fix: sanitize windows editor launch paths safely (Dimillian#562)

Author: Reekin

src-tauri/src/shared/workspaces_core/io.rs

@@ -8,6 +8,7 @@ use crate::shared::process_core::tokio_command;
 #[cfg(target_os = "windows")]
 use crate::shared::process_core::{build_cmd_c_command, resolve_windows_executable};
 use crate::types::WorkspaceEntry;
+use crate::utils::normalize_windows_namespace_path;
 
 use super::helpers::resolve_workspace_root;
 
@@ -133,13 +134,16 @@ fn build_launch_args(
 ) -> Vec<String> {
     let mut launch_args = args.to_vec();
     if let Some((line, column)) = normalize_open_location(line, column) {
-        let located_path = format_path_with_location(path, line, column);
         match strategy {
             Some(LineAwareLaunchStrategy::GotoFlag) => {
+                let sanitized_path = normalize_windows_namespace_path(path);
+                let located_path = format_path_with_location(&sanitized_path, line, column);
                 launch_args.push("--goto".to_string());
                 launch_args.push(located_path);
             }
             Some(LineAwareLaunchStrategy::PathWithLineColumn) => {
+                let sanitized_path = normalize_windows_namespace_path(path);
+                let located_path = format_path_with_location(&sanitized_path, line, column);
                 launch_args.push(located_path);
             }
             None => {
@@ -186,13 +190,8 @@ pub(crate) async fn open_workspace_in_core(
         if trimmed.is_empty() {
             return Err("Missing app or command".to_string());
         }
-        let launch_args = build_launch_args(
-            &path,
-            &args,
-            line,
-            column,
-            command_launch_strategy(trimmed),
-        );
+        let launch_args =
+            build_launch_args(&path, &args, line, column, command_launch_strategy(trimmed));
 
         #[cfg(target_os = "windows")]
         let mut cmd = {
@@ -380,6 +379,104 @@ mod tests {
         );
     }
 
+    #[test]
+    fn builds_goto_args_with_windows_namespace_path_sanitized() {
+        let args = build_launch_args(
+            r"\\?\I:\gpt-projects\json-composer\src\App.tsx",
+            &["--reuse-window".to_string()],
+            Some(33),
+            Some(7),
+            Some(LineAwareLaunchStrategy::GotoFlag),
+        );
+
+        assert_eq!(
+            args,
+            vec![
+                "--reuse-window".to_string(),
+                "--goto".to_string(),
+                r"I:\gpt-projects\json-composer\src\App.tsx:33:7".to_string(),
+            ]
+        );
+    }
+
+    #[test]
+    fn builds_goto_args_with_lowercase_unc_namespace_path_sanitized() {
+        let args = build_launch_args(
+            r"\\?\unc\server\share\repo\src\App.tsx",
+            &["--reuse-window".to_string()],
+            Some(12),
+            Some(2),
+            Some(LineAwareLaunchStrategy::GotoFlag),
+        );
+
+        assert_eq!(
+            args,
+            vec![
+                "--reuse-window".to_string(),
+                "--goto".to_string(),
+                r"\\server\share\repo\src\App.tsx:12:2".to_string(),
+            ]
+        );
+    }
+
+    #[test]
+    fn preserves_namespace_path_for_unknown_targets() {
+        let args = build_launch_args(
+            r"\\?\I:\very\long\workspace",
+            &["--foreground".to_string()],
+            None,
+            None,
+            None,
+        );
+
+        assert_eq!(
+            args,
+            vec![
+                "--foreground".to_string(),
+                r"\\?\I:\very\long\workspace".to_string(),
+            ]
+        );
+    }
+
+    #[test]
+    fn preserves_namespace_path_for_line_aware_targets_without_location() {
+        let args = build_launch_args(
+            r"\\?\I:\very\long\workspace",
+            &["--reuse-window".to_string()],
+            None,
+            None,
+            Some(LineAwareLaunchStrategy::GotoFlag),
+        );
+
+        assert_eq!(
+            args,
+            vec![
+                "--reuse-window".to_string(),
+                r"\\?\I:\very\long\workspace".to_string(),
+            ]
+        );
+    }
+
+    #[test]
+    fn preserves_non_drive_namespace_path_for_line_aware_targets() {
+        let args = build_launch_args(
+            r"\\?\Volume{01234567-89ab-cdef-0123-456789abcdef}\repo\src\App.tsx",
+            &[],
+            Some(5),
+            None,
+            Some(LineAwareLaunchStrategy::GotoFlag),
+        );
+
+        assert_eq!(
+            args,
+            vec![
+                "--goto".to_string(),
+                r"\\?\Volume{01234567-89ab-cdef-0123-456789abcdef}\repo\src\App.tsx:5"
+                    .to_string(),
+            ]
+        );
+    }
+
     #[test]
     fn builds_line_suffixed_path_for_zed_targets() {
         let args = build_launch_args(

src-tauri/src/storage.rs

@@ -129,6 +129,29 @@ mod tests {
         assert_eq!(stored.settings.git_root.as_deref(), Some("/tmp"));
     }
 
+    #[test]
+    fn write_read_workspaces_preserves_windows_namespace_paths() {
+        let temp_dir = std::env::temp_dir().join(format!("codex-monitor-test-{}", Uuid::new_v4()));
+        std::fs::create_dir_all(&temp_dir).expect("create temp dir");
+        let path = temp_dir.join("workspaces.json");
+
+        let entry = WorkspaceEntry {
+            id: "w1".to_string(),
+            name: "Workspace".to_string(),
+            path: r"\\?\I:\gpt-projects\json-composer".to_string(),
+            kind: WorkspaceKind::Main,
+            parent_id: None,
+            worktree: None,
+            settings: WorkspaceSettings::default(),
+        };
+
+        write_workspaces(&path, &[entry]).expect("write workspaces");
+
+        let read = read_workspaces(&path).expect("read workspaces");
+        let stored = read.get("w1").expect("stored workspace");
+        assert_eq!(stored.path, r"\\?\I:\gpt-projects\json-composer");
+    }
+
     #[test]
     fn read_settings_sanitizes_non_tcp_remote_provider() {
         let temp_dir = std::env::temp_dir().join(format!("codex-monitor-test-{}", Uuid::new_v4()));

src-tauri/src/utils.rs

@@ -6,6 +6,48 @@ pub(crate) fn normalize_git_path(path: &str) -> String {
     path.replace('\\', "/")
 }
 
+pub(crate) fn normalize_windows_namespace_path(path: &str) -> String {
+    if path.is_empty() {
+        return String::new();
+    }
+
+    fn strip_prefix_ascii_case<'a>(value: &'a str, prefix: &str) -> Option<&'a str> {
+        value
+            .get(..prefix.len())
+            .filter(|candidate| candidate.eq_ignore_ascii_case(prefix))
+            .map(|_| &value[prefix.len()..])
+    }
+
+    fn starts_with_drive_path(value: &str) -> bool {
+        let bytes = value.as_bytes();
+        bytes.len() >= 3
+            && bytes[0].is_ascii_alphabetic()
+            && bytes[1] == b':'
+            && (bytes[2] == b'\\' || bytes[2] == b'/')
+    }
+
+    if let Some(rest) = strip_prefix_ascii_case(path, r"\\?\UNC\") {
+        return format!(r"\\{rest}");
+    }
+    if let Some(rest) = strip_prefix_ascii_case(path, "//?/UNC/") {
+        return format!("//{rest}");
+    }
+    if let Some(rest) = strip_prefix_ascii_case(path, r"\\?\").filter(|rest| starts_with_drive_path(rest)) {
+        return rest.to_string();
+    }
+    if let Some(rest) = strip_prefix_ascii_case(path, "//?/").filter(|rest| starts_with_drive_path(rest)) {
+        return rest.to_string();
+    }
+    if let Some(rest) = strip_prefix_ascii_case(path, r"\\.\").filter(|rest| starts_with_drive_path(rest)) {
+        return rest.to_string();
+    }
+    if let Some(rest) = strip_prefix_ascii_case(path, "//./").filter(|rest| starts_with_drive_path(rest)) {
+        return rest.to_string();
+    }
+
+    path.to_string()
+}
+
 fn find_in_path(binary: &str) -> Option<PathBuf> {
     let path_var = env::var_os("PATH")?;
     for dir in env::split_paths(&path_var) {
@@ -86,10 +128,62 @@ pub(crate) fn git_env_path() -> String {
 
 #[cfg(test)]
 mod tests {
-    use super::normalize_git_path;
+    use super::{normalize_git_path, normalize_windows_namespace_path};
 
     #[test]
     fn normalize_git_path_replaces_backslashes() {
         assert_eq!(normalize_git_path("foo\\bar\\baz"), "foo/bar/baz");
     }
+
+    #[test]
+    fn normalize_windows_namespace_path_strips_drive_prefix() {
+        assert_eq!(
+            normalize_windows_namespace_path(r"\\?\I:\gpt-projects\json-composer"),
+            r"I:\gpt-projects\json-composer"
+        );
+        assert_eq!(
+            normalize_windows_namespace_path("//?/I:/gpt-projects/json-composer"),
+            "I:/gpt-projects/json-composer"
+        );
+    }
+
+    #[test]
+    fn normalize_windows_namespace_path_strips_unc_prefix() {
+        assert_eq!(
+            normalize_windows_namespace_path(r"\\?\UNC\SERVER\Share\Repo"),
+            r"\\SERVER\Share\Repo"
+        );
+        assert_eq!(
+            normalize_windows_namespace_path("//?/UNC/SERVER/Share/Repo"),
+            "//SERVER/Share/Repo"
+        );
+        assert_eq!(
+            normalize_windows_namespace_path(r"\\?\unc\SERVER\Share\Repo"),
+            r"\\SERVER\Share\Repo"
+        );
+        assert_eq!(
+            normalize_windows_namespace_path("//?/unc/SERVER/Share/Repo"),
+            "//SERVER/Share/Repo"
+        );
+    }
+
+    #[test]
+    fn normalize_windows_namespace_path_preserves_whitespace_for_plain_paths() {
+        assert_eq!(
+            normalize_windows_namespace_path("  /tmp/workspace  "),
+            "  /tmp/workspace  "
+        );
+    }
+
+    #[test]
+    fn normalize_windows_namespace_path_preserves_other_namespace_forms() {
+        assert_eq!(
+            normalize_windows_namespace_path(r"\\?\Volume{01234567-89ab-cdef-0123-456789abcdef}\repo"),
+            r"\\?\Volume{01234567-89ab-cdef-0123-456789abcdef}\repo"
+        );
+        assert_eq!(
+            normalize_windows_namespace_path(r"\\.\pipe\codex-monitor"),
+            r"\\.\pipe\codex-monitor"
+        );
+    }
 }