mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-25 00:51:20 +00:00
04c1c5d53f
* refactor: add shared helper modules for code deduplication New modules: - gateway/platforms/helpers.py: MessageDeduplicator, TextBatchAggregator, strip_markdown, ThreadParticipationTracker, redact_phone - hermes_cli/cli_output.py: print_info/success/warning/error, prompt helpers - tools/path_security.py: validate_within_dir, has_traversal_component - utils.py additions: safe_json_loads, read_json_file, read_jsonl, append_jsonl, env_str/lower/int/bool helpers - hermes_constants.py additions: get_config_path, get_skills_dir, get_logs_dir, get_env_path * refactor: migrate gateway adapters to shared helpers - MessageDeduplicator: discord, slack, dingtalk, wecom, weixin, mattermost - strip_markdown: bluebubbles, feishu, sms - redact_phone: sms, signal - ThreadParticipationTracker: discord, matrix - _acquire/_release_platform_lock: telegram, discord, slack, whatsapp, signal, weixin Net -316 lines across 19 files. * refactor: migrate CLI modules to shared helpers - tools_config.py: use cli_output print/prompt + curses_radiolist (-117 lines) - setup.py: use cli_output print helpers + curses_radiolist (-101 lines) - mcp_config.py: use cli_output prompt (-15 lines) - memory_setup.py: use curses_radiolist (-86 lines) Net -263 lines across 5 files. * refactor: migrate to shared utility helpers - safe_json_loads: agent/display.py (4 sites) - get_config_path: skill_utils.py, hermes_logging.py, hermes_time.py - get_skills_dir: skill_utils.py, prompt_builder.py - Token estimation dedup: skills_tool.py imports from model_metadata - Path security: skills_tool, cronjob_tools, skill_manager_tool, credential_files - Non-atomic YAML writes: doctor.py, config.py now use atomic_yaml_write - Platform dict: new platforms.py, skills_config + tools_config derive from it - Anthropic key: new get_anthropic_key() in auth.py, used by doctor/status/config/main * test: update tests for shared helper migrations - test_dingtalk: use _dedup.is_duplicate() instead of _is_duplicate() - test_mattermost: use _dedup instead of _seen_posts/_prune_seen - test_signal: import redact_phone from helpers instead of signal - test_discord_connect: _platform_lock_identity instead of _token_lock_identity - test_telegram_conflict: updated lock error message format - test_skill_manager_tool: 'escapes' instead of 'boundary' in error msgs
43 lines
1.3 KiB
Python
43 lines
1.3 KiB
Python
"""Shared path validation helpers for tool implementations.
|
|
|
|
Extracts the ``resolve() + relative_to()`` and ``..`` traversal check
|
|
patterns previously duplicated across skill_manager_tool, skills_tool,
|
|
skills_hub, cronjob_tools, and credential_files.
|
|
"""
|
|
|
|
import logging
|
|
from pathlib import Path
|
|
from typing import Optional
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
|
|
def validate_within_dir(path: Path, root: Path) -> Optional[str]:
|
|
"""Ensure *path* resolves to a location within *root*.
|
|
|
|
Returns an error message string if validation fails, or ``None`` if the
|
|
path is safe. Uses ``Path.resolve()`` to follow symlinks and normalize
|
|
``..`` components.
|
|
|
|
Usage::
|
|
|
|
error = validate_within_dir(user_path, allowed_root)
|
|
if error:
|
|
return json.dumps({"error": error})
|
|
"""
|
|
try:
|
|
resolved = path.resolve()
|
|
root_resolved = root.resolve()
|
|
resolved.relative_to(root_resolved)
|
|
except (ValueError, OSError) as exc:
|
|
return f"Path escapes allowed directory: {exc}"
|
|
return None
|
|
|
|
|
|
def has_traversal_component(path_str: str) -> bool:
|
|
"""Return True if *path_str* contains ``..`` traversal components.
|
|
|
|
Quick check for obvious traversal attempts before doing full resolution.
|
|
"""
|
|
parts = Path(path_str).parts
|
|
return ".." in parts
|