MediaMetz/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-04-28 14:04:41 -07:00
Code Issues Packages Projects Releases Wiki Activity

fix(core): secure argsPattern and revert WEB_FETCH_TOOL_NAME escalation (#22104)

Browse Source 
Co-authored-by: Taylor Mullen <ntaylormullen@google.com>
This commit is contained in:
Spencer
2026-03-11 22:26:21 -04:00
committed by GitHub
parent 35bf746e62
commit f090736ebc
8 changed files with 67 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/core/src/policy/utils.ts
+32 -8
View File
@@ -89,6 +89,25 @@ export function buildArgsPatterns(
return [argsPattern];
}
/**
* Builds a regex pattern to match a specific parameter and value in tool arguments.
* This is used to narrow tool approvals to specific parameters.
*
* @param paramName The name of the parameter.
* @param value The value to match.
* @returns A regex string that matches "<paramName>":<value> in a JSON string.
*/
export function buildParamArgsPattern(
paramName: string,
value: unknown,
): string {
const encodedValue = JSON.stringify(value);
// We wrap the JSON string in escapeRegex and prepend/append \\0 to explicitly
// match top-level JSON properties generated by stableStringify, preventing
// argument injection bypass attacks.
return `\\\\0${escapeRegex(`"${paramName}":${encodedValue}`)}\\\\0`;
}
/**
* Builds a regex pattern to match a specific file path in tool arguments.
* This is used to narrow tool approvals for edit tools to specific files.
@@ -97,11 +116,18 @@ export function buildArgsPatterns(
* @returns A regex string that matches "file_path":"<path>" in a JSON string.
*/
export function buildFilePathArgsPattern(filePath: string): string {
const encodedPath = JSON.stringify(filePath);
// We must wrap the JSON string in escapeRegex to ensure regex control characters
// (like '.' in file extensions) are treated as literals, preventing overly broad
// matches (e.g. 'foo.ts' matching 'fooXts').
return escapeRegex(`"file_path":${encodedPath}`);
return buildParamArgsPattern('file_path', filePath);
}
/**
* Builds a regex pattern to match a specific directory path in tool arguments.
* This is used to narrow tool approvals for list_directory tool.
*
* @param dirPath The path to the directory.
* @returns A regex string that matches "dir_path":"<path>" in a JSON string.
*/
export function buildDirPathArgsPattern(dirPath: string): string {
return buildParamArgsPattern('dir_path', dirPath);
}
/**
@@ -112,7 +138,5 @@ export function buildFilePathArgsPattern(filePath: string): string {
* @returns A regex string that matches "pattern":"<pattern>" in a JSON string.
*/
export function buildPatternArgsPattern(pattern: string): string {
const encodedPattern = JSON.stringify(pattern);
// We use escapeRegex to ensure regex control characters are treated as literals.
return escapeRegex(`"pattern":${encodedPattern}`);
return buildParamArgsPattern('pattern', pattern);
}