Merge pull request #7310 from continuedev/dallin/prevent-file-reads-fixes

fix: cleanup file security pr

Author: sestinj

core/context/providers/FileContextProvider.ts

@@ -37,21 +37,6 @@ class FileContextProvider extends BaseContextProvider {
       await extras.ide.getWorkspaceDirs(),
     );
 
-    if (isSecurityConcern(relativePathOrBasename)) {
-      return [
-        {
-          description: last2Parts,
-          content:
-            "Content redacted, this file cannot be viewed for security reasons",
-          name: baseName,
-          uri: {
-            type: "file",
-            value: fileUri,
-          },
-        },
-      ];
-    }
-
     return [
       {
         name: baseName,

core/context/providers/ProblemsContextProvider.ts

@@ -29,14 +29,6 @@ class ProblemsContextProvider extends BaseContextProvider {
           problem.filepath,
           workspaceDirs,
         );
-        if (isSecurityConcern(relativePathOrBasename)) {
-          return {
-            description: "Problems in current file",
-            content:
-              "Content was redacted because the file is detected as a potential security concern",
-            name: `Warnings in ${baseName}`,
-          };
-        }
         const content = await ide.readFile(problem.filepath);
         const lines = content.split("\n");
         const rangeContent = lines

core/indexing/ignore.ts

@@ -67,14 +67,6 @@ export const DEFAULT_SECURITY_IGNORE_DIRS = [
   // Environment and configuration directories
   ".env/",
   "env/",
-  ".venv/",
-  "venv/",
-
-  // IDE directories that may contain cached credentials
-  // For now excluding, reasons for this unclear
-  // ".vscode/",
-  // ".idea/",
-  // ".vs/",
 
   // Cloud provider credential directories
   ".aws/",
@@ -168,6 +160,8 @@ export const ADDITIONAL_INDEXING_IGNORE_FILETYPES = [
   "*.swp",
   "*.jsonl",
   // "*.prompt", // can be incredibly confusing for the LLM to have another set of instructions injected into the prompt
+  // Application specific
+  ".continue/",
 ];
 
 export const ADDITIONAL_INDEXING_IGNORE_DIRS = [
@@ -189,6 +183,13 @@ export const ADDITIONAL_INDEXING_IGNORE_DIRS = [
   ".cache/",
   "gems/",
   "vendor/",
+
+  ".venv/",
+  "venv/",
+
+  ".vscode/",
+  ".idea/",
+  ".vs/",
 ];
 
 // Combined patterns: security + additional

core/indexing/ignore.vitest.ts

@@ -81,18 +81,7 @@ describe("isSecurityConcern", () => {
     it("should detect environment directories as security concerns", () => {
       expect(isSecurityConcern(".env/")).toBe(true);
       expect(isSecurityConcern("env/")).toBe(true);
-      expect(isSecurityConcern(".venv/")).toBe(true);
-      expect(isSecurityConcern("venv/")).toBe(true);
       expect(isSecurityConcern(".env/config")).toBe(true);
-      expect(isSecurityConcern("project/.venv/lib")).toBe(true);
-    });
-
-    it("should detect IDE directories as security concerns", () => {
-      // expect(isSecurityConcern(".vscode/")).toBe(true);
-      // expect(isSecurityConcern(".idea/")).toBe(true);
-      // expect(isSecurityConcern(".vs/")).toBe(true);
-      expect(isSecurityConcern(".vscode/settings.json")).toBe(true);
-      // expect(isSecurityConcern(".idea/workspace.xml")).toBe(true);
     });
 
     it("should detect cloud provider directories as security concerns", () => {

extensions/cli/package-lock.json

@@ -83,7 +83,6 @@
     "swr": "^2.3.4",
     "turndown": "^7.2.0",
     "typescript": "^5.8.3",
-    "uri-js": "^4.4.1",
     "uuid": "^9.0.1",
     "winston": "^3.17.0",
     "yaml": "^2.8.0"

extensions/cli/package.json

@@ -1,7 +1,5 @@
 import * as fs from "fs";
 
-import { throwIfFileIsSecurityConcern } from "core/indexing/ignore.js";
-
 import { telemetryService } from "../../telemetry/telemetryService.js";
 import {
   calculateLinesOfCodeDiff,
@@ -97,7 +95,7 @@ Each string in the diffs array can contain multiple SEARCH/REPLACE blocks, and a
   preprocess: async (args) => {
     // Get and validate args
     const { filepath, diffs } = parseSearchAndReplaceArgs(args);
-    throwIfFileIsSecurityConcern(filepath);
+
     // Get current file contents
     if (!fs.existsSync(filepath)) {
       throw new Error(`file ${filepath} does not exist`);

extensions/cli/src/tools/searchAndReplace/index.ts

@@ -1,5 +1,4 @@
 import { type AssistantConfig } from "@continuedev/sdk";
-import { throwIfFileIsSecurityConcern } from "core/indexing/ignore.js";
 import { Box, Text, useApp, useInput } from "ink";
 import React, { useCallback, useState } from "react";
 
@@ -255,7 +254,6 @@ const UserInput: React.FC<UserInputProps> = ({
       // Read the file content and notify parent component
       if (onFileAttached) {
         try {
-          throwIfFileIsSecurityConcern(filePath);
           const fs = await import("fs/promises");
           const content = await fs.readFile(filePath, "utf-8");
           onFileAttached(filePath, content);