Fix permission check

[scidomino]

Summary

Fix permission check that was allowed operations outside of workspace dirs.

Details

This issue was introduced in #17185

Because this is urgent I'll create an integration test for this in a separate PR.

Related Issues

Fixes #18394

How to Validate

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @scidomino, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses a critical security vulnerability by fixing a permission check that was allowing operations on files and directories outside the designated workspace. The change specifically removes a conditional bypass that was introduced in a previous update, ensuring that all path-related operations are now correctly constrained within the intended boundaries.

Highlights

• Permission Check Fix: Removed an if condition in the isPathAllowed method that incorrectly granted permission for operations outside workspace directories when in interactive mode and handling absolute paths.

Changelog

• packages/core/src/config/config.ts
  • Removed a conditional check within the isPathAllowed method that previously returned true if the application was in interactive mode and the path was absolute. This condition was identified as the source of the permission bypass.

Activity

• The author identified the issue as urgent and plans to create a separate pull request for an integration test to validate the fix.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: -103 B (0%)

Total Size: 23.7 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	23.7 MB	-103 B (0%)
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request correctly addresses a critical path traversal vulnerability by removing a permission check that improperly allowed access to any absolute path when in interactive mode. The change is simple and effective. To prevent future regressions, I've added a security review comment suggesting the addition of unit tests for the isPathAllowed method, aligning with rules on path sanitization and internal validation, even though an integration test is planned for a separate PR.

I am having trouble creating individual review comments. Click here to see my feedback.

packages/core/src/config/config.ts (1791-1793)

This change correctly removes a critical security vulnerability. To prevent regressions, it would be highly beneficial to add unit tests for isPathAllowed that specifically cover this scenario (i.e., an absolute path outside the workspace in interactive mode should not be allowed). I see the note about adding an integration test in a separate PR, but a unit test would provide more targeted and faster feedback.

References

1. This change aligns with the principle of sanitizing user-provided file paths to prevent path traversal vulnerabilities, which was the nature of the critical security vulnerability addressed.
2. The discussion around isPathAllowed reinforces the need for utility functions to internally validate path inputs to prevent path traversal, rather than relying on external validation.

[scidomino]

/patch

[github-actions]

✅ Patch workflow(s) dispatched successfully!

📋 Details:

• Channels: stable,preview
• Commit: 9ca7300c90e6cf407bde5c8b1c9d7fbf74736968
• Workflows Created: 2

🔗 Track Progress:

• View patch workflows
• This workflow run

[github-actions]

🚀 Patch PR Created!

📋 Patch Details:

• Environment: prod
• Channel: stable → will publish to npm tag latest
• Commit: 9ca7300c90e6cf407bde5c8b1c9d7fbf74736968
• Hotfix Branch: hotfix/v0.27.1/0.27.2/stable/cherry-pick-9ca7300/pr-18395
• Hotfix PR: #18399

📝 Next Steps:

1. Review and approve the hotfix PR: #18399
2. Once merged, the patch release will automatically trigger
3. You'll receive updates here when the release completes

🔗 Track Progress:

• View hotfix PR #18399

[github-actions]

🚀 Patch PR Created!

📋 Patch Details:

• Environment: prod
• Channel: preview → will publish to npm tag preview
• Commit: 9ca7300c90e6cf407bde5c8b1c9d7fbf74736968
• Hotfix Branch: hotfix/v0.28.0-preview.1/0.28.0-preview.2/preview/cherry-pick-9ca7300/pr-18395
• Hotfix PR: #18400

📝 Next Steps:

1. Review and approve the hotfix PR: #18400
2. Once merged, the patch release will automatically trigger
3. You'll receive updates here when the release completes

🔗 Track Progress:

• View hotfix PR #18400

[github-actions]

🚀 Patch Release Started!

📋 Release Details:

• Environment: prod
• Channel: stable → publishing to npm tag latest
• Version: v0.27.1
• Hotfix PR: Merged ✅
• Release Branch: release/v0.27.1-pr-18395

⏳ Status: The patch release is now running. You'll receive another update when it completes.

🔗 Track Progress:

• View release workflow

[github-actions]

🚀 Patch Release Started!

📋 Release Details:

• Environment: prod
• Channel: preview → publishing to npm tag preview
• Version: v0.28.0-preview.1
• Hotfix PR: Merged ✅
• Release Branch: release/v0.28.0-preview.1-pr-18395

⏳ Status: The patch release is now running. You'll receive another update when it completes.

🔗 Track Progress:

• View release workflow

[github-actions]

✅ Patch Release Complete!

📦 Release Details:

• Version: 0.27.2
• NPM Tag: latest
• Channel: stable
• Dry Run: false

🎉 Status: Your patch has been successfully released and published to npm!

📝 What's Available:

• GitHub Release: View release v0.27.2
• NPM Package: npm install @google/gemini-cli@latest

🔗 Links:

• GitHub Release
• Workflow Run

[github-actions]

✅ Patch Release Complete!

📦 Release Details:

• Version: 0.28.0-preview.2
• NPM Tag: preview
• Channel: preview
• Dry Run: false

🎉 Status: Your patch has been successfully released and published to npm!

📝 What's Available:

• GitHub Release: View release v0.28.0-preview.2
• NPM Package: npm install @google/gemini-cli@preview

🔗 Links:

• GitHub Release
• Workflow Run

[Amnat-auyana1998]

Delete line 1791-1794 Not in use, outdated.@scidomino