mirror of
https://github.com/google-gemini/gemini-cli.git
synced 2026-06-12 20:37:08 -07:00
galz10
459db523e2
Replaces simplistic prefix-matching for shell command policies with robust Abstract Syntax Tree (AST) parsing using `bash-parser`. Previously, policies for shell tools only checked if the command string started with an allowed prefix (e.g., `echo`), allowing trivial bypasses via shell operators like `&&` or `;` (e.g., `echo "ok" && rm -rf /`). This update secures the execution pipeline by parsing the shell string and validating *every* extracted sub-command against the allowed policies. Key changes: - Integrated `bash-parser` to synchronously extract executable commands from pipelines, lists, and subshells. - Updated `doesToolInvocationMatch` to enforce policy on all extracted sub-commands instead of just the string prefix. - Enforced `coreTools` validation at execution time within `ShellTool` to prevent bypasses when tools are configured via `settings.json`. - Updated the CLI `useShellCommandProcessor` to run human-input commands through the AST `PolicyEngine` check before spawning the process. - Fixed asynchronous test flakiness in the CLI package caused by the new policy enforcement.