Sync upstream Gemini-CLI v0.8.2 (#838)

2025-12-21 17:27:54 +00:00 · 2025-10-23 09:27:04 +08:00
parent 096fabb5d6
commit eb95c131be
644 changed files with 70389 additions and 23709 deletions
--- a/packages/core/src/utils/shell-utils.ts
+++ b/packages/core/src/utils/shell-utils.ts
@@ -10,6 +10,7 @@ import os from 'node:os';
 import { quote } from 'shell-quote';
 import { doesToolInvocationMatch } from './tool-utils.js';
 import { isShellCommandReadOnly } from './shellReadOnlyChecker.js';
+import { spawn, type SpawnOptionsWithoutStdio } from 'node:child_process';

 const SHELL_TOOL_NAMES = ['run_shell_command', 'ShellTool'];

@@ -266,6 +267,11 @@ export function detectCommandSubstitution(command: string): boolean {
        return true;
      }

+      // >(...) process substitution - works unquoted only (not in double quotes)
+      if (char === '>' && nextChar === '(' && !inDoubleQuotes && !inBackticks) {
+        return true;
+      }
+
      // Backtick command substitution - check for opening backtick
      // (We track the state above, so this catches the start of backtick substitution)
      if (char === '`' && !inBackticks) {
@@ -319,7 +325,7 @@ export function checkCommandPermissions(
      allAllowed: false,
      disallowedCommands: [command],
      blockReason:
-        'Command substitution using $(), <(), or >() is not allowed for security reasons',
+        'Command substitution using $(), `` ` ``, <(), or >() is not allowed for security reasons',
      isHardDenial: true,
    };
  }
@@ -459,6 +465,37 @@ export function checkCommandPermissions(
 * @param config The application configuration.
 * @returns An object with 'allowed' boolean and optional 'reason' string if not allowed.
 */
+export const spawnAsync = (
+  command: string,
+  args: string[],
+  options?: SpawnOptionsWithoutStdio,
+): Promise<{ stdout: string; stderr: string }> =>
+  new Promise((resolve, reject) => {
+    const child = spawn(command, args, options);
+    let stdout = '';
+    let stderr = '';
+
+    child.stdout.on('data', (data) => {
+      stdout += data.toString();
+    });
+
+    child.stderr.on('data', (data) => {
+      stderr += data.toString();
+    });
+
+    child.on('close', (code) => {
+      if (code === 0) {
+        resolve({ stdout, stderr });
+      } else {
+        reject(new Error(`Command failed with exit code ${code}:\n${stderr}`));
+      }
+    });
+
+    child.on('error', (err) => {
+      reject(err);
+    });
+  });
+
 export function isCommandAllowed(
  command: string,
  config: Config,