Timmy_Foundation/hermes-agent
16
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
claw-code/issue-126
hermes-agent/tools/browser_tool.py
Allegro cfaf6c827e
Some checks failed
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 27s
Details
Tests / test (pull_request) Failing after 25s
Details
Docker Build and Publish / build-and-push (pull_request) Failing after 37s
Details
security: validate CDP URLs to prevent SSRF (V-010, CVSS 8.4) 
Add URL validation before fetching Chrome DevTools Protocol endpoints.
Only allows localhost and private network addresses.

Changes:
- tools/browser_tool.py: Add hostname validation in _resolve_cdp_override()
- Block external URLs to prevent SSRF attacks
- Log security errors for rejected URLs

CVSS: 8.4 (High)
Refs: V-010 in SECURITY_AUDIT_REPORT.md
CWE-918: Server-Side Request Forgery
2026-03-30 23:57:22 +00:00

74 KiB
Raw Permalink Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink