mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-13 03:52:00 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

fix(security): require explicit allowlist or TEAMS_ALLOW_ALL_USERS opt-in for Teams approval buttons

Browse source
This commit is contained in:
memosr 2026-05-04 00:58:19 +03:00 committed by Teknium
parent cfe019c782
commit b739fcdfce
1 changed files with 18 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

19
plugins/platforms/teams/adapter.py
View file

@ -371,8 +371,25 @@ class TeamsAdapter(BasePlatformAdapter):
) )
# Only authorized users may click approval buttons. # Only authorized users may click approval buttons.
# Default-deny: require either TEAMS_ALLOWED_USERS or an explicit
# TEAMS_ALLOW_ALL_USERS=true opt-in. Without one of these set, the
# bot silently treated every clicker as authorized — meaning any
# Teams user who could message the bot could approve dangerous commands.
allowed_csv = os.getenv("TEAMS_ALLOWED_USERS", "").strip() allowed_csv = os.getenv("TEAMS_ALLOWED_USERS", "").strip()
if allowed_csv: allow_all = os.getenv("TEAMS_ALLOW_ALL_USERS", "").strip().lower() in ("1", "true", "yes")
if not allow_all:
if not allowed_csv:
logger.warning(
"[teams] card action rejected: TEAMS_ALLOWED_USERS not configured "
"and TEAMS_ALLOW_ALL_USERS not set — default deny"
)
return InvokeResponse(
status=200,
body=AdaptiveCardActionMessageResponse(
value="⛔ Approval buttons require TEAMS_ALLOWED_USERS to be configured."
),
)
from_account = ctx.activity.from_ from_account = ctx.activity.from_
clicker_id = getattr(from_account, "aad_object_id", None) or getattr(from_account, "id", "") clicker_id = getattr(from_account, "aad_object_id", None) or getattr(from_account, "id", "")
allowed_ids = {uid.strip() for uid in allowed_csv.split(",") if uid.strip()} allowed_ids = {uid.strip() for uid in allowed_csv.split(",") if uid.strip()}