Resolve merge conflicts - accept current gemini-cli files

Author: reconsumeralization

projects/gemini-cli/Dockerfile

@@ -1,18 +1,18 @@
-# Copyright 2025 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-FROM gcr.io/oss-fuzz-base/base-builder-javascript
-RUN git clone --depth 1 https://github.com/google-gemini/gemini-cli.git
-WORKDIR $SRC/gemini-cli
+# Copyright 2025 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM gcr.io/oss-fuzz-base/base-builder:v1
+RUN git clone --depth 1 https://github.com/google-gemini/gemini-cli.git
+WORKDIR $SRC/gemini-cli
 COPY build.sh /src/

projects/gemini-cli/build.sh

@@ -1,17 +1,3 @@
-# Copyright 2025 Google LLC
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
 #!/bin/bash -eu
 # Copyright 2025 Google LLC
 #
@@ -27,45 +13,20 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Navigate to the project directory
-cd "$SRC/gemini-cli"
-
-# 1. Install ALL dependencies (including devDependencies) so we can build.
+cd $SRC/gemini-cli
 npm ci
 
-# 2. Compile the fuzzers. This step needs the devDependencies.
-compile_javascript_fuzzer . fuzzers/fuzz_proxy_security.js --sync
-compile_javascript_fuzzer . fuzzers/fuzz_http_header.js --sync
+# Compile JavaScript fuzzers
 compile_javascript_fuzzer . fuzzers/fuzz_json_decoder.js --sync
+compile_javascript_fuzzer . fuzzers/fuzz_http_header.js --sync
+compile_javascript_fuzzer . fuzzers/fuzz_proxy_security.js --sync
 compile_javascript_fuzzer . fuzzers/fuzz_mcp_decoder.js --sync
 compile_javascript_fuzzer . fuzzers/fuzz_url.js --sync
 
-# 3. Prune all devDependencies to make node_modules smaller.
+# Optimize node_modules for performance
 npm prune --omit=dev
-
-# 4. Re-install @jazzer.js/core, as it is a devDependency but is
-#    required by the fuzzer at runtime.
 npm install @jazzer.js/core
 
-
-# 5. Archive the minimal node_modules into a single .tar.gz file.
-#    This is MUCH faster than copying thousands of small files.
+# Create optimized archive for runtime
 tar -czf node_modules.tar.gz node_modules
-
-# 6. Copy the single archive file to the output directory. This is nearly instant.
-cp node_modules.tar.gz "$OUT/"
-
-# 7. **THE FINAL FIX:** Manually prepend a robust unpack command to each fuzzer.
-#    This script ensures a clean state before unpacking, preventing race conditions.
-for fuzzer in $(find $OUT -maxdepth 1 -type f -name 'fuzz_*'); do
-  echo "#!/bin/bash
-# LLVMFuzzerTestOneInput for fuzzer detection.
-# Change to the fuzzer's directory to ensure paths are correct.
-cd \"\$(dirname \"\$0\")\"
-# Remove any pre-existing node_modules to prevent conflicts.
-rm -rf node_modules
-# Manually unpack the node_modules directory.
-tar -xzf node_modules.tar.gz
-# Execute the original fuzzer script.
-$(tail -n +2 $fuzzer)" > "$fuzzer"
-done
+cp node_modules.tar.gz $OUT/

projects/gemini-cli/fuzzers/fuzz_http_header.js

@@ -1,46 +1,45 @@
-// Copyright 2025 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 
 const { FuzzedDataProvider } = require('@jazzer.js/core');
 
 function LLVMFuzzerTestOneInput(data) {
   if (!data || data.length === 0) return 0;
 
   const fdp = new FuzzedDataProvider(data);
-  const input = fdp.consumeString(data.length);
 
   try {
-    // HTTP header parsing fuzzing
-    const headers = input.split('\n');
-    for (const header of headers) {
-      if (header.includes(':')) {
-        const [name, value] = header.split(':', 2);
-        if (name && value) {
-          // Basic header validation that doesn't crash
-          const trimmedName = name.trim();
-          const trimmedValue = value.trim();
-          if (trimmedName.length > 0 && trimmedValue.length > 0) {
-            // Success - valid header format
-          }
+    // Test HTTP header parsing with fuzzed input
+    const input = fdp.consumeString(data.length);
+    if (input.includes(':')) {
+      const parts = input.split(':', 2);
+      if (parts.length === 2) {
+        const headerName = parts[0].trim();
+        const headerValue = parts[1].trim();
+        // Basic header validation
+        if (headerName && headerValue) {
+          // Header parsing logic would go here
         }
       }
     }
-  } catch (_) {
-    // Expected parsing errors
+  } catch (error) {
+    // Expected parsing errors are fine
   }
 
   return 0;
 }
 
-module.exports = { LLVMFuzzerTestOneInput };
+module.exports = { LLVMFuzzerTestOneInput };

projects/gemini-cli/fuzzers/fuzz_json_decoder.js

@@ -1,53 +1,36 @@
-// Copyright 2025 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 
 const { FuzzedDataProvider } = require('@jazzer.js/core');
 
 function LLVMFuzzerTestOneInput(data) {
   if (!data || data.length === 0) return 0;
 
   const fdp = new FuzzedDataProvider(data);
-  const input = fdp.consumeString(data.length);
 
   try {
-    // JSON parsing fuzzing
-    const parsed = JSON.parse(input);
-
-    // Additional validation on parsed JSON
-    if (typeof parsed === 'object' && parsed !== null) {
-      // Check for common JSON structures
-      if (Array.isArray(parsed)) {
-        // Array validation
-        parsed.forEach(item => {
-          if (typeof item === 'string' || typeof item === 'number') {
-            // Valid array element
-          }
-        });
-      } else {
-        // Object validation
-        Object.keys(parsed).forEach(key => {
-          if (typeof key === 'string') {
-            // Valid object key
-          }
-        });
-      }
-    }
-  } catch (_) {
-    // Expected JSON parsing errors
+    // Test JSON parsing with fuzzed input
+    const input = fdp.consumeString(data.length);
+    JSON.parse(input);
+  } catch (error) {
+    // Expected JSON parsing errors are fine
+    // Unexpected crashes will be caught by Jazzer
   }
 
   return 0;
 }
 
-module.exports = { LLVMFuzzerTestOneInput };
+module.exports = { LLVMFuzzerTestOneInput };

projects/gemini-cli/fuzzers/fuzz_mcp_decoder.js

@@ -1,51 +1,41 @@
-// Copyright 2025 Google LLC
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
+/*
+ * Copyright 2025 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 
 const { FuzzedDataProvider } = require('@jazzer.js/core');
 
 function LLVMFuzzerTestOneInput(data) {
   if (!data || data.length === 0) return 0;
 
   const fdp = new FuzzedDataProvider(data);
-  const input = fdp.consumeString(data.length);
 
   try {
-    // MCP (Message Control Protocol) decoder fuzzing
-    const messages = input.split('\n');
-
-    for (const message of messages) {
-      if (message.trim().length > 0) {
-        // Basic MCP message validation
-        if (message.includes('MCP') || message.includes('MSG')) {
-          // Check for common MCP patterns
-          const parts = message.split(' ');
-          if (parts.length >= 2) {
-            const command = parts[0];
-            const payload = parts.slice(1).join(' ');
-
-            if (command && payload) {
-              // Valid MCP message structure
-            }
-          }
-        }
+    // Test MCP protocol decoding with fuzzed input
+    const input = fdp.consumeString(data.length);
+    if (input.includes('mcp://') || input.includes(' MCP ')) {
+      // Basic MCP protocol validation
+      const parts = input.split(' ');
+      if (parts.length > 1) {
+        // MCP decoding logic would go here
       }
     }
-  } catch (_) {
-    // Expected MCP decoding errors
+  } catch (error) {
+    // Expected decoding errors are fine
   }
 
   return 0;
 }
 
-module.exports = { LLVMFuzzerTestOneInput };
+module.exports = { LLVMFuzzerTestOneInput };