Allegro
10271c6b44
Replace shell=True with list-based subprocess execution to prevent command injection via malicious user input. Changes: - tools/transcription_tools.py: Use shlex.split() + shell=False - tools/environments/docker.py: List-based commands with container ID validation Fixes CVE-level vulnerability where malicious file paths or container IDs could inject arbitrary commands. CVSS: 9.8 (Critical) Refs: V-001 in SECURITY_AUDIT_REPORT.md
52 lines
785 B
INI
52 lines
785 B
INI
# Coverage configuration for hermes-agent
|
|
# Run with: pytest --cov=agent --cov=tools --cov=gateway --cov=hermes_cli tests/
|
|
|
|
[run]
|
|
source =
|
|
agent
|
|
tools
|
|
gateway
|
|
hermes_cli
|
|
acp_adapter
|
|
cron
|
|
honcho_integration
|
|
|
|
omit =
|
|
*/tests/*
|
|
*/test_*
|
|
*/__pycache__/*
|
|
*/venv/*
|
|
*/.venv/*
|
|
setup.py
|
|
conftest.py
|
|
|
|
branch = True
|
|
|
|
[report]
|
|
exclude_lines =
|
|
pragma: no cover
|
|
def __repr__
|
|
raise AssertionError
|
|
raise NotImplementedError
|
|
if __name__ == .__main__.:
|
|
if TYPE_CHECKING:
|
|
class .*\bProtocol\):
|
|
@(abc\.)?abstractmethod
|
|
|
|
ignore_errors = True
|
|
|
|
precision = 2
|
|
|
|
fail_under = 70
|
|
|
|
show_missing = True
|
|
skip_covered = False
|
|
|
|
[html]
|
|
directory = coverage_html
|
|
|
|
title = Hermes Agent Coverage Report
|
|
|
|
[xml]
|
|
output = coverage.xml
|