Replaces OS-specific unzip with js solution

eamodio · eamodio · commit b221e584648d · 2025-10-07T16:25:58.000-04:00
- Filters files during extraction to only extract needed binaries
- Adds path traversal protection for security
- Automatically sets executable permissions on Unix systems
diff --git a/ThirdPartyNotices.txt b/ThirdPartyNotices.txt
@@ -23,19 +23,20 @@ This project incorporates components from the projects listed below.
 18. billboard.js version 3.17.0 (https://github.com/naver/billboard.js)
 19. diff2html version 3.4.52 (https://github.com/rtfpessoa/diff2html)
 20. driver.js version 1.3.6 (https://github.com/kamranahmedse/driver.js)
-21. https-proxy-agent version 5.0.1 (https://github.com/TooTallNate/node-https-proxy-agent)
-22. iconv-lite version 0.6.3 (https://github.com/ashtuchkin/iconv-lite)
-23. lit version 3.3.1 (https://github.com/lit/lit)
-24. marked version 16.3.0 (https://github.com/markedjs/marked)
-25. microsoft/vscode (https://github.com/microsoft/vscode)
-26. node-fetch version 2.7.0 (https://github.com/bitinn/node-fetch)
-27. os-browserify version 0.3.0 (https://github.com/CoderPuppy/os-browserify)
-28. path-browserify version 1.0.1 (https://github.com/browserify/path-browserify)
-29. react-dom version 19.0.0 (https://github.com/facebook/react)
-30. react version 19.0.0 (https://github.com/facebook/react)
-31. signal-utils version 0.21.1 (https://github.com/proposal-signals/signal-utils)
-32. slug version 11.0.0 (https://github.com/Trott/slug)
-33. sortablejs version 1.15.6 (https://github.com/SortableJS/Sortable)
+21. fflate version 0.8.2 (https://github.com/101arrowz/fflate)
+22. https-proxy-agent version 5.0.1 (https://github.com/TooTallNate/node-https-proxy-agent)
+23. iconv-lite version 0.6.3 (https://github.com/ashtuchkin/iconv-lite)
+24. lit version 3.3.1 (https://github.com/lit/lit)
+25. marked version 16.3.0 (https://github.com/markedjs/marked)
+26. microsoft/vscode (https://github.com/microsoft/vscode)
+27. node-fetch version 2.7.0 (https://github.com/bitinn/node-fetch)
+28. os-browserify version 0.3.0 (https://github.com/CoderPuppy/os-browserify)
+29. path-browserify version 1.0.1 (https://github.com/browserify/path-browserify)
+30. react-dom version 19.0.0 (https://github.com/facebook/react)
+31. react version 19.0.0 (https://github.com/facebook/react)
+32. signal-utils version 0.21.1 (https://github.com/proposal-signals/signal-utils)
+33. slug version 11.0.0 (https://github.com/Trott/slug)
+34. sortablejs version 1.15.6 (https://github.com/SortableJS/Sortable)
 
 %% @gk-nzaytsev/fast-string-truncated-width NOTICES AND INFORMATION BEGIN HERE
 =========================================
@@ -1847,6 +1848,32 @@ THE SOFTWARE.
 =========================================
 END OF  driver.js NOTICES AND INFORMATION
 
+%% fflate NOTICES AND INFORMATION BEGIN HERE
+=========================================
+MIT License
+
+Copyright (c) 2023 Arjun Barrett
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+=========================================
+END OF  fflate NOTICES AND INFORMATION
+
 %% https-proxy-agent NOTICES AND INFORMATION BEGIN HERE
 =========================================
 https-proxy-agent
diff --git a/package.json b/package.json
@@ -25069,6 +25069,7 @@
 		"billboard.js": "3.17.0",
 		"diff2html": "3.4.52",
 		"driver.js": "1.3.6",
+		"fflate": "0.8.2",
 		"https-proxy-agent": "5.0.1",
 		"iconv-lite": "0.6.3",
 		"lit": "3.3.1",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
diff --git a/src/env/node/gk/cli/integration.ts b/src/env/node/gk/cli/integration.ts
@@ -17,12 +17,11 @@ import { debug, log } from '../../../../system/decorators/log';
 import { Logger } from '../../../../system/logger';
 import { getLogScope, setLogScopeExit } from '../../../../system/logger.scope';
 import { compare } from '../../../../system/version';
-import { run } from '../../git/shell';
 import { getPlatform, isWeb } from '../../platform';
 import { CliCommandHandlers } from './commands';
 import type { IpcServer } from './ipcServer';
 import { createIpcServer } from './ipcServer';
-import { runCLICommand, showManualMcpSetupPrompt, toMcpInstallProvider } from './utils';
+import { extractZipFile, runCLICommand, showManualMcpSetupPrompt, toMcpInstallProvider } from './utils';
 
 const enum CLIInstallErrorReason {
 	UnsupportedPlatform,
@@ -611,28 +610,14 @@ export class GkCliIntegrationProvider implements Disposable {
 				}
 
 				try {
-					// Use the run function to extract the installer file from the installer zip
-					if (platform === 'windows') {
-						// On Windows, use PowerShell to extract the zip file.
-						// Force overwrite if the file already exists with -Force
-						await run(
-							'powershell.exe',
-							[
-								'-Command',
-								`Expand-Archive -Path "${cliProxyZipFilePath.fsPath}" -DestinationPath "${globalStoragePath.fsPath}" -Force`,
-							],
-							'utf8',
-						);
-					} else {
-						// On Unix-like systems, use the unzip command to extract the zip file, forcing overwrite with -o
-						await run('unzip', ['-o', cliProxyZipFilePath.fsPath, '-d', globalStoragePath.fsPath], 'utf8');
-					}
+					// Extract only the gk binary from the zip file using the fflate library (cross-platform)
+					const expectedBinary = platform === 'windows' ? 'gk.exe' : 'gk';
+					await extractZipFile(cliProxyZipFilePath.fsPath, globalStoragePath.fsPath, {
+						filter: filename => filename === expectedBinary || filename.endsWith(`/${expectedBinary}`),
+					});
 
 					// Check using stat to make sure the newly extracted file exists.
-					cliExtractedProxyFilePath = Uri.joinPath(
-						globalStoragePath,
-						platform === 'windows' ? 'gk.exe' : 'gk',
-					);
+					cliExtractedProxyFilePath = Uri.joinPath(globalStoragePath, expectedBinary);
 
 					// This will throw if the file doesn't exist
 					await workspace.fs.stat(cliExtractedProxyFilePath);
diff --git a/src/env/node/gk/cli/utils.ts b/src/env/node/gk/cli/utils.ts
@@ -1,10 +1,81 @@
+import { chmod, mkdir, readFile, writeFile } from 'fs/promises';
+import { dirname, resolve, sep } from 'path';
 import { window } from 'vscode';
 import { urls } from '../../../../constants';
 import { Container } from '../../../../container';
 import { openUrl } from '../../../../system/-webview/vscode/uris';
 import { run } from '../../git/shell';
 import { getPlatform } from '../../platform';
 
+/**
+ * Extracts a zip file to a destination directory using the fflate library.
+ * This is a cross-platform alternative to using OS-specific unzip commands.
+ *
+ * @param zipPath - The path to the zip file to extract
+ * @param destPath - The destination directory where files will be extracted
+ * @param options - Optional extraction options
+ * @param options.filter - Optional filter function to select which files to extract. Return true to extract the file.
+ * @throws Error if extraction fails or if path traversal is detected
+ */
+export async function extractZipFile(
+	zipPath: string,
+	destPath: string,
+	options?: { filter?: (filename: string) => boolean },
+): Promise<void> {
+	// Dynamically import fflate to avoid bundling it when not needed
+	const { unzip } = await import(/* webpackChunkName: "lib-unzip" */ 'fflate');
+
+	// Read the zip file (returns a Buffer, which extends Uint8Array in Node.js)
+	const zipData = await readFile(zipPath);
+
+	// Unzip asynchronously (runs in worker thread, doesn't block main thread)
+	// Use fflate's built-in filter to avoid decompressing unwanted files
+	const filter = options?.filter;
+	const unzipped = await new Promise<Record<string, Uint8Array>>((resolve, reject) => {
+		unzip(
+			// Buffer is a Uint8Array, but TypeScript needs the cast for strict type checking
+			zipData as Uint8Array,
+			{
+				filter: filter
+					? file => {
+							// Skip directory entries (they end with /)
+							if (file.name.endsWith('/')) return false;
+							// Apply user filter
+							return filter(file.name);
+						}
+					: undefined,
+			},
+			(err, result) => {
+				if (err) {
+					reject(err);
+				} else {
+					resolve(result);
+				}
+			},
+		);
+	});
+
+	// Extract the files
+	for (const [filename, data] of Object.entries(unzipped)) {
+		// Skip directory entries (they end with /)
+		if (filename.endsWith('/')) continue;
+
+		// Resolve the full path and ensure it's within the destination (prevents path traversal)
+		const filePath = resolve(destPath, filename);
+		const resolvedDest = resolve(destPath);
+		if (!filePath.startsWith(resolvedDest + sep) && filePath !== resolvedDest) {
+			throw new Error(`Path traversal detected in zip file: ${filename}`);
+		}
+
+		await mkdir(dirname(filePath), { recursive: true });
+		await writeFile(filePath, data);
+		// Make 'gk' executable on Unix systems
+		if (getPlatform() !== 'windows' && (filename === 'gk' || filename.endsWith('/gk'))) {
+			await chmod(filePath, 0o755);
+		}
+	}
+}
+
 export function toMcpInstallProvider<T extends string | undefined>(appHostName: T): T {
 	switch (appHostName) {
 		case 'code':
