clone/gemini-cli
1
0
Fork 0
mirror of https://github.com/google-gemini/gemini-cli.git synced 2026-05-16 09:22:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): securely handle root CWD in isTrustedSystemPath

Browse Source
This commit is contained in:
Coco Sheng
2026-05-12 13:13:10 -04:00
parent 811ae89a16
commit ca41e1bad6
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/core/src/utils/paths.ts
View File

@@ -521,7 +521,8 @@ export function isTrustedSystemPath(filePath: string): boolean {
// 1. Explicitly reject paths in current working directory to prevent RCE
const normCwd = normalizePath(process.cwd());
if (normPath === normCwd || normPath.startsWith(normCwd + '/')) {
const relative = path.relative(normCwd, normPath);
if (!relative.startsWith('..') && !path.isAbsolute(relative)) {
return false;
}