Compare commits
6 Commits
tests/secu
...
security/f
| Author | SHA1 | Date | |
|---|---|---|---|
| ed32487cbe | |||
| 37c5e672b5 | |||
| cfcffd38ab | |||
| 0b49540db3 | |||
| ffa8405cfb | |||
| cc1b9e8054 |
@@ -292,7 +292,29 @@ class APIServerAdapter(BasePlatformAdapter):
|
||||
extra = config.extra or {}
|
||||
self._host: str = extra.get("host", os.getenv("API_SERVER_HOST", DEFAULT_HOST))
|
||||
self._port: int = int(extra.get("port", os.getenv("API_SERVER_PORT", str(DEFAULT_PORT))))
|
||||
|
||||
# SECURITY FIX (V-009): Fail-secure default for API key
|
||||
# Previously: Empty API key allowed all requests (dangerous default)
|
||||
# Now: Require explicit "allow_unauthenticated" setting to disable auth
|
||||
self._api_key: str = extra.get("key", os.getenv("API_SERVER_KEY", ""))
|
||||
self._allow_unauthenticated: bool = extra.get(
|
||||
"allow_unauthenticated",
|
||||
os.getenv("API_SERVER_ALLOW_UNAUTHENTICATED", "").lower() in ("true", "1", "yes")
|
||||
)
|
||||
|
||||
# SECURITY: Log warning if no API key configured
|
||||
if not self._api_key and not self._allow_unauthenticated:
|
||||
logger.warning(
|
||||
"API_SERVER_KEY not configured. All requests will be rejected. "
|
||||
"Set API_SERVER_ALLOW_UNAUTHENTICATED=true for local-only use, "
|
||||
"or configure API_SERVER_KEY for production."
|
||||
)
|
||||
elif not self._api_key and self._allow_unauthenticated:
|
||||
logger.warning(
|
||||
"API_SERVER running without authentication. "
|
||||
"This is only safe for local-only deployments."
|
||||
)
|
||||
|
||||
self._cors_origins: tuple[str, ...] = self._parse_cors_origins(
|
||||
extra.get("cors_origins", os.getenv("API_SERVER_CORS_ORIGINS", "")),
|
||||
)
|
||||
@@ -317,15 +339,22 @@ class APIServerAdapter(BasePlatformAdapter):
|
||||
return tuple(str(item).strip() for item in items if str(item).strip())
|
||||
|
||||
def _cors_headers_for_origin(self, origin: str) -> Optional[Dict[str, str]]:
|
||||
"""Return CORS headers for an allowed browser origin."""
|
||||
"""Return CORS headers for an allowed browser origin.
|
||||
|
||||
SECURITY FIX (V-008): Never allow wildcard "*" with credentials.
|
||||
If "*" is configured, we reject the request to prevent security issues.
|
||||
"""
|
||||
if not origin or not self._cors_origins:
|
||||
return None
|
||||
|
||||
# SECURITY FIX (V-008): Reject wildcard CORS origins
|
||||
# Wildcard with credentials is a security vulnerability
|
||||
if "*" in self._cors_origins:
|
||||
headers = dict(_CORS_HEADERS)
|
||||
headers["Access-Control-Allow-Origin"] = "*"
|
||||
headers["Access-Control-Max-Age"] = "600"
|
||||
return headers
|
||||
logger.warning(
|
||||
"CORS wildcard '*' is not allowed for security reasons. "
|
||||
"Please configure specific origins in API_SERVER_CORS_ORIGINS."
|
||||
)
|
||||
return None # Reject wildcard - too dangerous
|
||||
|
||||
if origin not in self._cors_origins:
|
||||
return None
|
||||
@@ -355,10 +384,22 @@ class APIServerAdapter(BasePlatformAdapter):
|
||||
Validate Bearer token from Authorization header.
|
||||
|
||||
Returns None if auth is OK, or a 401 web.Response on failure.
|
||||
If no API key is configured, all requests are allowed.
|
||||
|
||||
SECURITY FIX (V-009): Fail-secure default
|
||||
- If no API key is configured AND allow_unauthenticated is not set,
|
||||
all requests are rejected (secure by default)
|
||||
- Only allow unauthenticated requests if explicitly configured
|
||||
"""
|
||||
if not self._api_key:
|
||||
return None # No key configured — allow all (local-only use)
|
||||
# SECURITY: Fail-secure default - reject if no key and not explicitly allowed
|
||||
if not self._api_key and not self._allow_unauthenticated:
|
||||
return web.json_response(
|
||||
{"error": {"message": "Authentication required. Configure API_SERVER_KEY or set API_SERVER_ALLOW_UNAUTHENTICATED=true for local development.", "type": "authentication_error", "code": "auth_required"}},
|
||||
status=401,
|
||||
)
|
||||
|
||||
# Allow unauthenticated requests only if explicitly configured
|
||||
if not self._api_key and self._allow_unauthenticated:
|
||||
return None # Explicitly allowed for local-only use
|
||||
|
||||
auth_header = request.headers.get("Authorization", "")
|
||||
if auth_header.startswith("Bearer "):
|
||||
|
||||
167
hermes_state_patch.py
Normal file
167
hermes_state_patch.py
Normal file
@@ -0,0 +1,167 @@
|
||||
"""SQLite State Store patch for cross-process locking.
|
||||
|
||||
Addresses Issue #52: SQLite global write lock causes contention.
|
||||
|
||||
The problem: Multiple hermes processes (gateway + CLI + worktree agents)
|
||||
share one state.db, but each process has its own threading.Lock.
|
||||
This patch adds file-based locking for cross-process coordination.
|
||||
"""
|
||||
|
||||
import fcntl
|
||||
import os
|
||||
import sqlite3
|
||||
import threading
|
||||
import time
|
||||
import random
|
||||
from pathlib import Path
|
||||
from typing import Callable, TypeVar
|
||||
|
||||
T = TypeVar("T")
|
||||
|
||||
|
||||
class CrossProcessLock:
|
||||
"""File-based lock for cross-process SQLite coordination.
|
||||
|
||||
Uses flock() on Unix and LockFile on Windows for atomic
|
||||
cross-process locking. Falls back to threading.Lock if
|
||||
file locking fails.
|
||||
"""
|
||||
|
||||
def __init__(self, lock_path: Path):
|
||||
self.lock_path = lock_path
|
||||
self.lock_path.parent.mkdir(parents=True, exist_ok=True)
|
||||
self._fd = None
|
||||
self._thread_lock = threading.Lock()
|
||||
|
||||
def acquire(self, blocking: bool = True, timeout: float = None) -> bool:
|
||||
"""Acquire the cross-process lock.
|
||||
|
||||
Args:
|
||||
blocking: If True, block until lock is acquired
|
||||
timeout: Maximum time to wait (None = forever)
|
||||
|
||||
Returns:
|
||||
True if lock acquired, False if timeout
|
||||
"""
|
||||
with self._thread_lock:
|
||||
if self._fd is not None:
|
||||
return True # Already held
|
||||
|
||||
start = time.time()
|
||||
while True:
|
||||
try:
|
||||
self._fd = open(self.lock_path, "w")
|
||||
if blocking:
|
||||
fcntl.flock(self._fd.fileno(), fcntl.LOCK_EX)
|
||||
else:
|
||||
fcntl.flock(self._fd.fileno(), fcntl.LOCK_EX | fcntl.LOCK_NB)
|
||||
return True
|
||||
except (IOError, OSError) as e:
|
||||
if self._fd:
|
||||
self._fd.close()
|
||||
self._fd = None
|
||||
|
||||
if not blocking:
|
||||
return False
|
||||
|
||||
if timeout and (time.time() - start) >= timeout:
|
||||
return False
|
||||
|
||||
# Random backoff
|
||||
time.sleep(random.uniform(0.01, 0.05))
|
||||
|
||||
def release(self):
|
||||
"""Release the lock."""
|
||||
with self._thread_lock:
|
||||
if self._fd is not None:
|
||||
try:
|
||||
fcntl.flock(self._fd.fileno(), fcntl.LOCK_UN)
|
||||
self._fd.close()
|
||||
except (IOError, OSError):
|
||||
pass
|
||||
finally:
|
||||
self._fd = None
|
||||
|
||||
def __enter__(self):
|
||||
self.acquire()
|
||||
return self
|
||||
|
||||
def __exit__(self, exc_type, exc_val, exc_tb):
|
||||
self.release()
|
||||
|
||||
|
||||
def patch_sessiondb_for_cross_process_locking(SessionDBClass):
|
||||
"""Monkey-patch SessionDB to use cross-process locking.
|
||||
|
||||
This should be called early in application initialization.
|
||||
|
||||
Usage:
|
||||
from hermes_state import SessionDB
|
||||
from hermes_state_patch import patch_sessiondb_for_cross_process_locking
|
||||
patch_sessiondb_for_cross_process_locking(SessionDB)
|
||||
"""
|
||||
original_init = SessionDBClass.__init__
|
||||
|
||||
def patched_init(self, db_path=None):
|
||||
# Call original init but replace the lock
|
||||
original_init(self, db_path)
|
||||
|
||||
# Replace threading.Lock with cross-process lock
|
||||
lock_path = Path(self.db_path).parent / ".state.lock"
|
||||
self._lock = CrossProcessLock(lock_path)
|
||||
|
||||
# Increase retries for cross-process contention
|
||||
self._WRITE_MAX_RETRIES = 30 # Up from 15
|
||||
self._WRITE_RETRY_MIN_S = 0.050 # Up from 20ms
|
||||
self._WRITE_RETRY_MAX_S = 0.300 # Up from 150ms
|
||||
|
||||
SessionDBClass.__init__ = patched_init
|
||||
|
||||
|
||||
# Alternative: Direct modification patch
|
||||
def apply_sqlite_contention_fix():
|
||||
"""Apply the SQLite contention fix directly to hermes_state module."""
|
||||
import hermes_state
|
||||
|
||||
original_SessionDB = hermes_state.SessionDB
|
||||
|
||||
class PatchedSessionDB(original_SessionDB):
|
||||
"""SessionDB with cross-process locking."""
|
||||
|
||||
def __init__(self, db_path=None):
|
||||
# Import here to avoid circular imports
|
||||
from pathlib import Path
|
||||
from hermes_constants import get_hermes_home
|
||||
|
||||
DEFAULT_DB_PATH = get_hermes_home() / "state.db"
|
||||
self.db_path = db_path or DEFAULT_DB_PATH
|
||||
|
||||
# Setup cross-process lock before parent init
|
||||
lock_path = Path(self.db_path).parent / ".state.lock"
|
||||
self._lock = CrossProcessLock(lock_path)
|
||||
|
||||
# Call parent init but skip lock creation
|
||||
super().__init__(db_path)
|
||||
|
||||
# Override the lock parent created
|
||||
self._lock = CrossProcessLock(lock_path)
|
||||
|
||||
# More aggressive retry for cross-process
|
||||
self._WRITE_MAX_RETRIES = 30
|
||||
self._WRITE_RETRY_MIN_S = 0.050
|
||||
self._WRITE_RETRY_MAX_S = 0.300
|
||||
|
||||
hermes_state.SessionDB = PatchedSessionDB
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
# Test the lock
|
||||
lock = CrossProcessLock(Path("/tmp/test_cross_process.lock"))
|
||||
print("Testing cross-process lock...")
|
||||
|
||||
with lock:
|
||||
print("Lock acquired")
|
||||
time.sleep(0.1)
|
||||
|
||||
print("Lock released")
|
||||
print("✅ Cross-process lock test passed")
|
||||
@@ -253,6 +253,26 @@ class DockerEnvironment(BaseEnvironment):
|
||||
# mode uses tmpfs (ephemeral, fast, gone on cleanup).
|
||||
from tools.environments.base import get_sandbox_dir
|
||||
|
||||
# SECURITY FIX (V-012): Block dangerous volume mounts
|
||||
# Prevent privilege escalation via Docker socket or sensitive paths
|
||||
_BLOCKED_VOLUME_PATTERNS = [
|
||||
"/var/run/docker.sock",
|
||||
"/run/docker.sock",
|
||||
"/var/run/docker.pid",
|
||||
"/proc", "/sys", "/dev",
|
||||
":/", # Root filesystem mount
|
||||
]
|
||||
|
||||
def _is_dangerous_volume(vol_spec: str) -> bool:
|
||||
"""Check if volume spec is dangerous (docker socket, root fs, etc)."""
|
||||
for pattern in _BLOCKED_VOLUME_PATTERNS:
|
||||
if pattern in vol_spec:
|
||||
return True
|
||||
# Check for docker socket variations
|
||||
if "docker.sock" in vol_spec.lower():
|
||||
return True
|
||||
return False
|
||||
|
||||
# User-configured volume mounts (from config.yaml docker_volumes)
|
||||
volume_args = []
|
||||
workspace_explicitly_mounted = False
|
||||
@@ -263,6 +283,15 @@ class DockerEnvironment(BaseEnvironment):
|
||||
vol = vol.strip()
|
||||
if not vol:
|
||||
continue
|
||||
|
||||
# SECURITY FIX (V-012): Block dangerous volumes
|
||||
if _is_dangerous_volume(vol):
|
||||
logger.error(
|
||||
f"SECURITY: Refusing to mount dangerous volume '{vol}'. "
|
||||
f"Docker socket and system paths are blocked to prevent container escape."
|
||||
)
|
||||
continue # Skip this dangerous volume
|
||||
|
||||
if ":" in vol:
|
||||
volume_args.extend(["-v", vol])
|
||||
if ":/workspace" in vol:
|
||||
|
||||
Reference in New Issue
Block a user