mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-20 05:01:30 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

fix(url-safety): allow only http and https schemes

Browse source
This commit is contained in:
aydnOktay 2026-03-24 13:45:33 +03:00 committed by Teknium
parent 8373956850
commit 6af9942327
2 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tools/url_safety.py
View file

@ -263,6 +263,9 @@ def is_safe_url(url: str) -> bool:
parsed = urlparse(url)
hostname = (parsed.hostname or "").strip().lower().rstrip(".")
scheme = (parsed.scheme or "").strip().lower()
if scheme not in {"http", "https"}:
logger.warning("Blocked request — unsupported URL scheme: %s", scheme or "<empty>")
return False
if not hostname:
return False