fix(patch): cherry-pick 765fb67 to release/v0.36.0-preview.5-pr-24055 to patch version v0.36.0-preview.5 and create version 0.36.0-preview.6 (#24061)

Co-authored-by: Gal Zahavi <38544478+galz10@users.noreply.github.com>

Author: gemini-cli-robot

packages/cli/src/config/sandboxConfig.test.ts

@@ -93,7 +93,7 @@ describe('loadSandboxConfig', () => {
       expect(config).toEqual({
         enabled: true,
         allowedPaths: [],
-        networkAccess: false,
+        networkAccess: true,
         command: 'docker',
         image: 'default/image',
       });
@@ -122,7 +122,7 @@ describe('loadSandboxConfig', () => {
       expect(config).toEqual({
         enabled: true,
         allowedPaths: [],
-        networkAccess: false,
+        networkAccess: true,
         command: 'lxc',
         image: 'default/image',
       });
@@ -148,7 +148,7 @@ describe('loadSandboxConfig', () => {
       expect(config).toEqual({
         enabled: true,
         allowedPaths: [],
-        networkAccess: false,
+        networkAccess: true,
         command: 'sandbox-exec',
         image: 'default/image',
       });
@@ -161,7 +161,7 @@ describe('loadSandboxConfig', () => {
       expect(config).toEqual({
         enabled: true,
         allowedPaths: [],
-        networkAccess: false,
+        networkAccess: true,
         command: 'sandbox-exec',
         image: 'default/image',
       });
@@ -174,7 +174,7 @@ describe('loadSandboxConfig', () => {
       expect(config).toEqual({
         enabled: true,
         allowedPaths: [],
-        networkAccess: false,
+        networkAccess: true,
         command: 'docker',
         image: 'default/image',
       });
@@ -187,7 +187,7 @@ describe('loadSandboxConfig', () => {
       expect(config).toEqual({
         enabled: true,
         allowedPaths: [],
-        networkAccess: false,
+        networkAccess: true,
         command: 'podman',
         image: 'default/image',
       });
@@ -210,7 +210,7 @@ describe('loadSandboxConfig', () => {
       expect(config).toEqual({
         enabled: true,
         allowedPaths: [],
-        networkAccess: false,
+        networkAccess: true,
         command: 'podman',
         image: 'default/image',
       });
@@ -244,7 +244,7 @@ describe('loadSandboxConfig', () => {
       expect(config).toEqual({
         enabled: true,
         allowedPaths: [],
-        networkAccess: false,
+        networkAccess: true,
         command: 'docker',
         image: 'env/image',
       });
@@ -257,7 +257,7 @@ describe('loadSandboxConfig', () => {
       expect(config).toEqual({
         enabled: true,
         allowedPaths: [],
-        networkAccess: false,
+        networkAccess: true,
         command: 'docker',
         image: 'default/image',
       });
@@ -285,7 +285,7 @@ describe('loadSandboxConfig', () => {
         expect(config).toEqual({
           enabled: true,
           allowedPaths: [],
-          networkAccess: false,
+          networkAccess: true,
           command: 'docker',
           image: 'default/image',
         });
@@ -339,7 +339,7 @@ describe('loadSandboxConfig', () => {
               enabled: true,
               command: 'podman',
               allowedPaths: [],
-              networkAccess: false,
+              networkAccess: true,
             },
           },
         },
@@ -356,7 +356,7 @@ describe('loadSandboxConfig', () => {
               enabled: true,
               image: 'custom/image',
               allowedPaths: [],
-              networkAccess: false,
+              networkAccess: true,
             },
           },
         },
@@ -372,7 +372,7 @@ describe('loadSandboxConfig', () => {
             sandbox: {
               enabled: false,
               allowedPaths: [],
-              networkAccess: false,
+              networkAccess: true,
             },
           },
         },
@@ -388,7 +388,7 @@ describe('loadSandboxConfig', () => {
             sandbox: {
               enabled: true,
               allowedPaths: ['/settings-path'],
-              networkAccess: false,
+              networkAccess: true,
             },
           },
         },
@@ -410,7 +410,7 @@ describe('loadSandboxConfig', () => {
       expect(config).toEqual({
         enabled: true,
         allowedPaths: [],
-        networkAccess: false,
+        networkAccess: true,
         command: 'runsc',
         image: 'default/image',
       });
@@ -425,7 +425,7 @@ describe('loadSandboxConfig', () => {
       expect(config).toEqual({
         enabled: true,
         allowedPaths: [],
-        networkAccess: false,
+        networkAccess: true,
         command: 'runsc',
         image: 'default/image',
       });
@@ -442,7 +442,7 @@ describe('loadSandboxConfig', () => {
       expect(config).toEqual({
         enabled: true,
         allowedPaths: [],
-        networkAccess: false,
+        networkAccess: true,
         command: 'runsc',
         image: 'default/image',
       });
@@ -460,7 +460,7 @@ describe('loadSandboxConfig', () => {
       expect(config).toEqual({
         enabled: true,
         allowedPaths: [],
-        networkAccess: false,
+        networkAccess: true,
         command: 'runsc',
         image: 'default/image',
       });

packages/cli/src/config/sandboxConfig.ts

@@ -131,7 +131,7 @@ export async function loadSandboxConfig(
 
   let sandboxValue: boolean | string | null | undefined;
   let allowedPaths: string[] = [];
-  let networkAccess = false;
+  let networkAccess = true;
   let customImage: string | undefined;
 
   if (
@@ -142,7 +142,7 @@ export async function loadSandboxConfig(
     const config = sandboxOption;
     sandboxValue = config.enabled ? (config.command ?? true) : false;
     allowedPaths = config.allowedPaths ?? [];
-    networkAccess = config.networkAccess ?? false;
+    networkAccess = config.networkAccess ?? true;
     customImage = config.image;
   } else if (typeof sandboxOption !== 'object' || sandboxOption === null) {
     sandboxValue = sandboxOption;

packages/core/src/sandbox/macos/MacOsSandboxManager.test.ts

@@ -153,7 +153,10 @@ describe('MacOsSandboxManager', () => {
           SAFE_VAR: '1',
           GITHUB_TOKEN: 'sensitive',
         },
-        policy: mockPolicy,
+        policy: {
+          ...mockPolicy,
+          sanitizationConfig: { enableEnvironmentVariableRedaction: true },
+        },
       });
 
       expect(result.env['SAFE_VAR']).toBe('1');

packages/core/src/services/environmentSanitization.test.ts

@@ -375,9 +375,9 @@ describe('sanitizeEnvironment', () => {
 });
 
 describe('getSecureSanitizationConfig', () => {
-  it('should enable environment variable redaction by default', () => {
+  it('should default enableEnvironmentVariableRedaction to false', () => {
     const config = getSecureSanitizationConfig();
-    expect(config.enableEnvironmentVariableRedaction).toBe(true);
+    expect(config.enableEnvironmentVariableRedaction).toBe(false);
   });
 
   it('should merge allowed and blocked variables from base and requested configs', () => {
@@ -440,13 +440,13 @@ describe('getSecureSanitizationConfig', () => {
     expect(config.blockedEnvironmentVariables).toEqual(['BLOCKED_VAR']);
   });
 
-  it('should force enableEnvironmentVariableRedaction to true even if requested false', () => {
+  it('should respect requested enableEnvironmentVariableRedaction value', () => {
     const requestedConfig = {
       enableEnvironmentVariableRedaction: false,
     };
 
     const config = getSecureSanitizationConfig(requestedConfig);
 
-    expect(config.enableEnvironmentVariableRedaction).toBe(true);
+    expect(config.enableEnvironmentVariableRedaction).toBe(false);
   });
 });

packages/core/src/services/environmentSanitization.ts

@@ -230,6 +230,9 @@ export function getSecureSanitizationConfig(
     allowedEnvironmentVariables: [...new Set(allowed)],
     blockedEnvironmentVariables: [...new Set(blocked)],
     // Redaction must be enabled for secure configurations
-    enableEnvironmentVariableRedaction: true,
+    enableEnvironmentVariableRedaction:
+      requestedConfig.enableEnvironmentVariableRedaction ??
+      baseConfig?.enableEnvironmentVariableRedaction ??
+      false,
   };
 }

packages/core/src/services/sandboxManager.test.ts

@@ -58,6 +58,11 @@ describe('NoopSandboxManager', () => {
         MY_SECRET: 'super-secret',
         SAFE_VAR: 'is-safe',
       },
+      policy: {
+        sanitizationConfig: {
+          enableEnvironmentVariableRedaction: true,
+        },
+      },
     };
 
     const result = await sandboxManager.prepareCommand(req);
@@ -68,7 +73,7 @@ describe('NoopSandboxManager', () => {
     expect(result.env['MY_SECRET']).toBeUndefined();
   });
 
-  it('should NOT allow disabling environment variable redaction if requested in config (vulnerability fix)', async () => {
+  it('should allow disabling environment variable redaction if requested in config', async () => {
     const req = {
       command: 'echo',
       args: ['hello'],
@@ -85,8 +90,8 @@ describe('NoopSandboxManager', () => {
 
     const result = await sandboxManager.prepareCommand(req);
 
-    // API_KEY should be redacted because SandboxManager forces redaction and API_KEY matches NEVER_ALLOWED_NAME_PATTERNS
-    expect(result.env['API_KEY']).toBeUndefined();
+    // API_KEY should be preserved because redaction was explicitly disabled
+    expect(result.env['API_KEY']).toBe('sensitive-key');
   });
 
   it('should respect allowedEnvironmentVariables in config but filter sensitive ones', async () => {
@@ -101,6 +106,7 @@ describe('NoopSandboxManager', () => {
       policy: {
         sanitizationConfig: {
           allowedEnvironmentVariables: ['MY_SAFE_VAR', 'MY_TOKEN'],
+          enableEnvironmentVariableRedaction: true,
         },
       },
     };
@@ -124,6 +130,7 @@ describe('NoopSandboxManager', () => {
       policy: {
         sanitizationConfig: {
           blockedEnvironmentVariables: ['BLOCKED_VAR'],
+          enableEnvironmentVariableRedaction: true,
         },
       },
     };