-
Notifications
You must be signed in to change notification settings - Fork 11.6k
fix(patch): cherry-pick 08e8eea to release/v0.29.0-preview.1-pr-18855 to patch version v0.29.0-preview.1 and create version 0.29.0-preview.2 #18905
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -17,6 +17,7 @@ import { | |
| homedir, | ||
| isHeadlessMode, | ||
| coreEvents, | ||
| type HeadlessModeOptions, | ||
| } from '@google/gemini-cli-core'; | ||
| import type { Settings } from './settings.js'; | ||
| import stripJsonComments from 'strip-json-comments'; | ||
|
|
@@ -128,7 +129,11 @@ export class LoadedTrustedFolders { | |
| isPathTrusted( | ||
| location: string, | ||
| config?: Record<string, TrustLevel>, | ||
| headlessOptions?: HeadlessModeOptions, | ||
| ): boolean | undefined { | ||
| if (isHeadlessMode(headlessOptions)) { | ||
| return true; | ||
| } | ||
| const configToUse = config ?? this.user.config; | ||
|
|
||
| // Resolve location to its realpath for canonical comparison | ||
|
|
@@ -333,6 +338,7 @@ export function isFolderTrustEnabled(settings: Settings): boolean { | |
| function getWorkspaceTrustFromLocalConfig( | ||
| workspaceDir: string, | ||
| trustConfig?: Record<string, TrustLevel>, | ||
| headlessOptions?: HeadlessModeOptions, | ||
| ): TrustResult { | ||
| const folders = loadTrustedFolders(); | ||
| const configToUse = trustConfig ?? folders.user.config; | ||
|
|
@@ -346,7 +352,11 @@ function getWorkspaceTrustFromLocalConfig( | |
| ); | ||
| } | ||
|
|
||
| const isTrusted = folders.isPathTrusted(workspaceDir, configToUse); | ||
| const isTrusted = folders.isPathTrusted( | ||
| workspaceDir, | ||
| configToUse, | ||
| headlessOptions, | ||
| ); | ||
| return { | ||
| isTrusted, | ||
| source: isTrusted !== undefined ? 'file' : undefined, | ||
|
|
@@ -357,8 +367,9 @@ export function isWorkspaceTrusted( | |
| settings: Settings, | ||
| workspaceDir: string = process.cwd(), | ||
| trustConfig?: Record<string, TrustLevel>, | ||
| headlessOptions?: HeadlessModeOptions, | ||
| ): TrustResult { | ||
| if (isHeadlessMode()) { | ||
| if (isHeadlessMode(headlessOptions)) { | ||
| return { isTrusted: true, source: undefined }; | ||
| } | ||
|
Comment on lines
+372
to
374
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The |
||
|
|
||
|
|
@@ -372,5 +383,9 @@ export function isWorkspaceTrusted( | |
| } | ||
|
|
||
| // Fall back to the local user configuration | ||
| return getWorkspaceTrustFromLocalConfig(workspaceDir, trustConfig); | ||
| return getWorkspaceTrustFromLocalConfig( | ||
| workspaceDir, | ||
| trustConfig, | ||
| headlessOptions, | ||
| ); | ||
| } | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -28,18 +28,25 @@ export interface HeadlessModeOptions { | |
| * @returns true if the environment is considered headless. | ||
| */ | ||
| export function isHeadlessMode(options?: HeadlessModeOptions): boolean { | ||
| if (process.env['GEMINI_CLI_INTEGRATION_TEST'] === 'true') { | ||
| return ( | ||
| !!options?.prompt || | ||
| (!!process.stdin && !process.stdin.isTTY) || | ||
| (!!process.stdout && !process.stdout.isTTY) | ||
| ); | ||
| if (process.env['GEMINI_CLI_INTEGRATION_TEST'] !== 'true') { | ||
| const isCI = | ||
| process.env['CI'] === 'true' || process.env['GITHUB_ACTIONS'] === 'true'; | ||
| if (isCI) { | ||
| return true; | ||
| } | ||
| } | ||
| return ( | ||
| process.env['CI'] === 'true' || | ||
| process.env['GITHUB_ACTIONS'] === 'true' || | ||
| !!options?.prompt || | ||
|
|
||
| const isNotTTY = | ||
| (!!process.stdin && !process.stdin.isTTY) || | ||
| (!!process.stdout && !process.stdout.isTTY) | ||
| (!!process.stdout && !process.stdout.isTTY); | ||
|
|
||
| if (isNotTTY || !!options?.prompt || !!options?.query) { | ||
| return true; | ||
| } | ||
|
|
||
| // Fallback: check process.argv for flags that imply headless or auto-approve mode. | ||
| return process.argv.some( | ||
| (arg) => | ||
| arg === '-p' || arg === '--prompt' || arg === '-y' || arg === '--yolo', | ||
| ); | ||
|
Comment on lines
+43
to
51
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. The |
||
| } | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Passing
argv.querytoisWorkspaceTrustedtriggers a security bypass. BecauseisHeadlessMode(called internally byisWorkspaceTrusted) returnstrueif a query is present, any command that includes a positional argument will cause the current folder to be automatically trusted. This bypasses the trust prompt and allows potentially malicious hooks or configurations in the folder to be executed.