MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-05-14 13:53:02 -07:00
Code Issues Packages Projects Releases Wiki Activity

Harden modifiable tool temp workspace (#12837)

Browse Source 
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
This commit is contained in:
cornmander
2025-11-10 13:48:44 -05:00
committed by GitHub
parent 3f90001f83
commit 2136598e87
2 changed files with 72 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/core/src/tools/modifiable-tool.ts
+34 -11
View File
@@ -59,12 +59,19 @@ function createTempFilesForModify(
currentContent: string,
proposedContent: string,
file_path: string,
): { oldPath: string; newPath: string } {
const tempDir = os.tmpdir();
const diffDir = path.join(tempDir, 'gemini-cli-tool-modify-diffs');
): { oldPath: string; newPath: string; dirPath: string } {
const diffDir = fs.mkdtempSync(
path.join(os.tmpdir(), 'gemini-cli-tool-modify-'),
);
if (!fs.existsSync(diffDir)) {
fs.mkdirSync(diffDir, { recursive: true });
try {
fs.chmodSync(diffDir, 0o700);
} catch (e) {
debugLogger.error(
`Error setting permissions on temp diff directory: ${diffDir}`,
e,
);
throw e;
}
const ext = path.extname(file_path);
@@ -79,10 +86,16 @@ function createTempFilesForModify(
`gemini-cli-modify-${fileName}-new-${timestamp}${ext}`,
);
fs.writeFileSync(tempOldPath, currentContent, 'utf8');
fs.writeFileSync(tempNewPath, proposedContent, 'utf8');
fs.writeFileSync(tempOldPath, currentContent, {
encoding: 'utf8',
mode: 0o600,
});
fs.writeFileSync(tempNewPath, proposedContent, {
encoding: 'utf8',
mode: 0o600,
});
return { oldPath: tempOldPath, newPath: tempNewPath };
return { oldPath: tempOldPath, newPath: tempNewPath, dirPath: diffDir };
}
function getUpdatedParams<ToolParams>(
@@ -125,7 +138,11 @@ function getUpdatedParams<ToolParams>(
return { updatedParams, updatedDiff };
}
function deleteTempFiles(oldPath: string, newPath: string): void {
function deleteTempFiles(
oldPath: string,
newPath: string,
dirPath: string,
): void {
try {
fs.unlinkSync(oldPath);
} catch {
@@ -137,6 +154,12 @@ function deleteTempFiles(oldPath: string, newPath: string): void {
} catch {
debugLogger.error(`Error deleting temp diff file: ${newPath}`);
}
try {
fs.rmdirSync(dirPath);
} catch {
debugLogger.error(`Error deleting temp diff directory: ${dirPath}`);
}
}
/**
@@ -154,7 +177,7 @@ export async function modifyWithEditor<ToolParams>(
const proposedContent =
await modifyContext.getProposedContent(originalParams);
const { oldPath, newPath } = createTempFilesForModify(
const { oldPath, newPath, dirPath } = createTempFilesForModify(
currentContent,
proposedContent,
modifyContext.getFilePath(originalParams),
@@ -171,6 +194,6 @@ export async function modifyWithEditor<ToolParams>(
return result;
} finally {
deleteTempFiles(oldPath, newPath);
deleteTempFiles(oldPath, newPath, dirPath);
}
}