MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-05-13 05:12:55 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix(folder trust): add validation for trusted folder level (#12215)

Browse Source 
Co-authored-by: Gal Zahavi <38544478+galz10@users.noreply.github.com>
This commit is contained in:
Adam Weidman
2025-12-19 19:13:03 -05:00
committed by GitHub
parent 41a1a3eed1
commit 8ed0f8981f
2 changed files with 68 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/cli/src/config/trustedFolders.test.ts
+49
View File
@@ -424,3 +424,52 @@ describe('Trusted Folders Caching', () => {
expect(readSpy).toHaveBeenCalledTimes(2); expect(readSpy).toHaveBeenCalledTimes(2);
}); });
}); });
describe('invalid trust levels', () => {
const mockCwd = '/user/folder';
const mockRules: Record<string, TrustLevel> = {};
beforeEach(() => {
resetTrustedFoldersForTesting();
vi.spyOn(process, 'cwd').mockImplementation(() => mockCwd);
vi.spyOn(fs, 'readFileSync').mockImplementation((p) => {
if (p === getTrustedFoldersPath()) {
return JSON.stringify(mockRules);
}
return '{}';
});
vi.spyOn(fs, 'existsSync').mockImplementation(
(p) => p === getTrustedFoldersPath(),
);
});
afterEach(() => {
vi.restoreAllMocks();
// Clear the object
Object.keys(mockRules).forEach((key) => delete mockRules[key]);
});
it('should create a comprehensive error message for invalid trust level', () => {
mockRules[mockCwd] = 'INVALID_TRUST_LEVEL' as TrustLevel;
const { errors } = loadTrustedFolders();
const possibleValues = Object.values(TrustLevel).join(', ');
expect(errors.length).toBe(1);
expect(errors[0].message).toBe(
`Invalid trust level "INVALID_TRUST_LEVEL" for path "${mockCwd}". Possible values are: ${possibleValues}.`,
);
});
it('should throw a fatal error for invalid trust level', () => {
const mockSettings: Settings = {
security: {
folderTrust: {
enabled: true,
},
},
};
mockRules[mockCwd] = 'INVALID_TRUST_LEVEL' as TrustLevel;
expect(() => isWorkspaceTrusted(mockSettings)).toThrow(FatalConfigError);
});
});
packages/cli/src/config/trustedFolders.ts
+19 -2
View File
@@ -36,6 +36,13 @@ export enum TrustLevel {
DO_NOT_TRUST = 'DO_NOT_TRUST', DO_NOT_TRUST = 'DO_NOT_TRUST',
} }
export function isTrustLevel(value: unknown): value is TrustLevel {
return (
typeof value === 'string' &&
Object.values(TrustLevel).includes(value as TrustLevel)
);
}
export interface TrustRule { export interface TrustRule {
path: string; path: string;
trustLevel: TrustLevel; trustLevel: TrustLevel;
@@ -151,7 +158,7 @@ export function loadTrustedFolders(): LoadedTrustedFolders {
} }
const errors: TrustedFoldersError[] = []; const errors: TrustedFoldersError[] = [];
let userConfig: Record<string, TrustLevel> = {}; const userConfig: Record<string, TrustLevel> = {};
const userPath = getTrustedFoldersPath(); const userPath = getTrustedFoldersPath();
@@ -171,7 +178,17 @@ export function loadTrustedFolders(): LoadedTrustedFolders {
path: userPath, path: userPath,
}); });
} else { } else {
userConfig = parsed as Record<string, TrustLevel>; for (const [path, trustLevel] of Object.entries(parsed)) {
if (isTrustLevel(trustLevel)) {
userConfig[path] = trustLevel;
} else {
const possibleValues = Object.values(TrustLevel).join(', ');
errors.push({
message: `Invalid trust level "${trustLevel}" for path "${path}". Possible values are: ${possibleValues}.`,
path: userPath,
});
}
}
} }
} }
} catch (error: unknown) { } catch (error: unknown) {