mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-07-01 12:02:05 +00:00
fix(browser): block snapshot from eval-navigated private pages
browser_snapshot() now checks the current page URL before returning content. When browser_console() changes location.href to a private or internal address (e.g., http://127.0.0.1:8080/), the snapshot returns an error instead of exposing the private page content. This closes the SSRF bypass where an attacker could: 1. Navigate to a public page 2. Use browser_console to eval location.href = 'http://127.0.0.1:port/' 3. Use browser_snapshot to read the private page content The fix reuses the existing _is_safe_url() and _allow_private_urls() infrastructure, and fails open if the URL check itself fails. Fixes #44731
This commit is contained in:
parent
7c0a5def58
commit
7a6fe9bbfa
2 changed files with 278 additions and 0 deletions
|
|
@ -2695,6 +2695,36 @@ def browser_snapshot(
|
|||
snapshot_text = data.get("snapshot", "")
|
||||
refs = data.get("refs", {})
|
||||
|
||||
# ── Private-network guard: block snapshots from eval-navigated private pages ──
|
||||
# After any eval (browser_console) that may have changed location.href to a
|
||||
# private/internal address, the snapshot would expose private page content.
|
||||
# Re-check the current URL before returning the snapshot.
|
||||
if (
|
||||
not _is_local_backend()
|
||||
and not _allow_private_urls()
|
||||
):
|
||||
try:
|
||||
_url_result = _run_browser_command(
|
||||
effective_task_id, "eval", ["window.location.href"],
|
||||
timeout=5, _engine_override="auto",
|
||||
)
|
||||
if _url_result.get("success"):
|
||||
_current_url = (
|
||||
_url_result.get("data", {}).get("result", "")
|
||||
.strip().strip('"').strip("'")
|
||||
)
|
||||
if _current_url and not _is_safe_url(_current_url):
|
||||
return json.dumps({
|
||||
"success": False,
|
||||
"error": (
|
||||
"Blocked: page URL targets a private or internal address "
|
||||
f"({_current_url}). This may have been caused by a "
|
||||
"JavaScript navigation via browser_console."
|
||||
),
|
||||
}, ensure_ascii=False)
|
||||
except Exception as _url_exc:
|
||||
logger.debug("browser_snapshot: URL safety check failed (%s)", _url_exc)
|
||||
|
||||
# Check if snapshot needs summarization
|
||||
if len(snapshot_text) > SNAPSHOT_SUMMARIZE_THRESHOLD and user_task:
|
||||
snapshot_text = _extract_relevant_content(snapshot_text, user_task)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue