Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 248 Pull Requests 14 Actions 1 Packages Projects Releases Wiki Activity

fix(security): catch sensitive path writes in approval checks (#3859)

Browse Source 
Co-authored-by: Gutslabs <gutslabsxyz@gmail.com>
This commit is contained in:
Teknium
2026-03-29 20:57:57 -07:00
committed by GitHub
parent aa389924ad
commit 2d607d36f6
2 changed files with 52 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
tests/tools/test_approval.py
View File

@@ -339,6 +339,16 @@ class TestTeePattern:
assert dangerous is True
assert key is not None
def test_tee_custom_hermes_home_env(self):
dangerous, key, desc = detect_dangerous_command("echo x | tee $HERMES_HOME/.env")
assert dangerous is True
assert key is not None
def test_tee_quoted_custom_hermes_home_env(self):
dangerous, key, desc = detect_dangerous_command('echo x | tee "$HERMES_HOME/.env"')
assert dangerous is True
assert key is not None
def test_tee_tmp_safe(self):
dangerous, key, desc = detect_dangerous_command("echo hello | tee /tmp/output.txt")
assert dangerous is False
@@ -374,6 +384,30 @@ class TestFindExecFullPathRm:
assert key is None
class TestSensitiveRedirectPattern:
"""Detect shell redirection writes to sensitive user-managed paths."""
def test_redirect_to_custom_hermes_home_env(self):
dangerous, key, desc = detect_dangerous_command("echo x > $HERMES_HOME/.env")
assert dangerous is True
assert key is not None
def test_append_to_home_ssh_authorized_keys(self):
dangerous, key, desc = detect_dangerous_command("cat key >> $HOME/.ssh/authorized_keys")
assert dangerous is True
assert key is not None
def test_append_to_tilde_ssh_authorized_keys(self):
dangerous, key, desc = detect_dangerous_command("cat key >> ~/.ssh/authorized_keys")
assert dangerous is True
assert key is not None
def test_redirect_to_safe_tmp_file(self):
dangerous, key, desc = detect_dangerous_command("echo hello > /tmp/output.txt")
assert dangerous is False
assert key is None
class TestPatternKeyUniqueness:
"""Bug: pattern_key is derived by splitting on \\b and taking [1], so
patterns starting with the same word (e.g. find -exec rm and find -delete)
@@ -606,3 +640,4 @@ class TestNormalizationBypass:
dangerous, key, desc = detect_dangerous_command(cmd)
assert dangerous is False