A normal/open/read-only path inside a write-only path can cause incorrect directory listings

[gexgd0419]

Describe what you noticed and did

Also mentioned in #2379.

A write-only path hides the sub-items in its directory listing, so sandboxed programs will think that the folder is empty. If UseRuleSpecificity is on, and there's a normal/open/read-only path inside the write-only path, Sandboxie will add a directory listing item so the path can be visible.

For example,

WriteFilePath=D:\Test
NormalFilePath=D:\Test\TestA

will make all sub-items in D:\Test invisible, except D:\Test\TestA.

However, it seems that Sandboxie just makes up the directory listing items for the normal/open/read-only paths according to the paths written in the rules. The path is not checked.

In the example above, sandboxed programs will see that there is a folder called TestA inside D:\Test, even when D:\Test\TestA does not exist, or D:\Test\TestA does exist but is a file not a directory.

Also, the made-up sub-items don't have correct attribute data. Its creation time is "empty" in Explorer, even when D:\Test\TestA does exist.

If we write a longer path, such as NormalFilePath=D:\Test\A\B\C, Sandboxie will make up all intermediate directories, even when D:\Test\A does not exist. In this case, sandboxed programs can navigate through the non-existent D:\Test\A and D:\Test\A\B, but when they try to access D:\Test\A\B\C they will be told that D:\Test\A\B\C does not exist.

If the path contains wildcards: (assuming only D:\Test, D:\Test\TestA and D:\Test\TestA\TestB exist)

• NormalFilePath=D:\Test\Test*. Sandboxed programs will see only one folder Test inside D:\Test. As D:\Test\Test does not exist, Explorer will be unable to open it. D:\Test\TestA is not visible, but you can type it in the address bar to open it, so it's still accessible.
• NormalFilePath=D:\Test\T*t*. Sandboxed programs will see only one folder T inside D:\Test.
• NormalFilePath=D:\Test\Test*\Test*. Sandboxed programs will see only one folder Test* inside D:\Test. As D:\Test\Test* is not a vaild path, Explorer will be unable to open it. D:\Test\TestA is not visible, and you cannot type it in the address bar to open it, but you can access D:\Test\TestA\TestB this way.

The access rules work as usual, only the directory listings are incorrect.

Registry paths have the same issue.

How often did you encounter it so far?

No response

Affected program

Not relevant

Download link

Not relevant

Where is the program located?

Not relevant to my request.

Expected behavior

For normal/open/read-only paths inside write-only paths:

• If the path does not exist, don't show it in directory listings.
• When the path does exist, list the correct attribute data. If it is a file, list it as a file.
• If the path contains wildcards, list the items that exist on the system and match the pattern.

What is your Windows edition and version?

Windows 10 Home 22H2 64-bit

In which Windows account you have this problem?

A local or Microsoft account without special changes.

Please mention any installed security software

Windows Defender, Huorong

What version of Sandboxie are you running?

Sandboxie Plus v1.5.1 64-bit

Is it a new installation of Sandboxie?

I just updated Sandboxie from a previous version (to be specified).

Is it a regression?

No response

In which sandbox type you have this problem?

In a standard isolation sandbox (yellow sandbox icon).

Can you reproduce this problem on an empty sandbox?

I can confirm it also on an empty sandbox.

Did you previously enable some security policy settings outside Sandboxie?

No response

Crash dump

No response

Trace log

No response

Sandboxie.ini configuration

No response