mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #151 from johnh4098/fix/shell-injection-spawn-via-env-v2

Browse source 
fix(process): escape single quotes in spawn_via_env bg_command
This commit is contained in:
Teknium 2026-02-27 22:49:04 -08:00 committed by GitHub
commit 7f423508e4
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
tools/process_registry.py
View file

@ -247,8 +247,9 @@ class ProcessRegistry:
# Run the command in the sandbox with output capture
log_path = f"/tmp/hermes_bg_{session.id}.log"
pid_path = f"/tmp/hermes_bg_{session.id}.pid"
safe_command = command.replace("'", "'\''")
bg_command = (
f"nohup bash -c '{command}' > {log_path} 2>&1 & "
f"nohup bash -c '{safe_command}' > {log_path} 2>&1 & "
f"echo $! > {pid_path} && cat {pid_path}"
)