MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-03-20 19:11:23 -07:00
Code Issues Packages Projects Releases Wiki Activity

Fix unintended credential exposure to MCP Servers (#17311)

Browse Source 
Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
This commit is contained in:
Adib234
2026-01-28 13:56:15 -05:00
committed by GitHub
parent 3787c71d15
commit 47f4a3e50e
6 changed files with 131 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/core/src/services/environmentSanitization.test.ts
View File

@@ -46,6 +46,9 @@ describe('sanitizeEnvironment', () => {
CLIENT_ID: 'sensitive-id',
DB_URI: 'sensitive-uri',
DATABASE_URL: 'sensitive-url',
GEMINI_API_KEY: 'sensitive-gemini-key',
GOOGLE_API_KEY: 'sensitive-google-key',
GOOGLE_APPLICATION_CREDENTIALS: '/path/to/creds.json',
SAFE_VAR: 'is-safe',
};
const sanitized = sanitizeEnvironment(env, EMPTY_OPTIONS);

3
packages/core/src/services/environmentSanitization.ts
View File

@@ -103,6 +103,9 @@ export const NEVER_ALLOWED_ENVIRONMENT_VARIABLES: ReadonlySet<string> = new Set(
'GOOGLE_CLOUD_PROJECT',
'GOOGLE_CLOUD_ACCOUNT',
'FIREBASE_PROJECT_ID',
'GEMINI_API_KEY',
'GOOGLE_API_KEY',
'GOOGLE_APPLICATION_CREDENTIALS',
],
);