Fix unintended credential exposure to MCP Servers (#17311)

Co-authored-by: Tommaso Sciortino <sciortino@gmail.com>
2026-04-24 03:54:43 -07:00 · 2026-01-28 13:56:15 -05:00
parent 3787c71d15
commit 47f4a3e50e
6 changed files with 131 additions and 9 deletions
@@ -1471,7 +1471,7 @@ describe('mcp-client', () => {
        {
          command: 'test-command',
          args: ['--foo', 'bar'],
-          env: { FOO: 'bar' },
+          env: { GEMINI_CLI_FOO: 'bar' },
          cwd: 'test/cwd',
        },
        false,
@@ -1482,11 +1482,80 @@ describe('mcp-client', () => {
        command: 'test-command',
        args: ['--foo', 'bar'],
        cwd: 'test/cwd',
-        env: expect.objectContaining({ FOO: 'bar' }),
+        env: expect.objectContaining({ GEMINI_CLI_FOO: 'bar' }),
        stderr: 'pipe',
      });
    });

+    it('should redact sensitive environment variables for command transport', async () => {
+      const mockedTransport = vi
+        .spyOn(SdkClientStdioLib, 'StdioClientTransport')
+        .mockReturnValue({} as SdkClientStdioLib.StdioClientTransport);
+
+      const originalEnv = process.env;
+      process.env = {
+        ...originalEnv,
+        GEMINI_API_KEY: 'sensitive-key',
+        GEMINI_CLI_SAFE_VAR: 'safe-value',
+      };
+      // Ensure strict sanitization is not triggered for this test
+      delete process.env['GITHUB_SHA'];
+      delete process.env['SURFACE'];
+
+      try {
+        await createTransport(
+          'test-server',
+          {
+            command: 'test-command',
+          },
+          false,
+          EMPTY_CONFIG,
+        );
+
+        const callArgs = mockedTransport.mock.calls[0][0];
+        expect(callArgs.env).toBeDefined();
+        expect(callArgs.env!['GEMINI_CLI_SAFE_VAR']).toBe('safe-value');
+        expect(callArgs.env!['GEMINI_API_KEY']).toBeUndefined();
+      } finally {
+        process.env = originalEnv;
+      }
+    });
+
+    it('should include extension settings in environment', async () => {
+      const mockedTransport = vi
+        .spyOn(SdkClientStdioLib, 'StdioClientTransport')
+        .mockReturnValue({} as SdkClientStdioLib.StdioClientTransport);
+
+      await createTransport(
+        'test-server',
+        {
+          command: 'test-command',
+          extension: {
+            name: 'test-ext',
+            resolvedSettings: [
+              {
+                envVar: 'GEMINI_CLI_EXT_VAR',
+                value: 'ext-value',
+                sensitive: false,
+                name: 'ext-setting',
+              },
+            ],
+            version: '',
+            isActive: false,
+            path: '',
+            contextFiles: [],
+            id: '',
+          },
+        },
+        false,
+        EMPTY_CONFIG,
+      );
+
+      const callArgs = mockedTransport.mock.calls[0][0];
+      expect(callArgs.env).toBeDefined();
+      expect(callArgs.env!['GEMINI_CLI_EXT_VAR']).toBe('ext-value');
+    });
+
    describe('useGoogleCredentialProvider', () => {
      beforeEach(() => {
        // Mock GoogleAuth client