fix(fileUtils): validate image mime types and prevent traversal#25790
fix(fileUtils): validate image mime types and prevent traversal#25790SH20RAJ wants to merge 3 commits intogoogle-gemini:mainfrom
Conversation
…oogle-gemini#24817) - Throw clear errors for unsupported image formats (PNG, JPEG, WEBP, HEIC, HEIF only) - Enforce 20MB size limit for images to avoid failures on upload - Improves user feedback when including images in messages Fixes google-gemini#24817
…d of throwing and adding path validation
…SingleFileContent
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request enhances file processing security and validation by implementing a project root boundary check and specific constraints for image files, including format verification and a 20MB size limit. A high-severity security issue was identified where the root check could be bypassed via symbolic links; it is recommended to resolve paths to their real paths before validation to prevent path traversal.
| endLine?: number, | ||
| ): Promise<ProcessedFileReadResult> { | ||
| try { | ||
| if (!isWithinRoot(filePath, rootDirectory)) { |
There was a problem hiding this comment.
The isWithinRoot check is vulnerable to path traversal via symbolic links. path.resolve() does not resolve symlinks, allowing an attacker to create a symlink within the project root that points to a file outside the root (e.g., /etc/passwd). This bypasses the isWithinRoot validation, enabling subsequent file operations to read sensitive files. To prevent this, ensure both the file path and the root directory are resolved to their real paths using resolveToRealPath before comparison, ensuring consistent path resolution across the repository.
References
- When requesting file access permissions, resolve symbolic links first to display the actual path being accessed, preventing potential path traversal vulnerabilities.
- Ensure consistent path resolution by using a single, robust function (e.g., resolveToRealPath) for all related path validations.
- Utility functions that perform file system operations should validate their path inputs internally to prevent path traversal vulnerabilities.
1 participant
This PR enhances image file validation by verifying MIME types and ensuring path safety. Replaces #24886.