MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-04-10 21:30:40 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): prevent infinite recursion in symlink resolution (#21750)

Browse Source
This commit is contained in:
Adib234
2026-03-09 15:38:45 -04:00
committed by GitHub
parent 527074b50a
commit 4f4431e4e1
2 changed files with 47 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
packages/core/src/utils/paths.test.ts
View File

@@ -484,6 +484,10 @@ describe('shortenPath', () => {
});
describe('resolveToRealPath', () => {
afterEach(() => {
vi.restoreAllMocks();
});
it.each([
{
description:
@@ -542,6 +546,28 @@ describe('resolveToRealPath', () => {
expect(resolveToRealPath(childPath)).toBe(expectedPath);
});
it('should prevent infinite recursion on malicious symlink structures', () => {
const maliciousPath = path.resolve('malicious', 'symlink');
vi.spyOn(fs, 'realpathSync').mockImplementation(() => {
const err = new Error('ENOENT') as NodeJS.ErrnoException;
err.code = 'ENOENT';
throw err;
});
vi.spyOn(fs, 'lstatSync').mockImplementation(
() => ({ isSymbolicLink: () => true }) as fs.Stats,
);
vi.spyOn(fs, 'readlinkSync').mockImplementation(() =>
['..', 'malicious', 'symlink'].join(path.sep),
);
expect(() => resolveToRealPath(maliciousPath)).toThrow(
/Infinite recursion detected/,
);
});
});
describe('normalizePath', () => {