consolidate world-writable-directories scanning. (#7234)

clean up the code for scanning for world writable directories One path (selecting a sandbox mode from /approvals) was using an incorrect method that did not use the new method of creating deny aces to prevent writing to those directories. Now all paths are the same.
2026-04-29 02:41:12 +03:00 · 2025-11-24 09:51:58 -08:00
parent b2cddec3d7
commit 486b1c4d9d
4 changed files with 53 additions and 112 deletions
--- a/codex-rs/tui/src/app.rs
+++ b/codex-rs/tui/src/app.rs
@@ -941,47 +941,20 @@ impl App {
        sandbox_policy: codex_core::protocol::SandboxPolicy,
        tx: AppEventSender,
    ) {
-        #[inline]
-        fn normalize_windows_path_for_display(p: &std::path::Path) -> String {
-            let canon = dunce::canonicalize(p).unwrap_or_else(|_| p.to_path_buf());
-            canon.display().to_string().replace('/', "\\")
-        }
        tokio::task::spawn_blocking(move || {
-            let result = codex_windows_sandbox::preflight_audit_everyone_writable(
+            let result = codex_windows_sandbox::apply_world_writable_scan_and_denies(
                &logs_base_dir,
                &cwd,
                &env_map,
                &sandbox_policy,
                Some(logs_base_dir.as_path()),
            );
-            if let Ok(ref paths) = result
-                && !paths.is_empty()
-            {
-                let as_strings: Vec<String> = paths
-                    .iter()
-                    .map(|p| normalize_windows_path_for_display(p))
-                    .collect();
-                let sample_paths: Vec<String> = as_strings.iter().take(3).cloned().collect();
-                let extra_count = if as_strings.len() > sample_paths.len() {
-                    as_strings.len() - sample_paths.len()
-                } else {
-                    0
-                };
-
+            if result.is_err() {
+                // Scan failed: warn without examples.
                tx.send(AppEvent::OpenWorldWritableWarningConfirmation {
                    preset: None,
-                    sample_paths,
-                    extra_count,
-                    failed_scan: false,
-                });
-            } else if result.is_err() {
-                // Scan failed: still warn, but with no examples and mark as failed.
-                let sample_paths: Vec<String> = Vec::new();
-                let extra_count = 0usize;
-                tx.send(AppEvent::OpenWorldWritableWarningConfirmation {
-                    preset: None,
-                    sample_paths,
-                    extra_count,
+                    sample_paths: Vec::new(),
+                    extra_count: 0usize,
                    failed_scan: true,
                });
            }