mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-30 06:41:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

fix(telegram): enforce TELEGRAM_ALLOWED_USERS allowlist on inbound messages

Browse source 
TELEGRAM_ALLOWED_USERS was only checked for callback/inline-button
actions but not for inbound messages. Unauthorized users triggered an
'Unauthorized user' log warning but their messages were still processed
by the agent — a P0 security bypass (issue #23778).

Fix: add allowlist check in _should_process_message() which is called
for all message types (text, command, media, location). If the sender
is not in TELEGRAM_ALLOWED_USERS, the message is dropped immediately
with a warning log. Empty TELEGRAM_ALLOWED_USERS continues to allow
all users (existing behavior).

Fixes #23778
This commit is contained in:
ygd58 2026-05-11 15:29:53 +02:00 committed by Teknium
parent de4cb55bf3
commit db50af910b
1 changed files with 17 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

21
gateway/platforms/telegram.py
View file

@ -4055,11 +4055,12 @@ class TelegramAdapter(BasePlatformAdapter):
return cleaned or text return cleaned or text
def _should_process_message(self, message: Message, *, is_command: bool = False) -> bool: def _should_process_message(self, message: Message, *, is_command: bool = False) -> bool:
"""Apply Telegram group trigger rules. """Apply Telegram group trigger rules and user allowlist.
DMs remain unrestricted. Group/supergroup messages are accepted when: DMs and group messages are both subject to TELEGRAM_ALLOWED_USERS
- the chat passes the ``allowed_chats`` whitelist (when set), or allowlist check. The chat also passes the ``allowed_chats`` whitelist
``guest_mode`` is enabled and the bot is explicitly mentioned (when set), or ``guest_mode`` is enabled and the bot is explicitly
mentioned. Group/supergroup messages are additionally accepted when:
- the chat is explicitly allowlisted in ``free_response_chats`` - the chat is explicitly allowlisted in ``free_response_chats``
- ``require_mention`` is disabled - ``require_mention`` is disabled
- the message replies to the bot - the message replies to the bot
@ -4076,6 +4077,18 @@ class TelegramAdapter(BasePlatformAdapter):
mentioning the bot (``@botname /command``), both of which are mentioning the bot (``@botname /command``), both of which are
recognised as mentions by :meth:`_message_mentions_bot`. recognised as mentions by :meth:`_message_mentions_bot`.
""" """
# Enforce TELEGRAM_ALLOWED_USERS allowlist for ALL message types
# (DMs and groups). Previously only callback actions were gated,
# leaving inbound messages unblocked (issue #23778).
_user = getattr(message, "from_user", None)
_user_id = str(getattr(_user, "id", "")) if _user else ""
if not self._is_callback_user_authorized(_user_id):
logger.warning(
"[%s] Unauthorized user %s — message dropped",
self.name, _user_id,
)
return False
if not self._is_group_chat(message): if not self._is_group_chat(message):
return True return True