mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-30 01:41:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
hermes-agent/cron
History
memosr 931624feda fix(security): guard cron script against path traversal and redact output 
Relative script paths resolved against HERMES_HOME/scripts/ were not
validated to stay within that directory. Paths like '../../etc/passwd'
could escape and be executed as Python.

Fix: resolve the path and verify it stays within scripts_dir using
Path.relative_to(). Also apply redact_sensitive_text() to script stdout
before LLM injection — same pattern as execute_code sandbox output.

Cherry-picked from PR #5093 by memosr (fixes 1 and 3; absolute path
restriction dropped as too restrictive for the feature's design intent).
2026-04-04 17:01:11 -07:00
..
__init__.py docs: clarify gateway service scopes (#1378) 2026-03-14 21:17:41 -07:00
jobs.py feat(cron): add script field for pre-run data collection (#5082) 2026-04-04 10:43:39 -07:00
scheduler.py fix(security): guard cron script against path traversal and redact output 2026-04-04 17:01:11 -07:00