clone/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-05-19 19:02:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(core): add defense-in-depth workspace validation for directory expansion

Browse Source 
Re-validate every file found during directory expansion to prevent traversal
via symlinks or other methods during recursion.

Related to #1489
This commit is contained in:
Om Patel
2026-05-18 16:22:39 -04:00
parent 2858ab75d4
commit 7bcadeca39
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
packages/core/src/utils/pathReader.ts
View File

@@ -87,6 +87,11 @@ export async function readPathFromWorkspace(
);
for (const filePath of finalFiles) {
// Defense in depth: validate each file found within the directory.
if (!workspace.isPathWithinWorkspace(filePath)) {
continue;
}
const relativePathForDisplay = path.relative(absolutePath, filePath);
allParts.push({ text: `--- ${relativePathForDisplay} ---\n` });
const result = await processSingleFileContent(