Timmy_Foundation/hermes-agent
16
0
Fork 0
Code Issues 38 Pull Requests 2 Actions 18 Packages Projects Releases Wiki Activity
Files
main
hermes-agent/tools/url_safety.py
Allegro 0019381d75
Some checks failed
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 32s
Details
Tests / test (pull_request) Failing after 28s
Details
Docker Build and Publish / build-and-push (pull_request) Failing after 55s
Details
security: add connection-level SSRF protection (CVSS 9.4) 
Add runtime IP validation at connection time to mitigate DNS rebinding
attacks (TOCTOU vulnerability).

Changes:
- tools/url_safety.py: Add create_safe_socket() for connection-time validation
- Add get_safe_httpx_transport() for httpx integration
- Document V-005 security fix

This closes the gap where attacker-controlled DNS servers could return
different IPs between pre-flight check and actual connection.

CVSS: 9.4 (Critical)
Refs: V-005 in SECURITY_AUDIT_REPORT.md
Fixes: CWE-918 (Server-Side Request Forgery)
2026-03-30 23:43:58 +00:00

7.1 KiB
Raw Permalink Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink