improved responsiveness.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

This PR migrates synchronous service-control APIs to async patterns, hardens file shredding with cryptographic random generation and safe folder traversal that skips symlinks/junctions, and improves view model lifecycle management through active state gating and explicit event cleanup.

Changes

Service Async Migration and View Model Lifecycle Improvements

Layer / File(s)	Summary
Secure file shredding with cryptographic random and safe traversal SysManager/SysManager/Services/FileShredderService.cs	FileShredderService switches from Random.Shared to cryptographically-secure RandomNumberGenerator.Fill for both full-buffer and per-chunk random passes. A new EnumerateFilesSafe helper recursively traverses directories via an explicit stack, skips reparse points (junctions/symlinks) to prevent traversal outside the target, and gracefully continues on UnauthorizedAccessException/IOException.
Service manager async control APIs SysManager/SysManager/Services/ServiceManagerService.cs	ServiceManagerService replaces synchronous StartService and StopService with async variants StartServiceAsync and StopServiceAsync, both using Task.Run to wrap ServiceController.WaitForStatus with 30-second timeouts and preserving timeout-to-InvalidOperationException exception mappings.
Services view model async service control SysManager/SysManager/ViewModels/ServicesViewModel.cs	ServicesViewModel command handlers are converted to async StartServiceAsync and StopServiceAsync methods that await the corresponding ServiceManagerService async calls with ConfigureAwait(false), preserving error handling and UI status updates.
Startup service async entry control APIs SysManager/SysManager/Services/StartupService.cs	StartupService introduces async SetEnabledAsync method with branching to async SetTaskSchedulerEnabledAsync for Task Scheduler entries. The synchronous SetEnabled now delegates to SetEnabledAsync(...).GetAwaiter().GetResult() for backward compatibility. Task Scheduler operations use WaitForExitAsync with a 10-second CancellationTokenSource and pre-drain stdout/stderr to prevent deadlocks.
Startup view model async entry control SysManager/SysManager/ViewModels/StartupViewModel.cs	StartupViewModel command methods ToggleEntryAsync and EnableAllAsync are converted to async and await StartupService.SetEnabledAsync calls with ConfigureAwait(false), preserving count updates and state reversion on failure.
View model lifecycle and resource management SysManager/SysManager/ViewModels/ProcessManagerViewModel.cs, SysManager/SysManager/ViewModels/MainWindowViewModel.cs, SysManager/SysManager/ViewModels/NetworkSharedState.cs, SysManager/SysManager/ViewModels/FileShredderViewModel.cs	ProcessManagerViewModel adds an observable IsActive property that gates the auto-refresh loop. MainWindowViewModel toggles ProcessManager.IsActive based on navigation selection to activate only when ProcessManager view is visible. NetworkSharedState explicitly unsubscribes all PropertyChanged handlers in Dispose() before releasing resources. FileShredderViewModel subscribes to Items.CollectionChanged to sync "Shred All" command's enabled state.
UI refinements and error handling SysManager/SysManager/ViewModels/CleanupViewModel.cs, SysManager/SysManager/ViewModels/AboutViewModel.cs	CleanupViewModel improves progress extraction with a percentage-aware regex and explicitly resets progress UI state in finally blocks for both SFC and DISM operations. AboutViewModel adds exception handling for HttpRequestException and TaskCanceledException, setting user-facing status messages and forcing UpdateAvailable = false on network/timeout failures.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• laurentiu021/SystemManager#396: Overlaps with async Task Scheduler handling and timeout error logic in StartupService.cs.
• laurentiu021/SystemManager#487: Modifies FileShredderService.cs randomization logic within the same secure overwrite path.
• laurentiu021/SystemManager#298: Also modifies ProcessManagerViewModel.cs auto-refresh behavior with active state gating.

Poem

🐰 Async hops and crypto streams,
Safe traversals, secure dreams!
Event cleanup, lifecycle care,
UI polished, rock-solid there! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 36.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the three main categories of changes: security vulnerabilities (FileShredder random overwrite and junction skipping), UI freezes (async service operations), and logic bugs (regex fixes, memory leaks, event handling).
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/security-and-performance

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}