fix(cron): reject id mutation + validate output paths under OUTPUT_DIR

Two defense-in-depth fixes on cron output path handling: 1. cron/jobs.py:update_job() rejects mutation of the immutable 'id' field (raises ValueError). Dashboard PUT /api/cron/jobs/{id} converts this to HTTP 400. Without this, an attacker who can reach the update endpoint could rename a job's id to '../escape' and move its output directory outside OUTPUT_DIR. 2. cron/jobs.py:_job_output_dir() validates job IDs before composing paths: rejects '.', '..', '/', '\\', absolute paths, and Windows drive prefixes. Used by save_job_output() and remove_job() so legacy unsafe IDs (from before this guard) fail closed rather than half-applying a shutil.rmtree or output write outside the sandbox. Tests: - update_job rejects {'id': '../escape'} without renaming - remove_job(legacy '../escape' id) raises ValueError without deleting files outside OUTPUT_DIR or removing the job from the store - save_job_output rejects '..', './escape', 'nested/escape', absolute paths - dashboard PUT /api/cron/jobs/{id} with {'id': '../escape'} returns 400, job list unchanged Salvaged from PR #29826 by @zapabob. Simplified implementation: - Dropped a 23-line _validate_job_output_id() helper using Path.parts semantics. The inline check (path separators + dot-components + is_absolute) is shorter and behaviorally identical. - Dropped the secondary OUTPUT_DIR.resolve()/relative_to() check — redundant once we reject any path separator at the input boundary. - Dropped the _docs/2026-05-21_cron-output-path-hardening_codex.md planning artifact (we don't check planning docs into the repo). Co-authored-by: teknium1 <127238744+teknium1@users.noreply.github.com>
2026-06-07 08:02:23 +00:00 · 2026-05-25 01:14:50 -07:00 · 2026-05-25 01:14:50 -07:00 · 2c3ca475c0
commit 2c3ca475c0
parent 0c3e34e298
4 changed files with 113 additions and 4 deletions
--- a/tests/hermes_cli/test_web_server_cron_profiles.py
+++ b/tests/hermes_cli/test_web_server_cron_profiles.py
@ -131,6 +131,33 @@ async def test_cron_mutation_without_profile_finds_named_profile_job(isolated_pr
    assert worker_jobs[0]["enabled"] is False


+@pytest.mark.asyncio
+async def test_update_cron_job_rejects_id_mutation(isolated_profiles):
+    """Dashboard surfaces a 400 (not a 500 or silent rename) when an
+    id-mutation attempt is rejected by cron/jobs.update_job."""
+    from hermes_cli import web_server
+
+    worker_job = web_server._call_cron_for_profile(
+        "worker_alpha",
+        "create_job",
+        prompt="managed by named profile",
+        schedule="every 1h",
+        name="immutable-id-job",
+    )
+
+    with pytest.raises(HTTPException) as exc:
+        await web_server.update_cron_job(
+            worker_job["id"],
+            web_server.CronJobUpdate(updates={"id": "../escape"}),
+            profile="worker_alpha",
+        )
+
+    assert exc.value.status_code == 400
+    assert "id" in exc.value.detail
+    worker_jobs = await web_server.list_cron_jobs(profile="worker_alpha")
+    assert [job["id"] for job in worker_jobs] == [worker_job["id"]]
+
+
@pytest.mark.asyncio
 async def test_cron_delete_with_profile_deletes_only_target_profile(isolated_profiles):
    from hermes_cli import web_server