fix(security): prevent zip-slip path traversal in self-update (#3250)

Validate each ZIP member's resolved path against the extraction directory before extracting. A crafted ZIP with paths like ../../etc/passwd would previously write outside the target directory. Fixes #3075 Co-authored-by: Hiren <hiren.thakore58@gmail.com>
2026-03-26 13:40:37 -07:00
parent b7b3294c4a
commit 3a7907b278
1 changed files with 6 additions and 0 deletions
--- a/hermes_cli/main.py
+++ b/hermes_cli/main.py
@@ -2383,6 +2383,12 @@ def _update_via_zip(args):
        
        print("→ Extracting...")
        with zipfile.ZipFile(zip_path, 'r') as zf:
+            # Validate paths to prevent zip-slip (path traversal)
+            tmp_dir_real = os.path.realpath(tmp_dir)
+            for member in zf.infolist():
+                member_path = os.path.realpath(os.path.join(tmp_dir, member.filename))
+                if not member_path.startswith(tmp_dir_real + os.sep) and member_path != tmp_dir_real:
+                    raise ValueError(f"Zip-slip detected: {member.filename} escapes extraction directory")
            zf.extractall(tmp_dir)
        
        # GitHub ZIPs extract to hermes-agent-<branch>/