mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(security): pipe sudo password via stdin instead of shell cmdline

Browse source
This commit is contained in:
johnh4098 2026-03-08 17:46:11 +03:30 committed by teknium1
parent a2ea85924a
commit e9742e202f
8 changed files with 132 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tools/environments/base.py
View file

@ -59,8 +59,16 @@ class BaseEnvironment(ABC):
# Shared helpers (eliminate duplication across backends)
# ------------------------------------------------------------------
def _prepare_command(self, command: str) -> str:
"""Transform sudo commands if SUDO_PASSWORD is available."""
def _prepare_command(self, command: str) -> tuple[str, str | None]:
"""Transform sudo commands if SUDO_PASSWORD is available.
Returns:
(transformed_command, sudo_stdin) see _transform_sudo_command
for the full contract. Callers that drive a subprocess directly
should prepend sudo_stdin (when not None) to any stdin_data they
pass to Popen. Callers that embed stdin via heredoc (modal,
daytona) handle sudo_stdin in their own execute() method.
"""
from tools.terminal_tool import _transform_sudo_command
return _transform_sudo_command(command)