fix: prevent OOM crash from globby's eager .gitignore scanning in lis… (cline#9917)

* fix: prevent OOM crash from globby's eager .gitignore scanning in listFiles

Replace globby's gitignore:true (which reads ALL .gitignore files in the
entire tree upfront, including inside gitignored directories) with
incremental .gitignore reading during BFS traversal.

In projects with large gitignored vendored dependencies containing many
nested repos, globby collects thousands of patterns, builds a massive
regex, and V8 runs out of memory during regex compilation (~488MB).

The fix reads .gitignore files only from directories the BFS actually
enters. Gitignored directories are never entered, so their .gitignore
files are never parsed and the pattern count stays small.

- Set gitignore:false, handle .gitignore ourselves
- Read root .gitignore in buildIgnorePatterns() to seed initial patterns
- Read subdirectory .gitignore lazily during globbyLevelByLevel BFS
- Accumulate patterns in currentIgnore so deeper levels respect them
- Add 4 tests: root patterns, file patterns, subdirectory .gitignore,
  and OOM-prevention (no reading inside gitignored dirs)

* Code review followup

* Potential fix for code scanning alert no. 147: Incomplete string escaping or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

---------

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: tseglevskiy

src/services/glob/__tests__/list-files.test.ts

@@ -37,3 +37,157 @@ describe("listFiles", () => {
 		files.map(normalizeForComparison).should.containEql(normalizeForComparison(nestedFile))
 	})
 })
+
+describe("listFiles gitignore handling", () => {
+	// Each test gets its own isolated subdirectory to avoid cross-test pollution.
+	// Previous version shared a single tmpDir, which meant later tests could
+	// overwrite earlier .gitignore files and pass for the wrong reasons.
+	const baseDir = path.join(os.tmpdir(), `cline-gitignore-test-${Math.random().toString(36).slice(2)}`)
+
+	after(async () => {
+		await fs.rm(baseDir, { recursive: true, force: true }).catch(() => undefined)
+	})
+
+	it("excludes files matching root .gitignore directory patterns", async () => {
+		// Verifies the most common .gitignore use case: a directory pattern like "some-dir/"
+		// at the project root excludes that directory and everything inside it.
+		//
+		// project/
+		//   .gitignore       → "ignored-dir/"
+		//   visible.ts
+		//   ignored-dir/
+		//     secret.ts      ← should be excluded
+		//   src/
+		//     app.ts
+		const project = path.join(baseDir, "test-root-gitignore")
+		await fs.mkdir(path.join(project, "ignored-dir"), { recursive: true })
+		await fs.mkdir(path.join(project, "src"), { recursive: true })
+		await fs.writeFile(path.join(project, ".gitignore"), "ignored-dir/\n")
+		await fs.writeFile(path.join(project, "visible.ts"), "export const x = 1\n")
+		await fs.writeFile(path.join(project, "ignored-dir", "secret.ts"), "secret\n")
+		await fs.writeFile(path.join(project, "src", "app.ts"), "app\n")
+
+		const [files] = await listFiles(project, true, 200)
+		const normalized = files.map(normalizeForComparison)
+
+		normalized.should.containEql(normalizeForComparison(path.join(project, "visible.ts")))
+		normalized.should.containEql(normalizeForComparison(path.join(project, "src", "app.ts")))
+
+		const hasIgnoredContent = normalized.some((f) => f.includes("ignored-dir"))
+		hasIgnoredContent.should.equal(false, "ignored-dir/ contents should be excluded by root .gitignore")
+	})
+
+	it("excludes files matching .gitignore file patterns (not just directories)", async () => {
+		// The .gitignore parser handles two kinds of patterns differently:
+		// - Directory patterns ending in "/" → converted to "**/dir/**"
+		// - File/glob patterns like "*.log"  → converted to "**/*.log" + "**/*.log/**"
+		// This test exercises the file pattern branch.
+		//
+		// project/
+		//   .gitignore       → "*.log\nsecret.env"
+		//   app.ts
+		//   debug.log        ← should be excluded
+		//   src/
+		//     nested.log     ← should also be excluded (pattern is global)
+		//     secret.env     ← should be excluded
+		//     config.ts
+		const project = path.join(baseDir, "test-file-patterns")
+		await fs.mkdir(path.join(project, "src"), { recursive: true })
+		await fs.writeFile(path.join(project, ".gitignore"), "*.log\nsecret.env\n")
+		await fs.writeFile(path.join(project, "app.ts"), "app\n")
+		await fs.writeFile(path.join(project, "debug.log"), "debug output\n")
+		await fs.writeFile(path.join(project, "src", "nested.log"), "nested log\n")
+		await fs.writeFile(path.join(project, "src", "secret.env"), "API_KEY=xxx\n")
+		await fs.writeFile(path.join(project, "src", "config.ts"), "config\n")
+
+		const [files] = await listFiles(project, true, 200)
+		const normalized = files.map(normalizeForComparison)
+
+		normalized.should.containEql(normalizeForComparison(path.join(project, "app.ts")))
+		normalized.should.containEql(normalizeForComparison(path.join(project, "src", "config.ts")))
+
+		const hasLogFiles = normalized.some((f) => f.endsWith(".log"))
+		hasLogFiles.should.equal(false, "*.log files should be excluded")
+
+		const hasSecretEnv = normalized.some((f) => f.includes("secret.env"))
+		hasSecretEnv.should.equal(false, "secret.env should be excluded")
+	})
+
+	it("reads .gitignore from subdirectories during BFS traversal", async () => {
+		// .gitignore files aren't only at the root — subdirectories can have their own.
+		// During BFS, when we enter a non-ignored directory, we read its .gitignore
+		// and add those patterns to the accumulator for all deeper traversal.
+		//
+		// project/
+		//   src/
+		//     .gitignore     → "generated/"
+		//     code.ts
+		//     generated/
+		//       output.ts    ← should be excluded by src/.gitignore
+		//   lib/
+		//     util.ts
+		const project = path.join(baseDir, "test-subdirectory-gitignore")
+		const srcDir = path.join(project, "src")
+		const genDir = path.join(srcDir, "generated")
+		const libDir = path.join(project, "lib")
+		await fs.mkdir(genDir, { recursive: true })
+		await fs.mkdir(libDir, { recursive: true })
+		await fs.writeFile(path.join(srcDir, ".gitignore"), "generated/\n")
+		await fs.writeFile(path.join(srcDir, "code.ts"), "code\n")
+		await fs.writeFile(path.join(genDir, "output.ts"), "generated output\n")
+		await fs.writeFile(path.join(libDir, "util.ts"), "util\n")
+
+		const [files] = await listFiles(project, true, 200)
+		const normalized = files.map(normalizeForComparison)
+
+		normalized.should.containEql(normalizeForComparison(path.join(srcDir, "code.ts")))
+		normalized.should.containEql(normalizeForComparison(path.join(libDir, "util.ts")))
+
+		const hasGeneratedContent = normalized.some((f) => f.includes("generated"))
+		hasGeneratedContent.should.equal(false, "src/generated/ should be excluded by src/.gitignore")
+	})
+
+	it("does not read .gitignore from inside gitignored directories", async () => {
+		// This is the core OOM-prevention test.
+		//
+		// The crash scenario: a gitignored directory (e.g., third-party/) contains
+		// hundreds of nested repos, each with their own .gitignore. globby's old
+		// gitignore:true would read ALL of them upfront, build a massive regex,
+		// and OOM during V8 regex compilation.
+		//
+		// With incremental reading, we never enter third-party/ because the root
+		// .gitignore excludes it, so we never read any .gitignore files inside it.
+		//
+		// NOTE: We intentionally use "third-party/" instead of "vendor/" here because
+		// "vendor" is in DEFAULT_IGNORE_DIRECTORIES and would be excluded regardless
+		// of .gitignore. Using a name NOT in that list proves the .gitignore-based
+		// exclusion is actually working.
+		//
+		// project/
+		//   .gitignore          → "third-party/"
+		//   app.ts
+		//   third-party/
+		//     .gitignore        ← should never be read
+		//     repo1/
+		//       .gitignore      ← should never be read
+		//       file.ts
+		const project = path.join(baseDir, "test-no-read-inside-ignored")
+		const thirdPartyDir = path.join(project, "third-party")
+		const repo1Dir = path.join(thirdPartyDir, "repo1")
+		await fs.mkdir(repo1Dir, { recursive: true })
+		await fs.writeFile(path.join(project, ".gitignore"), "third-party/\n")
+		await fs.writeFile(path.join(project, "app.ts"), "app\n")
+		// These .gitignore files simulate the nested repos that caused OOM
+		await fs.writeFile(path.join(thirdPartyDir, ".gitignore"), "*.log\nbuild/\n")
+		await fs.writeFile(path.join(repo1Dir, ".gitignore"), "dist/\ncoverage/\n")
+		await fs.writeFile(path.join(repo1Dir, "file.ts"), "file\n")
+
+		const [files] = await listFiles(project, true, 200)
+		const normalized = files.map(normalizeForComparison)
+
+		normalized.should.containEql(normalizeForComparison(path.join(project, "app.ts")))
+
+		const hasThirdPartyContent = normalized.some((f) => f.includes("third-party"))
+		hasThirdPartyContent.should.equal(false, "third-party/ contents should be excluded — and its .gitignore files never read")
+	})
+})

src/services/glob/list-files.ts

@@ -1,6 +1,7 @@
 import { workspaceResolver } from "@core/workspace"
 import { isDirectory } from "@utils/fs"
 import { arePathsEqual } from "@utils/path"
+import * as fs from "fs/promises"
 import { globby, Options } from "globby"
 import * as os from "os"
 import * as path from "path"
@@ -46,7 +47,56 @@ function isTargetingHiddenDirectory(absolutePath: string): boolean {
 	return dirName.startsWith(".")
 }
 
-function buildIgnorePatterns(absolutePath: string): string[] {
+/**
+ * Read a .gitignore file and convert its patterns to glob ignore patterns.
+ *
+ * We do NOT use globby's built-in `gitignore: true` option because it recursively
+ * reads ALL .gitignore files in the entire directory tree upfront - including those
+ * inside directories that are themselves gitignored. In projects with large gitignored
+ * directories containing many nested repos (each with their own .gitignore), this
+ * causes V8 to run out of memory during regex compilation, crashing the extension host.
+ *
+ * Instead, we read .gitignore files incrementally during BFS traversal: only from
+ * directories we actually enter (which are not ignored), never from ignored directories.
+ */
+async function readGitignorePatterns(dirPath: string): Promise<string[]> {
+	try {
+		const gitignorePath = path.join(dirPath, ".gitignore")
+		const content = await fs.readFile(gitignorePath, "utf8")
+		const patterns: string[] = []
+
+		for (const line of content.split("\n")) {
+			const trimmed = line.trim()
+			// Skip empty lines and comments
+			if (!trimmed || trimmed.startsWith("#")) {
+				continue
+			}
+			// Skip negation patterns - they're complex to convert and rarely
+			// critical for the directory listing use case
+			if (trimmed.startsWith("!")) {
+				continue
+			}
+			// Convert gitignore patterns to glob ignore patterns
+			if (trimmed.endsWith("/")) {
+				// Directory pattern: "ignored-dir/" → match the directory itself and its contents.
+				// Two explicit patterns avoid ambiguity across glob library versions:
+				const dirName = trimmed.slice(0, -1)
+				patterns.push(`**/${dirName}`)
+				patterns.push(`**/${dirName}/**`)
+			} else {
+				// File or ambiguous pattern: "*.log" -> "**/*.log" and "**/*.log/**"
+				patterns.push(`**/${trimmed}`)
+				patterns.push(`**/${trimmed}/**`)
+			}
+		}
+
+		return patterns
+	} catch {
+		return []
+	}
+}
+
+async function buildIgnorePatterns(absolutePath: string): Promise<string[]> {
 	const isTargetHidden = isTargetingHiddenDirectory(absolutePath)
 
 	const patterns = [...DEFAULT_IGNORE_DIRECTORIES]
@@ -56,7 +106,15 @@ function buildIgnorePatterns(absolutePath: string): string[] {
 		patterns.push(".*")
 	}
 
-	return patterns.map((dir) => `**/${dir}/**`)
+	const globPatterns = patterns.map((dir) => `**/${dir}/**`)
+
+	// Read root .gitignore to seed the initial ignore patterns.
+	// Additional .gitignore files from subdirectories are read incrementally
+	// during BFS traversal in globbyLevelByLevel().
+	const gitignorePatterns = await readGitignorePatterns(absolutePath)
+	globPatterns.push(...gitignorePatterns)
+
+	return globPatterns
 }
 
 export async function listFiles(dirPath: string, recursive: boolean, limit: number): Promise<[string[], boolean]> {
@@ -78,8 +136,8 @@ export async function listFiles(dirPath: string, recursive: boolean, limit: numb
 		dot: true, // do not ignore hidden files/directories
 		absolute: true,
 		markDirectories: true, // Append a / on any directories matched
-		gitignore: recursive, // globby ignores any files that are gitignored
-		ignore: recursive ? buildIgnorePatterns(absolutePath) : undefined,
+		gitignore: false, // We handle .gitignore ourselves incrementally during BFS to avoid OOM
+		ignore: recursive ? await buildIgnorePatterns(absolutePath) : undefined,
 		onlyFiles: false, // include directories in results
 		suppressErrors: true,
 	}
@@ -95,6 +153,9 @@ Breadth-first traversal of directory structure level by level up to a limit:
    - Processes directory patterns level by level
    - Captures a representative sample of the directory structure up to the limit
    - Minimizes risk of missing deeply nested files
+   - Reads .gitignore files incrementally from each non-ignored directory entered,
+     avoiding the OOM crash caused by globby's gitignore:true reading ALL nested
+     .gitignore files upfront (including those inside gitignored directories)
 
 - Notes:
    - Relies on globby to mark directories with /
@@ -104,23 +165,45 @@ Breadth-first traversal of directory structure level by level up to a limit:
 async function globbyLevelByLevel(limit: number, options?: Options) {
 	const results: Set<string> = new Set()
 	const queue: string[] = ["*"]
+	// Track all ignore patterns, starting with whatever was passed in options.
+	// We'll add patterns from .gitignore files as we discover non-ignored directories.
+	const currentIgnore: string[] = [...((options?.ignore as string[]) ?? [])]
 
 	const globbingProcess = async () => {
 		while (queue.length > 0 && results.size < limit) {
 			const pattern = queue.shift()!
-			const filesAtLevel = await globby(pattern, options)
+			// Use current accumulated ignore patterns for each globby call
+			const currentOptions = { ...options, ignore: currentIgnore }
+			const filesAtLevel = await globby(pattern, currentOptions)
 
 			for (const file of filesAtLevel) {
 				if (results.size >= limit) {
 					break
 				}
 				results.add(file)
 				if (file.endsWith("/")) {
-					// Escape parentheses in the path to prevent glob pattern interpretation
-					// This is crucial for NextJS folder naming conventions which use parentheses like (auth), (dashboard)
-					// Without escaping, glob treats parentheses as special pattern grouping characters
-					const escapedFile = file.replace(/\(/g, "\\(").replace(/\)/g, "\\)")
-					queue.push(`${escapedFile}*`)
+					// This directory passed the ignore filters, so it's not gitignored.
+					// Read its .gitignore (if any) and add patterns to the ignore list
+					// so deeper traversal respects them.
+					const dirGitignorePatterns = await readGitignorePatterns(file)
+					if (dirGitignorePatterns.length > 0) {
+						currentIgnore.push(...dirGitignorePatterns)
+					}
+
+					// Queue as a RELATIVE path to cwd so that ignore patterns (like **/tmp/**)
+					// are checked against relative entry paths, not absolute ones. Using absolute
+					// patterns causes false matches when the project is under a directory whose
+					// name collides with DEFAULT_IGNORE_DIRECTORIES (e.g., /tmp on Linux).
+					const cwd = options?.cwd?.toString() ?? ""
+					const relativeDir = path.relative(cwd, file)
+					// Escape backslashes and parentheses in the path to prevent glob pattern interpretation.
+					// This is crucial for NextJS folder naming conventions which use parentheses like (auth), (dashboard).
+					// Without escaping, glob treats backslashes as escapes and parentheses as special pattern grouping characters.
+					const escapedDir = relativeDir
+						.replace(/\\/g, "\\\\")
+						.replace(/\(/g, "\\(")
+						.replace(/\)/g, "\\)")
+					queue.push(`${escapedDir}/*`)
 				}
 			}
 		}