MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-04-21 02:24:09 -07:00
Code Issues Packages Projects Releases Wiki Activity

Linux sandbox bubblewrap (#22680)

Browse Source
This commit is contained in:
David Pierce
2026-03-16 21:34:48 +00:00
committed by GitHub
parent 44ce90d76c
commit 8f22ffd2b1
7 changed files with 348 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/core/src/services/sandboxManager.test.ts
+44 -9
View File
@@ -4,8 +4,14 @@
* SPDX-License-Identifier: Apache-2.0
*/
import { describe, expect, it } from 'vitest';
import { NoopSandboxManager } from './sandboxManager.js';
import os from 'node:os';
import { describe, expect, it, vi } from 'vitest';
import {
NoopSandboxManager,
LocalSandboxManager,
createSandboxManager,
} from './sandboxManager.js';
import { LinuxSandboxManager } from '../sandbox/linux/LinuxSandboxManager.js';
describe('NoopSandboxManager', () => {
const sandboxManager = new NoopSandboxManager();
@@ -45,7 +51,7 @@ describe('NoopSandboxManager', () => {
expect(result.env['MY_SECRET']).toBeUndefined();
});
it('should allow disabling environment variable redaction if requested in config', async () => {
it('should NOT allow disabling environment variable redaction if requested in config (vulnerability fix)', async () => {
const req = {
command: 'echo',
args: ['hello'],
@@ -62,29 +68,31 @@ describe('NoopSandboxManager', () => {
const result = await sandboxManager.prepareCommand(req);
expect(result.env['API_KEY']).toBe('sensitive-key');
// API_KEY should be redacted because SandboxManager forces redaction and API_KEY matches NEVER_ALLOWED_NAME_PATTERNS
expect(result.env['API_KEY']).toBeUndefined();
});
it('should respect allowedEnvironmentVariables in config', async () => {
it('should respect allowedEnvironmentVariables in config but filter sensitive ones', async () => {
const req = {
command: 'echo',
args: ['hello'],
cwd: '/tmp',
env: {
MY_SAFE_VAR: 'safe-value',
MY_TOKEN: 'secret-token',
OTHER_SECRET: 'another-secret',
},
config: {
sanitizationConfig: {
allowedEnvironmentVariables: ['MY_TOKEN'],
allowedEnvironmentVariables: ['MY_SAFE_VAR', 'MY_TOKEN'],
},
},
};
const result = await sandboxManager.prepareCommand(req);
expect(result.env['MY_TOKEN']).toBe('secret-token');
expect(result.env['OTHER_SECRET']).toBeUndefined();
expect(result.env['MY_SAFE_VAR']).toBe('safe-value');
// MY_TOKEN matches /TOKEN/i so it should be redacted despite being allowed in config
expect(result.env['MY_TOKEN']).toBeUndefined();
});
it('should respect blockedEnvironmentVariables in config', async () => {
@@ -109,3 +117,30 @@ describe('NoopSandboxManager', () => {
expect(result.env['BLOCKED_VAR']).toBeUndefined();
});
});
describe('createSandboxManager', () => {
it('should return NoopSandboxManager if sandboxing is disabled', () => {
const manager = createSandboxManager(false, '/workspace');
expect(manager).toBeInstanceOf(NoopSandboxManager);
});
it('should return LinuxSandboxManager if sandboxing is enabled and platform is linux', () => {
const osSpy = vi.spyOn(os, 'platform').mockReturnValue('linux');
try {
const manager = createSandboxManager(true, '/workspace');
expect(manager).toBeInstanceOf(LinuxSandboxManager);
} finally {
osSpy.mockRestore();
}
});
it('should return LocalSandboxManager if sandboxing is enabled and platform is not linux', () => {
const osSpy = vi.spyOn(os, 'platform').mockReturnValue('darwin');
try {
const manager = createSandboxManager(true, '/workspace');
expect(manager).toBeInstanceOf(LocalSandboxManager);
} finally {
osSpy.mockRestore();
}
});
});