Fix issues with rip grep

[gundermanc]

Summary

Fixes a couple of issues with the ripgrep tool implementation which can impact quality.

• Passing a string that isn't parsable as a regex for 'pattern' throws an error, even when fixed_strings is true.
• before, context, and after parameters are not honored. Any context lines are omitted from the response.

How to Validate

Pre-Merge Checklist

• Updated relevant documentation and README (if needed)
• Added/updated tests (if needed)
• Noted breaking changes (if any)
• Validated on required platforms/methods:
  • MacOS
    • npm run
    • npx
    • Docker
    • Podman
    • Seatbelt
  • Windows
    • npm run
    • npx
    • Docker
  • Linux
    • npm run
    • npx
    • Docker

[gemini-code-assist]

Summary of Changes

Hello @gundermanc, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses two critical issues within the ripgrep tool implementation to improve its robustness and functionality. It resolves an error where non-regex patterns would fail validation even when fixed_strings was enabled, and it ensures that context lines specified by before, context, or after parameters are correctly retrieved and presented in the search output. These changes enhance the reliability and usability of the ripgrep tool for various search scenarios.

Highlights

• Ripgrep Regex Validation: The RipGrepTool now correctly bypasses regular expression validation for the pattern parameter when fixed_strings is set to true, preventing errors for non-regex patterns.
• Context Line Support: The RipGrepTool has been updated to properly honor and display before, context, and after parameters, ensuring that context lines are included in the search results and formatted distinctly.
• Match Counting Logic: The logic for counting and truncating search results has been refined to count only actual matches, excluding context lines, ensuring that the maxMatches limit is applied correctly to relevant results.
• Enhanced Testing: New integration and unit tests have been added to validate the correct behavior of fixed_strings with invalid regex patterns and to confirm that context parameters are correctly applied and displayed in the output.

Changelog

• integration-tests/ripgrep-real.test.ts
  • Imported createMockMessageBus for tool instantiation.
  • Instantiated RipGrepTool with a mock message bus.
  • Added a new integration test to verify support for context parameters in ripgrep searches.
• packages/core/src/tools/ripGrep.test.ts
  • Refactored the fixed_strings test case to a standard it block.
  • Added a new test to confirm that invalid regex patterns are allowed when fixed_strings is true.
  • Updated mock spawn output to simulate ripgrep's JSON output for context lines.
  • Modified assertions to include checks for correctly formatted context lines in the output.
• packages/core/src/tools/ripGrep.ts
  • Added an optional isContext property to the GrepMatch interface.
  • Adjusted match counting and truncation logic to differentiate between actual matches and context lines.
  • Modified the output formatting to use a different separator (- vs :) for context lines.
  • Implemented a matchesFound counter to limit results based on actual matches, not total lines including context.
  • Updated parseRipgrepJsonLine to correctly parse both match and context types from ripgrep's JSON output and set the isContext flag.
  • Modified validateToolParamValues to skip regex pattern validation if fixed_strings is enabled.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

Size Change: +326 B (0%)

Total Size: 23.9 MB

ℹ️ View Unchanged

Filename	Size	Change
./bundle/gemini.js	23.9 MB	+326 B (0%)
./bundle/sandbox-macos-permissive-closed.sb	1.03 kB	0 B
./bundle/sandbox-macos-permissive-open.sb	890 B	0 B
./bundle/sandbox-macos-permissive-proxied.sb	1.31 kB	0 B
./bundle/sandbox-macos-restrictive-closed.sb	3.29 kB	0 B
./bundle/sandbox-macos-restrictive-open.sb	3.36 kB	0 B
./bundle/sandbox-macos-restrictive-proxied.sb	3.56 kB	0 B

_{compressed-size-action}

[gemini-code-assist]

Code Review

This pull request addresses issues with the ripgrep tool by correctly handling the fixed_strings parameter to skip regular expression validation and implementing support for context lines (before, after, and context parameters). However, a critical argument injection vulnerability was identified in the RipGrepTool implementation. When the fixed_strings parameter is enabled, the search pattern is passed to the ripgrep binary in a way that allows for flag injection, which could be exploited to achieve Remote Code Execution (RCE).

[gemini-code-assist]

Skipping validation for pattern when fixed_strings is true allows for argument injection in the underlying ripgrep command. Since the pattern is passed as a positional argument at line 351 (rgArgs.push(pattern)), an attacker could provide a pattern starting with - to inject arbitrary flags. For example, injecting flags like --pre or --config-path could lead to Remote Code Execution (RCE) or unauthorized file access.

To remediate this, you should either add validation to ensure the pattern does not start with a hyphen when fixed_strings is true, or better, update the command construction in performRipgrepSearch to always use the --regexp (or -e) flag to pass the pattern safely.

Suggested change

	if (!params.fixed_strings) {
	try {
	new RegExp(params.pattern);
	} catch (error) {
	return `Invalid regular expression pattern provided: ${params.pattern}. Error: ${getErrorMessage(error)}`;
	}
	}
	if (!params.fixed_strings) {
	try {
	new RegExp(params.pattern);
	} catch (error) {
	return `Invalid regular expression pattern provided: ${params.pattern}. Error: ${getErrorMessage(error)}`;
	}
	} else if (params.pattern.startsWith('-')) {
	return "Pattern cannot start with '-' when fixed_strings is true to prevent argument injection.";
	}