實測 GeminiCLI Security Extensions 來Review CodeX 原始碼
前陣子Gemini CLI除了公布最新的網域? https://geminicli.com/ 之外,也帶來了一堆好玩的 Gemini CLI Extension , 今天我們就來試玩下面兩位主角 Code Review 與 Security Extension。
UpdatedMarch 24, 2026•5 min read
JJhihHao Wu**近期研究重點包含 AI Agent 的供應鏈攻擊、PII 偵測模型評估,以及醫療 AI 在臨床流程中的安全落地。
在這裡,我分享深度技術實測報告(如 NVIDIA NeMo, WildGuard)與職場技術成長心得,致力於在 AI 浪潮中打造具備資安韌性的解決方案。**Part of seriesAI 工具與模型評測
On this page
實測 GeminiCLI Security Extensions 來Review CodeX 原始碼Code Review ExtensionGemini CLI Security Extension
實測 GeminiCLI Security Extensions 來Review CodeX 原始碼
前陣子Gemini CLI除了公布最新的網域? https://geminicli.com/ 之外,也帶來了一堆好玩的 Gemini CLI Extension , 今天我們就來試玩下面兩位主角 Code Review 與 Security Extension。
Gemini CLI Code Review Extension , 可以幫忙偵測修改的code change,並幫忙做 Code Quality的review。
Gemini CLI Security Extension,幫忙對範圍內的所有程式碼,處理SAST等資安掃描並給出建議,詳細的內容後面會提到。
如果你手邊的Gemini CLI 很久沒有更新的話,記得先用Brew或是npm更新一下。
Gemini CLI update available! 0.7.0 → 0.8.2
Installed via Homebrew. Please update with "brew upgrade".
兩個Extension安裝的方法也相當簡單,只需要透過下面的command安裝。
❯ gemini extensions install https://github.com/gemini-cli-extensions/security
Extensions may introduce unexpected behavior.
Ensure you have investigated the extension source and trust the author.
This extension will run the following MCP servers:
* securityServer (local): node /var/folders/2x/s3py40517xj7s98_16fhd59r0000gn/T/gemini-extension3xZFxO/mcp-server/dist/security.js
This extension will append info to your gemini.md context using GEMINI.md
Do you want to continue? [Y/n]: y
Extension "gemini-cli-security" installed successfully and enabled.
❯ gemini extensions install https://github.com/gemini-cli-extensions/code-review
Extensions may introduce unexpected behavior.
Ensure you have investigated the extension source and trust the author.
This extension will append info to your gemini.md context using GEMINI.md
Do you want to continue? [Y/n]: y
Extension "code-review" installed successfully and enabled.
接著我們找點code玩玩看,剛好手邊有前陣子從 https://github.com/openai/codex 上clone下來的source,我們先把一些commit 清掉來作為變更試試上面的Extension,手邊的code 的commit 是在 26f7c468 ,先還原到 abd51709 。
❯ git log --oneline
26f7c468 (HEAD -> main, origin/main, origin/HEAD) fixes #5011: update mcp server doc (#5014)
90af046c tui: include the image name in the textarea placeholder (#5056)
961ed319 feat: make shortcut works even with capslock (#5049)
85e73579 fix: workflow cache (#5050)
f98fa85b feat: message when stream get correctly resumed (#4988)
ddcaf3dc tui: fix crash when alt+bksp past unicode nbsp (#5016)
56296cad tui: /diff mode wraps long lines (#4891)
95b41dd7 tui: fix wrapping in trust_directory (#5007)
bf82353f tui: fix wrapping in user approval decisions (#5008)
0308febc Remove unused type (#5003)
7b4a4c22 Shijie/codesign binary (#4899)
3ddd4d47 fix: lagged output in unified_exec buffer (#4992)
ca6a0358 bug: sandbox denied error logs (#4874)
0026b126 feat: indentation mode for read_file (#4887)
43002366 revert /name for now (#4978)
ec238a2c feat: Set chat name (#4974)
b6165aee Create alias (#4971)
f4bc03d7 tui: fix off-by-16 in terminal_palette (#4967)
3c5e12e2 [MCP] Add auth status to MCP servers (#4918)
c89229db Make context line permanent (#4699)
d3820f47 [MCP] Add an `enabled` config field (#4917)
e896db11 tui: hardcode xterm palette, shimmer blends between fg and bg (#4957)
96acb8a7 Fix transcript mode rendering issue when showing tab chars (#4911)
687a13bb feat: truncate on compact (#4942)
fe8122e5 fix: change log_sse_event() so it no longer takes a closure (#4953)
876d4f45 bug: fix CLI UP/ENTER (#4944)
f52320be feat: grep_files as a tool (#4820)
a43ae86b [MCP] Add support for streamable http servers with `codex mcp add` and replace bearer token handling (#4904)
496cb801 [MCP] Add the ability to explicitly specify a credentials store (#4857)
abd51709 remove experimental prefix (#4907)
b8b04514 feat(tui): switch to tree-sitter-highlight bash highlighting (#4666)
0e5d72cc tui: bring the transcript closer to display mode (#4848)
60f9e85c Set codex SDK TypeScript originator (#4894)
git reset abd51709
Code Review Extension
要使用Code Review Extension ,只需要在Gemini CLI中輸入 /code-review後便會自動開始處理。
Code Review Extension code-review
Code Review Extension result
這幾個commit好像沒掃出什麼建議,實際上看了幾個 commit內容,好像也多半是release前的文件作業比較多。
Gemini CLI Security Extension
強烈建議,Security掃描如果用Google帳號登入驗證Gemini CLI,會掃不完,改用Gemini-2.5-flash掃一陣子後會不斷冒出錯誤訊息,建議輸入 /auth 後 改用 Use Gemini API Key 或是 Vertex AI 驗證方式後再進行。 (或是你先看完,後面有帳單資訊 XD)
Get started │
│ │
│ How would you like to authenticate for this project? │
│ │
│ 1. Login with Google │
│ ● 2. Use Gemini API Key │
│ 3. Vertex AI │
│ │
│ (Use Enter to select)
輸入 /security:analyze 指令後,Gemini便會開始幫你掃描相關的變更,同時會開始整理需要掃描的檔案與方法,並整理到 SECURITY_ANALYSIS_TODO.md 中。
過程中,其實Gemini滿細心的,每個檔案有沒有掃到問題他很多很仔細跟跟你說,並且會彙整到SECURITY_ANALYSIS_TODO.md 中
✦ Beginning reconnaissance on codex-rs/tui/src/bottom_pane/textarea.rs for vulnerabilities.
╭────────────────────────────────────────────────────────╮
│ ✓ ReadFile ...dex-rs/tui/src/bottom_pane/textarea.rs │
╰────────────────────────────────────────────────────────╯
✦ I've reviewed codex-rs/tui/src/bottom_pane/textarea.rs and found no security vulnerabilities. I'm marking this task complete and moving on.
╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ ✓ WriteFile Writing to SECURITY_ANALYSIS_TODO.md │
│ │
│ 42 - [x] SAST Recon on `codex-rs/tui/src/bottom_pane/chat_composer_history.rs` │
│ 43 - [x] SAST Recon on `codex-rs/tui/src/bottom_pane/footer.rs` │
│ 44 - [x] SAST Recon on `codex-rs/tui/src/bottom_pane/list_selection_view.rs` │
│ 45 - - [ ] SAST Recon on `codex-rs/tui/src/bottom_pane/textarea.rs` │
│ 45 + - [x] SAST Recon on `codex-rs/tui/src/bottom_pane/textarea.rs` │
│ 46 - [ ] SAST Recon on `codex-rs/tui/src/chatwidget.rs` │
│ 47 - [ ] SAST Recon on `codex-rs/tui/src/chatwidget/tests.rs` │
│ 48 - [ ] SAST Recon on `codex-rs/tui/src/diff_render.rs` │
╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
✦ Beginning reconnaissance on codex-rs/tui/src/chatwidget.rs for vulnerabilities.
╭───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╮
│ ✓ ReadFile codex-rs/tui/src/chatwidget.rs │
│ │
│ Read lines 1-2000 of 2307 from codex-rs/tui/src/chatwidget.rs │
╰───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
✦ I've reviewed codex-rs/tui/src/chatwidget.rs and found no new security vulnerabilities. The existing potential for prompt injection, as seen in codex.rs, remains.
I'm marking this task complete and moving on.
最後會來個大彙整如下:
## Security Audit Report
Here is the security audit report for the pull request:
1. Hardcoded password
╭─────────────────────────────────────────────────────────────────────────────────────────────╮
│ ✓ Shell rm SECURITY_ANALYSIS_TODO.md DRAFT_SECURITY_REPORT.md (Removing temporary files.) │
╰─────────────────────────────────────────────────────────────────────────────────────────────╯
✦ - Vulnerability: Hardcoded password in release workflow
- Severity: Low
- Location: .github/workflows/rust-release.yml
- Line: 107
- Line Content: KEYCHAIN_PASSWORD: actions
- Description: The GitHub release workflow uses a hardcoded password for a temporary keychain. While the keychain is ephemeral and tied to the runner's lifecycle,
hardcoding secrets is a bad practice.
- Recommendation: Generate a random password for the keychain within the workflow run instead of using a hardcoded one.
2. Potential for Prompt Injection
- Vulnerability: Potential for Prompt Injection
- Severity: Medium
- Location: codex-rs/core/src/codex.rs
- Description: User input from Op::UserInput and Op::UserTurn is passed to the model via ModelClient::stream without sanitization. This could allow a malicious
user to inject prompts and manipulate the model's behavior.
- Recommendation: The calling application should sanitize user input before passing it to the Codex::submit function.
3. Path Traversal
- Vulnerability: Path Traversal
- Severity: High
- Location: codex-rs/core/src/tools/handlers/read_file.rs
- Line: 136
- Line Content: let path = PathBuf::from(&file_path);
- Description: The ReadFileHandler tool takes a file_path argument and reads the file at that path. The code checks if the path is absolute, but it does not
restrict the path to a specific directory. This allows a user to read any file on the system that the process has access to.
- Recommendation: The file_path should be validated to ensure that it is within a permitted directory.
4. Information Disclosure
- Vulnerability: Information Disclosure
- Severity: Medium
- Location: codex-rs/otel/src/otel_event_manager.rs
- Line: 309
- Line Content: let prompt_to_log = if self.metadata.log_user_prompts {
- Description: The user_prompt function logs the user's prompt if the log_user_prompts flag is enabled. If a user's prompt contains sensitive information, it
could be logged.
- Recommendation: The log_user_prompts flag should be disabled by default. Users should be warned about the security implications of enabling it.
好像也是些做SAST滿常見的發現XD
再來我們來看一下總共的token數量跟費用
各種成本大概是這樣 (SECURITY_ANALYSIS_TODO.md 列出的65個檔案)
時間:約36分鐘
金額 :23.88 美金
跟一般SAST的Fortify 比起來,這個速度好像沒有特別快,價格上好像其實要作為日常掃描或是定期掃描完整的程式碼,費用上可能也不便宜,可能需要讓LLM Security Review這顆子彈再飛一會兒,應該會有更吸引人的方案與被包裝後的工具出現。
Top comments (0)