Skip to content

fix(patch): cherry-pick 14b2f35 to release/v0.38.1-pr-24974 to patch version v0.38.1 and create version 0.38.2 #25585

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
SandyTao520 merged 1 commit into from
Apr 17, 2026
Merged

fix(patch): cherry-pick 14b2f35 to release/v0.38.1-pr-24974 to patch version v0.38.1 and create version 0.38.2 #25585

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion ...shot-renders-tool-confirmation-box-in-the-frame-of-the-entire-terminal.snap.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
2 changes: 1 addition & 1 deletion packages/cli/src/ui/__snapshots__/ToolConfirmationFullFrame.test.tsx.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ exports[`Full Terminal Tool Confirmation Snapshot > renders tool confirmation bo
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄

╭─────────────────────────────────────────────────────────────────────────────────────────────────╮
│ ? Edit
│ ? Edit packages/.../InputPrompt.tsx: return kittyProtocolSupporte... => return kittyProto…
│ ╭─────────────────────────────────────────────────────────────────────────────────────────────╮ │
│ │ ... first 42 lines hidden (Ctrl+O to show) ... │ │
│ │ 43 const line43 = true; │ │
Expand Down
38 changes: 38 additions & 0 deletions packages/cli/src/ui/components/ToolConfirmationQueue.test.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,44 @@ describe('ToolConfirmationQueue', () => {
vi.clearAllMocks();
});

it('explicitly renders the tool description (containing filename) for edit confirmations', async () => {
const confirmingTool = {
tool: {
callId: 'call-1',
name: 'Edit',
description: 'Editing src/main.ts',
status: CoreToolCallStatus.AwaitingApproval,
confirmationDetails: {
type: 'edit' as const,
title: 'Confirm edit',
fileName: 'main.ts',
filePath: '/src/main.ts',
fileDiff: '--- a/main.ts\n+++ b/main.ts\n@@ -1 +1 @@\n-old\n+new',
originalContent: 'old',
newContent: 'new',
},
},
index: 1,
total: 1,
};

const { lastFrame, unmount } = await renderWithProviders(
<ToolConfirmationQueue
confirmingTool={confirmingTool as unknown as ConfirmingToolState}
/>,
{
config: mockConfig,
uiState: {
terminalWidth: 80,
},
},
);

const output = lastFrame();
expect(output).toContain('Editing src/main.ts');
unmount();
});

it('renders the confirming tool with progress indicator', async () => {
const confirmingTool = {
tool: {
Expand Down
4 changes: 2 additions & 2 deletions packages/cli/src/ui/components/ToolConfirmationQueue.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,9 @@ export const ToolConfirmationQueue: React.FC<ToolConfirmationQueueProps> = ({
<Box flexDirection="row" flexShrink={1} overflow="hidden">
<Text color={theme.status.warning} bold>
? {toolLabel}
{!isEdit && !!tool.description && ' '}
{!!tool.description && ' '}
</Text>
{!isEdit && !!tool.description && (
{!!tool.description && (
Comment on lines +101 to +103

@gemini-code-assist gemini-code-assist Bot Apr 17, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security-high high

The tool.description field, which originates from LLM-generated tool calls, is rendered directly to the terminal without proper sanitization. This introduces a terminal injection vulnerability. An attacker could craft a malicious tool.description containing ANSI escape sequences to manipulate the terminal output, potentially leading to UI spoofing (e.g., obscuring the actual command or diff being confirmed), clipboard manipulation (via OSC 52), or even opening malicious URLs (via OSC 8).

Given that this component is responsible for confirming sensitive actions (like file edits or shell command execution), UI spoofing poses a significant risk, as it could trick users into approving unintended or harmful operations. The changes in this pull request specifically extend this behavior to 'edit' tools, thereby expanding the attack surface.

Remediation: Sanitize the tool.description string before rendering it. It is recommended to use existing utility functions like stripUnsafeCharacters or sanitizeForDisplay (which are already utilized for other sensitive fields within ToolConfirmationMessage.tsx) to effectively remove or escape terminal control characters and ANSI escape sequences.

Suggested change
{!!tool.description && ' '}
</Text>
{!isEdit && !!tool.description && (
{!!tool.description && (
{!!tool.description && ' '}
</Text>
{!!tool.description && (
<Box flexShrink={1} overflow="hidden">
<Text color={theme.text.primary} wrap="truncate-end">
{sanitizeForDisplay(tool.description)}
</Text>
References
  1. Always treat user-provided data as untrusted and apply proper validation and sanitization at the point of use, even if it is believed to have been filtered or sanitized upstream. This follows the principle of defense-in-depth.

<Box flexShrink={1} overflow="hidden">
<Text color={theme.text.primary} wrap="truncate-end">
{tool.description}
Expand Down
3 changes: 2 additions & 1 deletion ...r-the-full-queue-wrapper-with-borders-and-content-for-large-edit-diffs.snap.svg
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
6 changes: 3 additions & 3 deletions packages/cli/src/ui/components/__snapshots__/ToolConfirmationQueue.test.tsx.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

exports[`ToolConfirmationQueue > calculates availableContentHeight based on availableTerminalHeight from UI state 1`] = `
"╭──────────────────────────────────────────────────────────────────────────────╮
│ ? replace
│ ? replace edit file
│ ╭──────────────────────────────────────────────────────────────────────────╮ │
│ ╰─... 48 hidden (Ctrl+O) ...───────────────────────────────────────────────╯ │
│ Apply this change? │
Expand All @@ -17,7 +17,7 @@ exports[`ToolConfirmationQueue > calculates availableContentHeight based on avai

exports[`ToolConfirmationQueue > does not render expansion hint when constrainHeight is false 1`] = `
"╭──────────────────────────────────────────────────────────────────────────────╮
│ ? replace
│ ? replace edit file
│ ╭──────────────────────────────────────────────────────────────────────────╮ │
│ │ │ │
│ │ No changes detected. │ │
Expand Down Expand Up @@ -63,7 +63,7 @@ exports[`ToolConfirmationQueue > height allocation and layout > should handle se

exports[`ToolConfirmationQueue > height allocation and layout > should render the full queue wrapper with borders and content for large edit diffs 1`] = `
"╭──────────────────────────────────────────────────────────────────────────────╮
│ ? replace
│ ? replace Replaces content in a file
│ ╭──────────────────────────────────────────────────────────────────────────╮ │
│ │ ... 13 hidden (Ctrl+O) ... │ │
│ │ 7 + const newLine7 = true; │ │
Expand Down
22 changes: 22 additions & 0 deletions packages/cli/src/ui/components/messages/DenseToolMessage.test.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,28 @@ describe('DenseToolMessage', () => {
terminalWidth: 80,
};

it('explicitly renders the filename in the header for FileDiff results', async () => {
const fileDiff: FileDiff = {
fileName: 'test-file.ts',
filePath: '/test-file.ts',
fileDiff:
'--- a/test-file.ts\n+++ b/test-file.ts\n@@ -1 +1 @@\n-old\n+new',
originalContent: 'old',
newContent: 'new',
};

const { lastFrame, waitUntilReady } = await renderWithProviders(
<DenseToolMessage
{...defaultProps}
name="Edit"
resultDisplay={fileDiff as unknown as ToolResultDisplay}
/>,
);
await waitUntilReady();
const output = lastFrame();
expect(output).toContain('test-file.ts');
});

it('renders correctly for a successful string result', async () => {
const { lastFrame, waitUntilReady } = await renderWithProviders(
<DenseToolMessage {...defaultProps} />,
Expand Down
Loading