mirror of
https://github.com/google-gemini/gemini-cli.git
synced 2026-02-01 14:44:29 +00:00
112 lines
3.6 KiB
TypeScript
112 lines
3.6 KiB
TypeScript
/**
|
|
* @license
|
|
* Copyright 2026 Google LLC
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
import { describe, it, expect, beforeEach, afterEach } from 'vitest';
|
|
import { TestRig } from './test-helper.js';
|
|
import * as fs from 'node:fs';
|
|
import * as path from 'node:path';
|
|
import { execSync, spawnSync } from 'node:child_process';
|
|
|
|
describe('skill-creator scripts security and bug fixes', () => {
|
|
let rig: TestRig;
|
|
const initScript = path.resolve(
|
|
'packages/core/src/skills/builtin/skill-creator/scripts/init_skill.cjs',
|
|
);
|
|
const validateScript = path.resolve(
|
|
'packages/core/src/skills/builtin/skill-creator/scripts/validate_skill.cjs',
|
|
);
|
|
const packageScript = path.resolve(
|
|
'packages/core/src/skills/builtin/skill-creator/scripts/package_skill.cjs',
|
|
);
|
|
|
|
beforeEach(() => {
|
|
rig = new TestRig();
|
|
});
|
|
|
|
afterEach(async () => {
|
|
await rig.cleanup();
|
|
});
|
|
|
|
it('should prevent command injection in package_skill.cjs', async () => {
|
|
await rig.setup('skill-creator command injection');
|
|
const tempDir = rig.testDir!;
|
|
|
|
// Create a dummy skill
|
|
const skillName = 'injection-test';
|
|
execSync(`node "${initScript}" ${skillName} --path "${tempDir}"`);
|
|
const skillDir = path.join(tempDir, skillName);
|
|
|
|
// Malicious output filename with command injection
|
|
const maliciousFilename = '"; touch injection_success; #';
|
|
|
|
// Attempt to package with malicious filename
|
|
// We expect this to fail or at least NOT create the 'injection_success' file
|
|
spawnSync('node', [packageScript, skillDir, tempDir, maliciousFilename], {
|
|
cwd: tempDir,
|
|
});
|
|
|
|
const injectionFile = path.join(tempDir, 'injection_success');
|
|
expect(fs.existsSync(injectionFile)).toBe(false);
|
|
});
|
|
|
|
it('should prevent path traversal in init_skill.cjs', async () => {
|
|
await rig.setup('skill-creator init path traversal');
|
|
const tempDir = rig.testDir!;
|
|
|
|
const maliciousName = '../traversal-success';
|
|
|
|
const result = spawnSync(
|
|
'node',
|
|
[initScript, maliciousName, '--path', tempDir],
|
|
{
|
|
encoding: 'utf8',
|
|
},
|
|
);
|
|
|
|
expect(result.stderr).toContain(
|
|
'Error: Skill name cannot contain path separators',
|
|
);
|
|
const traversalDir = path.join(path.dirname(tempDir), 'traversal-success');
|
|
expect(fs.existsSync(traversalDir)).toBe(false);
|
|
});
|
|
|
|
it('should prevent path traversal in validate_skill.cjs', async () => {
|
|
await rig.setup('skill-creator validate path traversal');
|
|
|
|
const maliciousPath = '../../../../etc/passwd';
|
|
const result = spawnSync('node', [validateScript, maliciousPath], {
|
|
encoding: 'utf8',
|
|
});
|
|
|
|
expect(result.stderr).toContain('Error: Path traversal detected');
|
|
});
|
|
|
|
it('should not crash on empty description in validate_skill.cjs', async () => {
|
|
await rig.setup('skill-creator regex crash');
|
|
const tempDir = rig.testDir!;
|
|
const skillName = 'empty-desc-skill';
|
|
|
|
execSync(`node "${initScript}" ${skillName} --path "${tempDir}"`);
|
|
const skillDir = path.join(tempDir, skillName);
|
|
const skillMd = path.join(skillDir, 'SKILL.md');
|
|
|
|
// Set an empty quoted description
|
|
let content = fs.readFileSync(skillMd, 'utf8');
|
|
content = content.replace(/^description: .+$/m, 'description: ""');
|
|
fs.writeFileSync(skillMd, content);
|
|
|
|
const result = spawnSync('node', [validateScript, skillDir], {
|
|
encoding: 'utf8',
|
|
});
|
|
|
|
// It might still fail validation (e.g. TODOs), but it should NOT crash with a stack trace
|
|
expect(result.status).not.toBe(null);
|
|
expect(result.stderr).not.toContain(
|
|
"TypeError: Cannot read properties of undefined (reading 'trim')",
|
|
);
|
|
});
|
|
});
|