Improve world-writable scan (#6381)

1. scan many more directories since it's much faster than the original implementation 2. limit overall scan time to 2s 3. skip some directories that are noisy - ApplicationData, Installer, etc.
2025-11-07 21:28:55 -08:00
parent a2fdfce02a
commit 917f39ec12
7 changed files with 66 additions and 20 deletions
--- a/codex-rs/tui/src/app.rs
+++ b/codex-rs/tui/src/app.rs
@@ -191,7 +191,8 @@ impl App {
                let cwd = app.config.cwd.clone();
                let env_map: std::collections::HashMap<String, String> = std::env::vars().collect();
                let tx = app.app_event_tx.clone();
-                Self::spawn_world_writable_scan(cwd, env_map, tx, false);
+                let logs_base_dir = app.config.codex_home.clone();
+                Self::spawn_world_writable_scan(cwd, env_map, logs_base_dir, tx, false);
            }
        }

@@ -472,7 +473,8 @@ impl App {
                        let env_map: std::collections::HashMap<String, String> =
                            std::env::vars().collect();
                        let tx = self.app_event_tx.clone();
-                        Self::spawn_world_writable_scan(cwd, env_map, tx, false);
+                        let logs_base_dir = self.config.codex_home.clone();
+                        Self::spawn_world_writable_scan(cwd, env_map, logs_base_dir, tx, false);
                    }
                }
            }
@@ -624,11 +626,18 @@ impl App {
    fn spawn_world_writable_scan(
        cwd: PathBuf,
        env_map: std::collections::HashMap<String, String>,
+        logs_base_dir: PathBuf,
        tx: AppEventSender,
        apply_preset_on_continue: bool,
    ) {
        tokio::task::spawn_blocking(move || {
-            if codex_windows_sandbox::preflight_audit_everyone_writable(&cwd, &env_map).is_err() {
+            if codex_windows_sandbox::preflight_audit_everyone_writable(
+                &cwd,
+                &env_map,
+                Some(logs_base_dir.as_path()),
+            )
+            .is_err()
+            {
                if apply_preset_on_continue {
                    if let Some(preset) = codex_common::approval_presets::builtin_approval_presets()
                        .into_iter()
--- a/codex-rs/tui/src/chatwidget.rs
+++ b/codex-rs/tui/src/chatwidget.rs
@@ -2106,7 +2106,11 @@ impl ChatWidget {
        for (k, v) in std::env::vars() {
            env_map.insert(k, v);
        }
-        match codex_windows_sandbox::preflight_audit_everyone_writable(&self.config.cwd, &env_map) {
+        match codex_windows_sandbox::preflight_audit_everyone_writable(
+            &self.config.cwd,
+            &env_map,
+            Some(self.config.codex_home.as_path()),
+        ) {
            Ok(()) => false,
            Err(_) => true,
        }