mirror of
https://github.com/google-gemini/gemini-cli.git
synced 2026-07-11 02:20:48 -07:00
fix(security): enforce case-insensitive sensitive path blocklist and vscode hitl (#27966)
Co-authored-by: David Pierce <davidapierce@google.com>
This commit is contained in:
@@ -492,4 +492,50 @@ describe('WorkspaceContext with optional directories', () => {
|
||||
expect(directories).toEqual([cwd, existingDir1]);
|
||||
expect(debugLogger.warn).not.toHaveBeenCalled();
|
||||
});
|
||||
|
||||
describe('Security Regression: Case-Insensitive Sensitive Path Blocklist', () => {
|
||||
it('should reject sensitive paths like .git, .env, and node_modules case-insensitively, including Windows trailing character and NTFS ADS bypasses', () => {
|
||||
const workspaceContext = new WorkspaceContext(cwd);
|
||||
|
||||
const sensitivePaths = [
|
||||
path.join(cwd, '.git', 'config'),
|
||||
path.join(cwd, '.GIT', 'config'),
|
||||
path.join(cwd, '.Git', 'config'),
|
||||
path.join(cwd, '.env'),
|
||||
path.join(cwd, '.Env'),
|
||||
path.join(cwd, '.ENV'),
|
||||
path.join(cwd, 'node_modules', 'package', 'index.js'),
|
||||
path.join(cwd, 'NODE_MODULES', 'package', 'index.js'),
|
||||
// Windows trailing character bypasses
|
||||
path.join(cwd, '.git ', 'config'),
|
||||
path.join(cwd, '.git.', 'config'),
|
||||
path.join(cwd, '.env ', 'config'),
|
||||
path.join(cwd, '.env.', 'config'),
|
||||
path.join(cwd, 'node_modules ', 'package', 'index.js'),
|
||||
// NTFS Alternate Data Stream bypasses
|
||||
path.join(cwd, '.git::$DATA', 'config'),
|
||||
path.join(cwd, '.env::$DATA'),
|
||||
path.join(cwd, 'node_modules::$DATA', 'package', 'index.js'),
|
||||
];
|
||||
|
||||
for (const p of sensitivePaths) {
|
||||
expect(workspaceContext.isPathWithinWorkspace(p)).toBe(false);
|
||||
}
|
||||
});
|
||||
|
||||
it('should allow standard non-sensitive paths', () => {
|
||||
const workspaceContext = new WorkspaceContext(cwd);
|
||||
|
||||
const safePaths = [
|
||||
path.join(cwd, 'src', 'index.ts'),
|
||||
path.join(cwd, '.gitignore'),
|
||||
path.join(cwd, '.env.example'),
|
||||
path.join(cwd, 'package.json'),
|
||||
];
|
||||
|
||||
for (const p of safePaths) {
|
||||
expect(workspaceContext.isPathWithinWorkspace(p)).toBe(true);
|
||||
}
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@@ -184,6 +184,20 @@ export class WorkspaceContext {
|
||||
|
||||
for (const dir of this.directories) {
|
||||
if (this.isPathWithinRoot(fullyResolvedPath, dir)) {
|
||||
// Check for blocked segments case-insensitively
|
||||
const relative = path.relative(dir, fullyResolvedPath);
|
||||
const segments = relative.split(path.sep);
|
||||
const hasBlockedSegment = segments.some((segment) => {
|
||||
const clean = trimTrailingSpacesAndDots(
|
||||
segment.split(':')[0],
|
||||
).toLowerCase();
|
||||
return (
|
||||
clean === '.git' || clean === '.env' || clean === 'node_modules'
|
||||
);
|
||||
});
|
||||
if (hasBlockedSegment) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -248,3 +262,15 @@ export class WorkspaceContext {
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Trims trailing spaces and dots from a string without using regular expressions
|
||||
* to completely eliminate any potential ReDoS (Regular Expression Denial of Service) risk.
|
||||
*/
|
||||
function trimTrailingSpacesAndDots(str: string): string {
|
||||
let end = str.length - 1;
|
||||
while (end >= 0 && (str[end] === ' ' || str[end] === '.')) {
|
||||
end--;
|
||||
}
|
||||
return str.slice(0, end + 1);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user