fix(windows-sandbox): parse PATH list entries for audit roots (#9319)

## Summary - Use `std::env::split_paths` to parse PATH entries in audit candidate collection - Add a unit test covering multiple PATH entries (including spaces) ## Testing - `cargo test -p codex-windows-sandbox` (Windows) Fixes #9317
2026-02-01 22:47:52 +00:00 · 2026-01-20 17:00:27 -05:00
parent f2de920185
commit c73a11d55e
1 changed files with 42 additions and 3 deletions
--- a/codex-rs/windows-sandbox-rs/src/audit.rs
+++ b/codex-rs/windows-sandbox-rs/src/audit.rs
@@ -10,6 +10,7 @@ use anyhow::anyhow;
 use anyhow::Result;
 use std::collections::HashSet;
 use std::ffi::c_void;
+use std::ffi::OsStr;
 use std::path::Path;
 use std::path::PathBuf;
 use std::time::Duration;
@@ -67,9 +68,9 @@ fn gather_candidates(cwd: &Path, env: &std::collections::HashMap<String, String>
        .cloned()
        .or_else(|| std::env::var("PATH").ok())
    {
-        for part in path.split(std::path::MAIN_SEPARATOR) {
-            if !part.is_empty() {
-                unique_push(&mut set, &mut out, PathBuf::from(part));
+        for part in std::env::split_paths(OsStr::new(&path)) {
+            if !part.as_os_str().is_empty() {
+                unique_push(&mut set, &mut out, part);
            }
        }
    }
@@ -298,3 +299,41 @@ pub fn apply_capability_denies_for_world_writable(
    }
    Ok(())
 }
+
+#[cfg(test)]
+mod tests {
+    use super::gather_candidates;
+    use std::collections::HashMap;
+    use std::fs;
+
+    #[test]
+    fn gathers_path_entries_by_list_separator() {
+        let tmp = tempfile::tempdir().expect("tempdir");
+        let dir_a = tmp.path().join("Tools");
+        let dir_b = tmp.path().join("Bin");
+        let dir_space = tmp.path().join("Program Files");
+        fs::create_dir_all(&dir_a).expect("dir a");
+        fs::create_dir_all(&dir_b).expect("dir b");
+        fs::create_dir_all(&dir_space).expect("dir space");
+
+        let mut env_map = HashMap::new();
+        env_map.insert(
+            "PATH".to_string(),
+            format!(
+                "{};{};{}",
+                dir_a.display(),
+                dir_b.display(),
+                dir_space.display()
+            ),
+        );
+
+        let candidates = gather_candidates(tmp.path(), &env_map);
+        let canon_a = dir_a.canonicalize().expect("canon a");
+        let canon_b = dir_b.canonicalize().expect("canon b");
+        let canon_space = dir_space.canonicalize().expect("canon space");
+
+        assert!(candidates.contains(&canon_a));
+        assert!(candidates.contains(&canon_b));
+        assert!(candidates.contains(&canon_space));
+    }
+}