From d30016304bd971dc1a32c38b668f9bc51ed44d95 Mon Sep 17 00:00:00 2001
From: shamoon <4887959+shamoon@users.noreply.github.com>
Date: Wed, 13 Aug 2025 06:16:12 -0700
Subject: [PATCH] Security: refactor disk resource lookup logic (#5666)

---
 src/pages/api/widgets/resources.js | 21 ++++++++++-----------
 1 file changed, 10 insertions(+), 11 deletions(-)

diff --git a/src/pages/api/widgets/resources.js b/src/pages/api/widgets/resources.js
index 4df544e82..ef280ea21 100644
--- a/src/pages/api/widgets/resources.js
+++ b/src/pages/api/widgets/resources.js
@@ -1,5 +1,3 @@
-import { existsSync } from "fs";
-
 import createLogger from "utils/logger";
 
 const logger = createLogger("resources");
@@ -20,17 +18,18 @@ export default async function handler(req, res) {
   }
 
   if (type === "disk") {
-    if (!existsSync(target)) {
-      return res.status(404).json({
-        error: "Target not found",
-      });
-    }
-
+    const requested = typeof target === "string" && target ? target : "/";
     const fsSize = await si.fsSize();
     logger.debug("fsSize:", JSON.stringify(fsSize));
-    return res.status(200).json({
-      drive: fsSize.find((fs) => fs.mount === target) ?? fsSize.find((fs) => fs.mount === "/"),
-    });
+
+    const drive = fsSize.find((fs) => fs.mount === requested) ?? fsSize.find((fs) => fs.mount === "/");
+
+    if (!drive) {
+      logger.warn(`Drive not found for target: ${requested}`);
+      return res.status(404).json({ error: "Resource not available." });
+    }
+
+    return res.status(200).json({ drive });
   }
 
   if (type === "memory") {