fix(core): prevent infinite recursion in symlink resolution

[Adib234]

Summary

This PR adds infinite recursion protection to the resolveToRealPath utility. It prevents the process from hanging or crashing when encountering malicious or circular symlink structures that fs.realpathSync might not handle robustly in all environments.

Details

• Modified robustRealpath to track visited paths using a Set.
• If a path is encountered more than once during the resolution of a single symlink chain, an Error is thrown with a descriptive message.
• Added a new unit test in packages/core/src/utils/paths.test.ts that mocks a malicious symlink structure to verify the recursion detection.

Related Issues

Fixes a security vulnerability related to symlink path validation.
#21489

How to Validate

1. Run the new unit test:

   npm test -w @google/gemini-cli-core -- src/utils/paths.test.ts

2. Verify that the test should prevent infinite recursion on malicious symlink structures passes.

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the robustness and security of the path resolution mechanism by introducing safeguards against infinite recursion in symlink structures. It ensures that the application can gracefully handle malicious or circular symlinks without crashing or hanging, thereby improving system stability and preventing potential denial-of-service scenarios.

Highlights

• Symlink Resolution: Implemented infinite recursion protection within the resolveToRealPath utility to prevent hangs or crashes from circular symlink structures.
• robustRealpath Function: Modified robustRealpath to track all visited paths using a Set during symlink resolution.
• Error Handling: Introduced an error throw with a descriptive message if a path is encountered more than once within a single symlink chain, indicating infinite recursion.
• Unit Testing: Added a new unit test in packages/core/src/utils/paths.test.ts to specifically verify the recursion detection mechanism with a mocked malicious symlink structure.

Changelog

• packages/core/src/utils/paths.test.ts
  • Added a new test case should prevent infinite recursion on malicious symlink structures to validate the new protection.
• packages/core/src/utils/paths.ts
  • Modified the robustRealpath function signature to accept an optional visited Set parameter, defaulting to a new Set.
  • Added logic to check if the current path p has already been visited; if so, it throws an Error indicating infinite recursion.
  • Ensured that recursive calls to robustRealpath pass the visited Set to maintain the tracking across the call stack.
  • Updated error handling in the catch block to re-throw non-ENOENT errors from lstatSync while still resolving the parent for ENOENT errors.

Activity

• The author has completed the "Added/updated tests" and "Validated on required platforms/methods: MacOS, npm run" items in the pre-merge checklist.
• No other human activity (comments, reviews) has been recorded on this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-cli]

Thank you for linking an issue! This pull request has been automatically reopened.

[Adib234]

/gemini review

[gemini-code-assist]

Code Review

This pull request correctly addresses a potential infinite recursion vulnerability in symlink resolution by tracking visited paths. The implementation is sound and includes a good unit test to verify the fix. I have one suggestion regarding test hygiene to prevent mock pollution in the test suite, which will improve the long-term maintainability of the tests.

[github-actions]

Size Change: +413 B (0%)

Total Size: 26 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	25.6 MB	+413 B (0%)
./bundle/node_modules/@google/gemini-cli-devtools/dist/client/main.js	221 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/_client-assets.js	227 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/index.js	11.5 kB	0 B
./bundle/node_modules/@google/gemini-cli-devtools/dist/src/types.js	132 B	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B
./bundle/sandbox-macos-strict-open.sb	4.82 kB	0 B
./bundle/sandbox-macos-strict-proxied.sb	5.02 kB	0 B

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request introduces a crucial security fix to prevent infinite recursion when resolving symbolic links, addressing a potential denial-of-service vulnerability. The implementation correctly uses a visited set for cycle detection, and the new unit test effectively validates this behavior. However, the current implementation is vulnerable to a bypass on case-insensitive filesystems (Windows/macOS) due to a case-sensitive recursion check, which could allow a malicious symlink structure to trigger a Denial of Service. This highlights the importance of robust and consistent path resolution, as outlined in our security rules for path handling. A high-severity suggestion is provided to ensure effective cycle detection on case-insensitive filesystems, aligning with the need for utility functions to internally validate path inputs and prevent path traversal vulnerabilities.

[Adib234]

/patch preview

[github-actions]

✅ Patch workflow(s) dispatched successfully!

📋 Details:

• Channels: preview
• Commit: 4f4431e4e1e0d5d110a1fdb7b7e2077cd05cf570
• Workflows Created: 1

🔗 Track Progress:

• View patch workflows
• This workflow run

[github-actions]

🚀 Patch PR Created!

📋 Patch Details:

• Environment: prod
• Channel: preview → will publish to npm tag preview
• Commit: 4f4431e4e1e0d5d110a1fdb7b7e2077cd05cf570
• Hotfix Branch: hotfix/v0.33.0-preview.7/0.33.0-preview.8/preview/cherry-pick-4f4431e/pr-21750
• Hotfix PR: #21782

📝 Next Steps:

1. Review and approve the hotfix PR: #21782
2. Once merged, the patch release will automatically trigger
3. You'll receive updates here when the release completes

🔗 Track Progress:

• View hotfix PR #21782

[github-actions]

🚀 Patch Release Started!

📋 Release Details:

• Environment: prod
• Channel: preview → publishing to npm tag preview
• Version: v0.33.0-preview.7
• Hotfix PR: Merged ✅
• Release Branch: release/v0.33.0-preview.7-pr-21750

⏳ Status: The patch release is now running. You'll receive another update when it completes.

🔗 Track Progress:

• View release workflow

[github-actions]

✅ Patch Release Complete!

📦 Release Details:

• Version: 0.33.0-preview.8
• NPM Tag: preview
• Channel: preview
• Dry Run: false

🎉 Status: Your patch has been successfully released and published to npm!

📝 What's Available:

• GitHub Release: View release v0.33.0-preview.8
• NPM Package: npm install @google/gemini-cli@preview

🔗 Links:

• GitHub Release
• Workflow Run