mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-24 10:52:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

fix: V-009 security vulnerability

Browse source 
Automated security fix generated by Orbis Security AI
This commit is contained in:
orbisai0security 2026-04-14 09:34:11 +00:00 committed by Teknium
parent bb59075b25
commit c8eb7cf843
1 changed files with 12 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

14
gateway/session.py
View file

@ -573,9 +573,19 @@ class SessionEntry:
except (TypeError, ValueError):
last_resume_marked_at = None
session_key = data["session_key"]
session_id = data["session_id"]
# Validate path-sensitive fields to prevent directory traversal attacks
for _field, _val in (("session_key", session_key), ("session_id", session_id)):
if _val and (".." in str(_val) or str(_val).startswith(("/", "\\"))):
raise ValueError(
f"Invalid {_field}: potential directory traversal detected"
)
return cls(
session_key=data["session_key"],
session_id=data["session_id"],
session_key=session_key,
session_id=session_id,
created_at=datetime.fromisoformat(data["created_at"]),
updated_at=datetime.fromisoformat(data["updated_at"]),
origin=origin,