Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 257 Pull Requests 35 Actions 4 Packages Projects Releases Wiki Activity

fix(vision): make SSRF redirect guard async for httpx.AsyncClient

Browse Source 
httpx.AsyncClient awaits event hooks. The sync _ssrf_redirect_guard
returned None, causing 'object NoneType can't be used in await
expression' on any vision_analyze call that followed redirects.

Caught during live PTY testing of the merged SSRF protection.
This commit is contained in:
Teknium
2026-03-23 15:44:52 -07:00
parent 0791efe2c3
commit ad5f973a8d
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tools/vision_tools.py
View File

@@ -97,11 +97,13 @@ async def _download_image(image_url: str, destination: Path, max_retries: int =
# Create parent directories if they don't exist # Create parent directories if they don't exist
destination.parent.mkdir(parents=True, exist_ok=True) destination.parent.mkdir(parents=True, exist_ok=True)
def _ssrf_redirect_guard(response): async def _ssrf_redirect_guard(response):
"""Re-validate each redirect target to prevent redirect-based SSRF. """Re-validate each redirect target to prevent redirect-based SSRF.
Without this, an attacker can host a public URL that 302-redirects Without this, an attacker can host a public URL that 302-redirects
to http://169.254.169.254/ and bypass the pre-flight is_safe_url check. to http://169.254.169.254/ and bypass the pre-flight is_safe_url check.
Must be async because httpx.AsyncClient awaits event hooks.
""" """
if response.is_redirect and response.next_request: if response.is_redirect and response.next_request:
redirect_url = str(response.next_request.url) redirect_url = str(response.next_request.url)