hermes-agent

mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00

History

Teknium 469cd16fe0 fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944 ) Salvaged from PRs #5800 (memosr), #5806 (memosr), #5915 (Ruzzgar), #5928 (Awsh1). Changes: - Use hmac.compare_digest for API key comparison (timing attack prevention) - Apply provider env var blocklist to Docker containers (credential leakage) - Replace tar.extractall() with safe extraction in TerminalBench2 (CVE-2007-4559) - Add SSRF protection via is_safe_url to ALL platform adapters: base.py (cache_image_from_url, cache_audio_from_url), discord, slack, telegram, matrix, mattermost, feishu, wecom (Signal and WhatsApp protected via base.py helpers) - Update tests: mock is_safe_url in Mattermost download tests - Add security tests for tar extraction (traversal, symlinks, safe files)		2026-04-07 17:28:37 -07:00
..
__init__.py	Add new environments and enhance tool context functionality	2026-02-10 19:39:05 +00:00
default.yaml	fix: limit concurrent Modal sandbox creations to avoid deadlocks	2026-03-07 14:02:34 -08:00
run_eval.sh	feat: add OpenThoughts-TBLite evaluation script	2026-03-04 12:55:56 +00:00
terminalbench2_env.py	fix(security): consolidated security hardening — SSRF, timing attack, tar traversal, credential leakage (#5944 )	2026-04-07 17:28:37 -07:00