Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 64 Pull Requests 2 Actions 1 Packages Projects Releases Wiki Activity
Files
e27e3a4f8aa63c57302d00c4ebdebb7ce75b5b06
hermes-agent/tests/tools
History
teknium1 1cb2311bad fix(security): block path traversal in skill_view file_path (fixes #220) 
skill_view accepted arbitrary file_path values like '../../.env' and
would read files outside the skill directory, exposing API keys and
other sensitive data.

Added two layers of defense:
1. Reject paths with '..' components (fast, catches obvious traversal)
2. resolve() containment check with trailing '/' to prevent prefix
   collisions (catches symlinks and edge cases)

Fix approach from PR #242 (@Bartok9). Vulnerability reported by
@Farukest (#220, PR #221). Tests rewritten to properly mock SKILLS_DIR.

Closes #220
2026-03-02 02:00:09 -08:00
..
__init__.py
test: reorganize test structure and add missing unit tests
2026-02-26 03:20:08 +03:00
test_approval.py
test: add regression tests for recursive delete false positive fix
2026-02-26 16:40:44 +03:00
test_clarify_tool.py
test(tools): add unit tests for clarify_tool.py
2026-02-27 03:29:26 -05:00
test_code_execution.py
test: reorganize test structure and add missing unit tests
2026-02-26 03:20:08 +03:00
test_cron_prompt_injection.py
fix: cron prompt injection scanner bypass for multi-word variants
2026-02-26 13:55:54 +03:00
test_cronjob_tools.py
test: add unit tests for 8 modules (batch 2)
2026-02-26 13:54:20 +03:00
test_debug_helpers.py
test: add unit tests for 8 untested modules (batch 3) (#191)
2026-03-01 05:28:12 -08:00
test_delegate.py
Merge remote-tracking branch 'origin/main' into codex/align-codex-provider-conventions-mainrepo
2026-02-26 10:56:29 -08:00
test_file_operations.py
test: remove /etc platform-conditional tests from file_operations
2026-02-26 13:43:30 +03:00
test_file_tools_live.py
feat(tests): add live integration tests for file operations and shell noise filtering
2026-02-28 22:57:58 -08:00
test_file_tools.py
test: enhance session source tests and add validation for chat types
2026-02-26 00:53:57 -08:00
test_fuzzy_match.py
test: reorganize test structure and add missing unit tests
2026-02-26 03:20:08 +03:00
test_interrupt.py
test: reorganize test structure and add missing unit tests
2026-02-26 03:20:08 +03:00
test_memory_tool.py
test: add unit tests for 8 untested modules
2026-02-26 13:27:58 +03:00
test_patch_parser.py
test: reorganize test structure and add missing unit tests
2026-02-26 03:20:08 +03:00
test_process_registry.py
test: add unit tests for 8 modules (batch 2)
2026-02-26 13:54:20 +03:00
test_registry.py
test: reorganize test structure and add missing unit tests
2026-02-26 03:20:08 +03:00
test_session_search.py
test: add unit tests for 8 modules (batch 2)
2026-02-26 13:54:20 +03:00
test_skill_view_traversal.py
fix(security): block path traversal in skill_view file_path (fixes #220)
2026-03-02 02:00:09 -08:00
test_skills_guard.py
test: add unit tests for 8 untested modules (batch 3) (#191)
2026-03-01 05:28:12 -08:00
test_skills_sync.py
test: add unit tests for 8 untested modules (batch 3) (#191)
2026-03-01 05:28:12 -08:00
test_todo_tool.py
test: reorganize test structure and add missing unit tests
2026-02-26 03:20:08 +03:00
test_write_deny.py
fix: resolve symlink bypass in write deny list on macOS
2026-02-26 13:30:55 +03:00