Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 247 Pull Requests 14 Actions 1 Packages Projects Releases Wiki Activity
Files
tests/security-coverage
hermes-agent/tools/file_operations.py
Allegro 78f0a5c01b security: fix path traversal vulnerability (CVSS 9.1) 
Add comprehensive path traversal detection and validation to prevent
unauthorized file access outside working directories.

Changes:
- tools/file_operations.py: Add _validate_safe_path(), _contains_path_traversal()
- Validate all paths in read_file(), write_file() before processing
- Detect patterns: ../, ..\, URL-encoded, null bytes, control chars

Fixes CWE-22: Path Traversal vulnerability where malicious paths like
../../../etc/shadow could access sensitive files.

CVSS: 9.1 (Critical)
Refs: V-002 in SECURITY_AUDIT_REPORT.md
2026-03-30 23:17:09 +00:00

46 KiB
Raw Permalink Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink