Skip to content

fix(mm): directory path leakage on scan folder error #8641

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 27, 2025
Merged

fix(mm): directory path leakage on scan folder error #8641

merged 1 commit into from
Oct 27, 2025
+2 −1

Conversation

@lstein
Copy link
Collaborator

@lstein lstein commented Oct 27, 2025
edited
Loading

Summary

This fixes a bug in which private directory paths on the host could be leaked to the user interface. The error occurs during the scan_folders operation when a subdirectory is not accessible. The UI shows a permission denied error message, followed by the path of the offending directory. This patch limits the error message to the error type only and does not give further details.

Related Issues / Discussions

This bug was reported in a private DM on the Discord server.

QA Instructions

Before applying this PR, go to Model Manager -> Add Model -> Scan Folder and enter the path of a directory that has subdirectories that the backend should not have access to, for example /etc. Press the Scan Folder button. You will see a Permission Denied error message that gives away the path of the first inaccesislbe subdirectory.

After applying this PR, you will see just the Permission Denied error without details.

Merge Plan

Merge when approved.

Checklist

  • The PR has a short but descriptive title, suitable for a changelog
  • Tests added / updated (if applicable)
  • ❗Changes to a redux slice have a corresponding migration
  • Documentation added / updated (if applicable)
  • Updated What's New copy (if doing a release after this PR)

@github-actions github-actions bot added api python PRs that change python files labels Oct 27, 2025
@lstein lstein added the services PRs that change app services label Oct 27, 2025
@blessedcoolant
Copy link
Collaborator

blessedcoolant commented Oct 27, 2025

Working as intended.

@blessedcoolant blessedcoolant merged commit 066ba5f into main Oct 27, 2025
13 checks passed
@blessedcoolant blessedcoolant deleted the lstein/bugfix/scanfolders-directory-leakage branch October 27, 2025 18:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@blessedcoolant blessedcoolant blessedcoolant approved these changes

@psychedelicious psychedelicious Awaiting requested review from psychedelicious

@hipsterusername hipsterusername Awaiting requested review from hipsterusername

Assignees

No one assigned

Labels

api python PRs that change python files services PRs that change app services

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lstein @blessedcoolant