MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-06-14 05:17:18 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): ensure path validation always executes even if mkdirSync fails

Browse Source
This commit is contained in:
Mahima Shanware
2026-04-07 03:26:29 +00:00
parent 76c28142eb
commit e42b762553
1 changed files with 24 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/core/src/config/config.ts
+24 -23
View File
@@ -2270,35 +2270,36 @@ export class Config implements McpContext, AgentLoopContext {
return plansDir;
}
let mkdirError: unknown;
try {
fs.mkdirSync(plansDir, { recursive: true });
const realPlansDir = resolveToRealPath(plansDir);
const realProjectRoot = this.storage.getRealProjectRoot();
const realGlobalGeminiDir = resolveToRealPath(
Storage.getGlobalGeminiDir(),
);
if (
!isSubpath(realProjectRoot, realPlansDir) &&
!isSubpath(realGlobalGeminiDir, realPlansDir)
) {
throw new SecurityError(
`Security violation: Resolved plan directory '${realPlansDir}' is outside both the project root '${realProjectRoot}' and the global configuration directory.`,
);
}
this.initializedPlanDirs.add(plansDir);
this.workspaceContext.addDirectory(realPlansDir);
} catch (e: unknown) {
if (e instanceof SecurityError) {
throw e;
}
this.initializedPlanDirs.add(plansDir); // Don't try again and spam stderr
const errorMessage = e instanceof Error ? e.message : String(e);
mkdirError = e;
}
const realPlansDir = resolveToRealPath(plansDir);
const realProjectRoot = this.storage.getRealProjectRoot();
const realGlobalGeminiDir = resolveToRealPath(Storage.getGlobalGeminiDir());
if (
!isSubpath(realProjectRoot, realPlansDir) &&
!isSubpath(realGlobalGeminiDir, realPlansDir)
) {
throw new SecurityError(
`Security violation: Resolved plan directory '${realPlansDir}' is outside both the project root '${realProjectRoot}' and the global configuration directory.`,
);
}
this.initializedPlanDirs.add(plansDir);
if (mkdirError) {
const errorMessage =
mkdirError instanceof Error ? mkdirError.message : String(mkdirError);
process.stderr.write(
`Failed to initialize active plan directory at '${plansDir}': ${errorMessage}\n`,
);
} else {
this.workspaceContext.addDirectory(realPlansDir);
}
return plansDir;
}