fix(fileUtils): validate image mime types and prevent traversal#25790
fix(fileUtils): validate image mime types and prevent traversal#25790SH20RAJ wants to merge 3 commits intogoogle-gemini:mainfrom
Conversation
…oogle-gemini#24817) - Throw clear errors for unsupported image formats (PNG, JPEG, WEBP, HEIC, HEIF only) - Enforce 20MB size limit for images to avoid failures on upload - Improves user feedback when including images in messages Fixes google-gemini#24817
…d of throwing and adding path validation
…SingleFileContent
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request improves the security and robustness of the file processing utility. By introducing path validation and strict content checks for images, it prevents unauthorized file access and ensures that only supported, appropriately sized image files are processed by the system. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request enhances file processing security and validation by implementing a project root boundary check and specific constraints for image files, including format verification and a 20MB size limit. A high-severity security issue was identified where the root check could be bypassed via symbolic links; it is recommended to resolve paths to their real paths before validation to prevent path traversal.
| endLine?: number, | ||
| ): Promise<ProcessedFileReadResult> { | ||
| try { | ||
| if (!isWithinRoot(filePath, rootDirectory)) { |
There was a problem hiding this comment.
The isWithinRoot check is vulnerable to path traversal via symbolic links. path.resolve() does not resolve symlinks, allowing an attacker to create a symlink within the project root that points to a file outside the root (e.g., /etc/passwd). This bypasses the isWithinRoot validation, enabling subsequent file operations to read sensitive files. To prevent this, ensure both the file path and the root directory are resolved to their real paths using resolveToRealPath before comparison, ensuring consistent path resolution across the repository.
| if (!isWithinRoot(filePath, rootDirectory)) { | |
| if (!isWithinRoot(resolveToRealPath(filePath), resolveToRealPath(rootDirectory))) { |
References
- When requesting file access permissions, resolve symbolic links first to display the actual path being accessed, preventing potential path traversal vulnerabilities.
- Ensure consistent path resolution by using a single, robust function (e.g., resolveToRealPath) for all related path validations.
- Utility functions that perform file system operations should validate their path inputs internally to prevent path traversal vulnerabilities.
1 participant
This PR enhances image file validation by verifying MIME types and ensuring path safety. Replaces #24886.